Author

Topic: [Announce] BTC Riches - Win 7x your bet - MD5 Verification (Read 3174 times)

full member
Activity: 213
Merit: 100
Yeah I was thinking you could just use bitcoin itself.
full member
Activity: 154
Merit: 100
I want to play but why do we need to use that service?

You have to deposit somehow, why not with bitcoin balance? It goes into exactly the same database.

Edit: Is it because you need to create a username/password? I will see what I need to do to make this optional so that people can play without making an account.
full member
Activity: 213
Merit: 100
I want to play but why do we need to use that service?
sr. member
Activity: 280
Merit: 250
Okay, found it.

It seems FF doesn't send the value of an image input, whereas Chrome does:

Code:

$_POST['open'] is 1 in Chrome and NULL in Firefox.

Fixed it now by using another hidden var.

Are you the owner of bitcoinbalance.com?? I need to ask you something.

Yep, how can I help?
I am working on a site that you pick a number from 1-3 and if you win you win back double your bet. I wanted to know if I could use your site for people to deposit and withdraw

Thanks for the interest... I haven't completed the code yet to allow 3rd-party sites as that will be a bit more complex, security-wise.

The reason I'm able to connect my sites easily at present is because they all directly hook in to the same database and are hosted on the same server.

What other options are you considering for registration/payments? (using mybitcoin or running bitcoind yourself?)

Well I don't know much about coding..I'm having someone help me I think he mentioned Bitcoind
full member
Activity: 154
Merit: 100
Okay, found it.

It seems FF doesn't send the value of an image input, whereas Chrome does:

Code:

$_POST['open'] is 1 in Chrome and NULL in Firefox.

Fixed it now by using another hidden var.

Are you the owner of bitcoinbalance.com?? I need to ask you something.

Yep, how can I help?
I am working on a site that you pick a number from 1-3 and if you win you win back double your bet. I wanted to know if I could use your site for people to deposit and withdraw

Thanks for the interest... I haven't completed the code yet to allow 3rd-party sites as that will be a bit more complex, security-wise.

The reason I'm able to connect my sites easily at present is because they all directly hook in to the same database and are hosted on the same server.

What other options are you considering for registration/payments? (using mybitcoin or running bitcoind yourself?)
sr. member
Activity: 280
Merit: 250
Okay, found it.

It seems FF doesn't send the value of an image input, whereas Chrome does:

Code:

$_POST['open'] is 1 in Chrome and NULL in Firefox.

Fixed it now by using another hidden var.

Are you the owner of bitcoinbalance.com?? I need to ask you something.

Yep, how can I help?
I am working on a site that you pick a number from 1-3 and if you win you win back double your bet. I wanted to know if I could use your site for people to deposit and withdraw
full member
Activity: 154
Merit: 100
Okay, found it.

It seems FF doesn't send the value of an image input, whereas Chrome does:

Code:

$_POST['open'] is 1 in Chrome and NULL in Firefox.

Fixed it now by using another hidden var.

Are you the owner of bitcoinbalance.com?? I need to ask you something.

Yep, how can I help?
sr. member
Activity: 280
Merit: 250
Okay, found it.

It seems FF doesn't send the value of an image input, whereas Chrome does:

Code:

$_POST['open'] is 1 in Chrome and NULL in Firefox.

Fixed it now by using another hidden var.

Are you the owner of bitcoinbalance.com?? I need to ask you something.
full member
Activity: 154
Merit: 100
Okay, found it.

It seems FF doesn't send the value of an image input, whereas Chrome does:

Code:

$_POST['open'] is 1 in Chrome and NULL in Firefox.

Fixed it now by using another hidden var.
full member
Activity: 154
Merit: 100
I'm not able to bet.  I deposited 1BTC to 1FUYFiPw9zDJZ3iiawrPfehmmBtfSJMNYD, it shows up in my balance, but I put .1 in the box, put in my guess, and click Open and it just refreshes the page.  Never attempts to open the safe, and never shows an outcome.

Edit: I just put in to withdrawal my 1BTC back out until the bugs are ironed out.

I just tried exactly that and it worked. Can you tell me what browser you're using, and what time you attempted it?
Thank you.


I tried with both Firefox 5.0 and ie9
Time was a minute or two before my last post.

Thanks, I can confirm it's not working in FF5 for me either, only Chrome for some reason.

newbie
Activity: 42
Merit: 0
I'm not able to bet.  I deposited 1BTC to 1FUYFiPw9zDJZ3iiawrPfehmmBtfSJMNYD, it shows up in my balance, but I put .1 in the box, put in my guess, and click Open and it just refreshes the page.  Never attempts to open the safe, and never shows an outcome.

Edit: I just put in to withdrawal my 1BTC back out until the bugs are ironed out.

I just tried exactly that and it worked. Can you tell me what browser you're using, and what time you attempted it?
Thank you.


I tried with both Firefox 5.0 and ie9
Time was a minute or two before my last post.
full member
Activity: 154
Merit: 100
I'm not able to bet.  I deposited 1BTC to 1FUYFiPw9zDJZ3iiawrPfehmmBtfSJMNYD, it shows up in my balance, but I put .1 in the box, put in my guess, and click Open and it just refreshes the page.  Never attempts to open the safe, and never shows an outcome.

Edit: I just put in to withdrawal my 1BTC back out until the bugs are ironed out.

I just tried exactly that and it worked. Can you tell me what browser you're using, and what time you attempted it?
Thank you.
newbie
Activity: 42
Merit: 0
I'm not able to bet.  I deposited 1BTC to 1FUYFiPw9zDJZ3iiawrPfehmmBtfSJMNYD, it shows up in my balance, but I put .1 in the box, put in my guess, and click Open and it just refreshes the page.  Never attempts to open the safe, and never shows an outcome.

Edit: I just put in to withdrawal my 1BTC back out until the bugs are ironed out.
legendary
Activity: 966
Merit: 1004
Keep it real
If I'm doing my math right.... according to http://en.wikipedia.org/wiki/House_advantage#House_advantage it's 12.5% house advantage.  Seems to be a little high.
full member
Activity: 168
Merit: 100
Oh, I think I might be able to see how this worked...
Are you outputting something along the lines of md5sum("Left-Left-Right")?
If so, it's a simple dictionary attack... the gambler computes the 15 possible different MD5sums in advance and then compares them to what displays.
It's not just left-left-right, but it also had a whole heap of random characters after that, and then hashes that total string.


This was the first thing I looked into.
full member
Activity: 154
Merit: 100
Oh, I think I might be able to see how this worked...
Are you outputting something along the lines of md5sum("Left-Left-Right")?
If so, it's a simple dictionary attack... the gambler computes the 15 possible different MD5sums in advance and then compares them to what displays.

(Accidentally edited away my previous answer to this)

It's not just left-left-right, but it also had a whole heap of random characters after that, and then hashes that total string.

Also, there are only 8 possible combos, not 15.
full member
Activity: 154
Merit: 100
Hmm, there was an error causing it to use the same combo on certain occasions after a win.

Thanks Dan, I've sent you 1 btc 3 btc, that was very helpful.

Edit: Okay it's all fixed and back online, btcriches.com and bitcoinbalance.com.

Jeez that was an expensive coding error on my part.

Glad the site wasn't exactly 'hacked' though.

I just paid a heavy typo-tax.
newbie
Activity: 48
Merit: 0
Oh, I think I might be able to see how this worked...
Are you outputting something along the lines of md5sum("Left-Left-Right")?
If so, it's a simple dictionary attack... the gambler computes the 15 possible different MD5sums in advance and then compares them to what displays.
full member
Activity: 154
Merit: 100
I'm a retard, I forgot to switch to random.org after testing:

Code:
		//get a random number for next game:
/*$ch = curl_init('http://www.random.org/integers/?num=1&min=1&max=8&col=1&base=10&format=plain&rnd=new');
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$randnum = trim(curl_exec($ch));*/

$randnum=rand(1,8);  //temp

But that still doesn't explain to me how they could know rand() was going to return three 1's in a row.

I might be being dumb here (I'm not logged on and don't have anything deposited,) but the MD5 on the page doesn't change when you refresh the page.  That suggests that the same combination is coming up every time.

That's only if you don't play... as soon as you play a game, it changes.

(Well, it's supposed to... that's something worth checking - thanks)
newbie
Activity: 48
Merit: 0
I'm a retard, I forgot to switch to random.org after testing:

Code:
		//get a random number for next game:
/*$ch = curl_init('http://www.random.org/integers/?num=1&min=1&max=8&col=1&base=10&format=plain&rnd=new');
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$randnum = trim(curl_exec($ch));*/

$randnum=rand(1,8);  //temp

But that still doesn't explain to me how they could know rand() was going to return three 1's in a row.

I might be being dumb here (I'm not logged on and don't have anything deposited,) but the MD5 on the page doesn't change when you refresh the page.  That suggests that the same combination is coming up every time.
full member
Activity: 154
Merit: 100
I'm a retard, I forgot to switch to random.org after testing:

Code:
		//get a random number for next game:
/*$ch = curl_init('http://www.random.org/integers/?num=1&min=1&max=8&col=1&base=10&format=plain&rnd=new');
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$randnum = trim(curl_exec($ch));*/

$randnum=rand(1,8);  //temp

But that still doesn't explain to me how they could know rand() was going to return three 1's in a row.
full member
Activity: 154
Merit: 100
Someone just won THREE times in a row with exactly the same guess:

bet 0.97 on Left-Left-Left, won 6.79 btc
bet 1.00 on Left-Left-Left, won 7.00 btc
bet 1.00 on Left-Left-Left, won 7.00 btc

Looks pretty suspicious, so withdrawals are disabled until I figure out how this was hacked or if it just was an extremely lucky run.

(Player withdrew 11.78 so far, with 7.01 still in the site balance)

full member
Activity: 154
Merit: 100
"Nothing to withdraw" but I have 0.07BTC balance and 13 confirmations on the deposit?
(Yeah I didn't bet much Grin)

Sorry, just a redirect bug, it should be taking you to Bitcoin Balance.

I see your balance of 0.07... You can withdraw if you log in directly to: http://bitcoinbalance.com

newbie
Activity: 11
Merit: 0
"Nothing to withdraw" but I have 0.07BTC balance and 13 confirmations on the deposit?
(Yeah I didn't bet much Grin)
full member
Activity: 154
Merit: 100
So then move it there.

I didn't know I could. I thought only mods could do that.

Edit: Wow, learned something new, thanks.
full member
Activity: 154
Merit: 100
Sorry, I just realised this should be in the Gambling sub-forum...
full member
Activity: 154
Merit: 100
Hi everyone,

I've finally got a new game online... please check it out.



Basically, you try to guess the combination to the safe and if you open it, you win 7 times your bet (Min/Max bet is 0.01/1.00 BTC).

Each game is 100% verifiable (The combination to the safe is chosen before you play, and an MD5 displayed).

Thanks,
Alex
Jump to: