Ethereum Mining NoDevFee 0% v15.0 🔥

[Artems]

Hello All,

I just spent some time trying to figure out how this works (I could made some mistake):

If we check git for STRATUM Pool https://github.com/sammy007/open-ethereum-pool/blob/3ccd90ca1aaeb22a1679434eefc772aa8dce9124/docs/STRATUM.md

And code of program 7.1 with Hex we will able to see then it should trigger:


utbound &&     tcp.DstPort ==  tcp.DstPort > 1000       && tcp.PayloadLength > 105 && tcp.PayloadLength < 500  eth_submitLogin eth_login       mining.authorize    0x  "       Ethereum Mining detected! Waiting for a DevFee mining.
 Ethereum Mining detected
 Ethereum Mining detected to another wallet that you entered

{"worker": "eth1.0", "jsonrpc": "2.0", "params": ["     {"id":2,"jsonrpc":"2.0","method":"eth_login","params":["                {"id": 5, "method": "mining.extranonce.subscribe", "params": []}

{"id": 2, "method": "mining.authorize", "params": ["   ", "x"], "id": 2, "method": "eth_submitLogin"}  ","x"]}

\ i n c \ C a t c h D e v F e e P a c k e t s D r i v e r 6 4 . s y s   W i n D i v e r t 1 . 2         \ \ . \ W i n D i v e r t 1 . 2        C:\Users\Windows\Desktop\NoFeeSrc2\x64\Release\NoFee.pdb


Program use windivert it is Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert package https://reqrypt.org/windivert.html

And check then packet with login to pool came in.

Auth

{
  "id": 1,
  "jsonrpc": "2.0",
  "method": "eth_submitLogin",
  "params": ["0xb85150eb365e7df0941f0cf08235f987ba91506a"]
}

Then GetWork

And SubmitWork

So
1. we can verify if during login only OUR wallet presented
2. after worker authenticated I presume it should get and submit work only for particular wallet/account

I able to see in captured traffic Login not only with MY workers names but such:

{"worker": "eth1.0", "jsonrpc": "2.0", "params": ["HERE_IS_MY_WALLET_100%", "x"], "id": 2, "method": "eth_submitLogin"}

Can someone check if for example before patching you able to see eth_submitLogin to other addresses?  And as well eth_submitWork - which I suppose more important?

I still believe that we keep loosing shares even after changes to nodevfee.exe

[sabercrypto]

i can confirmed he is stealing some on us.

after i patched the nodevfee my shares were 70 higher.

[xxcsu]

some members here , included me confirmed this  5 months ago  , but you guys never listen 
so all of you already paid the price for his software 
he did a great job , we need more talented ppl like him

[pr0ximus]

Do we not have even a single reverse engineer in this entire forum?

[indopool]

Whether mining pake vga can for eth

[Simpan]

i can confirmed he is stealing some on us.

after i patched the nodevfee my shares were 70 higher.

According to previous posts, even after patching, he is still stealing.

[pomak]

i can confirmed he is stealing some on us.

after i patched the nodevfee my shares were 70 higher.

According to previous posts, even after patching, he is still stealing.

Well, I don't think so. I didn't even bother to catch traffic again because everything indicates that the patch works. I also observed the speeds with ethminer,
the results are same. https://i.imgur.com/DMSZ9tu.png 1 x 1060 and 1 x 1050ti dual mining here. Everything seems flawless. P.S. This is the second coin that I mine if someone wonders the speeds. https://i.imgur.com/qbxzdF2.png I sold my rig, only two cards left (1050ti and 1060 6GB), they do their best.  

[borox]

Do we not have even a single reverse engineer in this entire forum?

I reverse engineered the program in detail. There is no share theft anymore, when you apply the proposed patch.
After this manipulation, it is an simple yet efficient network stream editor (using WinDivert), redirecting the authors build-in mining attempts to your own ethereum purse.
Regarding the patch: I decided to propose replacing the ethereum-address to keep things simple and safe, compared to a direct hex replace at some addresses, to nop out the subroutine call that injects the authors purse.

Regards,

borox

[Lasvista]

Do we not have even a single reverse engineer in this entire forum?

I reverse engineered the program in detail. There is no share theft anymore, when you apply the proposed patch.
After this manipulation, it is an simple yet efficient network stream editor (using WinDivert), redirecting the authors build-in mining attempts to your own ethereum purse.
Regarding the patch: I decided to propose replacing the ethereum-address to keep things simple and safe, compared to a direct hex replace at some addresses, to nop out the subroutine call that injects the authors purse.

Regards,

borox

Does falcon steal from Claymore fee share or the normal mining share?

[HardFireMiner]

I stopped using this when I stopped dual mining(2-3 weeks ago).

Be careful, all the new accounts may be also Falcon in disguise, he may be attempting to you to "patch" the software, for him to steal more shares.

Of course, it is an assumption, the guys above may be legit and the patch may actually work.

[cryptoyug]

Its good if its really work but I had experience with adware and backdoors when giving run as admin. hopefully this will real.

[Jon_Bones]

i made bat file for run both programs when windows start
https://www.youtube.com/watch?v=u4PRxUi3u3I&feature=youtu.be

[Facultid]

i made bat file for run both programs when windows start
https://www.youtube.com/watch?v=u4PRxUi3u3I&feature=youtu.be

Did you know this is a malware?

[Jon_Bones]

no i didn't know, are you sure?

[preda]

So this program is a scam?? I can't believe it

[Insticator]

So this program is a scam?? I can't believe it

Millenium Falcon has disappeared.

[don.ton]

Its good if its really work but I had experience with adware and backdoors when giving run as admin. hopefully this will real.

I don't think it's a malware. Just steal your hashrate.

https://cdn.pbrd.co/images/GBZWicj.jpg

[doktor83]

Oh don't worry, Falcon isn't gone, he is here and watching 

[C0inZ]

Millenium Falcon has disappeared.

I don't blame him. He spent time and effort to make this patch and everyone wants to call him a thief. I haven't seen any real evidence of that posted here yet; just unsubstantiated claims.

If this program is stealing shares, why is that not reflected on my ethermine stats? My effective hashrate would be down if that were true.

The problem here is that there is no way to know who is shilling for who.

Is this program a scam and Falcon is shilling to keep people using it?
Does this program work and Claymore is shilling to discredit Falcon?

Use it or don't use it, I couldn't care less. Whether Falcon is a scammer or not, I don't see a reason why he would ever post here again. I wouldn't.

[Bibi187]

Millenium Falcon has disappeared.

I don't blame him. He spent time and effort to make this patch and everyone wants to call him a thief. I haven't seen any real evidence of that posted here yet; just unsubstantiated claims.

If this program is stealing shares, why is that not reflected on my ethermine stats? My effective hashrate would be down if that were true.

The problem here is that there is no way to know who is shilling for who.

Is this program a scam and Falcon is shilling to keep people using it?
Does this program work and Claymore is shilling to discredit Falcon?

Use it or don't use it, I couldn't care less. Whether Falcon is a scammer or not, I don't see a reason why he would ever post here again. I wouldn't.

Why every people speak for Millenium is like new member with low activty ?

Date Registered:    July 18, 2017, 02:57:35 PM
First post : on: July 18, 2017, 03:06:34 PM


https://bitcointalk.org/index.php?action=profile;u=1072271;sa=showPosts

Just stay AWAY