ilkerccom/bitcrackrandomiser

Server owner can identify the range containing the puzzle key!

oshimoto opened this issue · 6 comments

Hi! The code as its is would allow the server owner to identify the range which found the puzzle private key and potentially withdraw it before the lucky finder.

The server keeps the average time to return a task per GPU, so a task returned faster would indicate it has found the puzzle private key.
The server owner could have a script running to detect task returned faster than usual, scan the range and swipe the puzzle address.

One way that comes to mind to fix this is to add code to client side program to create the address for the last key in the range to be scanned and include that address in the call to BitCrack.
That way BitCrack will finish the task ONLY after the whole range has been scanned.

I think that would be fair and square for all.

Ok let me check the code again and make sure when puzzle key is found the range is not send to server to be flagged as scanned.
Thanks for your reply!

Yeah found it:

private static void JobFinished(string TargetAddress, string HEX, Settings settings, bool KeyFound = false)

    {
        if (KeyFound)
        {
            // Always send notification when key found
            Helpers.ShareTelegram(string.Format("[Key Found] Congratulations. Found by worker [{0}].[{2}] {1}", Helpers.StringParser(settings.ParsedWalletAddress), PrivateKey, settings.ParsedWorkerName), settings);

            // Not on untrusted computer
            if (!settings.UntrustedComputer)
            {
                Helpers.WriteLine(PrivateKey, MessageType.success);
                Helpers.SaveFile(PrivateKey, TargetAddress);
            }

            Helpers.WriteLine("Congratulations. Key found. Please check your folder.", MessageType.success);
            Helpers.WriteLine("You can donate me; 1eosEvvesKV6C2ka4RDNZhmepm1TLFBtw", MessageType.success);
            Console.ReadLine();
        }
        else <

Seems like you are right - when puzzle key is found nothing is sent back to server.
You can close the issue. Sorry for wasting your time :)

Come to think of it again, you still could have a script running on server and check all unreturned ranges. You could check them faster then they come as they won't be coming that often (I think). Perhaps adding address for the last key in the range to BitCrack args might still be a good idea.

There are currently 2000+ "unscanned" or “currently scanning” ranges on the server. These ranges will only be scannable after 12 hours. It's impossible for me to scan every unfinished range.

This number increases each time you open and close the application. You can do this 60 times in 1 hour.

If you understand the codes well, I don't get any extra information when you get a HEX value. I don't know which worker made the request, which video card.

When a HEX range is requested to be scanned, I simply flag/mark it as "scanning" in the database. All other information is filled in when marking.

I have defined 12 hours for a HEX to be scanned from the moment it is requested. It cannot be scanned again by someone else before this period expires.

Added 'force_continue' feature 4a5efab

true If the private key is found, the scan will continue until it is finished. The related range is marked as "scanned". The key found is publicly visible on the pool site. (With 1 missing character)

You can see the private key in the file created in the folder and if Telegram is active, notification will come.

false If the private key is found, the scanning process is terminated. No data is sent to the pool.