This article from Wired tells the story of a hacker / engineer who was able to successful override a Deckmate 2’s security to create a cheatable shuffler.
Fascinating read.
Fascinating read.
Hacking a Deckmate 2 Shuffler (2 Viewers)
- Thread starter Windwalker
- Start date
- Joined
- Nov 22, 2018
- Messages
- 12,455
- Reaction score
- 26,595
- Location
- 129 West 81st Street, Apartment 5B
Kinda surprised these don’t get more attention. The coolest one I saw posted were the programmable decks that could be read from the side view by phone cameras. Search on here is boo boo so it’s hard to find but was a crazy video.
This article has been posted on here 4 times now but no one is replying or discussing.
Which again feels weird. If I’m sitting down and buying in for $1k, $2k, or 500k, makes me a little uncomfy.
Even if you know for 99% certainty that your straight flush over straight flush was clean and everyone’s a “great guy”, I wonder if folks playing in games that big don’t pause for a second with large 6 figure amounts changing hands.
This article has been posted on here 4 times now but no one is replying or discussing.
Which again feels weird. If I’m sitting down and buying in for $1k, $2k, or 500k, makes me a little uncomfy.
Even if you know for 99% certainty that your straight flush over straight flush was clean and everyone’s a “great guy”, I wonder if folks playing in games that big don’t pause for a second with large 6 figure amounts changing hands.
I think it’s because most of us knew it was possible on some level anyway? So what are you gonna do?
There was a lot of talk about these a couple years ago regarding Texas poker. (You may have been banned at the time - even odds.) most of us came away from that discussion saying that since Texas rooms aren’t regulated and since these things can be hacked, don’t play with deckmates in Texas. And to be fair, there were always a couple of guys who swore they’d never play with deckmates in Vegas or anywhere else.
Now it’s a little uglier, if these can be hacked via usb or WiFi - how much damage could be done before the state regulators figure it out? Lots, I’d think. I mean how often are they actually checked? And even so, the article alludes that checking it may be as lame as asking the machine if it’s been tampered with?
So yeah, our “state regulation” pacifiers may not actually be useful protection. I don’t think I’ll lose sleep over it. This is just another angle to watch out for. Not sure how easily I can tell the difference between bad luck and cheating, but it’s always in the back of my mind.
Frogzilla
4 of a Kind
I knew you could rig your own deckmate, but didn’t realize it was feasible to rig one at a casino.
Glad my local room is hand shuffle
Glad my local room is hand shuffle
ekricket
Royal Flush
Electronic anything poker is rigged
TOLD YA SO! 
dpeks13
Flush
- Joined
- Mar 16, 2022
- Messages
- 1,114
- Reaction score
- 1,892
I was shocked to read that they have external USB ports. Just asking for trouble
The USB port is used for the external display and control screen. They might have to go back to install the display in future models on the shuffler itself so they won't have external ports. I wonder if they did try to deploy this hack in a live Casino would they be able to catch them since the screen will shut off in order to plug the raspberry pi in.
They put a USB port and a camera in a player-accessible shuffler. What could go wrong /s
Frogzilla
4 of a Kind
the deck is cut, so do cheaters need the dealer in on it?
buzzmonkey
Flush
They address it in the article. Once the flop comes out, you know where every card is if you have the full order recorded.
I don't think so. If the card order of the stub is known pre-cut (along with the number of players), the actual order of the cut deck stub can be determined -- along with all dealt hands -- once the flop has been exposed (including what cards will appear on the turn and river).
dpeks13
Flush
- Joined
- Mar 16, 2022
- Messages
- 1,114
- Reaction score
- 1,892
put a cover that needs to be screwed in over the usb ports and that should cover the "stick a device into the USB port" issue.
I work in Cyber/Information security,
This is just basic, everythink electronic can be hacked if you get physical access to it via USB port. It is unlikley that home game shufflers are hacked but when playing High stakes hand dealt is better...
This is just basic, everythink electronic can be hacked if you get physical access to it via USB port. It is unlikley that home game shufflers are hacked but when playing High stakes hand dealt is better...
dpeks13
Flush
- Joined
- Mar 16, 2022
- Messages
- 1,114
- Reaction score
- 1,892
Most industries are so far behind on infosec.
Even better, just super glue it shut.
dpeks13
Flush
- Joined
- Mar 16, 2022
- Messages
- 1,114
- Reaction score
- 1,892
I'm assuming it's needed for some sort of firmware updates/etc. Cause if they remove it they'll make it networked and then everything gets 1000% worse lol
Prediction: Deckmate 3 will be networked to enforce a subscription service pricing model (remote bricking). Then it'll get pwned at Black Hat again while manufacturer and casinos say "what design flaw?"
Poker Zombie
Royal Flush
Why does it take an old man to find the obvious solution?
Look at your phone and your hand is dead.
Look at your phone and your hand is dead.
One of many reasons I don’t play at underground raked games around the tri-state area here on the east coast (sometimes I’m forced to when there’s no other game running but it’s a rare occasion). I’m very skeptical by nature that the people that are drawn to running their own high stakes games, will not at least try to experiment with something (shufflers, marked decks, ink etc)
Rakrul
Straight
What about smart watches? Fitbits? Smartrings? Vibrating buttplugs?
That doesn't address the remote viewer with player vibrating butt-plug issue.
Poker Zombie
Royal Flush
Hold on... I'm trying to get a read...
The designers of these high tech devices got so enamored with whether they COULD provide fancy features, they didn’t stop to think whether they SHOULD. The unintended consequences committee was utterly sidelined.
I don’t trust Deckmate 2s not one bit.
I don’t trust Deckmate 2s not one bit.
Poker Zombie
Royal Flush
I gave some thought to the smart watch. The cheat here is reading an entire deck. I'm sure some speed-reading memory-champion may be able to scan their watch for every card and remember it, but those people will be very few.
No protection will be 100% safe. The goal is to make the challenge greater than the reward.
No electronic devices while in a hand isn't unenforceable. It used to be the way, but they bent the rule for the instagram crowd. Bend it back - just a little. You can read your phone, check your electronic GTO charts, take stack pics, text your buddy at the other end of the table, whatever. Just not in a hand.
dpeks13
Flush
- Joined
- Mar 16, 2022
- Messages
- 1,114
- Reaction score
- 1,892
Or, they have someone offsite doing that, and sends them a text that makes their phone buzz if they should raise/fold/etc
eightyWon
Straight
(joke but relevant)
ekricket
Royal Flush
Well, it doesn’t have to be that hard. Ever use Delands Magic Deck? You arrange the cards, starting with a number and suit, and then progressively build each card one suit different and three pips higher.
Say your suits order is SDCH
Your first card would be 3S. Your next would be 6D, then 9C,… etc. you can vary the pip spacing and/or the count to stack it in various ways. The only trick then is to see the bottom card after the cut. Then you can figure them all without memorizing anything.
Deckmate could do this or any variation action easy peasy.
Anyone that plays cards should read the Delands instructions. It’s an eye opener.
eightyWon
Straight
I haven't read the article but I'm certain that they (the researchers) found a vulnerability in the deckmate's software that allowed them to leverage the USB connection to run unsigned/insecure code. doesn't mean USB port on a shuffler is dumb or bad or needs to be filled with hot glue (yes, it's another vector but provides useful features), it means they (deckmate or whatever) should take a little harder look at how they're handling peripherals
Good chance it's been exploited in the wild but the wonderful thing about hackers (in the true sense of the word) is that they explore these things and help make systems stronger
Good chance it's been exploited in the wild but the wonderful thing about hackers (in the true sense of the word) is that they explore these things and help make systems stronger
Create an account or login to comment
You must be a member in order to leave a comment
Create account
Create an account and join our community. It's easy!
Log in
Already have an account? Log in here.
