Check the outcome of the Crash game: algorithm, security
1) Purpose of verification: what exactly you confirm
Irremovability: the operator could not change the result after your bet (due to the commit of the server seed hash).
Reproducibility: Having input, you get the same multiplier that the game showed.
Procedure integrity: message format, increment'nonce ', rounding rule and "house edge" are strictly applied according to the specification.
2) Data without which verification is impossible
1. Server Seed Hash (commit) - published before using the corresponding'Server Seed '.
2. Server Seed (disclosed later/at the end of the period).
3. Client Seed (your seed; you set it yourself or the platform generates).
4. Nonce (the counter of your bets within the current'Server Seed ').
5. Hash algorithm (usually 'HMAC-SHA256' or 'SHA-256').
6. Message format (example: '": "'), exact delimiters/case/encoding.
7. The hash mapping formula → a multiplier (and a rounding/minimum rule).
3) Verification algorithm (7 steps)
1. Compare the commit: count 'SHA-256 (ServerSeed)' and compare with the published 'ServerSeedHash'.
2. Collect the message: strictly in platform format (for example, 'msg = ClientSeed + ":" + Nonce').
3. Count the round hash:
4) Pseudocode (can be adapted for Python/JS)
```python
Insert here the exact mapping formula from your platform instead of stub_mapping ()
import hmac, hashlib, math
def round_hash(server_seed: bytes, client_seed: str, nonce: int) -> bytes:
def take_u_from_hash(h: bytes, k_bits=52) -> float:
def stub_mapping(u: float) -> float:
def verify(server_seed_hex, server_seed_hash_hex, client_seed, nonce, shown_multiplier):
Important: instead of 'stub _ mapping', apply the exact formula from the Fairness section of your platform; otherwise, the check will be incorrect.
5) Particular cases and pitfalls
Two bets in one round: many platforms have'nonce 'increments for each of your bets, even if they are placed in the same round (example: bet A → 'nonce = 42', bet B → 'nonce = 43 '). Check by history.
Changing'Client Seed': When changing the seed, the'nonce' is usually reset (or a new stream begins). Compare the rules of your platform.
Batchy 'Server Seed': One 'Server Seed' acts on a series of rounds, then a new commit is published; do not confuse seeds from different periods.
Rounding/minimum: mismatch on the second sign - in 90% of cases, an error in the rounding/minimum rules (for example, fixed 1. 00 × under special conditions).
Encoding/spaces: extra space/line feed, wrong case, non-UTF-8 breaks check.
6) Quick Round Check List
1. Does'SHA-256 (ServerSeed) 'match the published'ServerSeedHash'?
2. Is the'message' and the'nonce' format formed correctly?
3. Algorithm ('HMAC-SHA256 '/' SHA-256') and key/field order applied strictly according to specification?
4. Are the mapping and rounding identical to the documentation?
5. Whether special cases (rare "instant crash," minimum 1. 00 ×, mouthguards)?
6. Does the result coincide with the history of the game to the penny?
7) Automation of control (practice)
Logs: keep 'client _ seed', sequence 'nonce', timestamp, final multiplier.
Sampling: after the "roar" of'Server Seed', run the script through random 20-50 rounds; Fix the match percentage (must be 100%).
Regression: when changing the version of the game/provider, run the same set.
Export: store CSV/JSON with sources - this is your "audit track."
8) Safety: How not to make mistakes and let yourself be fooled
Check locally/offline: do not rely only on the operator's web validator; keep your own script.
Do not trust rounds without a complete data package: no formula/format - no verification.
Strong 'Client Seed': Ask randomly, change periodically (this does not increase RTP, but excludes questions about reproducibility).
TLS/sessions: HTTPS-only login, 2FA, tracking history logins and uploads.
Do not give 'Server Seed' to anyone: it is published by the operator after the period; your task is to verify, not to "get" it in advance.
9) Typical "rookie errors"
Mixed up field order ('Nonce: ClientSeed' instead of 'ClientSeed: Nonce').
Count'nonce 'from zero instead of one (or vice versa).
The hash of the entire round of the platform (global nonce) was used, but you need your personal'nonce '.
Banker's rounding vs floor/ceil.
Check against active, not already exposed'Server Seed '.
10) "Red flags" at the operator
No public Server Seed Hash before the start of the period.
You cannot set your Client Seed or view nonce.
There is no public multiplier hash mapping formula.
The history of rounds does not provide a minimum of data for reconciliation.
The format and algorithm were changed without notice/specification archive.
11) Australian Context (AU)
Currency: keep records of wins/bets in AUD, keep uploads of stories (support, controversial issues).
Responsible Play (RG): Deposit/time limits, pauses and self-exclusion - available in bona fide apps; use them.
Platform practices: for bona fide operators, the Fairness/Fairly Fair block contains a complete description and examples of verification; lack of details is a reason to choose another service.
12) The bottom line
Checking the outcome of a Crash game is a clear procedure:
Keep your own script, log input and periodically check random rounds. So you confirm honesty not in words, but mathematically.
Irremovability: the operator could not change the result after your bet (due to the commit of the server seed hash).
Reproducibility: Having input, you get the same multiplier that the game showed.
Procedure integrity: message format, increment'nonce ', rounding rule and "house edge" are strictly applied according to the specification.
2) Data without which verification is impossible
1. Server Seed Hash (commit) - published before using the corresponding'Server Seed '.
2. Server Seed (disclosed later/at the end of the period).
3. Client Seed (your seed; you set it yourself or the platform generates).
4. Nonce (the counter of your bets within the current'Server Seed ').
5. Hash algorithm (usually 'HMAC-SHA256' or 'SHA-256').
6. Message format (example: '"
7. The hash mapping formula → a multiplier (and a rounding/minimum rule).
💡The entire specification should be in the Fairness/Fairly Fair section of the operator. If something is not there, this is a red flag (see § 10).
3) Verification algorithm (7 steps)
1. Compare the commit: count 'SHA-256 (ServerSeed)' and compare with the published 'ServerSeedHash'.
2. Collect the message: strictly in platform format (for example, 'msg = ClientSeed + ":" + Nonce').
3. Count the round hash:
- при `HMAC-SHA256`: `RoundHash = HMAC_SHA256(key=ServerSeed, msg=message)`;
| when'SHA-256 ':' RoundHash = SHA256 (ServerSeed | message) 'or as specified in the specification. |
|---|---|
| 4. Extract randomness: take the first'k 'bits (often 52) → the integer'r', then'u = r/2 ^ k '. | |
| 5. Apply the mapping formula: convert 'u' to a multiplier (house edge/special cases are taken into account according to the game documentation). | |
| 6. Round according to the rules of the game (for example, up to 2 characters, at least 1. 00 ×, etc.). | |
| 7. Compare with the round total in history. Coincidence = correct honesty. |
4) Pseudocode (can be adapted for Python/JS)
```python
Insert here the exact mapping formula from your platform instead of stub_mapping ()
import hmac, hashlib, math
def round_hash(server_seed: bytes, client_seed: str, nonce: int) -> bytes:
- message = f "{client _ seed}: {nonce}." encode ("utf-8") format see specification
- return hmac. new(server_seed, message, hashlib. sha256). digest () or hashlib. sha256(...)
def take_u_from_hash(h: bytes, k_bits=52) -> float:
- We take k most significant bits as a whole r
- r = int. from_bytes(h, "big") >> (256 - k_bits)
- return r / (1 << k_bits) u в [0, 1)
def stub_mapping(u: float) -> float:
- STUB! Replace with formula from your game documentation
- For example, sometimes a transformation of the form is used: crash = floor ((const/( r + 1)) 100 )/100
- and/or "house edge" as a rare forced 1. 00×. Do not use this stub in a real check.
- return max(1. 00, round(1. 0 / max(1e-12, 1. 0 - u), 2))
def verify(server_seed_hex, server_seed_hash_hex, client_seed, nonce, shown_multiplier):
- server_seed = bytes. fromhex(server_seed_hex)
- 1) Commit
- assert hashlib. sha256(server_seed). hexdigest() == server_seed_hash_hex. lower()
- 2-3) Round hash
- h = round_hash(server_seed, client_seed, nonce)
- 4) u
- u = take_u_from_hash(h)
- 5-6) mapping + rounding
- calc_mult = stub_mapping(u)
- 7) comparison
- return abs(calc_mult - shown_multiplier) < 1e-9
- ```
Important: instead of 'stub _ mapping', apply the exact formula from the Fairness section of your platform; otherwise, the check will be incorrect.
5) Particular cases and pitfalls
Two bets in one round: many platforms have'nonce 'increments for each of your bets, even if they are placed in the same round (example: bet A → 'nonce = 42', bet B → 'nonce = 43 '). Check by history.
Changing'Client Seed': When changing the seed, the'nonce' is usually reset (or a new stream begins). Compare the rules of your platform.
Batchy 'Server Seed': One 'Server Seed' acts on a series of rounds, then a new commit is published; do not confuse seeds from different periods.
Rounding/minimum: mismatch on the second sign - in 90% of cases, an error in the rounding/minimum rules (for example, fixed 1. 00 × under special conditions).
Encoding/spaces: extra space/line feed, wrong case, non-UTF-8 breaks check.
6) Quick Round Check List
1. Does'SHA-256 (ServerSeed) 'match the published'ServerSeedHash'?
2. Is the'message' and the'nonce' format formed correctly?
3. Algorithm ('HMAC-SHA256 '/' SHA-256') and key/field order applied strictly according to specification?
4. Are the mapping and rounding identical to the documentation?
5. Whether special cases (rare "instant crash," minimum 1. 00 ×, mouthguards)?
6. Does the result coincide with the history of the game to the penny?
7) Automation of control (practice)
Logs: keep 'client _ seed', sequence 'nonce', timestamp, final multiplier.
Sampling: after the "roar" of'Server Seed', run the script through random 20-50 rounds; Fix the match percentage (must be 100%).
Regression: when changing the version of the game/provider, run the same set.
Export: store CSV/JSON with sources - this is your "audit track."
8) Safety: How not to make mistakes and let yourself be fooled
Check locally/offline: do not rely only on the operator's web validator; keep your own script.
Do not trust rounds without a complete data package: no formula/format - no verification.
Strong 'Client Seed': Ask randomly, change periodically (this does not increase RTP, but excludes questions about reproducibility).
TLS/sessions: HTTPS-only login, 2FA, tracking history logins and uploads.
Do not give 'Server Seed' to anyone: it is published by the operator after the period; your task is to verify, not to "get" it in advance.
9) Typical "rookie errors"
Mixed up field order ('Nonce: ClientSeed' instead of 'ClientSeed: Nonce').
Count'nonce 'from zero instead of one (or vice versa).
The hash of the entire round of the platform (global nonce) was used, but you need your personal'nonce '.
Banker's rounding vs floor/ceil.
Check against active, not already exposed'Server Seed '.
10) "Red flags" at the operator
No public Server Seed Hash before the start of the period.
You cannot set your Client Seed or view nonce.
There is no public multiplier hash mapping formula.
The history of rounds does not provide a minimum of data for reconciliation.
The format and algorithm were changed without notice/specification archive.
11) Australian Context (AU)
Currency: keep records of wins/bets in AUD, keep uploads of stories (support, controversial issues).
Responsible Play (RG): Deposit/time limits, pauses and self-exclusion - available in bona fide apps; use them.
Platform practices: for bona fide operators, the Fairness/Fairly Fair block contains a complete description and examples of verification; lack of details is a reason to choose another service.
12) The bottom line
Checking the outcome of a Crash game is a clear procedure:
- verification of the'Server Seed Hash' commit,
- restoring 'RoundHash' by 'Server Seed', 'Client Seed', 'nonce' and algorithm,
- Apply the published mapping formula and rounding rules
- identical multiplier in your review and in game history.
Keep your own script, log input and periodically check random rounds. So you confirm honesty not in words, but mathematically.
