HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Exploiting A Software Bug = Hacking?
- Thread starter HardOCP News
- Start date
percydaman
Limp Gawd
- Joined
- Jun 26, 2011
- Messages
- 294
And we would never even know if the tables were turned and that machine was either accidentally or purposefully set to never pay out period.
dgingeri
2[H]4U
- Joined
- Dec 5, 2004
- Messages
- 2,830
If it happened once, the person who found it should have reported it to the casino and never tried to make it happen again except in voluntarily trying to demonstrate it to get it fixed. Doing it more than once and showing it to someone else shows intent.
They intentionally made the machine operate in a manner in which is was not designed to do for their own fun or profit. No matter what input used, that is still hacking. Yes, they should be punished.
They intentionally made the machine operate in a manner in which is was not designed to do for their own fun or profit. No matter what input used, that is still hacking. Yes, they should be punished.
Ruoh
Supreme [H]ardness
- Joined
- Sep 16, 2009
- Messages
- 5,857
I wonder how these casino operators can even morally use the words "fraud" or "theft".
avatardelta
Supreme [H]ardness
- Joined
- Mar 24, 2009
- Messages
- 5,501
Can you guess what the code was?
↑↑↓↓←→←→BA
↑↑↓↓←→←→BA
Does the Casino have evidence that the guy knew it was a machine that allow people to win easily? If they don't, they should have to repay his last bet, because he put it in, with the expectation of playing and winning or losing. Not being denied his winning.
Difference between this and an ATM is that the ATM is for sure only supposed to give you the money you get out of your account. While this video poker, is a game of chance. Maybe he just thought he was on a lucky streak. Most people do, when they win, which is why they end up losing money.
Difference between this and an ATM is that the ATM is for sure only supposed to give you the money you get out of your account. While this video poker, is a game of chance. Maybe he just thought he was on a lucky streak. Most people do, when they win, which is why they end up losing money.
Parja
[H]F Junkie
- Joined
- Oct 4, 2002
- Messages
- 12,670
Well, Start just started the game, so it's not really part of the Konami code.
DraginDime
[H]ard|Gawd
- Joined
- Jan 12, 2012
- Messages
- 1,464
well, you are paying to play the game. Exploiting a bug to "beat" the game shouldn't make you at fault. While sharing the exploit to other players isn't good for the casino, I've never seen it stated to report exploits to the casino's either, but it's not like they don't rob 99% of the people who come in anyways.
Like stated above. If the casino's machines were broke and screwing people out of money. No one would ever know.
Like stated above. If the casino's machines were broke and screwing people out of money. No one would ever know.
From the sound of it, he just figured out on accident how to win on those machines.
They were coded that way. Not his fault.
This is like saying that figuring out special moves or glitches in other video games is hacking.
And yes, I read the article.
They were coded that way. Not his fault.
This is like saying that figuring out special moves or glitches in other video games is hacking.
And yes, I read the article.
True, but if you found a vulnerability, or bug, and you discovered it and continued to exploit it over and over and over for your personal gain... then yes, you've crossed the line. That is with the intention of theft. This if Information Security 101 in College Courses.
It was probably A,B,A,C,A,B,B or Up, Down, Left, Right, Hold A, Press Start.
sfsuphysics
[H]F Junkie
- Joined
- Jan 14, 2007
- Messages
- 15,991
The way I see this, if comparing it to the physical world, if you have an ATM machine and you find out if you push really hard on the money tray that it'll keep forking out money, you're not legally entitled to that money, but you shouldn't be charged with a crime either. It would suit everyone better if they simply fixed the problem, and took all their money back that you got from the situation.
If these things worked like the ones in the arcades, the 'chance' to win is actually a weighted variable. Even UFO catcher has a payout system that influences how strong the grapples grip is. So even if you line up perfectly and grab it, if the payout says 'no', there'll be barely any power sent to the motor and the plushy will just slip out. One guy showed how to beat it by opening a panel and overriding the settings so it'll pay out each time. Those token multipliers work the same way, you insert a token, guess between two buttons and if you get it right, it doubles, but they can also be programmed so instead of one in two odds, your odds of winning can be one in three regardless of which of the two buttons you push. I know this works the same way for a electronic slot machines.
So if the odds of winning are... say... 1 in 500 in a physical machine, they can electronically increase it to 1 in 1,000. Is that cheating? It's not following the physical rules, but you're bound to the rules of that specific machine when you inserted your coin. It should work both ways, and if that machine somehow goes into a 1 to 1 payout using it's own rules, they should honor it as well.
Are these specific electronic poker machines really simulating a real card deck with the same odds? Or do these have a weighted payout as well? If the program is shown to be coded on a payback system, then it's not following poker rules either.
Software have bugs and unpatched vulnerabilities. For example the executable for an application that requires a serial key. If you found a vulnerability or loophole which allows you to get past the serial key for full software access, and you exploit it then use it, then you just stole that application. It doesn't matter if it was programmed that way or not, that was not the devlopers' intention was to sell a product to you that is a "pay to use".
michael.pa2
2[H]4U
- Joined
- Dec 26, 2006
- Messages
- 2,998
I think that as long as the guy didn't tamper with the programing of the machine or use some external device,he wasn't hacking and should be allowed to keep the money. It's like card counters,if someone is smart enough to beat the system without breaking the stated rules,the most they can do is ban them from their casino.
PornoSatan
2[H]4U
- Joined
- Sep 3, 2004
- Messages
- 3,493
I love how he found the bug because he played video poker so much. In the article it says that in a single year he plays $12 million dollars worth of video poker. He was one with the machines.
There's a grocery store by my house that has a Pepsi machine where if you press both the Pepsi buttons (it has two Pepsi buttons) at the same time, two cans will come out for the price of one. I rarely go to that store because it's in the ghetto part of town but when I do, the wife always gets some pop.
Actually that's what the prosecution is saying invokes the hacking law. The machine was not suppose to let a person win, so by him winning they're trying to argue the casino 'only authorized him to play on the machine' but not to WIN at the machine - so they're trying to claim him winning is the same as 'exceeding his authorization' (since the casino only 'authorizes' you to over time LOSE money at it, not over time win money)
PornoSatan
2[H]4U
- Joined
- Sep 3, 2004
- Messages
- 3,493
People that sit and play video poker / slots for hours have to be some of the dumbest people on Earth. Those machines are programmed... hard coded to make sure that the house wins and you lose. What happens when you do win? Oops, it's a bug! No money for you!
Because apparently according to the article he didn't go in and win every time. He even lost over a million it says. It wasn't a 'boom, he wins' and every time he walked out with a huge payout. He occasionally walked out having lost money; it's just when he won money that the casino took issue and had him arrested.
This.
dgingeri
2[H]4U
- Joined
- Dec 5, 2004
- Messages
- 2,830
By this same logic, if someone leaves a window open during ahot, sunny day while they're away, say grocery shopping, and someone uses that window to get in and steal everything valuable in the house, It's not stealing.
Along those same lines, if someone were to break into a house through a closed window and rob it, it would be stealing because "the windows were breakable."
It doesn't make sense to me. It's still theft, even if they used an accidentally discovered bug. They used it over and over again. The intent to exploit the weakness is right there. That's what makes it criminal.
But your talking about a system that is supposed to give you "free" money. Is this really any different than a Lucky pair of socks approach. Is someone that found out that they win when they where one pair of socket "stealing" if they continue to wear the socks and win? Did the Hermit on Real Genius steal by finding loopholes to win all of those prizes? There is also seems to be question of intent. How do we know that he knew it was a vulnerability. Most of the 7 days a week gamblers, specially the "slots" ones aren't the sharpest pencils. What separates this guy from have a lucky button press routine
and different then someone who has a three stomps on the ground and a burp between each pull of the lever type superstitious person?
In the end you are talking about a machine that can pay out "free" money, that will pay out "free" money. With everyone and their mother thinking they can beat the system, which is what casino's thrive on. That's different from breaking a window, or true hacking where someone is rewriting the code. By chance the guy stumbled on a process that allowed him to exceed the standard norm in returns from a casino. Isn't that exactly what a Casino wants you think you can do.
It wasn't so much that he found a bug and made some side money, but that he then told and called in a posse of people and went to a highroller area, convinced an employee to enable the bugged feature (a $50k mistake for them) and made a ton. Basically he overreached, got stupid and got caught.
Video poker isn't really a game of chance when you play it as often as this guy does; it's swingy but it averages out to a flat percentage of payback. That's how you play through $12 million without being a millionaire. Its normally around 97-99% with perfect play, plus any comps you get on top for cycling through money at the casino (free drinks/rooms/meals, etc). This guy played $12mil and lost $1mil for ~91%, so basically he also sucked at it.
Video poker isn't really a game of chance when you play it as often as this guy does; it's swingy but it averages out to a flat percentage of payback. That's how you play through $12 million without being a millionaire. Its normally around 97-99% with perfect play, plus any comps you get on top for cycling through money at the casino (free drinks/rooms/meals, etc). This guy played $12mil and lost $1mil for ~91%, so basically he also sucked at it.
How is that "by the same logic?" It doesn't even live in the same galaxy as the same logic.
Phoenix333
2[H]4U
- Joined
- Nov 27, 2009
- Messages
- 3,510
He did not gain unauthorized access to any part of the machine. He did not do anything but press buttons that were there that players are allowed to press. If this had been something like the pterodactyl exploit in Joust, nobody would care, but because someone got a lot of money from it, it lands in court. The facts of the matter are that he did not do anything that anyone else could not do with the machine. He did not tamper with the hardware or reprogram the firmware.
What they're trying to do is punish him for being clever. He found a way to beat the system and they're crying foul over it. Well, what law did he break? Nobody told him "don't press buttons in this manner". No rules were posted forbidding him from doing what he did. It may be unethical or immoral, but the question is, was it illegal? I don't think it was illegal. Theft requires taking something without permission. In this case, the machine gave him exactly what it was programmed to give him - not what the casino or programmers may have intended to give him, but that's not the issue. As for hacking... hacking requires tampering with the program code. He did not reprogram the machine. It worked exactly the same after he used it as it did before he used it. All he did was access the machine in a normal manner that anyone else could.
They really don't have a case against him. They need to accept their losses, fix the machines, and move on.
What they're trying to do is punish him for being clever. He found a way to beat the system and they're crying foul over it. Well, what law did he break? Nobody told him "don't press buttons in this manner". No rules were posted forbidding him from doing what he did. It may be unethical or immoral, but the question is, was it illegal? I don't think it was illegal. Theft requires taking something without permission. In this case, the machine gave him exactly what it was programmed to give him - not what the casino or programmers may have intended to give him, but that's not the issue. As for hacking... hacking requires tampering with the program code. He did not reprogram the machine. It worked exactly the same after he used it as it did before he used it. All he did was access the machine in a normal manner that anyone else could.
They really don't have a case against him. They need to accept their losses, fix the machines, and move on.
Wrecked Em
Supreme [H]ardness
- Joined
- Sep 14, 2004
- Messages
- 8,169
This doesn't seem any different than discovering and exploiting a "tell" in a live opponent. In this case, the guy told all of his friends about it, so they could all loot the guy. Moral? Of course not. Illegal? Not in my opinion.
I agree with those that are saying that if he paid money to play the game, and only pressed buttons that would be available to the general public, then how is it hacking? Sounds more like a fun Easter egg.
Also, I bet the code was B, A, ↓, A, Start, Start.
Also, I bet the code was B, A, ↓, A, Start, Start.
"Exploiting A Software Bug = Hacking? "
That is the stupidest question I've heard all day.... and I was helpdesk today. Yes, that is exactly what hacking is. By definition, intent, any way you look at it. I had to do a double take to make sure that it was a question mark I was looking at.
The guy made tiny bets until he won, then used a software exploit to revise his original bet before the machine paid out.
It doesn't matter what buttons or input exist, whether it's a keyboard, sound (captain crunch whistle) or a touchscreeen. Exploiting a software (or any system) bug = hacking.
Maybe you sucessfully trolled us, I sure as hell hope so. That or a type-o.
That is the stupidest question I've heard all day.... and I was helpdesk today. Yes, that is exactly what hacking is. By definition, intent, any way you look at it. I had to do a double take to make sure that it was a question mark I was looking at.
The guy made tiny bets until he won, then used a software exploit to revise his original bet before the machine paid out.
It doesn't matter what buttons or input exist, whether it's a keyboard, sound (captain crunch whistle) or a touchscreeen. Exploiting a software (or any system) bug = hacking.
Maybe you sucessfully trolled us, I sure as hell hope so. That or a type-o.