A friend "hacked" a similar betting gaming machine.
The game cost $2 to play. It loosely followed the payout rules of the TV show "who want's to be a millionaire". There were about 10-12 levels and every 2-3 wins you'd get to a checkpoint where you could cash out or continue playing for more money.
Each level was slightly harder in difficulty/time with 3 "prize/payout" levels, which changed based on how much the machine had paid out recently. You could generally win anything from $10-$40 per play.
It had about 8 different games you could play (one being sports trivia). One of the games you could choose was "spot the difference" where you have 2 images side by side and you needed to touch the screen in a set amount of time to find the 5 differences.
The method my friend worked out to "hack" the machine was to cross his eyes and merge the 2 images into one, similar to the stereogram "Magic Eye" images you can find. By crossing his eyes and merging the images into a single one - the differences stood out really clearly.
This lasted a few months with him and his friends cashing in on all the machines in the area, whenever their prize level was high. Eventually the software company worked out there was a problem with that specific game and updated their software.
It didn't pay out as high on that game. And the top prize level had to be completed in under 2 seconds. Which when you're trying to press a not-so-great touch-screen 5 times in 2 seconds, was not possible as not all presses would register if you touched it really quickly.
Anyone who hasn't used this cross eye method on a spot the difference game needs to try it, it's a very interesting experience to see the way the differences are highlighted.
Agreed, I just tried it. Two good examples for this are the ones in the Wikipedia page [0]. The size in the page is maybe a bit large, if it requires a too large angle of eye crossing: hit Ctrl - a few times to zoom out.
Wow, it took me a bit of trying, but I was surprised at how clearly I could see the "compound" picture with the right amount of "cross" when the rest of the world was blurred. And at how well the differences stood out.
Well, gambling is a luck-based game and this pretty much puts the luck in what is supposed to be a luck based game. Casinos aren't obliged to give their customers money if those customers know a neat trick, y'know.
They are, however, expected to make the machines fair and up front about what they're doing. Randomly rejecting the user's inputs because of knowingly bad hardware isn't part of that deal.
The reasonable thing to do would be to disable that play mode altogether, not rig it.
Casinos are obliged to give their customers money if they win the game. If there's a "problem" with the game that makes it easier to win then it's in the casino's interests to change it and eliminate that problem.
Amazing that people would code up a "spot the difference" type of game where you can win money without reading up on the techniques used to solve that type of game.
Check out https://www.reddit.com/r/CrossView/ for some other cool applications of that technique! Though I admit that using it to spot differences is the best application I've seen :)
They are technically not gambling. There are two different regulations in the UK - Amusements With Prizes, which are random and you need to be 18+ to play, and Skills With Prizes which are technically skill games and you don't need to be 18 to play, or have a gambling license to run.
"What is the maximum stake/prize on an SWP?
As you don’t need a licence or permit there is no legal limit for stake or prizes.
However, it would be very difficult to manufacture a genuine SWP machine that is economically viable and offers prizes over £50 (the prize limit set by the industry trade body following discussion with us).
We would be likely to raise questions about machines with prizes above this range."
Not directly related, but similar approach... Around 20 years ago. One of the eastern block countries, short after the transformation. Officially democratic but practically in a limbo between old and new system. Gambling law allows to run casinos but also a small slot machine parlors - gambling dens for poor and naive, occasionally getting rich for a short time, before they loose everything again and put in even more. Novomatic slot machines are deployed in large quantities in those places. Among them American Poker 2 (which you can play using MAME [1] if you like.) A crud machine, considering AAA games released at the time, nonetheless serves its purpose well. No one cares about 3D and shaders in those places, anyway. Two men enter the parlor. One does not speak local language at all, the other is born local but lived abroad long enough to get the weird accent. They buy a game for a minimum amount of money and lose everything fast. Not even trying to win, just passing cards at the same time noting the sequence in cell phone. Cell phones aren't allowed in the parlor but they are quick, no one sees anything, besides, they are trained in memorizing the sequence if needed. They leave the parlor "for a smoke," come back after few minutes, insert a minimum amount again and win every single deal. That must have been a really lucky smoke! They cash in a lot, leave a considerable tip to the staff and off they go. Apparently American Poker 2 is popular in whole eastern Europe at the time and, apparently, ROM version is the same everywhere. They are visiting every city big enough to have multiple parlors. They are visiting multiple countries in the region. They don't work alone, obviously. They become bold and try to cut a deal with a parlors' staff. In many places they succeed - it's a lousy job in lousy place. Especially on night shifts and they rarely visiting during the day. It's safer that way. So they come, they get a tip from the staff about which slot machine is money fat this night. It matters more for the staff then for them, it looks better in daily report. They win, share some with the staff and go to another parlor or another city. But sooner than later a pattern starts to form and some notices the behavior of two always winning regulars. Gossip starts to follow them. It's harder to get by unnoticed. In the end, maintenance crew updated the game ROM in all machines and the trick stopped to work. At least for a while. No one ever caught the lucky winners.
There was something similar done with a machine called Jolly Card. Hacked ROMs were widespread, but they got replaced soon and chips sealed to that replacement could be spotted. But then people reverse-engineered the ROM and found a flaw in the random number generator. Smart Bulgarians managed to fit a single chip computer into a car remote, which at the time was a significant accomplishment. So, after using the remote keys to allow the device to sync with the poker machine's timer, they were able to guess the part when you can double your wins. So, after syncing, the smallest win can be increased 1,024-fold (you got a maximum of 10 doublings). They were selling this remote for 10,000 DEM, or German Marks, which was about 7,200 USD at the time. After people made millions milking the poker machines in Western Europe, the manufacturer released a fix, and the new generation of machines got a hardware random number generator.
I remember some mafia guys came to me knowing I can replicate the hacked ROMs, so, I cloned it, but I also made a hard-to-notice mark so that I can identify these machine (well, it was an extra space in some text.) Well, unfortunately, I wasn't able to find one later, but I didn't look hard for one anyway.
A lot of slot machines used to work like that. The outcome appears to be random, but is in fact a big hard coded table determining the outcome depending on current state. If you know the table and are able to determine the state of the machine, it's easy to cheat the game.
I remember having read similar stories about slot machines in Germany.
Rather famously, a Canadian casino in the 90’s had a keno game which was powered down nightly as the casino was only open 18 hours a day. While the game’s RNG was demonstrably random, a critical error was made in its implementation: the seed was stored in ROM. As a result, it repeated the same sequence of numbers following each power cycle. After a patron matched 19/20 numbers in three consecutive games, they took the machine out of service and ultimately paid him the $620k he’d won.
My general impression is that being able to screenshot and use real computing power is a fair bit easier than using OCR on a Raspberry Pi, but question parsing and querying Google is a lot harder than using a static corpus of questions and answers.
I've built a similar proof-of-concept HQ Trivia algorithm before[0], and from my simple tests, in most cases isn't any additional work needed, just naively send the OCRed question to Google. Of course, some questions don't work using this naive approach, which is why a similar HQ Trivia bot used riffed on this concept with unique (and clever) heuristics[1].
And yes, it is easier to work with a screenshot than a grainy image of text produced by a camera.
Edit: my HQ Trivia system was a simple 1-hour weekend project, so it is by no means perfect. Also, to prevent my Github from being taken down, none of the code is available.
I'd previously done OCR work with Twitch streams, but the reliability of the Tesseract libraries for custom fonts had stopped me from going any further with it. Since HQ uses a standardized font library, I'd imagine character extraction would be more successful when recording from screenshots because it would likely be closer to the library's training datasets.
Note that this appears to be in the UK, given the branding of the machine and the poster's comments. I'm not sure what the legality is there, but it sounds like it's a less regulated form of low stakes gambling, so maybe it's practical there. I imagine whoever's responsible for the machine would kick you out in a hurry, though. I know there's some been some other rulings that make UK law pretty bad for advantage players, so it also wouldn't surprise me if this is illegal there as well.
In the US, this would generally not be called a "slot machine" - more like a bar trivia video game from what I can find, which most likely wouldn't pay out money. US casinos and slot developers are putting some skill-based elements in their machines, but those are generally added as bonus rounds to regular slot machines. In any case, using an electronic device on a casino floor is generally not a good idea in the US. For example, in Nevada,
"NRS 465.075 Use of device for calculating probabilities. It is unlawful for any person at a licensed gaming establishment to use, or possess with the intent to use, any device to assist:
1. In projecting the outcome of the game;
2. In keeping track of the cards played;
3. In analyzing the probability of the occurrence of an event relating to the game; or
4. In analyzing the strategy for playing or betting to be used in the game,
except as permitted by the Commission."
In practice there is some leeway on this - sitting at a video poker machine, nobody's likely to hassle you for looking up perfect strategy on your phone. On the other hand, most table games dealers will tell you to leave the table while using your phone. It's fine to have a paper card with blackjack basic strategy, but not to check the same information on your phone. But in any case, the rig described here is not going to be a good idea anywhere in the US I'm aware of, and that's assuming you can even find a skill-based machine with sufficient payouts to justify trying it.
FYI to author, the video that you tried to delete (quiz.gif) is still accessible. It's still in your git history and can still be viewed easily, probably don't want casino people seeing your face :P
It's strange that he basically removed the entire history, but kept a couple of commits such that the 'face' gif can still be accessed?
Regardless, several forks exists with the original history dating back to 2016. So it's probably too late to do anything about now.
Yeah, it's not anon: the game was retired from machines and I left the ROM out. Wouldn't recommend to do for other than fun (and tbh hourly wage would be very small), but was a fun side-project!
Yeah, it's not anon: the game was retired from machines and I left the ROM out. Wouldn't recommend to do for other than fun (and tbh hourly wage would be very small), but was a fun side-project!
An answer below about denomination (pounds instead of dollars) implies that it's in the UK. Definitely wouldn't expect to see something like this in the states.
It doesn’t really work like that, eg if you play the quiz one, when you get past £3 the questions become ridiculous, like what is the size in cubic meteres of lake Victoria? 40040400303 40404940404 or 4940403030 etc
So it just ends up being luck really. They also pay out a fixed amount and the difficulty rapidly increases if you keep winning.
> The game data files look like this; encrypted, unreadable text. Fortunately, it turned out that they were encrypted using an xor cipher. This means that we can fairly easily write a script to get a list of questions and answers in human-readable, decrypted form.
I mean, it doesn't much matter how these things are encrypted - since they have to be decrypted to display the questions and answers on-screen, the code and any necessary keys will be present in the game code. You'd only need to reverse engineer the ROM enough to know where the decryption code is, and invoke that code (or reverse it and write a compatible implementation). It just so happens that the encryption is weak enough here that reverse engineering is not required.
This isn't necessarily true. A lot of machines like this use a security dongle to perform decryption which means it is very hard to get the data except by scraping it while it's running (and even then, this can be quite hard)
If you have all the questions and answers; couldn't you just study them? It's not as fun, but probably just as effective, depending on your ability to retain useless knowledge.
Appreciate this is a tangent, but if you learnt almost 30K trivia questions off by heart.. have you found that has benefitted you in other ways? Like, being killer at quiz shows or University Challenge or something? :-)
I got asked to be on a University Challenge team after someone saw me playing... but completely flopped when they asked independent questions at trials.
This kind of unlinked data leaks very fast, too: at my peak I had to top up with Anki for about 3 hours a day. I've forgotten almost all of it now.
A small consolation is that I can still tell you the 'exact number of gallons of water' in most major lakes.
Yeah, this sort of bullshit question is a go to for machines that need are ostensibly skill based but need a reliable way to break your streak if you are winning too much.
I used to be pretty good at the WWTBAM pub machine. I am a pretty quick reader so could scan read and answer the question pretty much instantly if I knew it, managed to impress a few onlookers that way (slow readers no doubt) as it seemed almost supernatural to them. My one taste of what it would feel like to be a top sports person!
This reminds me of a regular pub quiz I used to do - the guy hosting would pull out all sorts of these stupid numeric questions like "what's the distance between <tube station A> and <tube station B>?", and no point unless you got the answer exactly, ie to the nearest integer.
Another time the answer to a question was "West Ham" (the soi-disant football team), and I said to my pals "write down West Ham United, as this guy doesn't know anything about football and will surely insist upon it" ... and so it proved, despite howls of protest from other quizzers.
If you are into this kind of stuff, I'd highly recommend Kevin Mitnick's book 'Art of intrusion'. The first chapter describes how a group of engineers (I'd think somewhere in the 80s, early 90's) reverse engineered a popular Las Vegas poker machine, and managed to walk away with milions in profit.
Cool project (legal/ethical issues aside)! My big question is why bother with OCR at all? Presumably you can construct a representation of the screen for each question ahead of time, and you already solve the projective transform due to the camera, so at that point why not pick some appropriate distance metric and pick the question/answer pair corresponding to the virtual image that is closest to the camera image?
At the very least, they probably mix up the order of the answers. On that basis, you immediately multiply the variants by 4!. I wonder if it would be faster to do that comparison or not. And this ignores any potential background animations or other non-static entities on the screen there might be.
Using this is almost certainly illegal (cheating) in every jurisdiction, and could have significant penalties.
This video and the github repository itself could be a crime... teaching someone how to cheat using a cheating device. Heck even publicizing the video could get one sucked into the potential mess.
Intention may play a part (i.e. was there any criminal intent in making the video/code/etc). Would depend entirely on jurisdiction and the specifics of the legislation.
Sure... it's a fun/cool project with lots of tricky parts to get right/play with. But I think the author should exercise a bit more caution. If you need a lawyer to be sure that your project won't land you in jail... perhaps choosing a different project would be a good idea.
Which specific law(s) do you believe this breaks? While it is illegal for the house to cheat most places, and while a punter may break other laws trying to cheat (e.g. trespassing, tampering, etc), I'm not aware of a specific law against cheating. I'm also not aware of a law banning the distribution of materials that may help one cheat (except DMCA? Copyright?).
Even if it does not break any laws, if they suspect you are cheating they can just ban you from the casino and blacklist you from all casinos.
Alternatively...
There is a scene in the movie Casino where there are two guys collaborating and cheating at a table game. One of the internal security people dressed discretely in a suit walks up with a cattle prod.
> There is a scene in the movie Casino where there are two guys collaborating and cheating at a table game. One of the internal security people dressed discretely in a suit walks up with a cattle prod.
It's a movie, that would never happen in any big casino (for one, way too many witnesses).
Fraud requires deception, which didn't happen in my eyes. Decrypting the XORd questions and answers could be interpreted as breaking digital protection though.
As far as we know he legitimately acquired the ROM, he didn't hack the machine, he learnt about that type of machine.
If you used this against a machine in the wild you're using the machine in the intended way. The access is authorised; there's no interdition to using reference sources.
It doesn't seem like a breech of UK CMA to me.
If the OP published the ROM then it's possibly copyright infringement.
2, and 5 only apply to "game[s] or other event[s]" which has a specific definition (namely it is about e.g. sports betting and other live events). 7 doesn't apply at all since he didn't alter or manipulate the machine in question, it is working as intended.
Plus the claim was:
> in every jurisdiction
Nevada has some of the most strict gambling laws in the world (and showing it is illegal in Nevada hasn't even been satisfied yet).
Well, this cheat is equivalent in operation to having a book with all the answers to the quiz and a good index. The two should be equivalently legal, and I strongly suspect someone has tried to sit at a quiz machine with a curated indexed encyclopedia, so we just have to find that precedent.
There won't be a precedent because you just can't look up into fast enough, that's why these systems can still exist even with internet search engines.
There are laws in the US that ban using any machine that enhances your ability to win, even if you never tamper with the machine. This covers attacking the RNG by analyzing past outcomes and predicting future outcomes of the machine. Not what the OPs post does, but just clarifying that you can be charged with cheating even if you don't tamper in the US.
Wonder if you print a directory indexed by say the first two word of the question. Not sure that would be fast enough but would be fully legal since it isn’t a device. Would be the same thing as a reference on perfect blackjack strategy which any casino allows (and most sell in the gift shop).
This poses an interesting question. How simple an algorithm can be so that "cheating" it is still considered illegal? At which point it becomes the machine owner's loss instead of the player being guilty of cheating?
Suppose that there is a game that produces random numbers and asks the player whether the next number will be odd or even. If the player guesses correctly he will gain a point and if he guesses wrong he will lose a point. Eventually the machine will pay some amount of cash for points collected. Now, it turns out that the machine happens to produce an odd number after each even number, and an even number after each odd number. If (and when) the player figures that out he can rack up points and get a good payout from the machine. Nobody would dare to accuse the player being a cheater because it's so plain obvious that the machine is just programmed in a stupid way.
Now, let's consider a game that is more complex but still simple enough that you could figure out the algorithm either in your head or by feeding a long enough sequence of the game state to a computer to be processed offline. Then after you've reverse-engineered the algorithm you can play it yourself and you'll know at least something that will happen in the game, ahead of the time. Time to cash the machine again. Is this still not cheating?
How about reading the machine's binary dump found on the internet and rebuilding the game algorithm that way, then abusing the knowledge for gains when playing the machine. Cheating or not cheating? Why? How complex the algorithm needs to be for beating it to be considered cheating? How would it matter where the understanding came from?
As in the article, if the game can be reduced to a database of a number of multiple-choice questions and the answer bit for each correct option, how much protection from "hacking" does the game enjoy and why? Especially if the questions could be answered by knowledge acquired from regular studies instead of reading them from the binary dump? How much complexity is required for this sort of protection? And how about different people considering the game's inner workings very complex vs rather simple? If for one an impenetrable oracle of quizzes is a simple exercise for some other, where does illegality come into play?
When does it become the loss of the game machine's owner or maker if we keep considering ever poorer and poorer implementations?
> Then after you've reverse-engineered the algorithm you can play it yourself and you'll know at least something that will happen in the game, ahead of the time. Time to cash the machine again. Is this still not cheating?
Sounds like counting cards. From Wikipedia, "Card counting is not illegal under British law, nor is it under federal, state, or local laws in the United States provided that no external card counting device or person assists the player in counting cards. Still, casinos object to the practice, and try to prevent it, banning players believed to be counters."
So you may not go to jail, but maybe you'll get shot in the back of the head
You do realize that sort of stuff doesn't happen anymore. Vegas became incredibly corporate after the mob got kicked out. Maybe that sort of thing still happens elsewhere but I would be surprised if it happens anywhere in the US anymore. With the exception of completely illegal shady underground casinos.
If it's a public machine, (i.e. in an airport) I don't see how it could be illegal. If you have to sign forms saying you won't cheat before you play... well, that's different.
The machine described isn't really a "slot" machine in any traditional sense of the word and you wouldn't find one in a casino. It's a pub quiz machine.
Just FYI everyone, using any electronic device to gain an edge at any regulated gambling game is a felony in Nevada, and it is one that they take incredibly seriously. If you are caught doing this in Nevada, and they will certainly be watching for this now that this has been posted, you will go to jail. I cannot speak for any other jurisdiction, but I’d highly recommend not using this in Vegas or Reno.
Nah this was really just a fun side-project, just posting as proof-of-hack. Also this specific game was retired from machines. Fun as a challenge, though!
Looking at the cpp code, could you describe the prototype/pattern image? What sort of prep do you do to make it generally recognizable as the questions/answers change?
be careful with this hack and similar ones...real-life casinos have an entire SOC monitoring absolutely everything on the floor and in the parking lot.
Speaking from experience: As a young and foolish lad I was once arrested and spent four days in the frigid Clark county detention center in Nevada for stealing a set of dice from an unattended craps table over a holiday weekend. I made it about five paces from the table before I was arrested by four guards.
For non-Brits, "The Newtonian Casino" is probably more commonly known as "The Eudaemonic Pie". It's about a group in the 70s using electronic devices to clock roulette wheels to predict the general area of the wheel the ball would fall into and make better bets.
An earlier attempt by Thorp (of "Beat the Dealer", probably the most famous blackjack counting book) and Claude Shannon (yes, that Claude Shannon) is covered in part of the book "Fortune's Formula".
Well the original gif showed part of his face, he has since removed that from his repo and history, but there are several forks where it is still visible. So, anonymous fail.
It's not anon. The game was retired from machines and I left the ROM out. Hourly rate probably wouldn't be very high if you did try to actually make money. Fun challenge though!
All I have to say is that I misread this headline and experienced both disappointment and relief when I clicked through and read about a 'buttonhole' camera.
The game cost $2 to play. It loosely followed the payout rules of the TV show "who want's to be a millionaire". There were about 10-12 levels and every 2-3 wins you'd get to a checkpoint where you could cash out or continue playing for more money.
Each level was slightly harder in difficulty/time with 3 "prize/payout" levels, which changed based on how much the machine had paid out recently. You could generally win anything from $10-$40 per play.
It had about 8 different games you could play (one being sports trivia). One of the games you could choose was "spot the difference" where you have 2 images side by side and you needed to touch the screen in a set amount of time to find the 5 differences.
The method my friend worked out to "hack" the machine was to cross his eyes and merge the 2 images into one, similar to the stereogram "Magic Eye" images you can find. By crossing his eyes and merging the images into a single one - the differences stood out really clearly.
This lasted a few months with him and his friends cashing in on all the machines in the area, whenever their prize level was high. Eventually the software company worked out there was a problem with that specific game and updated their software.
It didn't pay out as high on that game. And the top prize level had to be completed in under 2 seconds. Which when you're trying to press a not-so-great touch-screen 5 times in 2 seconds, was not possible as not all presses would register if you touched it really quickly.