Bitcoin Forum
November 14, 2024, 12:10:45 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [21] 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 ... 161 »
  Print  
Author Topic: bustabit.com -- The Social Gambling Game  (Read 293943 times)
ButtterBet
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
October 13, 2014, 01:40:13 AM
 #401

I thought you were referring to all the other dice sites where you have played on. This one, you don't need to verify the "rolls" but you can verify that the game is fair. You have the choice to pick what point to cash out. That is completely up to you and the site can not change that. It is already telling you when it will crash, but only reveals this after the game, which can not be changed.

Thus it is fair. So, do you have a problem with the way it is implemented? Or do you not understand how to play?


yes this is the mp thread! ~ short answer: you don't know how to verify the game hash?  :\ meh

https://www.moneypot.com/faq#fair

It's all there bud.





site down? :\


=============================================================================

Is the game fair?

Absolutely! And we can prove it: Before each game starts and before any player joins we send a hash of what the result will be. The hash we display is calculated as: sha256(gameCrashAmount + '|' + seed)

And after a game ends, you can look up the gameCrashAmount and the seed and compute the sha256(gameCrashAmount + '|' + seed) to verify that we never changed the gameCrashAmount.

Note: The gameCrashAmount is an integer that represents when the game crashes as a percentage. E.g. this Game crashed at 16.31x with a a seed of e4e93da14e26c6d9a1e22f6d0e63c52d. So, to prove we didn't cheat, the hash you would have seen on your client is 25957aaf0a91ed9faaa0b4622f890a98eba174d40513cb0344ffc01a4bb55fce which we computed via: sha256('1631|e4e93da14e26c6d9a1e22f6d0e63c52d')


-------------------------------------------------------


so you add gamecrashamount + '|' + seed? <-------- so you add first with a calculator? ..what does '|' represent?

*...sorry noob here ! :\

step by step ~ first what sha-256 calculator do you recommend?

I recommend

http://www.convertstring.com/en/Hash/SHA256

Simple and easy to use ^


CURRENTLY GIVING AWAY 3 MALWAREBYTE PREMIUM KEYS EVERYDAY!
CHECK IT OUT AT:
https://bitcointalk.org/index.php?topic=834045.0
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
October 13, 2014, 01:43:33 AM
 #402

Try this one:
http://www.xorbin.com/tools/sha256-hash-calculator

You concatenate the strings, meaning you combine them into one. Exactly as it is shown there.

Paste this into the box in the sha256 hash calculator

1631|e4e93da14e26c6d9a1e22f6d0e63c52d

And your result should be

25957aaf0a91ed9faaa0b4622f890a98eba174d40513cb0344ffc01a4bb55fce

Don't worry, we were all noobs at one point. But that you admit you are a noob and then accuse several game sites about their provably fair implementation does not look good for you.

I hope that some day you will understand.

You can also try any other SHA256 calculator. You will get the same result.

BBmmBB
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
October 13, 2014, 01:49:39 AM
 #403

Try this one:
http://www.xorbin.com/tools/sha256-hash-calculator

You concatenate the strings, meaning you combine them into one. Exactly as it is shown there.

Paste this into the box in the sha256 hash calculator

1631|e4e93da14e26c6d9a1e22f6d0e63c52d

And your result should be

25957aaf0a91ed9faaa0b4622f890a98eba174d40513cb0344ffc01a4bb55fce

Don't worry, we were all noobs at one point. But that you admit you are a noob and then accuse several game sites about their provably fair implementation does not look good for you.

I hope that some day you will understand.

You can also try any other SHA256 calculator. You will get the same result.


ok gotcha ...so in this example where do you check to see what the hash was? >>> https://www.moneypot.com/game/163325


my result is : 001|cc12bb29153bf2648da4f2cbf6d021f9 =

022a5bebd783301e11caae02ec4ac783af0a42fa3269e69d4b4522ce87b47361


^is this correct? tia
BBmmBB
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
October 13, 2014, 02:06:27 AM
 #404

looks like the site is offline ? i can't log into the main site anymore ~

CHECK THIS OUT >> looks like there is another moneypot that predates this one ! >> http://www.whois.com/whois/moneypot.in

 Roll Eyes
PrimedicePlayersUnion
Member
**
Offline Offline

Activity: 70
Merit: 10

★Bitin.io★ - Instant Exchange


View Profile
October 13, 2014, 02:16:29 AM
 #405

1.75x   -   -   -
1.28x   -   -   -
1.06x   -   -   -
1.60x   -   -   -
1.36x   -   7,737   -7,737 (+0.11)
1.03x   -   1,137   -1,137 (+11.37)
1.06x   -   1,137   -1,137 (+11.33)
1.52x   -   1,137   -1,137
1.65x   -   37   -37
1.08x   -   3,337   -3,337
losses all round





^^REALLY? --I'M CALLING SCAM  Roll Eyes
instead of calling sites scam, go and learn how to play cricket

espringe (OP)
Full Member
***
Offline Offline

Activity: 154
Merit: 101


View Profile
October 13, 2014, 02:23:36 AM
 #406

ok gotcha ...so in this example where do you check to see what the hash was? >>> https://www.moneypot.com/game/163325

The game crashes of the old game (back 2 months ago) were a bit different, and don't make too much sense in the current context. (i.e. that game didn't really crash at 0.01x).  I tried to backport the old scheme to the way moneypot works now -- but I forgot in the database that I stored 2.43 as a 243 -- and my script fucked it up. I'll pull the historic game crash data from a backup and restore them when I get a chance. It's just for historical interest though. =)

The best way to verify is *first* copy the hash from before a game starts. Then watch the game, and see where it ends. Then click in the history to go to the game details, and copy the seed. Now compute the sha1(gameCrash + '|' + seed) and you can verify it matches the original hash.

It's very tedious to do by hand, but there is at least two money pot bots playing money -- and one of them is verifying hashes -- the other i'm not so sure, but i wouldn't be surprised if it did so too.
BBmmBB
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
October 13, 2014, 02:35:04 AM
 #407

ok gotcha ...so in this example where do you check to see what the hash was? >>> https://www.moneypot.com/game/163325
...

The best way to verify is *first* copy the hash from before a game starts. Then watch the game, and see where it ends. Then click in the history to go to the game details, and copy the seed. Now compute the sha1(gameCrash + '|' + seed) and you can verify it matches the original hash.

It's very tedious t...



so you purposefully make it impossible to check? ,,you have lost me!  Roll Eyes so there is no record of actual hashes?
BBmmBB
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
October 13, 2014, 02:38:42 AM
 #408

unlock my ip address Eric ... or is this "leets only" type site?  Roll Eyes
espringe (OP)
Full Member
***
Offline Offline

Activity: 154
Merit: 101


View Profile
October 13, 2014, 03:33:15 AM
 #409

so you purposefully make it impossible to check? ,,you have lost me!  Roll Eyes so there is no record of actual hashes?

There is no record of hashes, this is by design. If you don't understand why, you likely don't understand how the provably predetermined thing works =)
BBmmBB
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
October 13, 2014, 03:34:31 AM
 #410

so you purposefully make it impossible to check? ,,you have lost me!  Roll Eyes so there is no record of actual hashes?

There is no record of hashes, this is by design. If you don't understand why, you likely don't understand how the provably predetermined thing works =)


then they cannot be checked! ? yes thats why i'm asking ! what is this ?  Roll Eyes  

~sounds dodgy+ i can't even log into the main site now!  

WHAT GIVES BRO?


>>>DOES SOMEONE NEED TO CREATE A SEPARATE BOT/SITE TO RECORD THE HASHES? WTF
espringe (OP)
Full Member
***
Offline Offline

Activity: 154
Merit: 101


View Profile
October 13, 2014, 03:43:29 AM
 #411

If I give you a historical hash, it is useless -- as if I was tampering with the game, I'd also change that too. The only way to verify the game is via using a hash you know was sent before the game started. You can either do this manually, or with a bot.
BBmmBB
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
October 13, 2014, 03:47:36 AM
 #412

If I give you a historical hash, it is useless -- as if I was tampering with the game, I'd also change that too. The only way to verify the game is via using a hash you know was sent before the game started. You can either do this manually, or with a bot.


how is providing accurate historical data "tampering with the game" ?   Roll Eyes   what are you smoking?


>>> regardless i can't see any of this as i can't even log into the main screen !    Tongue

BBmmBB
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
October 13, 2014, 03:55:20 AM
 #413

>>> regardless i can't see any of this as i can't even log into the main screen !    Tongue

Sorry, due to COPPA laws -- I am unable to provide you service for the next 3 years. Please come back then.


WTF YOU TALKING ABOUT !  Cheesy  MAYBE YOU DON'T REALIZE WHATS ABOUT TO HAPPEN HERE ? LOL
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1333



View Profile
October 13, 2014, 04:41:31 AM
 #414

If I give you a historical hash, it is useless -- as if I was tampering with the game, I'd also change that too.

ts;du:

Before a game runs, you make up a seed and a crash point, hash the two together and publish the hash.

Once the game has crashed, you publish the seed, which allows everyone else to hash together the seed and the crash point and check that it matches the hash you published before the game started.

If you were cheating, you would publish a random hash before the betting started, wait to see how much people bet, then chose a crash point accordingly, then when the game crashed you would have to hope that nobody had looked at the hash. Then you could hash the seed and the actual crash point together and store that hash in your database.

Then later when someone asks for the hash, seed, and crash point for the old game, you give them the hash that "prove" you pre-determined the crash point.

The problem is that the hash was generated *after* the betting, not before. And so the only way to verify the pre-determinedness of the crash point is to use the hash that is published *before* a game starts.


You know when you're playing the lottery, and you have to pick your numbers *before* the draw, and get them printed on a ticket? If the numbers that get drawn match the numbers you picked, you have proof that you're "lucky" or something.

It's like that.

Proving that you know the winning numbers after the draw has been done isn't useful. Everyone can do that. If the numbers you pick after the draw match the draw, you don't have proof of anything. You could have been lucky, but probably you just saw the draw.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
DarKSpectrE
Full Member
***
Offline Offline

Activity: 149
Merit: 100


View Profile
October 13, 2014, 06:05:23 AM
 #415

If I give you a historical hash, it is useless -- as if I was tampering with the game, I'd also change that too.

ts;du:

Before a game runs, you make up a seed and a crash point, hash the two together and publish the hash.

Once the game has crashed, you publish the seed, which allows everyone else to hash together the seed and the crash point and check that it matches the hash you published before the game started.

If you were cheating, you would publish a random hash before the betting started, wait to see how much people bet, then chose a crash point accordingly, then when the game crashed you would have to hope that nobody had looked at the hash. Then you could hash the seed and the actual crash point together and store that hash in your database.

Then later when someone asks for the hash, seed, and crash point for the old game, you give them the hash that "prove" you pre-determined the crash point.

The problem is that the hash was generated *after* the betting, not before. And so the only way to verify the pre-determinedness of the crash point is to use the hash that is published *before* a game starts.


You know when you're playing the lottery, and you have to pick your numbers *before* the draw, and get them printed on a ticket? If the numbers that get drawn match the numbers you picked, you have proof that you're "lucky" or something.

It's like that.

Proving that you know the winning numbers after the draw has been done isn't useful. Everyone can do that. If the numbers you pick after the draw match the draw, you don't have proof of anything. You could have been lucky, but probably you just saw the draw.

This!!!
blockage
Member
**
Offline Offline

Activity: 100
Merit: 10

Vires in numeris.


View Profile
October 13, 2014, 02:04:35 PM
 #416


I assume this is going to need a serious code review if purchased.

The code is all open source, and has been for some time.

User "Steve" on the site seems to have reviewed it fully, and contributed patches improving it.

Hi, I'm user "Steve" on MoneyPot, steven (149317) on just-dice, steve
(2995) on dicebitco.in and Steve (2474) on dice.ninja.

Saying that I "reviewed it fully" is going too far. I have looked
at the game logic in the server, the server-client communication
and some other parts here or there. I haven't looked at UI or
for example any code that is handling funds and user balances
which I would deem important though.

The "chat moderator" patch that went live recent was, I believe, Steve's work.

Yep that was me.

If there was anything untoward going on I'm sure Steve would have blown the whistle by now.

Because I'm already at it, I can address it for all interested parties: the buyer and the users.

  • The buyer should review the code himself anyway. I don't think
    Eric intentionally left any backdoors in the code so that he can hack
    it after selling as he would expose himself now to the same risk. The
    codebase is straightforward and not too large so a review of the
    critical parts shouldn't be too difficult.

From the users perspective there are two things I'm aware of that can
be improved

  • Real provably fair numbers (whatever that means). This was
    discussed earlier in this thread. dooglus proposed a scheme that
    allows the server to prove that it does not pick crash points at will. Mixing
    some random data into it (like the hash of a block in the future)
    guarantees that the site owner cannot influence the distribution.
  • I haven't complained to Eric about this yet because it doesn't
    concern me, but I just opened an issue on github. When logging in
    the user password is sent encrypted but unhashed to the server, which
    means that the server can potentially harvest user passwords and try
    to log into other sites. The database itself stores hashed passwords. I use
    unique passwords anyway, but I think this should be resolved for the sake
    of other users.

blockage
Member
**
Offline Offline

Activity: 100
Merit: 10

Vires in numeris.


View Profile
October 13, 2014, 02:42:30 PM
 #417

From the users perspective there are two things I'm aware of that can
be improved

I forgot to add a third one: the lack of 2FA.

BBmmBB
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
October 13, 2014, 03:40:34 PM
 #418

I FIND IT A CURIOSITY THAT NOW WHEN I'M ATTEMPTING TO FIGURE OUT HOW TO VERIFY THE HASHES I GET SHUT OUT OF THE SITE!

LMFAO!!!

 Cheesy


NICE WORK!
BBmmBB
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
October 13, 2014, 07:30:28 PM
 #419

Try this one:
http://www.xorbin.com/tools/sha256-hash-calculator

You concatenate the strings, meaning you combine them into one. Exactly as it is shown there.

Paste this into the box in the sha256 hash calculator

1631|e4e93da14e26c6d9a1e22f6d0e63c52d

And your result should be

25957aaf0a91ed9faaa0b4622f890a98eba174d40513cb0344ffc01a4bb55fce

Don't worry, we were all noobs at one point. But that you admit you are a noob and then accuse several game sites about their provably fair implementation does not look good for you.

I hope that some day you will understand.

You can also try any other SHA256 calculator. You will get the same result.




ok i got back in and checked it out and the hash checked out to be accurate for the game i checked!

> my guess the trust relies on variables of the crash amount and seed combinations...?

>could you not come to the same hash result by simply shifting variables?  :\

^ i'm i making sense? tia
jaysabi
Legendary
*
Offline Offline

Activity: 2044
Merit: 1115


★777Coin.com★ Fun BTC Casino!


View Profile
October 13, 2014, 10:17:49 PM
 #420

Eric, how is the auction going? Is the plan still to sell the site?

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [21] 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 ... 161 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!