Bitcoin Forum

Economy => Gambling => Topic started by: Alex Beckenham on July 05, 2011, 02:00:29 PM



Title: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: Alex Beckenham on July 05, 2011, 02:00:29 PM
Hi everyone,

I've finally got a new game online... please check it out.

http://btcriches.com/images/btcriches468.gif (http://btcriches.com)

Basically, you try to guess the combination to the safe and if you open it, you win 7 times your bet (Min/Max bet is 0.01/1.00 BTC).

Each game is 100% verifiable (The combination to the safe is chosen before you play, and an MD5 displayed).

Thanks,
Alex


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: Alex Beckenham on July 06, 2011, 12:29:55 AM
Sorry, I just realised this should be in the Gambling sub-forum...


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: Alex Beckenham on July 06, 2011, 01:36:10 AM
So then move it there.

I didn't know I could. I thought only mods could do that.

Edit: Wow, learned something new, thanks.


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: Hyperwyrm on July 06, 2011, 04:01:28 AM
"Nothing to withdraw" but I have 0.07BTC balance and 13 confirmations on the deposit?
(Yeah I didn't bet much ;D)


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: Alex Beckenham on July 06, 2011, 06:37:54 AM
"Nothing to withdraw" but I have 0.07BTC balance and 13 confirmations on the deposit?
(Yeah I didn't bet much ;D)

Sorry, just a redirect bug, it should be taking you to Bitcoin Balance.

I see your balance of 0.07... You can withdraw if you log in directly to: http://bitcoinbalance.com



Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: Alex Beckenham on July 06, 2011, 03:20:44 PM
Someone just won THREE times in a row with exactly the same guess:

bet 0.97 on Left-Left-Left, won 6.79 btc
bet 1.00 on Left-Left-Left, won 7.00 btc
bet 1.00 on Left-Left-Left, won 7.00 btc

Looks pretty suspicious, so withdrawals are disabled until I figure out how this was hacked or if it just was an extremely lucky run.

(Player withdrew 11.78 so far, with 7.01 still in the site balance)



Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: Alex Beckenham on July 06, 2011, 03:37:12 PM
I'm a retard, I forgot to switch to random.org after testing:

Code:
//get a random number for next game:
/*$ch = curl_init('http://www.random.org/integers/?num=1&min=1&max=8&col=1&base=10&format=plain&rnd=new');
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$randnum = trim(curl_exec($ch));*/

$randnum=rand(1,8);  //temp

But that still doesn't explain to me how they could know rand() was going to return three 1's in a row.


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: dan_a on July 06, 2011, 03:41:43 PM
I'm a retard, I forgot to switch to random.org after testing:

Code:
//get a random number for next game:
/*$ch = curl_init('http://www.random.org/integers/?num=1&min=1&max=8&col=1&base=10&format=plain&rnd=new');
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$randnum = trim(curl_exec($ch));*/

$randnum=rand(1,8);  //temp

But that still doesn't explain to me how they could know rand() was going to return three 1's in a row.

I might be being dumb here (I'm not logged on and don't have anything deposited,) but the MD5 on the page doesn't change when you refresh the page.  That suggests that the same combination is coming up every time.


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: Alex Beckenham on July 06, 2011, 03:44:54 PM
I'm a retard, I forgot to switch to random.org after testing:

Code:
//get a random number for next game:
/*$ch = curl_init('http://www.random.org/integers/?num=1&min=1&max=8&col=1&base=10&format=plain&rnd=new');
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$randnum = trim(curl_exec($ch));*/

$randnum=rand(1,8);  //temp

But that still doesn't explain to me how they could know rand() was going to return three 1's in a row.

I might be being dumb here (I'm not logged on and don't have anything deposited,) but the MD5 on the page doesn't change when you refresh the page.  That suggests that the same combination is coming up every time.

That's only if you don't play... as soon as you play a game, it changes.

(Well, it's supposed to... that's something worth checking - thanks)


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: dan_a on July 06, 2011, 03:49:29 PM
Oh, I think I might be able to see how this worked...
Are you outputting something along the lines of md5sum("Left-Left-Right")?
If so, it's a simple dictionary attack... the gambler computes the 15 possible different MD5sums in advance and then compares them to what displays.


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: Alex Beckenham on July 06, 2011, 03:50:47 PM
Hmm, there was an error causing it to use the same combo on certain occasions after a win.

Thanks Dan, I've sent you 1 btc 3 btc, that was very helpful.

Edit: Okay it's all fixed and back online, btcriches.com and bitcoinbalance.com.

Jeez that was an expensive coding error on my part.

Glad the site wasn't exactly 'hacked' though.

I just paid a heavy typo-tax.


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: Alex Beckenham on July 06, 2011, 04:19:53 PM
Oh, I think I might be able to see how this worked...
Are you outputting something along the lines of md5sum("Left-Left-Right")?
If so, it's a simple dictionary attack... the gambler computes the 15 possible different MD5sums in advance and then compares them to what displays.

(Accidentally edited away my previous answer to this)

It's not just left-left-right, but it also had a whole heap of random characters after that, and then hashes that total string.

Also, there are only 8 possible combos, not 15.


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: SmokeAndMirrors on July 06, 2011, 11:32:30 PM
Oh, I think I might be able to see how this worked...
Are you outputting something along the lines of md5sum("Left-Left-Right")?
If so, it's a simple dictionary attack... the gambler computes the 15 possible different MD5sums in advance and then compares them to what displays.
It's not just left-left-right, but it also had a whole heap of random characters after that, and then hashes that total string.


This was the first thing I looked into.


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: tysat on July 06, 2011, 11:59:44 PM
If I'm doing my math right.... according to http://en.wikipedia.org/wiki/House_advantage#House_advantage it's 12.5% house advantage.  Seems to be a little high.


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: tito13kfm on July 07, 2011, 01:00:43 AM
I'm not able to bet.  I deposited 1BTC to 1FUYFiPw9zDJZ3iiawrPfehmmBtfSJMNYD, it shows up in my balance, but I put .1 in the box, put in my guess, and click Open and it just refreshes the page.  Never attempts to open the safe, and never shows an outcome.

Edit: I just put in to withdrawal my 1BTC back out until the bugs are ironed out.


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: Alex Beckenham on July 07, 2011, 02:27:46 AM
I'm not able to bet.  I deposited 1BTC to 1FUYFiPw9zDJZ3iiawrPfehmmBtfSJMNYD, it shows up in my balance, but I put .1 in the box, put in my guess, and click Open and it just refreshes the page.  Never attempts to open the safe, and never shows an outcome.

Edit: I just put in to withdrawal my 1BTC back out until the bugs are ironed out.

I just tried exactly that and it worked. Can you tell me what browser you're using, and what time you attempted it?
Thank you.


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: tito13kfm on July 07, 2011, 02:40:01 AM
I'm not able to bet.  I deposited 1BTC to 1FUYFiPw9zDJZ3iiawrPfehmmBtfSJMNYD, it shows up in my balance, but I put .1 in the box, put in my guess, and click Open and it just refreshes the page.  Never attempts to open the safe, and never shows an outcome.

Edit: I just put in to withdrawal my 1BTC back out until the bugs are ironed out.

I just tried exactly that and it worked. Can you tell me what browser you're using, and what time you attempted it?
Thank you.


I tried with both Firefox 5.0 and ie9
Time was a minute or two before my last post.


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: Alex Beckenham on July 07, 2011, 02:57:16 AM
I'm not able to bet.  I deposited 1BTC to 1FUYFiPw9zDJZ3iiawrPfehmmBtfSJMNYD, it shows up in my balance, but I put .1 in the box, put in my guess, and click Open and it just refreshes the page.  Never attempts to open the safe, and never shows an outcome.

Edit: I just put in to withdrawal my 1BTC back out until the bugs are ironed out.

I just tried exactly that and it worked. Can you tell me what browser you're using, and what time you attempted it?
Thank you.


I tried with both Firefox 5.0 and ie9
Time was a minute or two before my last post.

Thanks, I can confirm it's not working in FF5 for me either, only Chrome for some reason.



Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: Alex Beckenham on July 07, 2011, 03:02:44 AM
Okay, found it.

It seems FF doesn't send the value of an image input, whereas Chrome does:

Code:
<input type="image" name="open" value="1"

$_POST['open'] is 1 in Chrome and NULL in Firefox.

Fixed it now by using another hidden var.


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: TheBitMan on July 11, 2011, 03:39:28 PM
Okay, found it.

It seems FF doesn't send the value of an image input, whereas Chrome does:

Code:
<input type="image" name="open" value="1"

$_POST['open'] is 1 in Chrome and NULL in Firefox.

Fixed it now by using another hidden var.

Are you the owner of bitcoinbalance.com?? I need to ask you something.


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: Alex Beckenham on July 11, 2011, 03:58:40 PM
Okay, found it.

It seems FF doesn't send the value of an image input, whereas Chrome does:

Code:
<input type="image" name="open" value="1"

$_POST['open'] is 1 in Chrome and NULL in Firefox.

Fixed it now by using another hidden var.

Are you the owner of bitcoinbalance.com?? I need to ask you something.

Yep, how can I help?


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: TheBitMan on July 11, 2011, 04:01:07 PM
Okay, found it.

It seems FF doesn't send the value of an image input, whereas Chrome does:

Code:
<input type="image" name="open" value="1"

$_POST['open'] is 1 in Chrome and NULL in Firefox.

Fixed it now by using another hidden var.

Are you the owner of bitcoinbalance.com?? I need to ask you something.

Yep, how can I help?
I am working on a site that you pick a number from 1-3 and if you win you win back double your bet. I wanted to know if I could use your site for people to deposit and withdraw


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: Alex Beckenham on July 11, 2011, 04:07:01 PM
Okay, found it.

It seems FF doesn't send the value of an image input, whereas Chrome does:

Code:
<input type="image" name="open" value="1"

$_POST['open'] is 1 in Chrome and NULL in Firefox.

Fixed it now by using another hidden var.

Are you the owner of bitcoinbalance.com?? I need to ask you something.

Yep, how can I help?
I am working on a site that you pick a number from 1-3 and if you win you win back double your bet. I wanted to know if I could use your site for people to deposit and withdraw

Thanks for the interest... I haven't completed the code yet to allow 3rd-party sites as that will be a bit more complex, security-wise.

The reason I'm able to connect my sites easily at present is because they all directly hook in to the same database and are hosted on the same server.

What other options are you considering for registration/payments? (using mybitcoin or running bitcoind yourself?)


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: TheBitMan on July 11, 2011, 04:13:30 PM
Okay, found it.

It seems FF doesn't send the value of an image input, whereas Chrome does:

Code:
<input type="image" name="open" value="1"

$_POST['open'] is 1 in Chrome and NULL in Firefox.

Fixed it now by using another hidden var.

Are you the owner of bitcoinbalance.com?? I need to ask you something.

Yep, how can I help?
I am working on a site that you pick a number from 1-3 and if you win you win back double your bet. I wanted to know if I could use your site for people to deposit and withdraw

Thanks for the interest... I haven't completed the code yet to allow 3rd-party sites as that will be a bit more complex, security-wise.

The reason I'm able to connect my sites easily at present is because they all directly hook in to the same database and are hosted on the same server.

What other options are you considering for registration/payments? (using mybitcoin or running bitcoind yourself?)

Well I don't know much about coding..I'm having someone help me I think he mentioned Bitcoind


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: TYDIRocks on July 16, 2011, 05:28:42 AM
I want to play but why do we need to use that service?


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: Alex Beckenham on July 16, 2011, 06:34:39 AM
I want to play but why do we need to use that service?

You have to deposit somehow, why not with bitcoin balance? It goes into exactly the same database.

Edit: Is it because you need to create a username/password? I will see what I need to do to make this optional so that people can play without making an account.


Title: Re: [Announce] BTC Riches - Win 7x your bet - MD5 Verification
Post by: TYDIRocks on July 16, 2011, 02:55:57 PM
Yeah I was thinking you could just use bitcoin itself.