Markus VS TradaCasino (Viaden Gaming)

[Seventh777]

Makes plenty of sense. Just thought I'd speak up.

On a side note, this kind of software can be really hard to detect unless you comb through every bet a player's making. That costs the casino time and money, slows down withdrawals, and it's really the cause of most of the hassles that innocent players get put through. The problem is, even when you're looking at a bet history that just ain't right somehow, you can't see what they were using to do it. So you have a short period of time before you process the withdrawal, to prove there's no way it could've happened in the real client, no way the server could've messed up, and then figure out what they must've written to tap into the data. And of course you don't want anyone to find out how it happened - or even that it did happen, if you care what investors think. That's why so often this gets swept under the rug, and it ends up making the casinos more paranoid, which just hurts the players.

I know people in the industry who go around checking out what kind of data's getting sent back and forth to different kinds of casino software, looking for weaknesses. I've heard some real amazing ones. I heard the other day about a very respectable guy who figured out how to get into anyone's account on a certain piece of software. He didn't do anything with it but report it. Heck when someone shows me a new piece of casino software, the first thing I want to know is how well it's written, and whether it can be hacked in five minutes. In the early days there were all those incidents of hole cards being sent over the wire -- that was just stupid, but it's surprising how many other problems there still are like that, even in the newest software. Especially now that so much stuff is outsourced, where cheap programmers with no security experience make rookie mistakes.

Enforcing matching bets in a game like Blackjack Switch and Three Card Poker can actually be a costly server process depending on what your architecture looks like. You have to check it each step of the way, and make sure the data wasn't changed, but you also have to make sure that while a player's making or changing one bet, he's got enough in his account to make or keep the second one.

It seems amazing someone would take the time to figure out that even could be hacked, but the only amazing thing here is that it came to light at all. Site operators face this kind of stuff all the time... these guys aren't players, they're hackers. They're not there to gamble and win, they're just looking for a way to steal. And from our end, we're blind, because they can duplicate whatever the client software's doing, and tweak whatever they want to. We can log and record everything and look for oddities, but the more you record every little thing the more mountains of data there are to sift through, and plus it slows down your servers.

Anyway, now I'm rambling like an engineer. This has been enlightening, though. I hope we'll get more conversations about these kinds of things. I should start sharing some of these stories and seeing if other reps are willing to talk about it too.

I read your post with interest especially how hard it is for you guys to detect instances like this, can`t you guys use similar software that the big online gaming companies use?, the makers of WoW (Blizzard Entertainment) use one named Warden, which is uber efficient at locating illegal 3rd party software, these are mainly focused on the farming bots that the Chinese dudes use to farm gold and sell in breach of the EULA, an example of how good this software is, a former guildie whom was about to leave the game for good d/l a farming bot and was giving us a detailed analysis via guild chat, the last we heard from him was `Okay, turning it on now`, and that was that, a few seconds and it automatically locked his account.

Using this software has caused heaps of controversy for Blizzard but meh, we all sign the EULA there, it may be worth looking at, it`s a pretty damn good piece of kit imho.........

http://en.wikipedia.org/wiki/Warden_%28software%29

[jstrike]

I read your post with interest especially how hard it is for you guys to detect instances like this, can`t you guys use similar software that the big online gaming companies use?, the makers of WoW (Blizzard Entertainment) use one named Warden, which is uber efficient at locating illegal 3rd party software, these are mainly focused on the farming bots that the Chinese dudes use to farm gold and sell in breach of the EULA, an example of how good this software is, a former guildie whom was about to leave the game for good d/l a farming bot and was giving us a detailed analysis via guild chat, the last we heard from him was `Okay, turning it on now`, and that was that, a few seconds and it automatically locked his account.

Using this software has caused heaps of controversy for Blizzard but meh, we all sign the EULA there, it may be worth looking at, it`s a pretty damn good piece of kit imho.........

http://en.wikipedia.org/wiki/Warden_%28software%29

Any software like that's gotta kind of know what it's looking for. I wrote my own software, so all my protections are in there. And yeah, it's booby-trapped up the wazoo as far as obvious stuff. It looks for things people might try to do, like, I've got multiplayer blackjack with 3 seats per player, and you can grab a stack of chips at one seat and move them to another stack and merge them. The client doesn't let you grab someone else's stack of chips, obviously, but if someone wrote their own client that let them do it on their end, that's one of a couple dozen triggers that'd kick them out and freeze their account instantly. Other triggers are silent and just record oddities. Like, if the stack they tried to grab didn't belong to anyone, but it just didn't exist. The software would give them the benefit of the doubt that maybe they're on a really slow connection, where they were still seeing an old bet that belonged to them, but it still keeps track of that stuff.

But then there's just the "how the heck did that happen" kind of situations. Like the guy who cleared multiple bonuses, playing 70,000+ hands of blackjack over a few weeks, at 10¢ a hand, with a 98.8% RTP. After watching for a long time, I figured out he was sometimes, rarely, not playing basic strategy. Was it a bot playing bonus strategy? He never split, and he never sat at more than one seat. The first few days he never doubled down, and then he started doubling correctly, every single time. But he swore up and down he wasn't using a bot. And if the bot impersonated the client perfectly, then I'd have no way to know for sure. The only evidence of anything was that sometimes he'd get disconnected and after a few minutes the system would eat his bet. That's not supposed to happen if he's the only guy at a table. He should have gotten his bets back. The only way it could happen is if the main login part of the system thought he was still connected, but the game table thought he wasn't. That's possible evidence that he was running two clients -- the real one, and a fake one on the side that stripped the table data out of the real one, scrambled the bets, and put them back in the stream. The fake got confused and crashed or went silent on the table, but the real one stayed connected. Again, that's not hard enough evidence to convict the guy, so I just paid him out.

[Seventh777]

Any software like that's gotta kind of know what it's looking for. I wrote my own software, so all my protections are in there. And yeah, it's booby-trapped up the wazoo as far as obvious stuff. It looks for things people might try to do, like, I've got multiplayer blackjack with 3 seats per player, and you can grab a stack of chips at one seat and move them to another stack and merge them. The client doesn't let you grab someone else's stack of chips, obviously, but if someone wrote their own client that let them do it on their end, that's one of a couple dozen triggers that'd kick them out and freeze their account instantly. Other triggers are silent and just record oddities. Like, if the stack they tried to grab didn't belong to anyone, but it just didn't exist. The software would give them the benefit of the doubt that maybe they're on a really slow connection, where they were still seeing an old bet that belonged to them, but it still keeps track of that stuff.

But then there's just the "how the heck did that happen" kind of situations. Like the guy who cleared multiple bonuses, playing 70,000+ hands of blackjack over a few weeks, at 10¢ a hand, with a 98.8% RTP. After watching for a long time, I figured out he was sometimes, rarely, not playing basic strategy. Was it a bot playing bonus strategy? He never split, and he never sat at more than one seat. The first few days he never doubled down, and then he started doubling correctly, every single time. But he swore up and down he wasn't using a bot. And if the bot impersonated the client perfectly, then I'd have no way to know for sure. The only evidence of anything was that sometimes he'd get disconnected and after a few minutes the system would eat his bet. That's not supposed to happen if he's the only guy at a table. He should have gotten his bets back. The only way it could happen is if the main login part of the system thought he was still connected, but the game table thought he wasn't. That's possible evidence that he was running two clients -- the real one, and a fake one on the side that stripped the table data out of the real one, scrambled the bets, and put them back in the stream. The fake got confused and crashed or went silent on the table, but the real one stayed connected. Again, that's not hard enough evidence to convict the guy, so I just paid him out.

Wow, that`s a whole heap of crap to try keep an eye on, got me to thinking that some casinos may have security software looking for spikes of identically timed to the millisecond play, using scripted macros etc, and confuse this when players use auto play on slots, I get a lot of disconnections when playing the same slot for a long time in MGS casinos and in most cases this is when i`m using auto-play.

Just a thought ofc .

[vinylweatherman]

Wow, that`s a whole heap of crap to try keep an eye on, got me to thinking that some casinos may have security software looking for spikes of identically timed to the millisecond play, using scripted macros etc, and confuse this when players use auto play on slots, I get a lot of disconnections when playing the same slot for a long time in MGS casinos and in most cases this is when i`m using auto-play.

Just a thought ofc .

This wasn't about autoplay and bots (the usual suspects). This was way beyond this. In effect, the casino system was hacked so that illegal bets could be placed that made some more complex games operate way outside their own rules, giving the player an advantage.

Blackjack Switch was designed to ONLY accept equal bets, and the rules and paytables worked on this assumption. The hack enabled unequal bets to be placed, with one seat being a nominal 1 credit purely to provide swap cards that would enable the other to be played "properly", but with a considerable +EV. The same hack could turn many table poker games +EV by enabling unequal ante and play bets, thus reducing the house take from folded hands.

It throws a new light on the concept of "bot fraud", where the belief is that bots cannot be fraud, since they simply play the game as well as a human with perfect skill, but faster and for longer, which can only benefit the house. However, a bot that can also cause the server to process invalid bets is different. As a hack circumventing the published rules of the game, it would be fraud. It would be like claiming it was OK to insert a screwdriver through a gap in a fruit machine cabinet and empty out all the coins because an implementation oversight in cabinet design allowed it, and there was no published rule probibiting the use of screwdrivers as an aid to play.
BTW - I didn't make this up, this was an actual scam that was used on some cabinet designs until an additional piece of metal was added to block passage of an instrument like a screwdriver to the payout solenoid. The scam even worked on some machines with hoppers.

The accepted rule for a legit emptier on the fruities is to play the game using the buttons as provided, which is the same as playing a casino using the client provided. Using "third party buttons" like screwdrivers, refill keys, and spark generators on fruities is likely to get you into trouble, possibly criminal. The best is that other savvy players will notice, and know that you are a hard line "pro", and to avoid filling the machines up for you.

I never used such methods, although I saw them in use. It told me which machines to avoid. In all the years of playing, I have never owned a refill key.

Sites are now so aware of these scams that even owning a "device" could get you thrown out, even "looking like a pro" is enough to get you kicked out of a few places.

[thelawnet]

Hello everyone,

First of all I would like to apology for the delay in response: yesterday I was going to bed when I saw this thread.

Also I would like to thank all forum members for their input in this thread.

The case is: the OP registered at Trada Casino and made two deposits (20 and 50 EUR). The first deposit was lost, then the OP made another deposit and managed to build the bankroll to €1381, mostly playing Blackjack Switch. After he submitted a withdrawal, his bets history was analysed, and it was found that he was was making bets which were impossible in casino client. For example, there are many bets where bet amounts are different for boxes #1 and #2 (as you know, in Blackjack Switch you have to make equal bets on two boxes).

Below is an example from the OP's bet history:



As you can see, two different bets were made on boxes #1 and #2, when they should have been equal. It gives players an advantage over the casino, because when they switch the cards - the better hand could be built for the bigger bet.

This makes sense, although the above is a poor illustration, since the player doesn't switch.

Let's say, for clarity, you had a bet of $999.99 on one spot, and $0.01 on the other. The $0.01 spot is clearly worthless, so basically what you end up with is no longer a game of balance, but a game where you effectively have the FREE choice to switch your second card out for another face-up card. The advantage is huge.

E.g.,

consider dealer 8 vs.

9,8 = 17, bet $500
t,t = 20, bet $500

We expect the 17 to lose (given a dealer 10, the most likely option), and the 20 to win (likewise).

If you switch, you end up with 19 and 18, the 18 is most likely to push and the 19 to win.

If the dealer had a 9, however, the switched 18 is probably a loser, and we DON'T switch in this case - we abandon our hand of 17 and stick with the good 20.

If however, your bets look like this:

Up card 8
9,8 = 17, bet $999.99
t,t = 20, bet $0.01

Then clearly you want to improve your 17 to a 19, you couldn't care less about the 1 cent hand, that's just there to provide good cards for the 17.

17 is a terrible hand in blackjack, whereas 19 is a very good one.

This isn't a question of circumventing bet limits so much as fundamentally changing the game being played. This changes the game from a complex game of balancing two hands with equal bets to a simple 'build the best 2-card hand using 3 cards'.