-
Posts
152 -
Joined
-
Last visited
-
Days Won
3 -
Feedback
100%
asdttt last won the day on May 11 2022
asdttt had the most liked content!
Profile Information
-
Gender
Male
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
asdttt's Achievements
Steel Poster (4/10)
88
Reputation
-
username85932 started following asdttt
-
If you wanna reduce ban rates, just mix up your botting. Bot mining, then maybe go bot combat. Combat IMO is the best to bot because it has a high level of randomness just due to the fact entities move around dynamically and the RND nature of combat on RS. Fishing, woodcutting, agility, runecrafting, and mining all have really fast ban rates.
-
Getting closer to discovering the detection algorithm... (Part 2)
asdttt replied to asdttt's topic in Botting & Bans
I personally don't believe that is a metric. If Jagex is using heuristics/ML to monitor accounts, they're going to be using it on more constant variables. Mouse movement, button delay, task ticks, etc. Not what someone does during the task like talking to friends and such. It's also not one big check. They have multiple different checks, all which can and will lead to a ban. Some faster then others. It's important to tackle this whole botting thing with: How would I stop botting. Once you start fighting to detect your own bot, obvious flaws start to show. -
Getting closer to discovering the detection algorithm... (Part 2)
asdttt replied to asdttt's topic in Botting & Bans
I believe so, and OSBot already uses them. But their logic is flawed (Unless this is their intended behavior?) This is OSBot's current clicking. Reason it looks like this is because they turn negative random guassians into positive, which defeats the purpose of using them unless you are purposely trying to create this downward graph? Obviously this is EXTREMELY easy to detect still, as they're hitting the minimum far too often This is their current "flawed" code for generating randoms for the mouse events. Might be used all over, I only verified that they use it for clicking. public static int gRandom(int iIiiiiiIIiIi, double d) throws IllegalArgumentException { double d1 = Math.abs(random.nextGaussian()) * d + iIiiiiiIIiIi; d = iIiiiiiIIiIi + d * 3.0D; if (d1 > d) d1 = d; return (int)Math.max(0L, Math.round(d1)); } Instead of that, they could do something like this public static int gRandom2(int iIiiiiiIIiIi, double d) throws IllegalArgumentException { double mod; double result; do { double guassian = random.nextGaussian(); if (guassian < 0) iIiiiiiIIiIi += d; mod = d * guassian; } while ((result = (iIiiiiiIIiIi + mod)) < 35); return (int) result; } This code is not perfect, it's just more of an example of a direction they could try. That code produces this -
Getting closer to discovering the detection algorithm... (Part 2)
asdttt replied to asdttt's topic in Botting & Bans
It's not about avoiding bans, it's about figuring out what Jagex is looking for. 10 hours may sound like a lot to you, but it's pretty normal once you get passed the first couple layers: Client detection, non-HID (Or possibly just hardware mouse position checks), mouse movement patterns. There are guys who bot over 10 hours daily with zero issues. Even some who have AFK botted nightmare zone for an ENTIRE WEEK straight with OSBot lol. The less input a task requires, the longer you can bot it. Every time I adjust my client/scripts, I get a longer and longer botting time. It's only a matter of time. -
Getting closer to discovering the detection algorithm... (Part 2)
asdttt replied to asdttt's topic in Botting & Bans
Here's some more data on these mouse events. This is only 300 clicks because I'm lazy My mouse, manually: https://i.imgur.com/3xqGR6X.png An autoclicker https://i.imgur.com/tBSKIOX.png Right off the bat you'll notice two things. One, the randomization, or so we thought, is more evenly spread out. Contains a visually predictable median. Secondly, you'll see that in my manual clicks, there's an obvious hot spot where clicks are more likely to land between. Not only that, but my min/max clicks are very very minor. It wouldn't take a rocket scientist to create an algorithm to detect the autoclicker. Now imagine this data with thousands of clicks. Millions possibly. That autoclicker graph would practically flat-line, even among the min/max which logically should be the most difficult to hit. -
This is part two of my findings, although this time I created an entire 3D imaging software to bot with. Previously I was banned using a randomized alching macro script, paired with a HID device completely indistinguishable from a normal mouse in terms of appearance to native programs - although it took around two weeks of near constant alching. The software... Similar to how colorbots work, but based on imaging physical objects due to all the free libraries all over, computational speeds, and the simplicity of 3D objects in-game. I created a new software to control my HID device using a COM's port (Which it then translated to natural HID input). My mouse mover was a very advanced algorithm I worked on when I used to use OSBot, including a trained neural network portion which aided in speed/translations/overshoots/deviation/whatever. Multiple hours trained using my movements in-game to insure Jagex wouldn't be able to establish a difference between my movement, and the bots movement. The HID device was then seeded by https://www.random.org/ as generated a seed on a device is incredibly difficult due to the simplicity of the OS and overall hardware obviously. The bot, although somewhat slow at times, was very similar to my own movements. It's job was to simply mine for around 10 hours a day, then turn off. Then turn on the next day. Surprisingly this bot managed to net 3 million GP mining tin, in the course of about 1-2 weeks, with some days off. That compared to MirrorMode on OSBot is a MASSIVE increase in botting time. Sadly, it was just banned for Macro Major.. Ban cause speculation This ban bothers me. The software, undetected, the physical "mouse", undetected, the mouse movement, exactly as my own.. I'm really thinking, what pattern could possibly be this blatantly obvious that they would ban my poor bot permanently? No way it's the mouse movement? The pattern in mining, doubt it as it was based on my own (once more), and is simply too basic to detect a pattern. The timings? Should of been very random, with unbounded lengths (Meaning a random integer between 1-100 could result in 20,000 randomly), but still not ruling this out. Then lastly, the ban time frame.. It matches the alch bot near-perfect. A bot that did nothing but click a mouse, which didn't rely on software on the computer at all.. Is it possible that... Mouse down -> Mouse UP timing (A record I've already shown they logged), is responsible for these bans? Is it possible they're brute-forcing our seeds or using some type of algorithm which eventually learns our random patterns and can predict the next random number in the sequence (Given our randomizers use pseudorandom chains). Since we all use a static range of numbers between Mouse Down/Up, they will eventually detect regions of time of where our click events contain a constant, say 50-200MS between bound. Theoretically, given enough time, most numbers between these given bounds will result in the near-same number of uses. Writing an algorithm to detect a randomness pattern between the up/down (Or in other words, time it takes to click) would not be difficult, it would just require a lot of data. Furthermore, the ban rates tend to reflect mouse clicks. Agility for instance, requires clicking every 2 seconds. Essentially my conclusion: Randomization is a double edged sword. May appear random, but given enough time, creates a perfectly symmetrical shape. Instead of a horizontal random number picker, perhaps we need to look into more "human-like" randomization. Plans going forward... What I plan to do now, for anyone who cares, is to graph some of this data to visualize the data Jagex is being sent just to see how "random" looks. My next plan is to once more bot the living FUCK out of some rudimentary task, but this time with mouse delays based on my own timings. If I'm still banned, I'm just going to assume Jagex carelessly bans anyone who is doing a task for too long and this whole thing is a waste of time lmao The reason I focused on the mouse click delay in this thread is because it's the easiest input to track. No matter what bot, script, or macro you use, they all have randomized clicking. This is also the easiest pattern as it's consistent throughout all botting tasks
-
They instantly detect when you use a non-approved client for sure. Tested this numerous times. Second you use injection on your account, you permanently flag it and you WILL get banned for overbotting even when not using OSBot. In other words, once your account is flagged, you will be banned much faster then a non-flagged account. Even for basic things like autoclickers They also state that they can scan your memory, so I'm sure Mirror mode is detected at some point, but 100% not as quickly as injection. Jagex has code in their Java client which can/will at ANY TIME load WHATEVER files their server decides to send to your computer, Running in sandbox mode is smart if you're trying to prevent fingerprinting. Fingerprinting being Jagex using some file/ID/etc to tie multiple accounts regardless of IP together. So you might as well take the extra step and run on a virtual sandbox if your PC can handle it. Just use custom/private scripts, take tons of breaks, be very careful with skills such as agility/mining, use mirror mode 100% of the time on accounts you care about.. Etc. I'm not sure if the hardware mouse thing makes a difference, but others claim it does so..
-
Majority of proxies are flagged. For all we know, they flag all datacenter/known-proxy/vpn addresses. I recommend buying residential proxies. Never got prematurely banned on a residential proxy before
-
Decided to come back to OSRS botting after getting bored. Wanted to see if I could bypass the anti-bot by going to the maximum. So I did a simple task, alching, for a whole week straight 20/h with only like 1 hour breaks lmao. Difference this time is I wanted to make it IMPOSSIBLE to detect me outside of pattern detection Managed to make it 1-2 WEEKS, going nearly 20 hours a day, and getting all the way to 98 magic before getting 1 day banned for "Bot busting". Strangely enough I was banned for "Illegal 3rd party software" which leads me to believe I was flagged from weeks ago when I first used OSBot on the account. Edit: Didn't say 24/h a day due to having to buy from the grand exchange, and occasionally getting auto-logged out and not instantly re-logging Couples of important notes Macros, fake mouse, sendInput - all easily detected by modern anti-cheats. Therefor I used a custom HID device that I programmed the script directly into and hid the driver to appear as a Logitech mouse. Obviously used delays between mouse click/release on the HID device to mimic a normal user Random delays, although not too long so the aching was still very efficient Random small breaks (Just like 1-10 seconds without logging in) every 10-20 minutes Random seeding, at random intervals. Seeds were taken from the digital analog signal on the HID/COM device i used, best way to get a random integer given the limited OS. This was to prevent seed bruteforcing Was actually using RUNELITE because the vanilla client is garbage. Might of contributed to the ban? Was logically similar/same to my own pattern timings, based on raw data (Not assumption) The account, weeks ago, had used my own private combat scripts to train strength/defense/attack I have never been banned using my custom scripts + breaks/questing after 3 hours (Unless intentionally trying to get banned to test) NO BOT software was installed on this computer. Fresh installation of Windows 10 Was not banned for macros, but rather "Bot bust" - which is commonly applied to AUTOCLICKER related bans Why? I was interested to see whether it was possible to fully bypass at STUPID large time-spans that are physically impossible for a human to do. I assumed that MAYBE Jagex deploys further anti-cheat after reaching a certain gameplay time (Based on pattern recognition thresholds) which would seek to verify whether the suspected botter is using a real mouse (Whether input comes from a physical HID device rather then API), or whether they're using an illegal client such as OSBot. Since I was both using an approved client, and a physical HID device, my theory was the anti-bot would not ban my account due to insufficient proof. What does this mean to botting? It further questions the popular theory of whether Jagex is actually doing these HID/Client checks at all. Is it possible that they DO still do these checks, but only to increase the ban rate or ban offense? IMO, from testing, that's most likely the case.. Secondly, it further emphasizes the importance of taking BREAKS! Time appears to be one of the LARGEST factors when botting. Even when completely bypassing all possible pattern detection, or low level detection, I STILL managed to get banned based on my improbable play time - and obviously the succession of my alching may of lead to this. Although I myself, and many others in the past have used beats-per-minute timings to get perfect alching. Human improbability is what I imagine this detection tier is based on Lastly, and possibly the most important, it is possible that my previous botting (IE using OSBot, an illegal client), left a flag on my account and Jagex was only waiting for me to overplay on the account to ban it. Now my plan is to train another account with only vanilla and my HID device scripts. That will prove whether my account was previously flagged for the small amount of botting, or if Jagex banned me based solely on the fact I botted for far too many hours to be deemed as "natural". Hope this information was useful for some people, or at least prevents you from doing this same thing lol TL;DR: Temp banned even though I used a physical HID device and a Jagex approved client (Runelite) with zero software
-
CheckingItOut started following asdttt
-
Bot clients can be detected and flagged immediately depending on OS
asdttt replied to caketeaparty's topic in Botting & Bans
Checking the source of input is not illegal....... Please quote some laws and provide sources before you make such insane claims.. -
Bot clients can be detected and flagged immediately depending on OS
asdttt replied to caketeaparty's topic in Botting & Bans
Wasn't aware there were lawyers on this website. Too bad you're an idiot. It's not illegal to have client side anti-cheat... If it is, shutdown Fortnite, Rust, and Battlefield this instant! It's even funnier you said that because of jaclib (Runescape anti-cheat library) being exposed back in the day which contained basically exactly what I stated above. -
Bot clients can be detected and flagged immediately depending on OS
asdttt replied to caketeaparty's topic in Botting & Bans
I wish it was that easy. -
Bot clients can be detected and flagged immediately depending on OS
asdttt replied to caketeaparty's topic in Botting & Bans
This would further backup the theory that after X hours of botting, you're put in a tier of anti-bot that loads native level detection - such as detecting whether a mouse click is coming from hardware, windows API, or being created directly inside the JVM it's self. Different OS's would require different methods and API. Many client side anti-cheats such as EAC utilize the same detection methods for detecting aimbot or macroing. -
Keyboard focus is spoofed