MGS - MPV Tournaments, "cheaters charter" vulnerability found by accident.

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
Good God!!!

How could MGS cock up on such a scale. It makes the Chief's Fortune cock-up look like the proverbial "Vicar's tea party".

After some extensive trials to see if I can find out WTF is going on with this new lobby, I FOUND IT!!!!!

I have often been told to check that "ports 1990-1999 are open" by technical support, but have only EVER seen port 1990 being used to communicate with the server, so what was the deal with the rest.

Well, a couple are for the updates, but the higher ones are used for the tournaments.

The vulnerability is pretty basic, but pretty damn good. I call it the "infinite continue vulnerability". It is better even than the "time expansion vulnerabilty" (where you can expand your time, and use more coins up per session).

Obviously, for tournaments that allow 1000 continues the vulnerability is about as useful as a concrete parachute, but for those like the weekender, with only a few continues, it is a goldmine.

Why has this not been spotted before, well - and I speculate, players are not going to "go mad", with continues, and make it "bleedin' obvious" that they are using a cheat, because there would be an investigation.

Despite this, questions HAVE been asked about what is seen as the "same players always winning", and this should NOT happen in limited continue tournaments UNLESS you consider the possibility that they can get extra continues than those allowed. It often doesn't take much, just one or two extra continues in the Loaded weekender can allow a player to come in the top 10, or even top 5, every week, and with little extra outlay, certainly NOT buying in with several accounts, and using all 5 rebuys in each.

This MIGHT throw some light on the other observation. WHY do these players keep on throwing money into what MUST be a -EV situation by buying their way to the top positions in a large number of tournaments.

For obvious reasons, I cannot go into detail as to which of the 10 ports are involved, and what you have to do to set up this "situation" locally.

I also do not know how long this has been around, but maybe it is related to the November 2009 update, which seemed to be the trigger for all the recent problems, made much more obvious in January when the new lobby was rolled out. The November update contained some code to prepare the casino to accept the new lobby, which became "live" in time for the release of Hellboy.

This exploit does NOT appear to work in those casinos with tournaments that are sticking with the old lobby (or maybe I haven't found out how it DOES work in these).
 

incrediblestuff

SearchingForTheHolyGrail!
webmeister
CAG
Joined
Mar 22, 2010
Location
Mostly the Netherlands
Good God!!!

How could MGS cock up on such a scale. It makes the Chief's Fortune cock-up look like the proverbial "Vicar's tea party".

After some extensive trials to see if I can find out WTF is going on with this new lobby, I FOUND IT!!!!!

........

This exploit does NOT appear to work in those casinos with tournaments that are sticking with the old lobby (or maybe I haven't found out how it DOES work in these).

very interesting post, id love to hear some more?
have you contacted MG yet?
cheers
 

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
very interesting post, id love to hear some more?
have you contacted MG yet?
cheers

That would be like talking to a brick wall.

MGS simply do NOT believe anything is wrong with these tournaments. The issues have been discussed before, and MGS keep on churning out those canned replies about the tournament software working fine, or "it's your internet connection".

Funnily enough, they are right, it IS our "internet connection", or more specifically whether certain Viper ports are behaving themselves or not.

Have port 1990 blocked, and the casino simply won't work, the reels just spin and spin and spins, yet the REST of the internet is just fine.... mainly because browsers use port 80.

The problem is that there is a way to purchase a continue, but NOT decrement the counter for the number you have left, thus "infinite continues".

Time expansion is achieved by cutting access to the server time "stepper", and diverting the input to that from a local "stepper", but one that takes longer than a second to step through a second's worth of "steps". You still have the same number of minutes, they just last longer:D You cannot stop the clock altogether though, this causes you to get booted, and this means the timer continues the countdown, but from the CORRECT input, as well as correcting the time lag you were fooling it with.

At present, I do not have evidence that I could present as PROOF. I would have to do something REALLY OBVIOUS to make it IMPOSSIBLE to explain away as "a big hit". Maybe having a stupid number of continues and getting 10 million points in the Loaded Weekender would be enough to convince MGS, and I would trouser $5K for my trouble too:)
 

newguy68

Dormant account
Joined
Oct 23, 2009
Location
Anapa
The house has to give that money to someone. They dont care who it is, as long as they dont have to give extra money, they will take their time with fixing it.
 

maphesto

Dormant account
Joined
Jun 5, 2009
Location
Sweden
@VWM: I did know that it was possible to tamper with the time in some way. Some days ago I played a free tournament and I did not hit free spin and did not use autoplay(slower).

I believe it was Avalon.

Still I had 2500 coins left when my time was over. Then I saw that another player had only 500 coins and EVERY other player had at least 2500 coins.

I was stressed and hadn´t the time to take screen shots but I tried to tamper with my PC-clock the day after to see if it was that easy to fool the game..it was of course not.

I tried to block some ports now and suddenly when I started a new tournament at First Web the clock said 00.00 when I started.

Unfortunately the clock came back and counted as normal after almost 2 minutes.

I have to continue my testing.:D
 

De Beuker

Senior Member
Joined
Apr 20, 2009
Location
Netherlands
Thanks for your investigation VWM, awesome!:thumbsup:

So it appears we were right all the time, the tourneys are not at all fair and players cheat themselves a way to the top.
Wel, congrats to these players, some of them won TEN THOUSANDS of dollars this way!
Players using up ALL their coins in a TR tourney when I cannot even play HALF of my coins, even when I hit no FS or pick'em bonus at all.:mad:

And then you always get the same 'they must have fast internet connections' BS explanation.:mad:

Take Gnuf's daily freeroll for example.
I don't know how many times a player named GUNFS won them now, but he won at least half of them.
 

maphesto

Dormant account
Joined
Jun 5, 2009
Location
Sweden
I´m starting to think this is a joke as well..:oops:
I have tested different ports for an hour now and nothing happens. The only thing is that I managed to get rid of stupid popups with the weeks promotions..:D

But it finds a new way when i reboot the casino..
 

Jufo

Three-toed sloth
Joined
Sep 22, 2007
Location
Finland
This was the best April's Fool joke by far! You caught me there for a while VWM. But then I realized that if this WAS real, you wouldn't reveal this to the masses but use the loophole yourself in private ;)
 

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
This was the best April's Fool joke by far! You caught me there for a while VWM. But then I realized that if this WAS real, you wouldn't reveal this to the masses but use the loophole yourself in private ;)

Quite a compliment, considering I pasted this together in an hour because I was going away before midday:p

Happy APRIL FOOL'S DAY* tourney players and port blockers.


*Prank in recognition of the UIGEA, and the way it was implemented through use of "safe ports".
:lolup::lolup:

Damn right I wouldn't post about something like this THAT STILL WORKED:p (even if I DID, it wouldn't be an April Fool if it was for real, now would it:D)

I posted about Chief's Fortune last year for my prank because it had been fixed THREE YEARS PRIOR by MGS:)
 

De Beuker

Senior Member
Joined
Apr 20, 2009
Location
Netherlands
:mad: ..... :oops: ..... :lolup:


Ok, you got me...
Wishful thinking.


Btw, GUNFS had a bad day, he came in 2nd today, very unusual.
The only player in the top-20 with zero coins left over.
So the question remains unanswered...how do they do it?:confused:
 
Top