Topic: How 999dice.com is stealing your coins, and exactly why you won't believe me - page 9. (Read 41936 times)

so you are using evidence that the site is a scam that
1) you lost money there
2) its possible they may be using fake seeds

Doesn't seem conclusive, no need to dox anyone, just move on to another gambling site and give a fair warning to others that the site may not be honest.

You have 0 evidence really that they did steal, so your title seems pretty over the top. 

Based entirely on your response it appears that the URLs I posted were too technical to be understood properly.  Maybe this URL will be better for you to understand.
 Knowledge is power.  http://en.wikipedia.org/wiki/Timing_attack

Brute forcing the seed would take > 0 time units or > "no time  at all".  It would be detectable and then could provide the basis of proof of  your theory.  I encourage reading the original URLs I posted, they really do contain useful information relevant to proving your theory.  You do want  to prove it right?  This thread is not just a rant session and no proof will be sought?

I took the liberty of confirming that tcp timestamps are enabled and properly passed from their server.


Excellent you are on your way.  Keep up the good work.

your ping time however is irrelevant.  There are multiple reasons for this but from a basic network perspective ICMP is often given a lower priority on the various networks that comprise the internet and as such is not as reliable.

What you are after is how long the userspace application processes various tasks.  So even if ICMP was treated equally on the network you would only be measuring the kernel time to process and respond which is not very useful.


true but  tcp timestamps do not use icmp.  Fortunately the two protocols are completely separate and they must have the result before they send the tcp response back.  This means that you can measure the time it takes to process A vs processing B.  That variance can lead to actual proof as opposed to something else.  Note that you must statistically differentiate between a regular loss and what you claim to be a cheat loss (if that even happens which based on the post I am responding to I doubt more than ever).  

Keep up the good work, you are well on your way to understanding this and how you can prove your theory.  If you need any more help understanding basic networking or basic security let me know and I can fill in the missing pieces.  Side channel attacks are really not that difficult once you understand the basic concepts that go into them.  I encourage you to go forth and learn a little bit about basic networking and software development.  Based on the content of your post I can only come to the conclusion that there is much to be learned about that.

Its all about knowing how long the server does a specific task and when a task takes longer than normal you know something else is going on -  you just dont always know what so you have to get quite a few samples.  Use the faucet its free.

it is funny
i think most people has know that it is a scam site
but why do people still play there
perhaps because of them still make a profit every day (smart player)
some are a playing with dumb and lost "a lot" and finally put hate to admin there .dont know

Well of course they didn't break SHA256/512. If they did they wouldn't be running a scam dice site, they'd just empty any bitcoin address that exists any time they wanted some bitcoin.

As for the server times varying, "brute forcing" the seed would take no time at all. I'm going to simplify their process, because theirs invoves double hashing, then reading the first 3 bytes, converting it to an integer, checking it's value, then using just the last 6 digits. Too much work for a forum example.

So for my example of how "hard" it is to brute force a sha256 seed to make you lose a roll, our bitcointalk-dice site will generate your roll by double sha256'ing the seed. The client seed and nonce are irrelevant for this example, since they wouldnt change. After it's double sha'ed, we will use the first four numbers that appear to get your roll, and divide by 100, so you'll get 00.00-99.99. Also, for brevity, the server seeds will just be random words I feel like picking instead of 32 character strings that clutter up the screen.

So, you're betting 50/50, on low. Server seed is 'ripoff'. Double sha256 the word ripoff (as a string) and you get:
d7ec963e8d5eb5bd118fa809c05abc56d47f77a1a4d421db180b3bf4add8ed80

First four numbers are 7963 so your roll is 79.63. You lose.

Next roll your seed is 'theft'. Result:
30d5dd57f28d02756aa06a71d40b4f300241e5c8323ffb596f9609d630decf5f

First four are 3055 so your roll is 30.55. You win. Ok, now the server thinks you're winning too much, time for you to start losing.

Next seed is 'scam':
92eeea29311e699e209c3127d18f13e7711c1ff903162e4bbe5ab551429ed737

92.29 - a loss. Luck was on our side this time. Lets take back some of those "winnings" we let you have.

Next seed is 'arrogant':
b13e51f886ed5ca336191d8e65fd2f6c0adf43c379af0d60215c8623008ffb89

13.51 - a win... but we want you to lose, and you didn't save the hash for 'arrogant' so lets change the seed to, new random word, 'cheat':
b2a1f658776f82f8e7fb704b3a060773bc24423dc6d0298da55eeea0eb31224d

21.65, damn, ok, try again, 'liar':
6429f62ea32edf61a0d684c5c5be80d71c82385fdaa0eae88aa1a9acc4a3a833

There we go, 64.29, you lose, sorry man. The seed was 'liar', you can be sure we didn't cheat by making sure it hashes out correctly, and you can validate we didn't change the seed by checking the hash we provided before you made the bet.

Oh, you didn't click the button? Sorry. Guess you just gotta trust us.

My point being, 'brute forcing' a sha256/512 to get a random dice number you want is simple. The odds of them finding one that works for them is exactly the same as your chance to lose. It might take 15-20 tries to find a losing hash if you're betting 95% wins, but that would take a server microseconds, tops. You'd never notice it. The TCP overhead and standard traffic time is millions of times faster than the time it'd take to hash it out.

On my mid to high end server I ran those hashes on, I just took the microtime, double hashed a random number 300 times, then checked how long it took.

.000703811 seconds.

.7 milliseconds.

My desktop pings to 999dice.com are about 170milliseconds.

In the time it takes a ICMP packet to hit 999dice and come back, they could have hashed over 72,857 guesses.

It's not hard, and if using timestamps as your basis, it's completely undetectable.

Even worse - if you never change your client seed (something I always did on every roll when using the API), they can save hashes in advance. Need the roll to be 98.55? Pull saved entry number 13,872, that one was 98.55.

There's some news coverage of this thread:

http://newsbtc.com/2015/02/08/bitcoin-gambling-website-scam-nearly-exposed/

Lot of posts overnight so going to try and respond here all in one message.


Thanks for your input. However, I argue that it is "widely regarded" as a scam. There are 2 threads here about it (three maybe) and not a single one has any proof, or even anything approaching proof. In fact, one of the threads is started by someone who poorly photoshopped "proof". There will always be the sore losers who rant they were scammed. I'm providing strong circumstantial evidence that it's true, or, at least that it's a very real possibility that it's true.



What do you suggest is the most appropriate action then? Law enforcement who doesn't care? Hire a hitman? Fly out to CA and accuse some random person that someone thinks might be him, and what...? Waterboard them until they admit it? What would be a better course of action, aside from getting the word out?

And if you refuse to believe it, for your sake, I hope you don't gamble there.

They do consider it money for a variety of things.

For SEC laws its generally considered money.  For the Silk Road case Ross Ulbright was just convicted of ... money laundering which specifically requires a monetary instrument (his lawyer lost the argument that bitcoin is not money). 

Basically the courts have all  held that bitcoin is money when it comes to criminal acts  that otherwise require money.  The IRS considers it money if a merchant sells goods in it but a commodity other times.  The IRS is the weirdo and has rules that are highly situational dependent on how they view bitcoin. 

I never trust this site when Stunna leave a red -ve to jake


If that country has a regulation against BTC crime, I'm sure the law enforcement will busted that guy

Can FBI or any other authority do anything about people dealing in BTC?
They do not consider it money so why wont they stay away?

No it isnt.  18 USC 1030 is the hacking statute and that has a lesser penalty than the RICO case for an illegal internet gambling site.  Illegal is a very loose term in that act it means if the laws of *any* US state are violated it is illegal, age verification is a required attribute to make it legal under that act.  There are other reasons it would be illegal.  

Not only does the RICO charge have at least twice the penalty (20 years instead of 10 as a maximum) but it exposes more people to more criminal liability because it parasitically infests a group of people.  Wire fraud if they went that route would be a 5 year max, so there it would be a lesser crime (unless they raised that since the last time I read it).  Wire fraud would not be the typical way to go when there is an internet gambling act passed in 2006 though.  He could also be charged with individual counts for each occurrence of cheating (if he is cheating) but proving which ones were cheats and which were not might be difficult and without that there is no crime.  Internet gambling can be proved by just visiting the site, no cheating or anything else to prove.  Issue subpoenas to get the real IP of the server and  then more subpoenas to get the identity (or potentially wiretaps to monitor who is accessing the site, possibly track the coins to see who is spending them and potentially cashing them out, etc).  It is not illegal to be a gambler though so if he is clever in how he pays himself he could make it look like gambling winnings which at most carry a tax liability and the IRS can go after him.  

It is a French IP owned by a German company.  Would France cooperate?  Is this even illegal there?  If it isnt they may not be able to cooperate and short of following the coins and proving who the site operator is then it would be difficult at best to do anything.  People on this site have just as much ability to track the coins and see if they can discern who is getting paid and who is just winning.  I mean sure maybe the gov can subpoena the domain registrar records to get the wallet address used to pay for the domain and see if they can trace it that way but  that might not pan out either.

They use google tracking so presumably they could subpoena google to get the AdSense or Analytics or whatever customer info and see who is accessing that and if its a linked account and chase the rabbit down that hole.

The use a Comodo ssl cert so another potential target to subpoena to try to get info.  Comodo is US and UK based so presumably there would be a hook there.

Crookservers.net is the hosting provider (who appears to have leased the FR IP).  Based on their legal style I would say US based edited by a non-lawyer (I say that as someone currently in law school in the US).  It also uses American spelling not British in the TOS.  "Sales Inquiry" is Americanized.  Inquiry is more for investigations while Enquiry is more for um well Sales Enquiries, at least from what I heard.  They do not have the required business identification for much of Europe on their page.  In fact they do not really identify who they are as a corporate entity or have telephone numbers at all.  Not surprising with all the cheap hosting providers out there doing the same though.  I bet money they are US based though, and I *will* check the server hash before placing that bet

Crookservers lists by default prices in pounds but does not mention VAT anywhere on their page (via google).  I believe that the UK requires VAT numbers to be published so there can be verification of them. The carnival fraud or whatever it is called.  Much recordkeeping.

It appears to be a windows machine as well.  I just find it odd that anyone would host anything on windows but I am biased.  God I hated working at Intel and all their stupid windows machines.  


I do agree with the rest of what you said though

On what charge though?  If its 999dice there has to be proof a crime was actually committed and I am unconvinced that a string of losses vs a string of wins with a correlation between the two is proof.  

Technically any gambling site that does not blacklist US people could go down if the gambling is illegal in any state AND there is some US based person involved other than the gambler (31 U.S.C. §§ 5361–5367).  Lack of age verification makes it illegal (as well as other things).  Its illegal to run the site, not illegal to gamble there.  I have not seen a single case where 100% of everything was outside the US and they still tried to go after the site operators.  It is a RICO case which lets them parasitically go after a whole bunch of people and assets, well its RICO if anyone gets any profit from the site.  

I suspect that unless and until cheating is proved (which could be a wire fraud case) or he gets big enough to matter they wont bother with the resources though.  It is far more likely that a state attorney general with aspirations of being a federal senator or perhaps president will be the one that goes after such things.  That is why NY is going after all the ponzi sites of late.  Remember, if at least one person in the state could be harmed by the illegal acts of someone external to the state then they can indict.  If its a foreign national they can request extradition although that is handled federally in most cases (often with the State Department running point).  Once they are in the US then they can be told to take a seat over there.

it is good that you documented all this on a public forum.  yes it may not have the priority of a silk road, but they will catch up to his ass sooner or later.

It really doesn't matter, he is doing business with US clients.  FBI will get his ass at some point when years later he wants to visit Disney World with his kids, or whatever.

Sounds like "Jake" will be getting nailed by the FBI soon enough...  these scammers never learn...

I did not see this mentioned so I am gonna do it ...

999dice generates a hash out of some input data (client seed which the client can control, along with other data).  It then processes that hash to get a pseudorandom number.  

999dice does track the users balance as well as wager size in a easy to prove way.  When auto betting it will bet faster if  you have a large deposited balance as well as a larger wager.  The larger the wager the faster it bets.  The larger your balance the faster it bets (or so it appears).

If the OP is correct in his assertion (correlation != causation and all that) this means either they broke sha256 (or do they use 512?  I forget) or they are just brute forcing a loss.  It is highly unlikely that they broke SHA256 or 512.  Therefore they would have to use the wager size tracking and brute force a loss when they decide they want a losing wager.

If they are brute forcing a loss then the response times from the server for larger wager losing bets would vary because it would have to do more operations to return the response.  A technique like http://seclists.org/bugtraq/2001/Mar/182 could possibly be used to detect the jitter in the response times, if tcp timestamps are passed from the end server (I think they proxy through cloudflare but I am unsure, and I am unsure if they pass that).  Short of that you would have to rely on received packet responses which has more network delay than using tcp timestamps so greater variances.

A clever person would plot the time differential between wager placed and response given both when tracking the server hash and when not to see if there is a greater deviation on losing bets when not watching.  That would help to ascertain if the correlation the OP observed is actually due to causation or just random chance.

Side channel attacks like timing based attacks are a known standard method for attacking crypto systems.  Anyone who is really into crypto should be thinking about them.  Some crypto systems have been defeated by using timing  attacks (like poor HMAC implementations that compare before they finish doing everything and short circuit abort on mismatch) This has presented itself in authentication applications (rlogin, ftpd, etc by guessing valid usernames or passwords) and other programs in the past.  Detecting TOR hidden service can use this technique as well as detecting virtual honeypots. 

It feels good to breathe new life into a paper I wrote 14 years ago.  It hasnt been cited in followup work enough in the last few years

Similar to JustDice who used to have server provided client hashes unless you forced a randomization on your client
https://bitcointalksearch.org/topic/just-dice-is-not-provably-fair-to-gamblers-482855

OP if you seriously picked the most shady of the dice websites to bet tens of thousands volume of bitcoins, that was well deserved. For someone that lost ~200 Bitcoin though, posting on a forum doesn't seem like the most appropriate action. I refuse to believe this.

be sure to get the server hash before you place that bet

I send couple months ago request on ic3.gov but they dont make nothing.
And he is from USA crimestoppers-UK they will help?