Hacking Video Poker Machines

An excerpt from Kevin Mitnick’s “The Art of Intrusion” about some hackers who reversed engineered video poker machines and figured out a flaw in the random number generators which enabled them to beat the house:

We open it up, we take out the ROM, we figure out what processor it is. I had made a decision to get this Japanese machine that looked like a knockoff of one of the big brands. I just figured the engineers might have been working under more pressure, they might have been a little lazy or a little sloppy.

It turned out I was right. They had used a 6809 [chip], similar to a 6502 that you saw in an Apple II or an Atari. It was an
8-bit chip with a 64K memory space. I was an assembly language programmer, so this was familiar.

The machine Alex had chosen was one that had been around for some 10 years. Whenever a casino wants to buy a machine of a new design, the Las Vegas Gaming Commission has to study the programming and make sure it’s designed so the payouts will be fair to the players. Getting a new design approved can be a lengthy process, so casinos tend to hold on to the older machines longer than you would expect. For the team, an older machine seemed likely to have outdated technology, which they hoped might be less sophisticated and easier to attack.

The computer code they downloaded from the chip was in binary form, the string of 1’s and 0’s that is the most basic level of computer instructions. To translate that into a form they could work with, they would first have to do some reverse engineering — a process an engineer or programmer uses to figure out how an existing product is designed; in this case it meant converting from machine language to a form that the guys could understand and work with.