A slot is a machine which operates on the principle of a random value generator. Theoretically, it is impossible to beat it. But sometimes it is possible to beat a slot with the help of various tricks and tricks. Many of these tricks - manipulating the machine software. Often dishonest casino employees were involved in such schemes.

Sometimes players would simply find a glitch in the slot machine and use it to their advantage. 

Recently, there was an unusual story when a guy from St. Petersburg predicted the results of spins on certain models of slot machines and earned large sums at online casinos around the world. 

This unbelievable story made us think: is it possible to predict the result of the game to beat the machine in the same way?

How did a regular guy win the slots

Alex - that's the guy's name - deciphered the PRNG (PRNG) used by the slots and made millions from it.

One Russian casino hired him to manage the RTP of Novomatic slot machines, then he worked as a programmer and hacker. Alex figured out PRNGs (pseudorandom number generators) and the principles of their operation in the machines. He noticed that these slots used an insecure PRNG algorithm.

A real GSF uses electromagnetic interference to generate random and unpredictable values - fair play here. 

The PRNG works differently. Here the values are predetermined and the illusion of an infinite series of values is created - at first sight it seems that the values drop out at random. But it is possible to find a weak point in the PRNG operation and predict the next value.

That is exactly what Alex did. Within a few years, he had created a whole system and assembled a team of like-minded people - so they earned over a million dollars.

It begs the question - how lawful and fair did Alex act?

Basically, Alex just used math and statistics for his scheme to beat the slots. Much more common are more treacherous and crude thefts, where the machine is simply hacked. 

Experts in the gambling world don't think Alex broke the law. It could be compared to counting cards in blackjack or bonusjacking. 

In most countries it is not forbidden to figure out the algorithms of slot machines. Usually, if security caught someone cheating, they simply took the winnings from the player and blacklisted them.

This story is absolutely real. In 2015, four members of Alex's team were arrested for fraud (they were discovered by one of the casinos he had defrauded). Alex himself decided to get out of the business and go into something else.

Alex started blackmailing big gaming companies. For example, he contacted Aristocrat and offered to protect his company from hacking and promised to close holes in their system for a tidy sum. Otherwise he threatened to leak it to a competitor. But he was refused anyway.

Schemes and tools for manipulating slot machines

Most often fraudulent schemes are based on manipulation of software. This, of course, is illegal. And such schemes work only in traditional casinos, and in online casinos the machines are protected more reliably. We will consider honest methods to beat the slots. 

Here are a few of the most common ways to cheat the machine:

  • Counterfeit coins or tokens: you need counterfeit coins or bills that slot machines accept as a form of payment. 
  • A coin on a string (yo-yo): like a yo-yo toy, the moment spins up and down if you operate it correctly. It is first inserted deep enough into the slot machine so that the machine registers it and starts playing. Then they take it out and use it again and again.
  • Wiped Coins: Such coins will be registered as a true form of payment, but will be returned to the player for reuse.
  • Piano string: The string is inserted into the spinning insides of the slot machine and jams the clock used to measure the spin of the wheel. In this way players can manipulate the result of the spin. 

Slots and software failures

A programming error can cause the software to fail, which players can use to their advantage.

There are a huge number of examples where failure has resulted in huge winnings. For example, in 2015, a 90-year-old woman from Illinois won $41 million at a Miss Kitty machine. But the casino refused to pay out the winnings.

More often than not, casinos really don't pay out big winnings in case of failure. But there are worse situations: dishonest casinos use failure as an excuse not to pay out honest winnings. 

You have to be able to recognize a failure and use it to your advantage. And even if you can spot a failure, there is no guarantee that you will be able to make money from it.

How did Alex hack into the slots

The simplest PRNG algorithm is actually quite simple:

RNG = (a * Previous RNG + c) mod m

This is the linear congruent generator (LCG) and is still used as the default random number generator algorithm.

It works and meets the criteria for homogeneity of random numbers generated. And it meets all the criteria that the programmers worked on in the specifications.

How to hack a simple PRNG 

The first step is to find out the exact parameters of the algorithm (a, c and m in the formula). It is not difficult, as they are specified on each slot machine. Alex simply computed the binary code from the automata memory and decompiled it. 

Then, in order to predict and use the LFG sequence on a real slot, you need to know the current value of LFG.

2. Search for the current value of LFO

The PRNG algorithm is not difficult to predict. It is enough to know 3 random numbers to calculate the parameters a, c, m and easily guess the next numbers in the sequence.

However, this is not the problem Alex was facing. Alex already knew the parameters a, c and m from decompilation, but he did not know the current value of the RNG state. He was able to trace the obtained random numbers indirectly by observing the positions of drum stops in the recorded spins.

The slot reel has 50 - 100 symbols, and only three are displayed on the screen. Combinations can be repeated, and reels have different lengths. Suppose there are 50 combinations on each reel. A random number selects one of those 50 combinations, so just by looking at the first reel on the first spin, you can eliminate 49/50 (98%) potential random numbers.

If there is a result of most consecutive random numbers, only one random number can be obtained which will give the desired result for all spins. It remains to simulate all random numbers and it is done. 

If a slot machine uses random numbers that are 64 bits long, it would take a very long time to simulate them all. Alex could use two ways:

1. 32-bit state of the DSP

If the slot uses a 32-bit random number value, then there can only be 4,294,967,296 possible states of the GSF. For modern computers it is a matter of 5 seconds.

2. using random numbers to find the current state of the DSP

If the slot has a 64-bit RNG state, you can deterministically stop 5 reels of 50 symbols each as follows:

Pos1 = RND modulo 50

Pos2 = (RND / 50) modulo 50

Pos3 = (RND / (50*50)) modulo 50

Pos4 = (RND / (50*50*50)) modulo 50

Pos5 = (RND / (50*50*50*50)) modulo 50

Now the reel has only its own part of random numbers, and there is no connection between the reels. Provided that the random numbers are homogeneous, then there is a single probability of any possible result of the game (**). The regulator confirms.

If there are reel values, it is not difficult to calculate the end of a random number (RND mod 50 ^ 5):

RndEnd = pos1 + pos2*50 + pos3*50*50 + pos4*50*50*50 + pos5*50*50*50

You will now be able to determine the current position of the random number generator. 

It remains to simulate random numbers that correspond to the RndEnd + X * 50^5 pattern:

1 * 312500000 + RndEnd

2 * 312500000 + RndEnd

3 * 312500000 + RndEnd

Now out of 2^64 possible values (18466744073709551616) you will only need 59029581035. At first glance this seems like a lot, but a good computer will do the job in a few minutes. 

That's it. Now you know the random number, and you can predict future spins.