The slot in question an Aristocrat MAV500 mark VI is 32-bit and is no longer in production.

It's as random as much it can be made so in that range of 2,147,483,647? I'm not a programmer I'm not sure how a stop symbol or blank is chosen when programming a slot theme.

Newer slots are 64-bit and have larger virtual reels.

Some slots now even use a product called quantum randomness supposedly true randomness. https://comscire.com/

The CPU architecture bit size (32-bit) has no impact on the random range. You can implement an arbitrary length RNG on any machine.

Based on the article it seems that the flaw is that the machine uses the timing of human interaction as a significant seed source. This works well enough for unaware people, but as evidenced here is super easy to exploit once the knowledge is out there. Using time (e.g. the time the program started) as the PRNG seed is a very common security flaw. Otherwise experienced engineers keep making this mistake even in 2017.

My guess is the machine uses the start time as the only seed (probably time since boot) and the perpetrators have made a database containing all the possible spins.

This way, the spins are selections from a stream. If you take a number of samples you can guess the position in the stream and then calculate the most advantageous time to run another spin. The inputs are probably read on a 60hz timer anyway so you can predict which time you're going to get within a few ticks.

I don't think that is what the article said. Where do you read that the machine uses the user's timing to seed the PRNG? It talks about timing the button presses but my understanding was that that was only used after the PRNG was cracked. The PRNG is cracked by measuring the timings of on screen cues. These cues are essentially outputs from the PRNG. There is nothing that indicates the user's timing is used as a seed as far as I can tell.

I assume you understood that by timing I didn't mean seconds from 1970. Beyond that this seems to be getting into semantics territory on how we define 'seed'. To be clear, I agree with what you're saying about the PRNG flaw.

We can probably agree that PRNG is a function that takes an input and produces an output. I guess you take issue with me calling this input the seed. My use is probably a simplification indeed, but I thought one that doesn't change any principles. Because the user's interaction timing is crucial, it seems pretty clear to me that the exploit is about influencing the input of the PRNG. We can call this input something else, e.g. internal state. Or we can call it the seed.

The seed of a PRNG is a pretty well defined thing.

Successful communication depends on participants understanding eachother. You'll notice that the context of my comment was replying to a person who stated that they are not a programmer. Filling my post with unnecessarily precise lingo would work to undermine my goal which is to convey a basic idea.

The Wired story was not accurate. It's true that some early (late 70s) UK electronic slot machines had predictable payout series, but this was quickly noticed and fixed. It is trivially simple to build electronic slot machines that are not beatable by observing any reasonably short series of outcomes (for that matter, from observing over the lifetime of the machine).

The successful electronic slot machine hacks in the last 35 years have all involved either measuring internal machine states or modifying the machines.

In this case, the machines were modified to allow profitable play. This is done either to sell the machines to naive casinos (which is what the Russians did in this case) or to casino managers who use them to skim (the manager's confederates win money which need not be reported to casino owners or tax authorities).

Another practice is to modify machines to extract the maximum amount from players, exploiting behavioral tendencies, rather than giving random payouts as required by regulation in most jurisdictions. Advantage gamblers sometimes discover these machines and use the knowledge to play profitably. But it's not enough to observe a few dozen outcomes, you need to know something about how the payoffs are structured.

You won't find these machines in Nevada, because (a) the regulators are smart and powerful and (b) the place is too big a gold mine to risk over small increases in slots revenue. But there are lots of places with inattentive or weak regulators, in which slots is the whole ball game.

>...rather than giving random payouts as required by regulation in most jurisdictions.

Sort of random since it's pseudo random number generator but there is a specific payback percentage chosen. It's like PRNG up to a point then it's not otherwise how can you give out 96% over 10 million spins if it's truly random.

I'm a slot tech but I don't work with PAR sheets we're purposely kept at arms length for a reason.

Detecting and collecting quantum noise in semiconductors is nothing exotic. Johnson-Nyquist noise (thermal noise across a resistor or within a capacitor) is relatively easy to measure within an integrated circuit, and is how Intel's RDRAND, Via's true randomness instructions, etc. work. Another cheap option is to reverse-bias an LED, paint it black, and measure the leakage current, affected by both Johnson-Nyquist noise and redioactive decay / cosmic rays.

There's little to no excuse for these slot machines not including at least a crude quantum noise collection circuit. Collecting quantum noise in a circuit is nothing exotic and only requires a hand full of transistors and a couple of capacitors. I'm a bit sad that ARM didn't include a quantum noise instruction in the basic arm64 instruction set.

On a side note, it's a shame that WiFi and BlueTooth chipsets don't all have a linear feedback shift register accumulating radio noise. They're already measuring noise and detecting bit errors. With only a few extra transistors, they could be made to expose radio noise to the kernel for use in /dev/urandom and friends.

I found it interesting that part of the vulnerability is that the PRNG takes the time the machine 'spins' as a parameter, thus introducing an attack vector.

I don't know whether it's mandated, but I think that a lot of gamblers would want it that way. They want to be able to influence the game. The outome will still be completely random if the other sources of randomness are good, but the outcome still depended on the gambler's timing.

There has to be something that advances the PRNG to the next output. What's the alternative, advancing a single step each time a random number is actually needed? That also has (potentially much easier to exploit) vulnerabilities.

I know I have read stories about this technique being used before. Doesn't it require special hardware and impeccable timing on your person to take advantage of it?

Article indicates that an iphone is the special hardware. It also handles the timing, even preemptively signals the player when to go based on his/her reaction time.

Timing doesn't have to be perfect - only enough to offset the house edge.

Well, iPhone is the viewing mechanism for engineers on the other side of the world to do the real work.

Interesting how they're doing it, I guess making an app with image recognition takes too much effort, and having all the logic in an app makes it easier for your fellow thief to go independent and not give you your cut. I guess an app that requires login would be possible.

Yeah, it'd be too much of a risk to let the "secret sauce" go anywhere out of their control.

IIRC the iPhone processing power is inadequate.

What are you remembering, exactly?

I made that assumption based on this text:

> So even if they understand how a machine’s PRNG functions, hackers would also have to analyze the machine’s gameplay to discern its pattern. That requires both time and substantial computing power

I would have guessed that the CPU requirements to process the video and map it against the PRNG characteristics would be a bit much for a smartphone, but given how powerful they are these days, that may well be flawed assumption.

I can't speak to the video processing (although with modern neural networks it seems it would be more than doable), but speaking from experience, brute forcing a 32-bit PRNG takes substantially less compute power than you might think...

It only works for OLDER machines and the casinos and/or machine makers are not sufficiently financially motivated to upgrade the the logic

They obviously lose so little that it's not worth the cost of upgrading the software.

Not just software; from the article it sounded like this was pretty old hardware, with a CPU only capable of running a basic PRNG. Doing a hardware upgrade on the zillions of old machines out there (I have no idea of the scale) must not be worth losing a couple thousand dollars here and there to sophisticated scammers.

Any simple enviroment sensor would have done the trick, no? (with any new input permutating some old value, so you can't fool the sensors unless you have acess to them all the time)

That bit about the attacker holding his finger over the spin button and then suddenly hitting it is a dead giveaway. Speed runners manipulate RNG all the time, except, of course, for a little 8 or 16 bit processor, not anything elaborate.

Interesting how the core of an article gets explained with a few sentences given a small amount of background.

And casinos have no fix!!! cough sure whatever