Page 3 of 3 FirstFirst 123
Results 41 to 55 of 55

Thread: Poker Mavens software hacked to allow superusing for shady operators

  1. #41
    Cubic Zirconia
    Reputation
    12
    Join Date
    Feb 2020
    Posts
    13
    Load Metric
    65646999
    Quote Originally Posted by nolawojy View Post
    All of this technical jargon is 75% over my head but is it possible for this to happen on a site like nitrogen with the provably fair stuff? I'm assuming this also works with games with more than 2 hole cards (Omaha etc)?
    Cryptographic hashing can be used to prove your RNG/shuffling algorithms are provably fair. This is fine for player vs house games like dice and blackjack but it doesn't do anything about superusers in poker where the house leaked hole cards of other players to them. There is a technique called "mental poker" where every player's client module participates in the deck shuffle with encryption such that the house doesn't know the cards. But it falls apart if any player disconnects (accidentally or on purpose) and doesn't protect against a corrupted client that leaks your decrypted hole cards.

  2. #42
    Owner Dan Druff's Avatar
    Reputation
    10110
    Join Date
    Mar 2012
    Posts
    54,626
    Blog Entries
    2
    Load Metric
    65646999
    Johnaudi will be on PFA Radio tonight.

    Should be an interesting interview. Will happen at around 10:30pm PST.

  3. #43
    Owner Dan Druff's Avatar
    Reputation
    10110
    Join Date
    Mar 2012
    Posts
    54,626
    Blog Entries
    2
    Load Metric
    65646999
    https://pokerfraudalert.com/forum/sh...ese-Connection

    John Audi came on my show last night, go to 1:00:30 mark to hear it. Lasted almost an hour.

  4. #44
    Cubic Zirconia
    Reputation
    12
    Join Date
    Feb 2020
    Posts
    13
    Load Metric
    65646999
    Quote Originally Posted by Dan Druff View Post
    John Audi came on my show last night, go to 1:00:30 mark to hear it. Lasted almost an hour.
    FYI, I did release an update (6.15) yesterday that will stop the simple resource edit that was discussed above where the javascript client gets patched. That code is compiled directly into the server's executable. Of course it doesn't do anything about previous versions and a site operator with evil intentions is likely not going to upgrade his copy. And it's not going to stop more sophisticated hacks that could modify the machine code and blank out the code integrity check.

     
    Comments
      
      shoeshine box: i would buy a car from him.

  5. #45
    Platinum ftpjesus's Avatar
    Reputation
    587
    Join Date
    Mar 2012
    Location
    Mesa AZ
    Posts
    4,079
    Load Metric
    65646999
    Quote Originally Posted by Dan Druff View Post
    https://pokerfraudalert.com/forum/sh...ese-Connection

    John Audi came on my show last night, go to 1:00:30 mark to hear it. Lasted almost an hour.
    I listened to most of the interview but was admittedly falling asleep towards the end but based on what Audi said I think theres a lot less to worry about then we thought.. I don't know if Kent is aware of what all Audi said but this hack was developed using the PM Demo and unless I misunderstood it would have to be redone for each version to even be useable and I guarantee doing so for Gold isn't the same as what had to be done to reverse engineer the demo 500 hand limit software version.. Also it would appear also that for the hack to remain effective it would probably have to redone every time Kent updated the software so if a site is running the newest version it would be pretty likely the site isn't cheating its users.. I could be wrong maybe I missed something towards the end of the interview..

  6. #46
    Platinum ftpjesus's Avatar
    Reputation
    587
    Join Date
    Mar 2012
    Location
    Mesa AZ
    Posts
    4,079
    Load Metric
    65646999
    Quote Originally Posted by KBriggs View Post
    Quote Originally Posted by Dan Druff View Post
    John Audi came on my show last night, go to 1:00:30 mark to hear it. Lasted almost an hour.
    FYI, I did release an update (6.15) yesterday that will stop the simple resource edit that was discussed above where the javascript client gets patched. That code is compiled directly into the server's executable. Of course it doesn't do anything about previous versions and a site operator with evil intentions is likely not going to upgrade his copy. And it's not going to stop more sophisticated hacks that could modify the machine code and blank out the code integrity check.
    Based on the interview I don't think you have much to worry about Kent it seemed based on what I heard that it would require the hack to be patched as well Im guessing probably everytime PM is updated which would be an onerous process probably.. Again I think if a site keeps its software updated it should instill a sense of trust especially since the hacker even said PM is more secure then some other bigger names out there..

  7. #47
    Gold Ryback_feed_me_more's Avatar
    Reputation
    165
    Join Date
    Oct 2012
    Location
    Sin City
    Posts
    1,453
    Load Metric
    65646999
    Quote Originally Posted by ftpjesus View Post
    Quote Originally Posted by KBriggs View Post

    FYI, I did release an update (6.15) yesterday that will stop the simple resource edit that was discussed above where the javascript client gets patched. That code is compiled directly into the server's executable. Of course it doesn't do anything about previous versions and a site operator with evil intentions is likely not going to upgrade his copy. And it's not going to stop more sophisticated hacks that could modify the machine code and blank out the code integrity check.
    Based on the interview I don't think you have much to worry about Kent it seemed based on what I heard that it would require the hack to be patched as well Im guessing probably everytime PM is updated which would be an onerous process probably.. Again I think if a site keeps its software updated it should instill a sense of trust especially since the hacker even said PM is more secure then some other bigger names out there..
    Despite the fact its been patched rumor has it some scammers are still trying to sell this exploit either knowing it wont work anymore or are ignorant of that fact..

  8. #48
    Silver circuitp's Avatar
    Reputation
    15
    Join Date
    Aug 2012
    Posts
    512
    Blog Entries
    5
    Load Metric
    65646999
    Quote Originally Posted by Dan Druff View Post
    BUMP

    Two updates to this strange story.

    First off, the guy who has been trying to sell me the hack is STILL unaware of this thread, and just e-mailed me the following:

    good morning
    i have good news ... now u can know the flop turn river before they will be dealt so u can know who gonna win from the beginning of the hand
    i can let u test it also
    So it looks like you can do even better than superusing. You can have "clairvoyance" which is complete knowledge of the entire hand before it's dealt, which allows you to completely avoid bad beats. Wonderful, huh?

    The second update will be in the next post...
    I am never playing online, anywhere , ever again . GG

  9. #49
    Platinum ftpjesus's Avatar
    Reputation
    587
    Join Date
    Mar 2012
    Location
    Mesa AZ
    Posts
    4,079
    Load Metric
    65646999
    Quote Originally Posted by circuitp View Post
    Quote Originally Posted by Dan Druff View Post
    BUMP

    Two updates to this strange story.

    First off, the guy who has been trying to sell me the hack is STILL unaware of this thread, and just e-mailed me the following:



    So it looks like you can do even better than superusing. You can have "clairvoyance" which is complete knowledge of the entire hand before it's dealt, which allows you to completely avoid bad beats. Wonderful, huh?

    The second update will be in the next post...
    I am never playing online, anywhere , ever again . GG
    Pretty sure with how the new V7 runs and such it very much eliminates any of the previous issues. It no longer runs on windows as a program it’s now a service. Also there is no way to directly access the software as all the admin functions are accessible only via browser now. Kent locked this stuff down hard to avoid any repeat issues for security purposes.

     
    Comments
      
      circuitp:

  10. #50
    Silver circuitp's Avatar
    Reputation
    15
    Join Date
    Aug 2012
    Posts
    512
    Blog Entries
    5
    Load Metric
    65646999
    Quote Originally Posted by ftpjesus View Post
    Quote Originally Posted by circuitp View Post
    I am never playing online, anywhere , ever again . GG
    Pretty sure with how the new V7 runs and such it very much eliminates any of the previous issues. It no longer runs on windows as a program it’s now a service. Also there is no way to directly access the software as all the admin functions are accessible only via browser now. Kent locked this stuff down hard to avoid any repeat issues for security purposes.
    ok, well if there is absolutely no way to cheat I would play. I need to take a closer look

  11. #51
    Owner Dan Druff's Avatar
    Reputation
    10110
    Join Date
    Mar 2012
    Posts
    54,626
    Blog Entries
    2
    Load Metric
    65646999
    In general, it is not a good idea to play for real money on any site run by an individual.

    While corporations can also be shady and cheat you (see Absolute Poker and Ultimatebet), the potential is much higher if the site is being run out of some dude's spare bedroom.

    Furthermore, a shady room operator can screw you in ways unrelated to cheating, such as just running off with your funds.

    Look at how much you trust the operator of the site. That's a lot more important than how much you trust the software.

  12. #52
    Silver
    Reputation
    136
    Join Date
    May 2013
    Posts
    862
    Load Metric
    65646999
    Quote Originally Posted by ftpjesus View Post
    Quote Originally Posted by circuitp View Post
    I am never playing online, anywhere , ever again . GG
    Pretty sure with how the new V7 runs and such it very much eliminates any of the previous issues. It no longer runs on windows as a program it’s now a service. Also there is no way to directly access the software as all the admin functions are accessible only via browser now. Kent locked this stuff down hard to avoid any repeat issues for security purposes.
    Did he add draw games, run it twice, 5 card big O, etc?

  13. #53
    Platinum ftpjesus's Avatar
    Reputation
    587
    Join Date
    Mar 2012
    Location
    Mesa AZ
    Posts
    4,079
    Load Metric
    65646999
    Quote Originally Posted by Sidewinder View Post
    Quote Originally Posted by ftpjesus View Post

    Pretty sure with how the new V7 runs and such it very much eliminates any of the previous issues. It no longer runs on windows as a program it’s now a service. Also there is no way to directly access the software as all the admin functions are accessible only via browser now. Kent locked this stuff down hard to avoid any repeat issues for security purposes.
    Did he add draw games, run it twice, 5 card big O, etc?
    No draw games bht there’s been 5 card big O awhile. But also added courcheval and Omaha 6 plus Short deck. Additionally can set up true dealers choice either switching as often as every hand or however or just regular rotation every x hands automatically. Run it 2X. ICM chops on tournaments. Still trying to iron out the usual post release glitches. I suspect it may take another 2-4 weeks to ensure the minor issues (there was an issue in dealers choice where sometimes players were getting a blank screen). I was a beta tester for the software so I got a free grade to the new software. Here’s the page that shows all the changes in PM7. http://briggsoft.com/pmavens.htm

    As for Druffs concern I get it. Just to clarify I actually did incorporate my business and right now I’m focusing on a legal social poker room that’s not for real money but plan to bring back my .eu domain back eventually for real money via crypto. I’m just not one to do what others have done and always believe in transparency whjch is why I’ve always advocated for a public open quasi audit showing player funds are present and accounted for as the site software allows easily to show player fund obligations and confirmation the funds are segregated. Sure somebody could fake it all I suppose but too many people know who I am IRL including Druff and unlike alot of folks I value my reputation And could never be a thief like others. I’ve even turned down offers from some folks to stake me playing because I just don’t want to owe people or get into a situation that’s untenable. The fiasco with Andy Troumbley is a prime example. One should never allow or even consider playing on a site your management of or run due to the sheer appearance of ethical conflict. But that’s just me.

  14. #54
    Silver
    Reputation
    136
    Join Date
    May 2013
    Posts
    862
    Load Metric
    65646999
    Quote Originally Posted by ftpjesus View Post
    Quote Originally Posted by Sidewinder View Post

    Did he add draw games, run it twice, 5 card big O, etc?
    No draw games bht there’s been 5 card big O awhile. But also added courcheval and Omaha 6 plus Short deck. Additionally can set up true dealers choice either switching as often as every hand or however or just regular rotation every x hands automatically. Run it 2X. ICM chops on tournaments. Still trying to iron out the usual post release glitches. I suspect it may take another 2-4 weeks to ensure the minor issues (there was an issue in dealers choice where sometimes players were getting a blank screen). I was a beta tester for the software so I got a free grade to the new software. Here’s the page that shows all the changes in PM7. http://briggsoft.com/pmavens.htm
    Thanks. Great upgrade.

    This is an unbelievable piece of software for the money.

    When I looked at it the accounting it was really weak but he provided an api to figure out a players w/l for the week, rake etc.

    I dk how big it scales or what kind of hardware it would take but what this dude has done for very little money, but himself is really impressive.

    If he had some help on his programming team it would really be outstanding - I am not sure you could run a complete private for profit poker site with it but maybe - I just didn't think the accounting was up to snuff.

  15. #55
    Platinum ftpjesus's Avatar
    Reputation
    587
    Join Date
    Mar 2012
    Location
    Mesa AZ
    Posts
    4,079
    Load Metric
    65646999
    Quote Originally Posted by Sidewinder View Post
    Quote Originally Posted by ftpjesus View Post

    No draw games bht there’s been 5 card big O awhile. But also added courcheval and Omaha 6 plus Short deck. Additionally can set up true dealers choice either switching as often as every hand or however or just regular rotation every x hands automatically. Run it 2X. ICM chops on tournaments. Still trying to iron out the usual post release glitches. I suspect it may take another 2-4 weeks to ensure the minor issues (there was an issue in dealers choice where sometimes players were getting a blank screen). I was a beta tester for the software so I got a free grade to the new software. Here’s the page that shows all the changes in PM7. http://briggsoft.com/pmavens.htm
    Thanks. Great upgrade.

    This is an unbelievable piece of software for the money.

    When I looked at it the accounting it was really weak but he provided an api to figure out a players w/l for the week, rake etc.

    I dk how big it scales or what kind of hardware it would take but what this dude has done for very little money, but himself is really impressive.

    If he had some help on his programming team it would really be outstanding - I am not sure you could run a complete private for profit poker site with it but maybe - I just didn't think the accounting was up to snuff.
    I can tell you the resources issue is a lot different now running it as a service on Windows (server is ideal). If you had even a half way decent Dedicated server setup it seems pretty optimal. I kinda wish he had upped the top limit on tourneys beyond a 1000 because based on what little load Im seeing from a test server Im running now of PM7 it could likely handle a decent load of players and games. Unlike the old version which used cpu and memory even with games not being played it dynamically adjusts and doesnt account resources to the system until the table is actually open and running and all it does is add a single thread to the processing requirements.(seems each table uses 1 thread per table and 1 thread per play login I believe). Prior to 7 also it didnt seem to be able to make use of the multiple cores either very well now it seems to offload and spread out the workload like a normal windows service application.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 11
    Last Post: 04-12-2022, 08:37 AM
  2. Worst online poker software ever?
    By Dan Druff in forum Poker Community Discussion
    Replies: 29
    Last Post: 05-30-2019, 10:52 AM
  3. How We Learned to Cheat at Online Poker: A Study in Software Security
    By mulva in forum Poker Community Discussion
    Replies: 3
    Last Post: 08-09-2017, 05:32 PM
  4. clickngamble.com poker software
    By jfava16 in forum Scams, Scandals, and Shadiness
    Replies: 0
    Last Post: 08-06-2014, 06:14 PM
  5. LVH opens poker room with UB shady fuck as manager
    By ftpjesus in forum Flying Stupidity
    Replies: 1
    Last Post: 07-13-2013, 12:36 AM