[QUOTE=chalsall;410790]...which, if the claim is correct, is an extremely poor implementation of TF'ing. And yet, interestingly, the empirical evidence provided by Madpoo says that this "talks" to its Command and Control (C&C) constantly via an encrypted channel; and not even to a registered domain.

Those doing the shortest possible TF'ing in "just in time" mode through GPU72 only "talk" to the server a dozen times or so an hour (less than a hundred bytes per "chat"); and they have (I think) three or four reasonably high-end GPUs on the job.

Clearly, several things just don't add up. It will be interesting to see if "CEMPLLA Author" (do we actually yet know his real name) will ever come back to explain himself. I bet a dollar no.[/QUOTE]

So, he has written some barely functional TF code so it actually does something that you can see, meanwhile the encrypted back channel....

[QUOTE=Gordon;410892]So, he has written some barely functional TF code so it actually does something that you can see, meanwhile the encrypted back channel....[/QUOTE]

the things that makes it sound weird is if it's to stop LL early and not waste more cycles then you'd want the TF to be a lot more efficient. I just tried to uninstall it and I had to go the delete route it didn't show up in windows control panel and the install button in the installer didn't change to uninstall I'm kind of put off by that, not to mention I've had times were it couldn't contact the server with an internet connection so it doesn't start up, and even one time where the exponent list for inputting a known factor went to all 0's though that was just checking the range it said it had mostly.

[QUOTE=science_man_88;410903] I just tried to uninstall it and I had to go the delete route it didn't show up in windows control panel and the install button in the installer didn't change to uninstall I'm kind of put off by that,.....[/QUOTE]

Give CCLeaner a shot at it, and perhaps, Malwarebytes Antimalware. Also, have a look at what Process Explorer shows, to see if there is anything still active.

[QUOTE=Madpoo;410816]I spoofed it to my own SSH server via a hosts entry. It checks the server certificate apparently.[/QUOTE]

One amusing thing to try would be to find the client's private key in the binary, and change it to be one you've generated for your server public key. Not trivial, but not impossible either.

Probably more trouble than it's worth, but you "ownz" the machine / code.... :wink:

[QUOTE=kladner;410905]Give CCLeaner a shot at it, and perhaps, Malwarebytes Antimalware. Also, have a look at what Process Explorer shows, to see if there is anything still active.[/QUOTE]

yeah I installed something to try and decompile it off sourceforge so anything I found seems to be coincidental and I tried a fresh install of the OP program and haven't detected anything yet and that was after a short 10 minute run.

edit: to the OP the fact that if the exponent p mod 4 =3 and 2*p+1 is prime allows a more than 3% decrease in the number of exponents in the 100 million-200 million digit range for example according to my calculations this is why it's important in programming/scripting to know about your data. and this still is at over 2.8% that you can do one test to throw out an exponent in the billion to 2 billion digit range based on my math.

[QUOTE=science_man_88;410913]yeah I installed something to try and decompile it off sourceforge so anything I found seems to be coincidental and I tried a fresh install of the OP program and haven't detected anything yet and that was after a short 10 minute run.[/QUOTE]

You are, of course, doing this on a "throw away" box, and not your main workstation?

[QUOTE=chalsall;410919]You are, of course, doing this on a "throw away" box, and not your main workstation?[/QUOTE]

I don't have more than one computer. the only other thing I have is a tablet.

[QUOTE=science_man_88;410920]I don't have more than one computer. the only other thing I have is a tablet.[/QUOTE]

How are you sniffing the traffic?

[QUOTE=chalsall;410923]How are you sniffing the traffic?[/QUOTE]

I haven't been except I can see internet usage in task manager for send and receive.

[QUOTE=science_man_88;410924]I haven't been except I can see internet usage in task manager for send and receive.[/QUOTE]

Wow. Well done! You see that something is happening!

Captured any of the bytes?

[QUOTE=chalsall;410927]Wow. Well done! You see that something is happening!

Captured any of the bytes?[/QUOTE]

I saw 1.9 Mbps at the start not much after that edit: for that one program for network usage but the internet usage thing was on a different part of Task manager, I think you meant did I get to see what it's sending receiving actual code wise. I suck at interpreting people.