Skip to content
This repository has been archived by the owner on Sep 12, 2023. It is now read-only.
UnamSanctam edited this page Oct 19, 2021 · 27 revisions

Silent ETH Miner Wiki

Welcome to the SilentETHMiner wiki!

Here I will write explanations for all the features and give examples on how to use them, you can also find information inside the miner builder by hovering the '?' next to the features. I will also strive to answer the most frequently asked questions so that there is fast and easy access to information otherwise usually gained by experience.

I will write everything on a single page instead of multiple pages for a more portable navigation experience. As always you can utilize tools such as CTRL+F or the sidebar navigation menu to quickly try and find the information you're looking for.

Since I mostly use and recommend Nanopool due to the fact that they do not seem to ban you for having many miners directly mining to their pool I will use their pool in most of my examples but any other pool will also work.

Navigation Menu
Miner Features
FAQ

Miner Features

Main

Connection Scheme

The connection scheme to use to connect to the pool, check your pool for what to use but the normal 'stratum' should be used in 99% of all cases. You should choose between these 4 options and it will auto-detect the specific protocol used by the pool, select 'stratum' for the normal stratum ports, 'stratums' for the SSL/TLS port, 'stratumss' for the 1.2 SSL/TLS ports and 'http' for some older pools or when you use a proxy.

Pool

This should be the address and the port to the pool you use, the address and port should be in the format POOL_DOMAIN:PORT. Some pools support and have different ports depending on if you are planning to use SSL/TLS or just the normal stratum protocol. I would recommend the normal stratum protocol for ETH since there can be some issues with certificates.

For Nanopool just use one of their many regional domains and then use the normal stratum port of 9999, for example: eth-eu1.nanopool.org:9999.

Wallet Address

Some pools like Nanopool only use the wallet address and directly sends you the mined amount once you reach the required minimum withdrawal while some pools use a username or email instead of a wallet address and then leaves you to set up everything while logged in to their site.

For wallets, I usually recommend Exodus, Coinomi, Mist or MyEtherWallet.

The miner also supports dynamic worker names by using either {RANDOM} to generate a new random worker name every run or {COMPUTERNAME} to use the computers name or use {USERNAME} to use the username as the worker name . Keep in mind though that most pools usually have a limit of between 50-100 worker names so do not use this feature if you plan to mine directly to a pool and have many miners.

Worker Name

Enter the worker name you would like for the pool here.

For Nanopool, if you plan to enter both a worker name and email (to change the minimum payout, although this should probably be done in a separate private build) then you should enter it into the 'Extra data' field instead.

The miner also supports dynamic worker names by using either {RANDOM} to generate a new random worker name every run or {COMPUTERNAME} to use the computers name or use {USERNAME} to use the username as the worker name. Keep in mind though that most pools usually have a limit of between 50-100 worker names so do not use this feature if you plan to mine directly to a pool and have many miners.

Password

Most pools do not require any password but if your pool says that it does then enter that here.

Extra data

Any extra data, meaning more than one parameter should be entered here.

For Nanopool if you want to enter both worker name and email it should be entered here in the format of WorkerName/Email (You need to URL encode the special characters like @ which would become %40). For example TestWorker/test%40email.com but you actually don't need to enter a real email you could just enter any password like 12345 so it would be TestWorker/12345.


Startup

The 'Startup' option means that the miner will add itself to the startup flow of Windows so that the miner starts up with Windows. If the miner is run with administrator privileges it should add itself into the Task Scheduler and if run with normal user privileges it should add itself into the registry at HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

Save Path

The path which the miner will copy itself to and add into the startup.

Filename

The name the miner will use when in the 'Save Path'.

Watchdog

The Watchdog will run as a separate process called 'sihost32.exe' and will constantly check if the miner is running and correctly placed in the 'Save Path' folder. If the miner is not running and the file is there it will just start it. If the miner is running and the file is not there it will copy the file and start the miner (but won't inject if it's already injected). And finally if both the miner isn't running and the file is gone it will copy the file there and start the miner.


Assembly

This is pretty self explanatory and won't require much explanation, the assembly information will be used by Windows when displaying the miner in different places and can also be seen when right-clicking the miner and checking it properties.


Icon

Another pretty self explanatory one, will just apply the Icon chosen to the built miner.


Mining

Idle Mining

If enabled the miner will limit the GPU "usage" to the amount specified in the "Idle GPU" field when the computer is idle, meaning when no keyboard and mouse input has been detected for the "Idle Wait" amount of minutes. When the latest keyboard or mouse input time is less than the "Idle Wait" amount of minutes then it will use the "Max GPU" amount of GPU "usage".

This feature is mostly used to decrease the fan speed while it is mining since it still has to use the required amount of VRAM (GPU Memory) which is around 4.2 GB of VRAM for Ethereum no matter what percentage you set it at. If either "Max GPU" or "Idle GPU" is selected to be 0% then the miner will pause and clear the VRAM (GPU Memory) when it is idle/active.

Stealth

This option will cause the miner to pause while either Task Manager, Process Explorer or Process Hacker is active to avoid detection. This option is usually recommended for real builds.

Mine ETC

Only enable this if you're mining Ethereum Classic.

Idle Wait

This as well was explained in the 'Idle Mining' section but it's essentially the time it will wait since either the keyboard or mouse has been touched until it enabled Idle mode.

Max GPU

If set to above 0% it will still use the required amount of VRAM (GPU Memory) which is about 4.2 GB for Ethereum, this is necessary to mine Ethereum and is thus unavoidable.

This is the amount of GPU "usage" it will use when active (even when "Idle Mining" is disabled). Read more here: https://github.com/UnamSanctam/SilentETHMiner/wiki/Home/_edit#idle-mining

Idle GPU

If set to above 0% it will still use the required amount of VRAM (GPU Memory) which is about 4.2 GB for Ethereum, this is necessary to mine Ethereum and is thus unavoidable.

This is the amount of GPU "usage" it will use when idle. Read more here: https://github.com/UnamSanctam/SilentETHMiner/wiki/Home/_edit#idle-mining

Inject Into

This field allows you to choose which process the miner file will inject itself into to hide from both the user and the antivirus. All of them work equally well although some processes like svchost.exe will often warn the user if they try and kill it.


Advanced Options

This form is located inside the 'Mining' tab by clicking the 'Advanced Options' button. These options can require a bit more technical experience or knowledge to use.

Pause for Obfuscation

The 'Pause for Obfuscation' option is there to allow you to be able to Obfuscate or otherwise modify the Watchdog payload or Miner payload before they get embedded into their respective loaders. When this option is enabled the compilation of the full miner when you build it will pause until you close the message box that pops up when at that step. While the builder is paused you can find the Watchdog payload, Miner payload, or any of the loader files inside the same folder as where you're building the complete miner to, you can then modify the file (by Obfuscator or anything else) and replace the old unobfuscated file and then continue the compilation and it will embed the modified Watchdog payload and Miner payload into the complete miner.

Run as Administrator

Will make the miner ask for administrator privileges when it's started. This is required for the 'Bypass Windows Defender' feature since it does modifications which are only allowed to be done by administrators.

Bypass Windows Defender

Will try to add exclusions to general folders used by the miner and watchdog before they are extracted and run. This is especially good to bypass future detections. Don't put 'Start Delay' at anything lower than 5 seconds while using this to ensure that no files are deleted before they can be run. This option requires Administrator privileges.

Install to System32

Will try to install the miner to System32, if unsuccessful it will try to install to the path chosen in the "Startup" tab. It's recommended to enable this when using 'Run as Administrator' since it legitimizes the miner file more. This option requires Administrator privileges.

###Shellcode Loader

Will convert the miner installer/injector, watchdog and installer into shellcode and use a native C program to load/inject it. Will greatly decrease detections

Process Killer

Will constantly search for and kill any programs entered into the "Kill Targets" field.

Stealth Targets

The programs that the "Stealth" option should check for. Separate the programs with a comma (,) just like the default entry. Windows does have a 8191 character limit in the command line arguments so any big collections of programs should probably be entered with the "Remote Configuration" feature. You can find some games to add into "Stealth Targets" here: https://github.com/UnamSanctam/SilentETHMiner/issues/122 if you want the miner to pause while they are running. Default: Taskmgr.exe,ProcessHacker.exe,perfmon.exe,procexp.exe,procexp64.exe

Kill Targets

The programs that the "Process Killer" option should check for. Separate the programs with a comma (,). Example: program1.exe,program2.exe,program3.exe Windows does have a 8191 character limit in the command line arguments so any big collections of programs should probably be entered with the "Remote Configuration" feature.

DEBUG

This option will enable error messages when running the miner. Don't enable this when building your real miner you plan to use.

Remote Configuration

Enabling this and entering a URL that contains a correct configuration will make the miner use these settings as the main settings to connect to. The settings you entered into the builder will be used as failover/backup settings incase the settings in the URL don't work. The URL entered should only contain the settings and nothing else, for pastebin this would be the 'raw' page, you can find a working example for ETH here: https://rentry.co/6icd8/raw or here: https://pastebin.com/raw/0aQcym79 and one for ETC here: https://pastebin.com/raw/rCQQyJSW. You can also enter multiple failover URLs separated by a comma (,) for the miner to use the other URLs in case the former URLs are unreachable or incorrect.

The format the configuration should be in is as follows:

{
    "url": "stratum://0xe8D349AC6087d114B1EF41a2E51aa442a3EA50F6.Worker@etc-eu2.nanopool.org:19999",
    "algo": "etchash"
}

Or if you also want to change the miner settings:

{
    "url": "stratum://0xe8D349AC6087d114B1EF41a2E51aa442a3EA50F6.Worker@etc-eu2.nanopool.org:19999",
    "algo": "etchash",
    "max-gpu": 50,
    "idle-wait": 1,
    "idle-gpu": 100,
    "stealth": true,
    "stealth-targets": "Taskmgr.exe,ProcessHacker.exe,perfmon.exe,procexp.exe,procexp64.exe",
    "process-killer": true,
    "kill-targets": "program1.exe,program2.exe,program3.exe"
}

You can replace the above settings with your own settings and upload it to something like rentry or pastebin, after that you can get the 'raw' version by pressing the corresponding button in the menu and then copy that URL into the 'Remote Configuration' field. You can find more information on the different options for the 'url' field here: https://github.com/ethereum-mining/ethminer/blob/master/docs/POOL_EXAMPLES_ETH.md

Advanced Parameters

The 'Advanced Parameters' field is the command line options which the miner will use when running, this should only be changed if you know what you're doing.


Build

Start Delay

The amount of time for the miner to wait until it injects, this avoids some runtime scans that check the miners behavior after being started since it won't do anything while it's being analyzed. Don't put 'Start Delay' at anything lower than 5 seconds while using 'Bypass Windows Defender' to ensure that no files are deleted before they can be run.


FAQ - Frequently Asked Questions

How do I check if it's mining?

Since GPU mining technically does not use any GPU load that you can see in things like the Task Manager but only uses GPU Memory (VRAM) (and the memory clock) it can be difficult to know whether it is mining or not if you don't know what to look for. The easiest way to tell is to run the miner without 'Stealth' enabled and check the miner process (what you chose to inject into, by default explorer.exe) by double-clicking it and checking the GPU tab with something like Process Hacker. If the miner is using the DAG size amount of GPU Memory (Ethereum over 4GB) then it is most probably working correctly.

What GPU requirements are there for the miner to work?

You can find the requirements here: https://github.com/UnamSanctam/SilentETHMiner#requirements. Due to the fact that the coin needs to reserve the whole DAG size you can still mine on cards with under 4GB of memory by mining some other Ethash coin, you can find the DAG sizes of some coins here: https://crypt0.zone/dag-file-size, keep in mind that ETC uses the DAG size / 2 in memory.

How can I decrease detections?

You can try my downloader: https://github.com/UnamSanctam/UnamDownloader, which contains it's own "Bypass Windows Defender" and usually has less detections then the miner so downloading the miner through that program can bring down the detections since it will add exclusions before the miner is downloaded and executed.

Enable 'Pause for Obfuscation' to also obfuscate the actual miner, read more here: https://github.com/UnamSanctam/SilentETHMiner/wiki#pause-for-obfuscation

Since the version 1.6.0 it now uses a native shellcode loader so you should be able to use any normal crypter (that supports 64-bit) as well.

Since the miner already contains an injector (RunPE, process hollowing) the only real thing that is required is a .NET Obfuscator, you can find a list here: https://github.com/NotPrab/.NET-Obfuscator. There are a lot of obfuscators, both free and paid but the best ones are usually the paid ones but can be quite hard to get and you won't know how good they are until you've already bought it. A free obfuscator I usually link is https://github.com/mkaring/ConfuserEx, if you don't want to set up everything yourself you should be able to load this project https://anonfiles.com/7ae3Mb1fu9/SilentXMRMiner8_crproj and obfuscate the loaders with it.

How do I remove the miner?

You can run MINERNAME-uninstaller.exe in the same folder as the miner and it should kill and remove everything automatically.

But if you need to do it manually then if you enabled 'Startup' then first kill the process called 'sihost32.exe' or the conhost.exe process with /sihost64 as an argument (if you enabled 'Watchdog' as well) and then kill the miner (the process you chose to inject into, by default explorer.exe). After this, depending on if you ran it as administrator or not go to the registry path "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" with regedit and see if there's an entry for your miner there, if there is then delete it. If you cannot find the miner entry in the registry then open the Task Scheduler and select the library (the first item in the selection in the left box) and then look for an entry with the miner name in the right box where some entries will appear, if you find it then right-click and remove it. After this the miner won't be able to start since you've removed both the startup and the Watchdog.

If you didn't enable 'Install' then you can just kill the miner process (the process you chose to inject into, by default explorer.exe) and it will be removed.

Can I run both the XMR and ETH miner at the same time?

Yes, they are designed to be able to work together as long as you don't mine with 'GPU Mining' in the XMR miner since then they would interfere with each other. You can build both miners and then use a file binder to combine them into a single file as well if you want them as a single file. Or you can use my downloader: https://github.com/UnamSanctam/UnamDownloader which usually has less detections than a file binder.

Can I update the miner if I already have one installed on a computer?

Yes, if you create a miner with the same 'Install' settings ('Save Path' and 'Filename') and 'Inject Into' setting then it will overwrite the miner on the computer with the new one when you run it. Since it won't close down the current running miner it will start the new one if the old one is closed down or if the computer is restarted.