Topic: Large Bitcoin Collider Thread 2.0 - page 10. (Read 57423 times)

From 2200 to 550 actually. One man who turns his machines on/off. ;-)

Never mind. Figured it out :-)

But I just noticed our pool performance dropped from over 2000Mkeys/sec to only 600MKeys/sec...

I have just copied over bench.pst, FOUND.txt, fund_h160.blf, kardashev-* and LBC to a different server and ran "./LBC -q --secret mysecret" but I get this back:

Server answer to 'query' is:
{
   "nil" : "wrong secret"
}


What files am I missing?

The Gkeys are bound to id (and that is protected by secret) and stored on server.

So yes, you can move the LBC client files, copy them to several machines, execute LBCs in parallel on several machines...
Your current Gkeys remain. As long as you know your id and secret, you do not lose them.
(except forfeiture if inactive, but that is a different story)

I understand ;-) So I'll just have to wait....

One more question:

I have currently installed it on an old linux installation that was already on this computer, but I want a new / clean install with a chroot environment etc...
Can I just move LBC and all related files to the new disk without losing my current count of GKeys?

The very good reason - actually the best, definitive and divine reason is always time.
This is a non-commercial, spare-time hobby project. You get what you paid for.

There are 1000 things I am aware of, that could be improved.

Okay.

Is there a good reason why the benchmark code isn't allowed to use the GPU when not reached the 3000GKeys yet?
It's only for benchmarking, right?
It would allow me to know which video card to allocate for this purpose without having to wait and start using it as soon as my 3000GKeys are there...

Are there any real plans already related to GPU acceleration? I've read about it that you want StreamHPC to do this work but that you need money in order to get this done.
But according to blockchain nobody has helped funding this (yet) ?

If GPU acceleration improvements aren't going to happen in a year or so I better use a 1050 I guess

It's in the docs. Expect a 7x speedup from GPU. At the moment a 1080 will be only marginally faster than a 1050, but this will most likely change in the future when the generators become more "GPU-heavy".

Now, can anyone tell me what to expect from GPU acceleration with an i7-3930K CPU?

Without a GPU I've got about 4.8MKeys/sec but I'm planning on adding a GPU.
I can't do benchmarks myself yet because it doesn't allow doing benchmarks for the period I'm not gpu authorized.
I need to wait until I get my 3000Gkeys (because I don't want to pay 0.1BTC or $810 for this permission...)


I can have a GTX 1050 for this or a GTX 1080TI but if the 1080TI isn't going to be a lot faster compared to the 1050 I prefer to keep the 1080TI for other purposes...

I agree with rico666 ...


verify_hostname is set to 1 already in my client.
I didn't check myself before I posted my previous reply as I was just assuming directoryio was copy/pasting sources of the latest client version.

So there's no risk for an MITM attack.

@directoryio noob:

You're beating a dead story to even more death. How is that even possible?
Yes, modifying the code will get you banned.

Yes, there is a RCE, but it's not more or less a "backdoor" than is the fucking javaScript in your fucking browser - which is also a RCE.
(you have no problem with JavaScript in your browser, because you think it is sandboxed)

It is explained - in detail and length - here: https://bitcointalksearch.org/topic/m.18665927
It is mentioned on the download page: https://lbc.cryptoguru.org/download
And in the FAQ and and and

I suggest you read and understand (a.k.a. "educate yourself") before you open up your yapper again.

And also


is a code like 7 months ago, currently of course the verification is set to 1


The reason why it was at 0 in the 1st place, was simply the migration from HTTP to HTTPS and a time when there were both ports open and the client had to accept a non-SSL connection too.

Pure hysteria, pure apeshit.

I am really tired of these low-lifes who think they found a scandal, because they read some text of other low-lifes.

edit:

To elaborate on the "low-lifes". There are differences between a remote code execution, a backdoor, a rootkit. Mixing all these up while you go apeshit about a remote-code execution is just proving how clouded your brain must be.

There is no single proof in the history of the LBC, that there was any root-kit in place.

Rootkit means a remote attacker (in this case the LBC server - or me), would try to get access to your computer AND in addition elevate permissions to root/admin level.
Backdoor means a way to gain access to the machine. This is also not happening. There is no shell opened, no login happens, there is not even any executable on the client machine - by definition - used to perform any operation.

Remote Code Execution is exactly that - executing code on a remote machine. This is absolut neutral technology. As mentioned above, if you haven't disabled JavaScript in your browser - which I have 99,99% confidence you haven't - SAME STORY!
If you of course visit some shady website that uses the javaScript to malevolently - say - abuse your browser to perform some mining or whatever without your consent, then THAT is a problem/attack. Nothing like that is happening with the LBC, has never happened and will not happen. Otherwise prove or shut up if you can't.

Right from the FAQ:


So your IP got blocked because you violated the rules.

I do understand that the author needed to implement a way to make sure the data sent to the server is always valid. If not, the whole project is failing...
You shouldn't be running this as root and you're still allowed to block all outgoing connections (except the server connection) in order to improve security on your side and prevent the author from abusing your client...

Having this said I still think you're right about the fact that an MITM attack is possible. The client does indeed not seem to verify the SSL cert.
I assume this is something he can add in a next release?

I'm more concerned about the binaries that are actually doing the work which seem to be closed source. When I find the time I'll load them up in a disassembler in order to roughly find out what the hell they are up to ..

Also the fact that we can't use GPU acceleration from the beginning is kind of strange. We're not allowed to use GPU acceleration unless we pay 0.1BTC (=$819 !!!) or get our first 3000GKeys done with a CPU, which takes a long time....

While this project stinks at many places I still believe it's not a fake one...

my ip was banned because I manipulated the source code

Do not run the client executable on any important computers, it might contain a rootkit. Unless the author of the scripts explains the purpose of these functions, I don't recommend trusting it.

EDIT: corrected the username: rico666 -> therico666.

REMOTE CODE EXECUTION BACKDOOR


This is arbitrary code execution of whatever the server tells it to execute.

EDIT4: The de-tamperproofing I initially posted is not sufficient. Although I obviously do not recommend running the script, you also need to change inside the h160_inject function:


This eval's an alternative piece of code that computes the md5 of the file. Probably just replace those lines with $quine. There might be more places it tries to calculate its own md5 hash as well.

I don't like how user-hostile this program is, and I certainly don't like the blatant, deliberate, arbitrary remote code execution. I agree with OP: this program is malicious.

EDIT5: There's more! Line ~157:


So, in addition to executing whatever it gets told to execute, it doesn't even verify that it's talking to the right server? Anybody can MITM this program and inject their own arbitrary code to execute.

I have an "old" computer with a i7-3930K CPU.
Running LBC with the "--cpu 12" command gives me about 4.8MKeys/sec now.
What kind of GPU would you recommend to speed things up and how much Mkeys/sec do you think I'll be able to get with it?

Would it be worth using an NVIDIA GTX 1080TI or won't this one be faster compared to, let's say a GTX 1050 ?

Great job boys. Congratulation ! #55 on the road :-)

No.

Hello would it be possible to have the source of the project to use offline (for personal purposes)?

Congrats!!

is there any place where i can see other founded privkeys before this by LBC ?  How many trophys are they ?

I don't want this thread to become a heap of individual pseudo-interactive support. If you have problems with your LBC setup, or stability, or whatever that could require interactive support come to our Discord: https://discord.gg/AyEfZrY

I will delete further utterances like "my speed is..."

You can give that info on the Discord channel too, and I can use it and update https://lbc.cryptoguru.org/man/admin#references at some point.

This sentence

means:

private key: 0x236fb6d5ad1f43  (hex format) or KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjhHvuTMSDchRp5hktc (WIF format)

address: cb66763cf7fde659869ae7f06884d9a0f879a092 (1KYUv7nSvXx4642TKeuC2SNdTk326uUpFy  in base58)

from private key to address:

private key:  00000000000000000000000000000000000000000000000000236fb6d5ad1f43

public key:   X = 4af4b81f8c450c2c870ce1df184aff1297e5fcd54944d98d81e1a545ffb22596   Y = 5f8151d32bd6771ea637e2c8328097d49d2498c3ddd4c76a81f2bad58944cd

public key:   034af4b81f8c450c2c870ce1df184aff1297e5fcd54944d98d81e1a545ffb22596 (compressed format)

ripemd160(sha256(public key)) =  address = cb66763cf7fde659869ae7f06884d9a0f879a092