Hacking Slot Machines by Reverse-Engineering the Random Number Generators

Interesting story:

The venture is built on Alex’s talent for reverse engineering the algorithms—known as pseudorandom number generators, or PRNGs—that govern how slot machine games behave. Armed with this knowledge, he can predict when certain games are likeliest to spit out money­insight that he shares with a legion of field agents who do the organization’s grunt work.

These agents roam casinos from Poland to Macau to Peru in search of slots whose PRNGs have been deciphered by Alex. They use phones to record video of a vulnerable machine in action, then transmit the footage to an office in St. Petersburg. There, Alex and his assistants analyze the video to determine when the games’ odds will briefly tilt against the house. They then send timing data to a custom app on an agent’s phone; this data causes the phones to vibrate a split second before the agent should press the “Spin” button. By using these cues to beat slots in multiple casinos, a four-person team can earn more than $250,000 a week.

It’s an interesting article; I have no idea how much of it is true.

The sad part is that the slot-machine vulnerability is so easy to fix. Although the article says that “writing such algorithms requires tremendous mathematical skill,” it’s really only true that designing the algorithms requires that skill. Using any secure encryption algorithm or hash function as a PRNG is trivially easy. And there’s no reason why the system can’t be designed with a real RNG. There is some randomness in the system somewhere, and it can be added into the mix as well. The programmers can use a well-designed algorithm, like my own Fortuna, but even something less well-thought-out is likely to foil this attack.

Tags: , , ,

Posted on August 7, 2017 at 6:00 AM43 Comments

Comments

Kai August 7, 2017 6:35 AM

I’m just wildly speculating here, but I would imagine that the PRNG algorithms in use are very heavily vetted to ensure that they are random enough, but also predictable enough that the machine is going to pay out at a very precisely determined rate. It’s likely that this engineered imbalance in the algorithm is also what leads to the weakness that’s being exploited.

True randomness could have the machine paying out at above it’s stated range – the companies making these machines and the companies deploying them don’t want them to be properly random, they want it to be very predictable and in their favour.

Yash Shrivastava August 7, 2017 6:45 AM

One reason i can think of not using a TRNG is that, it won’t allow the casinos to earn profit. The current algorithms are designed so that the casinos always end up earning profit (in long term).

Andrew August 7, 2017 6:50 AM

Microsoft and a lot of other free libraries and SDKs used simple linear congruential generators for many years, even in cryptography. Not to mention that some of them might have been backdoored.
Developers had no idea about strong random generators algorithms and used default rand() functions provided by such libraries in all kind of applications, gambling included. I have personally seen such an implementation.
I bet that a lot of developers today have no idea that numbers generated with a lcng repeat after a while.

Kai August 7, 2017 6:52 AM

@Lagod – the linked article is a follow on from the previous article

…My own dialogue with Alex began in February of this year, after he read a story I’d written about his agents’ exploits in the US. (“I keep an eye on what becomes public regarding my business,” he explained via email.) His name had already come up twice in the course of my reporting—once from someone close to the fraud investigation in the Eastern District of Missouri and once in conversation with Willy Allison, a casino security consultant who has been tracking the St. Petersburg organization for years.

bickerdyke August 7, 2017 6:57 AM

TRNG or PRNG don’t have a direct influence on the odds of earning profits. (as long as they are not fixed themselves)

A TRNG that comes with a real random string of numbers between 1 and 100 will still make sure that the house wins – if the rules say that the player wins if the number is between 70 and 100. And THAT is how the advantage of the house is created.

My guess is that PRNG have to be used for regulatory reasons as they are easier to check by the authorities.

225 August 7, 2017 7:21 AM

Having a failure of a PRNG in a one armed bandit allows for even better money laundering, this could be where some of the 100 dollar bills come from that feed the commonwealth banks smart ATMs, that then send the money overseas without any audit.

This article reads like someone is trying to exploit the PRNG, and also extort the company at the same time.

ab praeceptis August 7, 2017 7:55 AM

Kai

You are right.

Actually the story is pretty much a non story as of course those “prngs” are badly tainted. There have also been other cases where attackers didn’t just have a quite good guess but actually knew almost exactly when the next round would win, due to really bad pseudo random which was basically a cycle of some hundred elements and the “random” only changed the order slightly.

Maybe worth mentioning: It’s not just for the evil casinos that the machines are badly tainted. At least in some countries it’s also the state demanding it, usually to close down opportunities for money laundering and similar reasons. I know of at least 1 case/country where (at least officially) the reason is to make sure that the customers have a fair chance to win.

SL August 7, 2017 8:24 AM

If there’s requirement for win ratio, and PRNG is bad. I would use it fill fixed roll sequence instead of using independent time based results from it. Allocate slot of 100 rolls, place in 30 small wins and 10 medium and one big. This will guarantee that win ratio will be fixed on next 100 rolls to come. Remaining 59 rolls will lose. Even if the PRNG is total disaster, the win ratio won’t change. If there’s possibility to set “bid” then just consume several slots at once and if required, make pre-allocated the batch larger. You can still ‘cheat’ but it’s much harder, and house won’t be the loser.

Humdee August 7, 2017 9:54 AM

What Kai said. Casinos need to vet the payout. There is an old saying in the casino industry that if something is unlikely to be true it is untrue. If the odds were truly random there would be no way to vet the results because there would be no way to verify the payouts. In this sense a slot machine is different than a public lottery. A public lottery only cares if the results are truly random because the lottery can never pay out more than what was put in. But the casino can pay out more than what was put in, and thereby go bankrupt, if the payouts aren’t managed properly.

This leads to an interesting question. Should the casinos actually care that their slots are being gamed? Only if it costs them profit. Otherwise they should be indifferent to whole the pool of winners and losers is among their customers.

Eider August 7, 2017 10:12 AM

Many sweepstakes add a trivial steps so they can claim to be “games of skill” rather than “games of chance”. This is to sidestep anti gambling laws. Here we have the gamblers turning a “game of chance” into a “game of skill” and we’re supposed to care.

Apparently it’s only wrong if you don’t own the lawmakers and judges.

MikeA August 7, 2017 10:34 AM

When I were a lad, the RNG in a slot machine looked a lot like the mechanism you can see at about 1:08 in the video https://www.youtube.com/watch?v=b81VafxxcHo — The “Puskin Automaton”, sort of the logical descendant of Christopher Strachey’s Poetry program ( https://en.wikipedia.org/wiki/Strachey_Love_Letter_algorithm ) and the Jaquet Droz Writer automaton ( https://www.youtube.com/watch?v=bY_wfKVjuJM ).

Anyway, back in the day there were several people who claimed (or were claimed) to be skilled at “feeling” the state of these mechanical RNGs, although in many cases they were found to be relying more on small holes drilled in the front of the machine (with a palm-held drill, or by an accomplice in the casino’s employ), through which they could insert a stiff wire to “bias the odds”.

V August 7, 2017 12:29 PM

@SL

Allocate slot of 100 rolls, place in 30 small wins and 10 medium and one big. This will guarantee that win ratio will be fixed on next 100 rolls to come. Remaining 59 rolls will lose.

You’ve just added a vulnerability to the machine. If it’s possible to reverse engineer when the block of 100 rolls starts you can watch and count as rubes play the machine. If a rube gives up on the machine when there are – say – 20 pulls left in the block of 100 and the big win hasn’t come up, take over and play until it does.

The casino still makes its profit; this scheme gives non-counters slightly worse odds and the counter slightly better odds.

Fred P August 7, 2017 1:35 PM

@Kai
“I’m just wildly speculating here, but I would imagine that the PRNG algorithms in use are very heavily vetted to ensure that they are random enough…”

  • I worked for about 5 years in the gambling industry writing code for slot-type machines for state entities. I can say that when I was working there, our machines had their PRNGs (code and output) checked by either the regulator itself, or by a company hired to do that task. The main company we dealt with (GLI – link above) used a variety of statistical tests and would look for known defects in PRNGs. One of the incidents I dealt with was that we were poorly seeding our PRNG and we weren’t adding enough bits of randomness frequently enough, which under certain circumstances could make the numbers perfectly, easily predictable. In response, we killed that release, and improved both significantly.

While I cannot guarantee that the wider (less-regulated) slot industry were careful about their PRNGs, the major actors appeared to be. In other words, it was the game design, not the PRNG that determined how swingy the wins were (barring code defects). I can tell you from the data I had that there were weeks where some of our most popular games lost money (due to large progressive payouts occurring on those weeks). When averaged over a year, though, those numbers looked very close to what you’d expect from the payout table.

I cannot speak to grey market machines; the times when they actually got to a regulator, they rarely even passed the initial “will this behave well when shocked with electricity” tests. It’s possible that their PRNGs were also bad, or even favored certain results.

Fred P August 7, 2017 2:03 PM

Comments on the article:

“Writing such algorithms requires tremendous mathematical skill…” – writing the original may. The reality for people writing code for slot machines is that we use one of the small number of approved algorithms. If we don’t, we’re unlikely to get it past the regulators.

“Equipped with Alex’s information and software, both obtained online for free, anyone with a smartphone will be able to turn a vulnerable slot machine into a gaudily decorated ATM” – this is silly. The response to a broken game is to shut it down. Even when the casino/lottery doesn’t know why, they’ll shut it down within a few days or less just because the payouts seem unusually high. For most casinos, that would just mean more play on other machines (ones that aren’t broken). In a case like he’s describing, I suspect that nearly the entire industry would be aware within a few hours.

While I can’t comment on if Alex reverse engineered the PRNG, I’ll note that when I was working for a slot machine company, that was one of our biggest fears. Even though the resources needed to reverse engineer against it seemed implausible (at the time), we attempted to guard against this, urged on by our customers and regulators. I have no reason to think that most or all of our competitors didn’t have this in mind. The easiest way to guard against this is to increase the injection of entropy (ideally, it should be greater than or equal to the information leakage).

Fred P August 7, 2017 2:24 PM

@SL – “I would use it fill fixed roll sequence” – that’s a different kind of game – it’s pretty much how scratch-off lotteries work. As PRNG implementations tend to be decoupled from the games (Why? because your game isn’t on every machine you sell, but your PRNG is), it wouldn’t make much sense for the larger slot machine companies. Also, as a game design note, a 1% chance of a big win would be far higher (and likely result in far lower play) than any game we implemented; I don’t recall any of our competitors using anything close to a 1% chance of a high win, either. My recollection is that one of our most popular games was a 10 of 10 keno. The top prize was something like a 1 in 8,911,711 event. We also had slot games with similar odds for the top prize.

@Humdee “If the odds were truly random there would be no way to vet the results because there would be no way to verify the payouts.” – at least in the jurisdictions where we worked, the ability to verify recent payouts was a requirement tested both by the regulator (or the company they hired) and the end client (in one case these were the same legal entity). In theory, you needed a physical key to access that feature, among several others (none of which could impact the payout amounts or the payout percentage). That said, other than in a dispute situation, the casino/lottery doesn’t care about the individual pays – they care about he collective ones, over a day, a week, a month, or even a year. If a 92% payout game is paying out at, say, 101% (with a large umber of plays) over a week, they’re going to ask why. If it keeps doing so, or no good explanation comes up, they’ll shut that game down.

Clive Robinson August 7, 2017 2:32 PM

@ kai,

I would imagine that the PRNG algorithms in use are very heavily vetted to ensure that they are random enough, but also predictable enough that the machine is going to pay out at a very precisely determined rate.

Err no, you are over assuming.

Just assume the RNG is infact a TRNG and realy does provide a not just truly random output but one that is unbiased as well. Thus it has a flat distribution nomatter what test you throw at it.

Let us assume it chucks out a 10bit unsigned int, but you want it to only give a range between 10 and 990 and still be both truly random and unbiased. All you have to do is throw away any numbers outside the required range. Thus nothing clever. The potential downside is it generates a long sequence of out of range numbers thus it takes an uncertain length of time to output an inrange number.

Thus you have the TRNG running without modification followed by your range filter. There is no reason why the range can not be changed at any time, it does not effect the randomness of the numbers in the chosen range.

You can thus change the range to effect the size of payout to ensure you meet the payout requirments.

Bear August 7, 2017 2:58 PM

I have encountered stupid security many times, specifically in gambling systems, that made errors which would be unthinkable in other computer security regimes.

You can do a back-of-the-envelope calculation and discover that there are 240 bits of information in a shuffled deck of cards. Guess what size seed a random number generator used for shuffling cards is usually initialized with? Guess what size state it has? Did you guess less than 256 bits? Did you guess a lot less? I’ve encountered 32, more than once. Meaning that if you can see seven cards you know the sequence of the entire deck.

The more teams like Alex’s make these mistakes expensive, the more they’re getting fixed. But in the gambling industry, it seems that the ratio of expense incurred to fixes implemented is much higher than seen anywhere else. Casinos literally spend years losing millions of dollars before anybody updates a product, whether software or hardware, to fix even the simplest problems. I don’t know whether the issue is a smaller, more specialized market where the same level of expense to justify some effort has a smaller number of victims to get spread over, or a failure of expertise to cross over from other venues, or simply a cultural question of how security is valued. But there is really a serious problem with security in gambling systems.

And yes, a better RNG would be dead simple to implement from a computer security perspective. But, until the expense mounts high enough, across enough casinos, to justify the replacement of every last slot with a slot where the RNG is actually better, casinos will continue to make more money by having the vulnerable slots on the floor accepting money from the millions of people who aren’t Alex’s team, than they lose to Alex’s team. The fix is a matter of how efficiently they win, not a matter of whether they’re winning or losing.

John Smith August 7, 2017 5:56 PM

I think everyone is missing the point. Slot machine payouts are not designed to be random.

They are designed to be addictive. Use your google-fu on “intermittent reinforcement”.

The idea is to pay out just enough, and just often enough, to keep the player at the machine – the longer the better for casino profits.

Those occasional payouts give the gambler a nice but too-brief spike in dopamine. Just the thing to foster an addiction. The susceptible gambler wants more … and more … and chases a dopamine-mediated high with more and more losses.

The payouts are deliberately non-random in order to milk the gambling herd. A truly random payout would result in less addictive behavior and lower profits.

But because the payouts are non-random, they are exploitable in theory. A slot machine gang could try to hack the algorithm responsible for the intermittent, addictive reinforcement, by trying to predict when the machine is due to reinforce the player.

This has little to do with the design of any underlying RNG in the slot machine h/w or s/w.

Clive Robinson August 7, 2017 6:30 PM

@ John Smith,

I think everyone is missing the point. Slot machine payouts are not designed to be random.

I don’t think every one is, but there is a second point some are missing,

If you exploit the payout sequence of PRNG rather than change the PRNG sequence to make more payouts the Casino is not realy going to notice.

That is when exploiting the sequence, you are not changing the behaviour of the machine, therefor from that point of view the payout behaviour is as the casino expects.

It’s a bit like knowing which scratch card to buy. The retailer does not see any change in payouts over all, all that happens is you get all the winers whilst other players get all the losers.

Fredric L. Rice August 7, 2017 6:54 PM

Slot machines and other casino devices are NOT random nor even pseudo random, their numbers generators are specifically designed to rook money from the rubes, marks, and suckers such that a pre-determined percentage of the money that the marks insert in to the machines goes toward the House, and gambling oversight agencies set upper limits on the percentage that gambling houses take from the marks.

The pseudo-random numbers for such machines determine the output display which the marks see, they do NOT determine when the machine will pay out, not over time, that’s hard-set in the devices.

Decades ago I lived in Blue Diamond, a township outside of North Las Vegas, and all of the locals laughed at the tourists who think they’re gambling when in reality all they’re doing is handing over a percentage of their money to organized crime.

Fred P August 7, 2017 7:41 PM

@john Smith-

“Slot machine payouts are not designed to be random.

They are designed to be addictive.”

  • We were trying for both. That said, they’re two separate problems. The first is implementing a PRNG well. The second is game design.

@Fredric L. Rice-

Well, yes – from the casino’s perspective, they’re getting x% of every dollar on average, which (with enough plays) tends to come out nearly exactly. That said, from the perspective of an individual player playing a small number of games, it appears random.

That said, back when I worked on slot machines, we had a test bed of 32 slot machines, which we had set up to automatically hit the correct buttons. We’d put in hundreds or thousands of “dollars” into them and let them rip. With rare exceptions, they’d all be out of money in a few hours. New people would be excited to do this at first with the “money” they “won”… but within a few hours, when they had to re-fill some machines multiple times, that stopped.

@Bear ” I’ve encountered 32, more than once.” excellent point. I think this was very common, roughly 20 years ago in VLTs (I can’t recall if ours was 32 or 64 bit. I think it was less than enough for a full deck to be correctly randomized). That said, the standard was also to re-shuffle between hands, which limited the direct value of this information, assuming that enough entropy was added between shuffles.

Wael August 8, 2017 2:15 AM

I have no idea how much of it is true.

I don’t believe it. Casinos have more security than the pentagon. What’s more likely is an ex-employee who deliberately introduced a subtle weakness, and made some extra money on the side.

Wael August 8, 2017 2:26 AM

@Fredric L. Rice,

tourists who think they’re gambling when in reality all they’re doing is handing over a percentage of their money to organized crime.

Excellent description! Casinos in a nutshell. I’ll add that casinos do not gamble! They fix the outcome.

But this is still my favorite clever “hack”.

paige August 8, 2017 6:47 AM

he ended the email with proof of his technical prowess: a mathematical breakdown of the supposedly secret PRNG that powers Aristocrat games

That’s a red flag. “Supposedly secret”? That PRNG is in every machine shipped, and might be known to various regulators already; the manufacturer has little excuse for depending on its secrecy. If some jurisdictions require a weak PRNG, they could build a separate version for each, or skip them entirely if the risk is too high.

I’d have been more impressed if they managed to do this without using an electronic device in the casino. Casinos have paid good money to make that illegal but couldn’t have done anything if the hackers used pen and paper. And avoided the extortion of course.

TM August 8, 2017 7:33 AM

If there really were a clever hacker out there who knew how to make millions from cheating casinos, how likely would it be for him to give away his trade secrets to an internet magazine?

And how likely is that casinos wouldn’t notice/wouldn’t care?

Frank Wilhoit August 8, 2017 7:57 AM

John Scarne has a story of the exact analog counterpart of this attack, as applied to mechanical slots in 1946. Scarne’s Complete Guide to Gambling, pp. 405ff.

albert August 8, 2017 12:50 PM

@John Smith, etc.

See Professor Natasha Dow-Schüll, author of “Addiction by Design: Machine Gambling in Las Vegas”*, interviewed by Chris Hedges.

Fascinating stuff.

*It’s a (gasp!) academic study, but a good one.
. .. . .. — ….

Fred P August 8, 2017 1:03 PM

@paige – I’d assume that the regulators (or their agents) are intimately familiar with their PRNGs. They had all our source code, and if they had any questions, we’d take the time to explain every bit of it. I do not think it would have been difficult for a regulator, a customer, or a competitor to get access to our PRNG (besides the dozen or so people that were working/ had worked for our company with access to that code); we assumed that any competent attacker could either get or derive the algorithm.

cg August 8, 2017 1:52 PM

Any casino from here to Las Vegas:

They have a “security” team on catwalks above the smoked glass ceiling, observing every hand of cards at the table, and praying to the devil for the house to win.

John August 8, 2017 1:57 PM

@Bear, I’m a tad curious as to the envelope you used, I’m seeing about 225.6 bits of information in a shuffled deck of cards, not about 240 and yes, a lot of PRNG implementations are absolutely terrible with entirely too little state being retained.

And as many people have already stated, from the point of view of the Casino’s it really doesn’t matter how good or bad the PRNG really is. They make the same amount of money regardless. What a poor implementation means (and only if an exploit of it gets publicly know) is that the players will consider it “unfair”. Yes, the vast majority of the players know that odds are against them and that over time they’ll lose money. But there’s that “chance” that they’ll win and that’s why they’re playing. And it’s acceptable to them since everyone has the same change of winning or losing. But if someone has special knowledge so that they know in advance how to significantly increase their odds of winning at the expense of those who don’t know, then it’s no longer “fair” and they’re going to complain quite loudly. And from the point of view of the Casinos is that if the players are upset enough, they’ll stop playing, which is unacceptable.

Bear August 8, 2017 10:32 PM

That’s the figure for a 52-card deck.

A 54-card deck (ie, including jokers) gives you just slightly over 237. I rounded up to 240.

But whatever the number is, we can agree that a 32-bit RNG seed is too small.

Jarda August 9, 2017 3:53 PM

Interesting. So far I’ve heard about machines being hacked by modyfiing the single chip computer in order to decrease the win rate, so that the owner can pocket the difference and pay no taxes from it. Anyway, I find it incredible that today there are still people playing slot machines.

Bear August 10, 2017 11:55 AM

People are still playing slots, because God never came out with a hot patch fixing all the bug reports I filed on our brain firmware. But I’ve about given up. It’s hardly worth praying, if He never makes any updates to his code.

Sadly, it’s an expense attached to an addictive behavior – compulsion, poor judgment, innumeracy, improper dopamine response, whatever combination of the above. The problem with that, IMO, is that that places it, most probably and usually, on those least able to afford it.

This is … I dunno, I guess I’ll say annoying or distasteful when it’s exploitation of rubes for business interests.

But when it’s a major source of funding for a state or nation it has the effect of a regressive tax. I think that goes further, making it actual bad public policy.

Of course, this is just one guy’s opinion. You’re free to use it if you like, but you’re also free to make your own. The world’s big enough for lots of different opinions.

Clive Robinson August 10, 2017 2:31 PM

@ Bear,

But when it’s a major source of funding for a state or nation it has the effect of a regressive tax. I think that goes further, making it actual bad public policy.

I agree, the state should not be involved with what is in effect selling an addiction.

However on the assumption people will gamble irrespective of the harm it does to them or their loved ones there is then the question of harm to the rest of society.

The US had an experiment in prohibition some time ago and it was not a success, in fact it is very clear it caused a lot more harm than it did good across the board. Subsequently we have had “The War on drugs” which has caused as least as much if not more damage to society not just of the US but many other countries. Rather more so than other countries where drugs have not been used for a faux moral crusade.

If people are going to stupidly throw money away, even though I wish they would not. I would rather it went to where it had a chance to do some social good as an addition to taxation. Not where it will cause further harm to society via organised crime.

moops August 12, 2017 4:28 PM

Since the user has to physically interact with a slot machine you have a pretty good source of random number generation. Accelerometers in the buttons, time between button presses.

In the old days you would have had even more good sources: timing the coin drop in the slot, weight distribution in the coin holder, velocity profile of the machine arm.

but really, TRNG hardware is not that expensive relative to a whole slot machine. $25 will get you plenty of true hardware random bits to combine with a PRNG.

Win/Loss is an algorithm to stick on top of a properly built RNG.

I’m guessing the social factors to maintain addictive gambling habits is where the designs are compromised. Writing a house-biased but unpredictable slot machine is not hard, you can give it as homework at the college-level as long as you have a TRNG in hand. The only thing you should be able to predict is that the house eventually comes out ahead. Once you have to alter this game to have the optimal “flow”, in the lingo of slot machine design, then I would guess you have broken the randomness too much. Any alteration beyond the classic Skinner Box and you are likely creating the correct context for game hacking.

Clive Robinson August 12, 2017 8:11 PM

@ moops,

The only thing you should be able to predict is that the house eventually comes out ahead.

Not quite, the primary requirment at any point in time with gambling machines is that they “are and remain ahead” not that they will be ahead at some future point in time.

That is they must never make a payout if they do not have the money to pay out as well as the running cost and house mark up. It’s why if you have a win you should walk away, as there will not be a payout untill the machine is sufficiently ahead again.

Maintaining this position with the old “mechanical computers” was actually the significant part of the complexity, as they also had to stick to the gaming legislation on payouts as well.

It’s this payout/no-payout aspect of the system you are actually “gaming” not the preceding basic “win/lose mapping” or the “RNG” that drives it.

Dmitry August 23, 2017 7:55 AM

I don’t understand why all slot machines do not use cryptographically secure pseudo-random number generators. Apparently many developers did not care much about security of their PRNGs.

As to Alex, it seems to me his only talent is to identify slot machines that use with a weak PRNG (most likely by reverse-engineering software of those machines). It certainly takes time and efforts to reverse-engineering software, but that does not require any outstanding mathematical talent. I suspect he may run out of easy targets soon, so he is looking for some “consulting fees” now.

Rick October 8, 2017 8:23 PM

Here’s a question from a newbie:

If the PRNG is weak, like that of the older Aristocrat machines, is it reasonable to assume that the casino’s supervisory control system (supposedly isolated from the slot’s PRNG) knows the PRNG sequence, knows exactly when the PRNG was initialized (to the microsecond) and knows exactly when the PRNG is supposed to spit out that winning random number?

I know that a player doesn’t have the information, but a casino’s supervisory control system could easily add an analog voltage to gate the slot’s push button start (not necessarily isolated from supervisory control system), to match or avoid the exact time corresponding to a winning random number. After all, the duration of mechanically pushing the button probably corresponds to several hundred different random numbers.

Is this scenario possible?

This act involves analog processing and should not require software, which can be detected by examining slot machine memory locations.

Why would casinos do this, since in the long run, the hold percentage must match that programmed into that particular slot? By directing winning combinations to new players, they can be encouraged to continue gambling, thereby, developing new slot machine enthusiasts. Winnings could also be directed to players who have a history of playing back their winnings, as opposed to pocketing them. Losers, who chase their losses, could lose faster, and presumably bet more to catch up.

That’s why the casinos push their player’s cards. To know your exact betting habits. It makes more sense, if winning & losing probabilities can be adjusted accordingly.

Is it possible? I think it is.

Aaron Toponce January 8, 2018 12:02 PM

Fast-key-erasure is trivially easy to implement. Even though you don’t need forward secrecy for a gaming machine, it doesn’t hurt, and the algorithm is a simple design, and more than sufficient for random numbers in gambling. Even Fortuna is complex in comparison.

With nonvolatile storage, the casino manufacture only need initially seed the RNG from some external source. On boot, it reads the seed, and goes. On shutdown, save the seed to disk for the next boot read.

It’s amazing how simple this is, and yet very rarely implemented.

mike November 10, 2018 12:16 PM

Really quick which i hope this doesnt come back to haunt me…

all casinos use a backend program called slotmaster to tighten the machine on the fly while a player is playing, .. i had it done to me where it simply wouldn’t pay out despite having inside info on the total needed to cause it too as determined by the tech who serviced it and had the reports. ironically after i left someone put in 3000.00 more and hit the jackpot of 800k which i had supplied, they are all dishonest mediums manipulated by the execs, then i got 1099 for 10million which is fraudulent as they conspired and plotted this action to embezzle funds.. i am still trying to get this taken to court which i hope happens

. its not the putz patrons who are fooled by the machines, but rather the career con men and techniques which these snake oil salesmen silver-tongued bastards have a lifetime to perfect and if that doesn’t get you then the back end changes in slot behavior which everyone says is not possible.. will.. while i was taken advantage of and targeted during a time of loss as i had a family member pass away and wanted to just disconnect for a weekend, (never been to a casino before) there should of been a duty of care enacted which enough of the staff were pissed at the management to where they have given statements to the effect of the illicit dishonest objectives done to fleece me…. i will stop there with this story….

ps if you think they pay out 85% or anything which is mandated or regulated in a honest manner, then stop drinking the kool aid… casino industry should only reside in vegas atleast there are parton rights and an oversight body to complain too

Mikael Eriksson (dr. Slots) January 2, 2022 8:29 PM

Hello all random(?) people 🙂

First of all I would like to mention that the type of RNG being used regarding video slots, the software/server controlled ones can be of any type and it wouldn’t matter at all regarding what a slot game player are allowed or able to win. You can use atmospheric noise as the seed, it doesn’t matter one tiny bit. You could actually remove the code for the PRNG and still the player would only win what the server allow that player to win at that certain time, for that spin.

And so there is a reason for this, and it is all about control that the casino demands because of the so important economics. With this control in place, the randomness is dead regarding what any player is allowed to win. The PRNG is there to make it all seem random, and to create outcomes that looks random so it’s a fun game to play. Who would want to play a slot game with only still images, because I wouldn’t.

The short story is that I am a programmer and with a lot of interest for the slots (fruit machines etc), so of course I’ve developed my own software to be used to gather data for real slots game play, and the results are scary. From this data I’ve created several graphical, statistical charts, and these charts show that the RNG (PRNG actually) has nothing to do with what a slot player are able to win.

And so the reverse engineering mentioned has actually nothing to do with the algorithms of the PRNG or the SEED, but it has to do with patterns in the outcomes and the day, date and time. This is all a matter of timing, and this is because the need for control the casinos must have. The problem is they now have 100% control, and so this is why it looks like the PRNG doesn’t exist at all in my real gameplay data, the graphical charts. This I found out many years ago.

What the casinos and slot game developers doesn’t understand is that the only thing that can protect the slots from real hacking is the PRNG, but the PRNG will also take away the control for the casinos meaning both the casinos and the players would gamble, for real that is and on the same terms. THIS is exactly why there isn’t a “quick fix” for this kind of reverse engineering. Think about it. With a fully functioning PRNG they wouldn’t have to worry about reverse engineering, because you cannot reverse engineer a correctly functioning RNG, because the results would never be the same if a good seed is being used. You couldn’t replicate the results from the reverse engineering that is. BUT my charts show nearly the same results almost every time…. So much to explain, so much to write… so…

There will probably be a lot of questions for me here, so it is easier for you guys to see for your self, and read more about me and my work.

Here’s where you’ll find my web site: https://drslots.net

Before answering, please have a look at the graphical charts and what I’ve written about all this, but I also have a whole book regarding all around randomness, the so called “slot experts”, how the fool so many gamblers/players…

Kind regards
Mikael (dr. Slots)

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.