Topic: 🔥🔥🔥 BC.GAME - CASINO AND SPORTSBOOK | $1,000 GIVEAWAY LIVE! 🔥🔥🔥 - page 131. (Read 61488 times)

Thanks for your feedback buddy! But we didnt increase the house edge. I guess there may be some misunderstanding.
:p

Update: it's fixed now by rounding down to whole sats. That's not ideal as it increases the house edge (especially on small bets), but at least it can no longer be exploited.

I didn't get a reply to my PM, so I'll post my findings here:
As an update on the 400 SATS: I lost it already (shortly after I reported this).

I don't think this game is fair because theres been several times
When I bet a good amount of money that the game will say it takes my bet then it disappears and says loading like it bet for the next one and it happens when usually it wants to go up too like 100 or a thousand its bullshit I think I've lost out on a lot of money and they expect me to capture a picture of something that happens so fast and only when u least expect it to to.  This is ricky clowers and this I wish I can show more proof of what I say because I no that a lot of the players here would agree with me

I've confirmed this (but don't want to edit the above post), sending you a PM now.

Hi! I think I found an exploit. It's not big, and I'm posting here to avoid possible accusations later.
I'm not going to abuse it other than testing overnight.
If I can confirm it's possible, I'll contact you.

We had a update already
Here are the details of update:
1.Optimised website access and game speed
2.Added Homepage
3.Redesigned UI interface
4.Added a new game: Plinko
 

I managed to turn 1000jb which they gave me to 2500jb by playing the rocket game. It is pretty addicting. Just before I started wagering, the round before I play went to x100. Then a few rounds after it busted at 1.00x.  Funny how most people get out when its only 1.2-1.5x haha.

BC.GAME it's my favourite game,i love this game.i like coco he great guy with good tip.keep it!

Bc.game its my favorit game gmabler,i like but im really like with coco he good guys with tip,good luck bc.game

Sorry for the late reply, we are busy at the new game plinko and some system upgrades.
Thank you for your continued attention and your contribution to the entire crypto gambling industry.
You have given us a lot of encouragement and inspiration.
Now we are more focused on promoting the popularity of Lightning Networks, so now our thread has no bonus for 100 ETHs.
If you find any bugs or helpful feedback, we are willing to pay some delicious rewards (via our shitcode).

I do not think that there is any problem with such name but what I can say here is that they do not created new account just abuse the site. But some of them using this technique just like a gambling fallacy. I have heard of this statement "I will create new account every time I hit some X amount or I will create new account after I lose X amount". If you are already too deep on gambling you will find some unreasonable reason like this. So if you say now they are less name like this pop out then it is right that they using it once and repeat it over and over so admin must delete the inactive one after some period of time

good thing that they do that . chat feature on gambling site was suppose to be spam free and beg free , so that we can talk about others in a clear way  . now for the players that has a strange name  . i dont see anything wrong with that because on other gambling sites that i visit i also see active gamblers and chatter that has a strange names but they swear that they only have one account as you can see on their stats/profile .  they are only lazy and cant find a good name

I've noticed the influx of new players too. For a while there I noticed ,any of the new users had names like dfrdfgfgh which makes me think it's multi accounts farming the startup bonuses. But now, I'm noticing more players with real names and the chat section improvements doesn't make me want to start committing felonies against the other chatters. BC added moderators I think and the begging has reduced to almost not existing.

Ok fair. Seems like you're using an established magic value, and I haven't been able to create two different valid signatures from the same message. So I retract my claim about it not being provably fair, it appears to be.

--

I will spend more time testing it, if you can confirm:  If I am able to find a way to create 2 or more valid signatures that would validate using your openssl verification you use (openssl dgst -sha256 -verify $PUB -signature $SIG $MSG) for a given message, will you award the 100 ETH bounty?

Thank you for your attention and questioning! It will make us more transparent and fair!

RSASSA-PKCS1-v1_5 algorithm used 0xFF to padding, so the same input get same ouput.
Replace the verification program last line with this command, you could see the padding.
openssl rsautl -verify -in signature.sign -inkey pub.pem -pubin -raw -hexdump

Example:

#!/bin/bash
# Defining variables
bj_issus='20303'
bj_slat='00000000000000000009e93621499e5a63d79a6293609ce52e95e93dd49cb1be'
bj_signature='Kwn2sjCh3wvd86vwIvqPhlOWYGArMBSuE6JK6EiFULMBGx468x67Gh8lTKXlWi5e53tGGwP/RO6t+Cwim20tFe+es0c9oeGysAubf7zzkJnwxHQ0SwZ/OnHv40a/UnBNtBFiNYE77g/F9LJxwGymQVpa1StSgQibe9vdcjgAP/E='
# Save public key
echo '-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDE9QKpw5CHZyf+OfcrT5MCeiCR
CLVZjDVUSPGzwXdoGAcRi/r9y7T8t4/byXNTLky0h9dUGKBowwN7bt7fgMKvWAtz
0Xf4ztfpsEoRHrzRs2r8khPUjihjrz0N+oPQ+ktAh7M95ZnQfgt/hNWFevGRd+SV
sGsWhO8VFrBYb7nS8wIDAQAB
-----END PUBLIC KEY-----' > pub.pem
# Save signature
base64 --decode <<<$bj_signature > signature.sign
# HMAC slat and verify
#echo -n $bj_issus | openssl dgst -sha256 -hmac $bj_slat -binary | openssl dgst -sha256 -verify pub.pem -signature signature.sign
openssl rsautl -verify -in signature.sign -inkey pub.pem -pubin -raw -hexdump

You could get the padding content which is 0xFF
0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0040 - ff ff ff ff ff ff ff ff-ff ff ff ff 00 30 31 30   .............010
0050 - 0d 06 09 60 86 48 01 65-03 04 02 01 05 00 04 20   ...`.H.e.......
0060 - a9 4d d2 4b 91 dc 8d be-75 71 b7 b8 4f 2f df 92   .M.K....uq..O/..
0070 - 4b f9 2a 3d 60 20 98 4f-1d b3 00 fb 46 d8 10 d2   K.*=` .O....F...

:p

Thanks buddy!We still have a long way to go!
If you don't mind leaving your username,I will tip you some cookies!

The site seems to be attracting more players as compared to the first time that I have browsed the site. With different currencies that a player can choose from, this site definitely got a variety of players just by checking the bet history. Wish that you will stay long here in the gambling business. Good luck!

Can I claim the eth bounty? This is not provably fair, because step-2 is not verifiably deterministic. You could create as many different "[Seed]" as you wanted with RSASSA-PKCS1-v1_5 signing, that all pass the test 5 by twiddling with thing like the padding and stuff. For this scheme to work, you'd need to use a digital signature algorithm that generated only a single valid signature for a given message.