Attention ALL Stratum pool Admins!

[Anaximander]

Update: To those whom are looking for the fix, you can PM CHAOSiTEC https://bitcointalk.org/index.php?action=pm;sa=send;u=223182 and he'll/she'll set you up.

This week on the Darkcoin thread a fellow started posting screenshots of massive hashrates (400+MH/sec) using just a 4770k(Don't remember the exact model#) CPU.
Through PM he revealed to me (and others) he was exploiting a bug in the Stratum protocol faulty implementation of the stratum protocol
Here is a few quotes from the thread:

Ok, to summarise, without disclosing too much info for others to try on other pools:

that guy with the huge "mining speed" was using a weakness in the stratum code, i noticed a weakness in the way the pool got the shares
and set defences up to prevent that kind of cheating, in reality he did not have that kind of mining power, and his shares wasn't worth anything to the pools overall progress. if you look at all the blocks discovered, why did his miner not discover ANY blocks at all, we should have been getting loads of blocks with that kind of speed, so i investigated, together with evan we set up a fix, now, next time he tries, the system will automatically ban him for a week. he tried connection through a proxy but already he was unable to get that kind of speed that he had at first.
so that tells me it works as it should.. i also banned his ips from the server. and disabled automatic payout from his account.

hrt
Newbie
*
Online Online

Activity: 27



View Profile Personal Message (Online)
Trust: 0: -0 / +0(0)
  
Re: cpu hashrate
« Sent to: sippsnapp on: March 11, 2014, 06:44:56 PM »
« You have forwarded or responded to this message. »
   Reply with quoteQuote ReplyReply Remove this messageDelete
I run through mining proxy with a changed code. it denies automatic difficulty adjustment on pool stratum server, assign to each share variable hash raws [not unfeigned] thus stratum server is incapable to make up authenticity of this shares. i have always calculated at 0 diff and got all shares accepted, earnings respectively
Report To Admin
hrt
Newbie
*
Online Online

Activity: 27



View Profile Personal Message (Online)
Trust: 0: -0 / +0(0)
  
Re: cpu hashrate
« Sent to: sippsnapp on: March 11, 2014, 08:50:38 PM »
« You have forwarded or responded to this message. »
   Reply with quoteQuote ReplyReply Remove this messageDelete
added several extensions while compiled from 1.3 version in open source
i tried with different algos and at now proxy works on X11, groestl, qubit and sha256d.
saying clearly sha256d is not so useful as 500-1000GH guys play. on sha256d i have 80 iterations per second each pick up a low diff share at speed 48000KH. Running 30 CPU is equal to 115GH
if you are interested and there are other engaged people i can start a new topic with this on mind and share proxy for small donate although pulling out this in public would be risky as this is still cheating

As I'm fat and lazy to the point of having that annoying fat-finger problem where I keep accidentally typing 4+ keys at a time, I'm not going to spend more time on this post, heres the Darkcoin thread link(Just goto page 428): https://bitcointalk.org/index.php?topic=421615.0

This doesn't just effect Darkcoin pools, it likely effects any pool using Stratum (If configured improperly) Let me know if this sounds like a known bug/issue (Out of curiosity) Thanks!

[1715211537]

1715211537

[1715211537]

1715211537

[1715211537]

1715211537

[jgalt1]

Very good of you to post this.  I have been mining there and got cheated as a result of this.

The mining these days is tough enough without jerks like that.

Also, great work by whomever got the cheater to TALK!

He couldn't keep from bragging about his crimes just like most criminals!!

[NUFCrichard]

this might explain why someone was mining anime at 800MH a while back, people assumed it was a huge botnet.

[bitcoyim]

Here is problem: https://github.com/MPOS/php-mpos/issues/1938

[ahmed_bodi]

Do you know if this affects litecoin pools

[bitcoyim]

It effects all pools and all algorithms

[ahmed_bodi]

It effects all pools and all algorithms

how do you know for sure? pooler patched litecoin already befor

[bitcoyim]

It effects all pools and all algorithms

how do you know for sure? pooler patched litecoin already befor

Need to test this. Maybe some pool owners can be fixed this.

[ahmed_bodi]

my personal belief. it affects other algorithm's where we do not have an accurate diff1

[feeleep]

my personal belief. it affects other algorithm's where we do not have an accurate diff1

this is my understanding also that pool ops have wrong diff1...

[ahmed_bodi]

the big problem her is how to work it out. the only person i know who could do it is pooler.

[feeleep]

the big problem her is how to work it out. the only person i know who could do it is pooler.

i think this is a matter of changing diff1 in template_registry file

[ahmed_bodi]

problem is what should the value be  

[feeleep]

problem is what should the value be  

if we are talking about darkcoin - it should be the same as sha256

diff1 = 0x00000000ffff0000000000000000000000000000000000000000000000000000

[ahmed_bodi]

hmmm. thats what i would expect. tbqh darkcoin i couldnt give a crap about. its an unsupported scenario as i dont officially have it in the CryptoExpert repo. so any flaws are up to the OP. so atm i only care about:

Scrypt/ScryptJane (Uses Pooler's diff1)
Sha256 (Slush's Diff1)
Quark (PR from someone)
Skein (Uses SHA256 Diff1)

[ahmed_bodi]

Okay back.

Done a test on stratum-mining and eloipool using the exploit documented above.
Stratum-mining and eloipool in scrypt mode both reject these shares.
This makes it almost 99% sure that it is a diff1 error and stratum-mining IS NOT at fault. the pool operator's are at fault for not using the correct diff1's for the algorithm

[alani123]

But this doesn't really clarify how this exploit pays out. If he doesn't actually contribute to the pool but still gets credited for crazy amount of fake shares then where does the pool get the reward for those shares from?

[bitcoyim]

Okay back.

Done a test on stratum-mining and eloipool using the exploit documented above.
Stratum-mining and eloipool in scrypt mode both reject these shares.
This makes it almost 99% sure that it is a diff1 error and stratum-mining IS NOT at fault. the pool operator's are at fault for not using the correct diff1's for the algorithm

For example:

If Coin hashrate: 200 , compile mining proxy with difficult ~150, and you will see accepted shares.

[ahmed_bodi]

But this doesn't really clarify how this exploit pays out. If he doesn't actually contribute to the pool but still gets credited for crazy amount of fake shares then where does the pool get the reward for those shares from?

Heres how it works

Miner connects to pool, authorises and subscribes for work

Miner conencts sets their own diff and starts doing work. work is calculated by a DIFF1. (what the difficulty of a difficulty 1 share should be). Now if a miner hashes away at their hardcoded diff and ignores the diff the pool is sending. so the pool would increase their difficulty on the pools end to the max set (depends on the pool) and the pool wouldnt know that the miner is ignoring it. since the diff1 is wrong on the pool the pool would accept the difficulty the miner says it is and wouldnt check what the actual difficulty is.

This means stratum thinks the diff == (theoretic scenario of 2048) while the miner is submitting a diff of (theoretic scenario of 0.001) so the miner will get paid for hundreds of shares with a diff of 2048 when really it should be 0.001

[flower1024]

hu?
arent pools supposed to check that the supplied share does meet thier diff requirements?

[ahmed_bodi]

they are and the stratum and sha algorithm's do. these idiot's using stratum without checking the diff1 are at fault and its their responability. it 100% isnt a fault in my code at all. i take responsability for scrypt and sha any other algo is up the user as i dont know myself how to calc what a diff1 value should be

[bitcoyim]

they are and the stratum and sha algorithm's do. these idiot's using stratum without checking the diff1 are at fault and its their responability. it 100% isnt a fault in my code at all. i take responsability for scrypt and sha any other algo is up the user as i dont know myself how to calc what a diff1 value should be

this is absolutely right

[BorisTheSpider]

Hello everyone,

I'm trying to understand this stratum exploit better, and something is confusing me.

The lowest difficulty is defined by the biggest target. So if we look at the nBits of the genesis block, we then convert to hex (from the compact representation) to get the diff 1 targets.

In BTC, genesis.nBits    = 0x1d00ffff;

https://en.bitcoin.it/wiki/Difficulty suggests we convert to a hex representation like:

so the hex target is
0x00ffff * 2**(8*(0x1d - 3))
or
0000 0000 ffff 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000

Which matches https://github.com/Crypto-Expert/stratum-mining/blob/master/lib/template_registry.py where for sha256

diff1 = 0x00000000ffff0000000000000000000000000000000000000000000000000000

Now looking at a scrypt coin, eg LTC:

0x1e0ffff0 is the genesis block nbits

so the hex target is

0x0ffff0 * 2**(8*(0x1e - 3))
or
0000 0fff f000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000

Which doesn't match stratum-mining

 if settings.COINDAEMON_ALGO == 'scrypt' or 'scrypt-jane':
            diff1 = 0x0000ffff00000000000000000000000000000000000000000000000000000000

ie. the stratum-mining code has 4 leading zeros in the 64 byte hex representation of the target, wheras I get 5 leading zeros when doing the conversion from the compact to the full hex representation of the max difficulty.

I'm sure stratum-mining must be correct  - where am I going wrong?

[azhago]

On stablehash Groestl, someone take 99% of all rewards, sending thousands shares while other send 5 or 6.. Look at the invalide rate too..



I don't think this guy find any block too, but in anonymous, we can't verify..

There is some exploit out there..

[Coindgr]

On stablehash Groestl, someone take 99% of all rewards, sending thousands shares while other send 5 or 6.. Look at the invalide rate too..



I don't think this guy find any block too, but in anonymous, we can't verify..

There is some exploit out there..

Pool owners should ban this kind of hashrate. If it was real, he could be solomining.

[doge94]

On stablehash Groestl, someone take 99% of all rewards, sending thousands shares while other send 5 or 6.. Look at the invalide rate too..



I don't think this guy find any block too, but in anonymous, we can't verify..

There is some exploit out there..

Pool owners should ban this kind of hashrate. If it was real, he could be solomining.

This person has been banned. He only made ~30k MYR before I banned him.

[thekidcoin]

Could something like this combined with say a pool with 50% + of the network hashrate (at times up to 75%) cause a blockchain to stall, say for 1 1/2 hours at times with no found block?

At my last straw here LOL