We Learned to Cheat at Online Poker: A Study in Software Security

Interesting, but the article is from September 1999, right? I think the online poker rooms are good at discovering cheats these days. They can detect collusion at a single table game very quickly, and whenever I play a multi-table tournament I get table switched at least half a dozen times — it’s next to impossible to collude, I believe. But maybe I’m just naive.

“Based on the five known cards, our program searches through the few hundred thousand possible shuffles and deduces which one is a perfect match. In the case of Texas Hold’em poker, this means our program takes as input the two cards that the cheating player is dealt, plus the first three community cards that are dealt face up (the flop). These five cards are known after the first of four rounds of betting and are enough for us to determine (in real time, during play) the exact shuffle. We know who holds what cards, what the rest of the flop looks, and who is going to win in advance.

Once it knows the five cards, our program generates shuffles until it discovers the shuffle that contains the five cards in the proper order. Since the Randomize() function is based on the server’s system time, it is not very difficult to guess a starting seed with a reasonable degree of accuracy. (The closer you get, the fewer possible shuffles you have to look through.) Here’s the kicker though; after finding a correct seed once, it is possible to synchronize our exploit program with the server to within a few seconds. This post facto synchronization allows our program to determine the seed being used by the random number generator, and to identify the shuffle being used during all future games in less than one second!”