edmundduke
Legendary
Offline
Activity: 1624
Merit: 1007
|
|
June 02, 2015, 05:32:24 PM |
|
Well since I've been busy today busting provably fair nonsense, I figured I'd check out the new guys on the block.
Your "provably fair" system is a laughable JOKE. None of it makes any sense. Let's list the absolute absurdity:
1: The server seed you show after a bet does NOT hash out to the hash you say it is before you bet
2: In fact, the hash you say it IS isn't even a hash of anything. You're showing a 40 character hash. Which is sha-1. But you claim sha256. But then even when I try hashing it with sha1, it's not right. So it's all completely fabricated.
3: My client seed? I'm not allowed to use it. It's randomly turned into a not-SHA1 40 character hash that I cannot reproduce.
4: Your verification method for the coin dropping game makes no sense whatsoever. You're concat'ing the server and client seeds, but you're not even using my client seed.
5: Oh, let's look at the poker one, this one is the best. It deserves it's own subsection:
5a: It also uses the not-SHA1 hashing "algorithm". 5b: You show the "initial" deck but it's cut off with ellipses. So the entire initial deck is unknown. 5c: On one page you say the deck is shuffled via: seed the twister with ServerSeed.ClientSeed (see #4 above, also NOT using my client seed), and then FisherYates the mystery deck mentioned in 5b above. 5d: EVEN BETTER - On the verification page, the page mentioned in 5c references, the ENTIRE PROCESS is COMPLETELY different! You say the state of the initial deck is hashed via sha256 (but it's not, again, it's mystery-SHA1) and presented. And it uses a Server Seed as 'extra security'. 5d.1: You then claim it's twister'ed by the player seed. Again, the player seed that is not my player seed, mystery hashed. And is in direct contradiction to how you claim it's seeded in 5c. 5d.2: Now it's FisherYates shuffled, and the initial deck is: 5d.2 subsection A) NOT even REMOTELY close to what you claim it is in 5b above AND... 5d.2 subsection B) Shown what it is, even though just 2 steps above on the SAME page you claim (via inference, because it's protected by a hash) it's ALREADY been shuffled. 5e: And lastly, you claim after the game you reveal the deck, the initDeck, and the server seed, of which 2/3rds of that is a blatant lie!
I've never seen such a horribly poor setup before.
This is one of two things: A scammer who is too stupid to pull it off
or
An honest site admin who's head is screwed on so backwards he cannot even decide on which verification system he wants to use, NEITHER OF WHICH, by the way, ACTUALLY hash out to the results of the game! I played a few, and for the life of me, and believe me, I've become an expert in verification of betting sites after the 999dice bullshit, could not get a single hand to verify to EITHER of the two systems claimed.
My recommendation: Avoid it like the plague.
rollinbones: If he did zero out your balance, I'm firmly in the "scammer" camp and I'm sorry you got taken before I had a chance to post this and warn you and others away.
Future gambling site admins: Just stop. Please. Stop. You cannot claim provably fair, then not be. And for the love of all that is holy, make up your mind before you choose to rip people off!
Way to lay that hammer down! lol Ive seen you busting around in forum today. Good job!
|
|
|
|
rollinbones
Newbie
Offline
Activity: 12
Merit: 0
|
|
June 02, 2015, 05:33:35 PM |
|
@rollinbones i know you are zxvxzv which used design flaw of quincunx which provided server seed and player seed so you could predict result before bettting. If it was loosing bet, you changed client seed and checked again, if it was good bet you went through with it. You are impudent/insolent not sure which word is better here, to come here and claim we own you something. You didn't report this (then we would owe you bug bounty) and used it to your advantage, so we resetted your balance to 0. Thank you for security audit. You deposited nothing, you gained nothing. We salted Server seed now for quincunx, and will publish it after X days, similiar to luckybit. End of story "hacker". Hahahahahaha. hahaha ok you're funny! "If it was a loosing bet, you changed client seed and checked again, if it was good bet I went through with it" If it's a losing bet I HAVE to change the client seed anyway! You change it on me every roll! It's how your game works!!! I lost almost as many rolls as I won! How can that be 'changing it to win again'?! And 70% of my rolls I did wiuthout ever changing the seed at all you asshole. The times I did change it I lost just as many as I won! If you were honest you'd show more than 20 bets in the 'all bets' so people could see my loss after loss after loss, that you claim never happened! Liar and a theif. These are my last bets on the site. Every single one i changed the seed for. Yes, very clear that i just kept winning and winning. liar. theif. https://i.imgur.com/HK58fzw.png
|
|
|
|
Cruxer (OP)
Full Member
Offline
Activity: 184
Merit: 100
Bitcoin FTW!
|
|
June 02, 2015, 05:34:58 PM |
|
@keepinquiet please calm down, there is nothing to be nervous about We are not using SHA1 anywhere on site. We are using only SHA256. Quincunx We salted server seed of quincunx and will show it after X days to validate all previous bets. (hacker above used this to gain advantage, so its quick fix which could lead you to wrong assumptions) Same systems is used on luckybit. You can't validate quincunx currently, you will be able after couple days. Nothing to hide here. PokerAbout poker, initial deck is just wrapped to not exceed set amount of pixels. You can read it from left to right and again from left to right. Simple as that, if it causing trouble we will change initial deck to one full line. I've never seen such a horribly poor setup before. We know its not described good, but it works. You just need to ask first, we will tell you how and where. We agree that it need polishing to be understandable easier. Its 1-st day of website. So to sum this up, we will explain you how to verify games, it will be easier and faster on PM. We hope you will cooperate and corrent your harsh opinion. update: just put @rollinbones on ignore list, since there is nothing more to tell here, he abused our design flawed quincunx and we reacted to this. Couple users made withdraws with starting 100 satoshis, but they won it without hacking. @keepinquiet we are eager to contact you and explain our provably fair system, please respond to our PM
|
|
|
|
boopy265420
Legendary
Offline
Activity: 1876
Merit: 1005
|
|
June 02, 2015, 05:36:12 PM |
|
Over all looks good and another interesting site which is simple to use.There are many things to be fixed as I read above so I am just going to have an eye on this site as soon as have feed back from other respected members about deposit/withdraw and miner bugs.This site is very new so we need to indicate if we find something wrong or error.
|
|
|
|
keepinquiet
|
|
June 02, 2015, 05:39:18 PM |
|
4: Your verification method for the coin dropping game makes no sense whatsoever. You're concat'ing the server and client seeds, but you're not even using my client seed.
Which, by the way, IF it actually worked the way you say it does, everyone could figure out every roll before they make it, because as it is written, you're providing all of that information before the roll is even made. Luckily for you, you're the only one in possession of this mystery-SHA1, so you're safe. So even in your bullshit, you're failing. Please, scammers, can we try harder next time? Although I do admit, I get a bit of a righteous indignation when I find and bust this crap. So, in a way, go for it. I'll expose it.
|
|
|
|
trafficolaa
Legendary
Offline
Activity: 1008
Merit: 1000
|
|
June 02, 2015, 05:41:40 PM |
|
i just checked that newly launched gambling site i would like to play Quincunx with 5 different payout lines it is more similar to very famous unique site, as i think there is something wrong with the provably fair system and it need to get fixed if admin want to make succeed his business, at the moment i am unable to put bet there and that is out of order.
|
|
|
|
Cruxer (OP)
Full Member
Offline
Activity: 184
Merit: 100
Bitcoin FTW!
|
|
June 02, 2015, 05:44:51 PM |
|
Which, by the way, IF it actually worked the way you say it does, everyone could figure out every roll before they make it, because as it is written, you're providing all of that information before the roll is even made. L
Thank you for admiting the truth. As i wrote before, we made terrible design flaw which we fixed quicky by adding constant salt to server seed. Thats why you currently can't verify quincunx bet, because you don't know the salt, which we will reveal soon (its quick fix to this hacker above, we must add this informations to verification page) We are waiting to response on PM we send you, so we could explain how our provably system work so you can verify all your previous and current bets. update: added to quincunx verificaton page informations about serverSeed salt and that it will be revealed each Sunday
|
|
|
|
keepinquiet
|
|
June 02, 2015, 05:51:26 PM |
|
@keepinquiet please calm down, there is nothing to be nervous about
We are not using SHA1 anywhere on site. We are using only SHA256.
BULLSHITSha256 does not result in a 40 character hash. But please, tell me I'm wrong. Obviously. Quincunx We salted server seed of quincunx and will show it after X days to validate all previous bets. (hacker above used this to gain advantage, so its quick fix which could lead you to wrong assumptions) Same systems is used on luckybit. You can't validate quincunx currently, you will be able after couple days. Nothing to hide here.
HAHAHAHAHHAHAHAHAHAHHAHAHAHAHHAHAHAHA. Oh. My. God. Please, pick me up off the floor. "We are provably fair. Trust us. You can validate it "in a few days". In the meantime, bet all you want, you can trust us. Oh, and by the way, ignore all the contradictory 'this is how you verify' on the website, because in a forum thread we posted the real method. Which, you know, you can use in "a few days"". Poker About poker, initial deck is just wrapped to not exceed set amount of pixels. You can read it from left to right and again from left to right. Simple as that, if it causing trouble we will change initial deck to one full line.
Oh, ok, left to right. Got it. You know, because 'left to right and right to left' clears it all up and it's absolutely verifiable. Again, nevermind that pesky contradicting information which I VERY CLEARLY pointed out and you VERY OBVIOUSLY decided to not address. And of course, it's all verified with 40 character SHA256 hashes. I dont know why I havent been using them myself, they save so much space. I've never seen such a horribly poor setup before. We know its not described good, but it works. You just need to ask first, we will tell you how and where. We agree that it need polishing to be understandable easier. Its 1-st day of website. So to sum this up, we will explain you how to verify games, it will be easier and faster on PM. We hope you will cooperate and corrent your harsh opinion. update: just put @rollinbones on ignore list, since there is nothing more to tell here, he abused our design flawed quincunx and we reacted to this. Couple users made withdraws with starting 100 satoshis, but they won it without hacking. @keepinquiet we are eager to contact you and explain our provably fair system, please respond to our PM A) It does NOT work B) NO ONE should have to ask on an unrelated forum. C) You do not fix GLARING problems with the CORE of your system "later" after you launch and people lose money. and D) I will under no circumstances have a private discussion with you. You are either moronic scammers trying to talk your way out of it, or vastly underqualified amateur site operators who are going to lose a LOT of people's money. I am completely unsurprised by your ignoring of rollingbones. You make a claim there was a hack, which, if it would by some MIRACLE work like you said (because, again, your hashes are not hashes and could not possibly ever actually validate), you'd have no proof whatsoever, other than "oh shit we're losing money!" that anyone used it against you. Based on the screenshot above, yes, it's quite clear that he was abusing the shit out of it. Very obviously changing the seed so that he never lost and just kept winning. I'm still leaning on scammer bullshit. No legitimate site operator would need or want to discuss something this important over PMs and leave everyone else reading this to wonder. No, sorry, I won't be entertaining those PMs. Rollingbones, send me a PM. I'd like to know exactly what happened.
|
|
|
|
keepinquiet
|
|
June 02, 2015, 05:53:36 PM |
|
Which, by the way, IF it actually worked the way you say it does, everyone could figure out every roll before they make it, because as it is written, you're providing all of that information before the roll is even made. L
Thank you for admiting the truth. As i wrote before, we made terrible design flaw which we fixed quicky by adding constant salt to server seed. Thats why you currently can't verify quincunx bet, because you don't know the salt, which we will reveal soon (its quick fix to this hacker above, we must add this informations to verification page) OMFG! You quote me where it "agrees" with you, but cut off the part where I say it'd actually be impossible because your hashes don't actually hash out and I've yet to make ANY bet actually verify on your site?? And way to go with the excuse why I cannot verify. Let me guess, you'll let us know "in a few days"? News flash, jackass, I was unable to verify a bet hours ago when I started looking into your crap. In part because YOU ARE USING IMAGINARY HASHES. It's a 40 character "sha1" but the numbers don't hash out with sha1! Even with the BS with 999dice I was not this completely blown away with the smell of bullcrap. I'm done. I'm not reading this thread any longer. Anyone who bets at your site deserves to lose every satoshi. If they can't see though the bullshit, they don't deserve the bitcoin. Edit: I just noticed as I was scrolling up to PM rollingbones... you're revealing the salt each SUNDAY?! Hey, everyone, go bet at this site, it's probably not a scam, and you'll be able to validate all of that in only 5 days! Jesus fucking christ. I'm out.
|
|
|
|
Cruxer (OP)
Full Member
Offline
Activity: 184
Merit: 100
Bitcoin FTW!
|
|
June 02, 2015, 05:59:22 PM Last edit: June 02, 2015, 07:19:08 PM by Cruxer |
|
Im suspecting you don't want to explain anything here, since you don't respond to our PM. Sha256 does not result in a 40 character hash. Of course not, read carefully Quincunx verification page: hash = substr(sha256(playerSeed.serverSeed),0,40); "We are provably fair. Trust us. You can validate it "in a few days". In the meantime, bet all you want, you can trust us. Oh, and by the way, ignore all the contradictory 'this is how you verify' on the website, because in a forum thread we posted the real method. Which, you know, you can use in "a few days"". You laugh same way on luckyb.it? They are doing same thing. Revealing salt after X period of time. C) You do not fix GLARING problems with the CORE of your system "later" after you launch and people lose money. Noone deposited even 1 satoshi OMFG! You quote me where it "agrees" with you, but cut off the part where I say it'd actually be impossible because your hashes don't actually hash out You are making contradiction to yourself, if it would hash we made design flaw. It was like this until my post BEFORE yours stating that we discover crictical security flaw which fix included salting server seed, no wonder it won't hash anymore if you don't know server seed. I will under no circumstances have a private discussion with you. You are either moronic scammers trying to talk your way out of it, or vastly underqualified amateur site operators who are going to lose a LOT of people's money. Well im questioning your intentions here then, you don't want detailed explaination how to verify hand? So you will not listen to us and keep bad PR coming. Not cool. update: We are reworking our provably fair system to be easy to understand. We admit we didn't put enough effort to make it as good and easy as it should be.
|
|
|
|
sherbyspark
|
|
June 02, 2015, 09:56:30 PM |
|
Looks like a nice site and nice to see another site offering Plinko. However the current version doesn't let me drop more than 2 coins in subsequent clicks. Would be nice to have it fast . Will test the provably fair and other parts of the site tonight.
|
|
|
|
gamblebitcoin
Newbie
Offline
Activity: 10
Merit: 0
|
|
June 02, 2015, 10:04:36 PM |
|
Looks like a nice site and nice to see another site offering Plinko. However the current version doesn't let me drop more than 2 coins in subsequent clicks. Would be nice to have it fast . Will test the provably fair and other parts of the site tonight.
It allows me to drop 10 plinkos at a time. But yeah it appears to be slow. I see lot of bugs on site right now.
|
|
|
|
sherbyspark
|
|
June 02, 2015, 10:05:59 PM |
|
For some reason I also couldn't bet after I got a straight in Video poker. It just froze and didn't allow me to bet or do anything on the page. Then it just went down on refresh(which possibly could be something you guys are working on) . Looks like a nice site and nice to see another site offering Plinko. However the current version doesn't let me drop more than 2 coins in subsequent clicks. Would be nice to have it fast . Will test the provably fair and other parts of the site tonight.
It allows me to drop 10 plinkos at a time. But yeah it appears to be slow. I see lot of bugs on site right now. Yeah just realized that. For some reason didn't allow more than 2 for me . But now can drop 10 in a row .
|
|
|
|
Cruxer (OP)
Full Member
Offline
Activity: 184
Merit: 100
Bitcoin FTW!
|
|
June 03, 2015, 12:53:53 AM |
|
We are searching independent and willing person to verify our reworked Quincunx provably fair system. PM me for details, thanks But yeah it appears to be slow We are aware of the quincunx speed issue in some cases and will address it asap. It just froze and didn't allow me to bet or do anything on the page. It could relate to our reworks, but could also be "unresponsive bet button syndrome". We are working on it also. First priority is to finish rework of provably fair system now.
|
|
|
|
jeannemadrigal2
|
|
June 03, 2015, 01:16:10 AM |
|
This looks like a cool site, I will keep an eye to see if the bugs are fixed and the provably fair is fixed. If so I might give it a try. I like your free satoshi so I can try it for free. I hope no one abuses this and forces you to take it off of the site.
|
|
|
|
adaseb
Legendary
Offline
Activity: 3864
Merit: 1732
Up to 300% + 200 FS deposit bonuses
|
|
June 03, 2015, 01:38:31 AM |
|
Its actually pretty cool. Had fun playing it for a while. However there are a few bugs right now. But its nice to see a site that's not another dice site.
|
|
|
|
grendel25
Legendary
Offline
Activity: 2296
Merit: 1031
|
|
June 03, 2015, 02:25:48 AM |
|
Its actually pretty cool. Had fun playing it for a while. However there are a few bugs right now. But its nice to see a site that's not another dice site.
I agree. It's always good to get a fresh view in this realm of gaming, entertainment, math, security, and... oh yeah, gambling! The more the merrier, in my opinion. Dice clones just gets old after a while I guess. It's good to have a variety of game that appeal to different genres and age groups.
|
|
|
|
Nocturne
|
|
June 03, 2015, 03:25:03 AM |
|
how would we verify its a fair system?
is it based on a secret seed we can see later?
|
|
|
|
Cruxer (OP)
Full Member
Offline
Activity: 184
Merit: 100
Bitcoin FTW!
|
|
June 03, 2015, 08:03:41 AM Last edit: June 03, 2015, 08:17:56 AM by Cruxer |
|
how would we verify its a fair system? is it based on a secret seed we can see later?
So in Quincunx you will know secret key of all today bets after midnight (server time). You can browse all Quincunx bets currently by (while on page), putting in address bar this: javascript:betinfo(1227020, 1) This number 1227020 is bet number, which you can modify. Our reworked provably fair system starts from this ID and you can verify after midnight of given day all bets from that day. I agree. It's always good to get a fresh view in this realm of gaming Thank you, we worked really hard for months on this so great to hear some positive feedback I like your free satoshi so I can try it for free. I hope no one abuses this and forces you to take it off of the site. One person is withdrawing 3rd time now from free 100 satoshi. One withdraw is 0.012 BTC. So we will not take it off site, but add captcha and minimum wait time of 1 minute for example to refill FREE BTC
|
|
|
|
NLNico
Legendary
Offline
Activity: 1876
Merit: 1295
DiceSites.com owner
|
|
June 03, 2015, 08:18:14 AM |
|
"We are provably fair. Trust us. You can validate it "in a few days". In the meantime, bet all you want, you can trust us. Oh, and by the way, ignore all the contradictory 'this is how you verify' on the website, because in a forum thread we posted the real method. Which, you know, you can use in "a few days"". You laugh same way on luckyb.it? They are doing same thing. Revealing salt after X period of time. A daily secret should be only used in blockchain games - because they cannot have user-specific serverseeds (most don't require any account.) Luckyb.it is a blockchain game. Your site is not a blockchain game. Therefor it should be very easy to just let players reset/reveal the serverseed on their convenience - and not let them wait. I didn't look much into your provably fair method yet, but basically you should use the "serverseed, clientseed, nonce" method used by all popular dice sites since this is considered the technically most solid implementation and is most easy for the user to verify their results. edit: had a quick look at Quincunx thing and couldn't change client seed + was serverside made. So yeh this site is not provably fair AT ALL and the site can generate all results of a player. So definitely agree with "keepinquiet" and people shouldn't be playing here at least until the provably fair implementation is fixed. I see you are working on it, so GL.
|
|
|
|
|