PRNG not so random

Mac

Marauder
Joined
Feb 28, 2005
Posts
5,707
Location
USA
Avatar Name
Mannanan Mac y Lir
Russians Engineer a Brilliant Slot Machine Cheat—And Casinos Have No Fix

IN EARLY JUNE 2014, accountants at the Lumiere Place Casino in St. Louis noticed that several of their slot machines had—just for a couple of days—gone haywire. The government-approved software that powers such machines gives the house a fixed mathematical edge, so that casinos can be certain of how much they’ll earn over the long haul—say, 7.129 cents for every dollar played. But on June 2 and 3, a number of Lumiere’s machines had spit out far more money than they’d consumed, despite not awarding any major jackpots, an aberration known in industry parlance as a negative hold. Since code isn’t prone to sudden fits of madness, the only plausible explanation was that someone was cheating.

Casino security pulled up the surveillance tapes and eventually spotted the culprit, a black-haired man in his thirties who wore a Polo zip-up and carried a square brown purse. Unlike most slots cheats, he didn’t appear to tinker with any of the machines he targeted, all of which were older models manufactured by Aristocrat Leisure of Australia. Instead he’d simply play, pushing the buttons on a game like Star Drifter or Pelican Pete while furtively holding his iPhone close to the screen.

He’d walk away after a few minutes, then return a bit later to give the game a second chance. That’s when he’d get lucky. The man would parlay a $20 to $60 investment into as much as $1,300 before cashing out and moving on to another machine, where he’d start the cycle anew. Over the course of two days, his winnings tallied just over $21,000. The only odd thing about his behavior during his streaks was the way he’d hover his finger above the Spin button for long stretches before finally jabbing it in haste; typical slots players don’t pause between spins like that.

On June 9, Lumiere Place shared its findings with the Missouri Gaming Commission, which in turn issued a statewide alert. Several casinos soon discovered that they had been cheated the same way, though often by different men than the one who’d bilked Lumiere Place. In each instance, the perpetrator held a cell phone close to an Aristocrat Mark VI model slot machine shortly before a run of good fortune.

By examining rental-car records, Missouri authorities identified the Lumiere Place scammer as Murat Bliev, a 37-year-old Russian national. Bliev had flown back to Moscow on June 6, but the St. Petersburg–based organization he worked for, which employs dozens of operatives to manipulate slot machines around the world, quickly sent him back to the United States to join another cheating crew. The decision to redeploy Bliev to the US would prove to be a rare misstep for a venture that’s quietly making millions by cracking some of the gaming industry’s most treasured algorithms.

From Russia With Cheats
Russia has been a hotbed of slots-related malfeasance since 2009, when the country outlawed virtually all gambling. (Vladimir Putin, who was prime minister at the time, reportedly believed the move would reduce the power of Georgian organized crime.) The ban forced thousands of casinos to sell their slot machines at steep discounts to whatever customers they could find. Some of those cut-rate slots wound up in the hands of counterfeiters eager to learn how to load new games onto old circuit boards. Others apparently went to Murat Bliev’s bosses in St. Petersburg, who were keen to probe the machines’ source code for vulnerabilities.

By early 2011, casinos throughout central and eastern Europe were logging incidents in which slots made by the Austrian company Novomatic paid out improbably large sums. Novomatic’s engineers could find no evidence that the machines in question had been tampered with, leading them to theorize that the cheaters had figured out how to predict the slots’ behavior. “Through targeted and prolonged observation of the individual game sequences as well as possibly recording individual games, it might be possible to allegedly identify a kind of ‘pattern’ in the game results,” the company admitted in a February 2011 notice to its customers.

Recognizing those patterns would require remarkable effort. Slot machine outcomes are controlled by programs called pseudorandom number generators that produce baffling results by design. Government regulators, such as the Missouri Gaming Commission, vet the integrity of each algorithm before casinos can deploy it.

But as the “pseudo” in the name suggests, the numbers aren’t truly random. Because human beings create them using coded instructions, PRNGs can’t help but be a bit deterministic. (A true random number generator must be rooted in a phenomenon that is not manmade, such as radioactive decay.) PRNGs take an initial number, known as a seed, and then mash it together with various hidden and shifting inputs—the time from a machine’s internal clock, for example—in order to produce a result that appears impossible to forecast. But if hackers can identify the various ingredients in that mathematical stew, they can potentially predict a PRNG’s output. That process of reverse engineering becomes much easier, of course, when a hacker has physical access to a slot machine’s innards.

Knowing the secret arithmetic that a slot machine uses to create pseudorandom results isn’t enough to help hackers, though. That’s because the inputs for a PRNG vary depending on the temporal state of each machine. The seeds are different at different times, for example, as is the data culled from the internal clocks. So even if they understand how a machine’s PRNG functions, hackers would also have to analyze the machine’s gameplay to discern its pattern. That requires both time and substantial computing power, and pounding away on one’s laptop in front of a Pelican Pete is a good way to attract the attention of casino security.

The Lumiere Place scam showed how Murat Bliev and his cohorts got around that challenge. After hearing what had happened in Missouri, a casino security expert named Darrin Hoke, who was then director of surveillance at L’Auberge du Lac Casino Resort in Lake Charles, Louisiana, took it upon himself to investigate the scope of the hacking operation. By interviewing colleagues who had reported suspicious slot machine activity and by examining their surveillance photos, he was able to identify 25 alleged operatives who’d worked in casinos from California to Romania to Macau. Hoke also used hotel registration records to discover that two of Bliev’s accomplices from St. Louis had remained in the US and traveled west to the Pechanga Resort & Casino in Temecula, California. On July 14, 2014, agents from the California Department of Justice detained one of those operatives at Pechanga and confiscated four of his cell phones, as well as $6,000. (The man, a Russian national, was not indicted; his current whereabouts are unknown.)

The cell phones from Pechanga, combined with intelligence from investigations in Missouri and Europe, revealed key details. According to Willy Allison, a Las Vegas–based casino security consultant who has been tracking the Russian scam for years, the operatives use their phones to record about two dozen spins on a game they aim to cheat. They upload that footage to a technical staff in St. Petersburg, who analyze the video and calculate the machine’s pattern based on what they know about the model’s pseudorandom number generator. Finally, the St. Petersburg team transmits a list of timing markers to a custom app on the operative’s phone; those markers cause the handset to vibrate roughly 0.25 seconds before the operative should press the spin button.

“The normal reaction time for a human is about a quarter of a second, which is why they do that,” says Allison, who is also the founder of the annual World Game Protection Conference. The timed spins are not always successful, but they result in far more payouts than a machine normally awards: Individual scammers typically win more than $10,000 per day. (Allison notes that those operatives try to keep their winnings on each machine to less than $1,000, to avoid arousing suspicion.) A four-person team working multiple casinos can earn upwards of $250,000 in a single week.

Repeat Business
Since there are no slot machines to swindle in his native country, Murat Bliev didn’t linger long in Russia after his return from St. Louis. He made two more trips to the US in 2014, the second of which began on December 3. He went straight from Chicago O’Hare Airport to St. Charles, Missouri, where he met up with three other men who’d been trained to scam Aristocrat’s Mark VI model slot machines: Ivan Gudalov, Igor Larenov, and Yevgeniy Nazarov. The quartet planned to spend the next several days hitting various casinos in Missouri and western Illinois.

Bliev should never have come back. On December 10, not long after security personnel spotted Bliev inside the Hollywood Casino in St. Louis, the four scammers were arrested. Because Bliev and his cohorts had pulled their scam across state lines, federal authorities charged them with conspiracy to commit fraud. The indictments represented the first significant setbacks for the St. Petersburg organization; never before had any of its operatives faced prosecution.

Bliev, Gudalov, and Larenov, all of whom are Russian citizens, eventually accepted plea bargains and were each sentenced to two years in federal prison, to be followed by deportation. Nazarov, a Kazakh who was granted religious asylum in the US in 2013 and is a Florida resident, still awaits sentencing, which indicates that he is cooperating with the authorities: In a statement to WIRED, Aristocrat representatives noted that one of the four defendants has yet to be sentenced because he “continues to assist the FBI with their investigations.”

Whatever information Nazarov provides may be too outdated to be of much value. In the two years since the Missouri arrests, the St. Petersburg organization’s field operatives have become much cagier. Some of their new tricks were revealed last year, when Singaporean authorities caught and prosecuted a crew: One member, a Czech named Radoslav Skubnik, spilled details about the organization’s financial structure (90 percent of all revenue goes back to St. Petersburg) as well as operational tactics. “What they’ll do now is they’ll put the cell phone in their shirt’s chest pocket, behind a little piece of mesh,” says Allison. “So they don’t have to hold it in their hand while they record.” And Darrin Hoke, the security expert, says he has received reports that scammers may be streaming video back to Russia via Skype, so they no longer need to step away from a slot machine to upload their footage.

The Missouri and Singapore cases appear to be the only instances in which scammers have been prosecuted, though a few have also been caught and banned by individual casinos. At the same time, the St. Petersburg organization has sent its operatives farther and farther afield. In recent months, for example, at least three casinos in Peru have reported being cheated by Russian gamblers who played aging Novomatic Coolfire slot machines.

The economic realities of the gaming industry seem to guarantee that the St. Petersburg organization will continue to flourish. The machines have no easy technical fix. As Hoke notes, Aristocrat, Novomatic, and any other manufacturers whose PRNGs have been cracked “would have to pull all the machines out of service and put something else in, and they’re not going to do that.” (In Aristocrat’s statement to WIRED, the company stressed that it has been unable “to identify defects in the targeted games” and that its machines “are built to and approved against rigid regulatory technical standards.”) At the same time, most casinos can’t afford to invest in the newest slot machines, whose PRNGs use encryption to protect mathematical secrets; as long as older, compromised machines are still popular with customers, the smart financial move for casinos is to keep using them and accept the occasional loss to scammers.

So the onus will be on casino security personnel to keep an eye peeled for the scam’s small tells. A finger that lingers too long above a spin button may be a guard’s only clue that hackers in St. Petersburg are about to make another score.


https://www.wired.com/2017/02/russians-engineer-brilliant-slot-machine-cheat-casinos-no-fix/
 
Every computer engineer knows that there are no pure randomizations in electronic systems.

Also.. in b4 russians hacked casinos, elections, and the super bowl.
 
What about algorithms in online games like EU?
Are they by default better secured than the algorithms in slot machines?
 
What about algorithms in online games like EU?
Are they by default better secured than the algorithms in slot machines?

We don't know but my guess is they need to make profit in a way. Their company has like 30 people on payroll.

Everything seems to come in waves, I just don't know when they happen.
 
What about algorithms in online games like EU?
Are they by default better secured than the algorithms in slot machines?

Are you doubting that the coders at MA, who have made Entropia the most perfectly coded game out there have created the best damn algorithm c++ ever saw?

all jokes aside....
My guess is that EU's algorithm is average at best with other factors determining the outcome.

an oversimplified example:

10000 muscle oil total in game
6000 is available in mobs 4000 held by avatars
mob hunted has a 15% average chance of muscle oil
average value is 0.1ped

could even vary by location and tons of factors

calculated on all possible drops for that mob, seeded with the computers clock at an average specificity and then roll the dice... globals and hofs would be multipliers and not part of average loot calc or the swings would be too big

that's probably about how it works....a good indicator it is anyway is that before explosive ammo you could better guess when and what to hunt depending on what was being sold and crafted....because if crafters held alot of muscle mobs that dropped a lot of it would loot worse, nowadays I have no clue anymore ^^
 
True Random Numbers

You may be wondering how a computer can actually generate a random number. Where does this “randomness” come from. If it’s just a piece of computer code, isn’t it possible the numbers the computer generates could be predictable?

We generally group the random numbers computers generate into two types, depending on how they’re generated: “True” random numbers and pseudo-random numbers.

To generate a “true” random number, the computer measures some type of physical phenomenon that takes place outside of the computer. For example, the computer could measure the radioactive decay of an atom. According to quantum theory, there’s no way to know for sure when radioactive decay will occur, so this is essentially “pure randomness” from the universe. An attacker wouldn’t be able to predict when radioactive decay would occur, so they wouldn’t know the random value.

Pseudorandom Numbers

Pseudorandom numbers are an alternative to “true” random numbers. A computer could use a seed value and an algorithm to generate numbers that appear to be random, but that are in fact predictable. The computer doesn’t gather any random data from the environment.

This isn’t necessarily a bad thing in every situation. For example, if you’re playing a video game, it doesn’t really matter whether the events that occur in that game are cased by “true” random numbers or pseudorandom numbers. On the other hand, if you’re using encryption, you don’t want to use pseudorandom numbers that an attacker could guess.

For example, let’s say an attacker knows the algorithm and seed value a pseudorandom number generator uses. And let’s say an encryption algorithm gets a pseudorandom number from this algorithm and uses it to generate an encryption key without adding any additional randomness. If an attacker knows enough, they could work backwards and determine the pseudorandom number the encryption algorithm must have chosen in that case, breaking the encryption.

The NSA and Intel’s Hardware Random Number Generator

To make things easier for developers and help generate secure random numbers, Intel chips include a hardware-based random number generator known as RdRand. This chip uses an entropy source on the processor and provides random numbers to software when the software requests them.

The problem here is that the random number generator is essentially a black box and we don’t know what’s going on inside it. If RdRand contained an NSA backdoor, the government would be able to break encryption keys that were generated with only data supplied by that random number generator.


text from : http://www.howtogeek.com/183051/htg-explains-how-computers-generate-random-numbers/
 
Quite an interesting read!
I swore I wouldn't say, but it's been a while now. I heard a story from one of the smartest individuals I've known in Entropia that (supposedly) ended up working with MA under tight NDA to improve the loot system after correctly predicting consecutive mining globals and hofs like they were equations to be solved back in 03/04.
Potentially just an interesting lie, but this was a seriously respected avatar with proven ties to MA.

tldr: no, not random just buried as deep as possible :wise:
 
To make things easier for developers and help generate secure random numbers, Intel chips include a hardware-based random number generator known as RdRand. This chip uses an entropy source on the processor and provides random numbers to software when the software requests them.

:eureka:

__
 

More interesting is this :

***The problem here is that the random number generator is essentially a black box and we don’t know what’s going on inside it. If RdRand contained an NSA backdoor, the government would be able to break encryption keys that were generated with only data supplied by that random number generator.***
 
We don't know but my guess is they need to make profit in a way. Their company has like 30 people on payroll.

Everything seems to come in waves, I just don't know when they happen.

If it come in waves, then it is just a bad coded RNG. Or... MA liked to code some thing with waves.
I think, loot in waves is a bad behavior, about the same person maybe loot several times some thing nice, while the wave occure. A bit unfair, if you ask me, and possible to find out the wave pattern, so the same person allways get some thing nice, by just known, when the wave run.
 
If it come in waves, then it is just a bad coded RNG. Or... MA liked to code some thing with waves.
I think, loot in waves is a bad behavior, about the same person maybe loot several times some thing nice, while the wave occure. A bit unfair, if you ask me, and possible to find out the wave pattern, so the same person allways get some thing nice, by just known, when the wave run.

^ This, there you have it folks.


UPDATE: Was originally going to post the following below, but since EU servers are down at the moment will do the reveal and exposure now:


Wave patterns are everywhere as I would like to call them "half of the half hour" and "Top of the Hour" + or - 07 minutes going in or after each wave cycle, lol. Try this out or sample your results in 23min folks. (notice the PCF post time above my PCF name btw)


Just looted Christmas Ring 2016 about 30 sec ago.
(2nd ring btw)

[Globals]: Vi V3r0nyka BitFury has found a rare item (Christmas Ring 2016) with a value of 10 PED! A record has been added to the Hall of Fame.

[System]: Entropia Universe time: 2017-02-07 06:58:36
[System]: Session time: 00:10:07

(refer to EL under Rare Loot by typing in "Christmas Ring 2016" or "rings" for reference)



MA needs to adjust or update this, just my two pec. (perhaps they are doing this now as I re-post my original reply above since EU servers are down at this moment of my updated re-post).
(Thank you LT for sending in your SC on this matter, and also to Ivi for requesting this much needed overhaul concern - just a matter of if & when MA will beable to do something on this matter.)


(in b4 the necro)
 
Last edited:
bad coding happens everywhere, it's like digital cancer. btw the VU is downloading, new bughunt season is opened soon!
 
... the government would be able to break encryption keys that were generated with only data supplied by that random number generator.
Considering the amount of info we have today on the government controlled backdoors it's highly unlikely any independent software company would rely only on the data supplied by RdRand. It's pretty safe to assume vast majority uses combined/additional sources.

This, however, is not a guarantee this software is safe. There's always a possibility an insider sold out to the government, or was blackmailed/forced to give up the specs of the additional factors.


TL;DR: Nothing is ever 100% safe. The more money/power you have the smaller the safe area shrinks. It's just that (in most cases) you need a lot of money to do that and to go after a small fry like EU simply doesn't pay.
 
True Random Numbers

You may be wondering how a computer can actually generate a random number. Where does this “randomness” come from. If it’s just a piece of computer code, isn’t it possible the numbers the computer generates could be predictable?

We generally group the random numbers computers generate into two types, depending on how they’re generated: “True” random numbers and pseudo-random numbers.

To generate a “true” random number, the computer measures some type of physical phenomenon that takes place outside of the computer. For example, the computer could measure the radioactive decay of an atom. According to quantum theory, there’s no way to know for sure when radioactive decay will occur, so this is essentially “pure randomness” from the universe. An attacker wouldn’t be able to predict when radioactive decay would occur, so they wouldn’t know the random value.

text from : http://www.howtogeek.com/183051/htg-explains-how-computers-generate-random-numbers/

Just correct for unstable atoms! If you see periodic table most of elements has life time recorded, and nuclear decay always occur during that time!
 
Considering the amount of info we have today on the government controlled backdoors it's highly unlikely any independent software company would rely only on the data supplied by RdRand. It's pretty safe to assume vast majority uses combined/additional sources.

This, however, is not a guarantee this software is safe. There's always a possibility an insider sold out to the government, or was blackmailed/forced to give up the specs of the additional factors.


TL;DR: Nothing is ever 100% safe. The more money/power you have the smaller the safe area shrinks. It's just that (in most cases) you need a lot of money to do that and to go after a small fry like EU simply doesn't pay.

Like Sony Hacking? Now a day Hackers use the power of several computers to make an attack, and with IoT growing up more powerful hacking will become!
 
Random number generation is lots of fun.
If curious the easiest/best explanation on how to do it very well has been (imo) by Steve Gibson
Grab a pillow since most people will find it a kind of dry topic.
Audio file: https://media.grc.com/sn/sn-107.mp3
Text file: https://www.grc.com/sn/sn-107.htm


In a nutshell he made a webpage in 2007 he's still waiting for someone to break the RNG.
https://www.grc.com/passwords.htm

What he's described is using noise from various sources at the same time to power the random.
http://www.ciphersbyritter.com/RES/NOISE.HTM

And mixing all that up with some encryption cipher for even more randomness.
password_generator.png


Just some food for thought on how to make a more random, RNG.
 
  • Like
Reactions: Mac
Random number generation is lots of fun.
If curious the easiest/best explanation on how to do it very well has been (imo) by Steve Gibson
Grab a pillow since most people will find it a kind of dry topic.
Audio file: https://media.grc.com/sn/sn-107.mp3
Text file: https://www.grc.com/sn/sn-107.htm


In a nutshell he made a webpage in 2007 he's still waiting for someone to break the RNG.
https://www.grc.com/passwords.htm

What he's described is using noise from various sources at the same time to power the random.
http://www.ciphersbyritter.com/RES/NOISE.HTM

And mixing all that up with some encryption cipher for even more randomness.
password_generator.png


Just some food for thought on how to make a more random, RNG.

Thats a nice one :)

It give a lot possible ways to make interesting RND. I often play around into my games i dev. , to find out a nice RND functions. You'r right, it is a lot fun to play around with RND.

Most fun is to see, if you use only a pure RND, then all hapens in pattern, and often you will win. Thats why it need a bit more , as only RND pure.
 
http://www.nanalyze.com/2017/02/quantum-random-number-generator-qrng/

I liked the images, I assume the lines on the left image represent the loot waves.

That was very interesting to read. Seems such generators are not so cheap for buy. The 2 pictures show exactly the problem of currently used RND systems.

Would like if MA would use a such QRND into the loot generation. What we see into EU is a average RND, causing exactly the problem into the 1 picture of this article.
 
That was very interesting to read. Seems such generators are not so cheap for buy. The 2 pictures show exactly the problem of currently used RND systems.

Would like if MA would use a such QRND into the loot generation. What we see into EU is a average RND, causing exactly the problem into the 1 picture of this article.

"Quantum" RNG isn't random and i've argued it isn't even quantum. Plus that method was predicted to not be random way-way back like around WWII.
In a nutshell those IDQ rng cards (that Mac referred to) are measuring energy fluctuations between 2 crystals ("plates") in a vacuum.
Problem is it's all solid state digital and it's been long established that there is no random from such a system for too many reasons to list without making you all fall asleep.
Boils down to crystals within said vacuum have the predicted casimir effect especially within a small computer box or rack which affects the qrng cards which are removed from universal randomness due to computer's inherited Faraday cage like design.

Summary: it's that Casimir effect that creates those wave like images that Mac likes.


The thing i posted earlier from that steve gibson website about using analogue devices to capture actual random things like sounds and convert them into randomness is considered superior and if implemented correctly are much more random. All it takes is a few vehicles driving past, or birds singing, leaves falling nearby, wind, etc.
Problem is those systems are outside (literally) of the servers racks/case and outside server room and therefore "hard to control".

Whereas those little cards are fully controllable and likely found in things like slot machines.
Just a thought.
 
Last edited:
Just correct for unstable atoms! If you see periodic table most of elements has life time recorded, and nuclear decay always occur during that time!

Wrong that's half life of the isotope. Meaning that half of the atoms has decayed after that time. If you look at a single atom though you can't tell when it will decay. Ever heard of Schrödinger's Cat?
 
There are many ways of generating real random numbers, and even more ways to generate PRNGs.

Problem is real random number generator cost a bit of money.

https://www.random.org/ uses atmospheric noise to generate random noise.

All depends on how real your need is for real random numbers, and how much it's worth for you.
 
Cool topic.
Just ask me or Legion about randomness in EU.
 
Hey Pham, can you tell us about randomness in EU? :)

:tower:

Me thinks Pham did ok with PE randomness, not sure he's so crazy about EU randomness. :laugh:
 
Indeed, Mac.
Randomness in EU was all about timing and shit. Max multiplier loots per area (or spawn/creature?) would trigger in order, however, to successfully exploit that it would require to hunt at specific area at specific time for several hours straight. It does not go along really well with most daytime jobs, and few ubers I've missed which reallly pissed me off happened exactly when I was fixing something on helpdesk call. Also, it was much better to camp stuff without having a company.
Although, doing stuff like that would improve chances to profit, the profits would be only marginal, without great items in the loot.
PS: Shoulda quit dat crap job anyway, but few things about EU in 2007 pissed me off more (e.g. weapon switching lag, loot lag, Marcos lies about re-launching ATM cards soon and other shit), so I quit EU instead.
 
Last edited:
Indeed, Mac.
Randomness in EU was all about timing and shit. Max multiplier loots per area (or spawn/creature?) would trigger in order, however, to successfully exploit that it would require to hunt at specific area at specific time for several hours straight. It does not go along really well with most daytime jobs, and few ubers I've missed which reallly pissed me off happened exactly when I was fixing something on helpdesk call. Also, it was much better to camp stuff without having a company.
Although, doing stuff like that would improve chances to profit, the profits would be only marginal, without great items in the loot.
PS: Shoulda quit dat crap job anyway, but few things about EU in 2007 pissed me off more (e.g. weapon switching lag, loot lag, Marcos lies about re-launching ATM cards soon and other shit), so I quit EU instead.

And many were sad to see you go, you were inspiring for me at the time, until MA pissed me off and I also exited stage left for many years, I hope you found something better to pass the time :)
 
So, from position of IT specialist doing security jobs from time to time (and also having my perception having been heavily influenced by living in one of most corrupt countries in the world) I find that its especially hard to trust that legendary swedish gambling commission audit on PE sometime back in 2003 or so. You cannot just audit a piece of code in 2003 pronounce it 'NOT GAMBLING' and then allow people to touch it or OS or hardware it runs on.
I would rather welcome auditing it over and over again and then pronouncing it 'DEFINITELY GAMBLING' and then MA will obey the strict rules for gambling business, like, you know, 2%-something rake.
 
Back
Top