[–]▶ No.935088>>935090 >>935183 >>936124 >>936184 >>943335 [Watch Thread][Show All Posts]
Why has nobody actually been able to crack these things yet? I imagine the supply chains are kept under tight security but you'd think some specs or a working unit would've leaked to the black market by now.
We know these things use a pseudo-RNG, possibly a dedicated hardware one, that's configured on-site for general settings like payout periods. A payout period is unlocked after a machine loses a set number of times to then become a fair game not guaranteed to lose. That way the house always wins. But the actual logic or math behind determining a payout period is still mostly unknown. We don't even know the exact nature of the software these run. Perhaps a completely custom firmware or maybe even an off-the-shelf spin of Windows Embedded or an embedded Linux distro or even something more like TRON or VxWorks. Has there been any case in history where one of these was ever reverse-engineered? If so I would move to read up on it
▶ No.935090
>>935088 (OP)
They probably murder the people who build these and anyone who tries to crack them.
▶ No.935092
https://www.schneier.com/blog/archives/2017/08/hacking_slot_ma.html
There was a story awhile back where a man from Russia made millions by sending agents to various casinos to record slot machines where he was able to determine which ones had particular RNG algorithms that he had cracked. But not only is the legitimacy of the story disputed, we still don't know the true nature of these things. This man needed to hire agents to observe the machines and transmit it back to him. No actual reverse engineering has been done.
▶ No.935097
http://archive.is/UnRQy
I did happen to come accross an AMA on Reddit about a slot machine engineer. Obviously he can't say much because its fucking Reddit but there is some interesting insight. Like that the RNG/Payout algorithms are ran on a central server and the RNG algorithms are actually ran through a simulator to ensure a minimum level of randomness and payout period before they're even approved by the gaming commissions for use and sale.
▶ No.935113>>935114 >>935153 >>935157
They have been cracked several times. Those sweepstakes machines that have popped up everywhere are easy to exploit. If a bunch of roaming niggers can do it with smartphones anyone can. They have been screwing with so many machines locally they've managed to have multiple places shut down.
I own a slot machine and the pattern it uses is simple. I can tell you within 10 plays when it will hit a jackpot. All of them are simple and easy to predict like this. Vegas gets around the problem by constantly moving machines around the floor and asking anyone that figures out the pattern on one to leave. The house always wins because the games are rigged from the state.
▶ No.935114>>935333
>>935113
>I own a slot machine and the pattern it uses is simple. I can tell you within 10 plays when it will hit a jackpot.
Forgot to say if y'all are interested in how it works I'm willing to post pictures and the manual. I'm pretty sure such things are easy to find. Mine is technically illegal to own in my state because I converted back over to real money.
▶ No.935115
You used to be able to use a spark generator on the case of some of them to get them to pay out, but they test all the new ones against that.
▶ No.935141
They're networked these days. Just a front-end to a server that decides if you win or lose like a lottery.
▶ No.935147>>935153 >>935181 >>936058
Niggers don't understand what a random number is.
https://www.nist.gov/programs-projects/nist-randomness-beacon
Slot machines will never use real random numbers, as long as the slot machine makers are making money from their slot machines.
▶ No.935153
>>935147
That's why the OP specifically said pseudo-RNG
>>935113
Those sweepstakes machines aren't particularly hard to find. OP is talking about the serious Vegas slots
▶ No.935157>>935158 >>935216
>>935113
>I own a slot machine and the pattern it uses is simple. I can tell you within 10 plays when it will hit a jackpot.
Are you able to win at casino slots from this skill? Assuming you can win a jackpot before you get kicked out.
▶ No.935158>>935180 >>935216
>>935157
He's LARPing nigger ignore him. He probably owns an old mechanical slot machine which is cool but useless. Modern slot machines are networked to a central server
▶ No.935175
I have a relative who worked at various high-end casinos in Turkey as an electrical engineer in the early 80s, graveyard shifts mostly.
He told me stories of how he would rig the machines to give payouts each night. He, the waitresses, the armed guards and the other two dudes on his team were all in on it, each using their position to make sure nothing suspicious catches unwanted attention. I think he said they'd take about a thousand each, but the casino made so much money it wasn't even noticeable. However he did manage to buy a house with the money.
Anyway, back then it was a matter of cutting and splicing wires together and turning mechanical counters and such. He mentioned that in this day and age it would be impossible to do what he did back then.
▶ No.935180>>935334
>>935158
<Modern slot machines are networked to a central server
>be slot machine user
>remotely hack place with central server for slot machine via specter and insert insecure web front end here as vector
>reverse engineer slot machine functions since pajeet programmed them in mySQL
>give occasional wins via PRNG adjustment and delete all logs of the changes made
>if place is kiked enough to keep paper logs then make the paper logs and the electronic logs match to not report as many wins as not to trip alarm
>???
>profit
Sounds even easier and less skilled then mechanical slots, as you can do all that from the comfort of your computer at any internet accessable location from copy+pasted code. Central servers for a slot machine being like a dumb terminal is literally stupid as fuck. If you were going to design a more secure and RNG slot place a fucking isotope generator within each slot machine and fucking build it like a faraday cage that is impossible to work on or plug anything into with mechanical key locks and not electronic ones. FFS casinos must be stupider kikes then the banks if what anon said is true about a central server.
▶ No.935181
>>935147
So this is the power of quantum computing
▶ No.935183>>935197
>>935088 (OP)
I used to work at a chain of casinos in vegas. Not fixing slot machines but as desktop support for back of the house and restaurants/retail.
The guys that fix the slot machines are slot technicians and are basically electrical engineers. They never actually deal with the software on the machines. The vendors usually come out to service them.
Most machines are usually controlled by a central server or groups of servers. They are locked in the server room that only the vendor has access to in a locked rack. I only know that because our server room got flooded once and it took down the slot floor servers. We had no way of rescuing the servers as nobody had the key to remove them. Company had to fly a guy out from arizona to replace the servers.
I have seen a few at some casinos boot up to a Red Hat linux distro but didn't get too much info, as it goes through the system check and boots up to a blank screen after that.
▶ No.935197>>935202 >>935493
>>935183
>(((red hat))) linux
>with potteringware
Wew, the state of casino security. Atleast they aren't using windows. Also fuck the disabling of file uploads as I had a perfect webm for this moment.
>the vendor has access to in a locked rack
No you mean anyone with access to the casino's internal network has access to said server electronically thanks to specter like vulnerabilities. No I don't care if they airgapped it, you can jump the gaps ala stuxnet.
▶ No.935202>>935204 >>935507
>>935197
Oh yes, forgot to mention, the servers and slot machines are on a separate network isolated from the corporate network or any external network for that matter.
ATM machines are also on a separate network.
▶ No.935204>>935222
>>935202
>what is stuxnet
>what is airgaps being useless
Don't call it a grave, its the future you chose.
▶ No.935216>>935219 >>935231
>>935158
I'm not LARPing I own several arcade machines, pinball tables, and this slot machine. I like to tinker on the stuff and keep it running. My machine is a bit older I'll admit. It is one of the small computerized ones that were common in Asian casinos.
I'm sure they've put it on a central server now because modern arcades are the same way. That doesn't make much difference because they're still using the same type of software it's just not sitting on the floor. It can still be defeated.
>>935157
>Are you able to win at casino slots from this skill?
I don't play them and it isn't a "skill". Slot machines are not really random and by law have to pay out after so many plays. I can program the machine to payout when I want to and how much it pays out each time. It have lots of lights and makes lots of sounds to entice you to keep putting money in. Based on what it has already paid out and how it's acting (lights/sounds) I can tell when it's 10 or so turns from dropping a jackpot.
If you want to win in a casino stay away from the slots. The only way to effect the outcome would be blatant hacking/cheating or spending a ton of money to learn the patterns. Count cards and play blackjack instead. Just don't get greedy because once they catch on that you're counting you'll be shown the door. Do it often enough and you'll end up on the blacklist and will be denied entry into most Casinos.
▶ No.935219>>935221
>>935216
Also just because it's networked back to a control room doesn't mean the software isn't running on the machine itself. Modern arcade machines have x64 CPUs and off the self GPUs in them with a small OS that simply loads the software from over the network ala-steam. This is both for security of the software and the cost savings (it's cheaper to swap games this way). Modern slots probably use something similar.
On a large floor like in Vegas is 100s of machines a few will be programmed to pay out more than the others and pay out large jackpots throughout the day to encourage other people to play them. At the end of the day the machines are rotated. They all look the same so customers can not tell the "lucky machine" they won big on yesterday isn't in the same spot. This is to prevent people from playing the same machine over and over again.
▶ No.935221>>935223
>>935219
<that simply loads the software from over the network ala-steam
<Modern arcade machines have x64 CPU
Just keep digging that future you chose
>Also just because it's networked back to a control room doesn't mean the software isn't running on the machine itself.
Actually it would be better if it were just a dumb terminal. Because it has its own SOC you could use the hardware of that SOC to fuck with the central server ala USB hack device or a card reading device to hack it. Casinos aren't this retarded are they? I knew banks were this retarded but that's because the kikes can just print more shekels. Casinos not so much.
▶ No.935222>>935224
>>935204
Airgaps are not useless.
▶ No.935223>>935225
>>935221
https://en.wikipedia.org/wiki/NESiCAxLive
Casinos probably are that retarded, never underestimate someone in a meeting talking about cost savings. Also, casinos focus more on having in-house security. The slot machines don't have to be that secure when you have an army of cameras and people watching every one of them at all times.
▶ No.935224>>935230 >>935242
>>935222
They are worse then useless, they give you a false sense of security.
▶ No.935225>>935226
>>935223
What part of doing it from your couch and then going to a slot machine don't you understand? A script kiddy could adjust the PRNG remotely and then go play slots like a normal idiot and all those guards would be none the wiser. Since the PRNG would affect everyone's winning and not just that one persons'. What reason other then extensive goybook and previous job/life checking do the casino's get access to in a worst case scenario? If you aren't a faggot you will just look like some random dude who first came to a casino and made *insert small amount here* that flies under their automatic alarms for kiking people out of fake money.
▶ No.935226>>935229 >>935236
>>935225
A smart person can do it. Most people are greedy and will do it more than once. Once someone notices something funny going on you'll be marked and caught quickly.
No one is saying you can't make a quick $1,000. The hard part is doing it as a source of income multiple times a week. Casinos share blacklists of people with each other world wide so once you end up on one they're going to be watching everything you're doing the entire time you're on the floor.
You'd make more money and be better off just hacking an ATM in a remote area and running with all the cash.
▶ No.935229>>935231
>>935226
Also if all machines were paying out like you describe the floor would instantly be shut down for audit. They know how often the machines are suppose to hit and in what amounts. Once a few people cash out they'd instantly know something was not right.
▶ No.935230>>935231
>>935224
>air gapping is useless
>it gives you a false sense of security
What's next?
>secrecy without authentication is useless
You glow in the dark.
Vid related. From 15:00 onwards
https://www.hooktube.com/watch?v=fwcl17Q0bpk
▶ No.935231>>935234
>>935229
Holy crap its like you were born stupid. You would only be doing it to several machines, not all of them, and you wouldn't be paying out jackpots everytime but small less noticeable amounts. Casinos are a place kikes created to jew you out of your fake money. In the days of old people got around that by jewing the jew as >>935216 describes. Today it is even more laughably easy to jew the jew.
<You'd make more money and be better off just hacking an ATM in a remote area and running with all the cash.
>don't kill consumer confidence in jews jewing by describing ways to jew them back goy
>>935230
Well secrecy without authentication does not mean secured privacy. With time it can be found out even if in that moment it is private/secret.
>using (((hooktube)))
Webm or bust, better yet just give me a summary of the video.
▶ No.935234
>>935231
tl;dr. Poul-Henning Kamp gives a talk at fosdem '14 pretending to be an nsa agent reporting to nato about their progress.
One part is about a program to influence and steer development of standards and software towards making their job easier.
One example is the debate regarding self signed certificates. The things that give you hideous warnings.
If self signed was default in apache, almost all traffic would be encrypted by default, making nsa's job more difficult.
Due to the "security without authentication" meme, we don't do that.
For airgapping it's the same argument with "false sense of security" bullshit.
It makes it orders of magnitude harder to get into your system if it's airgapped.
Same as with the discussion about hardware backdoors. They are a problem of course, but that doesn't mean you should just disable your firewall, open all ports, enable guest/guest and use http everywhere.
▶ No.935236>>935243 >>935350
>>935226
>You'd make more money and be better off just hacking an ATM in a remote area and running with all the cash.
So much this.
Want easy shekels? Crowbar an ATM in a rural town.
▶ No.935242>>935243
>>935224
Just how do you want to access a computer no other computer has access to and is locked with a key? Using the Force? Magnets?
Stuxnet jumped gaps via USB infection. Good job getting non-total-dumbasses to do that.
▶ No.935243>>935247
>>935242
>Stuxnet jumped gaps via USB infection. Good job getting non-total-dumbasses to do that.
Who said USB, it could be on a keycard or in the light/infrared particles for all you know.
>Magnets?
Now you are starting to rub some braincells together.
>>935236
With all this sudden shilling against discussing how shit casino security is I think the kikes have pizza blood drinking parties or something worse in these things very often now.
▶ No.935247>>935254 >>935349
>>935243
Nobody denies you can bypass airgaps, or extract information from air gapped systems. The point is the effort it takes, saying that airgaps are less than useless is just plain wrong.
Two servers, one air gapped, one connected to internet. Which takes more time and resources to get into?
Two servers, both airgapped. One has all wifi chips removed as well as any ir sensors. Which takes more effort to get into?
Two servers, both air gapped and with no wifi and ir. One is placed in a faraday cage. ... You get the idea.
Of course you could still extract data from a pc in a faraday cage if you get into side channels like power consumption or fan noise or whatever. But each step increases the difficulty and time.
Let alone the (im)possibility of getting software to exploit those channels onto their in the first place.
▶ No.935254>>935259 >>935336
>>935247
>Two servers, one air gapped, one connected to internet. Which takes more time and resources to get into?
One talos II connected to the internet with hardened gentoo and one x86 with windows on it and two armed gaurds. The one with windows on it is much much easier to get into and takes far less time.
>Two servers, both airgapped. One has all wifi chips removed as well as any ir sensors. Which takes more effort to get into?
One talos II with redox OS with a FOSS wifi card and one windows x86 system with no wireless or infrared cards but has a ethernet controlller. The one witht the FOSS wifi card takes more effort to get into.
>Two servers, both air gapped and with no wifi and ir. One is placed in a faraday cage. ... You get the idea.
One talos II air gapped and one windows XP computer in a faraday cage. This one is actually tough to decide as it depends on if the XP computer is ever access for any reason. Or if the faraday cage is built properly to block high wavelength radio.
>Let alone the (im)possibility of getting software to exploit those channels onto their in the first place.
You can transfer software over switched powersupplies in the wall outlets ala ethernet over alternating current. You really should choose more specific examples to make your point.
▶ No.935259>>935261
>>935254
>and one x86 with windows on it and two armed gaurds. The one with windows on it is much much easier to get into and takes far less time.
>one windows x86 system with no wireless or infrared cards but has a ethernet controlller.
Teach me senpai, so I can rob all these atm's without breaking a sweat.
▶ No.935261
▶ No.935333
▶ No.935334
>>935180
>Sounds even easier
good luck getting into an airgapped network, stupid faggot
▶ No.935336
>>935254
>You can transfer software over switched powersupplies in the wall outlets ala ethernet over alternating current. You really should choose more specific examples to make your point.
·············┌live_out
l_in-(L)┬┴─┐
·········(C)··(R)
n_in──┴┬─┘
·············└neutral_out
▶ No.935349
>>935247
>monitoring power consumption and fan noise
Well you can always use those socket multipliers and connect two computers to the same outlet. Blast furry porn on one and work with deep state shit on the other, I bet those russian agents in that black van will drive off of your driveway faster than how trump got back his word about throwing hillary in the jail.
▶ No.935350
>>935236
I'd rather get blacklisted from casinos than from everyday life when the police show up.
▶ No.935467
has anyone made FOSS slot machine software before? e.g. you win nothing but satisfaction?
▶ No.935486>>935514
>>935473
>wahhh why do these people have a different opinion than me :(((((
▶ No.935493
>>935197
>as I had a perfect webm for this moment.
Was it the old james bond movie where Q fucks machine slots ?
▶ No.935507
>>935202
>ATM machines are also on a separate network.
>ATM machines
>Automatic Teller Machine machines
▶ No.935514
>>935486
>I'll hack into the airgapped network and defeat complex encryption algorithms with the power of lisp just as soon as I can figure out how to make an installer
▶ No.935526>>935575
This thread started out interesting but devolved into nothing but pedants, LARPers and autists shitposting.
▶ No.935575
>>935526
And thus we now know what the cancer killing this board is
▶ No.936058>>936065
>>935147
It baffles me that slot machines didn't immediately use noise generators, from the get-go. Those devices are so easy to make, too. And if they produce too much radio noise, you can enclose them in a faraday cage. As this sort of noise is quantum in nature, it's guaranteed to be random.
▶ No.936065>>936079
>>936058
You're missing the point, Slot Machines aren't completely random by design. The house still has to win. A truly random slot machine may give payouts more often than if the randomness was instead configured within certain boundaries.
▶ No.936079>>936080
>>936065
You could have true randomness without it being 50/50 probability.
Randomness just means you can't predict individual outcomes. You can still make statistical predictions if you know the underlying distribution.
So if you know the house has a 99% chance of winning, you would guess that roughly 990 of the next 1000 tries you will lose.
▶ No.936080>>936085 >>936291
>>936079
With pseudo randomness, you can predict outcomes if you know the algorithm used and seed number.
There is thus some hidden information that makes all the numbers generated deterministic.
With quantum randomness, there is no hidden information allowing for determining the sequence generated.
▶ No.936085>>936089
>>936080
>there is no hidden information
As far we know.
▶ No.936089>>936181
>>936085
These experiments are all showing that there is no locally hidden variables.
https://en.wikipedia.org/wiki/Bell_test_experiments
You could propose some non-local hidden variables, but then you are likely hypothesizing faster than light communication of information, or wormholes or other such stuff.
▶ No.936124
>>935088 (OP)
>We don't even know the exact nature of the software these run
I've seen them sitting on the Windows BSOD, so that answers one question.
▶ No.936181>>936350
>>936089
>You could propose some non-local hidden variables, but then you are likely hypothesizing faster than light communication of information, or wormholes or other such stuff.
Except that even under the copenhagen interpretation this already happens in the form of quantum entanglement. Quantum mechanics is fundamentally at odds with the strong application of the principle that causality can't travel faster than light. Since the strong version of that principle has been debunked, you can't use it to debunk things which have FTL causality but can't be used to communicate classical information FTL and thus still satisfy the weaker version of the principle.
▶ No.936184>>936883
>>935088 (OP)
Given regulatory requirements demand that the machines payout x% of winnings, wouldn't simply observing a machine over a long enough time period leak enough data to give you a reasonable chance of predicting winning spin vicinity, within the next y rolls?
▶ No.936222
I got the chance to see an Aristocrat gaming machine being serviced last year. It appeared to be running Ubuntu 8.10. ymmv
▶ No.936288
What's wrong with putting a RNG server in casino's basement, where they store their cash anyways, make slot machines dumb terminals that display fancy graphics and accept input. The network would be airgapped as in unreachable from Internet, and fucking with server would be equal to doing Ocean's Twelve robbery.
I'm pretty sure, every modern casino slot system is similar to what I described, also in some countries with semi-banned slots/betting, machines connect to abroad servers. there is literally 0.0001 chance of some skid successfully ddosing and hacking into their mainframe behind cloudflare sprawl because their engineers are not that dumb and know their shit for being paid good money. Also, Russians.
▶ No.936291
>>936080
let random = quantumRandom() // [0, 1)
if random > 0.99:
playerWins()
else:
houseWins()
It's this fucking simple.
▶ No.936350
>>936181
Quntum engtanglement is a moot point. It gives no information that can be used to determine that a future quantum state will collapse in one way or another (e.g. spin up or spin down).
It just tells you about he state you collapsed, in which the result is still random, and in which it just so happens one of the particles in that state could be far away. In that sense, the state is still local, just in local to two places at once, and there are no hidden variables.
▶ No.943335
>>935088 (OP)
I'm gonna tell you though not an insider to back this up.
These casino shits actually let you win some at first if you are a first timer. This gets you hooked then after you're hooked you get nothing at all. This is the reason they have cameras.
They lose if they use RNG so what they do is monitor their gains and let people win sometimes. It's like the life insurance schemes - there are no life insurance companies in a warzone.