Slot Machine Rng Reverse Engineer

In the late ’80s, a real game-changer took place in casinos that would forever change the landscape and opportunities in the gambling industry. Slot machines went from being mechanical devices to being electronic devices.

How One Man Hacked His Way Into the Slot-Machine Industry by Brendan I. Koerner (37.9 MB.mp3)Subscribe: Wired Features PodcastAs Latvia became more open and prosperous, slot machines began to pop. RNG is applied in slot machines to ensure that different results appear each time a gamer decides to give the game a spin. It thus eliminates any room for bias and ensures that each punter has a fair gaming.

In order to provide randomness and bigger payouts, a new computerized process was introduced that utilized a random number generator (RNG). The RNG is an algorithm programmed into the machine that is designed to generate a large sequence of numbers or symbols that cannot be reasonably predicted.

The use of computers and RNGs is now common in the gambling industry as a means of providing randomness for various games. In casinos, RNGs are used to determine results on slot machines, keno ball drawings and card dispersion from automatic shuffle machines. RNGs are also used in online gaming and state lottery operations.

ReverseSlot Machine Rng Reverse Engineer

Arguably, RNGs are a big reason for the continued success and growth of the gambling industry worldwide, and the reliance on them does not appear to be waning with the increased demand for computerized and hybrid electronic table games.

So What’s The Problem?

Random number generators are not random. They’re “pseudo random number generators,” or PRNGs. The outcomes generated by a PRNG are deterministic. The PRNG constantly generates a sequence of simulated random numbers at high speeds. As soon as the “Play” button is pressed, the most recent random number is used to determine the result. This means that the result varies depending on exactly when the game is played.

All PRNGs must eventually repeat their number sequence, so in theory, if players had access to the PRNG code and seed value, they could possibly predict future results. And that’s exactly what has happened.

Incidents of players using RNG prediction techniques started to surface not long after computerized slot machines entered the casino market. In 1993, computer engineer Leo Weeks was caught in the Horizon Casino in Lake Tahoe using a wearable computer he designed to predict royal flushes on IGT Fortune I video poker machines. Weeks obtained a Fortune I machine and reverse-engineered how the random number generator worked to create his device. It is not known how Weeks obtained the Fortune I, but it is possible he just purchased one, because the Fortune I was an extremely common type of machine at the time.

The Fortune I used a system which many modern video poker and slot machines still use. The internal random number generator in the machine cycles constantly, so the player’s results depend on exactly when the player presses the button on the machine. To use his device, Weeks would play a Fortune I machine and enter the values of the cards dealt to him into the device. This enabled the device to synchronize with the cycles of the random number generator in the Fortune I machine. Weeks’ device would then beep through a hidden earphone to tell him exactly when to push the button on the machine to get a royal flush.

When Weeks was caught, an electronics engineer/computer programmer working for the Nevada Gaming Control Board, Ron Harris, was able to reverse-engineer Weeks’ device and show how it worked. Based partially on Harris’ demonstration, Weeks pleaded guilty. Weeks received no jail time, and only had to serve 200 hours of community service in addition to paying back the money he won.

Harris was responsible for finding flaws and gaffes in software that runs computerized casino games. It turns out that he took advantage of his own expertise, reputation and access to source codes to illegally modify certain slot machines to pay out large sums of money when a specific sequence and number of coins were inserted. From 1993 to 1995, Harris and an accomplice stole thousands of dollars from Las Vegas casinos, accomplishing one of the most successful and undetected scams in casino history.

Toward the end of his stint, Harris shifted his focus to keno, for which he developed a program that would determine which numbers the game’s pseudo random number generator would select. In January 1995, Harris used a program to enable an accomplice to win $100,000 on an Imagineering Systems electronic keno game in Atlantic City.

This was a traditional keno game with paper slips, but used a computer to select the numbers. His accomplice went into the casino to play the game while Harris stayed upstairs in a hotel room where he could read the keno numbers on the TV and enter them into his computer. Once Harris had entered around 10 numbers, he ran his program to predict the next likely set of numbers the keno computer would pick.

However, Harris could only predict the outcome with 3 percent accuracy. Harris relayed these numbers to his accomplice, who used an algorithm they had worked out to put possible permutations of the numbers on 10 different keno slips, raising chances of selecting the correct number to 30 percent. Unfortunately for Harris and his accomplice, they hit the top jackpot the very first time he played, which had never been done before. The resulting attention caused the authorities to become suspicious, and eventually they arrested Harris and his accomplice.

Pie in the Sky

Another team of unnamed players used similar devices and purportedly won around $1 million from various Las Vegas casinos in the early 1990s. The team, inspired by a book published in 1985 about a roulette prediction computer team called the Eudaemonic Pie, started their reverse-engineering efforts by copying object code (compiled computer code) from patents for various slot machines. However, the team eventually found it was easier to just buy a used machine to reverse-engineer instead.

The team created devices using essentially the same principles Weeks used for his device. Their first device was a computer program that ran on a PC. To use it in the field, one player would phone in the initial data and synchronize a precise Casio timer which would later alert him when to press the button on the machine. This method of communicating information by telephone was a little clumsy, but it provided the team with a degree of protection they were probably not even aware of.

Though the first system worked, the team found it cumbersome and decided to improve it. Once again, inspired by the Eudaemonic Pie, they decided to create a wearable version of their computer. Their new computer communicated with them using vibrators they pulled out of old pagers, but otherwise functioned very much like Weeks’ device. To avoid detection, the team adjusted the device to avoid the biggest jackpots and instead win “a series of smaller, less suspicious amounts.” The new devices worked well and the team reported that they used them successfully for three years before they decided they had won enough money and it was time to stop pushing their luck. As a result, this team was never arrested.

In the 2005 book The Art of Intrusion by Kevin Mitnick and William Simon, the story of this team is chronicled in Chapter 1: “Hacking the Casinos for a Million Bucks.” This chapter is a must-read for all game protection professionals, and gives great insight into RNG timing. For me, the key takeaway from the book that sums up the scam is: buy a secondhand machine with outdated technology, reverse-engineer it and crack the RNG cycle. The book also offers interesting insight into how the team was able to achieve success:

“Two of us had spent some time as musicians. If you’re a musician and you have a reasonable sense of rhythm, you can hit a button within plus or minus five milliseconds.”

It’s Going On Right Now

In May 2016, six people were arrested in Singapore for cheating slot machines in the country’s two casinos. The group was part of a highly organized global syndicate that used sophisticated technology to play and cheat slot machines. One of the culprits was sentenced to 22 months in jail. He joined the syndicate in 2012 and was trained in Russia to cheat specific slot machines from certain manufacturers before he was then sent to perform jobs in casinos in Europe and Macau.

The Singapore sting revealed how he and other syndicate members used devices to record the play patterns of specific slot machines. They would then upload the information to a computer for analysis and decoding. The decoded data was distributed to players who would return to the slot machine with devices that would alert the player of the next large payout.

For industry insiders, the stories of teams popping up around the world using devices and winning jackpots have been out there for a few years now. In July 2014, a great reference guide was circulated to members of a casino surveillance network that brought the activity of the syndicates to light.

In December 2014, the FBI arrested four Russians for cheating slot machines in the U.S. Their investigation revealed they had used sophisticated technology to beat 10 casinos in Missouri, California and Illinois. In February 2015, I wrote an article for Global Gaming Business magazine called “Slot Machines Under Attack,” and followed it up the next month by making it a focal point of the 2015 World Game Protection Conference.

Despite the attention placed on these scoundrels by surveillance intelligence networks, industry publications and conferences, casino operators around the world are still falling victim to the these high-tech cheats. Even after the Singapore arrests, intelligence shared among casino insiders confirms the cheats continue to be active around the world. The most recent attack took place in South America in December 2016.

Fixing The Problem

In theory, the fix is simple. It starts with improving the security and quality of the RNG. The good news is that in September 2016, Gaming Laboratories International (GLI), one of the major gaming machine testing labs, upgraded its RNG standards. Among other things, the new standards suggest using a “cryptographic RNG.” A cryptographic RNG is one that cannot be feasibly compromised by a skilled attacker with knowledge of the source code. The bad news is that the standard is an optional requirement at the discretion of regulatory bodies. My hope is that moving forward, all regulatory bodies will adopt the standard. However, questions remain on what to do with existing and older machines.

Slot Machine Rng Reverse Engineers

The reality is that the Russians have exposed flaws in slot machine technology that have been known for a while. The difference is that unlike Leo, Ron and a small group of computer geeks from the ’90s, the Russians run a highly organized global syndicate that has been cheating casinos for millions. Casino insiders estimate the syndicate has over 40 team members worldwide. This may be the largest casino scam of all time.

This is a problem that won’t go away unless there is decisive action taken by all interested stakeholders: manufacturers, regulators and casino operators. The attack on random number generators highlights the need for managers of gambling operations to develop a better understanding of computer-based gaming equipment.

This important subject will be featured in an exclusive three-hour symposium at the World Game Protection Conference in Las Vegas February 21-23. The focus will be on raising awareness of the problem and understanding how to detect RNG attacks.

Readers ask if quick reflexes are the key to winning

By John Grochowski

I keep a list of questions that I’m most often asked about slot machines. You could probably tick off some of them: “Are games programmed to go cold after a big win?” “Do you get less payback when you use your rewards card?” And the big one, “Can you tell me how to win?”

Those have been standards ever since I started writing about casinos and casino games 20 years ago. But recently, another question has been shooting up the charts. I have it all the way up at No. 2 on the readers’ hit parade:

“I’ve noticed on a lot of video slot games that if I hit the button a second time while the reels are spinning, they stop right away. I was wondering if I could use this to my advantage. If I see the bonus triggers or the jackpot symbols at the top, should I quickly hit the button again and try to stop the reels?”

I had that thought myself the first time I accidentally double-hit a button and saw the reels click to an immediate halt. Could this be an answer to the chart-topping question, “how to win on the slots?”

Unfortunately, it doesn’t work that way. In nearly all slot games that allow you to stop the reels, there is no skill or timing involved on your part. The random number generator has already determined your outcome when you hit the button to spin the reels, and you’re going to get the same result regardless of whether you stop the reels early, or let them halt in their own time.

When you play a slot machine, the game isn’t actually being played out on the reels, whether it uses “real” reels or video reels. It’s being played internally, on the game’s random number generator. The reels are just a player-friendly interface, and are told where to stop by the RNG. If there’s a malfunction and the reel display doesn’t match the numbers generated, it’s the RNG that counts. Large jackpots can be denied—and have been denied—if a check shows the random numbers on the internal computer chip don’t match the winning symbols on the reels.

But this is extremely rare. The engineering is good enough that almost all the time, the RNG and reel display are going to match up. This doesn’t change if you double-hit the bet button. If the RNG has spit out a random number that tells the first reel to stop on a single bar, then you’re going to get a single bar—regardless of whether you hit the button a second time for a “quick stop,” or just let them take their own sweet time.

There are rare exceptions. When I’ve answered similar questions in the past, I’ve mentioned IGT’s Reel Edge games. In their original incarnation, Reel Edge games enabled players to touch and stop the reels one at a time. There was actual skill involved. Your timing in stopping the reels determined the outcome. The reels spun very, very fast, so it was going take a keen eye and sharp reflexes to get better than random results, but it was possible.

I gave it a try, and found my reflexes just weren’t fast enough to generate more than my normal share of winners. In the original three-reel Blood Life game, I identified a green 7 as the easiest symbol to pick out as it whizzed by. I touched each reel individually as I saw a green 7 reach the top of the slot window, and managed to stop 7s on all three reels. Alas, I failed to land them all on the same payline. Some younger folks with quicker reactions may have been able to do better.

I don’t know if any of the first generation of Reel Edge games remain on casino floors. They were never widespread, and I don’t get lists from casinos or manufacturers telling me what games are available in any given casino. The new generation of Reel Edge puts the skill-based portions of the games in the bonus events.

Blood Life’s updated video incarnation, Blood Life Legends, allows you to test your skill with a joystick to guide a bat through the ups, downs, twists and turns of a cave as you try to collect gems for bonuses. There is actual skill involved, but it’s not the reel-stopping experience readers have been asking about.

On most slot games, even in the bonus events you’re getting an illusion of skill rather than actual skill. And when it comes to stopping the reels, it’s the random number generator, not your reflexes, that determines the results.

Slot Machine Rng Reverse Engineering

What about my readers’ other top questions?

Slot Machine Reverse Engineering

To answer another—no, games are not programmed to go cold after big wins. Results remain as random as humans can program a computer to be. As long as the RNG keeps doing its thing, any big jackpot, any hot streak, and any cold streak eventually fade away into statistical insignificance, and the machine comes very close to its expected payback percentage.

Slot Machine Rng Works

No, you don’t get less payback when you use your rewards card. The player rewards system doesn’t interact with the RNG.

And no, with rare exceptions, there is no way to beat the slots except by being in the right place at the right time. There have been opportunities for small profit on games with banked bonuses such as the old WMS game Piggy Bankin’, where the sharpies would start to play only when there were enough coins in the bank to give the player an edge.

Such games are not common. Just as with stopping the reels early, your results are up to chance and the RNG.