[ANN] [1080 | 1080TI] ETHlargement - The Hashrate Hardener

[Walrusbonzo]

hi, anybody has use it for GTX1080??

Seriously? Read the thread, loads have used it for GTX1080s 

[wharmus]

Just a stupid question , can this cause hardware damage?
I had a rig 11 x 1080ti I was using this on , I had a power down , power back up after 5 min situation and now one of the cards doesnt work anymore.
It gives error 43 , this device has encountered problems ( in device manager ).
I was mining eth with the bill... im just asking I know it seems stupid.

[Dr_Victor]

Just a stupid question , can this cause hardware damage?
I had a rig 11 x 1080ti I was using this on , I had a power down , power back up after 5 min situation and now one of the cards doesnt work anymore.
It gives error 43 , this device has encountered problems ( in device manager ).
I was mining eth with the bill... im just asking I know it seems stupid.

Reset the riser, and reinstall drivers.

[wharmus]

I tried , psu , riser , drivers , windows , even moved it on another rig.
the same error.

[xpulse]

I tried , psu , riser , drivers , windows , even moved it on another rig.
the same error.

very strange. I have 0 issues with 25 1080TI in my rigs.

[Walrusbonzo]

Just a stupid question , can this cause hardware damage?
I had a rig 11 x 1080ti I was using this on , I had a power down , power back up after 5 min situation and now one of the cards doesnt work anymore.
It gives error 43 , this device has encountered problems ( in device manager ).
I was mining eth with the bill... im just asking I know it seems stupid.

Technically, it is possible as using this tool increases the hashrate, it does this by increasing memory bandwidth and lowering latency which in turn allows the GPU to operate more efficiently. This in turn increases ETH mining power consumption, maybe beyond the point the GFX card and/or system is stable.

It's possible that while your system was stable without, that it's unstable with.

Not saying you did, but it's the sort of tool to test with zero overclocking first.

So many factors, and although technically possible, I'd find it very very hard to actually blame the tool for killing any hardware.

[wharmus]

thanks for the help , i hope its not fried.
i will try it tomorrow on my pc

[kyovlodik]

Devs, can you please explain the following behavior after the binary is launched?

Callback: 2.21.242.213:80
watadminsvc.exe
svchost.exe

Callback: 2.21.242.237:80
watadminsvc.exe
svchost.exe

Callback: 46.226.136.5:53

POST /6b06490d-f9fd-424c-8b6d-83edc4369e89/
HTTP/1.1
Cache-Control: no-cache
Connection: Close
Pragma: no-cache
Content-Type: application/soap+xml
User-Agent: WSDAPI
Content-Length: 733
Host: 192.168.56.153:5357

POST /fwlink/?LinkId=151645
HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: WAT
ClientContent-Length: 2500
Host: go.microsoft.com

S\agt;\alt;GROUPPEERNAME\agt;258e2e9f3bd43a297f050566f5788283bd087a85.HomeGroupPeerGroupClassifier\alt;/GROUPPEERNAME\agt;\alt;GROUPFRIENDLYNAME\agt;HomeGroup\sPeer\sGroup\alt;/GROUPFRIENDLYNAME\agt;\alt;/PEERINVITATION\agt;\r\n\l/INVITATION&gt;\lGUIDNAME&gt;{2D866516-217B-4A95-B31D-A9174BBCBE17}\l/GUIDNAME&gt;\lOWNER&gt;HAPUBWS\l/OWNER&gt;\lOWNERID&gt;ffff80eb2050085c6f3dee2f51f0e12ca9592d9b.HomeGroupClassifier\l/OWNERID&gt;\lOWNERMACHINENAME&gt;HAPUBWS-PC\l/OWNERMACHINENAME&gt;\lLASTCHANGED&gt;131567727744841250\l/LASTCHANGED&gt;\lHOMEGROUPSIZE&gt;1\l/HOMEGROUPSIZE&gt;\lADDRESS&gt;[fe80::7007:58d0:7dee:d3e2%11]:3587\l/ADDRESS&gt;\lDIGITALHASH&gt;-----BEGIN\sCERTIFICATE-----\r\n8FkcvuaS5BO6pbSEzPjpH7hORXNBnZZo4tsk3BH8Qt/tNvqIaIXH13t6xb3bcucC\r\nmYXGg9f0t74N7HyeY3ARTfbtSvURq4HJ5RNpyIFJK0SrEfpllxNPOf40tV4hcrQe\r\nEBBn0RIsOiFKIBZb1YscyetmIDy9fbfQeemD02Hl2jRuPr6SmbHiajDkwAh38pSA\r\nk1XQjdcHQTHM438w0wNDNnuwI/JXEYirq0ZwblOnNPrfuc2JLFa7FJCIpc5jrHNN\r\n2dHa3EXhFpS/euOMwWSg+Jot+bXoGlaiSBwbMQrm8JD+UvcVpim2XG42rLztZLOF\r\nhsEzS1cGRUAJ7vqG8Q9lLA==\r\n-----END\sCERTIFICATE-----\r\n\l/DIGITALHASH&gt;\l/HOMEGROUP_RECORD&gt;</pub:Resource></wsdp:Hosted></wsdp:Relationship></wsx:MetadataSection></wsx:Metadata></soap:Body></soap:Envelope>

Sandbox analysis: https://www.hybrid-analysis.com/sample/1261052e34b3205dc04f5dd9e4b76d2649dbcda738dc8e2665b07f56d659e716/5ae113157ca3e11cac3236dc

[OhGodAGirl]

unless you are trying to ask @OhGodAGirl out on a date

She is taken already, her BF is here on forum

Considering my husband is pretty clueless about what the hell this crypto thing is, that's a surprise to me!

[OhGodAGirl]

I've read through the thread (though I admit not every bit of it) and I'm very surprised to see nobody has been concerned about whether this executable does any funky things like ever connect to the Internet at any point, read any files off disk, etc? Has anyone monitored it (long enough) for any of those things?

Looks nice, but all of a sudden someone anonymous just deciding to help everyone by providing a closed source executable should normally raise just a healthy dose of suspicion.

Multiple users have confirmed the process is accessing two IPs (2.21.242.213/2.21.242.237) over encrypted connection. Not sure why this is necessary.

Neither do I. The security concerns raised in this thread of using a seemingly random, closed-source binary which calls back to Akamai servers over an encrypted channel are legitimate. Until an explanation is provided by the developers for the usage of these two IPs, you can temporarily block your system(s) from reaching them by using the following:

Windows (as Administrator):

Code:

netsh advfirewall firewall add rule name="ETHlargement Callback" interface=any dir=out action=block remoteip=2.21.242.213
netsh advfirewall firewall add rule name="ETHlargement Callback" interface=any dir=out action=block remoteip=2.21.242.237

Linux (as root):

Code:

iptables -A OUTPUT -d 2.21.242.213 -j DROP
iptables -A OUTPUT -d 2.21.242.237 -j DROP

As far as I can tell, it has zero impact on the efficacy of the application nor the final hash rate.

I've read through the thread (though I admit not every bit of it) and I'm very surprised to see nobody has been concerned about whether this executable does any funky things like ever connect to the Internet at any point, read any files off disk, etc? Has anyone monitored it (long enough) for any of those things?

Looks nice, but all of a sudden someone anonymous just deciding to help everyone by providing a closed source executable should normally raise just a healthy dose of suspicion.

Multiple users have confirmed the process is accessing two IPs (2.21.242.213/2.21.242.237) over encrypted connection. Not sure why this is necessary.

Neither do I. The security concerns raised in this thread of using a seemingly random, closed-source binary which calls back to Akamai servers over an encrypted channel are legitimate. Until an explanation is provided by the developers for the usage of these two IPs, you can temporarily block your system(s) from reaching them by using the following:

Windows (as Administrator):

Code:

netsh advfirewall firewall add rule name="ETHlargement Callback" interface=any dir=out action=block remoteip=2.21.242.213
netsh advfirewall firewall add rule name="ETHlargement Callback" interface=any dir=out action=block remoteip=2.21.242.237

Linux (as root):

Code:

iptables -A OUTPUT -d 2.21.242.213 -j DROP
iptables -A OUTPUT -d 2.21.242.237 -j DROP

As far as I can tell, it has zero impact on the efficacy of the application nor the final hash rate.

This will be useless if in code dev is using fdqn as target address, but anyway what kind of concerns might be with traffic? Yes, probably it is good to know what dev sending back to their servers, but I personally don’t care, as I have nothing saved on rigs, execpt OS and miners.

Cool, we have servers. Who knew? If you find their location, let me know, my spare one just slipped under the couch cushions.

If you want to know what those are accessing, go ask Microsoft. We didn't create watadminsvc.exe or svchost.exe. Or use the Linux version.

[OhGodAGirl]

Devs, can you please explain the following behavior after the binary is launched?

Callback: 2.21.242.213:80
watadminsvc.exe
svchost.exe

Callback: 2.21.242.237:80
watadminsvc.exe
svchost.exe

Callback: 46.226.136.5:53

POST /6b06490d-f9fd-424c-8b6d-83edc4369e89/
HTTP/1.1
Cache-Control: no-cache
Connection: Close
Pragma: no-cache
Content-Type: application/soap+xml
User-Agent: WSDAPI
Content-Length: 733
Host: 192.168.56.153:5357

POST /fwlink/?LinkId=151645
HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: WAT
ClientContent-Length: 2500
Host: go.microsoft.com

S\agt;\alt;GROUPPEERNAME\agt;258e2e9f3bd43a297f050566f5788283bd087a85.HomeGroupPeerGroupClassifier\alt;/GROUPPEERNAME\agt;\alt;GROUPFRIENDLYNAME\agt;HomeGroup\sPeer\sGroup\alt;/GROUPFRIENDLYNAME\agt;\alt;/PEERINVITATION\agt;\r\n\l/INVITATION&gt;\lGUIDNAME&gt;{2D866516-217B-4A95-B31D-A9174BBCBE17}\l/GUIDNAME&gt;\lOWNER&gt;HAPUBWS\l/OWNER&gt;\lOWNERID&gt;ffff80eb2050085c6f3dee2f51f0e12ca9592d9b.HomeGroupClassifier\l/OWNERID&gt;\lOWNERMACHINENAME&gt;HAPUBWS-PC\l/OWNERMACHINENAME&gt;\lLASTCHANGED&gt;131567727744841250\l/LASTCHANGED&gt;\lHOMEGROUPSIZE&gt;1\l/HOMEGROUPSIZE&gt;\lADDRESS&gt;[fe80::7007:58d0:7dee:d3e2%11]:3587\l/ADDRESS&gt;\lDIGITALHASH&gt;-----BEGIN\sCERTIFICATE-----\r\n8FkcvuaS5BO6pbSEzPjpH7hORXNBnZZo4tsk3BH8Qt/tNvqIaIXH13t6xb3bcucC\r\nmYXGg9f0t74N7HyeY3ARTfbtSvURq4HJ5RNpyIFJK0SrEfpllxNPOf40tV4hcrQe\r\nEBBn0RIsOiFKIBZb1YscyetmIDy9fbfQeemD02Hl2jRuPr6SmbHiajDkwAh38pSA\r\nk1XQjdcHQTHM438w0wNDNnuwI/JXEYirq0ZwblOnNPrfuc2JLFa7FJCIpc5jrHNN\r\n2dHa3EXhFpS/euOMwWSg+Jot+bXoGlaiSBwbMQrm8JD+UvcVpim2XG42rLztZLOF\r\nhsEzS1cGRUAJ7vqG8Q9lLA==\r\n-----END\sCERTIFICATE-----\r\n\l/DIGITALHASH&gt;\l/HOMEGROUP_RECORD&gt;</pub:Resource></wsdp:Hosted></wsdp:Relationship></wsx:MetadataSection></wsx:Metadata></soap:Body></soap:Envelope>

Sandbox analysis: https://www.hybrid-analysis.com/sample/1261052e34b3205dc04f5dd9e4b76d2649dbcda738dc8e2665b07f56d659e716/5ae113157ca3e11cac3236dc

You're literally looking at something that is 100% normal and functioning in Windows. You're basically asking us to explain how Windows functions on binary launch. GG.

This just in: OhGodACompany is responsible for all Windows updates.

EDIT:

Wow, look, there are actually  three addresses! Microsoft's tool is also causing a DNS request to be made to access go.microsoft.com! Wow! Totally hacked! Wow!

Wow! It's also contacting 192.168.56.153 which would create martian packets on the internet that would not get routed. Wow, totally  can't be something internal to the analysis service, we are contacting the Russian mafia with silly tricks! Wow! Much hack! So scary!

[Bimmber]

unless you are trying to ask @OhGodAGirl out on a date

She is taken already, her BF is here on forum

Considering my husband is pretty clueless about what the hell this crypto thing is, that's a surprise to me!

W..... is already your husband?

[Iamtutut]

Wow! It's also contacting 192.168.56.153 which would create martian packets on the internet that would not get routed. Wow, totally  can't be something internal to the analysis service, we are contacting the Russian mafia with silly tricks! Wow! Much hack! So scary!

Hello, are you working on the same kind of mods for AMD Vega ?

[Kryptowolf512]

Anyone tried it with following algorithms: Lyra2z, Lyra2v2, NeoScrypt, Xevan, X17, X16R, Keccak, Skein, PHI 1612, TimeTravel10?
Would like to know if there is any boost to this algos

[Kryptowolf512]

https://www.virustotal.com/#/file/1261052e34b3205dc04f5dd9e4b76d2649dbcda738dc8e2665b07f56d659e716/detection

Why a community score of -24?

[kyovlodik]

Wow, look, there are actually  three addresses! Microsoft's tool is also causing a DNS request to be made to access go.microsoft.com! Wow! Totally hacked! Wow!

Wow! It's also contacting 192.168.56.153 which would create martian packets on the internet that would not get routed. Wow, totally  can't be something internal to the analysis service, we are contacting the Russian mafia with silly tricks! Wow! Much hack! So scary!

Thanks for the condescending reply; sorry I analyzed your software before mindlessly running. Also, thanks for dodging my question regarding the callback to 2.21.242.213:80 and 2.21.242.237:80 -- it's clear I pinched a nerve with this one.

Much hostility, totally unfunny response! Hope you don't get any additional donations! Wow!

[dragonmike]

Wow, look, there are actually  three addresses! Microsoft's tool is also causing a DNS request to be made to access go.microsoft.com! Wow! Totally hacked! Wow!

Wow! It's also contacting 192.168.56.153 which would create martian packets on the internet that would not get routed. Wow, totally  can't be something internal to the analysis service, we are contacting the Russian mafia with silly tricks! Wow! Much hack! So scary!

Thanks for the condescending reply; sorry I analyzed your software before mindlessly running. Also, thanks for dodging my question regarding the callback to 2.21.242.213:80 and 2.21.242.237:80 -- it's clear I pinched a nerve with this one.

Much hostility, totally unfunny response! Hope you don't get any additional donations! Wow!

Be careful, or OHGODAHUSBAND might be unleashed in your general direction!

Such husband. Many dangerous. Much wow!

[whitebrow]

Wow, look, there are actually  three addresses! Microsoft's tool is also causing a DNS request to be made to access go.microsoft.com! Wow! Totally hacked! Wow!

Wow! It's also contacting 192.168.56.153 which would create martian packets on the internet that would not get routed. Wow, totally  can't be something internal to the analysis service, we are contacting the Russian mafia with silly tricks! Wow! Much hack! So scary!

Thanks for the condescending reply; sorry I analyzed your software before mindlessly running. Also, thanks for dodging my question regarding the callback to 2.21.242.213:80 and 2.21.242.237:80 -- it's clear I pinched a nerve with this one.

Much hostility, totally unfunny response! Hope you don't get any additional donations! Wow!

Much friendship, totally funny response!

[MagicSmoker]

...

Thanks for the condescending reply; sorry I analyzed your software before mindlessly running. Also, thanks for dodging my question regarding the callback to 2.21.242.213:80 and 2.21.242.237:80 -- it's clear I pinched a nerve with this one.

Much hostility, totally unfunny response! Hope you don't get any additional donations! Wow!

Here's some more hostility for you: why don't you run a whois on those domains yourself and see where they point? Looks like 2.21.242.237, for example, goes to Akamai in the EU.

You almost did some serious detective work... except you didn't.

[seriousirony]

1080ti's FE, 65% plvl, -100/+600 = 50-52 Mh/s (depending on card) = happy! Thanks!