Q&A Ask Me Anything about Slots (AMA) 2020 with Trancemonkey

Halvor

Experienced Member
Joined
Apr 3, 2018
Location
Malta
How does the game client know that it's talking to a bona fide server ? Online MMORPGs are rife with 'private servers' that offer great customisations (and no subscription fees), why not private servers that can demonstrate inflated RTP by returning a higher percentage of winning spins back to the client ?

(or maybe I just want the buzz of awarding myself a wildline on the first bonus spin) ;)
The game client/server is hosted by the provider, not the casino.

Casinos(unless they run shady pirated software) do not have access to changing anything, neither do they have access to any maths or source code.

If you take netent games for example, you will always see them connect to ****.casinomodule.com
 

trancemonkey

Ueber Meister
Joined
Mar 29, 2013
Location
United Kingdom
Thanks Puddlefish, I was more under the impression that client simply gets a series of parameters from the server and presents the display based on these along with client-side resources such as reel-sets, sounds, bonus/gamble functions, etc. When my latest timeout finishes, I'll let Fiddler loose on the Goonies and see what's what - as well as any HTTP headers that may hint at an authentication process.

I was just being lazy with asking TBH as I know we can get some of the answers..... it's just remembering how that software works in order to do it - and interpreting the results. It was all triggered by the discovery of a 'demo feature' on 'Ted' a couple of years' ago and got me thinking that a game client can receive a specific set of instructions on demand to produce a visual result - in this case 'Next spin will be this.... leading to this bonus, etc.

Now I've run out of Bacofoil :)
I don't know how the handshake is carried out between client and server, but the client is dumb anyway... the server handles all the information, so I'm not sure what writing a dodgy client would gain... you would send a spin request, but unless you had all the account details and the server knew you signed in, I'm not even sure you would get a result back...
 

Masquerade67

Newbie member
Joined
Mar 10, 2018
Location
South
Yes - the golden rule....never trust the client. However, I was trying to answer the question as to whether a genuine, checksummed-whatever, client could display whatever you wanted it to by replacing its genuine server's communication with whatever instructions you wanted. Take the casino out of the loop, they would just authorise the spin with a genuine provider. I'll come back to this in a couple of weeks when I can play....literally :)
 

trancemonkey

Ueber Meister
Joined
Mar 29, 2013
Location
United Kingdom
Yes - the golden rule....never trust the client. However, I was trying to answer the question as to whether a genuine, checksummed-whatever, client could display whatever you wanted it to by replacing its genuine server's communication with whatever instructions you wanted. Take the casino out of the loop, they would just authorise the spin with a genuine provider. I'll come back to this in a couple of weeks when I can play....literally :)
Well, yes i would think so.... the client just interprets the spin result sent by the server, so if you were clever enough you could do it I guess. Don't know for definite though... not my area of knowledge
 

PuddleFish

Newbie member
Joined
Feb 17, 2020
Location
Somewhere
Well, yes i would think so.... the client just interprets the spin result sent by the server, so if you were clever enough you could do it I guess. Don't know for definite though... not my area of knowledge
As mentioned clients are dumb. They can only act on what the server tells them. If you look at what is sent to and from any slot client then most of them use some form of text format. Usually json and as such you can alter it and/or store it and replay it to see the same thing again or some other outcome. The client can never know if its a true server or an alternate it got the responses from.

If you however alter the packets then it would be very easy to come in a state that isn't actually possible. Say for example get the client to show the same symbols in all reels while that wouldn't be possible with data from a real server. You would also most likely crash the client a number of times because you tried to get into a state it wasn't designed for.
 

Masquerade67

Newbie member
Joined
Mar 10, 2018
Location
South
I had a good bit of fun looking at the packets going from / coming to me to from casino / game provider. I'm not sure what detail I can post that is not already known TBH but, for the purposes of what I set out to do, I do think it's possible to simulate a game provider's server at this stage but it would take some time to interpret the SpinResponses and Javascript and, even then, you would need to have 'collected' enough of the game code to supply your client (e.g. The 'Hidden Treasure' featurette below requests a .JS download - presumably if the game client cannot see it cached)

<SpinResult symInView=“8,1,0|6,2,7|3,2,4|6,3,8|2,3,7” overlayInView=“9,9,9|9,9,9|9,9,9|9,9,9|-1,-1,-1”>
<GameSpecificData>
<SpinModifier index=“2” name=“HiddenTreasure” otherPicks=“0,1” />
</GameSpecificData>

(This was also a red skull feature - hence four reels being wilded - shame I was only playing 40p.)

A lot of the data is loaded up before the GUI gives you control (backgrounds, banners, reel symbols, .OGG sound file) so the game would be playable but it would take some time to get the full set of code...... even then, there are probably dynamic parameters from the server based on goodness knows what as well as any logic based on provider<>casino conversations which we cannot see. (Session Keep-Alive ??)

Plus, you will have to self-sign the provider's domain. I would hope that the game client will only talk to a valid, certified provider URL.

In summary - fun to look at the back-end code and trying to work out what relates to what but the original concept would be very difficult and time-consuming to implement but, at this stage, not an impossibility.

I'll probably revisit when I get severely bored but it was a brief stab into a game that I really enjoy playing. I will state that I did not attempt to do any server-side activities here - before I raise any concerns from the industry.

Ade
 

Bloatgoat

Senior Member
webby
Joined
Nov 29, 2017
Location
Somewhere
The game is just a dumb client, sending a request with bet size, and the gameserver answers accordingly. The output of the gameserver is just as what you see in your GameSpecificData. Some numbers that for us dont make sense but does in the game as in displaying the rheels accordingly.

If it can be tapped into? I'm sure it could.
 

The Reel Story

Full Member
Joined
May 5, 2019
Location
United Kingdom
Most of the time it's not even that complicated. Developers don't use any kind of arcane algorithms (that just makes it harder for them to implement their games). So normally everything in the client<>server requests is very straight forwards.

As for intercepting. Totally. We used to do it all the time when testing game clients. Use Postman or Burp Suite. Modifying the coms to test certain scenario's were standard test cases :)
 

X-Raided

Keep It Simple, Stupid.
PABinit
Joined
Aug 24, 2010
Location
Your Happy Place
@trancemonkey

I know that you've mentioned NetEnt was your go to provider but have lacked a bit in the creativity department as of lately...

My question to you is, besides the company that you represent, which provider do you genuinely believe to be at the top of their game :p in 2020 and why?

I know that you've tested 1000's of hours on different games from different providers.

After naming your current favorite provider and the reasons why, who do you believe is a
rising star in the industry if they stay on the same trajectory?


(If this question has been already asked, please reply with a quote and accept my apology)

Thanks in advance!
 

dionysus

Contest Manager
Staff member
CAG
MM
Joined
Apr 27, 2009
Location
the land of snow and maple syrup
@trancemonkey

I know that you've mentioned NetEnt was your go to provider but have lacked a bit in the creativity department as of lately...

My question to you is, besides the company that you represent, which provider do you genuinely believe to be at the top of their game :p in 2020 and why?
trance may beat me to it, and if memory serves...BTG....that while it's getting a little (ok, lots) over-saturated, it's one of the newer, better (though not entirely) unique slots modelsthat, if people arent simply licensing are emulating

I'm sure he'll correct me if I'm off base :p
 

dunover

Unofficial T&C's Editor
Staff member
webmeister
PABnonaccred
PABnononaccred
CAG
mm3
Joined
May 22, 2012
Location
the bus shelter, opposite GCHQ Benhall
I had a good bit of fun looking at the packets going from / coming to me to from casino / game provider. I'm not sure what detail I can post that is not already known TBH but, for the purposes of what I set out to do, I do think it's possible to simulate a game provider's server at this stage but it would take some time to interpret the SpinResponses and Javascript and, even then, you would need to have 'collected' enough of the game code to supply your client (e.g. The 'Hidden Treasure' featurette below requests a .JS download - presumably if the game client cannot see it cached)

<SpinResult symInView=“8,1,0|6,2,7|3,2,4|6,3,8|2,3,7” overlayInView=“9,9,9|9,9,9|9,9,9|9,9,9|-1,-1,-1”>
<GameSpecificData>
<SpinModifier index=“2” name=“HiddenTreasure” otherPicks=“0,1” />
</GameSpecificData>

(This was also a red skull feature - hence four reels being wilded - shame I was only playing 40p.)

A lot of the data is loaded up before the GUI gives you control (backgrounds, banners, reel symbols, .OGG sound file) so the game would be playable but it would take some time to get the full set of code...... even then, there are probably dynamic parameters from the server based on goodness knows what as well as any logic based on provider<>casino conversations which we cannot see. (Session Keep-Alive ??)

Plus, you will have to self-sign the provider's domain. I would hope that the game client will only talk to a valid, certified provider URL.

In summary - fun to look at the back-end code and trying to work out what relates to what but the original concept would be very difficult and time-consuming to implement but, at this stage, not an impossibility.

I'll probably revisit when I get severely bored but it was a brief stab into a game that I really enjoy playing. I will state that I did not attempt to do any server-side activities here - before I raise any concerns from the industry.

Ade
Or use Slottracker which intercepts and logs these packets between you and the game server. Access the data from that programme. May make things a bit easier?
 

trancemonkey

Ueber Meister
Joined
Mar 29, 2013
Location
United Kingdom
@trancemonkey

I know that you've mentioned NetEnt was your go to provider but have lacked a bit in the creativity department as of lately...

My question to you is, besides the company that you represent, which provider do you genuinely believe to be at the top of their game :p in 2020 and why?

I know that you've tested 1000's of hours on different games from different providers.

After naming your current favorite provider and the reasons why, who do you believe is a
rising star in the industry if they stay on the same trajectory?


(If this question has been already asked, please reply with a quote and accept my apology)

Thanks in advance!
Well, BTG obviously get the plaudits for the Megaways idea - though i'm less impressed by MegaClusters and MegaQuads. In terms of providers that are improving, i would look at some of the recent iSoftBet and Push Gaming games. I've made it clear multiple times that i think Megaways is saturated now, but i can totally see why it continues - and it will do until players speak with their wallets - but i think they are here to stay for a long long time because it's a mechanic you can put on to every game (and re-release, as we are seeing) - the other IP BTG have tried to come up with can't have that same impact.

There are many, many providers in the online segment, and many will rise and fall (i expect NetEnt to fall much further in the coming years to be honest...) but in terms of who will be top in 2020... well, in terms of top 10 games, it's probably still Blueprint or BTG at the moment.
 

Masquerade67

Newbie member
Joined
Mar 10, 2018
Location
South
Or use Slottracker which intercepts and logs these packets between you and the game server. Access the data from that programme. May make things a bit easier?
Thanks for that. I was more looking to recreate the server environment as a challenge. It was a passing fad that originally started off with our own remake of a WoW server where in-game events would have real-world consequences on servers / print-queues, etc. Just nice to try and work out what the missing bits are server-side based on what the client gets given to bait us with :)

I'll install the plug in and see whether my RTP is really as bad as I think it is. Thanks D
 

Bloatgoat

Senior Member
webby
Joined
Nov 29, 2017
Location
Somewhere
So i did the consisting, 3x the following over 3 different casino's. Spawn open DOA1. Put bet at 36 cents. Hit auto play for 100 spins. One casino in particular lost faster then the other 2's. Does this mean that the RTP is different from the 2 other casino's?

I currently asked for the numbering; if this slot is advertised as 96.80% then no way it cant consistently lose so fast up to 3x compared to the others, which carry the same 96.80%.
 

trancemonkey

Ueber Meister
Joined
Mar 29, 2013
Location
United Kingdom
So i did the consisting, 3x the following over 3 different casino's. Spawn open DOA1. Put bet at 36 cents. Hit auto play for 100 spins. One casino in particular lost faster then the other 2's. Does this mean that the RTP is different from the 2 other casino's?

I currently asked for the numbering; if this slot is advertised as 96.80% then no way it cant consistently lose so fast up to 3x compared to the others, which carry the same 96.80%.
You'll ignore this answer as it doesn't suit your long held narrative, but statistics and probability absolutely does explain what you see. In fact, it would be very strange if the opposite were true.
 

Bloatgoat

Senior Member
webby
Joined
Nov 29, 2017
Location
Somewhere
I had a feeling for a longer time, that the slot is'nt playing as it should. If you remember my rant from a week ago, well i think i've found the answer. I've bin playing at a casino that advertised 96.x% but in no way this 96.80% is being archieved in this particular game.

The bonus frequency on the 2 other where far better, then in comparison to the first (losing one). There was one that i got ahead of 2 out of 3 times as well; so in a way i know what difference a RTP will make.
 

trancemonkey

Ueber Meister
Joined
Mar 29, 2013
Location
United Kingdom
I had a feeling for a longer time, that the slot is'nt playing as it should. If you remember my rant from a week ago, well i think i've found the answer. I've bin playing at a casino that advertised 96.x% but in no way this 96.80% is being archieved in this particular game.

The bonus frequency on the 2 other where far better, then in comparison to the first (losing one). There was one that i got ahead of 2 out of 3 times as well; so in a way i know what difference a RTP will make.
You could play the same game on the same percentage for 1000 games and have absolutely polar opposite experiences, so that is not a way to judge.
 

Slottery

Senior Member
PABnoaccred
MM
Joined
Aug 21, 2017
Location
Malta
So games work as they are designed, take more than give. How much in money you would say that difference in these 3 casinos would be? If you play 100 spins, there probably can be differences as only one win can make you winning big time, bonus frequency in 100 spins (?) you should be usually lucky to get one.

I really believe that all casinos provide gameplay history when player request it, from them it would be really easy to show these patterns and differences. Still haven't seen anyone here to do that. These come in format where no any personal details can be seen and when it's spreadsheet, everything from user id etc... can be removed.

These would be really much more interesting to see than some explanations about feelings which is something people keep posting all the time. Numbers don't usually lie, so why not to get these game histories and show us all how these patterns threat and cheat players? When these can be proven from numbers, i'm sure that many regulators are interested to punish providers and casinos about these.
 

Bloatgoat

Senior Member
webby
Joined
Nov 29, 2017
Location
Somewhere
You could play the same game on the same percentage for 1000 games and have absolutely polar opposite experiences, so that is not a way to judge.
I find it hard to believe, that over 3 sessions (spread out on 2 weeks) consistent one casino lost faster then the two others, where the two others where a bit more eager to throw in game base wins and more frequent a bonus.

I mean we know casino's cheated in the advertised help file about the real RTP, it's bin shown here on this forum nummerous times by opening op developers console and readout a few JS files. Come'on trancemonkey.
 

Users Who Are Viewing This Thread (Users: 1, Guests: 2)

Top