dhaern
Newbie
 Offline
Activity: 8
Merit: 0
|
 |
July 12, 2017, 11:03:07 AM |
|
Hi,
I have found no evidence of virus activity in the code and no evidence for the strange redirection to the private stratum-server IP I reported. It could be a result of using the nicehash-software for some time, in between (I use it as auto-fallback, if the main poolmining has a problem).
BUT it has a random redirection to the authors mining-address 0x78.. build in. After I patched the software, all DevFee arrives at my own account, without exception.
The following submitted-shares numbers are broken down for a 100MHs mining rig for easy comparision.
Unpatched NoDevFee (24h run): mean value 176 shares per hour
Patched NoDevFee (24h run): mean value 182 shares per hour
That makes an average of 6 shares per hour mined to the authors purse.
So, dear @Millenium Falcon, thank your for programming this software, but could you please remove the undocumented mining-redirection to your purse? Or, at least, add a note to your posting regarding this topic?
How do you patching the .exe? with x64dbg? Could you add a little guide for do it please? Disassembler and debugger - use them. I know... but again WHAT disassembler and a what edit in disassembler?? I use x64dbg for 64bits .exe or ollydbg/x32dbg for 32bits .exe... |
|
|
|
|
don.ton
Newbie
Offline
Activity: 21
Merit: 0
|
|
July 12, 2017, 11:32:38 AM |
|
Is there anybody who made a system snapshot, and a comparison after the first start of this program ?
What files and registry settings has been changed, if any ?
|
|
|
|
|
don.ton
Newbie
Offline
Activity: 21
Merit: 0
|
|
July 12, 2017, 11:56:55 AM |
|
The following submitted-shares numbers are broken down for a 100MHs mining rig for easy comparision.
Unpatched NoDevFee (24h run): mean value 176 shares per hour
Patched NoDevFee (24h run): mean value 182 shares per hour
182 valid shares per hour, for 100 MHS ?  On which pool ? |
|
|
|
|
borox
Newbie
Offline
Activity: 44
Merit: 0
|
|
July 12, 2017, 12:03:20 PM
Last edit: July 12, 2017, 12:17:32 PM by borox |
|
How do you patching the .exe? with x64dbg? Could you add a little guide for do it please?
For the easy-goin you can open the exe with some hex-editor, then either search ASCII for 0x78 or you direct jump to address 00008EE0 (hex). There you find the authors 0x78.. address. Change it to yours and you will be fine  Take care not to change any other byte but the ether-address. Regards, borox Donations welcome :)
BTC 18AT1kRgSoGrw1TCPpduPnWnX7t1TK23Xo
ETH 0x3084a8657ccf9d21575e5dd8357a2deaf1904ef6
|
|
|
|
|
budd23
Newbie
Offline
Activity: 6
Merit: 0
|
|
July 12, 2017, 12:31:39 PM |
|
How do you patching the .exe? with x64dbg? Could you add a little guide for do it please?
For the easy-goin you can open the exe with some hex-editor, then either search ASCII for 0x78 or you direct jump to address 00008EE0 (hex). There you find the authors 0x78.. address. Change it to yours and you will be fine Take care not to change any other byte but the ether-address. Regards, borox Donations welcome :)
BTC 18AT1kRgSoGrw1TCPpduPnWnX7t1TK23Xo
ETH 0x3084a8657ccf9d21575e5dd8357a2deaf1904ef6
Did you find this using nodevfee7? The address I found at 00008EE0 differs from the one you found. I found 0x69b612b2088a75054de71d7ec10dc50d3be94f55 instead. Looks like the current balance is at 0 ether but there have been a bunch of transfers to btc https://etherchain.org/account/0x69b612b2088a75054de71d7ec10dc50d3be94f55#txsent |
|
|
|
|
borox
Newbie
Offline
Activity: 44
Merit: 0
|
|
July 12, 2017, 12:50:59 PM |
|
Yes, v7.1 - maybe the Download file is different on Mega and Google or the author has changed it some time.
|
|
|
|
|
budd23
Newbie
Offline
Activity: 6
Merit: 0
|
|
July 12, 2017, 12:59:01 PM |
|
Yes, v7.1 - maybe the Download file is different on Mega and Google or the author has changed it some time.
Thanks for the quick guide, but how can you be sure his address isn't also obfuscated somewhere else in the code? |
|
|
|
|
raumi29
Newbie
Offline
Activity: 15
Merit: 0
|
|
July 12, 2017, 01:06:25 PM |
|
His wallet 0x7 is however more often than once in the exe deposited. Have you tested with Wireshark several hours whether this works?
I'm not sure if you've completely cleaned NoDevFee with this workaround.
|
|
|
|
|
borox
Newbie
Offline
Activity: 44
Merit: 0
|
|
July 12, 2017, 01:17:12 PM
Last edit: July 12, 2017, 07:02:21 PM by borox |
|
Hi,
I disassembled and debugged the code. The other finding is for the help-lines, only.
The patched version runs since 48h, monitored using wireshark - all DevFee went into my purse.
Regards,
borox
|
|
|
|
|
Togie
Member
Offline
Activity: 100
Merit: 10
|
|
July 12, 2017, 01:50:48 PM |
|
Why do you making this software when claymore puts in the -nofee option inside his miner ?
i mean is it necessary ?
|
|
|
|
|
|
pr0ximus
|
|
July 12, 2017, 03:09:16 PM |
|
Why do you making this software when claymore puts in the -nofee option inside his miner ?
i mean is it necessary ?
using -nofee would reduce your hash rate. |
|
|
|
|
|
doktor83
|
|
July 12, 2017, 04:18:56 PM |
|
You guys are so bad  |
|
|
|
|
|
NikWing
Newbie
Offline
Activity: 18
Merit: 0
|
|
July 12, 2017, 05:24:59 PM |
|
hey guys I'm reading here for some time but now I finally registered. and I've got a question: 182 valid shares per hour, for 100 MHS ? On which pool ? I have about 56 MH/s and the shares are between 28 and 45 per hour ... @b080180d: the readme should tell you everything just install python 2.7, add the python folder to the Windows path (reboot) then follow the readme on the github page |
|
|
|
|
|
doktor83
|
|
July 12, 2017, 07:23:01 PM |
|
Did Falcon flew away ?  |
|
|
|
borox
Newbie
Offline
Activity: 44
Merit: 0
|
|
July 12, 2017, 07:56:04 PM |
|
182 valid shares per hour, for 100 MHS ? On which pool ? It's dwarfpool + Claymore Dual Mining 9.7 ETH/DCR + Patched NoDevFee Regards, borox |
|
|
|
|
|
Oakey22
|
|
July 12, 2017, 09:28:06 PM |
|
Sneaky git, cant even get corrupt people doing the honest thing no more.
|
|
|
|
|
|
BTCBusinessConsult
|
|
July 12, 2017, 10:03:57 PM |
|
Why don't you guys just use the miner and then the option of no dev fee. It only lowers the mining speed by like 1% or something minuscule. but to each there own.... Edit: 182 accepts per hour on 100 MHS |
EPIC5k Trading on https://spectre.ai/?ref=PassiveIncome. Paying WEEKLY rewards in ETH since 2017. 100% FRAUD FREE Binary Trading Platform. $SXDT. Ask me about the ONLY smart options trading platform with 400% payouts, and their unique EPIC5000 trading system. |
|
|
adaseb
Legendary
Offline
Activity: 3878
Merit: 1733
|
|
July 12, 2017, 10:06:55 PM |
|
Why don't you guys just use the miner and then the option of no dev fee. It only lowers the mining speed by like 1% or something minuscule. but to each there own.... Edit: 182 accepts per hour on 100 MHS Its lowers the speed by like 5% not 1%. So you lose 4% instead of losing 1% by dev mining fee. |
|
|
|
|
|
BTCBusinessConsult
|
|
July 12, 2017, 10:08:29 PM |
|
Why don't you guys just use the miner and then the option of no dev fee. It only lowers the mining speed by like 1% or something minuscule. but to each there own.... Edit: 182 accepts per hour on 100 MHS Its lowers the speed by like 5% not 1%. So you lose 4% instead of losing 1% by dev mining fee. I stand corrected |
EPIC5k Trading on https://spectre.ai/?ref=PassiveIncome. Paying WEEKLY rewards in ETH since 2017. 100% FRAUD FREE Binary Trading Platform. $SXDT. Ask me about the ONLY smart options trading platform with 400% payouts, and their unique EPIC5000 trading system. |
|
|
|
