Bitcoin Forum
November 06, 2024, 04:13:17 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: [1]
  Print  
Author Topic: AltCoin / Bitcoin Force Share Script / Double Payout  (Read 721 times)
AlphaTrade (OP)
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile
July 19, 2017, 08:13:24 PM
 #1

This script makes it possible to force a Stratum Mining
Pool to accept "invalid" shares by the thousands for each mining pool
round. It is possible to make pure money from this script

##### What is stratum mining #####

Most of the known mining pools allow to use the so called stratum mining
pool protocol. The bitcoin and altcoin miner is configured to use the host
address and port of the stratum miner protocol server.

For example the eligius (http://eligius.st) mining pool offers a stratum
connection for mining. This mining pool is *not* affected by this
vulnerability.

Once connected to the stratum server the miner will "do work" and solve a
mathematical, crypto task. Once it has solved one of this tasks it will
*submit* a so called *share* to the stratum server. The more shares the
miners generate the more they are rewarded after a successful mining round
has completed. The actual reward given to the miner much depends on the
style of reward system used by the mining pool.

Miners submit shares using the method "mining.submit" when operating with
stratum. Client submissions contain:

1. Worker name
2. Job ID
3. ExtraNonce 2
4. nTime
5. Nonce

The server will respond with a successful accepted share response or will
reject the share submit request.

Share submits can be sent at any time to the stratum server. The stratum
server will accept only valid shares and in the case of this particular
vulnerability stratum will accept *one* valid initial share and *thousands*
of shares that follow the initial valid share but are "invalid" because
they do not solve the mathematical task in any way. The vulnerable mining
pool will accept the shares as pure payment of coins if left unnoticed.

===== Listing Number 1. ======

Code:
    this.processShare = function(jobId, previousDifficulty, difficulty,
extraNonce1, extraNonce2, nTime, nonce, ipAddress, port, workerName){
        var shareError = function(error){
            _this.emit('share', {
                job: jobId,
                ip: ipAddress,
                worker: workerName,
                difficulty: difficulty,
                error: error[1]
            });
            return {error: error, result: null};
        };

        var submitTime = Date.now() / 1000 | 0;

        if (extraNonce2.length / 2 !== _this.extraNonce2Size)
            return shareError([20, 'incorrect size of extranonce2']);

        var job = this.validJobs[jobId];

        if (typeof job === 'undefined' || job.jobId != jobId ) {
            return shareError([21, 'job not found']);
        }

        if (nTime.length !== 8) {
            return shareError([20, 'incorrect size of ntime']);
        }

        var nTimeInt = parseInt(nTime, 16);
        if (nTimeInt < job.rpcData.curtime || nTimeInt > submitTime + 7200)
{
            return shareError([20, 'ntime out of range']);
        }

        if (nonce.length !== 8) {
            return shareError([20, 'incorrect size of nonce']);
        }

        if (!job.registerSubmit(extraNonce1, extraNonce2, nTime, nonce)) {
            return shareError([22, 'duplicate share']);
        }


===== Listing Number 1. ======

Code:
    this.registerSubmit = function(extraNonce1, extraNonce2, nTime, nonce){
        var submission = extraNonce1 + extraNonce2 + nTime + nonce;
        if (submits.indexOf(submission) === -1){
            submits.push(submission);
            return true;
        }
        return false;
    };

At listing number 1. you can see the function that processes a submitted
share. It will check for a valid shape of the mining.submit parameters. And
finally call job.registerSubmit(...) at line 211 with this parameters to
check if it handles a duplicate share. It *should* discard a duplicate
share with a shareError and return from this javascript function. When we
look into the registerSubmit function we see the lines:
Code:
*115.* var submission = extraNonce1 + extraNonce2 + nTime + nonce;   
*116.*        if (submits.indexOf(submission) === -1){  
*117.*            submits.push(submission);    
*118.*            return true;  <----- share is accepted  
*119.*        }  
*120.*        return false;     <----- share isn't handled, duplicate
share.

So how can you submit the duplicate shares? It is rather easy. extraNonce1,
extraNonce2, Nonce, nTime are HEX values. And everybody knows that HEX
values can contain ASCII characters.

Let's take an example of extraNonce1 being 0xDEADBEEF. What will
registerSubmit function do with the share if we submit 0xdEADBEEF and then
0xdeADBEEF and then 0xdeaDBEEF and so on and so on. Well: the program will
blindly accept the shares! This is because the registerSubmit function is
case insensitive and the share is still valid by arithmetic.


fully automated script available set and forget!
Support Available


To Auto Buy - Follow - -.->>>>>>   https://satoshibox.com/dyovjevqqkb26zvrsu6ynkpg    <<<<<<<<<


VRobb
Hero Member
*****
Offline Offline

Activity: 1610
Merit: 538

I'm in BTC XTC


View Profile
July 19, 2017, 08:24:11 PM
 #2

Rubbish  Cheesy

I don't believe in superstition because it's bad luck: 13thF1oor6CAwyzyxXPNnRvu3nhhYeqZdc
These aren't the Droids you're looking for: S5 & S7 (Sold), R4B2, R4B4 (RIP), 2x S9 obsolete, 2xS15-28, S17-56, S17-70
Pushing a whopping 1/5 PH!  Oh The SPEED!!!
BTCBusinessConsult
Sr. Member
****
Offline Offline

Activity: 546
Merit: 250


Active Trading on EPIC5k and Spectre.Ai


View Profile WWW
July 19, 2017, 08:29:38 PM
 #3


EPIC5k Trading on https://spectre.ai/?ref=PassiveIncome. Paying WEEKLY rewards in ETH since 2017. 100% FRAUD FREE Binary Trading Platform. $SXDT. Ask me about the ONLY smart options trading platform with 400% payouts, and their unique EPIC5000 trading system.
-ck
Legendary
*
Offline Offline

Activity: 4284
Merit: 1645


Ruu \o/


View Profile WWW
July 19, 2017, 09:26:48 PM
Last edit: July 19, 2017, 09:39:44 PM by -ck
 #4

Bullshit. This vulnerability was fixed years ago by all real pools and only applied to one form of pool software.

Developer/maintainer for cgminer, ckpool/ckproxy, and the -ck kernel
2% Fee Solo mining at solo.ckpool.org
-ck
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!