Slot Machine Eprom Reverse Engineer

Buy eproms and software for slot machines: igt, bally, aristocrat, and more. Buy Sell Trade & Repair Slot Machines and Casino Gaming Equipment and Tables 763-253-0230 info@worldwide-gaming.com. The next shot to the Slot Machine or Piano will start a LITZ 'practice round'. The player is not able to enter intials for LITZ champ if the cheat has been performed. 2) Implemented 'Mute & Pause' mode. Pressing buy-in Button while holding a flipper will kill music and keep flipper held. Pressing buy-in again will resume regular play.

Slot Machine Eprom Reverse Engineering

What’s the best slot cheating scam happening today?

To answer this question, sometimes we have to look at the past to understand the future. The technology of the slot machine has been evolving at a rapid rate over the past several years. This technology has outpaced casino operations, internal controls, training and protection of these devices.

Slot Machine Eprom Reverse Engineer

The golden age of slot cheating was the 1980s-long before online slot networks and coinless gaming. It was a time when nearly 50 percent of all Nevada’s excluded persons were slot cheats.

There weren’t any door alarms, and there wasn’t much camera coverage in the slot areas. The machines were easy to beat and easy to steal from. There was no real focus on how much money casinos were actually losing. The thinking was “just plug them in and let them do their job.”

In those days, there were numerous arrests for usage of lead slugs, kick-stands, monkey paws and a host of other scams and cheating activities. It was easy for theft to occur internally. Most casinos used signature stamps to speed up the jackpot and coin-fill process. The jackpot and fill slips were initially generated manually; only later did they progress to being generated electronically.

When a customer hit a jackpot over a certain amount in those days, the supervisor would create a jackpot slip; the slot floor person would theoretically verify the jackpot amount and various symbols and sign the slip. The supervisor would then take the slip over to an employee window and the cashier would give them the money. As long as the amounts were under the taxable rate of $1,200, there was no additional paperwork.

So what could possibly go wrong? Anyone who had access to a floor person’s stamp, or working in concert with a floor person, had a license to print money. This was one of many internal scams that went undetected in many casinos during that time.

The addition of an online slot network did not mitigate the casino’s exposure; it just made it harder for officials to catch a thief. These systems were inherently flawed. They still relied on human interaction, and assumed the humans would follow the proper internal controls.

Slot Machine Eprom Reverse Engineers

The first of these systems was very easy to exploit. A simple reprint feature or override function key was all it took to commit fraud on a massive scale. There have been numerous documented cases involving millions of dollars stolen from casinos using this method.

Electronic Cheating

The years 1990 through 2000 were considered to be the most costly decade for slot cheating. This is the period when the slot cheats went high-tech to combat the slot manufacturers’ security responses to their earlier cheating methods.

Slot-makers were now adding optic hoppers, bill validators, online slot networks and more. Nobody would be stupid enough to try and cheat the slots now, right?

But once again, the cheats seemed to be a step or two ahead of us.

The debut of the “mini light” or “light wand” caught the casinos by surprise. This device contained a small LED light on the end, a battery pack on the other end and a magnet to hold it in place.

The thief would put his hand with the device up the payout chute. The light would trigger a payout that was not detected by the credit meter or any other electronic tracking device. Turns out hundreds of these lights were produced during the subsequent few years. It has been estimated that these devices cost Nevada casinos alone millions of dollars.

This was followed by a series of other hybrid devices that were designed to cheat the casinos out of millions more. There was the credit accelerator device, the bill validator pull-string device, the coin acceptor disabler device and a host of manual manipulation techniques. There were well-organized groups of slot cheats traveling the world implementing these techniques on a massive scale. There were individual slot cheats implementing these techniques as needed.

Many of the organized groups simply treated cheating as a business. They would purchase slot machines and reverse-engineer them to find the vulnerabilities, and then create devices to exploit those vulnerabilities. They had labs, resources and money.

Mistakes and Misbehavior

In the early 1990s, information was received that there may be corrupt EPROM (erasable programmable read-only memory) chips in some slot machines. These corrupt chips had a line of program code that allowed a player to hit a jackpot when he inserted a certain series of coins. For example, on a five-coin machine, the player would insert three coins, one coin, four coins, two coins and five coins in order. This was the combination to the jackpot code, and you would receive a winning combination, usually under the taxable amount.

Around this same time, a bored, retired rocket scientist was developing and using a device that could determine what the outcome of a video poker machine would be, usually within five to eight hands. This allowed him to hit royal flushes and other high awards at an incredible rate. This device worked on the premise that nothing is random when it comes to a machine. The exploit was fairly straightforward, and used the RNG (random number generator) in the machine to help him predict the outcome of the game based on the previous hands he played.

As these two separate investigations were unfolding, the industry discovered many things about how slot machines really worked. It was discovered that EPROM chips were not that secure, and could be easily duplicated with the right type of equipment. And who knew that randomness is really not that random?

The computer term “Easter egg” became well-known. An Easter egg is a surprise-an additional piece of code buried deep within several thousands of layers of code. Sometimes it is as innocent as a message from the developers, and sometimes it allows the user to access operating system features that could lead to fraud. The EPROM problem mentioned above was an Easter egg program designed specifically for this purpose.

The EPROM scam was linked to several individuals, including casino employees and other sources. One of the sources had a package delivered to another part of the country that was intercepted. The package contained over 100 corrupt EPROM chips. These chips were sent to the Nevada state gaming laboratory to be tested in its electronics division.

The other investigation into the RNG device had come to a conclusion, and this device made its way to the same lab for testing.

The individual responsible for testing these devices was Ronald Dale Harris, who immediately saw the possibilities of both of these devices. Harris used a gaming lab computer to have an Easter egg program uploaded to slot machines around the state that would allow his co-conspirators to hit a jackpot by inserting a series of coins. He later used an RNG program to help predict the outcome of a keno game at an Atlantic City casino to win $50,000. Is this a coincidence?

Next came the infamous “star wars” device that a very notorious slot cheat designed to piggy-back the existing EPROM in a slot machine. The device would flash the legitimate EPROM and when the machine was re-booted it would bring up the highest award paid for that machine. This well-organized cheating ring would use associates with no criminal record to collect the awards, which consisted of high-end vehicles and very large cash prizes.

Tighter Security

As we moved into the 21st century, the level of these types of cheating methods started to taper off. The industry started to move toward coinless gaming, and more reliance on the slot network to provide security for these devices was the natural course of action.

Since there wasn’t any coin to worry about, the only thing the cheats could do was attack the bill validators and other components previously mentioned. The manufacturers and regulators also stepped up their game by creating some additional internal controls and other fixes to prevent some of these crimes from occurring. Bills were now 100 percent metered so if there was a shortfall of cash it could be discovered very quickly. The TITO systems (ticket-in/ticket-out) were also metered and well-controlled. There is also more security on the internal components like the motherboard and EPROM chips.

The attention soon shifted from what the cheats were doing to what the employees were doing. Internal slot fraud is a growing problem with these new systems.

An internal control is only as good as the person who follows it. Employees are figuring out ways to breach the systems from a variety of different angles, from fraudulent player reinvestment ratings all the way to creating fraudulent tickets that a co-conspirator can later redeem for cash.

Remember, employees often get bored and start poking around, or they accidentally discover some flaw in the system that would allow them, in their minds, to get away with the crime.

As recently as 2007, a slot technician used a jumper wire to remove a machine from the casino floor for maintenance. The jumper wire was connected back to the server and then back to a slot machine in the tech shop for testing. The slot tech would print legitimate tickets for relatively small amounts and have a co-conspirator cash them in. It was estimated that the loss was over $1 million.

All program code is inherently flawed, and requires constant updates and patches to fix various bugs. Some very knowledgeable slot cheats discovered a number of program flaws in some newer multi-denomination and multi-game slot machines. By hitting different combinations of buttons, they could change the value of their credits from 5 cents to 25 cents and higher.

The manufacturers responded quickly, and a patch upgrade was issued at no cost to the casinos. But not all casinos reacted quickly. Some casinos did not, and the vulnerability existed for quite some time until they took the appropriate steps.

Slot machine eprom reverse engineers

Electronic bonusing, different award programs and other jackpot systems undoubtedly are vulnerable. There is talk of smart card devices, debit card transactions and server-based gaming. Will these devices be more secure than their predecessors, or will they launch a new era and a new breed of slot cheat?

How will surveillance catch these new-age slot cheats? Will their crimes be invisible to the casino? Does the surveillance department need to look into some new tools and standards to help us proactively identify fraud in the cyber world? Answer this question: “What is the best slot cheating scam happening today?” The answer is very simple: “It is the one you don’t know about!”

Darrin Hoke is the director of surveillance at L’Auberge du Lac Hotel & Casino in Lake Charles, Louisiana. Hoke has also held various positions in security management, investigations and law enforcement, and has developed a number of surveillance classes and programs over the past 10 years as a regular instructor with the University of Nevada, Reno gaming management division.

Comments are closed.