Saturday, May 24, 2008

Ultimate Bet "NioNio" Online Poker Scam Widens!


Worrying echoes of the Absolute Poker affair as cheating crisis remains unresolved.

Almost halfway through the year, the cheating accusations involving online poker site (see previous reports) have still to be brought to a satisfactory conclusion, and this week simmering player anger was again evident on leading Internet message boards such as 2+2 and Casinomeister.

The incident has worrying similarities with a major cheating scandal at sister online poker room Absolute Poker last year, which culminated in the venue receiving a half million dollar fine from the Kahnawake Gaming Commission, but little public indication that the perpetrators of the scam had been criminally pursued.

Absolute, which had initially shrugged off allegations of cheating by an insider, eventually paid players disadvantaged by the scandal, which was uncovered largely by astute detective work by the poker playing community.

UltimateBet and Absolute Poker are both fully owned by Tokwiro Enterprises ENRG, a privately owned company run by Joe Norton, the former Grand Chief of the Mohawk Territory of Kahnawake. Both sites are licensed by the Kahnawake Gaming Commission in a First Nation enclave near Montreal in Canada.

Disclosures over the past few months indicate that the players at 2+2 have again been instrumental in uncovering the alleged UltimateBet cheating involving a player using the handle "NioNio". In a summary posted this week at: the thorough steps leading to the expose are detailed by Steven Ware and Cornell Fiji, but briefly the history is as follows:

Some 5 months ago allegations concerning suspicious activity in the high stakes no limit games on UltimateBet were first made public at 2+2 in a thread on the High Stakes No Limit forum. UltimateBet and the KGC were informed of the suspected cheating amid allegations that millions of dollars had been obtained through questionable high stakes play, and that it was likely that:

UltimateBet had known about the cheating for at least nine months.

UltimateBet knew about but did not make any attempt to acknowledge the cheating before it was exposed by the 2+2 poker portal.

Insiders working for UltimateBet had facilitated the cheating.

UltimateBet actively took steps to cover up these crimes and thwart any investigation.

UltimateBet did not make any public statements or acknowledge that cheating had occurred until March 6th, 2008, three full months after the allegations became public knowledge. Then, a release advised that after "extensive inquiry involving an independent third-party expert, NioNio account's winning statistics were indeed abnormal" but did not reveal whether an unfair advantage existed or what it may have been. It is claimed that this press release is the only occasion on which UltimateBet has publicly addressed the issue.

UltimateBet has not reached out to any of the players who were cheated, many of whom still don't know that they were cheated.

Communications with players involved in the dispute have been slow and uninformative, assuring only that an investigation is in progress.

UltimateBet has yet to offer to reimburse any of the victims of the theft.

The investigators at 2+2 are at some pains to note that the Absolute and UltimateBet scandals are not typical of online poker operators.

The authors of the report comment that it is important for online poker players to know about the unethical business practices of UltimateBet and Absolute Poker....but that it is also imperative to understand that these 'unscrupulous activities' are not an indictment of the entire online poker industry.

"As you read this thread please keep in mind that UltimateBet and Absolute Poker are owned by the same company. They are also regulated by the same puppet regulatory commission. Most poker sites are run with the utmost integrity and security. UltimateBet and Absolute Poker are the exception and not the rule," they stress.

In the apparent absence of action by Tokwiro or the KGC the authors are concerned that the wider poker playing community should be informed of the allegations for their own protection.

The investigative work of 2+2 posters such as 'trambopoline,' 'dlpnyc21,' Nat Arem, and 'Josem' is acknowledged and praised.

Concluding a highly detailed and itemised report on the 2+2 investigation and the information uncovered, the authors comment:

"Out of the hundreds of online poker sites, the only two sites to ever be caught exploiting a 'superuser' account to steal from customers are both owned by Tokwiro Enterprises ENRG and licensed by the Kahnawake Gaming Commission.

"The players on UltimateBet were victims of a serious crime: grand larceny facilitated by a company that operates virtually outside the law. I hope that the efforts spent investigating and publicizing this story will help the victims of these crimes find restitution. I hope that this story will also highlight the need for independent regulation in the online poker industry."

Requests for comment sent to and the KGC remained unanswered as went to press.

Build Your Own Poker Cheat Bot Part Two!

Here is John Devlin´s second-part posting on building his poker bot. Very interesting stuff, and if I ever do write the sequel to "Dirty Poker," which would of course be called "Dirty Poker 2," I will be asking Devlin for his participation in the chapter on online poker bots.


Last week, I posted about how I built a working, real-money online poker bot. This week, we'll discuss how to get started building your own bot, address some specific bot-building techniques, talk about the woeful state of online poker user privacy, respond to a few reader questions and comments, and close out with some recommended reading.

This series is both a detailed manual on how to build and make money with an online poker bot, and a story of how two guys from the Dallas poker underground managed to realize such a bot in practice.

We'll be discussing everything necessary to build what's quickly becoming the de facto standard in online poker botting: a sophisticated parallel processing rig incorporating collusion AI, massive hand history databases, and real-time information flow to dominate the opposition. This is where the world is headed:

NOTE: While I believe building and running an online poker bot to be neither cheating nor unethical, building a ring of such bots is a different story. As a long time poker-player, I absolutely don't condone cheating people out of their money by colluding in online poker or any other game. We're going to discuss things like bot collusion not so we can (all of us) go out and build colluding bot rings, but because these are the techniques people are using right now, today and tomorrow, to gain an unfair edge in online poker.

In order to build, or learn how to defeat, such a contraption, we're going to have to cover a lot of ground:

Artificial Intelligence. Neural nets, genetic algorithms, rules engines, decision trees.
Poker Strategy. Not the stuff you see on TV. Expert EV-driven poker strategy as it exists today, at the tables, in books, and on the forums.
Input Simulation. How to generate an appropriately timed and positioned stream of mouse moves, clicks, and keyboard input.
Operating Systems. Code injection, API hooking, kernel objects, multi-threading, DLLs. In general: forcing Windows to do what you want.
Reverse Engineering. How to reverse engineer poker client applications and the network data streams they rely on.
Probability and Statistics. Bayes Theorem, probability distributions, confidence intervals, and other goodies.
If you're new to poker, and particularly if you're new to programming, this will be a little bit of a trial by fire. Building a bot is basically the programmer equivalent of joining a Fight Club.

A guy who came to Fight Club for the first time, his ass was a wad of cookie dough. After a few weeks, he was carved out of wood.
Sort of. Read on.

Why are so many people interested in building bots?
Last weekend I got a phone call from a friend (a guy I'll have more to say about later), informing me that How I Built a Working Poker Bot, Part 1 had hit the front page of Digg, reddit,, and other sites, and that Coding the Wheel was getting enough traffic to occasionally throttle the server.

Since then, readers have posted upwards of a thousand comments to the story, here and around the net, and I've gotten a couple hundred emails ranging from technical diatribes to job offers to good old-fashioned hate mail.

The response has been unexpected. Thanks to all who took the time to read the first article, and to those who've joined the discussion so far. In hindsight it seems obvious, but many, many people have a vested interest in building, or discouraging the building of, software tools which emulate human behavior. It goes way beyond online poker, then again, in online poker the profit motive is compelling:

A successful online poker bot is worth hundreds of thousands of dollars even if all your bot does is break even. (I do not agree with this point) Sensationalistic? Maybe, but it's grounded in the very dull, non-sensational mathematics of rakeback and player promotions, which I've outlined below, and which we'll revisit in future posts.

Botting Rule #232: Wherever mouse clicks or other human-computer interactions are worth money, hordes of people will try to write software to simulate those interactions.
Why online poker clients are basically spyware
I want to preface this by saying: the online poker sites aren't evil. They're trying to protect their business, and that's perfectly normal. But I think they've strayed from the beaten path when it comes to respecting the privacy of their users.

Many online poker players have no idea that major poker sites silently install a browser plugin which has access to every page you visit in your browser, and potentially every piece of information on that page (the text of private emails; credit card numbers; user login information; etc):

Many online poker players have no idea that poker clients can and will snoop around on your system, potentially viewing sensitive data:

By examining your list of running processes
By reading body and titlebar text from every window you have open
By taking occasional screenshots
By snooping around on your file system, and in the system registry
By doing who knows what else, since there's zero oversight.
This is the definition of spyware. These "safeguards" constitute a basic invasion of your digital privacy and you should be angry about it. It doesn't matter whether the sites actually collect, pay attention to, store, or transmit that information. It doesn't matter if they do it with the best of intentions. It doesn't matter if they tell you they're going to do it in the EULA. They quite simply have no business doing it at all, and if they're going to do it, they should be doing a better job.

In other words, online poker is really the worst of both worlds: extreme invasion of privacy unheard of outside the realm of spyware, and zilch to show for it - zero effective safeguards against bots or other supposedly malicious software.

And yes: it's true that many sites will recognize well-known botting software such as WinHoldem. But they currently do very little in the way of preventing home-grown bots.

Botting Rule #472: The biggest advantage of a poker bot is its obscurity.
Using Spy++ or Winspector to get basic information from the poker client
Spy++ and Winspector are useful window analysis and debugging tools which allow you to view window properties and messages for any window in the system, including poker client windows:

Spy++ has extracted the handle (HWND), caption, class, style, location, and other properties of a Poker Stars table window. We can also drill down and find its child windows, parent window (if any), window class (PokerStarsTableFrameClass, in case you're curious) and other assorted information.

We can also use Spy++ to snoop on the exact messages received by a given window:

Spy++ is included in all versions of Visual Studio, as part of an MSDN subscription. Winspector has a larger feature set than Spy++ and is is available as a free download from

Later, we'll be using this tool to help us figure out what the poker client is doing, beneath the hood. It's also an extremely useful all-purpose window debugging tool, and an important part of a bot developer's (or any Windows developer's) toolkit.

Why a bot doesn't have to win, in order to win
I've stated repeatedly that a poker bot only needs to break even in order to generate a profit. Here's how it works, for those who aren't familiar with rakeback or other online poker promotions:

IF you play X hands of online poker within a certain amount of time (such as a calendar year).
THEN the poker site gives you Y amount of money, or "player points" which are worth money.
That's a simplified, but otherwise accurate, description. And listen. Y can be very large, even "life-changingly" large. Let's look at some actual figures.

Consider that it's fairly standard for a (human) player to play 8 or even 12 tables simultaneously.

Furthermore, in online poker you're generally getting between 50 and 70 hands per table per hour. Let's call it 55, just to be conservative.

So that's 10 tables @ 55 hands per table per hour, for 10 hours a day, 6 days a week, 50 weeks a year.

If you do the math, you'll find it comes out to around 1.65 million hands per year. If your bot is playing anything other than the microlimits, this is easily enough to qualify you for (just as an example) the Poker Stars Supernova Elite promotion, which when properly liquidated is worth around seventy or eighty thousand dollars the year you achieve it, and two or three times that amount the following year (because of the multiplier effect of FPP bonuses).

Similarly, other sites offer rakeback promotions (~30% rakeback is fairly standard) along with assorted perks. If your bot is playing break-even poker, then your rakeback - quite substantial, as you move up from the microlimits - is pure profit. Ironically, your profit would shrink to zero if the site stopped collecting rake! (Update: a few readers have questioned this statement, claiming that a break-even bot with rake equates to a winning bot without rake. This is true, but the statement was tongue in cheek. It's ironic that a break-even bot ultimately ends up making money because of, rather than in spite of, the rake.) The thing that more than any other makes games tough to beat - the rake - makes it possible for your bot to turn a healthy profit. And that, as a long-time online poker player, makes me smile.

Botting Rule #1274: Many online poker sites would love to allow bots, if only their users would let them.
Botting Rule #47: Online poker players fear bots all out of proportion to the average bot's ability to win in competitive poker.
How to simulate human input (an overview)
In next week's post we'll cover this topic in detail, but for now: in order for your bot to be able to perform actions such as betting, raising, or folding, it needs to know how to talk to the poker client. There are at least three basic mechanisms you can use:

(Most difficult) Reverse-engineer the network protocol and communicate directly with the poker server.
(Somewhat difficult) Hook into the poker client just beneath the user-interface. In this scenario, you don't simulate mouse clicks; you figure out what internal function(s) handle those mouse clicks, and call those functions directly.
(Easy) Simulate user input - mouse clicks, keyboard input, whatever - at the operating system or even the driver level.
The first two techniques are mostly black magic. This third technique - user input simulation - can be further broken down into:

Using the SendInput API.
Directly generating and posting WM_MOUSEMOVE, WM_LBUTTONDOWN, and other messages to the poker window.
Using the (deprecated) keybd_event and mouse_event APIs.
Writing a custom mouse or keyboard driver.
Possibly other techniques..
And regardless of which method you use, you'll want to make it realistic:

By incorporating subtle timing randomizations.
By creating realistic mouse-movement trails.
By occasionally clicking and interacting with unrelated windows.
You'll find that the SendInput method offered the best tradeoff between power and ease of use, but this is a complex topic. I mean: the interactions between user input events and the various Windows subsystems are complex, and will require tweaking to get right. But the code to generate those interactions is fairly simple.

Why poker bots will soon be accepted as some of the strongest players in the world
In the first-ever Man vs. Machine Poker Championship, a University of Alberta research team lead by Dr. Jonathan Schaeffer (the guy behind Chinook, the program that effectively solved the game of checkers)...

...piitted the Polaris poker bot against famous poker professionals, Phil "the Unabomber" Laak and Ali Eslami.

Laak/Eslami won the match with 2 wins, 1 draw, and 1 loss. That's not a hugely convincing margin, and in fact, as the University of Alberta website points out:

The match was a success in many ways. Polaris proved that it was able to compete with some of the best poker players in the world. In fact, the 2-1-1 record of the humans is a little misleading. The actual difference in monetary outcome was just $395 which is a very small amount. The format of the match did a great deal to reduce the large variance in the game of poker, but it does not remove it all. The $395 sum could be as few as one or two hands where Polaris decided to fold when the human who got the same cards decided to continue. For this reason, a future match should prove particularly interesting, as the bot continues to develop in strength.
As for Phil Laak, he had this to say about Polaris, and about poker bots in general:

"We're already at the point where artificial intelligence crushes players that are unsophisticated, beats handily intermediate players, and loses small or wins small against savvy opponents... For Round 1, I'd say the bots have it.
Polaris's performance is reminiscent of the 1996 match in which world chess champion Gary Kasparov fended off the Deep Blue supercomputer, for the last time."

The IBM team responsible for Deep Blue made a few tweaks, and one year later, in 1997, Deep Blue came back and won a historic match, 3.5 to 2.5 (that's two wins, one loss, and three draws). Kasparov's allegations of unfair software-coaching practices were mostly ignored, and IBM never granted him a rematch. That caused some people to question the authenticity of Deep Blue's victory, for almost a decade.

Until 2006, when another chess program, Deep Fritz, handily beat world champion Vladimir Kramnik. The crucial difference between Deep Blue and Deep Fritz:

Deep Blue ran on specially designed supercomputer-grade hardware
Deep Fritz ran on a workstation PC with two Intel Core 2 Duo CPUs
For now I just want to make the point that intelligent, commercial-quality poker bots are a reality in the low and middle limits, and have been for a few years.

MSNBC: Are poker 'bots' raking online pots?
Wired: On the Internet, Nobody Knows You're a Bot
Coding Horror: The Rise of the Poker Bots We put poker bots to the test...
Why DLL injection is so powerful
Several readers have stated that techniques like DLL injection are either a) overkill or b) likely to get you in trouble with the online poker sites. So I'd like to address this issue in a little more detail.

First, here's a video which demonstrates a simple, harmless use of DLL injection in practice: overwriting the Poker Stars cashier balance with a balance dreamt up by the user.

Inject the DLL
Subclass the Cashier window
Detect when the Cashier window is invoked
Override WM_PAINT and display a "fake" balance to the user

First, I recommended it earlier, and I'm going to recommend it again: Jeffrey Richter's excellent book on advanced Windows API development: Windows via C/C++. Buy it. Borrow it. Steal it if you must. Most of the information you'll find inside is available somewhere on the Internet, but you'll spend hours upon hours tracking it down. And nobody - nobody - speaks on this subject with Richter's authority.

Here are some thing to keep in mind when deciding whether or not DLL injection is for you:

DLL injection isn't a hack. It's a formal capability offered by the Windows API, without which hundreds of legitimate applications (ranging from computer-based training apps to instant messaging applications) would stop working.
There are at least 6 ways to inject a DLL (or binary) code into another process on Windows operating systems: 1) via the Registry 2) using Windows hooks 3) as a Debugger 4) with Remote Threads 5) by creating a Trojan DLL 6) CreateProcess/WriteProcessMemory.
DLL injection isn't particularly difficult to implement, and it's not a poorly-documented, error-prone procedure. It more or less just works.
A given poker client can't simply declare that all injected DLLs are evil. The operating system, as well as legitimate third-party applications, can both cause DLLs to be mapped into a process's address space. If Poker Stars, World of Warcraft, or whatever other application were to simply shut down whenever this happened, they'd be unusable.
While it's possible to detect when DLLs are injected into the process's address space, it's not possible to determine whether a given DLL is innocent or malicious. Sure, you can look for the DLL's name, but the name can be changed, with every invocation if need be. You can create some sort of checksum to try to identify malicious DLLs at the binary level. Again, easy to get around by creating a self-modifying .EXE.
That said, is it possible to create a bot without DLL injection? Absolutely. But if you can't get your code to run in the poker client's process, your powers are somewhat limited. For example, you won't be able to subclass poker client application windows. You won't be able to query various process data structures. You won't be able to intercept Windows messages intended for the poker client. And so forth.

Why screen-scraping is a bad idea
A lot of people have argued that some of the screen-scraping techniques I mentioned - such as pixel-testing for hole cards - are difficult to code, error-prone, and tedious to maintain. I couldn't agree more. Screen scraping is a last resort. The bot's Input Component needs to be structured such that it falls back on screen-scraping techniques only when all other options are exhausted.

That said, a mature bot capable of playing at multiple sites will probably require some sort of screen-scraping capability. The trick is to create a generic screen-scraping mechanism driven by XML or some other easily-edited format. That way, when some minor aspect of the poker client UI changes, all you have to do is update the "schema" for that particular online poker venue, without rebuilding the poker bot executables.

This will be the subject of (you guessed it) a future article.

Recommended Reading
This is by no means a complete list of recommended programming and/or poker books. However, all the books on this are a) relevant to building a poker bot and b) contain information which isn't readily available on the Internet, at least not without a good deal of sleuthing. I own a dog-eared, coffee-splattered copy of every book on this list, and have read most of them multiple times. Note: the programming books are coached from a C++ and Windows perspective but the techniques can be ported to other environments/languages.

Programming books:

Windows via C/C++. Jeffrey Richter. Everything you ever wanted to know about the Windows API. Should be required reading for all Windows developers, and for anybody working with .NET, as it addresses many of the API constructs on which .NET is built.
Exploiting Online Games: Cheating Massively Distributed Systems (Addison-Wesley Software Security Series). Greg Hoglund and Gary McGraw. If you actually plan on building an online poker bot, this is the book for you. Discusses many of the same techniques discussed in this series, but with a focus on World of Warcraft and other MMORPGs. All of the techniques discussed apply to poker, however.
Exploiting Software: How to Break Code (Addison-Wesley Software Security Series). Greg Hoglund and Gary McGraw. Companion volume to the above, with an emphasis on local applications (e.g., the poker client application running on your machine).
Poker books:

The Theory of Poker. David Sklansky. Quite possibly the most influential book in poker, written by the father of modern poker theory, David Sklansky. The value of this book is that it explains poker theory in a way that's universally applicable to all poker games. Required reading for all poker players and poker bot programmers.
The Mathematics of Poker. Bill Chen and Jerrod Ankenman. Difficult but extremely rewarding exposition of poker mathematics. In order to program a fluent poker AI you'll want to understand a lot, though not necessarily all, of this material.
Professional No-Limit Hold 'em: Volume I. Matt Flynn, Sunny Mehta, and Ed Miller. In my opinion this is the best book on no-limit Hold'em ever written, and the notion of planning hands around commitment and SPR squares very well with the poker bot AI we'll get into later.
No Limit Hold'em: Theory and Practice. David Sklansky and Ed Miller. Another excellent no-limit Hold'em book.
Gambling Theory and Other Topics. Mason Malmuth. A somewhat dry, rarely-read masterpiece, with some non-trivial mathematics. Not everything here is directly applicable to playing, or building software for, online poker, but it's all useful.
Getting Started in Hold 'em. Ed Miller. Introductory text. There are many good introductions to poker and to Texas Hold'em; this is one of the better ones, and introduces a short-stacked strategy that will be useful in deriving a competitive bot AI for real-money games, down the road.
We took a break from the source code in this installment as I don't want to alienate too quickly the readers who've subscribed in the past week. In the next installment, we're going to have to plunge right back in, beginning with an in-depth introduction to the architecture of the bot's AI component, expressed in C++, C#, or the language of your choice, and concluding with specific code you can use to simulate a realistic stream of human input. We'll also perform explorative surgery on various online poker clients, exposing their inner resources and code structures to the light of day. Last but not least, we'll answer the question of: how do I snoop on the poker client's log or hand history file in real time?

I will be looking out for Devlin´s next update in poker bot building and will blog it when it comes out.

Friday, May 23, 2008

Build Your Own Poker Cheating Bot!


This article was written by James Devlin, who I do not know personally, but after reading his article on how he created his own winning online poker bot, I am quite impressed, and I agree with his declaration that poker bots are getting better and better and that soon online poker rooms will be populated more by poker bots than by legitimate online players. Remember, two years ago in my book "Dirty Poker," I made the statement that within a decade bots would account for more than 90% of online players. Add to that the rampant collusion play and you will have more than 99 percent of online poker players cheating!...unless of course some drastic changes occur in online poker.

Here is Devlin´s article, and I will have more on this tomorrow!

Several years ago, a client asked me to come up with a prototype for a real-money online poker bot. That's right: a piece of software you park on your computer while it goes out to a site like PokerStars or Full Tilt and plays no-limit Holdem for you, at 4 or 14 different tables, for real-money stakes.

If you're a poker player, and particularly if you're an online poker player, you've probably heard rumors about the rise of the poker bots. Unfortunately there's very little hard information out there (for obvious reasons) about how to build one of these bots. In fact, many so-called authorities still dismiss poker bots as a relic of the overactive poker player's imagination.

Well, I'm here to tell you that online poker bots are 100% real, and I know this because I've built one. And if I can build one, well. Anybody can build one. What's more, over the course of this multi-part article, I'll show you how.

That, ladies and gents, is a picture of a full-featured poker bot managing three play-money tables (note: this same bot also handles real-money tables) at an honest-to-goodness, real-money online poker site. Of course, it could be any site. The bot implementation I'm going to reveal will work at all major online poker sites, including Poker Stars, Full Tilt, Party Poker, Ultimate Bet, and most other major venues.

Why are you giving this information out?
I debated for a long time whether or not to make this information public, as I'm a poker player myself and have no desire to see the game ruined by an avalanche of poker bots. It's not that building a poker bot is some sort of black magic, known only to the privileged few. Any competent programmer can build one. But this information hasn't, so far as I know, been collected and presented in one place, certainly not as a "How To" complete with sample code. So the question I struggled with was this: is it irresponsible to publicize this information, such that every Internet script kiddie out there now has the ammunition he needs to actually build a bot?

After thinking about it, I've decided that keeping the technology of poker bot building secret is like declaring that only criminals can carry handguns. The fact is, there are people in the world right now who are doing this.

Poker bots, underground online poker boiler rooms, and collusion are a reality. That doesn't mean online poker's not worth playing, just that it pays to be educated about what's possible. Furthermore, there should be public discussion regarding what to do about it because one thing's certain: computers and programming languages aren't exactly going to be getting less powerful. The rise of the poker bots is a virtual certainty. I'd like to see the major online poker venues open up their famously vague "bot detection" and "anti-collusion" strategies to public scrutiny, as cryptography and security providers learned to do years ago. The best security algorithms and techniques all have the weight of public review behind them and I don't see how online poker's any different.

But even assuming all that weren't the case:

Poker bots already exist on the open market. Do a little creative Internet searching.
The poker community suffers from an irrational fear of bots. I'd gladly risk my money against most homegrown bots and trust me: you would too.
I believe that bots are actually good for the game of poker. Mike Caro, "the Mad Genius of Poker," expressed a similar idea years ago.
Any programmer worth his salt can build a bot with or without this document. They already have.
If you're visiting this page from 2 + 2 or another poker community, and you want to stay on top of this article (which will be in several parts), you can subscribe to the Coding the Wheel RSS feed or get it in your email inbox as I don't participate in these communities often. For easy digestibility, I'll be organizing these posts using a question and answer format, as there's a lot of highly technical material to cover.

Now, without further ado, let's talk about the basics. If you're not a programmer, fair warning: highly technical, possibly excruciatingly boring material ahead.

Basic poker bot responsibilities
At a very high level, the poker bot is best analyzed according to the classic model of information handling: Input, Processing, Output.

You'll find that your programming tasks decompose rather nicely into these three basic stages.

Input. The input to the system is the poker client software itself, including all its windows, log files, and hand histories, as well as internal (often private) state maintained by the running executable. The goal of the input stage is to interrogate the poker client and produce an accurate model of the table state - your hole cards, names and stack sizes of your opponents, current bets, and so forth.

Processing. The processing stage runs independently of the other two stages. It's job is to take the table model assembled during the Input phase, and figure out whether to fold, check, bet, raise, or call. That's it. The code that performs this analysis should (ideally) know nothing about screen scraping or interrogating other applications. All it knows is how to take an abstract model of a poker table (probably expressed as some sort of PokerTable class) and determine which betting action to make.

Output. Once the processing stage has made a decision, the Output stage takes over. It's tasked with clicking the correct buttons on the screen, or simulating whatever user input is necessary in order to actually make the action occur on a given poker site/client.

How does the bot figure out what its hole cards (and the board cards) are?
This is a broad question which it's better to break down into particulars. First of all, there's a very easy way to detect hole cards via a screen-scraping or "poor-man's OCR" approach. You don't have to be an image-recognition expert. All you have to know is how to get the color of a handful of different pixels on the screen. Or to put it another way, for any given card in the deck, there are a handful of pixels you can test which will uniquely identify that card.

That's fairly easy to implement, and requires zero knowledge of OCR, image recognition, graphics processing, etc. But depending on the specific poker site, pulling card rank and suit information might be even easier. On some sites, the hole cards will be emitted into the real-time game summary info:

Occasionally you'll find that hole cards are emitted into the log file. Poker Stars, for example, conveniently emits this information into its log file, and it does so in real time (meaning you can snoop on it in real time, and in the next installment, I'll show you how):

MSG_TABLE_SUBSCR_ACTIONMSG_TABLE_SUBSCR_DEALPLAYERCARDS sit1 nCards=2 sit3 nCards=2 sit5 nCards=2 sit6 nCards=2 sit7 nCards=2 dealerPos=3TableAnimation::dealPlayerCardsMSG_TABLE_PLAYERCARDS 00260C82::: 8s <-- Hole Card 1, Cool!::: 13c <-- Hole Card 2, Cool!Last but not least, hole cards are always included in the hand history for a given game:

*** HOLE CARDS ***
Dealt to CodingTheWheel [Qs 9h]
MargeLeb: calls 10
ke4njd: calls 10
diamondlover2nite: calls 10
franklg454: folds
WhoAmINot: calls 5
CodingTheWheel: checks
*** FLOP *** [4h 7c Qd]
WhoAmINot: checks
CodingTheWheel: bets 10
The only problem is that, in many cases, the hand history file isn't emitted until the end of the hand.

How should the poker bot be structured, as a single EXE, a bunch of DLLs, what?
You will need:

An executable file (.EXE) to display the bot's UI, and to contain the processing logic (the stuff that knows how to play poker).
A dynamic link library (.DLL) to handle the Input (screen scraping) and Output (clicking buttons) processing. You'll inject this DLL into the poker client's process so that your code is effectively running as part of PokerStars, or FullTilt, or whatever site you're using. This will make your life a lot easier both when it comes to collecting data as well as doing things like simulating genuine user input.
Those two pieces are essential. Other than that, you're free to structure things however you want. I'll have more to say on this as we get into the nitty-gritty details of the implementation.

How do I inject my code into the poker client process?
There are a number of well-documented techniques for injecting your code - for example, a DLL you've written - into another application's address space. The method I used, and the method I'm going to recommend you use, is by installing what's known as a Windows Hook and specifically a CBT Hook. The relevant Windows API is SetWindowsHookEx, and here's the actual source code. If you're familiar with C++ and the Windows API, it should be straightforward:

// This is the CBT hook procedure. The HCBT_CREATEWND notification generally
// doesn't give us any useful information about the window because WM_CREATE
// hasn't been called for the window yet. So instead we don't consider the
// window as created until it's gotten it's first WM_ACTIVATE (note: this is
// how it works on Poker Stars, the behavior may need to be changed for other sites)
LRESULT CALLBACK PokerBotCBTProc(int nCode, WPARAM wParam, LPARAM lParam)
if (nCode < 0)
return CallNextHookEx(g_hHook, nCode, wParam, lParam);
else if (theInjector.getVenue() != Venue_Unknown) // ignore this bit of code for now..
// Since we can't use DllMain, perform initialization the first time the hook is called.
if (g_bFirstTime)
bFirstTime = false;

// These are the only notifications we're interested in passing on.
if (nCode == HCBT_ACTIVATE)
return (LRESULT) theInjector.HandleIt(Hook_Activate, (HWND)wParam);
else if (nCode == HCBT_CREATEWND)
return (LRESULT) theInjector.HandleIt(Hook_Create, (HWND)wParam);
else if (nCode == HCBT_DESTROYWND)
return theInjector.HandleIt(Hook_Destroy, (HWND)wParam);

// Return 0 to allow window creation/destruction/activation to proceed as normal.
return 0;

// Publically exported hook installation function. The bot will call this on
// startup in order to inject this DLL (the DLL that contains this function)
// into the address space of every process, including every poker client process,
// on the machine.
bool OPCHOOK_API InstallHooks()
// Actually install the hook...
g_hHook = SetWindowsHookEx(WH_CBT, (HOOKPROC) AutoCBTProc, hInstance, 0);
return g_hHook != NULL;
The above source code would live in a DLL: the DLL you plan on injecting into the poker client's address space. This DLL will also contain whatever code you write to handle the "input" (screen-scraping) and "output" (button-clicking) stages of the bot.

An even better way is to use a two-stage injection process. The problem with global CBT hooks (or any other kind of global hook for that matter) is that they cause the hook DLL to be loaded into the address space of every process on the machine. If your hook DLL is very fat (for example, if it contains a bunch of code to do screen scraping and so forth) this can impact system performance as your DLL will get mapped into processes you care nothing about, like Notepad.exe.

So to get around that, make the hook DLL - the DLL that gets loaded into every process - as lightweight as possible. Then, whenever the hook DLL detects that it's been loaded by a poker client process, such as POKERSTARS.EXE, have it explicitly load another DLL (again, written by you) containing the bulk of the bot I/O processing code. This in fact is the purpose of the theInjector object in the above code sample - it figures out if the DLL is being mapped into a poker client process and, if so, uses LoadLibrary to load the actual DLL that knows how to do things like screen-scraping and so forth.

Here, INJECT.DLL would be a lightweight DLL, written by you, which contains the CBT Hook procedure and installation code I showed you above. POKERBOT.DLL is the fat, messy DLL, also written by you, that contains the poker bot's screen-scraping logic.

Do things this way, and the drag on the system shouldn't even be noticeable, other than a brief load period when you first install the hook. This method is a lot easier than most other methods of DLL injection, and more importantly, it's supported across all the major Windows operating systems.

How do I retrieve the game summary text from the poker table window?
Almost every online poker client displays a small window in which game summary text is displayed.

Now, depending on which poker client you're using, this window may or may not be a standard Windows edit box or rich text control.

If it is a standard Windows control, you can get the handle (HWND) to the window, and then get its text via the GetWindowText API. Furthermore, you can do this even if the window you're interrogating is owned by another process.

But what you'll find is that many poker clients don't use "normal" Windows controls. They may write their own custom display controls, or they may subclass a standard Windows control and cause WM_GETTEXT to return an empty string.

In that case you have at least three options, none of them trivial:

You can investigate the control at the binary level. No matter how customized the control, somewhere in memory it's maintaining a string or a list of string which contains the game summary text. Since your code will be running inside the poker client's process, you're free to do whatever you want to do - investigate different areas of memory, subclass the control, etc.
You can use API hooking to hook the core Windows APIs that every control uses to display text: DrawText, ExtTextOut, etc.
You can use full-fledged OCR to analyze the text window and return the text. But this is probably overkill, especially since text tends to run through the summary window rapidly.
When building the bot, I went with the second approach: API Hooking. Once you know how to hook a particular Windows API, so that whenever POKERSTARS.EXE thinks it's calling DrawText, it's actually calling your custom version of DrawText, which snoops on the text before passing the call on to the original DrawText, it's a simple matter to examine the output coordinates to determine, aha: this text is being written to the summary window; this text is being written to the title bar; etc.

This is a deep enough topic that I'll roll it into its own installment along with specific code examples.

Hook a Windows API? Instrumentation? What does that mean?
Every Windows application in the world has to call into the Windows API to get things done: open files, create windows, display text, etc. Even language-specific libraries such as the C run time library or the C++ standard library internally will use the OS-provided facilities to work with things like files, memory, and so forth.

API hooking or "instrumentation" is the process of intercepting the function calls that an application (any application) makes, and redirecting them to a custom function defined by you. Specifically, you're going to intercept some of the calls that the poker application makes to the Windows API...

...and redirect these calls to a custom "interceptor" function, written by you. Your code thus gets a chance to examine the parameters of the call (which could be a string containing the player's name, for example) and do any other work you desire. When your "preprocessing" is done, you'll pass control back to the original API the poker application thought it was calling in the first place so that everything works transparently.

This technique can be used to extract all manner of useful internal information from any application, not just online poker clients. The best part is: you no longer have to write custom assembler code to achieve this. Instead you'll use a third-party library, and one of the best is a little-known Microsoft Research Project, Detours. Download it. Learn it. Love it. Learning how to accomplish API instrumentation means that ultimately, there's nothing the poker client can really hide from you - but that doesn't mean you'll be able to snoop around and figure out your opponent's hole cards. Don't even try. Unless the implementors have been sloppy, that information won't exist anywhere on your machine until your opponents have actually flipped their hole cards over.

And yes, if there's sufficient interest I'll put together a dedicated post with sample code showing exactly how to instrument a poker application.

Generally speaking, how do I go about harvesting data from an online poker game?
We've covered a few of the specifics so far, and we'll cover many, many more in future installments. But specific techniques aside, getting information from the poker client is an exercise in detective work. First of all, be aware of just how much information is available:

Visual Table State. Everything a human player sees when playing online poker: his hole cards; the names, stack sizes, and betting actions of all players at the table; the position of the button; and so forth..
Summary Text. Each table usually displays a text summary area which captures various betting actions, the beginning and end of new hands, etc.
Action Buttons. These are the buttons the user clicks in order to Fold, Raise, Call, etc. Note that we can use the presence or absence of various action buttons to infer table state.
Log File. Many poker clients output a log file which may contain helpful information.
Hand Histories. Most poker clients output a formal "hand history file" which contains a complete description of a single hand of poker.
Internal Stuff. Internally, most poker client makes standard calls to the C run-time library, the C++ standard library, and the Windows API. You can eavesdrop on these calls through a process known as API "hooking" or instrumentation. Additionally, poker clients, like all software, use memory to store things. Things like player names, cards, and betting actions.
And more. Stuff I may not know about, or may have chosen not to mention.
The bot's job is simply to eavesdrop on that information, and analyze it to produce an accurate model of the table's state at any given point in time. So any technique now or in the future which allows you to do that is potentially a technique you'll want to leverage in the bot. Later, I'll suggest an architecture whereby a number of different interrogators can be used to query poker tables in a simple, extensible, and above all tweakable way.

How do I create a bot that's intelligent enough to play winning poker?
That's the million-dollar question. I could tell you that the folks over at the University of Alberta's Computer Poker Research Group have made impressive headway towards producing a winning poker bot. I could tell you that extensible rules-based systems like the one I implemented for my bot...

...are a lot more powerful than you think. I could tell you a lot of things, and we'll investigate how to leverage some of the poker bot frameworks that are already out there, and how to combine those with your own custom rulesets. But understand one thing: you don't have to create a winning poker bot in order to make money with a poker bot. All you have to do is create a bot that's capable of breaking even.

If you can create a bot that breaks even - neither wins nor loses money - rakeback deals and specific programs like the Poker Stars Supernove Elite will ensure that you get a fairly hefty payday per bot account. I mean many tens of thousands of dollars per year, per account. And nothing except the logistical nightmare of it all restricts you to a single bot account; why not have ten; or a hundred?

And indeed, unbeknownst to the rest of the world, somewhere, someone probably does. But not me, and not you; and that's a disparity in basic firepower I'd like to see remedied, since none of the online poker sites have really stepped up to the plate and either a) made bots legal (similar to the way that they're legal on Internet Chess Club) or b) put effective prevention measures in place.

What skills will I need to write a bot?
Well, you'll want to be well-versed in the nuances of C++ and the Windows API, at a minimum.

In addition to that, you'll either need to be familiar with, or get familiar with, an assortment of Windows development topics that reads like a chapter out of Richter (whose books I highly recommend purchasing and studying if you plan on implementing a bot yourself).

Windowing & GDI
Windows Hooks
Kernel objects
DLL Injection (in general: the injecting of code into other processes)
API Instrumentation (via Detours or similar libraries)
Inter-process Communication (IPC)
Multithreading & synchronization
Simulating user input
Regular expressions (probably through Boost)
While it would probably be possible to build a bot using C#, VB.NET, or any other language, you'll find that some of the powers you'll need are only available through specific Windows APIs, and getting access to these APIs from a managed language is a little clunky. Another reason you'll want to use native C++ is that you'll need to sneek some of your code into the client poker process, and it's a lot cleaner to inject a small DLL than it is to inject all the machinery necessary to get managed code to run inside another (native) process.

This post has only scratched the surface of building a full-fledged poker bot. Hopefully it's given you food for thought and possibly whetted your appetite for the mountain of details left to be discussed. Assuming there's sufficient interest, I'll be posting a series of installments, each describing at a detailed level how to accomplish one specific poker bot task. If you found this document through a link on 2 + 2 or one of the other poker forums, you can subscribe to this site in a reader or get it in your email inbox, as I rarely post (or reply) on the poker forums these days.

Wednesday, May 21, 2008

Pennsylvania Slot Machines Accused Of Being Rigged!

The State of Pennsylvania, brand new to legalized casino gambling and just getting its nose wet, is now getting its nose dirty as well, according to some reports in the news.

One form of casino cheating involves computerized slot machine spins to deceive players into thinking they almost had a jackpot, if only the spinning wheel in the last window had gone one more notch.

These near misses are not by chance, but are programmed into the computer to tantalize players who might otherwise be ready to give up. The "near miss" swindles are illegal in some places, but are legal in Pennsylvania. So the casinos, even though they are cheating, are not breaking the law!

Apart from all that, there is an even stronger reason to suspect rigged slot machines.

I know how film crews work, having made many TV shows about cheating in casinos and poker rooms. You probably have seen movie scenes or television spots depicting a joyous player winning a big jackpot.

Do you think movie or TV people will assign a film crew to watch that slot for 11 years, waiting for a jackpot? They will not. As soon as cameras roll, the casino's computerized system arranges that jackpot.

If they can arrange jackpots on cue, they can arrange other results when cameras are not rolling. If that is not a rigged system, I don't know what is.

Shame on Pennsylvania´s casinos!

Online Poker Cheat Sorel Mizzi Joins Betfair Team!

Evidently Betfair Poker doesn´t seem to care that its latest pickup to join its poker team is an infamous online poker cheat. Sorel Mizzi is the newest member of the Betfair team. More power to em! Let´s just hope that Mizzi is through cheating!

If the name Sorel Mizzi rings a bell, it could be due to his online poker successes over the last several years as "Imper1um." Or the name might sound familiar because of a cheating scandal that overshadowed his career in the late months of 2007.

Mizzi and former managing editor of Bluff Magazine Chris Vaughn were accused of seat selling, which involved Vaughn going deep in a Full Tilt tournament, then selling his seat to Mizzi who went on to win it for nearly $200,000. After the players' initial denials of any wrongdoing, Full Tilt investigated, disqualified the winner, and banned both players from the site. Subsequently, Mizzi and Vaughn admitted to the cheating and apologized. On February 20, 2008, Betfair Poker, part of a betting exchange network located in the United Kingdom, announced that 21-year old Mizzi was the newest member of Team Betfair, a sponsored team of players that includes 2008 World Series of Poker Europe champion Annette Obrestad. Betfair does not accept U.S. players on its site and pegged the signing of Mizzi, not even six months after he admitted to cheating in an online tournament, as a proud accomplishment.

Betfair's Head of Poker, Bruce Stubbs, said in a press release, "I am proud to add a player like Sorel Mizzi to our team. He is regarded as one of the best online tournament players in the world by many and has the results to prove it... I honestly believe we have the two best tournament players in the world right now. There is a new world order; look out!"

At a press conference in Copenhagen, Mizzi said that he was joining a team with a great reputation after himself having a "great year" in 2007.

A few weeks later, Mizzi decided to write a post on his new Betfair blog to set the record straight on the Full Tilt cheating issue, "share the evolution" of his thought process, and "finally have some closure."

He began by admitting to the wrongdoing, and saying that he had not purchased another player's account before that incident and will not do it again. But again with the half-assed apologies, he wrote, "I accept that people are really angry with me, and I can understand that, but from my point of view I am in the political nightmare of being a high-profile figure who the online poker gods have decided to make an example of."

Mizzi then proceeded to acknowledge that many of the posts on online forums regarding ghosting (playing someone else's account) and seat selling made him reconsider his position and see the validity of those arguments. He admitted to his own stupidity and naiveté's, then summarizing the three reasons that he would not do it again.

First, he cited "reverse ownage," which he described as playing one person throughout a tournament, then another person takes over, unbeknownst to the opponent, and plays entirely differently and puts the other person at a severe disadvantage. Second, he mentioned stamina, comparing it to competing in a marathon until the final two miles, at which point a fresh new person steps in to finish the race. Third, he noted the experience factor, in that he had more final table play experience than Vaughn, which gave him an advantage to finish out the tournament. Mizzi closed his blog post with one sentence. "I am truly sorry."

Evidently, such apologizes were good enough for some in the poker community, including Betfair Poker. Out of all of the tremendous talents in online poker, Betfair picked a controversial one who admitted to cheating and was banned from ever playing on another site. Good public relations move? Possibly. Risking reputation on the late-coming apology of a 21-year old, immature young player? Definitely.