-
Posts
152 -
Joined
-
Last visited
-
Days Won
3 -
Feedback
100%
Everything posted by asdttt
-
If you wanna reduce ban rates, just mix up your botting. Bot mining, then maybe go bot combat. Combat IMO is the best to bot because it has a high level of randomness just due to the fact entities move around dynamically and the RND nature of combat on RS. Fishing, woodcutting, agility, runecrafting, and mining all have really fast ban rates.
-
Getting closer to discovering the detection algorithm... (Part 2)
asdttt replied to asdttt's topic in Botting & Bans
I personally don't believe that is a metric. If Jagex is using heuristics/ML to monitor accounts, they're going to be using it on more constant variables. Mouse movement, button delay, task ticks, etc. Not what someone does during the task like talking to friends and such. It's also not one big check. They have multiple different checks, all which can and will lead to a ban. Some faster then others. It's important to tackle this whole botting thing with: How would I stop botting. Once you start fighting to detect your own bot, obvious flaws start to show. -
Getting closer to discovering the detection algorithm... (Part 2)
asdttt replied to asdttt's topic in Botting & Bans
I believe so, and OSBot already uses them. But their logic is flawed (Unless this is their intended behavior?) This is OSBot's current clicking. Reason it looks like this is because they turn negative random guassians into positive, which defeats the purpose of using them unless you are purposely trying to create this downward graph? Obviously this is EXTREMELY easy to detect still, as they're hitting the minimum far too often This is their current "flawed" code for generating randoms for the mouse events. Might be used all over, I only verified that they use it for clicking. public static int gRandom(int iIiiiiiIIiIi, double d) throws IllegalArgumentException { double d1 = Math.abs(random.nextGaussian()) * d + iIiiiiiIIiIi; d = iIiiiiiIIiIi + d * 3.0D; if (d1 > d) d1 = d; return (int)Math.max(0L, Math.round(d1)); } Instead of that, they could do something like this public static int gRandom2(int iIiiiiiIIiIi, double d) throws IllegalArgumentException { double mod; double result; do { double guassian = random.nextGaussian(); if (guassian < 0) iIiiiiiIIiIi += d; mod = d * guassian; } while ((result = (iIiiiiiIIiIi + mod)) < 35); return (int) result; } This code is not perfect, it's just more of an example of a direction they could try. That code produces this -
Getting closer to discovering the detection algorithm... (Part 2)
asdttt replied to asdttt's topic in Botting & Bans
It's not about avoiding bans, it's about figuring out what Jagex is looking for. 10 hours may sound like a lot to you, but it's pretty normal once you get passed the first couple layers: Client detection, non-HID (Or possibly just hardware mouse position checks), mouse movement patterns. There are guys who bot over 10 hours daily with zero issues. Even some who have AFK botted nightmare zone for an ENTIRE WEEK straight with OSBot lol. The less input a task requires, the longer you can bot it. Every time I adjust my client/scripts, I get a longer and longer botting time. It's only a matter of time. -
Getting closer to discovering the detection algorithm... (Part 2)
asdttt replied to asdttt's topic in Botting & Bans
Here's some more data on these mouse events. This is only 300 clicks because I'm lazy My mouse, manually: https://i.imgur.com/3xqGR6X.png An autoclicker https://i.imgur.com/tBSKIOX.png Right off the bat you'll notice two things. One, the randomization, or so we thought, is more evenly spread out. Contains a visually predictable median. Secondly, you'll see that in my manual clicks, there's an obvious hot spot where clicks are more likely to land between. Not only that, but my min/max clicks are very very minor. It wouldn't take a rocket scientist to create an algorithm to detect the autoclicker. Now imagine this data with thousands of clicks. Millions possibly. That autoclicker graph would practically flat-line, even among the min/max which logically should be the most difficult to hit. -
This is part two of my findings, although this time I created an entire 3D imaging software to bot with. Previously I was banned using a randomized alching macro script, paired with a HID device completely indistinguishable from a normal mouse in terms of appearance to native programs - although it took around two weeks of near constant alching. The software... Similar to how colorbots work, but based on imaging physical objects due to all the free libraries all over, computational speeds, and the simplicity of 3D objects in-game. I created a new software to control my HID device using a COM's port (Which it then translated to natural HID input). My mouse mover was a very advanced algorithm I worked on when I used to use OSBot, including a trained neural network portion which aided in speed/translations/overshoots/deviation/whatever. Multiple hours trained using my movements in-game to insure Jagex wouldn't be able to establish a difference between my movement, and the bots movement. The HID device was then seeded by https://www.random.org/ as generated a seed on a device is incredibly difficult due to the simplicity of the OS and overall hardware obviously. The bot, although somewhat slow at times, was very similar to my own movements. It's job was to simply mine for around 10 hours a day, then turn off. Then turn on the next day. Surprisingly this bot managed to net 3 million GP mining tin, in the course of about 1-2 weeks, with some days off. That compared to MirrorMode on OSBot is a MASSIVE increase in botting time. Sadly, it was just banned for Macro Major.. Ban cause speculation This ban bothers me. The software, undetected, the physical "mouse", undetected, the mouse movement, exactly as my own.. I'm really thinking, what pattern could possibly be this blatantly obvious that they would ban my poor bot permanently? No way it's the mouse movement? The pattern in mining, doubt it as it was based on my own (once more), and is simply too basic to detect a pattern. The timings? Should of been very random, with unbounded lengths (Meaning a random integer between 1-100 could result in 20,000 randomly), but still not ruling this out. Then lastly, the ban time frame.. It matches the alch bot near-perfect. A bot that did nothing but click a mouse, which didn't rely on software on the computer at all.. Is it possible that... Mouse down -> Mouse UP timing (A record I've already shown they logged), is responsible for these bans? Is it possible they're brute-forcing our seeds or using some type of algorithm which eventually learns our random patterns and can predict the next random number in the sequence (Given our randomizers use pseudorandom chains). Since we all use a static range of numbers between Mouse Down/Up, they will eventually detect regions of time of where our click events contain a constant, say 50-200MS between bound. Theoretically, given enough time, most numbers between these given bounds will result in the near-same number of uses. Writing an algorithm to detect a randomness pattern between the up/down (Or in other words, time it takes to click) would not be difficult, it would just require a lot of data. Furthermore, the ban rates tend to reflect mouse clicks. Agility for instance, requires clicking every 2 seconds. Essentially my conclusion: Randomization is a double edged sword. May appear random, but given enough time, creates a perfectly symmetrical shape. Instead of a horizontal random number picker, perhaps we need to look into more "human-like" randomization. Plans going forward... What I plan to do now, for anyone who cares, is to graph some of this data to visualize the data Jagex is being sent just to see how "random" looks. My next plan is to once more bot the living FUCK out of some rudimentary task, but this time with mouse delays based on my own timings. If I'm still banned, I'm just going to assume Jagex carelessly bans anyone who is doing a task for too long and this whole thing is a waste of time lmao The reason I focused on the mouse click delay in this thread is because it's the easiest input to track. No matter what bot, script, or macro you use, they all have randomized clicking. This is also the easiest pattern as it's consistent throughout all botting tasks
-
They instantly detect when you use a non-approved client for sure. Tested this numerous times. Second you use injection on your account, you permanently flag it and you WILL get banned for overbotting even when not using OSBot. In other words, once your account is flagged, you will be banned much faster then a non-flagged account. Even for basic things like autoclickers They also state that they can scan your memory, so I'm sure Mirror mode is detected at some point, but 100% not as quickly as injection. Jagex has code in their Java client which can/will at ANY TIME load WHATEVER files their server decides to send to your computer, Running in sandbox mode is smart if you're trying to prevent fingerprinting. Fingerprinting being Jagex using some file/ID/etc to tie multiple accounts regardless of IP together. So you might as well take the extra step and run on a virtual sandbox if your PC can handle it. Just use custom/private scripts, take tons of breaks, be very careful with skills such as agility/mining, use mirror mode 100% of the time on accounts you care about.. Etc. I'm not sure if the hardware mouse thing makes a difference, but others claim it does so..
-
Majority of proxies are flagged. For all we know, they flag all datacenter/known-proxy/vpn addresses. I recommend buying residential proxies. Never got prematurely banned on a residential proxy before
-
Decided to come back to OSRS botting after getting bored. Wanted to see if I could bypass the anti-bot by going to the maximum. So I did a simple task, alching, for a whole week straight 20/h with only like 1 hour breaks lmao. Difference this time is I wanted to make it IMPOSSIBLE to detect me outside of pattern detection Managed to make it 1-2 WEEKS, going nearly 20 hours a day, and getting all the way to 98 magic before getting 1 day banned for "Bot busting". Strangely enough I was banned for "Illegal 3rd party software" which leads me to believe I was flagged from weeks ago when I first used OSBot on the account. Edit: Didn't say 24/h a day due to having to buy from the grand exchange, and occasionally getting auto-logged out and not instantly re-logging Couples of important notes Macros, fake mouse, sendInput - all easily detected by modern anti-cheats. Therefor I used a custom HID device that I programmed the script directly into and hid the driver to appear as a Logitech mouse. Obviously used delays between mouse click/release on the HID device to mimic a normal user Random delays, although not too long so the aching was still very efficient Random small breaks (Just like 1-10 seconds without logging in) every 10-20 minutes Random seeding, at random intervals. Seeds were taken from the digital analog signal on the HID/COM device i used, best way to get a random integer given the limited OS. This was to prevent seed bruteforcing Was actually using RUNELITE because the vanilla client is garbage. Might of contributed to the ban? Was logically similar/same to my own pattern timings, based on raw data (Not assumption) The account, weeks ago, had used my own private combat scripts to train strength/defense/attack I have never been banned using my custom scripts + breaks/questing after 3 hours (Unless intentionally trying to get banned to test) NO BOT software was installed on this computer. Fresh installation of Windows 10 Was not banned for macros, but rather "Bot bust" - which is commonly applied to AUTOCLICKER related bans Why? I was interested to see whether it was possible to fully bypass at STUPID large time-spans that are physically impossible for a human to do. I assumed that MAYBE Jagex deploys further anti-cheat after reaching a certain gameplay time (Based on pattern recognition thresholds) which would seek to verify whether the suspected botter is using a real mouse (Whether input comes from a physical HID device rather then API), or whether they're using an illegal client such as OSBot. Since I was both using an approved client, and a physical HID device, my theory was the anti-bot would not ban my account due to insufficient proof. What does this mean to botting? It further questions the popular theory of whether Jagex is actually doing these HID/Client checks at all. Is it possible that they DO still do these checks, but only to increase the ban rate or ban offense? IMO, from testing, that's most likely the case.. Secondly, it further emphasizes the importance of taking BREAKS! Time appears to be one of the LARGEST factors when botting. Even when completely bypassing all possible pattern detection, or low level detection, I STILL managed to get banned based on my improbable play time - and obviously the succession of my alching may of lead to this. Although I myself, and many others in the past have used beats-per-minute timings to get perfect alching. Human improbability is what I imagine this detection tier is based on Lastly, and possibly the most important, it is possible that my previous botting (IE using OSBot, an illegal client), left a flag on my account and Jagex was only waiting for me to overplay on the account to ban it. Now my plan is to train another account with only vanilla and my HID device scripts. That will prove whether my account was previously flagged for the small amount of botting, or if Jagex banned me based solely on the fact I botted for far too many hours to be deemed as "natural". Hope this information was useful for some people, or at least prevents you from doing this same thing lol TL;DR: Temp banned even though I used a physical HID device and a Jagex approved client (Runelite) with zero software
-
Bot clients can be detected and flagged immediately depending on OS
asdttt replied to caketeaparty's topic in Botting & Bans
Checking the source of input is not illegal....... Please quote some laws and provide sources before you make such insane claims.. -
Bot clients can be detected and flagged immediately depending on OS
asdttt replied to caketeaparty's topic in Botting & Bans
Wasn't aware there were lawyers on this website. Too bad you're an idiot. It's not illegal to have client side anti-cheat... If it is, shutdown Fortnite, Rust, and Battlefield this instant! It's even funnier you said that because of jaclib (Runescape anti-cheat library) being exposed back in the day which contained basically exactly what I stated above. -
Bot clients can be detected and flagged immediately depending on OS
asdttt replied to caketeaparty's topic in Botting & Bans
I wish it was that easy. -
Bot clients can be detected and flagged immediately depending on OS
asdttt replied to caketeaparty's topic in Botting & Bans
This would further backup the theory that after X hours of botting, you're put in a tier of anti-bot that loads native level detection - such as detecting whether a mouse click is coming from hardware, windows API, or being created directly inside the JVM it's self. Different OS's would require different methods and API. Many client side anti-cheats such as EAC utilize the same detection methods for detecting aimbot or macroing. -
Keyboard focus is spoofed
-
The method's (such as GC/class checker) are both within the JVM, so the OS doesn't really matter for those checks. If they load native anti-cheat code (Hasn't been detected on OSRS), then they could detect whether the bots keyboard/mouse is coming from hardware, or software - although there's zero evidence to support they do this and it'd still be bypassable with some effort annd it'd need to be different methods per OS since it'd be different API and kernels. As for unofficial clients, I doubt it puts you on the radar 100% of the time. Runelight at this point is probably the most widely used client out of all of them and differs from each installation due to the plugins installed. Sure seems to put you on the radar FASTER according to the banrates on here (I myself have never used mirror mode, so this is 100% speculation). Your windows VPS may also have it's IP flagged as a proxy/vpn/dangerous IP. Although it's pretty obvious to find out because they'll lock your account shortly after beginning to bot lol.
-
Idk the anti-bot is simply too big to pinpoint exactly what's causing the bans. Residential IP's 100% result in a lower banrate as opposed to VPN/proxy IP's that are flagged as such however. All the users on here generally claim that either mirror mode makes no difference in their banrates, or a slight difference. I think it just boils down to what I said though - essentially that non-official clients will flag faster due to being a an unofficial client (Mirror mode would flag as official in theory from the checks I mentioned). Almost certain Jagex's anti-bot measures are tiered anyways. It's possible client detection is the X tier that feeds into their bot % chance. It's even possible that one of their higher tiers loads a .dll which would detect things like non-hardware mouse movement/clicks from an OS level (Such as windows/Linux/Mac API). One thing that seems to be for certain is bot/play time 100% is used in their anti-bot detection. Whether it's for teiring their anti-cheat measures, or simply for feeding into a pool of checks that produces a bot certainly output on the selected players idk.
-
Injection uses reflection. Reflection is just API that allows you modify the behavior of methods, classes, ect at runtime. And idk what you're doing to get banned that fast. I bot 6 hours a day on my main training various stats, even mining, and I've yet to be banned. The client check most likely is a result of already being flagged as a bot, or assumed as a bot. It might add to the % a user is a bot. I'd go as far as saying if they detect you're using the official client (mirror mode), the ban requirements are slightly raised.
-
Reflection == Stealth Injection. There's two "debug" checks inside OSRS's jar I've located. One, a classchecker that Jagex's server can request to check any class at anytime. The other, a garbage collector timings collector that jagex can once again request at any time. Wouldn't be difficult to differentiate OSBot from an official client using just basic garbage collection timings due to the increase in permGen, shortLived memory, and overall collection timings from the bot client + scripts. I personally don't think there's any difference between using mirror mode and stealth injection in terms of detecting based on the client it's self. Using stealth injection may lead to a faster ban due to them being able to, in theory, tell you are not using an official client from debug results, but you wouldn't be banned based on using the client it's self.
-
IP's flagged for VPN/proxy/ect. Use a proxy that isn't flagged
-
Ah that explains why I couldn't find it. Haven't played RS3 in ages. And I agree completely that they use machine learning, or at least pattern matching. Which is why I produced this thread showing how their current logging capabilities could EASILY pickup on OSBot. Every bot client I tried actually has flawed mouse movement patterns (Only tried 2 others). It split off into another direction primary because Alek basically said "If it's detectable by x, then why bother fixing y". Edit: And there's other basic stuff like NEVER loosing keyboard focus, even when the virtual mouse is "moved off the screen" that probably adds to the probability of a user being a bot.
-
I was just pointing out that they could achieve nearly the same level of detection based on raw input, so you wouldn't be able to detect that using the method you described. And yeah I couldn't find anything interesting either, but as I described above, the detection appears to be tiered. Quoting myself: So in other words, I don't believe they use this level of detection. If they do, then they're very very sneaky with it and it's injected only after botting a certain amount of time, and only for a certain length of time. Like a "last ditch effort" as I described above. Edit: Also I forgot to mention, there actually was a .dll file called "jaclib.dll" or whatever that contained code to catch the API input flag "LLMHF_INJECTED" (From sendInput) - although there was never a callback implemented. Weird... Very weird.. Especially since they bothered to ship it... Maybe because they realized that programmers could easily remove that flag through a hook + trampoline function, or by just unregistering it lmao (Through WH_DEBUG). They appear to have removed it though.
-
Would still be detectable as it's not coming off the HWID stack, but that's if they even have the anti-cheat measures to check that. Still wouldn't be impossible to bypass. Hell, you could make an autoclicker in Logitech's driver software and it'd come clean off the HWID stack. IMO, I think Jagex understands that botting is simply a part of the game at this point. They're getting little to no new players, RS3 is pretty much dead, and OSRS is full of autoclickers. It makes zero sense why I can bot on the most blatant script ever made for 4 hours straight and get no ban. ZERO sense. To me, it feels like they actually just allow micro-botting as long as it wont harm the economy. This game is so repetitive, if you actually took the time to train your strength or what not to 99 MANUALLY then you should probably get a job lol. And from what it appears during my testing, they've done nothing with windows API. They do have code to download jars and load .dll files, but I haven't been able to detect anything while botting. Maybe they load it after 6-10 hours of straight botting for a bit, then unload it? I've got no idea. I got 75 magic about 2 days ago by autoclicking alch for like 9 hours straight and got no ban either. It's been theorized by most botters that their system is tiered, so this would certainly back that claim up. Maybe detecting clicks is the very top tier of detection, their last ditch effort. That would also mean that fixing other flaws such as the mouse movement would further delay bans, therefor, in theory, allowing for a much longer botting period.
-
Depends on what you plan on hosting on the server. I assume you're using OVH, or a reseller like SoYouStart for a price that good.
-
First off, stop using port 8080 because that's already an established port for HTML. Second off, you only call it once... You need to do a loop on serverMuleRequest if you want it to keep writting. Like while (true) { method } - but you don't want to keep establishing a new socket, so you'll need to assign that somewhere else before the loop