Hacking Slot Machines by Reverse-Engineering the Random Number Generators

Interesting story:

The venture is built on Alex's talent for reverse engineering the algorithms -- known as pseudorandom number generators, or PRNGs -- that govern how slot machine games behave. Armed with this knowledge, he can predict when certain games are likeliest to spit out money­insight that he shares with a legion of field agents who do the organization's grunt work.

These agents roam casinos from Poland to Macau to Peru in search of slots whose PRNGs have been deciphered by Alex. They use phones to record video of a vulnerable machine in action, then transmit the footage to an office in St. Petersburg. There, Alex and his assistants analyze the video to determine when the games' odds will briefly tilt against the house. They then send timing data to a custom app on an agent's phone; this data causes the phones to vibrate a split second before the agent should press the "Spin" button. By using these cues to beat slots in multiple casinos, a four-person team can earn more than $250,000 a week.

It's an interesting article; I have no idea how much of it is true.

The sad part is that the slot-machine vulnerability is so easy to fix. Although the article says that "writing such algorithms requires tremendous mathematical skill," it's really only true that designing the algorithms requires that skill. Using any secure encryption algorithm or hash function as a PRNG is trivially easy. And there's no reason why the system can't be designed with a real RNG. There is some randomness in the system somewhere, and it can be added into the mix as well. The programmers can use a well-designed algorithm, like my own Fortuna, but even something less well-thought-out is likely to foil this attack.

Posted on August 7, 2017 at 6:00 AM • 38 Comments

Comments

KaiAugust 7, 2017 6:35 AM

I'm just wildly speculating here, but I would imagine that the PRNG algorithms in use are very heavily vetted to ensure that they are random enough, but also predictable enough that the machine is going to pay out at a very precisely determined rate. It's likely that this engineered imbalance in the algorithm is also what leads to the weakness that's being exploited.

True randomness could have the machine paying out at above it's stated range - the companies making these machines and the companies deploying them don't want them to be properly random, they want it to be very predictable and in their favour.

Yash ShrivastavaAugust 7, 2017 6:45 AM

One reason i can think of not using a TRNG is that, it won't allow the casinos to earn profit. The current algorithms are designed so that the casinos always end up earning profit (in long term).

AndrewAugust 7, 2017 6:50 AM

Microsoft and a lot of other free libraries and SDKs used simple linear congruential generators for many years, even in cryptography. Not to mention that some of them might have been backdoored.
Developers had no idea about strong random generators algorithms and used default rand() functions provided by such libraries in all kind of applications, gambling included. I have personally seen such an implementation.
I bet that a lot of developers today have no idea that numbers generated with a lcng repeat after a while.

KaiAugust 7, 2017 6:52 AM

@Lagod - the linked article is a follow on from the previous article


...My own dialogue with Alex began in February of this year, after he read a story I’d written about his agents’ exploits in the US. (“I keep an eye on what becomes public regarding my business,” he explained via email.) His name had already come up twice in the course of my reporting—once from someone close to the fraud investigation in the Eastern District of Missouri and once in conversation with Willy Allison, a casino security consultant who has been tracking the St. Petersburg organization for years.

bickerdykeAugust 7, 2017 6:57 AM

TRNG or PRNG don't have a direct influence on the odds of earning profits. (as long as they are not fixed themselves)

A TRNG that comes with a real random string of numbers between 1 and 100 will still make sure that the house wins - if the rules say that the player wins if the number is between 70 and 100. And THAT is how the advantage of the house is created.

My guess is that PRNG have to be used for regulatory reasons as they are easier to check by the authorities.

225August 7, 2017 7:21 AM

Having a failure of a PRNG in a one armed bandit allows for even better money laundering, this could be where some of the 100 dollar bills come from that feed the commonwealth banks smart ATMs, that then send the money overseas without any audit.

This article reads like someone is trying to exploit the PRNG, and also extort the company at the same time.

ab praeceptisAugust 7, 2017 7:55 AM

Kai

You are right.

Actually the story is pretty much a non story as *of course* those "prngs" are badly tainted. There have also been other cases where attackers didn't just have a quite good guess but actually *knew* almost exactly when the next round would win, due to really bad pseudo random which was basically a cycle of some hundred elements and the "random" only changed the order slightly.

Maybe worth mentioning: It's not just for the evil casinos that the machines are badly tainted. At least in some countries it's also the state *demanding* it, usually to close down opportunities for money laundering and similar reasons. I know of at least 1 case/country where (at least officially) the reason is to make sure that the customers have a fair chance to win.

SLAugust 7, 2017 8:24 AM

If there's requirement for win ratio, and PRNG is bad. I would use it fill fixed roll sequence instead of using independent time based results from it. Allocate slot of 100 rolls, place in 30 small wins and 10 medium and one big. This will guarantee that win ratio will be fixed on next 100 rolls to come. Remaining 59 rolls will lose. Even if the PRNG is total disaster, the win ratio won't change. If there's possibility to set "bid" then just consume several slots at once and if required, make pre-allocated the batch larger. You can still 'cheat' but it's much harder, and house won't be the loser.

HumdeeAugust 7, 2017 9:54 AM

What Kai said. Casinos need to vet the payout. There is an old saying in the casino industry that if something is unlikely to be true it is untrue. If the odds were truly random there would be no way to vet the results because there would be no way to verify the payouts. In this sense a slot machine is different than a public lottery. A public lottery only cares if the results are truly random because the lottery can never pay out more than what was put in. But the casino can pay out more than what was put in, and thereby go bankrupt, if the payouts aren't managed properly.

This leads to an interesting question. Should the casinos actually care that their slots are being gamed? Only if it costs them profit. Otherwise they should be indifferent to whole the pool of winners and losers is among their customers.

EiderAugust 7, 2017 10:12 AM

Many sweepstakes add a trivial steps so they can claim to be "games of skill" rather than "games of chance". This is to sidestep anti gambling laws. Here we have the gamblers turning a "game of chance" into a "game of skill" and we're supposed to care.

Apparently it's only wrong if you don't own the lawmakers and judges.

MikeAAugust 7, 2017 10:34 AM

When I were a lad, the RNG in a slot machine looked a lot like the mechanism you can see at about 1:08 in the video https://www.youtube.com/watch?v=b81VafxxcHo -- The "Puskin Automaton", sort of the logical descendant of Christopher Strachey's Poetry program ( https://en.wikipedia.org/wiki/Strachey_Love_Letter_algorithm ) and the Jaquet Droz Writer automaton ( https://www.youtube.com/watch?v=bY_wfKVjuJM ).

Anyway, back in the day there were several people who claimed (or were claimed) to be skilled at "feeling" the state of these mechanical RNGs, although in many cases they were found to be relying more on small holes drilled in the front of the machine (with a palm-held drill, or by an accomplice in the casino's employ), through which they could insert a stiff wire to "bias the odds".

VAugust 7, 2017 12:29 PM

@SL


Allocate slot of 100 rolls, place in 30 small wins and 10 medium and one big. This will guarantee that win ratio will be fixed on next 100 rolls to come. Remaining 59 rolls will lose.

You've just added a vulnerability to the machine. If it's possible to reverse engineer when the block of 100 rolls starts you can watch and count as rubes play the machine. If a rube gives up on the machine when there are - say - 20 pulls left in the block of 100 and the big win hasn't come up, take over and play until it does.

The casino still makes its profit; this scheme gives non-counters slightly worse odds and the counter slightly better odds.

Fred PAugust 7, 2017 1:35 PM

@Kai
"I'm just wildly speculating here, but I would imagine that the PRNG algorithms in use are very heavily vetted to ensure that they are random enough..."

- I worked for about 5 years in the gambling industry writing code for slot-type machines for state entities. I can say that when I was working there, our machines had their PRNGs (code and output) checked by either the regulator itself, or by a company hired to do that task. The main company we dealt with (GLI - link above) used a variety of statistical tests and would look for known defects in PRNGs. One of the incidents I dealt with was that we were poorly seeding our PRNG and we weren't adding enough bits of randomness frequently enough, which under certain circumstances could make the numbers perfectly, easily predictable. In response, we killed that release, and improved both significantly.

While I cannot guarantee that the wider (less-regulated) slot industry were careful about their PRNGs, the major actors appeared to be. In other words, it was the game design, not the PRNG that determined how swingy the wins were (barring code defects). I can tell you from the data I had that there were weeks where some of our most popular games lost money (due to large progressive payouts occurring on those weeks). When averaged over a year, though, those numbers looked very close to what you'd expect from the payout table.

I cannot speak to grey market machines; the times when they actually got to a regulator, they rarely even passed the initial "will this behave well when shocked with electricity" tests. It's possible that their PRNGs were also bad, or even favored certain results.

Fred PAugust 7, 2017 2:03 PM

Comments on the article:

"Writing such algorithms requires tremendous mathematical skill..." - writing the original may. The reality for people writing code for slot machines is that we use one of the small number of approved algorithms. If we don't, we're unlikely to get it past the regulators.

"Equipped with Alex’s information and software, both obtained online for free, anyone with a smartphone will be able to turn a vulnerable slot machine into a gaudily decorated ATM" - this is silly. The response to a broken game is to shut it down. Even when the casino/lottery doesn't know why, they'll shut it down within a few days or less just because the payouts seem unusually high. For most casinos, that would just mean more play on other machines (ones that aren't broken). In a case like he's describing, I suspect that nearly the entire industry would be aware within a few hours.

While I can't comment on if Alex reverse engineered the PRNG, I'll note that when I was working for a slot machine company, that was one of our biggest fears. Even though the resources needed to reverse engineer against it seemed implausible (at the time), we attempted to guard against this, urged on by our customers and regulators. I have no reason to think that most or all of our competitors didn't have this in mind. The easiest way to guard against this is to increase the injection of entropy (ideally, it should be greater than or equal to the information leakage).

Fred PAugust 7, 2017 2:24 PM

@SL - "I would use it fill fixed roll sequence" - that's a different kind of game - it's pretty much how scratch-off lotteries work. As PRNG implementations tend to be decoupled from the games (Why? because your game isn't on every machine you sell, but your PRNG is), it wouldn't make much sense for the larger slot machine companies. Also, as a game design note, a 1% chance of a big win would be far higher (and likely result in far lower play) than any game we implemented; I don't recall any of our competitors using anything close to a 1% chance of a high win, either. My recollection is that one of our most popular games was a 10 of 10 keno. The top prize was something like a 1 in 8,911,711 event. We also had slot games with similar odds for the top prize.

@Humdee "If the odds were truly random there would be no way to vet the results because there would be no way to verify the payouts." - at least in the jurisdictions where we worked, the ability to verify recent payouts was a requirement tested both by the regulator (or the company they hired) and the end client (in one case these were the same legal entity). In theory, you needed a physical key to access that feature, among several others (none of which could impact the payout amounts or the payout percentage). That said, other than in a dispute situation, the casino/lottery doesn't care about the individual pays - they care about he collective ones, over a day, a week, a month, or even a year. If a 92% payout game is paying out at, say, 101% (with a large umber of plays) over a week, they're going to ask why. If it keeps doing so, or no good explanation comes up, they'll shut that game down.

Clive RobinsonAugust 7, 2017 2:32 PM

@ kai,

I would imagine that the PRNG algorithms in use are very heavily vetted to ensure that they are random enough, but also predictable enough that the machine is going to pay out at a very precisely determined rate.

Err no, you are over assuming.

Just assume the RNG is infact a TRNG and realy does provide a not just truly random output but one that is unbiased as well. Thus it has a flat distribution nomatter what test you throw at it.

Let us assume it chucks out a 10bit unsigned int, but you want it to only give a range between 10 and 990 and still be both truly random and unbiased. All you have to do is throw away any numbers outside the required range. Thus nothing clever. The potential downside is it generates a long sequence of out of range numbers thus it takes an uncertain length of time to output an inrange number.

Thus you have the TRNG running without modification followed by your range filter. There is no reason why the range can not be changed at any time, it does not effect the randomness of the numbers in the chosen range.

You can thus change the range to effect the size of payout to ensure you meet the payout requirments.

BearAugust 7, 2017 2:58 PM


I have encountered stupid security many times, specifically in gambling systems, that made errors which would be unthinkable in other computer security regimes.

You can do a back-of-the-envelope calculation and discover that there are 240 bits of information in a shuffled deck of cards. Guess what size seed a random number generator used for shuffling cards is usually initialized with? Guess what size state it has? Did you guess less than 256 bits? Did you guess a lot less? I've encountered 32, more than once. Meaning that if you can see seven cards you know the sequence of the entire deck.

The more teams like Alex's make these mistakes expensive, the more they're getting fixed. But in the gambling industry, it seems that the ratio of expense incurred to fixes implemented is much higher than seen anywhere else. Casinos literally spend years losing millions of dollars before anybody updates a product, whether software or hardware, to fix even the simplest problems. I don't know whether the issue is a smaller, more specialized market where the same level of expense to justify some effort has a smaller number of victims to get spread over, or a failure of expertise to cross over from other venues, or simply a cultural question of how security is valued. But there is really a serious problem with security in gambling systems.

And yes, a better RNG would be dead simple to implement from a computer security perspective. But, until the expense mounts high enough, across enough casinos, to justify the replacement of every last slot with a slot where the RNG is actually better, casinos will continue to make more money by having the vulnerable slots on the floor accepting money from the millions of people who aren't Alex's team, than they lose to Alex's team. The fix is a matter of how efficiently they win, not a matter of whether they're winning or losing.

John SmithAugust 7, 2017 5:56 PM

I think everyone is missing the point. Slot machine payouts are not designed to be random.

They are designed to be addictive. Use your google-fu on "intermittent reinforcement".

The idea is to pay out just enough, and just often enough, to keep the player at the machine - the longer the better for casino profits.

Those occasional payouts give the gambler a nice but too-brief spike in dopamine. Just the thing to foster an addiction. The susceptible gambler wants more ... and more ... and chases a dopamine-mediated high with more and more losses.

The payouts are deliberately non-random in order to milk the gambling herd. A truly random payout would result in less addictive behavior and lower profits.

But because the payouts are non-random, they are exploitable in theory. A slot machine gang could try to hack the algorithm responsible for the intermittent, addictive reinforcement, by trying to predict when the machine is due to reinforce the player.

This has little to do with the design of any underlying RNG in the slot machine h/w or s/w.

Clive RobinsonAugust 7, 2017 6:30 PM

@ John Smith,

I think everyone is missing the point. Slot machine payouts are not designed to be random.

I don't think every one is, but there is a second point some are missing,

If you exploit the payout sequence of PRNG rather than change the PRNG sequence to make more payouts the Casino is not realy going to notice.

That is when exploiting the sequence, you are not changing the behaviour of the machine, therefor from that point of view the payout behaviour is as the casino expects.

It's a bit like knowing which scratch card to buy. The retailer does not see any change in payouts over all, all that happens is you get all the winers whilst other players get all the losers.

Fredric L. RiceAugust 7, 2017 6:54 PM

Slot machines and other casino devices are NOT random nor even pseudo random, their numbers generators are specifically designed to rook money from the rubes, marks, and suckers such that a pre-determined percentage of the money that the marks insert in to the machines goes toward the House, and gambling oversight agencies set upper limits on the percentage that gambling houses take from the marks.

The pseudo-random numbers for such machines determine the output display which the marks see, they do NOT determine when the machine will pay out, not over time, that's hard-set in the devices.

Decades ago I lived in Blue Diamond, a township outside of North Las Vegas, and all of the locals laughed at the tourists who think they're gambling when in reality all they're doing is handing over a percentage of their money to organized crime.

Fred PAugust 7, 2017 7:41 PM

@john Smith-

"Slot machine payouts are not designed to be random.

They are designed to be addictive."

- We were trying for both. That said, they're two separate problems. The first is implementing a PRNG well. The second is game design.

@Fredric L. Rice-

Well, yes - from the casino's perspective, they're getting x% of every dollar on average, which (with enough plays) tends to come out nearly exactly. That said, from the perspective of an individual player playing a small number of games, it appears random.

That said, back when I worked on slot machines, we had a test bed of 32 slot machines, which we had set up to automatically hit the correct buttons. We'd put in hundreds or thousands of "dollars" into them and let them rip. With rare exceptions, they'd all be out of money in a few hours. New people would be excited to do this at first with the "money" they "won"... but within a few hours, when they had to re-fill some machines multiple times, that stopped.

@Bear " I've encountered 32, more than once." excellent point. I think this was very common, roughly 20 years ago in VLTs (I can't recall if ours was 32 or 64 bit. I think it was less than enough for a full deck to be correctly randomized). That said, the standard was also to re-shuffle between hands, which limited the direct value of this information, assuming that enough entropy was added between shuffles.

WaelAugust 8, 2017 2:15 AM

I have no idea how much of it is true.

I don't believe it. Casinos have more security than the pentagon. What's more likely is an ex-employee who deliberately introduced a subtle weakness, and made some extra money on the side.

WaelAugust 8, 2017 2:26 AM

@Fredric L. Rice,

tourists who think they're gambling when in reality all they're doing is handing over a percentage of their money to organized crime.

Excellent description! Casinos in a nutshell. I'll add that casinos do not gamble! They fix the outcome.

But this is still my favorite clever "hack".

paigeAugust 8, 2017 6:47 AM

he ended the email with proof of his technical prowess: a mathematical breakdown of the supposedly secret PRNG that powers Aristocrat games

That's a red flag. "Supposedly secret"? That PRNG is in every machine shipped, and might be known to various regulators already; the manufacturer has little excuse for depending on its secrecy. If some jurisdictions require a weak PRNG, they could build a separate version for each, or skip them entirely if the risk is too high.

I'd have been more impressed if they managed to do this without using an electronic device in the casino. Casinos have paid good money to make that illegal but couldn't have done anything if the hackers used pen and paper. And avoided the extortion of course.

TMAugust 8, 2017 7:33 AM

If there really were a clever hacker out there who knew how to make millions from cheating casinos, how likely would it be for him to give away his trade secrets to an internet magazine?

And how likely is that casinos wouldn't notice/wouldn't care?

Frank WilhoitAugust 8, 2017 7:57 AM

John Scarne has a story of the exact analog counterpart of this attack, as applied to mechanical slots in 1946. Scarne's Complete Guide to Gambling, pp. 405ff.

albertAugust 8, 2017 12:50 PM

@John Smith, etc.

See Professor Natasha Dow-Schüll, author of “Addiction by Design: Machine Gambling in Las Vegas"*, interviewed by Chris Hedges.

Fascinating stuff.
-------
*It's a (gasp!) academic study, but a good one.
. .. . .. --- ....

Fred PAugust 8, 2017 1:03 PM

@paige - I'd assume that the regulators (or their agents) are intimately familiar with their PRNGs. They had all our source code, and if they had any questions, we'd take the time to explain every bit of it. I do not think it would have been difficult for a regulator, a customer, or a competitor to get access to our PRNG (besides the dozen or so people that were working/ had worked for our company with access to that code); we assumed that any competent attacker could either get or derive the algorithm.

cgAugust 8, 2017 1:52 PM

Any casino from here to Las Vegas:

They have a "security" team on catwalks above the smoked glass ceiling, observing every hand of cards at the table, and praying to the devil for the house to win.

JohnAugust 8, 2017 1:57 PM

@Bear, I'm a tad curious as to the envelope you used, I'm seeing about 225.6 bits of information in a shuffled deck of cards, not about 240 and yes, a lot of PRNG implementations are absolutely terrible with entirely too little state being retained.

And as many people have already stated, from the point of view of the Casino's it really doesn't matter how good or bad the PRNG really is. They make the same amount of money regardless. What a poor implementation means (and only if an exploit of it gets publicly know) is that the players will consider it "unfair". Yes, the vast majority of the players know that odds are against them and that over time they'll lose money. But there's that "chance" that they'll win and that's why they're playing. And it's acceptable to them since everyone has the same change of winning or losing. But if someone has special knowledge so that they know in advance how to significantly increase their odds of winning at the expense of those who don't know, then it's no longer "fair" and they're going to complain quite loudly. And from the point of view of the Casinos is that if the players are upset enough, they'll stop playing, which is unacceptable.

BearAugust 8, 2017 10:32 PM

That's the figure for a 52-card deck.

A 54-card deck (ie, including jokers) gives you just slightly over 237. I rounded up to 240.

But whatever the number is, we can agree that a 32-bit RNG seed is too small.

JardaAugust 9, 2017 3:53 PM

Interesting. So far I've heard about machines being hacked by modyfiing the single chip computer in order to decrease the win rate, so that the owner can pocket the difference and pay no taxes from it. Anyway, I find it incredible that today there are still people playing slot machines.

BearAugust 10, 2017 11:55 AM

People are still playing slots, because God never came out with a hot patch fixing all the bug reports I filed on our brain firmware. But I've about given up. It's hardly worth praying, if He never makes any updates to his code.

Sadly, it's an expense attached to an addictive behavior - compulsion, poor judgment, innumeracy, improper dopamine response, whatever combination of the above. The problem with that, IMO, is that that places it, most probably and usually, on those least able to afford it.

This is ... I dunno, I guess I'll say annoying or distasteful when it's exploitation of rubes for business interests.

But when it's a major source of funding for a state or nation it has the effect of a regressive tax. I think that goes further, making it actual bad public policy.

Of course, this is just one guy's opinion. You're free to use it if you like, but you're also free to make your own. The world's big enough for lots of different opinions.

Clive RobinsonAugust 10, 2017 2:31 PM

@ Bear,

But when it's a major source of funding for a state or nation it has the effect of a regressive tax. I think that goes further, making it actual bad public policy.

I agree, the state should not be involved with what is in effect selling an addiction.

However on the assumption people will gamble irrespective of the harm it does to them or their loved ones there is then the question of harm to the rest of society.

The US had an experiment in prohibition some time ago and it was not a success, in fact it is very clear it caused a lot more harm than it did good across the board. Subsequently we have had "The War on drugs" which has caused as least as much if not more damage to society not just of the US but many other countries. Rather more so than other countries where drugs have not been used for a faux moral crusade.

If people are going to stupidly throw money away, even though I wish they would not. I would rather it went to where it had a chance to do some social good as an addition to taxation. Not where it will cause further harm to society via organised crime.

moopsAugust 12, 2017 4:28 PM


Since the user has to physically interact with a slot machine you have a pretty good source of random number generation. Accelerometers in the buttons, time between button presses.

In the old days you would have had even more good sources: timing the coin drop in the slot, weight distribution in the coin holder, velocity profile of the machine arm.

but really, TRNG hardware is not that expensive relative to a whole slot machine. $25 will get you plenty of true hardware random bits to combine with a PRNG.

Win/Loss is an algorithm to stick on top of a properly built RNG.

I'm guessing the social factors to maintain addictive gambling habits is where the designs are compromised. Writing a house-biased but unpredictable slot machine is not hard, you can give it as homework at the college-level as long as you have a TRNG in hand. The only thing you should be able to predict is that the house eventually comes out ahead. Once you have to alter this game to have the optimal "flow", in the lingo of slot machine design, then I would guess you have broken the randomness too much. Any alteration beyond the classic Skinner Box and you are likely creating the correct context for game hacking.


Clive RobinsonAugust 12, 2017 8:11 PM

@ moops,

The only thing you should be able to predict is that the house eventually comes out ahead.

Not quite, the primary requirment at any point in time with gambling machines is that they "are and remain ahead" not that they will be ahead at some future point in time.

That is they must never make a payout if they do not have the money to pay out as well as the running cost and house mark up. It's why if you have a win you should walk away, as there will not be a payout untill the machine is sufficiently ahead again.

Maintaining this position with the old "mechanical computers" was actually the significant part of the complexity, as they also had to stick to the gaming legislation on payouts as well.

It's this payout/no-payout aspect of the system you are actually "gaming" not the preceding basic "win/lose mapping" or the "RNG" that drives it.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.