Topic: How 999dice.com is stealing your coins, and exactly why you won't believe me - page 7. (Read 41936 times)

Sent PM, please replay ASAP

Correlation does not equal causation.  It never has it never will.  That is not proof of anything.  The emails suggest that you were banned for what you said in emails to the site operator not  for winning.  There is no proof that you were banned because you were winning.

I can see #1 being "it makes it more secure" or some such thinking that clients will not be able to brute force.  This would be especially true with people that do not fully understand crypto or how to calculate how long it would take.  Other sites change that for every client every roll and are provably fair.

I can see #2 being move the cruft and clean the interface.  *especially* if a dev does not understand the implications and believes that few if anyone will ever verify as a result most people do not want to see it.  I can even see feedback to site operators suggesting such a move by people who do not understand the implications.  If you did not know what it was or never were going to be bothered checking would you even know to complain that it was not there?  I suspect that is the vast majority of people in the world.

#3 is actually 64 bits.  If I said 32 I was wrong.  According to the sql purportedly used by the site to do the wager it is 8 bytes.  32 bytes for the server seed.  The 32 bytes truncates the longer server seed though.

however if they are doing all of this to cheat there was a lot more planning that went into things.  I am a believer that most people are lazy or stupid and few go the extra mile to create something exceptionally clever.  

Take the average code injection backdoor, its simple and obvious.  A linux kernel source repo attack put a single '=' instead of '==' and most people reading the code would miss it (evidenced by the fact that people did miss it).  This allowed someone in the know elevate privs  to root (or was it ring 0?  I think it was just root).  

Take the NSA and the standard tables used for some crypto implementations.  These looked good, for a great many years it went unnoticed.  They were backdoored allowing someone in the know to much more easily break the crypto.  

I illustrate these two examples to say that sometimes people do things with malicious intent.  They go to lengths to leave it undiscovered.  These are not the norm.  It does happen but its more likely that stupidity or ignorance was behind the problem.

This. Absolutely, positively, completely, this. Every word of it is exactly what I am saying. Wish to god your site still took BTC. Really don't feel like effing around with 'clams'.

And, when I was writing my script to neuter 999dice (posted in the other thread, look for the link on page 4) I found it VERY difficult to set the client seed. The damn input box doesnt even have a name.

The way 999dice "records" your personal client seed is there is a form input type=text box, with no name, and, also, no id tag. You have to reference it by the the span it's inside.

Then, the ONLY way the client seed gets updated on the server is when that box loses focus. No submit, no change event, it's a lose focus event.

Know what that means? If you change it, and do NOT click outside it, and then click a bet button, there's a damn good chance that your bet is processed BEFORE the client seed change is processed.

Look at my code in the other thread. It takes FOUR lines of code to update the client seed. I need to set it in two places, in a roundabout way, then specifically call a server update function.

WHY is it so difficult to update the client seed? Why is the updating done on a losefocus event?

The full weight of that didn't dawn on me until just now.

New account, I can still only post once every 10 mins. Adding this here an an edit instead:


Don't forget - when the player DOES go out of his way to click that button every time, he gets banned.

I lost 207 BTC. I call the admin out on the BS 'tell us you're verifying' scam. I verify EVERY bet. I start winning. I am banned.

A 2 year old could connect those dots.

I tried clicking their checkbox for manually entering client seed but nothing happened. How can they be limiting it to 32 bits? That's just 4 bytes.

This again could be an innocent mistake, but really, why would you limit the client seed to something easily bruteforced if your intention was to make a provably fair game?


If you copy an existing provably fair site and change the provably fair system in at least 3 different ways to make it less provably fair, then what are the odds that you made all three changes innocently?

1) change the server seed every roll, requiring the user to change their client seed if they want provable fairness
2) hide the server seed hash behind a button so you can tell which rolls are possibly being verified and which aren't
3) restrict the range of possible client seeds to just 32 bits

It's still possible that the site is running an honest game and it's just unfortunate that they made three unfortunate mistakes in their provably fair system. It's also possible that they knew full well what they were doing, and used it to cheat careless players.

Their theoretical edge is 0.1%, but their actual profit is closer to 0.4%, 4 times higher than it should be. That's also possibly entirely innocent.

Like I say, I would recommend not playing there until they fix things.

Total fairness can never go to 100%,  you can approach 100% but never actually reach it.  This example is just to illustrate why it cant be 100%.  However the closer you get to 100% the more likely the server is not cheating. 

The server can pregenerate about half of the potential client seeds.  In 999dice's case that would be 32 bits which would take about 1 hour on an Intel ivy bridge.  GPU farms could potentially cut this time.  Important note for non-crypto people the other half takes a much longer time, each bit doubles the time so its not 2 hours for the whole space.  Using a pre-generated pairing they could issue server keys based on probability  that they will win skewing odds in their favor.

The risk of cheating, even in an otherwise provably fair system is > 0%. 

The cost of mounting this attack in a practical way would make it less probable.  In fact I believe this attack would not be likely at all.  They would only have a small pool of server seeds that they have pregenerated and people would continually see the same ones and that would give them away.


The reality is that the more a site strives to reach 100% provably fair the more likely they are being fair. 

People have messed up crypto even by almost cloning good implementations on accident leading to compromises.  If they do not understand why publishing the hashes are important then they may not consider it bad to stick it out of the way to avoid the clutter of information many average people just  wont understand.

real life example: CEX messed up crypto for their API, it is a HMAC done by someone who does not understand what all HMAC is supposed to do.  They use it just to authenticate a user not the user+message.  The message itself is never HMACed and thus could be altered in transit (sha1 ssl cert not withstanding and while sha1 is broken and has been for  years no "in the wild" attack has been discovered and broken means different things to cryptographers than average people although sha1 is pretty bad).

Sony and some Bitcoin  wallets with weak random in ECDSA is another good example.  Although Sony was worse because it was not just a  group of related transactions it  was many transactions separated by a large time window.  There are something like 300 weak r wallets out there.  Most addresses havent been used in years though.  A few are still in use with instant withdraws on  the few thousand satoshi transmitted through at infrequent intervals.  No idea if someone is sweeping coins or if the legit wallet owner is transferring but the transfers out come in within 1 second of the deposit.  Last transaction I saw on a weak r wallet was Jan 31, 2015 for 6000+ satoshi.  Oh I stand corrected Feb 8, 2015 for 6717 satoshi.

End result by effectively cloning a REST API they have done it in a way that its horribly broken.  Other examples include some other crypto libraries where it tries to short circuit the encryption and returns early upon a mismatch.  Timing attacks then ensue and you just brute force the password one character at a time until you have it.  This is akin to an oracle attack on crypto which is another example of how good crypto can be improperly implemented merely by different error messages or return values.

I can see it being innocent that 999dice just thought they would move the cruft to the side without thinking about the effects - effectively removing "provably" from "provably fair".  Either they are clever cheaters or of a more innocent mind that they do not see the potential for evil in the implementation.   Without knowing more about the specific individual (not the speculated one and then more than "well he is a known scammer" not all con artists are the same) it is hard to tell.

Good point.
On first look it may seem to be a good thing as it make everything more random.
But you're 100% right with the fact that you need to change client seed with every new server seed, which in 999dice case = every bet.

What makes it look even worse is that 999dice is clearly "inspired" by Just-Dice - the site design is uncannily similar - and yet somehow they managed to mess up their provably fair system so much that they can cheat undetectably unless the play goes out of their way to click an extra button before every roll they make.

It's a little hard to believe that such a reduction in provable fairness would happen accidentally.

Yup ,and every serious site is accepting jd provably fair system.

It isn't perfect , but its the best out there for now.

There are some wiki pages and all but if there was a page that detailed how to properly do provably fair and flaws in every implementation known (without naming names on *that* page they can go somewhere else) along with detailed information why its not provably fair it would educate site operators as well as users and allow for better validation of provably fair claims.

For example 999dice is not "provably fair" because you cant prove its fair when you dont click the  button.  It might be fair but its not provably fair.  That is the distinction I am trying to make with the suggestion for the wikipage possibly on bitcoin.it or somewhere else that can become a public repo of knowledge on the subject.

I  think bitzino was one of the first to do provably fair systems and has some fairly detailed information about how they generate things.  https://bitzino.com/about/fair  

Casinos can be profitable as long as there is a house edge.  Short of the player cheating there would never be a break even for the player and over  time, over an aggregate amount of users the casino wins.  Even the best betting strategy will eventually crumble, although short term wins of sufficient size could pose problems for the house bank.  

The libertarian in me says that it is the players choice, if that is how they want to spend their entertainment dollars that is their choice.  The indian in me says woohoo casino profits pay for my health care, undergrad college and some other things.  Although sadly not graduate studies in law (only medicine/dental and then under strict conditions) so law school is all on me.  god I need a job.

I think that the laws that forbid gambling are legislated morality which never works out.  The US really should embrace internet gambling and stop having the silly rules.  Although I do see some progress in this. sports betting is illegal period under the federal wire act, other betting is legal if address verification is done to ensure same state as the site, age verification, and the site is registered with the state like any brick and mortar casino (which means the gambling commission can certify fairness in the games, which includes a full source code review for e-games like  slots and verified sealed (sticker) eproms containing the firmware).  This is actually progress which generally forbid it before 2006.  Maybe in a few more years they will open it further seeing how desperate they are for taxes.  Pushing it underground just encourages more scammers, fraud, deceit, unfair rules, illegal debt collection practices, etc.  Let hte people decide for themselves what is acceptable and what isnt on a personal level and the people that try to force laws to make everyone conform to their personal life choices need to stfu and go away.  

Hey at least with  the 2006 internet gambling act the gambler cant get into trouble and generally only the site management or those that facilitate the sites operation can if they are US based or US citizens.  Protip: dont hide the money source, pokerstars or whomever it was got money laundering charges because they listed credit card deposits as a purchase of goods instead of what it was.  Although  they would have gotten into troubles for  taking credit cards anyway.  That is one of many possible laws that has caused Coinbase to ban accounts that send BTC to known gambling addresses, with  their regulated exchange the fact they accept credit cards and possible status as a money transmitter  they need to be squeaky clean and cant have people using their webwallets for that or they can go down.  I think that is a side effect of the law but it is the law unfortunately.

I've received requests from people in the past to look into 999dice's provably fair system but I never got around to doing so. I'm sorry now that I didn't.

Withholding the server seed hash until it is explicitly requested is dubious behaviour. It allows the site to cheat on all rolls except those for which the server seed hash has been requested, which will be almost all of them.

Changing the server seed for each individual roll in itself is bad enough, since it requires the user to keep extensive records and also to change their client seed every roll to be sure that they aren't being cheated. Add the hiding of the server seed hash on top of that and you really do have to wonder what's going on. Why would anyone go to such lengths to hamper their provable fairness?

Of course none of this is proof that any cheating is going on, much like how having to let your boss know when you take the afternoon off doesn't prove that he's doing your wife. But when every other company in town lets you come and go as you please without notification you have to wonder what he is trying to hide.

Also, with so many sites struggling to make a profit with a 1% house edge how does 999dice manage to profit so well with only a 0.1% edge? Players should demand an overhaul of the probably fair system as soon as possible. Ideally players will be able to verify their rolls with very little effort. Using a single client/server seed pair for as many rolls as the user likes (pioneered by Just-Dice.com in June 2013) is the industry standard.

This. I thought it was pretty fucking weird that you have to click a button to see your server seed hash.

I found something kind of odd in the JS.

$.connection.mainHub.server.setClientSeed

I'm pretty sure they send your client seed to them.. lol why would they need to have this function when its sent as a parameter in the raw bet request?

No, Just-Dice constantly displays all relevant seed information on the 'Fair?' tab, and keeps it constant until you request for it to be changed.

That is in no way similar to 999dice knowing whether you have seen your seed hash or not. Just-Dice knows that you can been sent all your seed information before you make any rolls and so can never risk cheating for fear of detection.

tldr: at 999dice you have to specifically ask to receive your server seed hash and it constantly changes. at JD there's no way to not receive your server seed hash and it only changes when you ask it to

if you want a lawyer like that why wait?  hire me now

5% odds is .05*.05*.05 ...  to figure out the odds of consecutive losses.  Even  the best Martingale strategy will eventually lose because it will take infinite funds on a particularly bad losing streak.

Wrote a script to defeat any potential cheating on 999dice.com. It pulls the hash before every bet. Doesn't do multibets yet, but if you look at it, it should be simple to do. I'll work on that lateron.

It's over here: https://bitcointalksearch.org/topic/m.10407384

Well first off, an illegally operating bitcoin gambling site illegally doing business with someone in the US very likely has absolutely zero chance of winning any lawsuit anyway, given, oh, the fact they are operating illegally. So I'm not sure why anyone would worry. As for the removed news story, well, it just speaks to the journalistic integrity there, as well as their knowledge of journalism.

They were quoting what I said. How that makes them party to "extortion" is beyond me.

And if Saul Goodman is your hero - look me up when you pass the bar.

Thanks for the transparency. Going above and beyond to prove fairness and legitimacy, I hope, will bring you a lot more business.

OP, since 999dice's admin honored you with an entire page with your name please accept my apologies for my last post here. I was doubtful but proven wrong.

But allow me to comment that I find wrong in both yours and the admin's actions. While he did warn you to not deposit there again, you didn't listen. Him confiscating your coins right after is nothing more than outright theft though. If revealing this scam is your last resort to find justice I wish you luck. I hope those losses won't cause any serious problems in your life.