Pages:
Author

Topic: BitcoinBetGames.com • FREE BTC • Video Poker • Quincunx • Provably Fair • NEW (Read 4961 times)

newbie
Activity: 44
Merit: 0
...
Address lookup

canonical name   bitcoinvanitygen.com.
aliases   
addresses   104.27.129.8
104.27.128.8
Domain Whois record

Queried whois.internic.net with "dom BitcoinVanityGen.com"...

   Domain Name: BITCOINVANITYGEN.COM
   Registrar: OVH
   Sponsoring Registrar IANA ID: 433
   Whois Server: whois.ovh.com
   Referral URL: http://www.ovh.com
   Name Server: BRAD.NS.CLOUDFLARE.COM
   Name Server: SANDY.NS.CLOUDFLARE.COM
   Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
   Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
   Updated Date: 29-apr-2015
   Creation Date: 26-mar-2014
   Expiration Date: 26-mar-2016

>>> Last update of whois database: Tue, 28 Jul 2015 07:26:43 GMT <<<
Queried whois.ovh.com with "BitcoinVanityGen.com"...

Domain Name: bitcoinvanitygen.com
Registry Domain ID: 1852143808_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.ovh.com
Registrar URL: http://www.ovh.com
Updated Date: 2015-04-29T19:48:18.0Z
Creation Date: 2014-03-26T21:38:13.0Z
Registrar Registration Expiration Date: 2016-03-26T21:38:13.0Z
Registrar: OVH, SAS
Registrar IANA ID: 433
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +33.899498765
Domain Status: clientTransferProhibited
Domain Status: clientDeleteProhibited
Registry Registrant ID:
Registrant Name: Nosalik Remigiusz
Registrant Organization:
Registrant Street: bitcoinvanitygen.com, office #6917528, c/o OwO, BP80157
Registrant City: 59053
Registrant State/Province:
Registrant Postal Code: Roubaix Cedex 1
Registrant Country:  FR
Registrant Phone: +33.899498765
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]
Registry Admin ID:


Domain Name: bitcoinbetgames.com
Registry Domain ID: 1917404004_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.ovh.com
Registrar URL: http://www.ovh.com
Updated Date: 2015-04-09T21:27:11.0Z
Creation Date: 2015-04-07T19:42:12.0Z
Registrar Registration Expiration Date: 2016-04-07T19:42:12.0Z
Registrar: OVH, SAS
Registrar IANA ID: 433
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +33.899498765
Domain Status: clientTransferProhibited
Domain Status: clientDeleteProhibited
Registry Registrant ID:
Registrant Name: Nosalik Remigiusz
Registrant Organization: VERSERO
Registrant Street: Opolska 14/11
Registrant City: Jastrzębie Zdrój
Registrant State/Province:
Registrant Postal Code: 44-335
Registrant Country: PL
Registrant Phone: +48.607495744
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]
Registry Admin ID:
Admin Name: Nosalik Remigiusz
Admin Organization: VERSERO
Admin Street: Opolska 14/11
Admin City: Jastrzębie Zdrój
Admin State/Province:
Admin Postal Code: 44-335
Admin Country: PL
Admin Phone: +48.607495744
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: [email protected]
Registry Tech ID:
Tech Name: Nosalik Remigiusz
Tech Organization: VERSERO
Tech Street: Opolska 14/11
Tech City: Jastrzębie Zdrój
Tech State/Province:
Tech Postal Code: 44-335
Tech Country: PL
Tech Phone: +48.607495744
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: [email protected]
Name Server: ns3.bitcoinbetgames.com
Name Server: ns4.bitcoinbetgames.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System:
http://wdprs.internic.net/
>>> Last update of WHOIS database: 2015-04-09T23:33:43.0Z


Seems he is also the owner/operator of the shady ass site Bitcoinvanitygen.com that steals peoples coins
full member
Activity: 184
Merit: 100
Bitcoin FTW!
Rework of provably fair system is now complete
It would be nice to be verified by third party.
We also upgraded our real time chat.

Happy playing!
full member
Activity: 184
Merit: 100
Bitcoin FTW!
I just want things to get paid for my work. I am the security researcher it is job not nothing. All other sites gave me money if I found a serious problem. I tell you , several times I will no been abusing it or no will to .

If you can not have 0.5 BTC, then you should say so, I can sell you cheap. But you should not pretend that you can pay 50 BTC to give winners then because it is a lie to offer a prize you will not pay
Smiley Blackmail failed, we found this bug. In quincunx ajax response. There was commented out not hashed server seed.
We have it documented. Only one user exploited this.
Hackers vs BitcoinBetGames 0:2
newbie
Activity: 2
Merit: 0
I just want things to get paid for my work. I am the security researcher it is job not nothing. All other sites gave me money if I found a serious problem. I tell you , several times I will no been abusing it or no will to .

If you can not have 0.5 BTC, then you should say so, I can sell you cheap. But you should not pretend that you can pay 50 BTC to give winners then because it is a lie to offer a prize you will not pay
full member
Activity: 184
Merit: 100
Bitcoin FTW!
Sorry for my English . You do not even give me 0.5 BTC for responsible disclosure , and would only pay 0.1 BTC . I even gave a serious problem for free , and this is my job to eat.

Now you say you can pay 50 BTC winners per game , but you can not pay me 1 / 100th of it to help your security.

My time is too valueable to be wasted in this and has made it clear for the next person to find it more profitable to abuse your site getting insulted by your tiny bounties
Your english is fine. We don't have official bug bounty, but your messages on chat sounded dangerously close to extortion or even blackmail. Give me 1.5 BTC or someone will abuse this bug and you will loose more.
Well how you could treat someone serious after something like that.
newbie
Activity: 2
Merit: 0
Sorry for my English . You do not even give me 0.5 BTC for responsible disclosure , and would only pay 0.1 BTC . I even gave a serious problem for free , and this is my job to eat.

Now you say you can pay 50 BTC winners per game , but you can not pay me 1 / 100th of it to help your security.

My time is too valueable to be wasted in this and has made it clear for the next person to find it more profitable to abuse your site getting insulted by your tiny bounties
full member
Activity: 184
Merit: 100
Bitcoin FTW!
RHavar thank you for this post, many usefull informations
Quote
If you're asking for help, it probably would help if you tell us the report details, otherwise we're flying blind  =)
There was not many details, thats the problem, since this user wanted serious BTC for disclosure of this information. He said there are two security flaws. One severe and one very very severe.
After some talk he gave couple hints. First that this very very severe one is about quincunx predicting coin path. Second one after further talk turned out to be hard to exploit CSRF in one function. We found it right away and its already fixed.
Giving that his one bug report was true, second could be also.

Anyway, only possible way of cheating in quincunx i could think of, would be to know current server seed in non hashed way. For example trivial mistake after reworking provably fair system, one place could be showing current server seed in non hashed way that should be hashed now. Finishing checking this.

Quote
dealing with the uncertainty if it was real or legitimate
It is hard, even more since first day design flaw which allowed user to calculate result before game. Ended without any harm, but we check everything twice now.

Quote
It's a weekly occurrence that someone brings up a really unusual streak
Yeah statistics is like that, you can have 50% chance for either 1 or 0, and get 1 for twenty times straight. Because of that very often people conclusion is that site is rigged, seen that many times on dice sites.

Quote
I saw earlier you had a max win of almost 50 BTC.
Max bet was 0.05 and it was lowered around ~14 hours ago to 0.01 temporary. Our provably fair system need 3rd party verification first, for safety of players and site itself.
It will be raised when we will be 100% sure of our provably fair system.
full member
Activity: 184
Merit: 100
Bitcoin FTW!
We got info on site chat, that there is still critical bug in quincunx that lets you predict coin path before betting.
While we are working hard to verify this information, it would be helpfull to also someone else give it a look. Like they say, four pair of eyes are better than two.
This can be bogus report, but reports like this must be checked carefully.

One indication that it could be true is one user, that hit on quincunx red table 130x in first real bet, then again between ~20 bets... chance for x130 on red table is around 1 to 25000.
full member
Activity: 184
Merit: 100
Bitcoin FTW!
Ah you are correct. Although that link is very small lol, I would probably display it slightly different. Anyway, seems technically okay then, although I didn't actually calculate the results and didn't check the details (just had quick look only.) But yeh, nice job improving it already.
Thank you. I moved this link to bottom of Provably Fair tab, underlined it, bigger font. Hope it will fit better there Smiley
Also removed couple bugs that could affect verification process, maybe its good that you have waited with full verification.

Any impressions from the provably fair system?
Better from impression will be full verification of Quincunx provably fair system on real bet examples Smiley.
hero member
Activity: 602
Merit: 500
In math we trust.
Any impressions from the provably fair system?
legendary
Activity: 1876
Merit: 1295
DiceSites.com owner
Ah you are correct. Although that link is very small lol, I would probably display it slightly different. Anyway, seems technically okay then, although I didn't actually calculate the results and didn't check the details (just had quick look only.) But yeh, nice job improving it already.
full member
Activity: 184
Merit: 100
Bitcoin FTW!
When a player changes the clientseed, you give a new serverseed. This means you could calculate bad results based on these seeds. The idea of a clientseed is that there is a variable in the calculation which the site doesn't know in advance and therefor cannot predict the results in advance. 2 options:
1.  When someone sets the clientseed, you should keep the same hash (and don't reset the nonce or else player can cheat.) And then there should be a separate button to "request new serverseed" that also resets the nonce.
2. OR show the "next serverseed hash" already when setting the new clientseed (that is actually what PD does.)
I think we already do have this second method. Player know in advance next server seed hash (below SET button, need to click Next server seed (hash) to reveal it).

legendary
Activity: 1876
Merit: 1295
DiceSites.com owner
After over 4 hours of non-stop programming Quincunx provably fair system with nonce is finished.
Please verify our implementation (only Quincunx game), its based on primedice system.

If verification will be positive, we will implement it also in poker.

It seems like the idea is good now. But unfortunately there is still a mistake and the site is still not provably fair Tongue

When a player changes the clientseed, you give a new serverseed. This means you could calculate bad results based on these seeds. The idea of a clientseed is that there is a variable in the calculation which the site doesn't know in advance and therefor cannot predict the results in advance. 2 options:

1.  When someone sets the clientseed, you should keep the same hash (and don't reset the nonce or else player can cheat.) And then there should be a separate button to "request new serverseed" that also resets the nonce.

2. OR show the "next serverseed hash" already when setting the new clientseed (that is actually what PD does.)




Truthfully I didn't fully test the provably fair method but this is what I saw already.
full member
Activity: 184
Merit: 100
Bitcoin FTW!
Cool game.
Thank you for kind words, we have just started so its great motivation to continue.
We have big plans so stay tuned Smiley
donator
Activity: 4760
Merit: 4323
Leading Crypto Sports Betting & Casino Platform
Cool game.  I donated 0.03 BTC.  Cool
full member
Activity: 184
Merit: 100
Bitcoin FTW!
After over 4 hours of non-stop programming Quincunx provably fair system with nonce is finished.
Please verify our implementation (only Quincunx game), its based on primedice system.

If verification will be positive, we will implement it also in poker.
sr. member
Activity: 323
Merit: 254
One extra benefit of going nonceless is that it is hugely easier to verify each bet with a script (or verify the script) as there's no history (bet direction, bet size, result) to accumulate, you can just on-demand verify each bet.


Not sure if you're talking about the 2nd method here (nonceless), but i would find this system provably, but not fair.  As, it could be possible that the user does not update his client seed while the serverseed will update after every bet.  If the operator is unscrupulous, he could take advantage of the users that don't change their client seed as often, and find a serverseed pair that will have an advantage, assuming that the user does not change his betting % or hi/lo option.

of course this would require some work on the operator's part as well as some added technical knowhow, but i could see something like this being done.
full member
Activity: 184
Merit: 100
Bitcoin FTW!
After consideration we will implement 3rd mehod with nonce as NLNico suggested.
NLNico will you verify our implementation of 3rd method tommorow? (will write here as soon it will be ready)
RHavar from what you are writing i predict you also have tech knowledge to verify our implementation. Hope you can do it also.
legendary
Activity: 1876
Merit: 1295
DiceSites.com owner
Third one, i can't wrap head around how it is faster to verify this than second method. After thinking a while its because you need to only copy one value from game (nonced client seed) while you always have (untill you change it) nonced server seed in script already.

Yes. Let's do 10 bets w/o and w/ nonce:

Serverseed per roll without nonce
1. Click to see serverseed hash & copy it, change clientseed, make bet.
2. Verify if hash was really correct and check bet result.
3. Click to see serverseed hash & copy it, change clientseed, make bet.
4. Verify if hash was really correct and check bet result.
5. Click to see serverseed hash & copy it, change clientseed, make bet.
6. Verify if hash was really correct and check bet result.
7. Click to see serverseed hash & copy it, change clientseed, make bet.
8. Verify if hash was really correct and check bet result.
9. Click to see serverseed hash & copy it, change clientseed, make bet.
10. Verify if hash was really correct and check bet result.
11. Click to see serverseed hash & copy it, change clientseed, make bet.
12. Verify if hash was really correct and check bet result.
13. Click to see serverseed hash & copy it, change clientseed, make bet.
14. Verify if hash was really correct and check bet result.
15. Click to see serverseed hash & copy it, change clientseed, make bet.
16. Verify if hash was really correct and check bet result.
17. Click to see serverseed hash & copy it, change clientseed, make bet.
18. Verify if hash was really correct and check bet result.
19. Click to see serverseed hash & copy it, change clientseed, make bet.
20. Verify if hash was really correct and check bet result.

Serverseed with nonce
1. Click to see serverseed hash & copy it, change clientseed, make bet.
2. Make bet.
3. Make bet.
4. Make bet.
5. Make bet.
6. Make bet.
7. Make bet.
8. Make bet.
9. Make bet.
10. Make bet.
11. Get new serverseed hash to reveal old serverseed, verify hash and check bet results.
full member
Activity: 184
Merit: 100
Bitcoin FTW!
Yes and no. I guess you can have:
- serverseed, clientseed, secret (you have this now?)
- serverseed, clientseed
- serverseed, clientseed, nonce

The first one is bad because people need to wait. The second one is bad because it requires the seeds to be different each roll you make, which makes verifying much more difficult and time consuming - even though it is instant. The third one is the most popular and best way, the same seeds are used over many many rolls until the player decides to reset the serverseed and see the revealed unhashed seed to verify _all_ the previous rolls in 1 time.
So first one (which we have currently) is bad (can be better). We will change it again after midnight (to give users ability to verify bets from current day).
Second one we had before, but both client seed and server was revealed (critical design flaw) before the game began. Server seed should be revealed after game, to not be able predict game results.
Third one, i can't wrap head around how it is faster to verify this than second method. After thinking a while its because you need to only copy one value from game (nonced client seed) while you always have (untill you change it) nonced server seed in script already.

If i got above correctly, we are ready to put third method live after midnight.

Quote
"My Bets" tab on the site shows only around 20 recent bets. I suppose you would show the rest
There will be added "Bet browser in Provably Fair tab". But you would need to know bet ID to pull out older game. How current popular sites do that? I would think of maybe option to pull out in simple text form list of last 200 bets for example with data || to be able to verify in quick way many bets quickly.
Pages:
Jump to: