Wixiplay: A provably rigged online casino
February 15th, 2020 at 5:19:36 PM
permalink
Summary: sometimes the server_seed_hash doesn't match the server_seed and you always lose those rounds. Which is a shame because I could have beat this casino's loss rebate for five figures an hour if it wasn't rigged.
Before we can define how provable fairness works we first have to define a hash function. A hash function can be any any function such that it's prohibitively expensive computationally to find x and y such that f(x) = f(y), and likewise prohibitively expensive to find x given f(x). But it must be relatively cheap to compute f(x) given x. In this case the hash function f is SHA-256. If f(x) = z we say z is the hash of x.
Provable fairness is supposed to work like this:
1. The server randomly generates a string (server_seed), and sends the hash of it to the client. (server_seed_hash)
2. The client records the server seed hash, and then randomly generates a client_seed and sends it to the server.
3. The server uses a public deterministic formula to determine the outcome of the game. g(server_seed + client_seed) = outcome. Typically g first hashes the input and then converts that string of random bits into a shuffled deck or a random number mod N.
4. After the game, the server reveals the server seed to the client.
5. The client checks that f(server_seed) = server_seed_hash, and g(server_seed + client_seed) = outcome.
If all these steps are followed, f and g are appropriate functions, and both checks in step five succeed, then this individual round of the game is proven fair (but future rounds may or may not be fair). The server can only cheat by doing something that violates the checks in step five:
1. Generate a different server seed after seeing client_seed, to make sure that g(server_seed + client_seed) = losing outcome. Since it is prohibitively expensive to find x and y such that f(x) = f(y), the server won't be able to ensure that it's new seed hashes to the same value as the original seed, so the client will see f(server_seed) != server_seed_hash.
2. Generate the outcome of the game in some other way. So the client will see g(server_seed+client_seed) != outcome.
The server can also cheat undetectably if the client neglects any of his duties in steps 1-5. Sometimes shady sites will avoid sending server_seed_hash except when the client specifically requests it, so that the server knows when it's not being watched and can get away with anything. 999dice used this scam, and wixiplay does the same thing.
The verification of provable fairness can easily be automated. But interfacing between programs and web browsers is ugly and tedious (DM me if you can help with that since my partner who used to do that quit AP to go back to grad school). So I just copied and pasted the values into a script to verify each round manually:
I logged the script's output for each round of betting, and, long story short, the step 5 checks passed for the vast majority of game rounds, but on about 10 of the rounds the server_seed_hash didn't match. This means the server violated its pre-committment to using a particular server_seed. The only reason to do that is to change the outcome of the game to make it more unfavorable to the player. I always lost every round where the server_seed_hash didn't match.
I also played a lot of unverified rounds (where I didn't check PF). Out of 523 coin flips that each ostensibly had a 49.5% chance of success, only 199 succeeded. This has a binomial probability of 8.9696e-8. So I surmise that the casino cheats undetectably a lot on the 99% of customers who never request the server_seed_hash, and then has the backup plan of cheating overtly in the way described in the previous paragraph.
I made a second account and gradually ramped up my betting for further testing purposes. It eventually cheated by changing the server seed, and the timing of the first and second cheatings exactly coincided with wagers where I would have gone from being a lifetime net loser to being a lifetime net winner if I had won.
I waited a while before posting this just to make very very sure that it was rigged and worthless. If it wasn't rigged I could have crushed their loss rebate. It looks like a perfect storm on paper, if only it would take the action and not cheat:
* 25% back on every lost deposit an unlimited number of times per day, unlimited size
* no wagering requirement
* instant 0-conf deposits
* configurable-variance dice with a lower house edge than single zero roulette.
* enormous max bet
It sounded too good to be true, and it was.
Before we can define how provable fairness works we first have to define a hash function. A hash function can be any any function such that it's prohibitively expensive computationally to find x and y such that f(x) = f(y), and likewise prohibitively expensive to find x given f(x). But it must be relatively cheap to compute f(x) given x. In this case the hash function f is SHA-256. If f(x) = z we say z is the hash of x.
Provable fairness is supposed to work like this:
1. The server randomly generates a string (server_seed), and sends the hash of it to the client. (server_seed_hash)
2. The client records the server seed hash, and then randomly generates a client_seed and sends it to the server.
3. The server uses a public deterministic formula to determine the outcome of the game. g(server_seed + client_seed) = outcome. Typically g first hashes the input and then converts that string of random bits into a shuffled deck or a random number mod N.
4. After the game, the server reveals the server seed to the client.
5. The client checks that f(server_seed) = server_seed_hash, and g(server_seed + client_seed) = outcome.
If all these steps are followed, f and g are appropriate functions, and both checks in step five succeed, then this individual round of the game is proven fair (but future rounds may or may not be fair). The server can only cheat by doing something that violates the checks in step five:
1. Generate a different server seed after seeing client_seed, to make sure that g(server_seed + client_seed) = losing outcome. Since it is prohibitively expensive to find x and y such that f(x) = f(y), the server won't be able to ensure that it's new seed hashes to the same value as the original seed, so the client will see f(server_seed) != server_seed_hash.
2. Generate the outcome of the game in some other way. So the client will see g(server_seed+client_seed) != outcome.
The server can also cheat undetectably if the client neglects any of his duties in steps 1-5. Sometimes shady sites will avoid sending server_seed_hash except when the client specifically requests it, so that the server knows when it's not being watched and can get away with anything. 999dice used this scam, and wixiplay does the same thing.
The verification of provable fairness can easily be automated. But interfacing between programs and web browsers is ugly and tedious (DM me if you can help with that since my partner who used to do that quit AP to go back to grad school). So I just copied and pasted the values into a script to verify each round manually:
$server_seed_hash = "cf9ae2bb1f4a606e6694ec96ab7eff650edad62fa98296d6cf4af0bfb44e8590";
$client_seed = "nrn5hjdf-0";
$server_seed = "ea8f30b8e3787da64f2fad492c1fe2f8b6301089092794bb5a6ad15974bb63af";
$game_outcome = 4898;
$result_seed = hash_hmac('sha512', $server_seed, $client_seed);
$result_number = hexdec(substr($result_seed,0,10));
$expected_outcome = $result_number % 10001;
echo "\nexpected outcome =", $expected_outcome;
if($expected_outcome==$game_outcome){
echo "\noutcome match";}else{
echo "\noutcome mismatch";}
if($server_seed_hash==hash('sha256',$server_seed)){
echo "\nhash match";}else{
echo "\nhash mismatch";}
I logged the script's output for each round of betting, and, long story short, the step 5 checks passed for the vast majority of game rounds, but on about 10 of the rounds the server_seed_hash didn't match. This means the server violated its pre-committment to using a particular server_seed. The only reason to do that is to change the outcome of the game to make it more unfavorable to the player. I always lost every round where the server_seed_hash didn't match.
I also played a lot of unverified rounds (where I didn't check PF). Out of 523 coin flips that each ostensibly had a 49.5% chance of success, only 199 succeeded. This has a binomial probability of 8.9696e-8. So I surmise that the casino cheats undetectably a lot on the 99% of customers who never request the server_seed_hash, and then has the backup plan of cheating overtly in the way described in the previous paragraph.
I made a second account and gradually ramped up my betting for further testing purposes. It eventually cheated by changing the server seed, and the timing of the first and second cheatings exactly coincided with wagers where I would have gone from being a lifetime net loser to being a lifetime net winner if I had won.
I waited a while before posting this just to make very very sure that it was rigged and worthless. If it wasn't rigged I could have crushed their loss rebate. It looks like a perfect storm on paper, if only it would take the action and not cheat:
* 25% back on every lost deposit an unlimited number of times per day, unlimited size
* no wagering requirement
* instant 0-conf deposits
* configurable-variance dice with a lower house edge than single zero roulette.
* enormous max bet
It sounded too good to be true, and it was.
February 15th, 2020 at 7:35:28 PM
permalink
Thank you Scrooge for posting this. I hope you mind me saying that this was discussed off the forum and I encouraged you post about it.
I take all accusations of Internet cheating very seriously. What I hope to do is personally verify this myself. I also plan to try to dumb this down a bit and put what happened into more plain simple English for people who don't know anything about encryption.
I take all accusations of Internet cheating very seriously. What I hope to do is personally verify this myself. I also plan to try to dumb this down a bit and put what happened into more plain simple English for people who don't know anything about encryption.
It's not whether you win or lose; it's whether or not you had a good bet.
February 16th, 2020 at 1:51:56 AM
permalink
I have a a lot of interest in the subject, so, I too encouraged posting about this. I have tried to start a conversation and ask question regarding provably fair casinos, but there didn't seem to be much interest about the topic. Perhaps very few people have the knowledge to discuss exactly how it works, or the people that do have very little interest in online gambling. There was just some general information about how it worked. I mean there is a general understanding that they could still cheat but nobody really explained how they could cheat and how we could detect it.Quote: WizardThank you Scrooge for posting this. I hope you mind me saying that this was discussed off the forum and I encouraged you post about it.
I take all accusations of Internet cheating very seriously. What I hope to do is personally verify this myself. I also plan to try to dumb this down a bit and put what happened into more plain simple English for people who don't know anything about encryption.
This is probably a situation where there's quite a few Advantage Players who play online but they just go with what they already know and keep that to themselves.
Scrooge seems to know significantly more about this than anyone I've come across so far(thanks for the information/ education).
♪♪Now you swear and kick and beg us That you're not a gamblin' man Then you find you're back in Vegas With a handle in your hand♪♪ Your black cards can make you money So you hide them when you're able In the land of casinos and money You must put them on the table♪♪ You go back Jack do it again roulette wheels turinin' 'round and 'round♪♪ You go back Jack do it again♪♪
February 16th, 2020 at 9:45:35 AM
permalink
"Wixiplay.io is rigged | one in ten million session | fake PF
December 21, 2019, 12:46:06 AM"
https://bitcointalk.org/index.php?topic=5211370.0
December 21, 2019, 12:46:06 AM"
https://bitcointalk.org/index.php?topic=5211370.0
Quote: I just played 523 coin flips (49.5% chance of success with a 1% house edge). Only won 199 of them. The probability of winning 199 or fewer out of 523 is 8.9696e-8, or about one in ten million.
Their provably fair system doesn't work because they only show the server seed hash, but they never reveal the server seed of past rounds, so there is no way to do the calculation to verify that those rounds were fair.
They say the algorithm is:
Quote
$client_seed = "your_client_seed";
$server_seed = "your_server_seed";
$result_seed = hash_hmac('sha512', $server_seed, $client_seed);
$result_number = hexdec(substr($result_seed,0,10));
$lucky_number = $result_number % 10001;
echo $lucky_number;
But this is all they show you in the fairness dialog.
https://i.ibb.co/1KDN8s5/wixi-fairness.png
It never shows the server seed for the previous round, so you can't check the fairness. This is a fake PF system.
I recommend avoiding the site until they fix their PF.
someone elses quote who replied
Quote: But then it hit me!
They can actually check if you're going through the impractical ceremony on not! I verified this by checking the network requests, and AFAICT the only way to view the server-seed hash is via a network request to "/ajax/modal" with "modal=fairness".
So this means they can actually if you're verifying the bets or not. So they could trivially cheat only when they know you won't be able to tell (when you never requested the server-seed hash).
February 16th, 2020 at 10:19:17 AM
permalink
Somebody on that thread figured out that the way to see the server seed after a round was click on the "my bets" tab and then double click on the bet in the bet history. Most sites would just show the previous round server_seed in the fairness dialog (same place you see next round's server_seed_hash). And on most sites the fairness dialog wouldn't make a separate network request to notify the server that it's being watched.
February 18th, 2020 at 2:03:10 PM
permalink
So I went over today to demonstrate it to wizard. The cashback was gone and it didn't cheat in any of the rounds I played today. Possible reasons:
1. Variance. It only cheats some of the time and we didn't play a huge number of rounds. Without cashback it's not worthwhile to continue the testing..
2. Damage control. Maybe the site owner saw this thread and decided to get rid of the cashback and stop cheating at the same time.
3. Other APs might have found a loophole and burned it down in 2 days.
Here are my logs from Feb 9 until Feb 15 (like an hour before I posted this thread). It's all the inputs and all the outputs to my php script (source code in OP). Plus notes on deposit size / bet size. The two bets near the end with the hash mismatch are the ones where they cheated.
1. Variance. It only cheats some of the time and we didn't play a huge number of rounds. Without cashback it's not worthwhile to continue the testing..
2. Damage control. Maybe the site owner saw this thread and decided to get rid of the cashback and stop cheating at the same time.
3. Other APs might have found a loophole and burned it down in 2 days.
Here are my logs from Feb 9 until Feb 15 (like an hour before I posted this thread). It's all the inputs and all the outputs to my php script (source code in OP). Plus notes on deposit size / bet size. The two bets near the end with the hash mismatch are the ones where they cheated.
New account comes with 50 satoshis, so I start betting 1 satoshi for testing.
minbet on 2x
$server_seed_hash = "404f8199841a1830274ff7335ab842a9aff058f613a12531e332ebf5c37267a9";
$client_seed = "8ISz6oRYtelj1kJ9-0";
$server_seed = "b66f057944fed63c653089a3f6651059a0c45b1911a9ed7595483f8bd5141735";
$game_outcome = 6838;
expected outcome =6838
outcome match
hash match
$server_seed_hash = "54adbf5590e37dccec524c9a010d653ca12c1acd7ba8efe2955a48432916dd48";
$client_seed = "cnyaskfzy4s6a1f7-0";
$server_seed = "6c9a1b2134fd2b9592ebb2adb46b70cd82530bcb422a687e02b2cf9d2f1fb4ba";
$game_outcome = 8546;
expected outcome =8546
outcome match
hash match
$server_seed_hash = "e22bfb707768cecbdf94bd87962fb525ba10ace20feca0a5b2266a4917448846";
$client_seed = "cvhn56hbhg-0";
$server_seed = "263fb461f3faff4bb7dd5980cb91e4f1c91e4a6e5cb55aee35393688d5097502";
$game_outcome = 5674;
expected outcome =5674
outcome match
hash match
switch to minbet 10x
$server_seed_hash = "e911586d17dab4274c5cc0b1afbce27c95928b4e209c19424a726134cbb20187";
$client_seed = "vvnj6njyn-0";
$server_seed = "082f13e2feaea948568e8d5746c5e9d68ec29c57abd4d79894b03c94af974231";
$game_outcome = 4916;
expected outcome =4916
outcome match
hash match
double bet
$server_seed_hash = "0a4c42886ae5b0df52ee7a9045107c7649442e94c68940214c5726c85b2794c0";
$client_seed = "cvdvmkjrtn6-0";
$server_seed = "11b72e872c99561288483dd6ee7563d96c076f669f048ae8b295ea0b6b9dbb47";
$game_outcome = 3822;
expected outcome =3822
outcome match
hash match
$server_seed_hash = "07e3d6cac23281d69cfca924e4685bc403be88acfabda4ada0e7bf4bea537fde";
$client_seed = "fdsdjfnjg-0";
$server_seed = "94457b39ba65f60c1667d23c2d8514718df94ceeedadf9467cda87e32575138b";
$game_outcome = 4993;
expected outcome =4993
outcome match
hash match
max bet on 1.1x
$server_seed_hash = "24f04748486f3469b16ddd6d170a0d4652f4b9cf97bb11ef1f54c14ceeeb50bc";
$client_seed = "vnfjny77di-0";
$server_seed = "57077d4337cf42da03278fa72cd69bc7d1bdf942d8e19c56fb000986e8cb95ce";
$game_outcome = 9842;
expected outcome =9842
outcome match
hash match
$server_seed_hash = "733108bf1004562868ea39b67499d3965604c1efb1ec36074deb1a20a7304f32";
$client_seed = "vnvj6yjn6-0";
$server_seed = "89e007fc6983dcbba825ddfe280926c5d43d0bfcdd2d9270c0f037d08dcd155d";
$game_outcome = 7480;
expected outcome =7480
outcome match
hash match
$server_seed_hash = "39719930f93e24ee79c94e2cf8fc63038d779453cde809b71ad3358f8d6995cc";
$client_seed = "vnvjnydcu-0";
$server_seed = "dab7293a191e37dbd4bd9b491cc4ac123babf8b2f82fa6c59eb27df3d48c8c07";
$game_outcome = 408;
expected outcome =408
outcome match
hash match
deposit bonus 10mbtc 200%
1mbtc 2x
$server_seed_hash = "52b78b7c2c94c4ef71fc1ccdf727ef5f1aa28d7f0576f5438ca1a5d6a7a018ae";
$client_seed = "bn6nrbn7d-0";
$server_seed = "aa4b50a06dfc20b061dd97b2a144e10dd24112ac10f947cdcb40256399cad220";
$game_outcome = 2905;
expected outcome =2905
outcome match
hash match
29mbtc all in
$server_seed_hash = "6fe500273a101d0212c16d00a25d2e48930a39d10cb78f61cd7ce8fbd2ace670";
$client_seed = "vn7xkh4s-0";
$server_seed = "ac98a1123ceee28b875016eb1ed0c4d255ad372acd68b7ead083d4f1d5506a67";
$game_outcome = 1401;
expected outcome =1401
outcome match
hash match
new 16mbtc deposit for loss rebate
8mbtc bet on 2x
$server_seed_hash = "4b0043287a1910814c166f1d56944687febed1eb141ac38cd6480042d4e875c3";
$client_seed = "vhn6hdj7g-0";
$server_seed = "a11e24f034ab448beba9129b39ea33799608e0697e65c351cafc08d6aee9192e";
$game_outcome = 7244;
expected outcome =7244
outcome match
hash match
$server_seed_hash = "80180929eb056bf66c77eea1cd8080e9325a666e07f289af3026cf93ec5d220d";
$client_seed = "cnth6hbc7-0";
$server_seed = "51b5e7d71ee8e8886c1fc151def3878485d0a11f3b89590c3b0c786c727a1700";
$game_outcome = 1893;
expected outcome =1893
outcome match
hash match
$server_seed_hash = "dfa3e852d832c528fbcdf7b7a12f70b39b8ca9040d8988046bf05b304db0ee15";
$client_seed = "cdnjcvnrt-0";
$server_seed = "ba70bfb33e8923a903c64fa171f0fc360cd23a9c353946527d8adcaad3468600";
$game_outcome = 6998;
expected outcome =6998
outcome match
hash match
$server_seed_hash = "a08bb6bd829628b2d724c194844b017b55b42ba2a1f49330aa2e30e38c1aa987";
$client_seed = "shdjht6ca-0";
$server_seed = "20502abf10c024865474f636c9deca6dc2e2f9beb14edb92f3c20177cff561bc";
$game_outcome = 4350;
expected outcome =4350
outcome match
hash match
doubled bet (all in)
$server_seed_hash = "f7f78cbfb2133db5c5cc7e5bd43cea2f0fb815d3c7b8a2731f0952a130fa3b96";
$client_seed = "fdjfhjr5t5-0";
$server_seed = "614b57c4def0b4a6ceaf1bc7ec3f6212c183ceb313ea4228b9d6c03c73aec67c";
$game_outcome = 938;
expected outcome =938
outcome match
hash match
new deposit 12mbtc
1mbtc bet test
$server_seed_hash = "e37bf4991055d02ecf9d3a905f9f2f6f72060c9c9229a527df3006376cf50f4f";
$client_seed = "fbn6xk72d-0";
$server_seed = "d73f1804eabc18e9e6219742c50b72718e89bea4d5d0cc5b880cf975b9e72e3f";
$game_outcome = 2064;
expected outcome =2064
outcome match
hash match
allin
$server_seed_hash = "1c113d6374b2cba63ceacd209e16098359ea1711dcc2a6599a28060f9ba34d2b";
$client_seed = "vbn6nsdj-0";
$server_seed = "5d7dbc90acec66d4054704599abc16040160fc2e4b021527cfe14c7626d11294";
$game_outcome = 645;
expected outcome =645
outcome match
hash match
new deposit 12mbtc
6mbtc on 3x
$server_seed_hash = "73ba646973b6a9b8dbadce38eda2515be7fcc5e9f984e15378b183cd9ababaca";
$client_seed = "djh5hsjy-0";
$server_seed = "9cfef4a70af82ae77991b14a517002b5611caf330c4203d3c1cc8f0392d22b89";
$game_outcome = 5722;
expected outcome =5722
outcome match
hash match
$server_seed_hash = "5328f55ccb499bdd949536e0e784aab38ff701c13377841e3d1c7330b9688fa6";
$client_seed = "cthh6hf6s-0";
$server_seed = "d00972dcbccea1de084b19894d81e05c041795c8a24c8cdbba5b2ca5c0b5d12b";
$game_outcome = 1419;
expected outcome =1419
outcome match
hash match
0.2mbtc remaining allin
$server_seed_hash = "9cf38de761d90dc0c1687e6637d533d78dd0b4b6f7d3a251b141ae5070ac47f3";
$client_seed = "cvnrtnhjt-0";
$server_seed = "e8628298ca62c01462ffc48ed922abc98adcfd024e36017bedfeaa6f8b5558a0";
$game_outcome = 5516;
expected outcome =5516
outcome match
hash match
12mbtc deposit 6mbtc 3x
$server_seed_hash = "8c54cb9a2b98a23f4b2b429ea0847190f47b21bf85e24a49196776c61a5c5fb2";
$client_seed = "fdfj6jhhds-0";
$server_seed = "3c443d18f3d15bd4952b2994af5bf85e7dac3c25dc31ee97fedde4f0069494f7";
$game_outcome = 9409;
expected outcome =9409
outcome match
hash match
next day 12mbtc deposit
6mbtc 3x
$server_seed_hash = "c00871e1dc94d87acea84a9edaa5ec4ae0c6bd445a62235572ae169fd55bd0fe";
$client_seed = "fhjdfhj5d5-0";
$server_seed = "8951a27521a0429108f359fc6905fa2456ced7ca528393d445a419342c36dacc";
$game_outcome = 6655;
expected outcome =6655
outcome match
hash match
$server_seed_hash = "650c662fc93437da7ec2be3efb7ff916b07b44f137afadbd0b186de89461eb2d";
$client_seed = "shircy2df2-0";
$server_seed = "6c6daa0f0910a3e195412827ef7c5c0951b25d60a5bb7a1f4214801ae9741128";
$game_outcome = 5833;
expected outcome =5833
outcome match
hash match
$server_seed_hash = "3288caa270627c3e656f107944b4154f7219793f672c596e0ecd5df4074c8a63";
$client_seed = "fnfjrtnfs3d-0";
$server_seed = "d354e7b97f5b940926732009cdf84e27e9a316a4f49565c9cb048744953752a6";
$game_outcome = 5800;
expected outcome =5800
outcome match
hash match
$server_seed_hash = "a9534489ac8253f18cd4b17a8d85c3d84c07c6ce020b2118a22b970d1b3700e1";
$client_seed = "dh8rhtkj24-0";
$server_seed = "b7b27512c77f16c3d4e5eac7a1bec0624064a59b460921bb9b134989ba74d593";
$game_outcome = 5251;
expected outcome =5251
outcome match
hash match
$server_seed_hash = "f53430353e61f59893316b99d23de20b37d2fd48b16e9d126eae4ee565bb4325";
$client_seed = "f45hhdhj6d-0";
$server_seed = "87d7edd3bb3afa9e07a10efe579259c4d8144c7bb76699c09ee1424f50963130";
$game_outcome = 281;
expected outcome =281
outcome match
hash match
24mbtc deposit bet 12mbtc on 3x
$server_seed_hash = "57b4e603fb7f917a8b9a10c5f88052fb0d94cc9a20f4f3a89bd2eb7647413d6f";
$client_seed = "dfdfhhjh4h6-0";
$server_seed = "c5fd0076e40b29fe7c91de6ae81f073ee8acaecb3eb70824ba28e6a343fe11bd";
$game_outcome = 6766;
expected outcome =6766
outcome match
hash match
24mbtc deposit bet 12mbtc on 3x
winning this bet would have made me a lifetime net winner
FIRST CHEAT
$server_seed_hash = "7fa87776eea5d554bd2209f03d7a3a4cef132c8bd2fb9c57fca58f273f7431a3";
$client_seed = "db6yhjdjsd-0";
$server_seed = "76e3853e6335f4409cee59b0c1161cf0ff8121cdf3af6b0ef7dfa239570022cbrUL35gKjVB";
$game_outcome = 3214;
expected outcome =3214
outcome match
hash mismatch
bet 12mbtc on 2.33x (just below threshold to be lifetime net winner if i win)
$server_seed_hash = "096207b9bed2fa025f53618e20db99d7ba98138117f4753303284ff63202e17f";
$client_seed = "fdfhj45hjhd5-0";
$server_seed = "2c08c682a500c28c7b77fbd2fa08432f87dce06b3016e97eb9115363531d4519";
$game_outcome = 9425;
expected outcome =9425
outcome match
hash match
bet 1mbtc on 2x (if I win i'm a lifetime net winner)
$server_seed_hash = "2b86579253a59143b4856e59cb256fa20db3435dc759daa63ff8533d5ea6eab3";
$client_seed = "aj4jdh6dj6fd-0";
$server_seed = "4c188154a337d25eb9dd93fd6e140c97e5300202a05dca6f9ea9ae278a0f6a39woxA3nyJEi";
$game_outcome = 1682;
expected outcome =1682
outcome match
hash mismatch
repeat bet (now if I win I'm only lifetime breakeven)
$server_seed_hash = "ff60b13ceedd55f1a0c3f11915291711f42465daaa67f8b33c1bff463712e2cc";
$client_seed = "dfhdjktd4-0";
$server_seed = "08d54bee7e702ee78faaeb30ba81e3f006056b06690685afe2349925cd53f957";
$game_outcome = 6869;
expected outcome =6869
outcome match
hash match
repeat bet (now if I win i'm a lifetime net winner)
$server_seed_hash = "fdc969a49edaa1e8f056cb4c1f71f07d3f8af29da856e07ac59c7013f1ee69b4";
$client_seed = "sdfj6hd5-0";
$server_seed = "f4d723d78b1e0f810fcab6c91aefade237cc7d0244051433b5071c0cf3db6b0a";
$game_outcome = 1042;
expected outcome =1042
outcome match
hash match
repeat bet (now if I win I'm only lifetime breakeven)
$server_seed_hash = "8fffd66779568139737b063790bd05e293e8028987694caf010dfdda1340b84b";
$client_seed = "fghnfh6d-0";
$server_seed = "2e8f708c69e28899c296f53f99c9b689b7e9dd2c9544522edfe59aedbadbba1e";
$game_outcome = 9214;
expected outcome =9214
outcome match
hash match
repeat bet (now if I win i'm a lifetime net winner)
$server_seed_hash = "6cceaeda0deb2c4b95e29145557065302150985dd9226d0da983d4ef61dee00a";
$client_seed = "dj5sk6sd-0";
$server_seed = "71f42dcef72cde7689c500c16ccf335d329df42c98353b5fe88430440893a310";
$game_outcome = 9320;
expected outcome =9320
outcome match
hash match
repeat bet (now i'm a lifetime net winner)
$server_seed_hash = "0b8eadecbc6310c9fabdb7505c7b9caa2d422b96827f4dfa50ee8c83e79192c2";
$client_seed = "d9jjdk6d-0";
$server_seed = "825b5814191ac38349c917778baa98571175a2624332c8d5031bea3a19db43b8";
$game_outcome = 3856;
expected outcome =3856
outcome match
hash match
repeat bet (now if I win i'm a lifetime net winner)
$server_seed_hash = "279baa9fdf39543f31266c5270d6b1dd3e4e60bcc55d7e2f0a601826cd45512e";
$client_seed = "dsjfd6kd-0";
$server_seed = "75e37022065a066f57d5c84fa169f0692624efb55695fdf592e21b28ba8e3701";
$game_outcome = 1878;
expected outcome =1878
outcome match
hash match
$server_seed_hash = "cf9ae2bb1f4a606e6694ec96ab7eff650edad62fa98296d6cf4af0bfb44e8590";
$client_seed = "nrn5hjdf-0";
$server_seed = "ea8f30b8e3787da64f2fad492c1fe2f8b6301089092794bb5a6ad15974bb63af";
$game_outcome = 4898;
expected outcome =4898
outcome match
hash match
Last edited by: unnamed administrator on Feb 20, 2020
February 18th, 2020 at 3:15:42 PM
permalink
Lets be real they had a nuke button from day one the moment they programmed it. Its probably just sitting there waiting to be switched back on.
February 20th, 2020 at 12:09:01 PM
permalink
It's time for an update.
Yesterday I witnessed Scrooge playing and I can confirm that was not playing fairly.
To understand how "guaranteed fair gaming" is supposed to work and how to tell when it isn't, I had to get up to speed on how cryptography is used to guarantee the outcome of a bet is determined before the player makes the bet. To not hijack this thread, I created a thread about it titled GUARANTEED FAIR GAMING FOR DUMMIES.
The bottom line is the hash reported by the casino after some losing bets did not match the input that went into determining the outcome. In plain English, what I assume the casino is doing is on some kind of basis, not all the time, the casino will chose a seed that leads to a losing outcome. The hash of the this cherry-picked seed will not match the hash given before the bet was made.
What is strange is that it is fairly easy to check for this. However, the player does have to make several clicks and a few copy and pastes per bet. Based on other information I will let Scrooge elaborate on, I speculate the non-fair play is a function of:
1. Whether the player clicks to check the hash of a bet.
2. How much the player is winning.
3. How much in bonuses the player has received relative to his play.
4. IP address of player computer.
Yesterday I gave Wixiplay 48 hours to make statement in their defense. No reply yet.
Questions or comments?
Yesterday I witnessed Scrooge playing and I can confirm that was not playing fairly.
To understand how "guaranteed fair gaming" is supposed to work and how to tell when it isn't, I had to get up to speed on how cryptography is used to guarantee the outcome of a bet is determined before the player makes the bet. To not hijack this thread, I created a thread about it titled GUARANTEED FAIR GAMING FOR DUMMIES.
The bottom line is the hash reported by the casino after some losing bets did not match the input that went into determining the outcome. In plain English, what I assume the casino is doing is on some kind of basis, not all the time, the casino will chose a seed that leads to a losing outcome. The hash of the this cherry-picked seed will not match the hash given before the bet was made.
What is strange is that it is fairly easy to check for this. However, the player does have to make several clicks and a few copy and pastes per bet. Based on other information I will let Scrooge elaborate on, I speculate the non-fair play is a function of:
1. Whether the player clicks to check the hash of a bet.
2. How much the player is winning.
3. How much in bonuses the player has received relative to his play.
4. IP address of player computer.
Yesterday I gave Wixiplay 48 hours to make statement in their defense. No reply yet.
Questions or comments?
It's not whether you win or lose; it's whether or not you had a good bet.
February 20th, 2020 at 5:41:30 PM
permalink
From their FAQ
Also not a single "gaming authority" logo or "tested by so-n-so"
I would just say this is a shining example of what is possible from ANY online casino. You cant see how they are exactly generating the "random" numbers, and there is most likely more than just those 4 factors that produce the results.
I quoted that from the FAQ because there website is filled with spelling and grammatical errors. I'm horrible at those things too. But I feel like just looking at this site at a quick glace, it throws up a lot of red flags in general and I wouldn't play it.
Why do they have their own "coins" is my question.
Quote:What is WixiCoin? WixiCoin is a build-in free coin, which can be used to play games for practice. Currently, you can claim WixiCoin using the faucet. Notice, your WixiCoin balance must be zero in order to claim it from Zero Balance Faucetq
Also not a single "gaming authority" logo or "tested by so-n-so"
I would just say this is a shining example of what is possible from ANY online casino. You cant see how they are exactly generating the "random" numbers, and there is most likely more than just those 4 factors that produce the results.
I quoted that from the FAQ because there website is filled with spelling and grammatical errors. I'm horrible at those things too. But I feel like just looking at this site at a quick glace, it throws up a lot of red flags in general and I wouldn't play it.
Why do they have their own "coins" is my question.
February 20th, 2020 at 7:15:09 PM
permalink
Quote: heatmapI would just say this is a shining example of what is possible from ANY online casino. You cant see how they are exactly generating the "random" numbers, and there is most likely more than just those 4 factors that produce the results.
How random numbers are drawn is not the issue. I assume they can draw them just fine. I don't want to go through a lesson on cryptography again, but they are simply not telling the truth and hoping nobody checks the codes.
Quote:I quoted that from the FAQ because there website is filled with spelling and grammatical errors.
Can you provide some examples? It looked okay to me, but I'm more of a math guy.
Quote:Why do they have their own "coins" is my question.
I think that is part of their reward program. I don't know much about it.
I've been playing myself with my own Bitcoin and every bet is directly in Bitcoin. So far, I must say, I've received a fair game.
It's not whether you win or lose; it's whether or not you had a good bet.
