I suspect Pitbull Poker has superusers! - Page 39 - Internet Poker

moofz · 07-29-2009, 02:13 PM

Quote:

Originally Posted by moofz

Spacebidder, you are not looking hard enough....

Try this filter in wireshark: tcp[20:1]==2a && tcp[21:1]==31 && tcp[22:1]==31 && tcp[23:1]==35

Apply this to Chester logfile, or even better. Sit at a table today and get some hands....
Then come back within 1 hour and tell us if you still think it is encrypted or not.

thx,
m

For the ones who are looking at hole card packets with wireshark, here is a much better filter: tcp contains "*115%"

-m

moofz · 07-29-2009, 02:16 PM

Quote:

Originally Posted by spadebidder

I found that the card data was not encrypted. You are correct.

Is your continued misspelling of my screen name deliberate? Not that it bothers me, some find that to be a funny alternative, as I did the first hundred times or so people used it.

Actually it wasnt on purpose, I am sorry about that.

plexiq · 07-29-2009, 02:16 PM

Quote:

Originally Posted by moofz

I agree with the first part, but why disable it now? that does not make any sense.
If they can not "re-enable" the encryption within a day (or 2) from now, I find it difficult to believe that it has been enabled before (and that they even are able to encrypt hole cards, player actions, chats...).

Lets see how long time it takes before they encrypt the data

-m

Well, i guess its possible they never had encryption set up correctly. Just assumed nobody would be careless enough to launch a poker site without a tested client<->server encryption.

As why to disable it later: One obvious reason would be to make cheating possible. (Or they were dealing with performance issues and tried to decrease load by disabling encryption?)

But you are probably right, they should be long aware of it by now, and would have enabled it again if they could.

Btw, i did some more playmoney testing and was able to reproduce moofz results. At least for playmoney, hole-card information is definitely transmitted unencrypted.

spadebidder · 07-29-2009, 02:18 PM

Quote:

Originally Posted by vicadeboss

.

Shill for PBP seems obvious, new account, first post, in the midst of controversy, supporting the site.

Over/under on ban coming?

spadebidder · 07-29-2009, 02:21 PM

Quote:

Originally Posted by plexiq

Btw, i did some more playmoney testing and was able to reproduce moofz results. At least for playmoney, hole-card information is definitely transmitted unencrypted.

Me too. And since the application lets you choose playmoney or real money in the same menu, it's doubtful that the communication protocol changes for real money. I'm not depositing to find out.

Charlotte FatMan · 07-29-2009, 02:27 PM

Quote:

Originally Posted by skunked

I posted this in the thread already made but the trolls are really derailing the thread with bottomless comments and setting my statement deep into the middle of the thread with out reading.

You rip into chester and hen wonder why your post got "buried" deep into the middle of the thread (i.e. one page back??)

LOOK AT MEEEEE!!

vicadeboss · 07-29-2009, 02:29 PM

or canada montreal-bahahahhahaha

pbdave · 07-29-2009, 02:32 PM

Hi everyone,

As it seems you are concerned about the communication protocol we use, we went on to ask our techs in charge to provide a explanation on how our system work. I am quoting the techs reply:

"Our flash client was built using actionscript 2 and uses a flash object XMLSocket. In order to use it our Client Listener must understand the protocol used by this object, which is as follows:

- XML messages are sent over a full-duplex TCP/IP stream socket connection.
- Each XML message is a complete XML document, terminated by a zero byte.
- An unlimited number of XML messages can be sent and received over a single XMLSocket connection.

Using XML messages, the design of the game was oriented to avoid any logic on the client, and use messages only to display what was happening at the server side. The flash client is only an interface between the server and EACH user; therefore the client displays what the server orders it to display, nothing else. Each message is unique for every client connection, so that only the cards’ owner receives the message which contains his cards for example.

This was our security metric followed to avoid the fact that anyone could be reading the messages using XMLSocket’s."

I am not a tech savvy naturally, but I'd appreciate you if you guys send me your inquiries and questions pertaining this to my email and I will be more than glad to bring them to our techs for answers. Please be specific and make real questions of initerest. Note that there will be pieces of information I will not be able to disclose for security reasons.

Thank you all!

Dave Brenes
Network Manager
Pitbull Poker
Pitbull Partners

Charlotte FatMan · 07-29-2009, 02:34 PM

Why ban me?

You are saying that people on the other thread are derailing it, when the majority of that thread is made of of excellent points. There is currently a discussion about encryption going on there.

Sorry if that didn't just grind to a halt so you could enlighten us.

vicadeboss · 07-29-2009, 02:38 PM

Quote:

Originally Posted by Barton

Huh? If you define "pro" as someone who makes their living playing, I know plenty of pros that play 1-2 NL and some that play .25-.50.

as i said-GRINDERS-thas not pro-1-2 or 5 are considered to be low stakes-name me a PRO-playing these stakes-they can't even be called semi-pro in fact

never_bluff · 07-29-2009, 02:39 PM

Go away skunked

suzzer99 · 07-29-2009, 02:42 PM

Quote:

Originally Posted by pbdave

Hi everyone,

As it seems you are concerned about the communication protocol we use, we went on to ask our techs in charge to provide a explanation on how our system work. I am quoting the techs reply:

"Our flash client was built using actionscript 2 and uses a flash object XMLSocket. In order to use it our Client Listener must understand the protocol used by this object, which is as follows:

- XML messages are sent over a full-duplex TCP/IP stream socket connection.
- Each XML message is a complete XML document, terminated by a zero byte.
- An unlimited number of XML messages can be sent and received over a single XMLSocket connection.

Using XML messages, the design of the game was oriented to avoid any logic on the client, and use messages only to display what was happening at the server side. The flash client is only an interface between the server and EACH user; therefore the client displays what the server orders it to display, nothing else. Each message is unique for every client connection, so that only the cards’ owner receives the message which contains his cards for example.

This was our security metric followed to avoid the fact that anyone could be reading the messages using XMLSocket’s."

I am not a tech savvy naturally, but I'd appreciate you if you guys send me your inquiries and questions pertaining this to my email and I will be more than glad to bring them to our techs for answers. Please be specific and make real questions of initerest. Note that there will be pieces of information I will not be able to disclose for security reasons.

Thank you all!

Dave Brenes
Network Manager
Pitbull Poker
Pitbull Partners

Dave nothing in here talks about the hole cards being encrypted, which they aren't. This means anyone in the chain of networks and routers between your server and the PB client can see those hole cards. Think of it as a post card vs. a sealed letter. You guys are sending the hole cards on a post card.

No one is saying that you can see the other players' hole cards through the communication between the server and each individual client. But anyone with access to the network at any point between your server and your ISP in Costa Rica, would be able to see every individual communication, and thus see everyone's hole cards. It wouldn't be much work to write a script that parses these out and saves them to a file. The file could then be tailed (viewed as it grows in real time) by each individual super user, probably with some kind of smart filter to only show only the players at his table. There are other methods of pushing the hole cards to the individual superusers. This is just one simple way to do it.

makeit3bets · 07-29-2009, 02:42 PM

Quote:

Originally Posted by skunked

you're sitting here trying to flame me? Get a grip buddy. The last person who needs to be flamed is me. We have spent almost a year studying this site.

Anyways, you all have the post. Just saying next time you make a thread have some valid evidence before you almost ruin our study.

You could help us by sharing information you have instead of whining like a spoiled child over a study nobody knew was happening. Grow up.

nuts busted · 07-29-2009, 02:47 PM

.

duh · 07-29-2009, 02:48 PM

Quote:

Originally Posted by pbdave

"Our flash client was built using actionscript 2 and uses a flash object XMLSocket. In order to use it our Client Listener must understand the protocol used by this object, which is as follows:

- XML messages are sent over a full-duplex TCP/IP stream socket connection.
- Each XML message is a complete XML document, terminated by a zero byte.
- An unlimited number of XML messages can be sent and received over a single XMLSocket connection.

They ripped this straight from Adobe's Website

Quote:

To use the XMLSocket object, the server computer must run a daemon that understands the protocol used by the XMLSocket object. The protocol is as follows:

- XML messages are sent over a full-duplex TCP/IP stream socket connection.
- Each XML message is a complete XML document, terminated by a zero byte.
- An unlimited number of XML messages can be sent and received over a single XMLSocket connection.

Also, a cursory google search shows that this technology is inherently unsecure.