Bitcoin Forum
December 03, 2016, 11:50:09 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: [Announce] BTC Riches - Win 7x your bet - MD5 Verification  (Read 2862 times)
Alex Beckenham
Full Member
***
Offline Offline

Activity: 154


View Profile
July 05, 2011, 02:00:29 PM
 #1

Hi everyone,

I've finally got a new game online... please check it out.



Basically, you try to guess the combination to the safe and if you open it, you win 7 times your bet (Min/Max bet is 0.01/1.00 BTC).

Each game is 100% verifiable (The combination to the safe is chosen before you play, and an MD5 displayed).

Thanks,
Alex

1480765809
Hero Member
*
Offline Offline

Posts: 1480765809

View Profile Personal Message (Offline)

Ignore
1480765809
Reply with quote  #2

1480765809
Report to moderator
1480765809
Hero Member
*
Offline Offline

Posts: 1480765809

View Profile Personal Message (Offline)

Ignore
1480765809
Reply with quote  #2

1480765809
Report to moderator
1480765809
Hero Member
*
Offline Offline

Posts: 1480765809

View Profile Personal Message (Offline)

Ignore
1480765809
Reply with quote  #2

1480765809
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480765809
Hero Member
*
Offline Offline

Posts: 1480765809

View Profile Personal Message (Offline)

Ignore
1480765809
Reply with quote  #2

1480765809
Report to moderator
1480765809
Hero Member
*
Offline Offline

Posts: 1480765809

View Profile Personal Message (Offline)

Ignore
1480765809
Reply with quote  #2

1480765809
Report to moderator
1480765809
Hero Member
*
Offline Offline

Posts: 1480765809

View Profile Personal Message (Offline)

Ignore
1480765809
Reply with quote  #2

1480765809
Report to moderator
Alex Beckenham
Full Member
***
Offline Offline

Activity: 154


View Profile
July 06, 2011, 12:29:55 AM
 #2

Sorry, I just realised this should be in the Gambling sub-forum...

Alex Beckenham
Full Member
***
Offline Offline

Activity: 154


View Profile
July 06, 2011, 01:36:10 AM
 #3

So then move it there.

I didn't know I could. I thought only mods could do that.

Edit: Wow, learned something new, thanks.

Hyperwyrm
Newbie
*
Offline Offline

Activity: 11

Japanese translator


View Profile WWW
July 06, 2011, 04:01:28 AM
 #4

"Nothing to withdraw" but I have 0.07BTC balance and 13 confirmations on the deposit?
(Yeah I didn't bet much Grin)
Alex Beckenham
Full Member
***
Offline Offline

Activity: 154


View Profile
July 06, 2011, 06:37:54 AM
 #5

"Nothing to withdraw" but I have 0.07BTC balance and 13 confirmations on the deposit?
(Yeah I didn't bet much Grin)

Sorry, just a redirect bug, it should be taking you to Bitcoin Balance.

I see your balance of 0.07... You can withdraw if you log in directly to: http://bitcoinbalance.com


Alex Beckenham
Full Member
***
Offline Offline

Activity: 154


View Profile
July 06, 2011, 03:20:44 PM
 #6

Someone just won THREE times in a row with exactly the same guess:

bet 0.97 on Left-Left-Left, won 6.79 btc
bet 1.00 on Left-Left-Left, won 7.00 btc
bet 1.00 on Left-Left-Left, won 7.00 btc

Looks pretty suspicious, so withdrawals are disabled until I figure out how this was hacked or if it just was an extremely lucky run.

(Player withdrew 11.78 so far, with 7.01 still in the site balance)


Alex Beckenham
Full Member
***
Offline Offline

Activity: 154


View Profile
July 06, 2011, 03:37:12 PM
 #7

I'm a retard, I forgot to switch to random.org after testing:

Code:
//get a random number for next game:
/*$ch = curl_init('http://www.random.org/integers/?num=1&min=1&max=8&col=1&base=10&format=plain&rnd=new');
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$randnum = trim(curl_exec($ch));*/

$randnum=rand(1,8);  //temp

But that still doesn't explain to me how they could know rand() was going to return three 1's in a row.

dan_a
Jr. Member
*
Offline Offline

Activity: 48


View Profile
July 06, 2011, 03:41:43 PM
 #8

I'm a retard, I forgot to switch to random.org after testing:

Code:
//get a random number for next game:
/*$ch = curl_init('http://www.random.org/integers/?num=1&min=1&max=8&col=1&base=10&format=plain&rnd=new');
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$randnum = trim(curl_exec($ch));*/

$randnum=rand(1,8);  //temp

But that still doesn't explain to me how they could know rand() was going to return three 1's in a row.

I might be being dumb here (I'm not logged on and don't have anything deposited,) but the MD5 on the page doesn't change when you refresh the page.  That suggests that the same combination is coming up every time.
Alex Beckenham
Full Member
***
Offline Offline

Activity: 154


View Profile
July 06, 2011, 03:44:54 PM
 #9

I'm a retard, I forgot to switch to random.org after testing:

Code:
//get a random number for next game:
/*$ch = curl_init('http://www.random.org/integers/?num=1&min=1&max=8&col=1&base=10&format=plain&rnd=new');
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$randnum = trim(curl_exec($ch));*/

$randnum=rand(1,8);  //temp

But that still doesn't explain to me how they could know rand() was going to return three 1's in a row.

I might be being dumb here (I'm not logged on and don't have anything deposited,) but the MD5 on the page doesn't change when you refresh the page.  That suggests that the same combination is coming up every time.

That's only if you don't play... as soon as you play a game, it changes.

(Well, it's supposed to... that's something worth checking - thanks)

dan_a
Jr. Member
*
Offline Offline

Activity: 48


View Profile
July 06, 2011, 03:49:29 PM
 #10

Oh, I think I might be able to see how this worked...
Are you outputting something along the lines of md5sum("Left-Left-Right")?
If so, it's a simple dictionary attack... the gambler computes the 15 possible different MD5sums in advance and then compares them to what displays.
Alex Beckenham
Full Member
***
Offline Offline

Activity: 154


View Profile
July 06, 2011, 03:50:47 PM
 #11

Hmm, there was an error causing it to use the same combo on certain occasions after a win.

Thanks Dan, I've sent you 1 btc 3 btc, that was very helpful.

Edit: Okay it's all fixed and back online, btcriches.com and bitcoinbalance.com.

Jeez that was an expensive coding error on my part.

Glad the site wasn't exactly 'hacked' though.

I just paid a heavy typo-tax.

Alex Beckenham
Full Member
***
Offline Offline

Activity: 154


View Profile
July 06, 2011, 04:19:53 PM
 #12

Oh, I think I might be able to see how this worked...
Are you outputting something along the lines of md5sum("Left-Left-Right")?
If so, it's a simple dictionary attack... the gambler computes the 15 possible different MD5sums in advance and then compares them to what displays.

(Accidentally edited away my previous answer to this)

It's not just left-left-right, but it also had a whole heap of random characters after that, and then hashes that total string.

Also, there are only 8 possible combos, not 15.

SmokeAndMirrors
Full Member
***
Offline Offline

Activity: 168


View Profile
July 06, 2011, 11:32:30 PM
 #13

Oh, I think I might be able to see how this worked...
Are you outputting something along the lines of md5sum("Left-Left-Right")?
If so, it's a simple dictionary attack... the gambler computes the 15 possible different MD5sums in advance and then compares them to what displays.
It's not just left-left-right, but it also had a whole heap of random characters after that, and then hashes that total string.


This was the first thing I looked into.

Help Bitcoins by buying clothes, technology, books, etc. through people/stores that accept BTC. This will increase overall value of BTC as well as mitigate unnecessary bank transaction fees.

My address -
1EM9HGg1SEa5Bux1rVEPxGqGSfNTTc9EkC
tysat
Legendary
*
Offline Offline

Activity: 952


Keep it real


View Profile
July 06, 2011, 11:59:44 PM
 #14

If I'm doing my math right.... according to http://en.wikipedia.org/wiki/House_advantage#House_advantage it's 12.5% house advantage.  Seems to be a little high.
tito13kfm
Jr. Member
*
Offline Offline

Activity: 42



View Profile
July 07, 2011, 01:00:43 AM
 #15

I'm not able to bet.  I deposited 1BTC to 1FUYFiPw9zDJZ3iiawrPfehmmBtfSJMNYD, it shows up in my balance, but I put .1 in the box, put in my guess, and click Open and it just refreshes the page.  Never attempts to open the safe, and never shows an outcome.

Edit: I just put in to withdrawal my 1BTC back out until the bugs are ironed out.

Alex Beckenham
Full Member
***
Offline Offline

Activity: 154


View Profile
July 07, 2011, 02:27:46 AM
 #16

I'm not able to bet.  I deposited 1BTC to 1FUYFiPw9zDJZ3iiawrPfehmmBtfSJMNYD, it shows up in my balance, but I put .1 in the box, put in my guess, and click Open and it just refreshes the page.  Never attempts to open the safe, and never shows an outcome.

Edit: I just put in to withdrawal my 1BTC back out until the bugs are ironed out.

I just tried exactly that and it worked. Can you tell me what browser you're using, and what time you attempted it?
Thank you.

tito13kfm
Jr. Member
*
Offline Offline

Activity: 42



View Profile
July 07, 2011, 02:40:01 AM
 #17

I'm not able to bet.  I deposited 1BTC to 1FUYFiPw9zDJZ3iiawrPfehmmBtfSJMNYD, it shows up in my balance, but I put .1 in the box, put in my guess, and click Open and it just refreshes the page.  Never attempts to open the safe, and never shows an outcome.

Edit: I just put in to withdrawal my 1BTC back out until the bugs are ironed out.

I just tried exactly that and it worked. Can you tell me what browser you're using, and what time you attempted it?
Thank you.


I tried with both Firefox 5.0 and ie9
Time was a minute or two before my last post.

Alex Beckenham
Full Member
***
Offline Offline

Activity: 154


View Profile
July 07, 2011, 02:57:16 AM
 #18

I'm not able to bet.  I deposited 1BTC to 1FUYFiPw9zDJZ3iiawrPfehmmBtfSJMNYD, it shows up in my balance, but I put .1 in the box, put in my guess, and click Open and it just refreshes the page.  Never attempts to open the safe, and never shows an outcome.

Edit: I just put in to withdrawal my 1BTC back out until the bugs are ironed out.

I just tried exactly that and it worked. Can you tell me what browser you're using, and what time you attempted it?
Thank you.


I tried with both Firefox 5.0 and ie9
Time was a minute or two before my last post.

Thanks, I can confirm it's not working in FF5 for me either, only Chrome for some reason.


Alex Beckenham
Full Member
***
Offline Offline

Activity: 154


View Profile
July 07, 2011, 03:02:44 AM
 #19

Okay, found it.

It seems FF doesn't send the value of an image input, whereas Chrome does:

Code:
<input type="image" name="open" value="1"

$_POST['open'] is 1 in Chrome and NULL in Firefox.

Fixed it now by using another hidden var.

TheBitMan
Sr. Member
****
Offline Offline

Activity: 280



View Profile
July 11, 2011, 03:39:28 PM
 #20

Okay, found it.

It seems FF doesn't send the value of an image input, whereas Chrome does:

Code:
<input type="image" name="open" value="1"

$_POST['open'] is 1 in Chrome and NULL in Firefox.

Fixed it now by using another hidden var.

Are you the owner of bitcoinbalance.com?? I need to ask you something.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!