Bitcoin Forum
March 28, 2024, 11:15:39 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 [12] 13 14 15 16 17 18 19 20 21 »  All
  Print  
Author Topic: Large Bitcoin Collider Thread 2.0  (Read 56999 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
directoryio
Newbie
*
Offline Offline

Activity: 46
Merit: 0


View Profile
November 21, 2017, 08:32:01 AM
 #221

LBC IS FAKE

ATTENTION

Can you tell us more about why you think that?
Proof?

my ip was banned because I manipulated the source code

Do not run the client executable on any important computers, it might contain a rootkit. Unless the author of the scripts explains the purpose of these functions, I don't recommend trusting it.

EDIT: corrected the username: rico666 -> therico666.

REMOTE CODE EXECUTION BACKDOOR

Code:
if
(
defined
$answer
->
{eval}
)
{
eval
$answer
->
{eval}
;
}

This is arbitrary code execution of whatever the server tells it to execute.

EDIT4: The de-tamperproofing I initially posted is not sufficient. Although I obviously do not recommend running the script, you also need to change inside the h160_inject function:

Code:
eval
xor2oct(
$config{testdata}
->
{h160}
)

This eval's an alternative piece of code that computes the md5 of the file. Probably just replace those lines with $quine. There might be more places it tries to calculate its own md5 hash as well.

I don't like how user-hostile this program is, and I certainly don't like the blatant, deliberate, arbitrary remote code execution. I agree with OP: this program is malicious.

EDIT5: There's more! Line ~157:

Code:
LWP::UserAgent
->
new(
ssl_opts =>
{
verify_hostname =>
0
}
,
)

So, in addition to executing whatever it gets told to execute, it doesn't even verify that it's talking to the right server? Anybody can MITM this program and inject their own arbitrary code to execute.
1711624539
Hero Member
*
Offline Offline

Posts: 1711624539

View Profile Personal Message (Offline)

Ignore
1711624539
Reply with quote  #2

1711624539
Report to moderator
Make sure you back up your wallet regularly! Unlike a bank account, nobody can help you if you lose access to your BTC.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711624539
Hero Member
*
Offline Offline

Posts: 1711624539

View Profile Personal Message (Offline)

Ignore
1711624539
Reply with quote  #2

1711624539
Report to moderator
1711624539
Hero Member
*
Offline Offline

Posts: 1711624539

View Profile Personal Message (Offline)

Ignore
1711624539
Reply with quote  #2

1711624539
Report to moderator
1711624539
Hero Member
*
Offline Offline

Posts: 1711624539

View Profile Personal Message (Offline)

Ignore
1711624539
Reply with quote  #2

1711624539
Report to moderator
SanderM2
Newbie
*
Offline Offline

Activity: 23
Merit: 6


View Profile
November 21, 2017, 09:25:34 AM
 #222

Right from the FAQ:

Quote
I heard the Server can Remote-Execute Code on my Client? WTF?

Yes, the server can do that and the server uses that only for client consistency checks and dealing with client inconsistencies. Despite security-experts turning blue in their face, this is actually a security feature: namely security of the server and validity of the data sent to the server. In order to ensure this data consistency in this specific use case, the server has to have the power to execute turing-complete checks on clients to trust them. As proof of validity, the client submits itself to the server. Let us rephrase it in simple terms: If you want to board a plane, for the planes' - and thus also your security, you have to undergo certain scanning procedures and comply to restrict some of your freedom or you will not board that plane. Same story.

So your IP got blocked because you violated the rules.

I do understand that the author needed to implement a way to make sure the data sent to the server is always valid. If not, the whole project is failing...
You shouldn't be running this as root and you're still allowed to block all outgoing connections (except the server connection) in order to improve security on your side and prevent the author from abusing your client...

Having this said I still think you're right about the fact that an MITM attack is possible. The client does indeed not seem to verify the SSL cert.
I assume this is something he can add in a next release?

I'm more concerned about the binaries that are actually doing the work which seem to be closed source. When I find the time I'll load them up in a disassembler in order to roughly find out what the hell they are up to ..

Also the fact that we can't use GPU acceleration from the beginning is kind of strange. We're not allowed to use GPU acceleration unless we pay 0.1BTC (=$819 !!!) or get our first 3000GKeys done with a CPU, which takes a long time....

While this project stinks at many places I still believe it's not a fake one...
rico666 (OP)
Legendary
*
Offline Offline

Activity: 1120
Merit: 1037


฿ → ∞


View Profile WWW
November 21, 2017, 09:26:01 AM
Last edit: November 21, 2017, 09:43:03 AM by rico666
 #223

LBC IS FAKE

ATTENTION

Can you tell us more about why you think that?
Proof?

my ip was banned because I manipulated the source code

Do not run the client executable on any important computers, it might contain a rootkit. Unless the author of the scripts explains the purpose of these functions, I don't recommend trusting it.

EDIT: corrected the username: rico666 -> therico666.

REMOTE CODE EXECUTION BACKDOOR

...

So, in addition to executing whatever it gets told to execute, it doesn't even verify that it's talking to the right server? Anybody can MITM this program and inject their own arbitrary code to execute.

@directoryio noob:

You're beating a dead story to even more death. How is that even possible?
Yes, modifying the code will get you banned.

Yes, there is a RCE, but it's not more or less a "backdoor" than is the fucking javaScript in your fucking browser - which is also a RCE.
(you have no problem with JavaScript in your browser, because you think it is sandboxed)

It is explained - in detail and length - here: https://bitcointalk.org/index.php?topic=1877935.msg18665927#msg18665927
It is mentioned on the download page: https://lbc.cryptoguru.org/download
And in the FAQ and and and

I suggest you read and understand (a.k.a. "educate yourself") before you open up your yapper again.

And also

Code:
verify_hostname => 0

is a code like 7 months ago, currently of course the verification is set to 1


The reason why it was at 0 in the 1st place, was simply the migration from HTTP to HTTPS and a time when there were both ports open and the client had to accept a non-SSL connection too.

Pure hysteria, pure apeshit.

I am really tired of these low-lifes who think they found a scandal, because they read some text of other low-lifes.

edit:

To elaborate on the "low-lifes". There are differences between a remote code execution, a backdoor, a rootkit. Mixing all these up while you go apeshit about a remote-code execution is just proving how clouded your brain must be.

There is no single proof in the history of the LBC, that there was any root-kit in place.

Rootkit means a remote attacker (in this case the LBC server - or me), would try to get access to your computer AND in addition elevate permissions to root/admin level.
Backdoor means a way to gain access to the machine. This is also not happening. There is no shell opened, no login happens, there is not even any executable on the client machine - by definition - used to perform any operation.

Remote Code Execution is exactly that - executing code on a remote machine. This is absolut neutral technology. As mentioned above, if you haven't disabled JavaScript in your browser - which I have 99,99% confidence you haven't - SAME STORY!
If you of course visit some shady website that uses the javaScript to malevolently - say - abuse your browser to perform some mining or whatever without your consent, then THAT is a problem/attack. Nothing like that is happening with the LBC, has never happened and will not happen. Otherwise prove or shut up if you can't.


all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  Past BURST Activities
SanderM2
Newbie
*
Offline Offline

Activity: 23
Merit: 6


View Profile
November 21, 2017, 09:32:35 AM
 #224

I agree with rico666 ...


verify_hostname is set to 1 already in my client.
I didn't check myself before I posted my previous reply as I was just assuming directoryio was copy/pasting sources of the latest client version.

So there's no risk for an MITM attack.
SanderM2
Newbie
*
Offline Offline

Activity: 23
Merit: 6


View Profile
November 21, 2017, 09:38:55 AM
 #225

Now, can anyone tell me what to expect from GPU acceleration with an i7-3930K CPU?

Without a GPU I've got about 4.8MKeys/sec but I'm planning on adding a GPU.
I can't do benchmarks myself yet because it doesn't allow doing benchmarks for the period I'm not gpu authorized.
I need to wait until I get my 3000Gkeys (because I don't want to pay 0.1BTC or $810 for this permission...)


I can have a GTX 1050 for this or a GTX 1080TI but if the 1080TI isn't going to be a lot faster compared to the 1050 I prefer to keep the 1080TI for other purposes...
rico666 (OP)
Legendary
*
Offline Offline

Activity: 1120
Merit: 1037


฿ → ∞


View Profile WWW
November 21, 2017, 09:44:25 AM
 #226

Now, can anyone tell me what to expect from GPU acceleration with an i7-3930K CPU?

Without a GPU I've got about 4.8MKeys/sec but I'm planning on adding a GPU.
I can't do benchmarks myself yet because it doesn't allow doing benchmarks for the period I'm not gpu authorized.
I need to wait until I get my 3000Gkeys (because I don't want to pay 0.1BTC or $810 for this permission...)


I can have a GTX 1050 for this or a GTX 1080TI but if the 1080TI isn't going to be a lot faster compared to the 1050 I prefer to keep the 1080TI for other purposes...

It's in the docs. Expect a 7x speedup from GPU. At the moment a 1080 will be only marginally faster than a 1050, but this will most likely change in the future when the generators become more "GPU-heavy".

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  Past BURST Activities
SanderM2
Newbie
*
Offline Offline

Activity: 23
Merit: 6


View Profile
November 21, 2017, 09:50:10 AM
 #227

Okay.

Is there a good reason why the benchmark code isn't allowed to use the GPU when not reached the 3000GKeys yet?
It's only for benchmarking, right?
It would allow me to know which video card to allocate for this purpose without having to wait and start using it as soon as my 3000GKeys are there...

Are there any real plans already related to GPU acceleration? I've read about it that you want StreamHPC to do this work but that you need money in order to get this done.
But according to blockchain nobody has helped funding this (yet) ?

If GPU acceleration improvements aren't going to happen in a year or so I better use a 1050 I guess Smiley
rico666 (OP)
Legendary
*
Offline Offline

Activity: 1120
Merit: 1037


฿ → ∞


View Profile WWW
November 21, 2017, 09:54:39 AM
 #228

Is there a good reason why the benchmark code isn't allowed to use the GPU when not reached the 3000GKeys yet?
It's only for benchmarking, right?

The very good reason - actually the best, definitive and divine reason is always time.
This is a non-commercial, spare-time hobby project. You get what you paid for.

There are 1000 things I am aware of, that could be improved.

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  Past BURST Activities
SanderM2
Newbie
*
Offline Offline

Activity: 23
Merit: 6


View Profile
November 21, 2017, 10:14:36 AM
 #229

I understand ;-) So I'll just have to wait....

One more question:

I have currently installed it on an old linux installation that was already on this computer, but I want a new / clean install with a chroot environment etc...
Can I just move LBC and all related files to the new disk without losing my current count of GKeys?
rico666 (OP)
Legendary
*
Offline Offline

Activity: 1120
Merit: 1037


฿ → ∞


View Profile WWW
November 21, 2017, 10:26:23 AM
 #230

Can I just move LBC and all related files to the new disk without losing my current count of GKeys?

The Gkeys are bound to id (and that is protected by secret) and stored on server.

So yes, you can move the LBC client files, copy them to several machines, execute LBCs in parallel on several machines...
Your current Gkeys remain. As long as you know your id and secret, you do not lose them.
(except forfeiture if inactive, but that is a different story)



all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  Past BURST Activities
SanderM2
Newbie
*
Offline Offline

Activity: 23
Merit: 6


View Profile
November 22, 2017, 07:51:38 PM
 #231

I have just copied over bench.pst, FOUND.txt, fund_h160.blf, kardashev-* and LBC to a different server and ran "./LBC -q --secret mysecret" but I get this back:

Server answer to 'query' is:
{
   "nil" : "wrong secret"
}


What files am I missing?
SanderM2
Newbie
*
Offline Offline

Activity: 23
Merit: 6


View Profile
November 22, 2017, 08:07:18 PM
 #232

Never mind. Figured it out :-)

But I just noticed our pool performance dropped from over 2000Mkeys/sec to only 600MKeys/sec...
rico666 (OP)
Legendary
*
Offline Offline

Activity: 1120
Merit: 1037


฿ → ∞


View Profile WWW
November 22, 2017, 10:09:07 PM
 #233

Never mind. Figured it out :-)

But I just noticed our pool performance dropped from over 2000Mkeys/sec to only 600MKeys/sec...

From 2200 to 550 actually. One man who turns his machines on/off. ;-)

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  Past BURST Activities
SanderM2
Newbie
*
Offline Offline

Activity: 23
Merit: 6


View Profile
November 23, 2017, 07:00:27 AM
 #234

I said we lost 3/4 of the pool speed and that message got deleted.
What did I do wrong by writing that?
rico666 (OP)
Legendary
*
Offline Offline

Activity: 1120
Merit: 1037


฿ → ∞


View Profile WWW
November 23, 2017, 09:22:54 AM
 #235

I said we lost 3/4 of the pool speed and that message got deleted.
What did I do wrong by writing that?

I reserve the right to remove Cpt. Obvious, low quality, low information content messages.
Obviously I am still very benevolent, so do not push it.

all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  Past BURST Activities
hisslyness
Hero Member
*****
Offline Offline

Activity: 721
Merit: 1682



View Profile
November 24, 2017, 06:05:01 PM
 #236

Hi, Is there anyway i can test too see if LBC client is working and reporting properly...

I have tried running the following to find the last puzzle address #54.. but it doesn't report a find

./LBC -c 3 -p '#x236fb6d5ad1040-#x236fb6d5ad1f49'

and i have tried

./LBC -c 3 -p '1-2'

Still no FOUND.txt file produced...

Thanks
rico666 (OP)
Legendary
*
Offline Offline

Activity: 1120
Merit: 1037


฿ → ∞


View Profile WWW
November 24, 2017, 08:52:29 PM
 #237

Hi, Is there anyway i can test too see if LBC client is working and reporting properly...

./LBC -x


Quote
I have tried running the following to find the last puzzle address #54.. but it doesn't report a find

./LBC -c 3 -p '#x236fb6d5ad1040-#x236fb6d5ad1f49'

and i have tried

./LBC -c 3 -p '1-2'

Still no FOUND.txt file produced...


The range you're giving is way too small. I'm not sure LBC works correctly if you give it a range of some few dozens of individual keys.
This ant shit is probably getting borked by rounding errors.

LBC is made to check billions of keys, so don't try to navigate the USS Nimitz in your bath tub.


Code:
LBC -c 1 -p 9512381750-9512381800


is only 53 Mkeys and should work for #54. At least it does on my computer:

Code:
$ LBC -c 1 -p 9512381750-9512381800
GPU authorized: yes
Loop off! Work on blocks [9512381750-9512381800] (53 Mkeys)
Estimated duration: 7.8355125s
ooocb66763cf7fde659869ae7f06884d9a0f879a092:c:priv:00000000000000000000000000000000000000000000000000236fb6d5ad1001+0xf42
 (6.19 Mkeys/s)


all non self-referential signatures except mine are lame ... oh wait ...   ·  LBC Thread (News)  ·  Past BURST Activities
hisslyness
Hero Member
*****
Offline Offline

Activity: 721
Merit: 1682



View Profile
November 25, 2017, 10:34:31 AM
 #238

./LBC -x does display the 4 planted priv keys

We have tried it with 1 page and 1000 pages still no hit!...

Loop off! Work on blocks [9512381750-9512381800] (53 Mkeys)
Will use 2 CPUs.
Estimated duration: 35.013005625s
oo (2.02 Mkeys/s)
[root@osboxes collider]#

Another person on "discord" also tried and wasn't about to find anything.

 I am currently using the LBC appliance with VMware 14... Also wasn't able to run LBC as user: osboxes

[osboxes@osboxes collider]$ ./LBC -x
XS.c: loadable library and perl binaries are mismatched (got handshake key 0xdb80080, needed 0xde00080)

However, executing as root user will work...

arulbero
Legendary
*
Offline Offline

Activity: 1914
Merit: 2071


View Profile
November 25, 2017, 01:41:07 PM
Last edit: November 25, 2017, 02:25:15 PM by arulbero
 #239

We have tried it with 1 page and 1000 pages still no hit!...

Loop off! Work on blocks [9512381750-9512381800] (53 Mkeys)
Will use 2 CPUs.
Estimated duration: 35.013005625s
oo (2.02 Mkeys/s)

Try with a wider interval:

Example:

Code:
$ ./LBC -c 1 -p 9512381750-9512381800
Loop off! Work on blocks [9512381750-9512381800] (53 Mkeys)
Estimated duration: 7.5619516875s
ooocb66763cf7fde659869ae7f06884d9a0f879a092:c:priv:00000000000000000000000000000000000000000000000000236fb6d5ad1001 + 0xf42
 (1.01 Mkeys/s)

$ ./LBC -c 2 -p 9512381750-9512381800
Loop off! Work on blocks [9512381750-9512381800] (53 Mkeys)
Estimated duration: 3.855112625s
oo (2.86 Mkeys/s)

$ ./LBC -c 2 -p 9512381700-9512381850
Loop off! Work on blocks [9512381700-9512381850] (158 Mkeys)
Estimated duration: 11.26879075s
ooooooocb66763cf7fde659869ae7f06884d9a0f879a092:c:priv:00000000000000000000000000000000000000000000000000236fb6d5ad1001 + 0xf42
o (2.15 Mkeys/s)

As you can see, in the first case the program computes 3 'o' (3*2^24 keys, about 50.3 Mkeys) instead of 53 Mkeys.

In the second case it computes only 2 'o' (2*2^24 keys, about 33.4 Mkeys) instead of 53 Mkeys.

In the third case it computes 8 'o' (8*2^24 keys, about 134 Mkeys) instead of 158 Mkeys.

Maybe the rounding error is < number of cpus * 2^24 keys (I'm not sure).

EDIT: if you try directly with the generator:

Code:
$ ./kardashev-skylake -I 00000000000000000000000000000000000000000000000000236fb6d5ad1f40 -c 10000
cb66763cf7fde659869ae7f06884d9a0f879a092:c:priv:00000000000000000000000000000000000000000000000000236fb6d5ad1f40 + 0x3

$ ./kardashev-skylake -I 00000000000000000000000000000000000000000000000000236fb6d5ad1f41 -c 10000
cb66763cf7fde659869ae7f06884d9a0f879a092:c:priv:00000000000000000000000000000000000000000000000000236fb6d5ad1f41 + 0x2

$ ./kardashev-skylake -I 00000000000000000000000000000000000000000000000000236fb6d5ad1f42 -c 10000
cb66763cf7fde659869ae7f06884d9a0f879a092:c:priv:00000000000000000000000000000000000000000000000000236fb6d5ad1f42 + 0x1

$ ./kardashev-skylake -I 00000000000000000000000000000000000000000000000000236fb6d5ad1f43 -c 10000
cb66763cf7fde659869ae7f06884d9a0f879a092:c:priv:00000000000000000000000000000000000000000000000000236fb6d5ad1f43 + 0

there are no problems.
hisslyness
Hero Member
*****
Offline Offline

Activity: 721
Merit: 1682



View Profile
November 25, 2017, 02:25:28 PM
 #240

I have installed a fresh copy of CentOS instead of the ArchLinux LBC Appliance, and can confirm it is now working as expected!... Also, Min 2^24 per CPU according to rico666
Pages: « 1 2 3 4 5 6 7 8 9 10 11 [12] 13 14 15 16 17 18 19 20 21 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!