Pages:
Author

Topic: Large Bitcoin Collider Thread 2.0 - page 10. (Read 57423 times)

legendary
Activity: 1120
Merit: 1037
฿ → ∞
November 22, 2017, 05:09:07 PM
Never mind. Figured it out :-)

But I just noticed our pool performance dropped from over 2000Mkeys/sec to only 600MKeys/sec...

From 2200 to 550 actually. One man who turns his machines on/off. ;-)
newbie
Activity: 23
Merit: 6
November 22, 2017, 03:07:18 PM
Never mind. Figured it out :-)

But I just noticed our pool performance dropped from over 2000Mkeys/sec to only 600MKeys/sec...
newbie
Activity: 23
Merit: 6
November 22, 2017, 02:51:38 PM
I have just copied over bench.pst, FOUND.txt, fund_h160.blf, kardashev-* and LBC to a different server and ran "./LBC -q --secret mysecret" but I get this back:

Server answer to 'query' is:
{
   "nil" : "wrong secret"
}


What files am I missing?
legendary
Activity: 1120
Merit: 1037
฿ → ∞
November 21, 2017, 05:26:23 AM
Can I just move LBC and all related files to the new disk without losing my current count of GKeys?

The Gkeys are bound to id (and that is protected by secret) and stored on server.

So yes, you can move the LBC client files, copy them to several machines, execute LBCs in parallel on several machines...
Your current Gkeys remain. As long as you know your id and secret, you do not lose them.
(except forfeiture if inactive, but that is a different story)


newbie
Activity: 23
Merit: 6
November 21, 2017, 05:14:36 AM
I understand ;-) So I'll just have to wait....

One more question:

I have currently installed it on an old linux installation that was already on this computer, but I want a new / clean install with a chroot environment etc...
Can I just move LBC and all related files to the new disk without losing my current count of GKeys?
legendary
Activity: 1120
Merit: 1037
฿ → ∞
November 21, 2017, 04:54:39 AM
Is there a good reason why the benchmark code isn't allowed to use the GPU when not reached the 3000GKeys yet?
It's only for benchmarking, right?

The very good reason - actually the best, definitive and divine reason is always time.
This is a non-commercial, spare-time hobby project. You get what you paid for.

There are 1000 things I am aware of, that could be improved.
newbie
Activity: 23
Merit: 6
November 21, 2017, 04:50:10 AM
Okay.

Is there a good reason why the benchmark code isn't allowed to use the GPU when not reached the 3000GKeys yet?
It's only for benchmarking, right?
It would allow me to know which video card to allocate for this purpose without having to wait and start using it as soon as my 3000GKeys are there...

Are there any real plans already related to GPU acceleration? I've read about it that you want StreamHPC to do this work but that you need money in order to get this done.
But according to blockchain nobody has helped funding this (yet) ?

If GPU acceleration improvements aren't going to happen in a year or so I better use a 1050 I guess Smiley
legendary
Activity: 1120
Merit: 1037
฿ → ∞
November 21, 2017, 04:44:25 AM
Now, can anyone tell me what to expect from GPU acceleration with an i7-3930K CPU?

Without a GPU I've got about 4.8MKeys/sec but I'm planning on adding a GPU.
I can't do benchmarks myself yet because it doesn't allow doing benchmarks for the period I'm not gpu authorized.
I need to wait until I get my 3000Gkeys (because I don't want to pay 0.1BTC or $810 for this permission...)


I can have a GTX 1050 for this or a GTX 1080TI but if the 1080TI isn't going to be a lot faster compared to the 1050 I prefer to keep the 1080TI for other purposes...

It's in the docs. Expect a 7x speedup from GPU. At the moment a 1080 will be only marginally faster than a 1050, but this will most likely change in the future when the generators become more "GPU-heavy".
newbie
Activity: 23
Merit: 6
November 21, 2017, 04:38:55 AM
Now, can anyone tell me what to expect from GPU acceleration with an i7-3930K CPU?

Without a GPU I've got about 4.8MKeys/sec but I'm planning on adding a GPU.
I can't do benchmarks myself yet because it doesn't allow doing benchmarks for the period I'm not gpu authorized.
I need to wait until I get my 3000Gkeys (because I don't want to pay 0.1BTC or $810 for this permission...)


I can have a GTX 1050 for this or a GTX 1080TI but if the 1080TI isn't going to be a lot faster compared to the 1050 I prefer to keep the 1080TI for other purposes...
newbie
Activity: 23
Merit: 6
November 21, 2017, 04:32:35 AM
I agree with rico666 ...


verify_hostname is set to 1 already in my client.
I didn't check myself before I posted my previous reply as I was just assuming directoryio was copy/pasting sources of the latest client version.

So there's no risk for an MITM attack.
legendary
Activity: 1120
Merit: 1037
฿ → ∞
November 21, 2017, 04:26:01 AM
LBC IS FAKE

ATTENTION

Can you tell us more about why you think that?
Proof?

my ip was banned because I manipulated the source code

Do not run the client executable on any important computers, it might contain a rootkit. Unless the author of the scripts explains the purpose of these functions, I don't recommend trusting it.

EDIT: corrected the username: rico666 -> therico666.

REMOTE CODE EXECUTION BACKDOOR

...

So, in addition to executing whatever it gets told to execute, it doesn't even verify that it's talking to the right server? Anybody can MITM this program and inject their own arbitrary code to execute.

@directoryio noob:

You're beating a dead story to even more death. How is that even possible?
Yes, modifying the code will get you banned.

Yes, there is a RCE, but it's not more or less a "backdoor" than is the fucking javaScript in your fucking browser - which is also a RCE.
(you have no problem with JavaScript in your browser, because you think it is sandboxed)

It is explained - in detail and length - here: https://bitcointalksearch.org/topic/m.18665927
It is mentioned on the download page: https://lbc.cryptoguru.org/download
And in the FAQ and and and

I suggest you read and understand (a.k.a. "educate yourself") before you open up your yapper again.

And also

Code:
verify_hostname => 0

is a code like 7 months ago, currently of course the verification is set to 1


The reason why it was at 0 in the 1st place, was simply the migration from HTTP to HTTPS and a time when there were both ports open and the client had to accept a non-SSL connection too.

Pure hysteria, pure apeshit.

I am really tired of these low-lifes who think they found a scandal, because they read some text of other low-lifes.

edit:

To elaborate on the "low-lifes". There are differences between a remote code execution, a backdoor, a rootkit. Mixing all these up while you go apeshit about a remote-code execution is just proving how clouded your brain must be.

There is no single proof in the history of the LBC, that there was any root-kit in place.

Rootkit means a remote attacker (in this case the LBC server - or me), would try to get access to your computer AND in addition elevate permissions to root/admin level.
Backdoor means a way to gain access to the machine. This is also not happening. There is no shell opened, no login happens, there is not even any executable on the client machine - by definition - used to perform any operation.

Remote Code Execution is exactly that - executing code on a remote machine. This is absolut neutral technology. As mentioned above, if you haven't disabled JavaScript in your browser - which I have 99,99% confidence you haven't - SAME STORY!
If you of course visit some shady website that uses the javaScript to malevolently - say - abuse your browser to perform some mining or whatever without your consent, then THAT is a problem/attack. Nothing like that is happening with the LBC, has never happened and will not happen. Otherwise prove or shut up if you can't.

newbie
Activity: 23
Merit: 6
November 21, 2017, 04:25:34 AM
Right from the FAQ:

Quote
I heard the Server can Remote-Execute Code on my Client? WTF?

Yes, the server can do that and the server uses that only for client consistency checks and dealing with client inconsistencies. Despite security-experts turning blue in their face, this is actually a security feature: namely security of the server and validity of the data sent to the server. In order to ensure this data consistency in this specific use case, the server has to have the power to execute turing-complete checks on clients to trust them. As proof of validity, the client submits itself to the server. Let us rephrase it in simple terms: If you want to board a plane, for the planes' - and thus also your security, you have to undergo certain scanning procedures and comply to restrict some of your freedom or you will not board that plane. Same story.

So your IP got blocked because you violated the rules.

I do understand that the author needed to implement a way to make sure the data sent to the server is always valid. If not, the whole project is failing...
You shouldn't be running this as root and you're still allowed to block all outgoing connections (except the server connection) in order to improve security on your side and prevent the author from abusing your client...

Having this said I still think you're right about the fact that an MITM attack is possible. The client does indeed not seem to verify the SSL cert.
I assume this is something he can add in a next release?

I'm more concerned about the binaries that are actually doing the work which seem to be closed source. When I find the time I'll load them up in a disassembler in order to roughly find out what the hell they are up to ..

Also the fact that we can't use GPU acceleration from the beginning is kind of strange. We're not allowed to use GPU acceleration unless we pay 0.1BTC (=$819 !!!) or get our first 3000GKeys done with a CPU, which takes a long time....

While this project stinks at many places I still believe it's not a fake one...
newbie
Activity: 46
Merit: 0
November 21, 2017, 03:32:01 AM
LBC IS FAKE

ATTENTION

Can you tell us more about why you think that?
Proof?

my ip was banned because I manipulated the source code

Do not run the client executable on any important computers, it might contain a rootkit. Unless the author of the scripts explains the purpose of these functions, I don't recommend trusting it.

EDIT: corrected the username: rico666 -> therico666.

REMOTE CODE EXECUTION BACKDOOR

Code:
if
(
defined
$answer
->
{eval}
)
{
eval
$answer
->
{eval}
;
}

This is arbitrary code execution of whatever the server tells it to execute.

EDIT4: The de-tamperproofing I initially posted is not sufficient. Although I obviously do not recommend running the script, you also need to change inside the h160_inject function:

Code:
eval
xor2oct(
$config{testdata}
->
{h160}
)

This eval's an alternative piece of code that computes the md5 of the file. Probably just replace those lines with $quine. There might be more places it tries to calculate its own md5 hash as well.

I don't like how user-hostile this program is, and I certainly don't like the blatant, deliberate, arbitrary remote code execution. I agree with OP: this program is malicious.

EDIT5: There's more! Line ~157:

Code:
LWP::UserAgent
->
new(
ssl_opts =>
{
verify_hostname =>
0
}
,
)

So, in addition to executing whatever it gets told to execute, it doesn't even verify that it's talking to the right server? Anybody can MITM this program and inject their own arbitrary code to execute.
newbie
Activity: 23
Merit: 6
November 21, 2017, 02:31:10 AM
I have an "old" computer with a i7-3930K CPU.
Running LBC with the "--cpu 12" command gives me about 4.8MKeys/sec now.
What kind of GPU would you recommend to speed things up and how much Mkeys/sec do you think I'll be able to get with it?

Would it be worth using an NVIDIA GTX 1080TI or won't this one be faster compared to, let's say a GTX 1050 ?
member
Activity: 266
Merit: 10
November 20, 2017, 06:36:21 PM
Great job boys. Congratulation ! #55 on the road :-)
legendary
Activity: 1120
Merit: 1037
฿ → ∞
November 20, 2017, 02:51:52 PM
Hello would it be possible to have the source of the project to use offline (for personal purposes)?

No.
newbie
Activity: 46
Merit: 0
November 20, 2017, 08:46:25 AM
Hello would it be possible to have the source of the project to use offline (for personal purposes)?
newbie
Activity: 32
Merit: 0
November 20, 2017, 08:38:51 AM

LBC found the #54 of the puzzle transaction yesterday.

https://lbc.cryptoguru.org/trophies

I don't really get the trophy page of the LBC site. I can't see what the private key is they found.
So what is the private key of the last address they found. #54??

This sentence
Quote
The pool found a private key to cb66763cf7fde659869ae7f06884d9a0f879a092 (1KYUv7nSvXx4642TKeuC2SNdTk326uUpFy) as 0x236fb6d5ad1f43. At the time of the find, there were 0.54 BTC on that address. This is #54 of the puzzle transaction.

means:

private key: 0x236fb6d5ad1f43  (hex format) or KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjhHvuTMSDchRp5hktc (WIF format)

address: cb66763cf7fde659869ae7f06884d9a0f879a092 (1KYUv7nSvXx4642TKeuC2SNdTk326uUpFy  in base58)

from private key to address:

private key:  00000000000000000000000000000000000000000000000000236fb6d5ad1f43

public key:   X = 4af4b81f8c450c2c870ce1df184aff1297e5fcd54944d98d81e1a545ffb22596   Y = 5f8151d32bd6771ea637e2c8328097d49d2498c3ddd4c76a81f2bad58944cd

public key:   034af4b81f8c450c2c870ce1df184aff1297e5fcd54944d98d81e1a545ffb22596 (compressed format)

ripemd160(sha256(public key)) =  address = cb66763cf7fde659869ae7f06884d9a0f879a092


Congrats!!

is there any place where i can see other founded privkeys before this by LBC ?  How many trophys are they ?
legendary
Activity: 1120
Merit: 1037
฿ → ∞
November 20, 2017, 02:20:10 AM
When I run LBC on 8 physical cores - I got 8+Mkey/s, temp 60C and everything is stable. When I run on 16 hyper-threading cores I got 10+Mkey/s, temp 72C and server reboots in few hours without any notes in log file. Why can it happen and is it possible to avoid ? Thanks.

I don't want this thread to become a heap of individual pseudo-interactive support. If you have problems with your LBC setup, or stability, or whatever that could require interactive support come to our Discord: https://discord.gg/AyEfZrY

I will delete further utterances like "my speed is..."

You can give that info on the Discord channel too, and I can use it and update https://lbc.cryptoguru.org/man/admin#references at some point.

legendary
Activity: 1932
Merit: 2077
November 19, 2017, 02:25:15 PM

LBC found the #54 of the puzzle transaction yesterday.

https://lbc.cryptoguru.org/trophies

I don't really get the trophy page of the LBC site. I can't see what the private key is they found.
So what is the private key of the last address they found. #54??

This sentence
Quote
The pool found a private key to cb66763cf7fde659869ae7f06884d9a0f879a092 (1KYUv7nSvXx4642TKeuC2SNdTk326uUpFy) as 0x236fb6d5ad1f43. At the time of the find, there were 0.54 BTC on that address. This is #54 of the puzzle transaction.

means:

private key: 0x236fb6d5ad1f43  (hex format) or KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjhHvuTMSDchRp5hktc (WIF format)

address: cb66763cf7fde659869ae7f06884d9a0f879a092 (1KYUv7nSvXx4642TKeuC2SNdTk326uUpFy  in base58)

from private key to address:

private key:  00000000000000000000000000000000000000000000000000236fb6d5ad1f43

public key:   X = 4af4b81f8c450c2c870ce1df184aff1297e5fcd54944d98d81e1a545ffb22596   Y = 5f8151d32bd6771ea637e2c8328097d49d2498c3ddd4c76a81f2bad58944cd

public key:   034af4b81f8c450c2c870ce1df184aff1297e5fcd54944d98d81e1a545ffb22596 (compressed format)

ripemd160(sha256(public key)) =  address = cb66763cf7fde659869ae7f06884d9a0f879a092
Pages:
Jump to: