Hackers can access deck mate 2 via USB (post #64 is by one of whitepaper authors)
5 Replies
Given that 52! (the number of unique combinations of a deck of cards) is larger than the number of atoms in the sun sorting the deck via a single random number is almost certainly not how they do it. They probably randomize each card selected.
Not sure why you think it is so difficult. We know for a fact DMII can put cards in at least one order…sorted. By suit and rank. Any random order would not take any longer. And easy to build a tree to store and collect info. If the RND is working nothing else need be randomized.
Not sure why you think it is so difficult. We know for a fact DMII can put cards in at least one order…sorted. By suit and rank. Any random order would not take any longer. And easy to build a tree to store and collect info. If the RND is working nothing else need be randomized.
Because someone would need to decide which 2^x decks would be represented, then write them all in code, etc.
Instead you do a fraction of the work for coding, and get all possible combinations, instead of doing more work and not getting all of them.
Not sure why you think it is so difficult. We know for a fact DMII can put cards in at least one order…sorted. By suit and rank. Any random order would not take any longer. And easy to build a tree to store and collect info. If the RND is working nothing else need be randomized.
"If the RND [sic] is working" -- there's the rub. It would take a CSPRNG with a period of larger than 2^226, and one would need to seed it with 226 bits of entropy, somehow.
It's do-able, but it is non-trivial.
Hello, I'm one of the three researchers from that article. We wanted to share some information here since 2+2 is such a big platform for poker. Firstly, we've released a 69 page whitepaper that goes into detail on everything we covered in the black hat talk and the article in much greater detail.
You can find that here: https://ioac.tv/3YD9t36.
And then we wanted to answer a few questions/comments you folks had:
The deckmate shufflers have no RFID readers - the deckmate 2 read the cards with a ca
This part of your reply is correct, but if the deck once the shuffle is complete and removed from the machine was then to have 1 manual riffle and cut by the dealer it would nullify the exploit in your white paper. This is the only solution that you can be certain of which would eradicate this flaw.
This is more clearly explained in the whitepaper, but the fix you describe wouldn't completely prevent the kind of cheating we demonstrate/describe in the article. The technique we used is capable of accounting for the deck being cut, and in fact the full order of the deck and the contents of all hands at the table can be known as soon as a single one of the cheating player's cards are known. Thus, cutting or riffling the deck after the hands are dealt would limit the cheaters knowledge of the flop, turn and river, but they would still have a huge edge (knowing everyone's hole cards).
The scary part of your white paper for me was such ease of this exploit. Someone with a high technical ability or insider bad intentions could also gain access to the sub station and gain the data that way. Very scary and I'm shocked that as an industry it's not suggested that the countermeasure I mentioned is not already implemented as industry standard.
Partyscout
