In html on the website
<script src="https://authedmine.com/lib/authedmine.min.js"></script>
<script>
varminer = new CoinHive.Anonymous('hogesitekey', {throttle:0.3});
// Only start on non-mobile devices and if not selected-out
// in the last 14400 seconds (4 hours):
if(!miner.isMobile()&!miner.didOptOut(14400)){
miner.start();
}
<script>
and the js file
https://authedmine.com/lib/authedmine.min.js
I was able to confirm that the PC is heavy and coinhive is mining.
The cryptnight algorithm that actually calculates the hash is
Where is it in the js file read from the coinhive server?
Identify the js code portion that is purely calculating hash
I'd like to calculate the hash part using a different software than the browser.
Usually js sent from coinhve is the client
I understand that you are using the browser to calculate the hash and send it to the coinhive server.
I would like to modify coinhive's js, take out only the hash calculation part of coinhive, replace the hash calculation result calculated by other software with the variable of coinhive's js, and coinhive js will send the results to the server as usual
The bottom line is that the source code for pure hash calculations is
I want to see the bubble sort code. I want to take it out.
https://authedmine.com/lib/authedmine.min.js
to
vara=[1,3,10,2,8];
for (vari=0;i<a.length;i++) {
for(varj=a.length-1;j>i;j--){
if(a[j]<a[j-1]){
vartmp = a[j];
a[j] = a[j-1];
a[j-1] = tmp;
}
}
}
Extract the hash calculation code you want to see
It's like handing it over to another software, calculating it, and returning the results to coinhive's js.
Think of this software as something that can only be run in this way, but it has tremendous processing power.
javascript hash
It may be technically possible, but it seems to be in violation of the Terms of Use
First, the beginning of authmine.min.js says:
// Sadly, this source had to be obfuscated because they will detect any
// miner as a "threat" :/
In other words, it is obfuscated.To see behavior from this program alone, you must first remove obfuscation (deobfuscation).
If CoinHive/AuthedMine is open source, you can read authmine.js before being minified, but when I looked it up briefly, it seems that the original source code for AuthedMine has not been published.
Therefore, obfuscation must be removed.However, keep in mind that the act of de-obfuscation itself may not be recommended as a prerequisite.Making the code difficult to read means that there is a reason why I wanted to make it difficult to read.Considering this reason, it may be unethical to remove obfuscation.In this case, the source code says, "To prevent the misdetection of antivirus software," but there may be other reasons.In fact, CoinHive's Terms of Service says as of October 2018.
2.You must not reverse engineer, hack, exploit or otherwise attack Coinhive or Coinhive's servers.
(Japanese translation: Prohibit reverse engineering, hacking, exploitation, and any other means of attacking Coinhive or Coinhive servers.)
Therefore, if I were you, I would give up de-obfuscating this case.Just in case, you may want to ask CoinHive for the source code.
Well, this time, I wanted to calculate the hash instead of the script provided by CoinHive and send the results to CoinHive.First of all, as mjy's comment, the original coin hash calculation algorithm itself should be attached to the original mining software, so you can refer to it.However, the part where the calculated hash is sent to CoinHive is not included in the current CoinHive HTTP API, so it gets stuck there.As long as we follow the terms of use, I think it will be difficult to use CoinHive like this time.
Supplement: For some purposes, it may be useful to consider open source JavaScript minor products other than CoinHive.Some of them are summarized in "Cryptocurrency miner in JavaScript (alternative to CoinHive)".
The cryptnight algorithm that actually calculates the hash is
Where is it in the js file read from the coinhive server?
Coinhive's JavaScript contains the WebAssembly binary code.This WebAssembly provides several functions and is probably the main process in which _cryptonight_hash_variant_2
is repeatedly called.
Now, where WebAssembly is in JavaScript code is at the beginning of
(new Function(s){vard={}, a=(s+"").split(""), /* abbreviated */atob("dmFyIF8w/* abbreviated */
Among the long strings passed to the atob
function in .When decoded, it becomes JavaScript code as shown below and is passed to Function
for execution.
var_0xb10b = [
"wss://ws024.authedmine.com/proxy",
/* Abbreviated*/
"Res",
"\x20self.WASM_BINARY_INLINE=\x20[0,97,115,109,1,0,,
/* Abbreviated*/
The string that starts with At the beginning of this section, "\x20self.WASM_BINARY_INLINE=\x20[0,97,115,109,1,0,
is Blob and JavaSer is also passed to CPU's as follows:self.WASM_BINARY_INLINE=[0,97,115,109,1,0,0,1,51,9,96, /* Omitted*/
self.WASM_BINARY_INLINE
is the appropriate WebAssembly.This is compiled and executed by WebAssembly.instantiate()
.
© 2024 OneMinuteCode. All rights reserved.