Poker Mavens software hacked to allow superusing for shady operators

[Dan Druff]

Poker Mavens is an inexpensive piece of poker software which runs on Windows machines, and allows anyone with Windows and an internet connection to run their own poker room.

Information is here: https://www.briggsoft.com/pmavens.htm

It is used for a lot of real money "underground" poker rooms, which advertise themselves as safe and secure.

PokerFraudAlert runs Poker Mavens software. That's what we use for our NoFraud Online Poker room, which you can find near the top of the screen on the "NoFraud Online Poker" tab. Our poker room is used only for play money and freerolls, so there's no way to lose or get cheated.

However, it has recently been demonstrated to me that it is possible to modify Poker Mavens to allow anyone to be able to see all hole cards at the table!

When I say "anyone", I mean that the person running the software has to install a file on the server, and then provide access to anyone he wants (himself, friends, etc) to this card monitoring tool. I was not given information on how it works from a technical standpoint, but it was demonstrated for me on a test Poker Mavens setup.

Here are two screen shots.






This tool is being sold to those running Poker Mavens software as a way to cheat players!

It is impossible for players to be able to tell if this tool is running or not. You should STOP PLAYING IMMEDIATELY on all real money underground poker rooms running Poker Mavens software. It is clearly NOT SECURE from tampering!

I just saw this with my own eyes during this demo.

To be clear, it does not appear outsiders can hack the Poker Mavens software, but that a tool exists for sale which allows INSIDERS to install a monitoring tool (similar to the one used on AP and UB) to see everyone's hole cards.

[AhoosierA]

I believe the RealGrinders promoted poker site "Fox Poker" runs on the Maven software. Isn't it?

[KBriggs]

I am the owner of Briggs Softworks and the Poker Mavens software. I'd like to know more information about this installed "file" but everyone should know this: a poker site is only as honest as the people who are running it. The software is irrelevant in that regard. The site owner is running the software on their own hardware. Even if they don't have the source code, they still have access to debuggers, memory scanners, packet sniffers, and other reverse engineering tools that they can install on their server to spy on or manipulate the hand results. This is true for every poker site in the world, from my software to PokerStars and everyone in between.

Kent Briggs
Briggs Softworks

[chinamaniac]

I am the owner of Briggs Softworks and the Poker Mavens software. I'd like to know more information about this installed "file" but everyone should know this: a poker site is only as honest as the people who are running it. The software is irrelevant in that regard. The site owner is running the software on their own hardware. Even if they don't have the source code, they still have access to debuggers, memory scanners, packet sniffers, and other reverse engineering tools that they can install on their server to spy on or manipulate the hand results. This is true for every poker site in the world, from my software to PokerStars and everyone in between.

Kent Briggs
Briggs Softworks

Bill? Stacie?

[FRANKRIZZO]

I am the owner of Briggs Softworks and the Poker Mavens software. I'd like to know more information about this installed "file" but everyone should know this: a poker site is only as honest as the people who are running it. The software is irrelevant in that regard. The site owner is running the software on their own hardware. Even if they don't have the source code, they still have access to debuggers, memory scanners, packet sniffers, and other reverse engineering tools that they can install on their server to spy on or manipulate the hand results. This is true for every poker site in the world, from my software to PokerStars and everyone in between.

Kent Briggs
Briggs Softworks

I s that really kent? Why do any 2 beat kk?

[Dan Druff]

I can confirm that Kent Briggs e-mailed me from a Briggsoft address, so he is for real.

Kent, I am not blaming your software. As you said, if the operator of the room is dishonest, they can sometimes find exploits to write for the system.

I was just informing people that, as of now, it is not safe to play on any Briggsoft real money rooms, as you do not know if this exploit is running, and it's actively being marketed to people. That's how I found it. They erroneously believed that I would be interested in buying it because I run a Briggsoft room.

If you really would like to see the exploit from a technical standpoint, I can try to feign interest and purchase it. You would have to give me the money to do so, though.

Let me know if interested.

[ftpjesus]

I can confirm that Kent Briggs e-mailed me from a Briggsoft address, so he is for real.

Kent, I am not blaming your software. As you said, if the operator of the room is dishonest, they can sometimes find exploits to write for the system.

I was just informing people that, as of now, it is not safe to play on any Briggsoft real money rooms, as you do not know if this exploit is running, and it's actively being marketed to people. That's how I found it. They erroneously believed that I would be interested in buying it because I run a Briggsoft room.

If you really would like to see the exploit from a technical standpoint, I can try to feign interest and purchase it. You would have to give me the money to do so, though.

Let me know if interested.

This royally pisses me off to say the least.. Weve had discussions about this crap on the support forum before and some asshole wanted to be able to see hole cards and wouldn't surprise me if the clown is the one behind it.. I can confirm I sent the email (like the same one sent to Druff around 4am on 2/6) to Kent to see if he saw anything questionable in the email as far as back tracking to a current forum user and he said it doesn't match anybody.. Doesn't mean its not one of the support forum users in fact I damn near guarantee it is.. Im also going to guess this exploit wouldn't work on PFA poker anyway as I believe BB is still running an older version (maybe the last iteration of PM5 I believe before Kent put out the big upgrade to 6.0) Im wondering if Kent could patch this crap quickly and break this shit but I agree this just created a major potential superuser issue with PM if some crooked SOB chose to do so..

[KBriggs]

I was just informing people that, as of now, it is not safe to play on any Briggsoft real money rooms, as you do not know if this exploit is running

You also don't know if an exploit is running right now on PokerStars, America's Cardroom, Seals with Clubs, etc. Just like nobody new it was happening at Ultimate Bet and Absolute Poker, until they did. It's purely at matter of faith in the people who are running the site. In any case, no one should be putting money into any site that looks like a fly-by-night operation with no customer support and anonymous owners.

[KBriggs]

If you really would like to see the exploit from a technical standpoint, I can try to feign interest and purchase it. You would have to give me the money to do so, though.

No, no one should give this guy any money.

[ftpjesus]

I am the owner of Briggs Softworks and the Poker Mavens software. I'd like to know more information about this installed "file" but everyone should know this: a poker site is only as honest as the people who are running it. The software is irrelevant in that regard. The site owner is running the software on their own hardware. Even if they don't have the source code, they still have access to debuggers, memory scanners, packet sniffers, and other reverse engineering tools that they can install on their server to spy on or manipulate the hand results. This is true for every poker site in the world, from my software to PokerStars and everyone in between.

Kent Briggs
Briggs Softworks

I s that really kent? Why do any 2 beat kk?

Yeah its really Kent that Im sure of.. I posted on the support forum over there because theres been zero mention of it and truth is those running the software need to know we may have an issue.. My concern even worse is somebody could hack into the server and plant this software through an remote connection to the server hosting and plant it and all they would have to do is then reboot the poker server software and voila.. Yeah this makes me wanna puke.. Ive spent time trying to get things set up to run my site and I feel like I just got kicked in the nuts royally.. I would never cheat anybody ever.. I was going to and still plan to run PM software until I can switch over to Enterras platform which I think is the best out there bang for the buck but I don't have the 10k or so I would need to get started.. (even paying them the maintaince fee to handle the SW/HW stuff which runs $1k/mo minimum but does offload IT worries and such still overhead for support and such isn't easy or cheap.. to outsource even remedial help its 1000 per agent per month for 24/7). It aint cheap if ya wanna be a mini Isai Scheinberg let me tell ya

[nolawojy]

All of this technical jargon is 75% over my head but is it possible for this to happen on a site like nitrogen with the provably fair stuff? I'm assuming this also works with games with more than 2 hole cards (Omaha etc)?

[KBriggs]

All of this technical jargon is 75% over my head but is it possible for this to happen on a site like nitrogen with the provably fair stuff? I'm assuming this also works with games with more than 2 hole cards (Omaha etc)?

Cryptographic hashing can be used to prove your RNG/shuffling algorithms are provably fair. This is fine for player vs house games like dice and blackjack but it doesn't do anything about superusers in poker where the house leaked hole cards of other players to them. There is a technique called "mental poker" where every player's client module participates in the deck shuffle with encryption such that the house doesn't know the cards. But it falls apart if any player disconnects (accidentally or on purpose) and doesn't protect against a corrupted client that leaks your decrypted hole cards.

[Dan Druff]

Johnaudi will be on PFA Radio tonight.

Should be an interesting interview. Will happen at around 10:30pm PST.

[Dan Druff]

https://pokerfraudalert.com/forum/sh...ese-Connection

John Audi came on my show last night, go to 1:00:30 mark to hear it. Lasted almost an hour.

[KBriggs]

John Audi came on my show last night, go to 1:00:30 mark to hear it. Lasted almost an hour.

FYI, I did release an update (6.15) yesterday that will stop the simple resource edit that was discussed above where the javascript client gets patched. That code is compiled directly into the server's executable. Of course it doesn't do anything about previous versions and a site operator with evil intentions is likely not going to upgrade his copy. And it's not going to stop more sophisticated hacks that could modify the machine code and blank out the code integrity check.

[ftpjesus]

https://pokerfraudalert.com/forum/sh...ese-Connection

John Audi came on my show last night, go to 1:00:30 mark to hear it. Lasted almost an hour.

I listened to most of the interview but was admittedly falling asleep towards the end but based on what Audi said I think theres a lot less to worry about then we thought.. I don't know if Kent is aware of what all Audi said but this hack was developed using the PM Demo and unless I misunderstood it would have to be redone for each version to even be useable and I guarantee doing so for Gold isn't the same as what had to be done to reverse engineer the demo 500 hand limit software version.. Also it would appear also that for the hack to remain effective it would probably have to redone every time Kent updated the software so if a site is running the newest version it would be pretty likely the site isn't cheating its users.. I could be wrong maybe I missed something towards the end of the interview..