How to Hack a Gumball Machine?

Hacker valiant, nothing impossible. But when it comes to electronic slot machines, the challenge is getting worse: the national authorities very tightly control the algorithms that have to generate random sequences. Impossible mission? Not for this group of Russian hackers who devised a technique to deceive chance. The simplicity of the device is complicated to detect, back on an extraordinary disappointment suffered by an American casino in 2014, and how cheaters come to an end. Our fellow American Wired recognized the story.

Good kisses from Russia

The managers of the casino discovered the pot to the roses because of an accounting anomaly. One-armed bandits are indeed calibrated to offer a guaranteed return on investment in the long term, for example, 5, 15, or 50 cents of income for each euro or dollar played. This theoretical profitability is closely monitored, operating earnings being carefully recorded by the computer. Now, on two particular days (June 2 and 3, 2014), the machines of the casino have offered much more money than they have stored … but without delivering a real jackpot. A statistical aberration.

Investigation

Suspicious, the managers of the casino lead the study. It will reveal the identity of the culprit: a Russian of 37 years. The latter has won in two days over $ 21,000, transforming bets of twenty dollars in gains of up to 1300 dollars, regularly changing machine. A magic trick? Not entirely: on CCTV images, his behavior denotes compared to other customers: stealthily stealing his smartphone on the screen of the machine, the player hesitates a long time before triggering the game, advance hand, back, before suddenly support. And the ride is repeated for each new machine visited, and in several cities.

Used machines

How to explain such an exploit, when the authorities carefully check the gaming machines? In the case of Lumiere Place Casino, the Missouri Games Commission certifies the integrity of each algorithm used. But in reality, the real chance is challenging to produce: this is why pseudo-random number generators (PRNGs) are used. The latter multiplies the operations from a first number to reproduce the chance, according to internal parameters or inherent to the electronics as the frequency of the internal clock of the computer.

RETRO-ENGINEERING. Can we turn the tide and anticipate by reverse-engineering the precise moment when to trigger the game to win? Without accurate knowledge of the hardware of the machine, it is almost lost. But that’s not to mention that Russia has banned casinos and gaming devices since 2009.  Thousands of slot machines then found themselves on the black market. They ended up landing in the hands of expert hackers who could pass Sift the circuit boards of different machine models in search of secret vulnerability.

Computer-assisted cheating

The problem is that these models of penguin bandits resold on the Russian black market are still commonly used in some casinos in the United States or Central Europe. Having been able to take a close look at the electronics of these models is a considerable asset for these hackers acting in an organized band, according to Willy Allison, a casino security specialist based in Las Vegas, who has been studying this type of fraud for years. Years.

Smartphone

The technique? For each machine, the image of the rotating rollers is sent by smartphone to a central team, equipped with massive computing power. The latter takes advantage of its excellent knowledge of embedded electronics. From the images of a dozen standard parts, the hacker program can model the exact moment when the cheater must press the button to have the most probability of winning. It sends a notification (in fact, a vibration) to the player’s smartphone 1/4 of a second before the moment he has to trigger to maximize his winnings.

This pirate and his friends, in this case, based in Saint Petersburg, have since been arrested. But the scam is still running. In 2015, the Singaporean authorities dismantled a Czech cell using the same procedure.