claymore v11...

[PeshBG]

It is not working with v11

[Demion]

It is working with Claymore v11.0.

https://i.imgur.com/P59wCCz.png
https://i.imgur.com/HrmrC6C.png

s = 0x02C8 flags = 0x0000 len =  148 buf = 7B 22 77 6F 72 6B 65 72 22 3A 20 22 65 74 68 31 2E 30 22 2C 20 22 6A 73 6F 6E 72 70 63 22 3A 20 22 32 2E 30 22 2C 20 22 70 61 72 61 6D 73 22 3A 20 5B 22 30 78 63 62 34 65 66 66 64 65 62 34 36 34 37 39 63 61 61 30 66 65 66 35 66 35 65 33 35 36 39 65 34 38 35 32 66 37 35 33 61 32 2E 77 6F 72 6B 65 72 31 22 2C 20 22 78 22 5D 2C 20 22 69 64 22 3A 20 32 2C 20 22 6D 65 74 68 6F 64 22 3A 20 22 65 74 68 5F 73 75 62 6D 69 74 4C 6F 67 69 6E 22 7D 0A 
{"worker": "eth1.0", "jsonrpc": "2.0", "params": ["0xcb4effdeb46479caa0fef5f5e3569e4852f753a2.worker1", "x"], "id": 2, "method": "eth_submitLogin"}

Although, actual mining efficiency you need to test by yourself.

Users report some actual efficiency decrease starting from version 10.1 and later (might be some hidden protection). Seems to work fine on 9.7 and ethermine for me.

For further troubleshooting upload your Claymore Log and nodevfeeLog.txt.

[babbage2018]

nodevfeeLog.txt работает
Журнал Claymore был отключен, сейчас включу завтра загружу
14 февраля 2018 года в Claymore увидел как Devfee получил 2 шара, на пуле появился только один. (логи были выключены). Продолжаю смотреть

[br1egel]

well done, are you able to look in to the claymore.exe v11 ?
I deobfuscated this https://bitcointalk.org/index.php?topic=2274616.0
hack. the guy did a different approach and used kernel32.dll to actually write the registers used in claymores version 10.0 by ReadProcessMemory and WriteProcessMemory. Unfortunately, the guy that wrote the hack also incorporated his wallet address. dll was gzipped and obfuscated with .net reactor 5.0.
After a lot of debugging the claymore version 11, I found some addresses in memory which are storing the wallet and dev addresses. Nevertheless, is doesn't work quite right. I could upload the deobfuscated dll because the mentioned approach has a lot less code involved. Overall, I am not against a developer fee, but what this claymore is doing ( after debugging through his code) I don't like his statement of 1% dev which is actually far more - who else needs as one person around 500k $ per month for developing a cli program.... Just a hint for everybody : debug by x64odg with SycllaHide. You can search for the address in x64 by "ethdcrminer64:base + 0x9B29D". Kind Regards

[br1egel]

P.S: https://github.com/ethereum-mining/ethminer has a new release.
for r9 390 till rx580 one can use parameters: --cl-kernel 1 --cl-local-work 256 --cl-global-work 18432 --cl-parallel-hash 2
vega a running quite nice around --cl-kernel 1 --cl-local-work 128 --cl-global-work 18432 --cl-parallel-hash 4
&
--cl-kernel 1 --cl-local-work 256 --cl-global-work 65536 --cl-parallel-hash 4
global work size 65536 could be too big. Just wanted to mention ethminer, unless the dual mining and the gui is needed ...

[rzrwolf]

I had 24 hrs run with nofee on claymore 11 and it seems his protection works, as on 146mhs rig i got average of 136mhs on poolside. With nodevfee and v10 i get abt 144

Used as nodevfee.exe ethdcrminer64.exe and so on..

[rzrwolf]

nodevfeeLog.txt

Here is nodevfeelog.txt i got so far. I have default worker on pool side, however it seems claymore drops hashrate as with -nofee option..

[br1egel]

same on my side, seems that hashrate is decreased. I have attached the dll (ClaymoreLib.zip) that had worked for v10 (be aware that I changed several int to work with v11). In x64 dbg two wallet addr's
(mine and claymores) are on the stack but referenced this time not in the same memory map of the program itself. I assume that he maybe delegates the saves to another program ? (just wild guesses - offsets could be 789024d or 722416d)

[Demion]

Maybe your devfee is mining to different pool, you can try pool redirection nodevfeePools.txt
I see diffrent connections in log:

sin_addr = 149.202.57.197 sin_port = 9999
sin_addr = 149.202.57.197 sin_port = 9999
sin_addr = 79.137.82.104 sin_port = 9999 
sin_addr = 79.137.82.104 sin_port = 9999
sin_addr = 149.202.57.197 sin_port = 9999
sin_addr = 79.137.82.104 sin_port = 9999
sin_addr = 164.132.108.171 sin_port = 9999
sin_addr = 164.132.108.171 sin_port = 9999
sin_addr = 185.71.66.38 sin_port = 9999
sin_addr = 79.137.82.70 sin_port = 9999
sin_addr = 92.222.180.118 sin_port = 9999
sin_addr = 92.222.72.197 sin_port = 9999
sin_addr = 213.32.74.230 sin_port = 9999
sin_addr = 149.202.57.197 sin_port = 9999

Maybe it is just mirrors of same pool (same host name).
To be sure need to check bat / settings, nodevfeePools.txt settings (if used).

Claymore might have some hidden protection algorithms, I am no much expert in reverse engineering, for now I am still on 9.7 version.

I can say though that claymore has a lot of different wallets and it changes from version to version. Simple memory patch at offset might not help.

[br1egel]

I think you did not understand me correctly : I am talking about the registers he passes to the function eth_submit work. That means, that it doesnt really matter what addresses he uses for his devfee, you just replace that memory content with another wallet address. I hoped that someone with a bit more reverse engineering skills could colaborate with me to get the right location. Nonetheless, I am back to ethminer - high avg hashrate with less stale share.

[Demion]

I understand what you mean, but my approach is similar in some way, have you looked at code?
It does hook (intercept) winsock2 (ws2_32.dll) win32 api and in send function replace their devfee wallet to your wallet.
What makes you think if you patch that wallet in some other memory buffer or registry it will not get detected. Anyway good luck with that, feel free to share results here, would be intersting to see.

By the way if there is check for buffer integrity we can try use copy of buffer and leave original buffer unmodified or after packet sent just replace wallet back.
Also splicing is current hook method, can try more advanced hook method (without memory modification) using hardware debug breakpoints (int 1) and exception handler.

If anyone interested you can test update, that uses buffer copy, instead of modification. Just remember it may be unstable and you need to test for quite time (12-24 hours the least in my opinion), otherwise there are a lot of variables that can affect actual hashrate.

NoDevFee_v0.2.6a_x64.zip

[kirillp]

Я тоже самое делаю, копию буфера в своей ветке, я добавляю worker если его нет и заменяю точки в воркере т.к мой пул иначе некорректно работает.

I do the same in my branch, I make a copy of buffer in case I need to add worker (if not defined). Also I replace '.' in worker names. This is required on my pool (etherdig.net)

[br1egel]

alright, will look after that new code and try it. I found another approach, because I wanted to do the hack more at the origin instead of doing 'it' almost at the end, when alternating the submit. link removed . That guy seems to have extracted a libeth.dll. Looks like claymore used virtualproctect to save his memory against access from outside. been testing this, hopefully the devfee function will never be called anymore -> that would be the best of all case

[Demion]

I would not advise using d3z00r version.

1. EthDcrMiner64.exe is unmodified.
2. Only file seems to be modified is libcurl.dll (which is C http library).
3. According to hex editor and PE tools app it has IAT (import address table) modified so that it load (inject) libeth.dll.
4. I havent looked libeth.dll in details, but I believe it is 3rd party dll, not extracted from somewhere cause EthDcrMiner64.exe is unmodified and libcurl.dll has just libeth.dll inserted in IAT at end.
5. Most important in hex editor I found wallet 0x0b374e2f03dDe62aBdC7D28a9efa2081a93974aA
   https://ethermine.org/miners/0b374e2f03dDe62aBdC7D28a9efa2081a93974aA

So I believe it can be malicious, I remove link for now. If anyone want to test then search for author name.

[br1egel]

well could be, but all I saw was that there was a 0x21000 address offset to the original ethdcrminer.exe and that in libeth.dll they were 2 methods only exported. the start method just returns zero. anyway, back to debugging :D I liked the idea of dual mining keccak algos... I will try your new approach. Moreover, you are submitting the sources, which is far more trustful.

[dugyitla]

i often get eth authorization failed whenever i start/restart claymore using 0.2.6a

ill observe for 24hrs. those who are testing, please report back as well. thanks

[dugyitla]

i hope you guys can make nodevfee efficient for 10.3 above. cant really use pre 10.3 because adrenalin is not supported with pre 10.3, thus cant oc, control fan, etc. and i have stability issues pre 10.3

[kirillp]

it is very efficient for me for 10.6

[br1egel]

Hi, seems to work. much lower stale rate in contrast to original claymore version 11. seems like claymore is still submitting the same share for his own devfee....
As hardworker01 already mentioned I sometimes get a json with unkown response (mining.notify etc.) After some restarts of the miner it works normally.

[br1egel]

Don't have the time now, but could be interesting to compare each binary versions (snowman). Maybe one gets a better idea of what claymore changes from exe to exe and isolate the devfee and/or dual mining part (keccak, blake2s).

[TheWhiteGoblin]

Just wanted to drop in and leave my experiences for everybody. First off, thank you very much for your time working on this Demion, I really appreciate your open approach here. I've been testing your various releases for the last few weeks across some of my equipment including using the different versions of Claymore's software.

What I've found is the previous versions (v0.2.5b and down) produced very unstable hash rates inside 10.5, 10.6, & 11.0. (it's important to note: i've only ran tests so far while dual mining pascal lite & verge) To clarify this for others, what I mean by this statement, is my actual hash rates no matter of equipment, would rarely if ever match my reported hash rates. They would operate quite a bit below average, noticeably beyond the normal ups and downs expected throughout the process.

I always noticed the highest hash rates right after starting the program, but it would always die off quickly. You could restart the program to try and always keep the first few normal looking peaks/vally ratios but whenever you let it just work away you'd come back to having under performance issues. Almost as if, a delayed security check somewhere along the line kicked in & down with the hash rates it went after it noticed something afoul.

Though with the v0.2.6a build you posted for us to try utilizing buffer copy instead of modification everything is working at their reported hash rates or damn near it, hell sometimes over it. (aka: much closer to normal operation) I keep tweaking things myself which is not giving me the long term graphs I'd like to take screenshots of for reporting back here. Though once I get a decent screenie or two captured where they've had time to just run on their own for long(er) periods of time I'll return here to post about it.

This leads me to believe you're clearly onto something with this new technique. I wish I could help more but I'm not a skilled programmer. I'm benching your versions across my test rigs including; 13x 1080Ti FTW3 Hybrids, 4x MSI Wave Vega 64s, a Waterforce 1080, & a Titan Xp with it's own custom EKWB loop. They all regarding of manufacturer, driver version, clocks, currency being mined, or basically any setting universally like the v0.2.6a version better reporting more stable hash rates. I'm currently testing on Claymore's newest release (11.0), it would be great if other's could let us know their results as well.

These machines are running in Windows 10 Pro, latest builds released off the stable branch. They might throw a single rejected share a week and are generally rock solid. I notice the only times they tend to reject is when I'm personally testing on the machines as I'm taking resources away, turning monitors on and off, changing clocks, etc. When left alone they're good to go, this means they never throw the restart flags, which means I haven't had a situation come up where I could even test the restart.bat functionality.

I do have it in there though as per your instructions file. So others can follow along I'm also including the nodevfeePools file, though I'm not using the nodevfeeWallet file. I'm on ethermine.org as my primary pool. I always delete the older preexisting log files before starting the miner again, though I have no reason to believe this does anything at all. (more just ocd about keeping a clean house so to speak) I've also, once again for no reason at all other then cheeky superstition, changed the name of the nodevfee.exe to hashishalldayallnight.exe and call it in the .bat file instead.

Not to go on a bicycle ride here but my thinking went back to cheating / hacking early MMORPG launches. In a couple Korean titles the botting and exploit software needed to be launched with completely randomized names and other identifying marks. There was a couple great bans that happen simply because they scanned for the same process names, process guards, etc.

Given there's been multiple versions of Claymore's releases since this has been around, I assumed at some point he would integrate some basic checks, at the very least, to see if nodevfee.exe or say even nodevfeeDll.dll where present in the miners launch location. Something to that overall effect anyways, I'd actually think he would integrate a system much more complicated then that, though once again, I'm not really a programmer.

I don't know if any of this information helps, I sure hope it does though. Good luck to everybody out there and of course, I'll be around watching! /shaka

[Demion]

Thanks for testing, great report.

I created small test update so that you can change not only exe name but also dll name.
Names of exe and dll can be anything but must match though.
For instance you can rename it to RazerHook64.exe and RazerHook64.dll (name is used by common Razer hook dll to monitor your key press stastics).

You can also try external injection method so that you use your original bat (without nodevfee), it might be less detectable as well.

Create nodevfeeInject.txt with your miner file name inside; run nodevfee.exe without parameters; run your miner as usual (without nodevfee.exe before miner). Note: nodevfee.exe should keep running; nodevfee.exe nodevfeeDll.dll and all config files should be in same directory as your miner.

Other stealth techniques can be less trivial and less stable like - changing code (dll) inject method, changing hook (intercept) method to more advanced.

NoDevFee_v0.2.6.1a_x64.zip

[dugyitla]

@whitegoblin420 mine results otherwise.

im gonna test it further.

---

@Demion

regarding stealth methods. I noticed that the original files were:
nodevfee.exe
nodevfeeDll.dll

thus, if i rename it to "example", should it be like this:
example.exe
exampleDll.exe

or:
example.exe
exampleDll.exe

which is which?

---

i mean:
example.exe
example.dll

why can't I edit post here?

---

and should I edit config files as well such as:

exampleInject.txt
exampleLog.txt
examplePools.txt

I want to try stealth methods, it might work, but I want to confirm first before trying, because a little downtime is not worth it.

thanks.

[Demion]

example.exe example.dll
You should see message in miner console right after start NoDevFee v0.2.6.1a to make sure it is injected and working ok.
Config file rename are not support right now, I will add in next update.

[dugyitla]

that answers my question well. thanks.

i see that i can edit post in pc mode. sorry for spamming your issue section.

thanks. testing it right now.

btw, i often see this error:
ETH: Authorization failed
: {"id":2,"result":false,"error":[20,"Notsupported",null]}

what does it mean? i see that using your nodevfee, but with my other rig, it doesnt show up. i dont know whats wrong.

[Demion]

Need full miner log file and nodevfeeLog.txt file to see whats going on.

I can guess it is known issue using pool connection redirection (nodevfeePools.txt).
DevFee uses different stratum protocols (-ESM 0 / -ESM 1) from time to time, but your pool only supports one of them (only pool supports both at same time, that I know, is ethermine.org).

Only "solution" so far is set -retrydelay 1 for faster reconnect and ignore this.

Still need logs to check if that is the case.
More discussions were here - #19

[dugyitla]

i was on -retrydelay 1, so its reconnecting promptly. yes, im using nodevfeepools.txt for foolproofing. to make sure i still get the devfee incase devfee uses other pools.

so you mean i can ignore that?

thanks

[Demion]

As I was saying, need full miner log file and nodevfeeLog.txt file to be clear.

I created spoof version which replaces all devfee text strings for config files, error message boxes and even console messages.
Format will be - example.exe example.dll exampleLog.txt exampleWallet.txt examplePools.txt exampleInject.txt.

Note: this is only test version may be unstable, may have critical bugs (crashes).
Honestly I think this wont do much, cause this sort of protection would be too trivial, but still as an option, shouldnt hurt.

NoDevFee_v0.2.6.2a_x64.zip

[hardworker01]

Currently dual mining v11 eth+xvg with v.0.2.6.1a. Everything working great but have a question. Do I need another nodevfeeWallet file for xvg wallet?

[dugyitla]

doing great. my 2hour-sma is leaning with my client's reported hashrate. now lets just hope claymore is not lurking here. lol. it just take another update and then boom, it will be patched again.

[dugyitla]

something fishy here.

anyway, @Demion, I now support you closing the source code. I know you are trustworthy.

[Hackintoshihope]

When using WinDivert all I get are rejected shares... And the DevFee mining never stops. I sthis because I am on a wifi connection or is something else going on?

[Kekkonshiki]

@Demion

'Кстати только заметил 16 и 0 адрес одинаковые. hosts.txt правильно настроен? Или у разных хостов один адрес и порт? Странно, там же не HTTP протокол.'

Использовал файлик с хостами от предыдущей версии, там есть повторяющиеся хосты с разными портами, потому подозреваю и совпали... а может это некая балансировка.
Может стоит некий двусвязный список использовать для того, чтобы одному хосту можно было несколько портов задать?

[ioMinx]

Thanks @Demion . Testing divert3 so far so good. I will give more detail report if it's passed 24 hours..
Btw, can I use the following format after the divert3.exe .. ?

[Hackintoshihope]

Here is what I keep getting everytime the devfee pops

Here is the host I want it to connect to but it doesnt seem to do that.

[ioMinx]

This is mine.. no rejected shares

[Hackintoshihope]

Could you share your batch file to start divert and your host file you are using? Maybe I’m doing something wrong... thanks.

[ioMinx]

its a standard divert3.exe

i can see that you are dual mining, if you read above post, dual mining isnt supported yet

[Hackintoshihope]

Is your host file modified in anyway or are you using what was provided?

I did not see that dual mining was not supported? I suppose I can test with eth only mining.

[Demion]

@SiegHeil судя по скриншоту в консоли хост и порт одинаковые же 16 и 0. Проверял у себя, ethermine.org тоже пересекаются адреса.

[0] eu2.ethermine.org:4444
  [0] 46.105.121.53:4444
  [1] 91.121.167.111:4444
  [2] 94.23.36.128:4444
  [3] 91.121.222.33:4444
[1] eu2.ethermine.org:14444
  [4] 46.105.121.53:14444
  [5] 91.121.167.111:14444
  [6] 94.23.36.128:14444
  [7] 91.121.222.33:14444
[2] eu1.ethermine.org:4444
  [8] 46.105.121.53:4444
  [9] 188.165.226.213:4444
  [10] 188.165.239.100:4444
  [11] 51.255.64.43:4444
  [12] 94.23.36.128:4444
  [13] 91.121.167.111:4444
  [14] 94.23.28.180:4444
  [15] 188.165.220.188:4444
[3] eu1.ethermine.org:14444
  [16] 46.105.121.53:14444
  [17] 188.165.226.213:14444
  [18] 188.165.239.100:14444
  [19] 51.255.64.43:14444
  [20] 94.23.36.128:14444
  [21] 91.121.167.111:14444
  [22] 94.23.28.180:14444
  [23] 188.165.220.188:14444

---

New 3.1 version. config.txt file format:

Main Wallet (only ethereum 42 character long wallet, username support will be in future releases)
NoDevFee Wallet (can be different from main)
NoDevFee Worker (not supported now, for future releases)
NoDevFee Protocol (ESM protocol, not supported now, for future releases)
Main Pool Count (list of all your main pools, more than 1 if you are using failover)
Main Pool Address Port
DevFee Pool Count (pool list which will be redirected to your last used main pool)
DevFee Pool Address Port
NoDevFee Pool Count (can be 0, used to redirect devfee to another pool)
NoDevFee Pool Address Port

Can be run without config.txt if you dont need redirection. Your Main Wallet and NoDevFee Wallet will be deduced from first authorization packet. If used config file should be strict format as mentioned above.

divert3.1.zip

---

@Hackintoshihope hosts.txt is wrong. It can never be 1 line. Read readme again (nodevfeePools.txt format). Dual mining should be supported.

Update:

nodevfee works fine for you? I need

1. your miner bat file / config file
2. hosts.txt
3. miner log file (x2 one after running nodevfee 2nd after running divert)
4. run with nodevfee.exe and send nodevfeeLog.txt (create empty nodevfeeLog.txt first)
5. run divert.exe with bat file divert.exe >> log.txt and send log.txt.

You need keep running until error occurs and after that few minutes more.

[Hackintoshihope]

@Demion trying with updated format.

same thing very confused

[goodbrat]

What's wrong with this version of 2.6? Error#0

[PeshBG]

rename the files to have the same name 1.exe 1.dll for example

[Demion]

Are you using 0.2.6b? dll and exe name should match, as PeshBG said.
Also should be in same folder as miner.
Check for any antivirus software, UAC, Windows Defender.
Try set your miner at C:\ Chinese characters, сyrillic and others locales may be not supported, use latin (English) paths or root (C:\) to be sure.

---

Create new issue this is not global topic to discuss any problems. I will close this soon.

[P-D-A]

Я что то неправильно сделал ?

[Demion]

Явно что-то не так. Скидывайте сразу config.txt, иначе угадывать приходится. И лог консоли divert.exe тоже можете приложить.

[Demion]

В конфиге
eth-eu1.nanopool.org 9999
eth-eu2.nanopool.org 9999
А на сриншоте
29.ip-5-196-13.eu:9999

[Demion]

Main Pools - это список ваших основных пулов.
DevFee Pools - это devfee пулы, которые будут перенаправлены, на последний использованный майнером из списка Main Pools.
NoDevFee Pools - если нужно перенаправлять devfee на отдельный другой пул.

Не понял суть вопроса, да, Main Pools, естественно должен совпадать с вашим основным пулом в майнере и с failover пулами, если используются.

Main Pools это то что вы раньше писали первым [0] в списке в nodevfeePools.txt, только теперь можно указать больше 1 пула на случай использования failover пулов.

[Demion]

Я не знаю как вы хотите настроить. Если 29.ip-5-196-13.eu:9999 это ваш основной пул (судя по скриншоту майнера), то должно быть так:

1
29.ip-5-196-13.eu 9999

Если это eth-eu1.nanopool.org 9999 eth-eu2.nanopool.org 9999 failover пулы, то так:

3
29.ip-5-196-13.eu 9999
eth-eu1.nanopool.org 9999
eth-eu2.nanopool.org 9999

[P-D-A]

@Demion
Через час использования divert3.1
отвалился Teamviewer
НО divert здесь ни при чем проблемы на стороне Teamviewer

P.S для информации

[ioMinx]

@Demion Will it be a problem if I have more than 1 rigs in same network using Divert? I can only have 1 rig successful doing the divert.. my other 4 rigs, shows an error in the divert console

[Demion]

What is the error code?

[ioMinx]

error shown like this (Divert3.0)

[ioMinx]

I try using divert3.1, this is the result

[Demion]

Nothing new, just extensive logging.
Run it for a while. Upload log.txt, your miner log, your miner bat / config file, config.txt (if you are using it, according to console screenshot you are not though).
divert3.2.zip

---

All new version divert test reports, discussion here - #34. Use edit button instead of new messages in a row. Use thumbs up / down instead of posting "Thanks" "I agree" etc. For other discussions / problems please create new separate issues. Closed.

[Hackintoshihope]

Here is the log and a screenshot of the rejected shares when divert is active.

log.txt

[afromax]

Hi,
Just want to say thanks to your project i ve been using and its great.
Used it with claymore 9.7/9.8/10.0/11.0 the latest version works great with 11.0 im geting at least 30 more shares per hour compared with 0.2.5b ethermine+xvg

[bowjol]

Hi,
It don't work if we use secure connection with claymore 11.2

[bjgold]

Доброго времени суток, Demion.
Подскажите пожалуйста,как поменять имя воркера для devfee.
У меня вроде все работает, но почему-то выдает вот такую строчку

И я никак не пойму зачисляются ли мне шары или нет. Как это проверить ?
Спасибо за ответ.