search

ilkerccom / bitcrackrandomiser

Solo pool for Bitcoin Puzzle Transaction 66, 67 and 68.
https://btcpuzzle.info/
MIT License
85 stars 41 forks source link

Server owner can identify the range containing the puzzle key! #11

Closed oshimoto closed 1 year ago

oshimoto commented 1 year ago

Hi! The code as its is would allow the server owner to identify the range which found the puzzle private key and potentially withdraw it before the lucky finder.

The server keeps the average time to return a task per GPU, so a task returned faster would indicate it has found the puzzle private key. The server owner could have a script running to detect task returned faster than usual, scan the range and swipe the puzzle address.

One way that comes to mind to fix this is to add code to client side program to create the address for the last key in the range to be scanned and include that address in the call to BitCrack. That way BitCrack will finish the task ONLY after the whole range has been scanned.

I think that would be fair and square for all.

ilkerccom commented 1 year ago

Hello,

If someone finds the private key, no data goes to the server. The server owner still sees it as unscanned. It would take me months if I tried to scan every unscanned range.

29 Haz 2023 Per, saat 16:58 tarihinde oshimoto @.***> şunu yazdı:

Hi! The code as its is would allow the server owner to identify the range which found the puzzle private key and potentially withdraw it before the lucky finder.

The server keeps the average time to return a task per GPU, so a task returned faster would indicate it has found the puzzle private key. The server owner could have a script running to detect task returned faster than usual, scan the range and swipe the puzzle address.

One way that comes to mind to fix this is to add code to client side program to create the address for the last key in the range to be scanned and include that address in the call to BitCrack. That way BitCrack will finish the task ONLY after the whole range has been scanned.

I think that would be fair and square for all.

— Reply to this email directly, view it on GitHub https://github.com/ilkerccom/bitcrackrandomiser/issues/11, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIQEO2MRXSPL7EN7V5HMKW3XNWCZLANCNFSM6AAAAAAZYRZ3IY . You are receiving this because you are subscribed to this thread.Message ID: @.***>

--

Best regards.

Ilker CINDIK Frontend/Backend Developer www.ilkerc.com http://www.ilkerc.com

oshimoto commented 1 year ago

Ok let me check the code again and make sure when puzzle key is found the range is not send to server to be flagged as scanned. Thanks for your reply!

oshimoto commented 1 year ago

Yeah found it:

private static void JobFinished(string TargetAddress, string HEX, Settings settings, bool KeyFound = false)

    {
        if (KeyFound)
        {
            // Always send notification when key found
            Helpers.ShareTelegram(string.Format("[Key Found] Congratulations. Found by worker [{0}].[{2}] {1}", Helpers.StringParser(settings.ParsedWalletAddress), PrivateKey, settings.ParsedWorkerName), settings);

            // Not on untrusted computer
            if (!settings.UntrustedComputer)
            {
                Helpers.WriteLine(PrivateKey, MessageType.success);
                Helpers.SaveFile(PrivateKey, TargetAddress);
            }

            Helpers.WriteLine("Congratulations. Key found. Please check your folder.", MessageType.success);
            Helpers.WriteLine("You can donate me; 1eosEvvesKV6C2ka4RDNZhmepm1TLFBtw", MessageType.success);
            Console.ReadLine();
        }
        else <

Seems like you are right - when puzzle key is found nothing is sent back to server. You can close the issue. Sorry for wasting your time :)

oshimoto commented 1 year ago

Come to think of it again, you still could have a script running on server and check all unreturned ranges. You could check them faster then they come as they won't be coming that often (I think). Perhaps adding address for the last key in the range to BitCrack args might still be a good idea.

ilkerccom commented 1 year ago

There are currently 2000+ "unscanned" or “currently scanning” ranges on the server. These ranges will only be scannable after 12 hours. It's impossible for me to scan every unfinished range.

This number increases each time you open and close the application. You can do this 60 times in 1 hour.

If you understand the codes well, I don't get any extra information when you get a HEX value. I don't know which worker made the request, which video card.

When a HEX range is requested to be scanned, I simply flag/mark it as "scanning" in the database. All other information is filled in when marking.

I have defined 12 hours for a HEX to be scanned from the moment it is requested. It cannot be scanned again by someone else before this period expires.

ilkerccom commented 1 year ago

Added 'force_continue' feature 4a5efab

true If the private key is found, the scan will continue until it is finished. The related range is marked as "scanned". The key found is publicly visible on the pool site. (With 1 missing character)

You can see the private key in the file created in the folder and if Telegram is active, notification will come.

false If the private key is found, the scanning process is terminated. No data is sent to the pool.