RGP:How To Write An Online Poker Bot
From PokerAI
This article is quioted from the original RGP article here:
How To Write An Online Poker Bot, Part 1
INTRODUCTION
Recently many questions have been asked about the feasibility of implementing an online poker "bot". For those few of you unfamiliar with the concept, a poker "bot" is a piece of software with the intelligence to play a (presumably winning) game of online poker, and to do so without human guidance. An effective bot could be instructed to play for hours or days at a time, garnering a steady profit, while the user went about his business. The benefits of a bot are thus twofold: making money on the one hand, and saving time on the other.
This article is an informal and somewhat unorganized description of
techniques that might be used to implement such a bot, delivered in
two parts. My aim in writing is to inform honest players, who happen
not to be programmers, about what is possible and how it might be
implemented, and also to get some responses from the programmers out
there, as I have read their postings in this channel with interest and
would like to hear more of their thoughts.
Before continuing, a few notes/disclaimers:
1) I believe cheating to be an epidemic in both the brick-and-mortar
and online cardrooms.
2) I believe that poker is still a beatable game, online or offline,
if the player is good and CONSIDERABLE caution is exercised.
3) I do not believe that it is possible to make any kind of "living"
in poker without cheating, except for the lucky few - some of whom
post in this channel. Congratulations if you are one of them.
4) I believe that online poker is the poker of the future. I believe
that most if not all of the online venues are well-meaning in that
they would rather rake your money honestly than cheat you out of it
dishonestly.
5) Some of the information in this article might be construed as
giving ideas to cheaters, especially cheaters who know how to write
software. I counter that any programmer worth his salt is already
aware of these methods and a great many others besides. If not, he
would learn them soon enough on his own. And any cheater who doesn't
know how to program would simply ask one of his programming
associates. Ergo, this information will be "new" to one party only:
that subset of poker players who neither program, nor cheat.
There are two parties potentially interested in bots of this nature:
online poker venues, and online poker players. Accordingly, there are
two classes of bots: venue-sponsored bots, and player-sponsored bots.
My opinion is that the second category of bot is far more common, and
more dangerous to your bankroll.
"I have seen rooms filled with monitors..." wrote a recent RGP
poster, speaking of
Every poker bot in existence can be analyzed according to the standard
"input-processing-output" model. In every case the input is the same:
information about the play of the current hand, including cards dealt
and player actions. This input is then processed by a poker gaming
engine, which is the "brain" capable of playing a winning game. This
"brain" is tasked with delivering a single recommendation to bet,
raise, call, fold, or check. The output portion of the bot then
performs whatever tasks are necessary to inform the client software of
the decision that was made.
INPUT COMPONENT
The task of the input component is to determine the following each
time the bot is faced with a decision:
- The name and stack size of each player at the table.
- The face-up cards dealt to each player, and to the board.
- The face-down cards dealt to the player on whose account the bot is running.
- The size of the pot.
- The size of any bets made, and who made each bet.
One thing I would like to note is that it is probably impossible for a
player-sponsored bot to "sniff" or otherwise determine what other
player's hole cards are (unless those players decide to show them, of
course). This is because such information is provided by the server
on a need-to-know basis. This means that when Player A receives his
hole cards, the hole cards are only transmitted to Player A. Player B
wouldn't be able to access those hole cards even assuming he could
decrypt the transmission.
It is characteristic of modern operating systems that "windows" are
often used to display textual information. For example, in the
Paradise Poker client, the name of each player sitting at the table,
along with his current stake, are displayed in a standard Win32 window
which any program on the system can query, retrieving whatever text is
displayed. It is trivial to parse this information, and determine
that player "Bob" has "$1540.50". Similarly with the chat/action
window which displays player chat along with information about the
current hand: it is very easy to take the line "bob raises ($40)" and
figure out that bob just put in a $40 raise. This technique can also
be used to retrieve the pot size and the size of any bets.
One method for determining the cards dealt in a particular hand is
what I like to call "dot" or "region" testing. This is a common
image-recognition technique which samples a few choice pixels on the
screen, and from the pixel makeup gleans information about the image
as a whole. For example, by testing 3 pixels in a specific location
at the table, you may be able to determine that the river card was an
Ace of Hearts.
If you have access to the raw card images, a much more efficient
method is available. You simply assign a unique RGB color value to
each card in the deck. Using an image editor you then daub or "mark"
a certain specified region of each card with the indicated color
value. Later, when the bot is playing, the client will use the
modified images. The bot can then sample a single pixel from the
"marked" region of any displayed card, and look at the color of that
pixel to determine the exact rank and suit of the card.
Finally, with a little investigation it may be possible to simply
"pluck" the card values from memory. This will depend on the
implementation of the poker client.
PROCESSING COMPONENT
The poker engine is the brain of the bot. It is responsible for
looking at the available information, and determining which particular
action - calling, folding, raising, checking, or betting - has the
highest expected value for the situation.
Generally and on average, poker bots will make their decisions based
on probability and statistics. The techniques employed may be simple
or quite advanced, but they will generally be limited to "hard" data.
But in order to truly maximize the bot's expected value, the bot must
have an understanding for the soft, fuzzy side of the game as well.
This includes such things as the ability to peg other players as being
on tilt, determining whether the table as a whole is
loose/tight/passive/aggressive, determining the correct time to bluff,
and so forth. For this reason, I believe the development of a winning
poker bot to be more difficult than most players imagine.
Take Wilson Software's Turbo Texas Hold'em as an example. This is
commonly acknowledged as the strongest poker software in the world,
and yet competent players are able to beat it regularly (of course,
for serious players the real value of the product lies in its
simulations). Why should this be the case? Because it is extremely
difficult to imbue a poker bot with a real "feel" for the game, which
is absolutely necessary for defeating the tougher games.
This does not necessarily mean that creating a winning online bot is
unfeasible. It is possible that creating a winning online bot is much
easier, because the bot doesn't have to be generic. That is, you can
optimize the bot to play for a specific betting structure, whereas I
would imagine the Wilson software has to have a great deal of
genericity to allow for players to sharpen their skills across
numerous such structures.
Obviously, once the engine has been written, you want to be able to
reuse it at other venues. The idea is that , in order to exploit a
new venue, you must provide only the input and ouput components. And
the work required for the output component is negligible, therefore,
once the engine has been written, exploiting additional venues is
really just a matter of writing a new input component.
OUTPUT COMPONENT
In almost every client, the user issues commands (such as to raise,
call or fold) by clicking a button. In almost every operating system,
a facility exists to "mimic" or "generate" a mouse-click anywhere on
the screen. This is transparent from the point of view of the client
software; in other words, the client software won't know whether a
particular "click" was the result of a user physically pressing the
mouse button, or
INFILTRATING THE CLIENT
The important thing to remember is that, even assuming you had the
source code for one of the poker clients, it probably wouldn't do you
any "good". The only information you're going to be able to retrieve
is information you would be allowed to see anyway - the board cards,
your own cards, the number of players at the table, and so forth. No
amount of sleuthing around in the process-space of the client
application is going to yield an iota of information that you couldn't
ferret out by simply looking at the screen....UNLESS a particular
poker venue has been careless, or is trying to reduce network traffic.
Even in these cases, rest assured that the data will DEFINITELY be
encrypted, and breaking any serious encryption, let alone SSL (used by
banks, etc), is easier said than done. When people talk about hackers
breaking into systems, this is not what they mean.
That said, the techniques for sneaking code into the address space of
another application have been amply documented by people like Jeff
Richter in his books, and on the internet. The techniques will differ
depending on the specific flavor of Windows operating system running.
If you know enough to get into the process in the first place, you'll
have a good idea of what to do when you're "in".
BOT COLLUSION
If having one bot is good, having twenty or thirty is even better.
After all, if a single bot plays for a week without interruption,
people begin to get suspicious. So intelligent cheats set things up
such that they have multiple accounts at each venue. Since this is
against venue rules, they have to go to various lengths to ensure that
the identity behind each account remains separate.
It is not that difficult to obtain any number of accounts at a
specific venue. One can use a false name or address, or one can use
the name and address of one or more of your friends or fellow
cheaters. Each method has its advantages and its drawbacks. Some
combination of false names and real names is probably ideal, as some
individuals might not want to divulge their real name and address and
yet, for cash-out purposes, a valid receiving name and address might
be desired (especially in this day and age when credit cards are
refusing any and all gambling transactions).
Once the accounts have been obtained, the bots are installed and a
mechanism for connecting to the server is established. Ideally the
physical connection used by each bot is geographically estranged from
the physical connections used by the other bots. This can be done by
relying on friends or co-conspirators in other cities and states, or
by "spoofing" one's connection so that it looks like it's coming from
another region. However, the bots themselves run in a central
location, the geographically isolated or "spoofed" connection points
being proxies which simply forward information between the server and
the centralized "bot depot" which contains the machines actually
running the bots and probably exists in somebody's basement or garage.
Using this mechanism the number of bots that can be put to work is
limited only by one's ability to create new accounts and connections
for those accounts. It is conceivable that over time a pool of
hundreds if not thousands of such bots could be put to some very
diabolical purposes indeed.
CLIENT INQUIRY
While performing research for this post I performed a simple
investigation of the various poker clients, including the Paradise,
Party, Stars, and Planet clients. For this work I used the Visual C++
6.0 IDE along with related tools such as DUMPBIN and DEPENDS.
My initial inquiry revealed that internal symbols have been stripped
from each client, a common industry practise for secure software.
Most of the poker client interfaces are Windows dialog boxes employing
custom bitmaps and painting procedures. Similarly, most of the
information presented on the screen - the flashing circles used to
indicate players, the action buttons, pot and bet sizes, etc, are
implemented as standard windows of one type or another (edit boxes,
buttons, etc).
If you are curious about what some of the administration screens used
by a particular venue look like, simply open that venue's client
software in the Visual C++ IDE (or another such tool) and take a look
at the dialog resources. You will come across a few screens which are
obviously not intended for player use, but nothing too juicy. I did
see something suspicious, however, in one client...I am not sure, and
am not willing to say, what it might be used for. Again, the curious
can investigate for themselves (as this may be a red herring).
All of the investigated clients rely on SSL (secure socket layer) for
encrypted transmissions. Some of the clients shipped with additional
crypto-related DLLs which I was not able to identify. I assume they
are third-party cryptography DLLs from one or another corporation.
From a player standpoint this is very good, as it means the venues are
doing their homework with regard to encryption, as advertised. It is
supremely foolish for players to think hackers are out there
"decrypting" their transmissions when all it takes is a few function
calls to achieve world-class encryption. You are much more likely to
be cheated by collusion.
To Be Continued...
questions, complaints, flames? rambopoker@yahoo.com
See also
Links
- Original post on RGP (rec.gambling.poker)
