Knowing the secret arithmetic that a slot machine uses to create pseudorandom results isn’t enough to help hackers, though. That’s because the inputs for a PRNG vary depending on the temporal state. All you need to do to hack such a device is to replace its ROM-module with a module that has a bug-firmware (malicious code). Alternatively, you can reprogram the ROM-module on the spot by installing a new firmware with a special programming tool. A silent, vibrating, pocket-sized device, that allows blackjack players to count cards easily, discreetly and accurately. Slot machine jammer,jammer, analyser,slot machine Maphack,slot machine casio,slot machine remote control,slot machine hacking,slot machine,slot machine auto,casino.
The flaws in smart contracts and the security corner round out the news. Read on...
Share this using the hashtag #SWE.
Reverse-engineering a 45-year old ALU.This post from Ken Shirriff explains how the ALU worked in Intel’s first 8-bit microprocessor, the 8008. If you don’t know why that matters, “the 8008 is historically important because it essentially started the microprocessor revolution and is the ancestor of the x86 processor family that you are probably using right now.”
Understanding htop. htop is a powerful process monitor that reveals much more data about a machine’s performance than regular top. Here’s a great overview that explains what all the fields, graphs, and related stuff means.
Device Jammer Slot Machine Hacking
“Smart Contracts” are neither?This post from Ed Felten’s Freedom to Tinker explains how smart contracts, as used in some blockchain-based systems, aren’t really smart and aren’t really contracts.
Have $55? This tool will destroy many devices just by plugging it in. The “USB Killer” device does what it says on the tin, permanently damaging the USB port or entire device in many pieces of hardware. It does this by sucking power from the device, storing it in a series of onboard capacitors, then barfing a giant voltage spike across the USB/Lightning port of the target device, causing it to have a bad day. Maybe Apple’s courage in removing ports was just a brilliant bit of foresight.
A hole in the cloud. Another great 33C3 talk was this series of talks discussing how memory deduplication in virtual machines can be exploited. The three methods (CAIN, CAIN+Rowhammer, and Flip Feng Shui) combine to enable things like SSH login, browser exploits, and a compromise of the software update process.
Cheating a slot machine through the power of random numbers. Using a cell phone app to exploit the PRNG in a slot machine lead to huge casino losses. Read more in this piece from Wired. How much can you exploit the machines for? Try “upwards of $250,000 in a single week.”
The people responsible for sending the missile warning have been sacked. An alerting system test at Spangadhlem Air Base in Germany probably lead to much freaking-out, as a message was sent telling airmen that a missile was inbound to the base and to seek shelter immediately. Eight minutes later, the all clear was sent.
“Web Bluetooth” - two words I never wanted to see together. Chrome version 56 has added support for the Web Bluetooth API, opening up your Bluetooth devices to fun and exciting exploits from the Internet… I mean, opening up your Bluetooth devices to interact with websites for things like data exchange or software updates. Ostensibly, you must affirmatively opt-in before any data about your Bluetooth devices is shared with the website, but we’ll see how well that actually is implemented.
In the security corner: websites continue to find ways to fingerprint users, that doll might be a spy, and new Mac malware comes from Russia, with love:
- In news I’m certain surprised absolutely nobody, researchers have developed a technique to track users even if they use multiple browsers. As you might guess if you’re familiar with fingerprinting techniques, it relies primarily on WebGL tasks, most of which execute in very similar ways across browsers. According to the researchers, they are able to successfully fingerprint over 99% of users.
- The “My Friend Cayla” doll was classified by the German government as an illegal espionage apparatus, because it contains a microphone and is disguised as another object. The Germans, for some reason, are very wary of anything that could conceivably be used for surveillance. Access to the doll is, of course, not very secure, contributing to the problem.
- Xagent malware for the Mac has been blamed on APT28, the same Russian hacking group allegedly responsible for the DNC leaks in the 2016 election. Xagent has many capabilities and uses domains that look like Apple domains to hide their C&C services. Of course, attributing malware to any group is more art than science, but this is still noteworthy because of how strong this malware is.
As a programming note, we won’t produce a rundown next week. Look for the next one on Monday, March 6. Further, we’re continuing to experiment with the best way to deliver this content. Look for video features to join this rundown soon. If you have feedback, or think there’s something I should cover next time, leave a comment!
Cover photo: A slot machine interface. Note: the machine pictured is not made by the manufacturer of the machines that were exploited in the slot machine story. It's just a flashy pic of a slot machine. Credit: Bloomberg / Getty
The secretive world of casino cheaters, the seedy underbelly of the gambling industry, is typically associated with poker and table games.
Cheats physically manipulate cards, dice, wheels, and chips to gain an unfair advantage over the house. But cheaters have long targeted machine games like the slots, too. Ever since the first “one-armed bandits” of old hit saloon floors in San Francisco at the turn of the 20th century, cheats have endeavored to trigger jackpots and payouts unfairly.
The earliest mechanical slot machines on the market accepted nickels, prompting cheaters to melt down cheap metal and fashion counterfeit coins known as “slot slugs.” These tricked the game into offering a free spin. When dimes became the coin of choice, they filed down pennies to the circumference of a 10-cent piece, thus “earning” a nine-cent rebate on every spin.
Slot cheats also liked to drill a hole through genuine coins. They would tie it to some fishing line, play the coin, and let it fall just far enough to trigger a spin. Then, they would pull it back out and repeat the process to play for free.
Eventually, slot machine manufacturers countered those efforts with a device called the “coin escalator,” which displayed previously played coins in a window for all to see. When the operator spotted slugs, filed down pennies, or an insufficient number of wagers in the coin escalator, they knew a cheater was in their midst.
As the mechanical three-reel slots of old gave way to electronic video slots, coin-based machines were replaced by those which accept cash bills or barcoded casino vouchers. Manufacturers also replaced the drum reel setup with complex random number generators (RNGs) that “shuffled” the reels into seemingly infinite combinations.
These technological advancements stemmed the tide of slot cheating for a while, but gamblers who try to get over on the house are relentless if nothing else. Cheaters found more creative ways, engaging in a back and forth crusade with the casinos that continues to this day.
In the past, I’ve taken the time to write up guides on the various ways to cheat casino games, including poker, blackjack, roulette, and craps. But I’ve also included very serious reasons why you should never try them. In this guide, you’ll find five ways you can cheat when playing slot machines circa 2019 and beyond, along with why readers should never attempt it.
1 – Flashing a “Light Wand” to Fool the Machine’s Payout Sensor and Triggering a Jackpot
If you’ve ever heard of the “top-bottom joint,” the “kickstand,” or the “monkey paw,” congratulations! You know more about slot machine cheating than you probably should. But you probably also know about Tommy Glenn Carmichael, the so-called “Godfather of Slot Machine Cheats.”
Carmichael, a former television repairman who parlayed his technical skills into a career as a professional cheat, invented all three of those devices used to fool a mechanical slot’s sensors into unloading its coin hopper on command.
In an interview with the Los Angeles Times conducted back in 2003, convicted slot thief Jerry Criner spoke of Carmichael in reverent tones:
“A legend. He’s the greatest mind as far as developing cheating tools.”
As for the man himself, Carmichael told the newspaper he was but a humble tinkerer who never said no to a challenge:
“Figure out how a machine counts money and then work your way into the machine. We got to playing around, and I could see where it was pretty easy to do. Give me a slot machine and I’ll beat it.”
When the electronic slots and their sensitive sensors used to detect lights and lasers became the norm, Carmichael wasted no time in purchasing an IGT brand machine for himself. Almost immediately, his ingenious mind went to work deconstructing the sensor array. Before long, Carmichael had developed his latest cheating tool, the “light wand.”
Here’s how Carmichael described his light wand epiphany, which occurred as he tricked a casino employee into providing access to an IGT machine’s inner workings:
“The second I opened it up, I knew how to beat it. He told me so much I thought he had called the law. I thought he was trying to stall us.”
Mark Robinson, the former manager of the Nevada Gambling Control Board’s Electronic Services Division, told the LA Times:
“The light would shine in there and be so bright that the sensor would be blinded, causing the hopper to not realize it was paying out the coins.”
Wielding nothing more than a camera battery and a miniaturized lightbulb, Carmichael went to work, bilking casinos from coast to coast out of $10,000 or more per day.
Why You Shouldn’t Fool the Payout Sensors
Like all swindlers, however, Carmichael’s refusal to walk away a “winner” led to his downfall. He was caught deploying a light wand to win jackpots in 1996 and again in 1998, before fleeing Las Vegas for Atlantic City. But his reputation preceded him, and private detectives employed by casinos there quickly spotted Carmichael and took him down.
The feds stripped Carmichael of every last penny from his ill-gotten gains, sentenced him to one year in prison, and placed him on extended probation. That’s reason enough to avoid the light wand “hack,” as is the method’s relatively outdated practicality in the modern age.
2 – Recording Spins on a Smartphone to Crack a Slot’s Randomization Pattern
This scam is so elegant and effective that casinos and slot machine manufacturers alike still haven’t been able to stop it.
During the 2000s, international slot makers Novomatic and Aristocrat Leisure began receiving disturbing reports from their respective casino clientele. Apparently, machines from both manufacturers had been observed paying out small to medium-sized payouts far more often than their preprogrammed odds should’ve allowed.
Comprehensive reviews and investigations were conducted to audit the machines in question, but engineers and analysts could find no trace of physical manipulation.
In 2011, Novomatic issued the following statement to client casinos to warn them about potential weaknesses in its slots “pseudo random number generators” (PRNGs):
“Through targeted and prolonged observation of the individual game sequences as well as possibly recording individual games, it might be possible to allegedly identify a kind of ‘pattern’ in the game results.”
As it turns out, a slot’s RNG isn’t technically randomized because it relies on manmade inputs, such as the second hand of the machine’s internal clock, to generate its seemingly random results. From the average player’s perspective, the results will definitely appear random over both short- and long-term sessions.
But as Novomatic admitted in its internal memo, the “pseudo” nature of a PRNG ensures that detectable patterns can be discerned from the reels’ final alignment, provided a player knew what to watch for.
A professional computer hacker known only as “Alex” was one such player, a gifted mathematical mind capable of cracking convoluted coded algorithms in his head. After deciphering the codes behind a particular model of Novomatic slot machine, then the Aristocrat Mark IV model, Alex designed a computer program to predict exactly when players should press the “SPIN” button.
Alex formed a team of players and taught them to use iPhone cameras to secretly record a few dozen low-stakes spins. This footage was then uploaded to Alex’s computer, which crunched the patterns onscreen to determine, down to the millisecond, when the “SPIN” button should be pressed to trigger a winner.
From there, all Alex had to do was send an automated text message timed with a 0.25-second delay to his cheater’s phone, thus providing the average human’s reaction time as a window. A quarter of a second later, with the stakes now increased significantly, the player would press “SPIN” and watch the screen light up for a sizable score.
Why You Shouldn’t Crack a Slot’s Randomization Pattern
Both companies acknowledge that their machines are vulnerable to Alex’s version of slot hacking. But as he pointed out in an interview with Wired magazine in 2017, his scheme isn’t technically considered cheating because nobody physically manipulates the machine:
“We, in fact, do not meddle with the machines – there is no actual hacking taking place. My agents are just gamers, like the rest of them. Only they are capable of making better predictions in their betting… Yes, that capability is gained through my technology, it’s true. But why should it be against the law? On the basic level, it’s like using a calculator for counting faster and more accurately, rather than relying on one’s natural capacity.”
Alex himself was never caught, thanks to his identity concealing skills and Russian residency, but several of his “agents” have been apprehended all over the world. As for the mastermind himself, Alex failed in convincing Aristocrat to hire him on as a security consultant.
Today, he makes a living selling his tech for five-figures a pop on the dark web rather than resort to cheating himself.
So, unless you’re a savant like him with otherworldly math skills and the “Rain Man” ability to read PRNGs in your sleep, or have $20,000 to spend on a slot-cheating system, hacking the game isn’t a great idea.
3 – Using Computers and Advanced Tech Skills to Rig the Machine for Instant Jackpots
Another case of computer engineering knowledge becoming the cheat’s tool of choice involves a fair share of mystery more than 20 years later.
Beginning in 1996, former locksmith Dennis Nikrasch used the “brute force” style of computer hacking to essentially break the machine’s payout sensors. Using a blocker to screen the surveillance cameras, Nikrasch took less than a minute to pick the lock, open the machine’s interface, and attach a device that manipulated the reels’ RNG. Just like that, Nikrasch was gone like a ghost, leaving his blocker behind to play the game until an inevitable jackpot was triggered shortly thereafter.
Speaking with the Las Vegas Sun, former chief of the Enforcement Division of the Nevada Gaming Control Board (NGCB) Keith Copher offered begrudging respect when referencing Nikrasch’s scam:
“He had the most sophisticated system we’ve ever seen. We don’t know that he’s passed it along, and if he has, he’d better tell us.”
J. Gregory Damm, the assistant US Attorney who ultimately prosecuted Nikrasch for his litany of crimes, told the newspaper the use of a proxy helped hinder casino security systems:
“He would be in the casino a very short period of time. He would fix the machine, then leave. He wasn’t present when the jackpot was hit.”
Why You Shouldn’t Rig Slot Machines
Nikrasch absconded with more than $6 million in stolen slot funds before his run was cut short, sending him to prison for seven years.
Once again, the biggest reason to avoid this slot cheating method is impracticability, because Nikrasch took his tech secrets to the grave.
Slot Machine Hacking Device App
4 – Watching for Players Who Leave Money on the Machine So You Can Spin for Free
Whether you count this one as cheating is up to your own moral code, but what do you do when a neighboring player leaves a few bucks in the next machine over?
You see them take their Player’s Card, and even leave the casino, so you’re sure they’re not coming back for that last dollar or two. Do you slide over and play the free spins?
If you’re like Colorado resident and gambling man “Dan” (his last name hasn’t been made public), you take your shot at winning a jackpot on the forgetful player’s dime.
Why You Shouldn’t Use Other Players’ Money
While gambling in a Central City casino two years ago, Dan saw a fellow slot player leave $2 on a nearby machine. After playing two spins and winning nothing, Dan continued his own game for awhile before security arrived and escorted him to the dreaded back room.
Here’s how Dan described the scene to his local KDVR News station after the ordeal was over:
“There was no intent to steal from anybody. I had no idea. I go upstairs to the third floor into a dirty little room and someone tells me I stole $2 from the casino. They said they had it all on camera. I was guilty, I guess. You’re certainly not stealing it from the casino because it wasn’t theirs to begin with. There are certainly times where there are ‘laws,’ but they are not morally or ethically correct.”
Dan was charged under Colorado Statute 12-47.1-823(1)(c), which covers various forms of casino cheating. In this case, the casino claims ownership over any lost, forgotten, or unused funds in its facility, so Dan technically stole $2 from the house and not the other player.
He was arrested, charged with criminal conduct, levied with $250 in fines, forced to pay for FBI criminal background checks, placed on probation, and banned from all Colorado casinos for a full year.
And while Dan’s case might seem like an outlier, consider that Colorado charged nearly 1,000 players for stealing slot funds in 2017 alone. Similar laws are on the books in Las Vegas and elsewhere, so when you see a few dollars flashing on an unclaimed machine, think twice before trying to turn somebody else’s money into your life-changing jackpot moment.
5 – Counterfeiting Bills or “Shaving” Coins to Trick the Machine Into a Free Spin
I covered the concept of counterfeit coin slugs in the introduction, and nowadays, you’ll only find a handful of old-school coin-operated slots in Downtown Las Vegas. You can blame infamous counterfeiter Louis “The Coin” Colavecchio for that development.
Why You Shouldn’t Counterfeit Bills or Coins
During his reign as the East Coast’s preeminent slot cheat, Colavecchio used genuine steel dies from U.S. Mint printing presses to trick the machines. That ploy wound up resulting in a seven-year prison bid, leaving the formerly flush “Coin” Colavecchio penniless and out of options.
After his release, Colavecchio was forced to adapt to a brave new world of cash and voucher-operated slots. Predictably, he tried to expand his operation into counterfeit $100 bills, hoping to hit high-stakes machines for six-figure scores.
And just as predictably, the U.S. Secret Service swooped in to arrest the now 77-year old Colavecchio in 2018.
Counterfeiting is one of the most serious federal crimes imaginable, and when you add in casino surveillance, this cheating recipe just doesn’t add up.
Conclusion
Slot machines probably inspire so many cheating attempts simply because of the volatile gameplay they offer. When winners can come few and far between, and losing by session’s end is a statistical certainty barring a big jackpot, grinding the slots can get downright depressing in the worst of times.
Cheaters who refuse to accept the “boom and bust” dynamic of the slots will always try to gain the upper hand, but as these five entries make clear, casinos are always one step ahead of the culprits.
Please enable JavaScript to view the comments powered by Disqus.