Hacking the Casinos
for a Million Bucks
Every time [some software engineer] says, “Nobody will go to the trouble of
doing that,” there’s some kid in Finland who will go to the trouble.
— Alex Mayfield
There comes a magical gambler’s moment when simple thrills
magnify to become 3-D fantasies — a moment when greed
chews up ethics and the casino system is just another mountain
waiting to be conquered. In that single moment the idea of a foolproof
way to beat the tables or the machines not only kicks in but kicks one’s
breath away.
Alex Mayfield and three of his friends did more than daydream. Like
many other hacks, this one started as an intellectual exercise just to see if
it looked possible. In the end, the four actually beat the system, taking
the casinos for “about a million dollars,” Alex says.
In the early 1990s, the four were working as consultants in high-tech
and playing life loose and casual. “You know — you’d work, make some
money, and then not work until you were broke.”
Las Vegas was far away, a setting for movies and television shows. So
when a technology firm offered the guys an assignment to develop some
software and then accompany it to a trade show at a high-tech convention
there, they jumped at the opportunity. It would be the first in Vegas
for each of them, a chance to see the flashing lights for themselves, all
expenses paid; who would turn that down? The separate suites for each
in a major hotel meant that Alex’s wife and Mike’s girlfriend could be
included in the fun. The two couples, plus Larry and Marco, set off for
hot times in Sin City.
Alex says they didn’t know much about gambling and didn’t know
what to expect. “You get off the plane and you see all the old ladies playing
the slots. It seems funny and ironic, and you soak that in.”
After the four had finished doing the trade show, they and the two
ladies were sitting around in the casino of their hotel playing slot
machines and enjoying free beers when Alex’s wife offered a challenge:
“Aren’t these machines based on computers? You guys are into
computers, can’t you do something so we win more?”
The guys adjourned to Mike’s suite and sat around tossing out questions
and offering up theories on how the machines might work.
Research
That was the trigger. The four “got kinda curious about all that, and we
started looking into it when we got back home,” Alex says, warming up
to the vivid memories of that creative phase. It took only a little while for
the research to support what they already suspected. “Yeah, they’re computer
programs basically. So then we were interested in, was there some
way that you could crack these machines?”
There were people who had beaten the slot machines by “replacing the
firmware” — getting to the computer chip inside a machine and substituting
the programming for a version that would provide much more
attractive payoffs than the casino intended. Other teams had done that,
but it seemed to require conspiring with a casino employee, and not just
any employee but one of the slot machine techies. To Alex and his buddies,
“swapping ROMs would have been like hitting an old lady over the
head and taking her purse.” They figured if they were going to try this,
it would be as a challenge to their programming skills and their intellects.
And besides, they had no advanced talents in social engineering; they
were computer guys, lacking any knowledge of how you sidle up to a
casino employee and propose that he join you in a little scheme to take
some money that doesn’t belong to you.
But how would they begin to tackle the problem? Alex explained:
We were wondering if we could actually predict something about
the sequence of the cards. Or maybe we could find a back door
[software code allowing later unauthorized access to the program]
that some programmer may have put in for his own benefit. All
programs are written by programmers, and programmers are
2 The Art of Intrusion
mischievous creatures. We thought that somehow we might stumble
on a back door, such as pressing some sequence of buttons to change
the odds, or a simple programming flaw that we could exploit.
Alex read the book The Eudaemonic Pie by Thomas Bass (Penguin,
1992), the story of how a band of computer guys and physicists in the
1980s beat roulette in Las Vegas using their own invention of a “wearable”
computer about the size of a pack of cigarettes to predict the outcome
of a roulette play. One team member at the table would click
buttons to input the speed of the roulette wheel and how the ball was
spinning, and the computer would then feed tones by radio to a hearing
aid in the ear of another team member, who would interpret the signals
and place an appropriate bet. They should have walked away with a ton
of money but didn’t. In Alex’s view, “Their scheme clearly had great
potential, but it was plagued by cumbersome and unreliable technology.
Also, there were many participants, so behavior and interpersonal relations
were an issue. We were determined not to repeat their mistakes.”
Alex figured it should be easier to beat a computer-based game
“because the computer is completely deterministic” — the outcome
based on by what has gone before, or, to paraphrase an old software engineer’s
expression, good data in, good data out. (The original expression
looks at this from the negative perspective: “garbage in, garbage out.”)
This looked right up his alley. As a youngster, Alex had been a musician,
joining a cult band and dreaming of being a rock star, and when that
didn’t work out had drifted into the study of mathematics. He had a talent
for math, and though he had never cared much for schooling (and
had dropped out of college), he had pursued the subject enough to have
a fairly solid level of competence.
Deciding that some research was called for, he traveled to Washington,
DC, to spend some time in the reading room of the Patent Office. “I figured
somebody might have been stupid enough to put all the code in the
patent” for a video poker machine. And sure enough, he was right. “At
that time, dumping a ream of object code into a patent was a way for a
patent filer to protect his invention, since the code certainly contains a
very complete description of his invention, but in a form that isn’t terribly
user-friendly. I got some microfilm with the object code in it and then
scanned the pages of hex digits for interesting sections, which had to be
disassembled into [a usable form].”
Analyzing the code uncovered a few secrets that the team found
intriguing, but they concluded that the only way to make any real
progress would be to get their hands on the specific type of machine they
wanted to hack so they could look at the code for themselves.
Chapter 1 Hacking the Casinos for a Million Bucks 3
As a team, the guys were well matched. Mike was a better-thancompetent
programmer, stronger than the other three on hardware
design. Marco, another sharp programmer, was an Eastern European
immigrant who looked like a teenager. But he was something of a daredevil,
approaching everything with a can-do, smart-ass attitude. Alex
excelled at programming and was the one who contributed the knowledge
of cryptography they would need. Larry wasn’t much of a programmer
and because of a motorcycle accident couldn’t travel much, but
was a great organizer who kept the project on track and everybody
focused on what needed to be done at each stage.
After their initial research, Alex “sort of forgot about” the project.
Marco, though, was hot for the idea. He kept insisting, “It’s not that big
a deal, there’s thirteen states where you can legally buy machines.”
Finally he talked the others into giving it a try. “We figured, what the
hell.” Each chipped in enough money to bankroll the travel and the cost
of a machine. They headed once again for Vegas — this time at their own
expense and with another goal in mind.
Alex says, “To buy a slot machine, basically you just had to go in and show
ID from a state where these machines are legal to own. With a driver’s
license from a legal state, they pretty much didn’t ask a lot of questions.”
One of the guys had a convenient connection to a Nevada resident. “He was
like somebody’s girlfriend’s uncle or something, and he lived in Vegas.”
They chose Mike as the one to talk to this man because “he has a sales-y
kind of manner, a very presentable sort of guy. The assumption is that you’re
going to use it for illegal gambling. It’s like guns,” Alex explained. A lot of
the machines get gray-marketed — sold outside accepted channels — to
places like social clubs. Still, he found it surprising that “we could buy the
exact same production units that they use on the casino floor.”
Mike paid the man 1,500 bucks for a machine, a Japanese brand.
“Then two of us put this damn thing in a car. We drove it home as if we
had a baby in the back seat.”
En Son Kim Ne Demiş