
Show HN: Hacking slot machines with a buttonhole camera and brute-force search - jamesough
https://github.com/tensor8/hacking_slot_machines
======
lysp
A friend "hacked" a similar betting gaming machine.

The game cost $2 to play. It loosely followed the payout rules of the TV show
"who want's to be a millionaire". There were about 10-12 levels and every 2-3
wins you'd get to a checkpoint where you could cash out or continue playing
for more money.

Each level was slightly harder in difficulty/time with 3 "prize/payout"
levels, which changed based on how much the machine had paid out recently. You
could generally win anything from $10-$40 per play.

It had about 8 different games you could play (one being sports trivia). One
of the games you could choose was "spot the difference" where you have 2
images side by side and you needed to touch the screen in a set amount of time
to find the 5 differences.

The method my friend worked out to "hack" the machine was to cross his eyes
and merge the 2 images into one, similar to the stereogram "Magic Eye" images
you can find. By crossing his eyes and merging the images into a single one -
the differences stood out really clearly.

This lasted a few months with him and his friends cashing in on all the
machines in the area, whenever their prize level was high. Eventually the
software company worked out there was a problem with that specific game and
updated their software.

It didn't pay out as high on that game. And the top prize level had to be
completed in under 2 seconds. Which when you're trying to press a not-so-great
touch-screen 5 times in 2 seconds, was not possible as not all presses would
register if you touched it really quickly.

~~~
cgag
Anyone who hasn't used this cross eye method on a spot the difference game
needs to try it, it's a very interesting experience to see the way the
differences are highlighted.

~~~
spappal
Agreed, I just tried it. Two good examples for this are the ones in the
Wikipedia page [0]. The size in the page is maybe a bit large, if it requires
a too large angle of eye crossing: hit Ctrl - a few times to zoom out.

[0]
[https://en.wikipedia.org/wiki/Spot_the_difference](https://en.wikipedia.org/wiki/Spot_the_difference)

~~~
abluecloud
that's amazing. thanks.

------
JoeSmithson
I wrote a similar program a while ago to cheat at Word Soup which is another
of the games on these machines.

[http://chris-knott.appspot.com/projects/word_soup.html](http://chris-
knott.appspot.com/projects/word_soup.html)

They are technically not gambling. There are two different regulations in the
UK - Amusements With Prizes, which are random and you need to be 18+ to play,
and Skills With Prizes which are technically skill games and you don't need to
be 18 to play, or have a gambling license to run.

~~~
downandout
FYI I’m getting an “Over Quota” error when trying to access your site.

~~~
JoeSmithson
Whoops, guess HN used up my bandwidth. Here's a video on YouTube
[https://youtu.be/PICrG3X8XIU](https://youtu.be/PICrG3X8XIU)

~~~
downandout
Thanks! As an amateur advantage gambler, I find all of this stuff fascinating.

------
wst_
Not directly related, but similar approach... Around 20 years ago. One of the
eastern block countries, short after the transformation. Officially democratic
but practically in a limbo between old and new system. Gambling law allows to
run casinos but also a small slot machine parlors - gambling dens for poor and
naive, occasionally getting rich for a short time, before they loose
everything again and put in even more. Novomatic slot machines are deployed in
large quantities in those places. Among them American Poker 2 (which you can
play using MAME [1] if you like.) A crud machine, considering AAA games
released at the time, nonetheless serves its purpose well. No one cares about
3D and shaders in those places, anyway. Two men enter the parlor. One does not
speak local language at all, the other is born local but lived abroad long
enough to get the weird accent. They buy a game for a minimum amount of money
and lose everything fast. Not even trying to win, just passing cards at the
same time noting the sequence in cell phone. Cell phones aren't allowed in the
parlor but they are quick, no one sees anything, besides, they are trained in
memorizing the sequence if needed. They leave the parlor "for a smoke," come
back after few minutes, insert a minimum amount again and win every single
deal. That must have been a really lucky smoke! They cash in a lot, leave a
considerable tip to the staff and off they go. Apparently American Poker 2 is
popular in whole eastern Europe at the time and, apparently, ROM version is
the same everywhere. They are visiting every city big enough to have multiple
parlors. They are visiting multiple countries in the region. They don't work
alone, obviously. They become bold and try to cut a deal with a parlors'
staff. In many places they succeed - it's a lousy job in lousy place.
Especially on night shifts and they rarely visiting during the day. It's safer
that way. So they come, they get a tip from the staff about which slot machine
is money fat this night. It matters more for the staff then for them, it looks
better in daily report. They win, share some with the staff and go to another
parlor or another city. But sooner than later a pattern starts to form and
some notices the behavior of two always winning regulars. Gossip starts to
follow them. It's harder to get by unnoticed. In the end, maintenance crew
updated the game ROM in all machines and the trick stopped to work. At least
for a while. No one ever caught the lucky winners.

[1]
[http://www.gamesdatabase.org/game/arcade/american_poker_ii](http://www.gamesdatabase.org/game/arcade/american_poker_ii)

~~~
nikolay
There was something similar done with a machine called Jolly Card. Hacked ROMs
were widespread, but they got replaced soon and chips sealed to that
replacement could be spotted. But then people reverse-engineered the ROM and
found a flaw in the random number generator. Smart Bulgarians managed to fit a
single chip computer into a car remote, which at the time was a significant
accomplishment. So, after using the remote keys to allow the device to sync
with the poker machine's timer, they were able to guess the part when you can
double your wins. So, after syncing, the smallest win can be increased
1,024-fold (you got a maximum of 10 doublings). They were selling this remote
for 10,000 DEM, or German Marks, which was about 7,200 USD at the time. After
people made millions milking the poker machines in Western Europe, the
manufacturer released a fix, and the new generation of machines got a hardware
random number generator.

I remember some mafia guys came to me knowing I can replicate the hacked ROMs,
so, I cloned it, but I also made a hard-to-notice mark so that I can identify
these machine (well, it was an extra space in some text.) Well, unfortunately,
I wasn't able to find one later, but I didn't look hard for one anyway.

~~~
wst_
Funny thing you've mentioned... The guys were from Bulgaria. Maybe the same
group.

------
splonk
Related: there are various bots for HQ Trivia that do similar things that have
come up on HN before. Here's one with a bit of a writeup:
[https://medium.com/@tobymellor/hq-trivia-using-bots-to-
win-m...](https://medium.com/@tobymellor/hq-trivia-using-bots-to-win-money-
from-online-game-shows-ce2a1b11828b)

My general impression is that being able to screenshot and use real computing
power is a fair bit easier than using OCR on a Raspberry Pi, but question
parsing and querying Google is a lot harder than using a static corpus of
questions and answers.

~~~
kregasaurusrex
I'd previously done OCR work with Twitch streams, but the reliability of the
Tesseract libraries for custom fonts had stopped me from going any further
with it. Since HQ uses a standardized font library, I'd imagine character
extraction would be more successful when recording from screenshots because it
would likely be closer to the library's training datasets.

~~~
lathiat
Counting donations and subs? I’d thought about doing the same.

------
splonk
Note that this appears to be in the UK, given the branding of the machine and
the poster's comments. I'm not sure what the legality is there, but it sounds
like it's a less regulated form of low stakes gambling, so maybe it's
practical there. I imagine whoever's responsible for the machine would kick
you out in a hurry, though. I know there's some been some other rulings that
make UK law pretty bad for advantage players, so it also wouldn't surprise me
if this is illegal there as well.

In the US, this would generally not be called a "slot machine" \- more like a
bar trivia video game from what I can find, which most likely wouldn't pay out
money. US casinos and slot developers are putting some skill-based elements in
their machines, but those are generally added as bonus rounds to regular slot
machines. In any case, using an electronic device on a casino floor is
generally not a good idea in the US. For example, in Nevada,

"NRS 465.075 Use of device for calculating probabilities. It is unlawful for
any person at a licensed gaming establishment to use, or possess with the
intent to use, any device to assist:

1\. In projecting the outcome of the game; 2\. In keeping track of the cards
played; 3\. In analyzing the probability of the occurrence of an event
relating to the game; or 4\. In analyzing the strategy for playing or betting
to be used in the game,

except as permitted by the Commission."

In practice there is some leeway on this - sitting at a video poker machine,
nobody's likely to hassle you for looking up perfect strategy on your phone.
On the other hand, most table games dealers will tell you to leave the table
while using your phone. It's fine to have a paper card with blackjack basic
strategy, but not to check the same information on your phone. But in any
case, the rig described here is not going to be a good idea anywhere in the US
I'm aware of, and that's assuming you can even find a skill-based machine with
sufficient payouts to justify trying it.

------
nyxxie
FYI to author, the video that you tried to delete (quiz.gif) is still
accessible. It's still in your git history and can still be viewed easily,
probably don't want casino people seeing your face :P

~~~
jamesough
Looks like a case for <git-filter-branch>

~~~
nyxxie
Missed a spot with that rebase, looks like you accidentally put it back into
the repo.

~~~
jnaddef
It is not the same. Previous one was showing his face

------
cdubzzz
Unfortunately a little late for the git history wipe...

[https://github.com/tensor8/hacking_slot_machines/network/mem...](https://github.com/tensor8/hacking_slot_machines/network/members)

~~~
jamesough
Yeah, it's not anon: the game was retired from machines and I left the ROM
out. Wouldn't recommend to do for other than fun (and tbh hourly wage would be
very small), but was a fun side-project!

------
p1necone
I'm shocked that there's an ostensibly skill based slot machine.

~~~
owlninja
Yea, where would one find a machine like this? Doesn't really seem like a slot
machine to me.

~~~
Timmah
The Nevada gaming industry is lobbing heavily to legalize them. So they can
target younger demographics.

~~~
dymk
If I could loose money because I'm just unskilled at something (but had fun)
rather than just got unlucky, I'd absolutely use one of those machines.

~~~
albertgoeswoof
It doesn’t really work like that, eg if you play the quiz one, when you get
past £3 the questions become ridiculous, like what is the size in cubic
meteres of lake Victoria? 40040400303 40404940404 or 4940403030 etc

So it just ends up being luck really. They also pay out a fixed amount and the
difficulty rapidly increases if you keep winning.

------
nneonneo
> The game data files look like this; encrypted, unreadable text. Fortunately,
> it turned out that they were encrypted using an xor cipher. This means that
> we can fairly easily write a script to get a list of questions and answers
> in human-readable, decrypted form.

I mean, it doesn't much matter how these things are encrypted - since they
have to be decrypted to display the questions and answers on-screen, the code
and any necessary keys will be present in the game code. You'd only need to
reverse engineer the ROM enough to know where the decryption code is, and
invoke that code (or reverse it and write a compatible implementation). It
just so happens that the encryption is weak enough here that reverse
engineering is not required.

~~~
brian-armstrong
This isn't necessarily true. A lot of machines like this use a security dongle
to perform decryption which means it is very hard to get the data except by
scraping it while it's running (and even then, this can be quite hard)

------
toast0
If you have all the questions and answers; couldn't you just study them? It's
not as fun, but probably just as effective, depending on your ability to
retain useless knowledge.

~~~
jamesough
I tried this initially and put all 30K questions in Anki. I learnt about 97%
of them, but it still wasn't good enough to win

~~~
petercooper
Appreciate this is a tangent, but if you learnt almost 30K trivia questions
off by heart.. have you found that has benefitted you in other ways? Like,
being killer at quiz shows or University Challenge or something? :-)

~~~
jamesough
I got asked to be on a University Challenge team after someone saw me
playing... but completely flopped when they asked independent questions at
trials.

This kind of unlinked data leaks very fast, too: at my peak I had to top up
with Anki for about 3 hours a day. I've forgotten almost all of it now.

A small consolation is that I can still tell you the 'exact number of gallons
of water' in most major lakes.

~~~
perl4ever
"the exact number of gallons of water in most major lakes"

I don't think there is such a thing.

~~~
braythwayt
The exact numbers listed in various reference texts, then.

~~~
vntok
Guaranteed to be completely false, then. What is the point of learning this?

~~~
wingerlang
To win the jackpot of the machine that have them listed as answers.

~~~
feintruled
Yeah, this sort of bullshit question is a go to for machines that need are
ostensibly skill based but need a reliable way to break your streak if you are
winning too much.

I used to be pretty good at the WWTBAM pub machine. I am a pretty quick reader
so could scan read and answer the question pretty much instantly if I knew it,
managed to impress a few onlookers that way (slow readers no doubt) as it
seemed almost supernatural to them. My one taste of what it would feel like to
be a top sports person!

~~~
tragomaskhalos
This reminds me of a regular pub quiz I used to do - the guy hosting would
pull out all sorts of these stupid numeric questions like "what's the distance
between <tube station A> and <tube station B>?", and no point unless you got
the answer _exactly_ , ie to the nearest integer.

Another time the answer to a question was "West Ham" (the soi-disant football
team), and I said to my pals "write down West Ham _United_ , as this guy
doesn't know anything about football and will surely insist upon it" ... and
so it proved, despite howls of protest from other quizzers.

We do a different pub quiz now :)

------
LeonM
If you are into this kind of stuff, I'd highly recommend Kevin Mitnick's book
'Art of intrusion'. The first chapter describes how a group of engineers (I'd
think somewhere in the 80s, early 90's) reverse engineered a popular Las Vegas
poker machine, and managed to walk away with milions in profit.

~~~
hnu0847
Here's another good read:

[https://www.wired.com/2014/10/cheating-video-
poker/](https://www.wired.com/2014/10/cheating-video-poker/)

------
everdev
Applaud the ambition, but please be careful. People go to jail in the US for
trying to hack or cheat at gambling games.

------
stilley2
Cool project (legal/ethical issues aside)! My big question is why bother with
OCR at all? Presumably you can construct a representation of the screen for
each question ahead of time, and you already solve the projective transform
due to the camera, so at that point why not pick some appropriate distance
metric and pick the question/answer pair corresponding to the virtual image
that is closest to the camera image?

~~~
jamesough
They mix up the answers. And sometimes choose 4 answers from a possible
selection of 20.

~~~
stilley2
Ah that makes sense. Thanks

------
rbobby
Yikes.

Using this is almost certainly illegal (cheating) in every jurisdiction, and
could have significant penalties.

This video and the github repository itself could be a crime... teaching
someone how to cheat using a cheating device. Heck even publicizing the video
could get one sucked into the potential mess.

Intention may play a part (i.e. was there any criminal intent in making the
video/code/etc). Would depend entirely on jurisdiction and the specifics of
the legislation.

Sure... it's a fun/cool project with lots of tricky parts to get right/play
with. But I think the author should exercise a bit more caution. If you need a
lawyer to be sure that your project won't land you in jail... perhaps choosing
a different project would be a good idea.

~~~
Someone1234
Which specific law(s) do you believe this breaks? While it is illegal for the
house to cheat most places, and while a punter may break other laws trying to
cheat (e.g. trespassing, tampering, etc), I'm not aware of a specific law
against cheating. I'm also not aware of a law banning the distribution of
materials that may help one cheat (except DMCA? Copyright?).

~~~
lgas
Depends on the jurisdiction but for example in Las Vegas
([http://www.gambling-law-us.com/State-Laws/Nevada/](http://www.gambling-law-
us.com/State-Laws/Nevada/)) I believe this would fall under NRS 465.070
numbers 2, 5, and/or 7.

~~~
Asooka
Well, this cheat is equivalent in operation to having a book with all the
answers to the quiz and a good index. The two should be equivalently legal,
and I strongly suspect someone has tried to sit at a quiz machine with a
curated indexed encyclopedia, so we just have to find that precedent.

~~~
pbhjpbhj
There won't be a precedent because you just can't look up into fast enough,
that's why these systems can still exist even with internet search engines.

------
hirundo
Is the use of this code as described legal? If so why not milk it? If not why
risk assisting?

~~~
dawnerd
Probably a good way to get beat up by casino thugs I’d imagine.

~~~
greymeister
"I'm just curious. I saw you shuffling your checks with your right hand. Can
you do that with both hands?"

------
dentisto
Reminds me of [https://priceonomics.com/the-man-who-got-no-
whammies/](https://priceonomics.com/the-man-who-got-no-whammies/)

------
downandout
Just FYI everyone, using any electronic device to gain an edge at any
regulated gambling game is a felony in Nevada, and it is one that they take
incredibly seriously. If you are caught doing this in Nevada, and they will
certainly be watching for this now that this has been posted, you _will_ go to
jail. I cannot speak for any other jurisdiction, but I’d highly recommend not
using this in Vegas or Reno.

~~~
kuroguro
Any electronic device huh... time to go mechanical!

------
hn_username
This is a really clever and interesting project - thanks for sharing. How on
earth did you come across the ROM for this game?

~~~
jamesough
Many hours of searching through internet archives of dead forums. I don't
think you can find it any more.

~~~
craftyguy
Do you plan to mirror it somewhere (e.g. throw on bittorrent for a bit)?

~~~
jamesough
Nah this was really just a fun side-project, just posting as proof-of-hack.
Also this specific game was retired from machines. Fun as a challenge, though!

------
beeforpork
Man, I read 'butthole camera' instead of 'buttonhole camera' and was confused
(and curious). I need more coffee...

[Plus I find I am not the first; including wording -- so weird...]

------
hn_username
Looking at the cpp code, could you describe the prototype/pattern image? What
sort of prep do you do to make it generally recognizable as the
questions/answers change?

------
nimbius
be careful with this hack and similar ones...real-life casinos have an entire
SOC monitoring absolutely everything on the floor and in the parking lot.

Speaking from experience: As a young and foolish lad I was once arrested and
spent four days in the frigid Clark county detention center in Nevada for
stealing a set of dice from an unattended craps table over a holiday weekend.
I made it about five paces from the table before I was arrested by four
guards.

------
theoh
So what should the book (following the example of "The Newtonian Casino") be
called? I mean, what is actually nontrivial (pun intended) here?

~~~
splonk
For non-Brits, "The Newtonian Casino" is probably more commonly known as "The
Eudaemonic Pie". It's about a group in the 70s using electronic devices to
clock roulette wheels to predict the general area of the wheel the ball would
fall into and make better bets.

An earlier attempt by Thorp (of "Beat the Dealer", probably the most famous
blackjack counting book) and Claude Shannon (yes, that Claude Shannon) is
covered in part of the book "Fortune's Formula".

~~~
spappal
This article [0] explains nicely the story of Claude Shannon et al trying to
win at roulette.

[0] [http://nautil.us/issue/50/emergence/claude-shannon-the-
las-v...](http://nautil.us/issue/50/emergence/claude-shannon-the-las-vegas-
cheat)

~~~
jamesough
Yes! This was very much inspired by Shannon and Thorp. I love that story.

------
anonu
this probably isn't a slot machine game you'd find at a casino...

------
cwkoss
Very cool! What accuracy rate were you able to achieve?

~~~
jamesough
Accuracy is high enough!

~~~
oh_sigh
Would it also be a crime to just remember every question and answer in the
game?

------
purplezooey
Anybody rich yet?

------
mfgs
Raspberry Pi is slow for image processing. You can probably greatly increase
speed if you take smaller images or downsize them before processing.

~~~
LeoPanthera
This is covered in the article. The image is sent to a backpack laptop for
processing.

------
yetiofparis
the rep is dated 2 years ago?

~~~
NKosmatos
Exactly and some “peculiar” edits in the readme... Seems to be for a UK
specific machine.

~~~
yetiofparis
I guess this guy has been milking his code and is rich by now!

------
foota
So... Can you not just memorize the questions?

------
clwk
All I have to say is that I misread this headline and experienced both
disappointment and relief when I clicked through and read about a 'buttonhole'
camera.

~~~
jamesough
V2 will be available as a custom suppository.

~~~
itronitron
in which case you will need to implement a cavity-search algorithm

~~~
pavel_lishin
Depth-first, of course.

------
cptaj
Man, I read butthole and thought this was a totally different kind of project.

~~~
jamesough
V2 will be available as a custom suppository.

