TL;DR

  1. Random Number Generator Slot Machine
  2. Rng Slot Machine
  3. Beat Random Number Generator Slot Machines
  4. Pseudo Random Number Generator Slot Machines
  1. The random number generator provides the slot machine with the most recent and random numbers being generated. This occurs 24/7. It is important to realize the process of randomization is actually.
  2. Attacking a Slot Machine's RNG. If playback doesn't begin shortly, try restarting your device. You're signed out.

If those two properties are met in the generator, then the output will be indistinguishable from true random noise, and the generator will be unbiased, not allowing an adversary, such as someone with a cellphone monitoring the slot machine, to get the upperhand on the slot machine, and prematurely cash out.

An Austrian casino company used a predictable pseudorandom number generator, rather than a cryptographically secure one, and people are taking advantage of it, and cashing out big.

The Story

Wired reported on an article about an amazing operation at beating electronic slot machines, by holding your phone to the slot machine screen for a time while playing, leaving the slot machine, then coming back an additional time, and cashing in big.

Unlike most slots cheats, he didn’t appear to tinker with any of the machines he targeted, all of which were older models manufactured by Aristocrat Leisure of Australia. Instead he’d simply play, pushing the buttons on a game like Star Drifter or Pelican Pete while furtively holding his iPhone close to the screen.

He’d walk away after a few minutes, then return a bit later to give the game a second chance. That’s when he’d get lucky. The man would parlay a $20 to $60 investment into as much as $1,300 before cashing out and moving on to another machine, where he’d start the cycle anew.

These machines were made by Austrian company Novomatic, and when Novomatic engineers learned of the problem, after a deep investigation, the best thing they could come up with, was that the random number generator in the machine was predictable:

Novomatic’s engineers could find no evidence that the machines in question had been tampered with, leading them to theorize that the cheaters had figured out how to predict the slots’ behavior. “Through targeted and prolonged observation of the individual game sequences as well as possibly recording individual games, it might be possible to allegedly identify a kind of ‘pattern’ in the game results,” the company admitted in a February 2011 notice to its customers.

Random name generator slot machine

The article, focused on a single incident in Missouri, mentions that the state vets the machines before they go into production:

Recognizing those patterns would require remarkable effort. Slot machine outcomes are controlled by programs called pseudorandom number generators that produce baffling results by design. Government regulators, such as the Missouri Gaming Commission, vet the integrity of each algorithm before casinos can deploy it.

On random number generators

I'll leave you to read the rest of the article. Suffice it to say, the Novomatic machines were using a predictable pseudorandom number generator after observing its output for a period of time. This poses some questions that should immediately start popping up in your head:

  1. What is the vetting process by states to verify the quality of the pseudorandom number generators in solt machines?
  2. Who is on that vetting commission? Is it made up of mathematicians and cryptographers? Or just a board of executives and politicians?
  3. Why aren't casino manufacturers using cryptographically secure pseudorandom number generators?

For me, that third item is the most important. No doubt, as the Wired article states, older machines just cannot be fixed. They need to be taken out of production. So long as they occupy casinos, convenience stores, and gas stations, they'll be attacked, and the owner will lose money. So let's talk about random number generators for a second, and see what the gambling industry can do to address this problem.

You can categorize random number generators into four categories:

  1. Nonsecure pseudorandom
  2. Cryptographically secure pseudorandom
  3. Chaotic true random
  4. Quantum true random

What I would be willing to bet, is that most electronic machines out there are of the 'nonsecure pseudorandom' type of random number generator, and Novomatic just happened to pick a very poor one. Again, there likely isn't anything they can do about existing machines in production now, but what can they do moving forward? They should start using cryptographically secure pseudorandom number generators (CSPRNGs).

In reality, this is trivial. There are plenty of CSPRNGs to choose from. CSPRNGs can be broken down further into three subcategories:

  1. Designs based on cryptographic primitives.
  2. Number theoretic designs.
  3. Special-purpose designs.

Let's look at each of these in turn.

Designs based on cryptographic primitives.

These are generators that use things like block ciphers, stream ciphers, or hashing functions for the generator. There are some NIST and FIPS standardized designs:

  • NIST SP 800-90A rev. 1 (PDF): CTR_DRBG (a block cipher, such as AES in CTR mode), HMAC_DRBG (hash-based message authentication code), and Hash_DRBG (based on cryptographically secure hashing functions such as SHA-256).
  • ANSI X9.31 Appendix A.2.4: This is based on AES, and obsoletes ANSI X9.17 Appendix C, which is based on 3DES. It requires a high-precision clock to initially seed the generator. It was eventually obsoleted by ANSI X9.62-1998 Annex A.4.
  • ANSI X9.62-2005 Annex D: This standard is defines an HMAC_DRBG, similar to NIST SP 800-90A, using an HMAC as the cryptographic primitive. It obsoletes ANSI X9.62-1998 Annex A.4, and also requires a high-precision clock to initially seed the generator.

It's important that these designs are backtracking resistant, meaning that if you know the current state of the RNG, you cannot construct all previous states of the generator. The above standards are backtracking resistant.

Number theoretic designs

There are really only two current designs, that are based on either the factoring problem or the discrete logarithm problem:

  • Blum-Blum-Shub: This is generator based on the fact that it is difficult to compute the prime factors of very large composites (on the order of 200 or more digits in length). Due to the size of the prime factors, this is a very slow algorithm, and not practical generally.
  • Blum-Micali: This is a generator based on the discrete logarithm problem, when given two known integers 'b' and 'g', it is difficult to find 'k' where 'b^k = g'. Like Blum-Blum-Shub, this generator is also very slow, and not practical generally.
Beating random number generator slot machines

Special-purpose designs

Thankfully, there are a lot of special purpose designs designed by cryptographers that are either stream ciphers that can be trivially ported to a CSPRNG, or deliberately designed CSPRNGs:

  • Yarrow: Created by cryptographer Bruce Schneier (deprecated by Fortuna)
  • Fortuna: Also created by Bruce Schneier, and obsoletes Yarrow.
  • ISAAC: Designed to address the problems in RC4.
  • ChaCha20: Designed by cryptographer Daniel Bernstein, our crypto Lord and Savior.
  • HC-256: The 256-bit alternative to HC-128, which is part of the eSTREAM portfolio.
  • eSTREAM portfolio: (7 algorithms- 3 hardware, 4 software)
  • Random123 suite: Contains four highly parallelizable counter-based algorithms, only two of which are cryptographically secure.

The solution for slot machines

So now what? Slot machine manufacturers should be using cryptographically secure algorithms in their machines, full stop. To be cryptographically secure, the generator:

  • Must past the next-bit test (you cannot predict the next bit any better than 50% probability).
  • Must withstand a state compromise (you cannot reconstruct past states of the generator based on the current state).

If those two properties are met in the generator, then the output will be indistinguishable from true random noise, and the generator will be unbiased, not allowing an adversary, such as someone with a cellphone monitoring the slot machine, to get the upperhand on the slot machine, and prematurely cash out.

However, the question should then be raised- 'How do you properly seed the CSPRNG, so it starts in an unpredictable state, before release?' Easy, you have two options here:

  • Seed the CSPRNG with a hardware true RNG (HWRNG), such as a USB HWRNG, or....
  • Build the machine such that it collects environmental noise as entropy

The first point is much easier to achieve than the second. Slot machines likely don't have a lot of interrupts built into the system-on-a-chip (SoC). So aside from a microphone, video camera, or antenna recording external events, you're going to be hard-pressed to get any sort of high-quality entropy into the generator. USB TRNGs are available all over the web, and cheap. When the firmware is ready to be deployed, read 512-bits out of the USB generator, hash it with SHA-256, and save the resulting hash on disk as an 'entropy file'.

Then all that is left is when the slot machine boots up and shuts down:

  • On startup, read the 'entropy file' saved from the previous shutdown, to seed the CSPRNG.
  • On shutdown, save 256-bits of data out of the generator to disk as an 'entropy file'.

This is how most operating systems have solved the problem with their built-in CSPRNGs. Provided that the very first 'entropy file' was initially seeded with a USB true HWRNG, the state of every slot machine will be always be different, and will always be unpredictable. Also, 256-bits is more than sufficient to make sure the initial state of the generator is unpredictable; physics proves it.

Of course, the SoC could have a HWRNG onboard, but then you run the risk of hardware failure, and the generator becoming predictable. This risk doesn't exist with software-based CSPRNGs, so provided you can always save the state of the generator on disk at shutdown, and read it on startup, you'll always have an unpredictable slot machine.

on

Modern slot machines are powered by software called “random number generator” software — RNG, for short. If you can beat the RNG software, you can beat the slots.

That means winning money.

At one time, slot machines were powered by physical reels and springs, but no modern casino uses such gadgets. Even the machines that LOOK mechanical are powered by RNG software.

Can having an understanding of how that RNG software works enable you to change the return to player (RTP) percentage in your favor?

These are the questions this post tries to answer.

Some Definitions

Understanding what’s happening on a slot machine and with the RNG and RTP is easier when you understand some of the following expressions:

  • Hit Frequency: How often you can expect to see some kind of winning result on a slot machine

Random Number Generator Slot Machine

  • House Edge: A statistical prediction of how much of each bet the casino will win in the long run. It’s expressed as a percentage, and if you add the house edge to the return to player percentage, you’ll always get 100%
  • Independent Trials: Events that don’t affect subsequent events and which aren’t influenced by prior events. In the case of slot machines, every spin of the reel is an independent trial
  • Jackpot: The amount of the biggest win available on a slot machine game
  • Long Run: A large number of trials. The actual long run is infinity. Every spin of a slot machine’s reels takes you nearer the long run
  • Odds: One way of expressing probability (see below). Also a measure of how much a bet pays off compared to the amount bet. With slot machines, winnings are expressed as “X for Y” rather than “X to Y.” I’ll explain that further in this post
  • Payback Percentage: The same thing as the return to player percentage. A predicted estimate of how much of each bet you’ll get back as winnings. This is always a number under 100% so that the casino can make a profit
  • Payout: The amount you win from a specific combination of symbols
  • Probability: How we measure the likelihood of an event happening. A probability is always a ratio or a fraction and can be expressed in multiple ways — as a fraction, as a decimal, or as a percentage
  • Random Number Generator (RNG): A computer program that cycles through thousands of numbers per second. When a slot machine player hits the spin button, the number that is being “thought of” at that instant determines the results on the spinning reels
  • Reels: The reels are the things that spin on a slot machine. They have multiple symbols on each of them
  • Return To Player (RTP): This is a percentage that predicts, in the long run, how much money a slot machine will pay back to a player in winnings. This is always under 100%, because otherwise, the casino wouldn’t make any money
  • Short Run: What happens on a small number of trials. The fewer trials, the closer you are to the short run. The ultimate example of the short run is a single spin of the reels on a slot machine
  • Slot Machines: Any gambling machine with spinning reels with symbols on them
  • Symbols: The pictures on the front of the slot machine reels. If these pictures match, you get winnings
  • Weighting: How the random number generator assigns a probability to a specific symbol coming up. Some symbols are weighted to come up more often than others, and vice versa

How Does a Slot Machine Work?

Early slot machines had three reels with multiple symbols on each, and they paid out when you got a winning combination. The reels were housed inside the machine and were activated by pulling a lever on the side of that machine. Springs set the reels into motion.

Calculating the probability of getting various results on a mechanical slot machine was easy. You just took the number of symbols on each reel and divided to get the probability on one reel. Then you multiply by the other reels.

On a slot machine with eight symbols on each reel, the probability of getting a specific symbol on a reel is 1/8.

The probability of getting that symbol lined up on all three reels is 1/8 x 1/8 x 1/8, or 1/512. That can also be expressed as odds of 511 to 1, or 0.2%.

These slot machines generated returns for the casino by paying out less in winnings than the odds of winnings. Since you have 512 possible outcomes with this machine, as long as the total payouts for all those outcomes total less than 512, the casino makes a profit.

You divide those payouts by those outcomes to get the predicted payback percentage or return to player.

Let’s say you have a total of 450 coins you could win after adding all the winning combinations together.

The payback percentage for the game would be 450/512, or 87.9%.

In the long run, you’ll win 87.9 cents for every dollar you put through the machine. The casino will keep the rest.

That’s a long-term average based on the probability and the payouts. The game doesn’t know where it’s at in terms of that expectation, and it doesn’t change its randomness based on how much you’ve won or lost before now.

In other words, the probability of getting three cherries on the next spin is always 1/512, regardless of what happened on the previous spin, the previous 10 spins, or the previous 100 spins.

Some people might think that if you just got three cherries, the probability of getting that result again on the next spin drops.

It doesn’t.

It’s still 1/512, just like it was before.

How Random Number Generators Changed How Slot Machines Work

With a random number generator creating these results, slot machine designers can change the weightings for the symbols. You can still have eight symbols per reel, but the probability for the cherries might be set at 1/16 instead of at 1/8, while the probability of bars might be set at 1/4 instead of 1/8.

This enables the slot machine to offer bigger prizes while maintaining a profitable return to player percentage.

Each of the numbers that the random number generator program cycles through corresponds to a combination of reel symbols on the payline. Those weightings are accounted for in the assignment of the numbers.

All of this takes place “under the hood,” too, so you have no way of knowing what any of the probabilities are.

In fact, you can have two identical slot machines sitting right next to each other programmed for different payback percentages. Slot machine A might have a payback percentage of 88%, and slot machine B might have a payback percentage of 92%.

They might both be Wheel of Fortune slots games, too. The only difference is the probability with which the symbols come up.

The Difference Between the Short Run and the Long Run

The rule of thumb when dealing with random events is that anything can happen in the short run — anything at all.

But the closer you get to the long term, the more likely you are to see results that mirror the predicted expectation.

  • You’re playing a slot machine game with an 88% payback percentage. You make one spin, and you bet $1 on that spin.
  • Practically any result is possible at this point. Some results are more likely than others, but your return on that single bet absolutely will not match the statistical expectation of 88 cents.
  • There’s a good chance — maybe 50% to 75% — that you’ll lose your dollar altogether.
  • The rest of the time, you might win a dollar, $10, or even $1,000 on that single spin.

Those are all possibilities.

In fact, even if you make 10 spins or 100 spins, you probably won’t see results that line up with the mathematical expectation. Your sample size is too small.

As the number of bets you make approaches infinity, though, the more likely it is that your results will start looking like the results you’d expect. Remember, these expectations are averages over the course of those bets.

Let’s say you make 1,000 bets at $1 each, and when you finish, you have $880 left. You’ve lost $120 over 1,000 spins, so that’s a $0.12 loss per spin on average.

That also represents an 88% return to player percentage.

That’s exactly what probability would have predicted.

But even in that situation, it wouldn’t be unusual to have results that are skewed by variance in the short run. Win the 1,000-coin jackpot twice in those 1,000 spins, and it would be almost impossible for you to achieve results that resemble the mathematical expectation.

What About Hit Frequency? How Does the Slot Machine Know How Often to Pay Me?

The slot machine doesn’t “know” anything. In fact, it has no memory of what happened on your previous spin. The hit frequency is established by the programming of the random number generator.

Most of the time, the hit frequency for a slot machine will be at least 25%. Usually, it’s more than that. 33% to 45% isn’t uncommon.

But that’s strictly a function of probability. In the short run, you might win far more often than that — or far less often.

Slot machines don’t know what happened on the previous spin.

These are independent trials. Those predictions are just predictions based on probability.

So How Do You Beat the Random Number Generator?

I have a good friend who claims that his aunt used to pay her rent and bills by playing the slot machines. He said that she would watch the machines and get an idea of how often they paid out. When the right amount of time had passed between payouts, she would bet on that machine and win.

He claims that he went to the casino with her on multiple occasions, and she would point out a machine to him, and he’d play on it and win.

He’s convinced that they were able to beat the random number generator by paying attention to the cycles that the computer program was going through. That way, when the right number was about to come up, they could be there and bet on that number.

Do you see the trouble with their logic?

Yes, a random number generator program cycles through numbers.

But the program cycles through thousands of numbers PER SECOND. This isn’t a case of the computer program cycling through 120 numbers per hour or something like that. If it were, then sure, you could easily figure out when a machine was “due” for a payout.

The cycles happen so fast that they might as well be random.

How did he and his aunt win?

A combination of factors is in play here. One of these is confirmation bias. They expected to see certain results, so those are the results they’re most likely to remember. This is a common psychological foible with anyone.

The other factor is that they might have gotten lucky a few times. Everyone wins occasionally if they play long enough. If they didn’t, the casinos wouldn’t make any money because they wouldn’t have any customers.

How Do You Win Against an Electronic Slot Machine, Then?

Your only hope of winning against the random number generator is to get lucky in the short run and quit immediately.

Rng Slot Machine

The longer you play, the more likely you are to see results which resemble the predicted results.

There’s no way of guaranteeing you’ll beat the computer program other than by cheating or re-programming the machine. That’s beyond the scope of this post, and it’s a major crime, anyway. (In Nevada, cheating at gambling is a felony.)

What’s your best strategy then?

Since most slot machines played for a higher denomination have a higher payback percentage, it’s probably a good idea to play as few spins as possible for as much money as possible.

The penny slots players are the ones least likely to win big because the house edge grinds away at your money over time like compound interest.

If you have $100, you’re better off betting all of it on a single spin of the reels than you are making 100 spins on a $1 machine or 2,000 spins on a nickel machine.

You’ll spend less time playing, but you’ll have a better probability of going home with some big winnings in your pocket.

Beat Random Number Generator Slot Machines

The trick is to walk away once you’ve won and never go back.

I have a buddy who hits the Winstar Casino at least once a week. He wins occasionally — maybe once every four or five trips. Sometimes he even wins big money, which he puts in the bank.

But he keeps going back.

Since those games are negative expectation bets, he’ll inevitably lose his money if he keeps playing.

Even though he sometimes wins, he keeps exposing his bankroll to the house edge.

And that’s a sure way to lose.

The only way to beat the random number generator is to get lucky in the short run and walk away forever once you’ve won.

That’s probably not the way most people are going to play, so here’s a compromise for someone who wants to get some more gambling under her belt while still having a chance to beat the random number generator.

Set a win goal. I like to find a flat-top slot machine with a 1,000-coin jackpot. Hitting that jackpot is my goal.

I set aside 600 times the size of the bet on that game. If I’m playing a game with a $1 cost per spin, I’ll set aside $600.

I’ll then play the game until I’ve hit the jackpot or lost my entire $600, whichever comes first.

This doesn’t give me any kind of mathematical advantage over the casino, by the way.

It just gives me a fighting chance of winning some money and going home with it.

Conclusion

Do you want to know how to beat RNG software?

Failing that, play with some kind of strategy that keeps you in the short run and out of the long term.

Besides cheating and hacking, there’s no other way to beat the random number generator.

Pseudo Random Number Generator Slot Machines

Please enable JavaScript to view the comments powered by Disqus.
⇐ ⇐ Slot Machine Phrases
⇒ ⇒ Tour De France Stage 11 Betting