Closed tjosm closed 6 years ago
I have saved and renamed https://coinhive.com/lib/coinhive.min.js
to my own web server. It also required me to edit the coinhive.min.js file. Mind your http://
vs https://
. WEBSOCKET_SHARDS
also has ws
for non-SSL and wss
for SSL which points to where the coin-hive-stratum proxy is hosted.
Some malware detectors may check for keywords like coinhive
or even block WebAssembly (wasm), which I'm not sure you can bypass easily.
You need to obfuscate the orignal file, Then you will be bypassing ad-blocker, For my example i use AdMiner.Anonymous(); Instead of CoinHive.Anonymous();
Thanks for your replies. I managed to save the coinhive.min.js with wget and it's working fine. if I get it right @CineXMike I need to rename coinhive.min.js to AdMiner.min.js and use AdMiner.Anonymous(); on the embed code? Is that all the changes I need to do?
You can avoid AdBlock, you can follow this guide and deploy the proxy to now.sh and serve the assets from github pages, or just serve these assets from your own server. The code has been obfuscated and encoded, and the CoinHive
global element can be accessed as CH
.
I ll soon add a guide on how to deploy the proxy to a digital ocean droplet ($5/m, and you can get $50 dollars in credit for free with a github student pack) and an install.sh script to make it a single command install. Yesterday I setup a proxy up and running in like 5min, and it only takes another 5 min to buy a namecheap domain and point it to it or add a subdomain in cloudflare point it to it.
EDIT:
Here it is: Deploy to Digital Ocean.
awesome (: no, coin-hive-stratum can't connect to coinhive.com, it was possible thru coin-hive-party but i didn't add that functionality to this package (to be honest it was a dirty hack).
Couldn't you just use regular coin hive JavaScript for coinhive? Why all this round about?
coin-hive-party allowed connecting to coimhive.com's pool for adblock purposes
What would be a good method of loading the script async and then running the miner after it loads? This way at least it can be obfuscated completely using a JS obfuscator, which will make it a bit more difficult for someone reading the page source to notice that it's a miner. I.e. the pool url is in the script src=
, the attributes for the function look pretty miner-y
the assets/scripts are already encoded + obfuscated: https://github.com/cazala/coin-hive-stratum/wiki/Deploy-to-now.sh-and-GitHub-Pages#assets
you can find them here: https://github.com/cazala/coin-hive-stratum/tree/gh-pages
I've tested those assets and they are working over http but gets blocked over https due to CORS policy. Would be nice to have it working over https.
I didn't test it on same server as my website.
you will have to run it native with a cert to avoid cors, or use http
I've tested those assets and they are working over http but gets blocked over https due to CORS policy. Would be nice to have it working over https. I didn't test it on same server as my website.
If you fork the repo you can access the assets via https, ie: https://tjosm.github.io/coin-hive-stratum/m.js
(you should change the name of the repo tho, so it doesn't say coin-hive in the url)
Hey @cazala, thanks for the info. I'm trying to find a solution to the following, and am not seeing it anywhere: let's say I just want to use coinhive's service (so no custom pool or anything) without adblock knocking it down. I figure I can download a copy of coinhive.min.js, rename all string instances of "coinhive" (including the filename), obfuscate, and serve this new file directly from my own server, and the browser still connects to coinhub's services when the script runs. Would that be enough? Or would not using a proxy lead it to being blocked?
the miner will still try to connect to one of coinhive's proxies (wss://wsXX.coinhive.com/proxy
) and will get blocked by AdBlock most likely.
@LDubya isn't that a question that coinhive.com can answer for you? They have another domain that requires explicit opt-in that they are trying to have anti-virus/malware vendors to whitelist.
@cazala @sunk818, Gotcha. The problem with the opt-in version is that this is for a cloud-based subscription service that organizations will sign up for and give their employees access to. If an employee has been given access to our software, the organization has already opted in, as those are the terms. But of course, understandably, employees use adblock on their office machines for security reasons. Sadly ad-blockers have decided on a blanket ban of browser-based mining, whether or not they are being used maliciously. And the explicit opt-in version would not work in this scenario either, as even having access to the service means that your organization has already opted in, and giving employees the option to opt out would undermine the agreement and disrupt the user experience.
I think this is a different use case than what the ad-blockers are addressing with their blanket ban of automatic mining.
I think this is a good place to ask this because this repo focuses on a proxy solution, which we also think would be the only good solution. Coinhive's backend is simple enough to use for our needs, so we'd like to use their service.
Is there a way to set up a proxy using this repo, yet sill utilize coinhive's service instead of connecting to a custom pool, etc?
@cazala will have definitive answer, but coin-hive-stratum is way to connect to stratum pools not coinhive pool. If you want to connect to coinhive pool, just use the javascript as it is. You should try, but I don't think adblockers block the websocket connections the pool, just the javascript. So, if you change the javascript (e.g. CoinHive text to CH), you should be different enough to bypass the adblockers yet connect to coinhive pools.
The whole point of this proxy is to bypass the 30% fee they charge. From a financial point, don't see why you'd want to give them 30% when there are better alternatives this coin-hive-stratum provides.
CoinHive miners connect to their proxies using websockets. The websocket upgrade request gets blocked by AdBlock.
coin-hive-stratum doesn't support your usecase as it is now, but it shouldn't be hard to add support for it (I've already done that for coin-hive-party).
stay tuned, I might add it when i find some time. if anyone else reading this wants the feature also let me know, if there's interest in it i will definitely add it.
the assets/scripts are already encoded + obfuscated: https://github.com/cazala/coin-hive-stratum/wiki/Deploy-to-now.sh-and-GitHub-Pages#assets
@cazala I found that Kaspersky detected the standard m.js file so I unobfuscated it as much as I could and hardcoded my proxy. After removing some console.log calls and obfuscating it a bit more I was able to bypass it undetected. I was wondering if you would provide your unobfuscated version of m.js so I could make some more changes?
Thanks!
@adamdupuis are you talking about:
console.log("libUrl", libUrl);
console.log("proxyUrl", proxyUrl);
or what parts did you remove?
btw, the guide that I promised here is out there: Deploy to Digital Ocean
@cazala Yes those were the only two lines I removed aside from hardcoding the proxy so it wouldn't be required to include in plain text.
Are you considering releasing the javascript source unobfuscated? Maybe in a new branch? I could waste more time sorting through it myself, but you know how programmers are ;P
The unobfuscated code is just the original miner, with a piece of code at the beginning that extracts the proxy's url from the query string and puts it on the websocket shards array (which, in your case, would be removed), nothing else.
How did you handle that last line CoinHive.CRYPTONIGHT_WORKER_BLOB = CoinHive.Res("...");
with it including all of the proxies full URLs a second time for whatever reason? Did you just reference your proxy parameter in both WEBSOCKET_SHARDS instances? I'm a little unsure as to why CoinHive wouldn't have reused the proxies in the array...
Also did you just do away with CAPTCHA_URL
, MINER_URL
and AUTH_URL
?
@cazala Out of curiosity, can you tell us which tools you used for the obfuscation?
That's because their build script just pasted the that CoinHive.CONFIG object definition at the beginning of all their assets. The websocket shards are not even used in from the WebWorker (I don't even know if you can open a websocket from a WebWorker?) I just stripped the whole thing off.
Copy + Paste here https://javascriptobfuscator.com/Javascript-Obfuscator.aspx, so professional :P
So I can just get rid of WEBSOCKET_SHARDS
, CAPTCHA_URL
, MINER_URL
and AUTH_URL
and on the last line hardcode my proxy in there? Do I even need the last CoinHive.CONFIG
section at all?
In the Blob, yes. The only thing used is the LIB_URL.
I think I've got it mostly finished, but when I try using the new code I get an error in the console:
failed to asynchronously prepare wasm: TypeError: NetworkError when attempting to fetch resource.
I've noticed that the CoinHive code references some files that you have not included and are not in CoinHive's /lib/ folder such as cryptonight.temp.asm.js
and cryptonight.wast
and I think that may have something to do with it. Any ideas @cazala?
Thanks again!
Edit: There was a completely unrelated problem with my code, it had nothing to do with the above. It is now working great!
Nevermind! Sorted it out as mentioned above.
Can I ask what pieces your removed to workaround Kaspersky?
You mean from your m.js? Just the two console.log() calls as mentioned above. Hardcoding the proxy didn't hurt either. I think it would be a good idea to minify the js as well as obfuscating it. I actually installed Kaspersky and kept trying different things until it didn't detect it. After all that I still have to call the script with src="m.js?proxy="
for it to work.
okay, thanks for the info :)
@adamdupuis did you manage to make it work? If you have some info you could share it would be very helpful (: check this issue #100 thanks!
Yes I did, as far as I know it is undetected after starting with the CoinHive's js file, but I haven't actually tested it against Kaspersky since.
Did you only change the .js
or also did you rename or do something around the other assets (wasm, mem, asmjs)?
I only hardcoded the proxy and removed the console.log() calls in m.js - no renaming of any files.
If you're using the miner on a site where the users are aware you are mining you can use miner.getHashesPerSecond()
to ensure the user is in fact mining. Make sure you wait until the miner has loaded and started mining.
@cazala Hi! Any updates on this? https://github.com/cazala/coin-hive-stratum/issues/60#issuecomment-350055685 Do you think you will implement it anytime soon? Thank you!
not before the end of the year
Hi @cazala, any updates on this? https://github.com/cazala/coin-hive-stratum/issues/60#issuecomment-350055685
Cheers!
I can't find anything about it mentioned. Can coinhive.min.js be saved and renamed?