asdttt

Made an earlier post about how all OSBot scripts seem detected, and posted some findings relating to the banrates of changing various things such as timings, clickspeed, movement, and mouse DPI. In testing, I found that almost 100% of all OSBot's mouse movements follow very simplistic patterns that are picked up very quickly by Jagex's anti-bot. This goes for ALL other client's I've tested, all containing some flaw within their mouse movement, whether it be [Other-Bot-Client]'s flawed inaccurate spoofed mouse movement, or [Other-Bot-Client]'s consistency. I've reported these flaws to the developers of OSBot already, but was not met with confirmation on whether or not they'll do anything about it. Possibly because they're still under the illusion that mouse movement doesn't play a big role in detection. So here's a topic to prove just that. First off, let me start by showing that Jagex certainly does record mouse movement: https://github.com/zeruth/runescape-client/blob/master/src/MouseRecorder.java#L40 This shows the frequency of their collection. 50MS ticks, which is equivalent to 20 times a second. Now you could say.. But isn't 50 MS not enough to accurately depict mouse movement? And that is true to some extent, but it's more then enough data to analyse in order to find flaws or patterns. Here's what it looks like to move a mouse on a 50MS tick-rate: https://i.gyazo.com/4eb9de90c1c8a60959e874fb24488ab3.mp4 A common argument may be that collecting mouse movement is an absurd amount of data, but.. They combine the integers into mostly a 2 byte for small/medium, and larger a 3 byte or 4 byte and save/send it as that. That means they can store around 250,000-500,000 x/y captures per 1mb. That translates to around 3.4 HOURS of constant mouse movement data capture per user. That data would obviously build up over-time, but IMO Jagex most likely clears this data either every ban-wave, or every week. Which wouldn't really be that much. You could also compress these integers an insane amount due to how primitive the encoding would be. They also only send movements, not equal, or zero movements: https://github.com/zeruth/runescape-client/blob/master/src/Client.java#L3330 - Although, they still keep track of those equal/zero movements: https://github.com/zeruth/runescape-client/blob/master/src/Client.java#L3332 So we can see they record the data locally, but do they send it to the server? The answer is, yes. Here's proof of that (Annd they send a loot more then just that...): https://github.com/zeruth/runescape-client/blob/master/src/Client.java#L3307 And here's them encoding the difference between mouse x/y movements into a 2 byte integer and appending it to their packet buffer (Only medium speed movements under about 31 pixel per 50MS): https://github.com/zeruth/runescape-client/blob/master/src/Client.java#L3342 And here's them encoding movements into a 3 byte integer and appending it to their packet buffer (var10 = mouseY * 765 + mouseX): https://github.com/zeruth/runescape-client/blob/master/src/Client.java#L3345 And here's them encoding movements into a 4 byte integer and appending it to their packet buffer (var10 = mouseY * 765 + mouseX):: https://github.com/zeruth/runescape-client/blob/master/src/Client.java#L3348 They also can detect when you move your mouse outside of the screen, and how many ticks (Ticks are capped of course): https://github.com/zeruth/runescape-client/blob/master/src/Client.java#L3324 Reconstructing their mouse collection: ||) Equal, or zero movements are tracked by ticks. If you don't move your mouse for 30 ticks, they'll know. They most likely use this for multiple purposes, the biggest being the ability to figure out the entire mouse movement rather then just bits of it. 1) Movement of the mouse is tracked, smalls/medium movements exactly by this (Only medium/small per-tick movement difference under about 30 in length) int yDiff = (recordedY - previouslyRecordedYMove); int xDiff = (recordedX - previouslyRecordedXMove); handler.packetBuffer.putShort(yDiff + (idleIndexesPassed<< 12) + (xDiff << 6)); idleIndexesPassed = 0; movementIndex = the indexes skipped before finding a mouse move in the X/Y mouse recorder. Used to track time between mouse movmenets. 2) Larger movements that are made in less then 8 ticks of "idle" mouse: (Actual location sent) int var10 = (recordedY * 765 + recordedX); handler.packetBuffer.put24bitInt((idleIndexesPassed << 19) + var10 + 8388608); idleIndexesPassed = 0; 3) Large movements that are made 8+ ticks from being "idle" (Actual location sent) int var10 = (recordedY * 765 + recordedX); var14.packetBuffer.putInt((idleIndexesPassed << 19) + var10 + -1073741824); idleIndexesPassed = 0; (Don't mind the -1073741824 or other random numbers. Java doesn't support primitive unsigned numbers, so you have to use hacky stuff to compress your integer sizes) The majority of OSBot's movements would fall under #1's logging. The others are just for larger mouse movements (in terms of last X/Y -> new X/Y). Why do they multiple Y by 765? Because they've capped the X axis from exceeding 764 therefor they can easily mathematically combine the two integers for saving resources, then de-couple them whenever they want. So what does all this have to do with OSBot's mouse movement? Well, I performed a basic test to grab the mouse movement delta's between every 50MS tick (Just as Jagex does) and found 100% consistency among certain parts of their mouse movement patterns: OSBot's mouse movement: https://pastebin.com/AJn2NC31 My own mouse movement: https://pastebin.com/vnGtX16z Right away you should notice many flaws inside OSBot's mouse sample. As you can clearly see, OSBot repeats ONLY 4-5 at the end of movements, AND at the last few deltas at the end of the movement, it goes from Lower, Bigger, Lower, This seems to be the case with virtually all mouse movements over 4-5 pixels large made by OSBot. So if I'm able to detect this flawed mouse movement in a matter of seconds with basic math, then so can Jagex? This would also explain why tasks requiring massive amounts of mouse movement, such as agility, have much higher ban-rates vs something like fighting, or AFK tasks. Does this mean this is the only detection method banning OSBot? Absolutely not. However, in my experience, I've yet to be banned by using OSBot as an API for everything BUT mouse movement, or camera movement (Of course with a lot more human-like behavior sprinkled on top of the scripts). This is purely based on only a little more then a week of botting without a ban, so it's possible I'm not bypassing, but simply delaying my ban. Hell, it's possible I was detected the second my script first started and now i'm just riding a monthly ban wave. Still beats a daily ban wave though...

Yeah that's what I've heard, so far I've made it through one weekend, but we'll see about this one..

Yeah it's just more of a test atm to see if people get banned from the anti-bot recognizing a clear loop. In the future, it wouldn't be hard to tie things like clicks in with entities and failable actions that'll repeat if failed. Atm I personally only really use it for splashing, alching, powerleveling (Haven't tested for over 30 minutes because no time to watch), and just other generic autoclicking. Basically stuff that if it was interrupted, say by a lag spike or an NPC getting in the way somehow, wouldn't lead to the script failing entirely, just delaying it.

Thanks for posting your findings. For clarification, are you a non-member? In my experience, I used to get banned between 4AM->5AM (Pacific Time) on f2p minebots. From what I've heard, not actually experienced is, MEMBERS accounts must be manually reviewed before a ban is applied. Also, what bots are you using? Fightbots, minebots, fisher bots?

Description: REEEpeater's just an idea I had a few days also that I finally had time to apply to OSBot. Basically, this script allows you to feed the bot mouse movement, and clicks (right/left only atm) and then loop it! Your loop can be thousands of mouse movements/clicks, it doesn't matter. I recommend a fairly large sample however, incase jagex does consistency checks (Which they seem to do). Features: - Records mouse movement for looping - Records clicks for looping [Left/Right click only ATM] (Would allow for a more advanced/safer autoclicker!) How to use: 1) Put the REEpeater.jar into your scripts folder 2) Load up OSBot, and launch the script! 3) Activate mouse movement (4th SMALL button from the top left of the client) 4) Once you get fully in-game and are ready to train a pattern, press SPACE key to activate the recorder 5) Move your mouse, and click as you normally would. Note, changes in camera are current UNSUPPORTED due to the nature of how the camera is moved. So don't adjust your camera once you start recording!! 6) Your pattern should be pretty big, as to not appear as a blatant pattern. I personally train it for 20 minutes to be safe, but the longer the less likely you'll get banned (Assuming they detect consistency). 7) Once you feel like your pattern is perfect, return the mouse to the RED BOX which represents where you first initiated the recording and press SPACE. (It'll loop, so it's important to have the end of the recording match the beginning) 8 ) Quickly remove your mouse from the screen and allow REEEpeater to do it for you. To stop the script, just hit stop or pause. |> Be careful with interference with the bot by putting your mouse onto the canvas. I have NOT tested bans with this yet and that's why I've posted it as a "test release". If you get banned, please post your results here. If this is too easily detected, I have no reason to make it more advanced and add the ability to save recordings to disk for later play. Much more will come to this repeater is all goes well - or at least.. Somewhat well. Download: REEEpeater.jar Showcase (Soon I'll have a video hopefully.. Very slow internet..): https://i.gyazo.com/1a84ab4a42382ffb564892d993baf090.mp4 https://i.gyazo.com/50cc5d7ef14fd3633694ba1cf61bf1f8.mp4

Fucking RIP man.. This is my daily fear.. Almost got 70 attack/strength, and got a good amount of money from bot farming entities. If I were you I'd try my chance on an appeal lmao. I've heard stories of people getting unbanned, maybe you'll get lucky.

I think the big disconnection here is I have a lot of experience building anti-cheats, and you have a lot of experience building bots. Please take the time to fully read my post so you understand what I'm saying because I still believe you're not understanding me. If you believe 1mb per 3.4 HOURS of constant mouse movement is a lot then... I reeally can't argue with you because that's your opinion. It's such a minimal amount of data based on other heuristic checks used by companies like Dice. I'm basing those samples on a 50MS tick - the exact same Jagax does. As you can see by my results, OSBot repeats patterns on a 100% basis on mouse movements, no matter where on the screen you click. I'm not sure why you think 20 samples in a single second is so small, so here's a visual representation: https://i.gyazo.com/4eb9de90c1c8a60959e874fb24488ab3.mp4 This picture is a result of applying my recorded samples of my own movements on a 50MS tick-rate. As you can see, it's very smooth, very clear to see deviation, and very easy to follow. Edit: And I've found the right path so far.. Still haven't gotten banned, but still haven't botted over 6 hours straight. When I'm done training this account I'll likely sell or release the scripts for all. Soon I'll be releasing a little trainer tool you guys can use to create your own autoclickers / mouse movement patterns. Edit2: Forgot to address the age of the previous tests. My point was, Jagex changed their anti-cheat massively in the past two years, and trained more patterns. There was a time RSPeer bypassed even

You said the test was done a few years ago.. This directly renders whatever findings they had useless and outdated. They've updated the anti-bot many many many times in the past few years, and banrates directly prove that. And 50ms is a perfect amount to detect mouse patterns. That's 20 ticks a second (What minecraft runs on). Within those 20 minutes, you can map out their angles, check for deviation, check for DPI consistency, and check for patterns. You'd have on average 6-10 point captures per mouse movement. And it's not really that much data, especially since they combine the 2 byte integers into a single 4 byte and save/send it as that. That means they can store 250,000 x/y captures per 1mb. That translates to around 3.4 HOURS of data capture per user. My personal thought is they run a botcheck about every day, apply bans, and reset data. I really don't believe they'd keep the data over a few days otherwise i would of been easily banned by now. There's really no need to keep the data over a day anyways unless they do daily behavioral checks based on previous days (They defiantly don't, or just haven't done it in a few weeks). Edit: Here's evidence of how they combine x/z and send: https://github.com/zeruth/runescape-client/blob/master/src/Client.java#L3342 Also notice how they too capture the difference of the movement: https://github.com/zeruth/runescape-client/blob/master/src/Client.java#L3337 That means they're clearly using the same, or near check as I was. Simple by recording the delta's they can pickup on patterns with little to no math. Edit2: Here's evidence of the laughable flaws in OSBot's movement (My original evidence got deleted). These samples were made testing by interacting with an NPC, pond, and a tree (All at tutorial island) OSBot: https://pastebin.com/AJn2NC31 My mouse movement, I tried to mimic OSBot the best i could: https://pastebin.com/vnGtX16z As you can clearly see, OSBot repeats ONLY 4-5 at the end of movements, AND at the last few deltas at the end of the movement, it goes from Lower, Bigger, Lower, Bigger. A programmer with 1 week of experience could make something to detect that. Jagex has all the data I used on that sample (50MS tick), and yet you all say I'm wrong

Rspeer injects spoofed data into the mouse location arrays. It's very inaccurate data however, and will still lead to a ban assuming jagex checks mouse accuracy (Rumors claiming they do). Therefor as far as Jagex knows, it's making mouse movements. Timings matter a lot too, which is why i mention mouse consistency. This, however, isn't the only factor you need to account for.

I literally posted evidence that the mouse movement on OSBot is easily detected... Test for yourself if you don't believe me. Check the delta between mouse movements of OSBot and you'll see a very clear pattern. I've confirmed this was banning me by changing my mouse movement all together. I'm very active in the anti-cheat community on various platforms and came here to share some of my knowledge. You'd be surprised how big mouse delta/movement plays in detecting all sorts of hacks ranging from aimbot, all the way to automation. I provided the easiest way we'd use to detect a pattern, mouse delta patterns. More specifically, how the mouse ends a movement. Edit: Also if you call what people have said here feedback, yikes. Continued with evidence further down->

People are bashing simply because they've probably found alternative methods, or just suicide bot. I can confidently say that I've yet to be banned for botting anything since last week simply by taking the things I've said in this very topic into account. Simply by changing the mouse movement of my script to use my own recorded mouse movements in combination with a few of OSBot's mouse movements, I have thrown off the heuristics completely (Or so I'm lead to believe.. We'll see in a week from now..). And if you're HIGH alching, I HIGHLY recommend you sightly move the mouse around here and there. The movements should only be bursts of movements from 1-2 pixels per tick, which you can easily do without the use of OSBot's mouse API. "Honestly I think the clients just being detected". This is very true. Jagex doesn't target simple things such as checking stats, typing, ect, but rather CORE features of these frameworks such as mouse movement, and clicking. ALL botting frameworks I've tested produce the same, or worse patterns/flaws as I described earlier in this post. Even making a 5 pixel mouse change produces flaws. Using OSBot WILL lead to a ban at it's current state ASSUMING you're using 100% of it's API for mouse. If you want to see whether your mouse moving tricks/utilities will be easily detected, then track the delta and see whether it's consistent anywhere - especially the last delta of the mouse movement, which in most cases, will be the most machine-like due to the nature of how most these mouse movers get to that position after so much randomization done to the movement vector/speed. Appearing human is not all you must do to bypass the heuristic checks. Appearance is simply an illusion. You need to dig deeper into the actual movements, and view the raw data for yourself whether your mouse movements are closely related to your own mouse movement. Everyone acts like Jagex has one of the most powerful anti-cheats ever made, when in reality, we just have some of the worst API's. Mind you, this is the same company that just killed everyone in dead man mode LMAO And lastly, I want to clarify that mouse movement probably isn't the biggest detection factor. It was just the biggest factor for my own scripts. Movement, consistency, and clicking still play a large role in bans.

Little to no mouse movement = very unlikely to be banned. Splashing, alching, ect have never lead to a ban for me. I'd also recommend making clickspeed semi slow, and inconsistent. Also adding in random off-screen "AFK" breaks for like 10-20 seconds would also be good. It's very hard to not make minor mouse movements while doing tasks that require such, so keep that in mind aswell.

I'm in the same boat. Got my combat stats all at 60, but too scared to actually use the account O.O

Botted 40 defense, strength, and attack last night, no ban.

They defiantly clear it. There's tons of input data they use for heuristics alone. Every 50 milliseconds your current mouse position is recorded and sent to the server. I doubt they'd keep samples over a month tops.

I just stopped using OSBot for the most part and using more basic stuff like a small screen pattern repeater I made. Haven't gotten banned for botting mining/combat since (Still don't bot for over 6 hours a day...). I'm sure people have ways of using OSBot, but by default, the mouse movement is 100% detected and makes some of the most obvious patterns at a 98.5% rate... I just posted this to call out all the "VIP", or "premium" scripts for their blatant lies on their "anti-ban".

Well yeah but you could say that about virtually anything lol. You can't drive a normal car, then suddenly drive a racecar. Even though you know how to drive a car, you'd require training/extra learning to operate a racecar. Same instance here. You'll start with a bunch of if/else statements and a basic script, and as time goes on you'll want to expand your knowledge to further your script performance, and hopefully begin to use OOP. Having a project to work on in order to learn makes learning a lot more fun and engaging. There's nothing that's comparable to it. Imagine if you enjoyed school, and studied for fun - you'd be a fucking genius lol.

Scripting is incredibly easy to the point I'd consider it a very fun pathway into learning Java. Although maybe instead of asking basic questions here, he could of just googled it.

Untrue. It gets locked if their systems detect that you're using an "anonymous proxy" whether you confirm the email or not. Source: Happens to me a lot

Ran for a full 24 hours for the memes. No bans - Best anti-ban software of 2015-2019

Ok let me walk you through the thread I guess. I said: "As for injection, I'd say the easiest way to detect "stealth injection", without having to do any hashcoding, would be to just grab the list of threads. OSBot creates many threads for it's botting" So what does that imply? That right there is me describing a method Jagex could use to detect other suspicious threads running in their VM. Did I say they use such tactics? Nope? Have they used things inside the client to instantly flag bots in the past? Yup. So you can see why I got the idea that maybe OSBot's stealth is detected, but only as a third party client; which doesn't automatically mean it's a bot. So now to figure out how the anti-bot works, we must become the anti-bot. If you read some of my newest posts, you can see I've found a way to very easily detect OSBot based on mouse movement. I also linked the code DIRECTLY to where the runescape client sends mouse movements to the server 100% verifying that they do use mouse movements. If you review my data I provided, you can see that you TOO can see that the mouse movement on OSBot is VERY flawed and would flag heuristics 100%. And I do want to point out one thing. As you have been testing out random scripts/timings to bypass, I've been purposely trying to get alts banned to figure out what they're basing checks on. It's not magic, it's basic math. And no, they don't go "Ok john collected resources for 3 hours straight. 100% bot. Banned". Massive times such as 10+ hours would be impossible for a human so that makes perfect sense to ban on that, but I still think they'd require some evidence from their anti-macro to initiate the ban. Once OSBot's developers fix/change the current clicking methods, I'll then try to see if I can easily detect OSBot through other means aswell. Being that the sourcecode for Runescape is easy to get, it shouldn't be very difficult. Edit: Also, just for clarification. Private scripts, public scripts, ect. Doesn't matter. If they're using OSBot's interaction/click API then they too are flawed and will get you banned. Public scripts tend to have static pathing and bugs which obviously lead to faster bans, but private scripts really aren't far off.

You've clearly got some weird grudge against me so how about this.. I'm an experienced programmer with tons of experience from numerous projects ranging all the way to fullstack development. It's how I make a living. I don't give a fuck if you can bot on runescape, and I really don't care if you have more experience botting runescape then me? This has NOTHING to do with experience! This has to do with dissecting runescape's bot detection and figuring out why we're being banned. Which, btw, requires VERY LITTLE experience botting. We're on the same team here so stop attacking me ffs. I'm actively finding flaws in OSBot, while you're sitting here trying to bring me down for absolutely no reason other then to expose I'm new to the OsBot community. And yes, I said I "last longer then a good amount of people here". Why do I last longer? Because my scripts consist of multiple jobs ranging from moneymaking, to AFKing, to combat, to firemaking. How's that contradicting what I said? Where did I say I don't get banned...? I'm literally following the logic of the post by saying I'm DELAYING the ban. Now stop attacking me, and maybe help out?

Yes it is: https://github.com/zeruth/runescape-client/blob/master/src/Client.java#L3298 If you trace the elements from mouseRecorder, you can see, despite the annoying obfuscation, that they are sending the mouse movements directly to the server as a single integer combined to save resources. If I can see whether a user is using OSBot using 100% mouse-movements in a matter of minutes, so can Jagex. They're just fucking with us, feeding us false information on what bans, and what doesn't. Everything people say on this forum is the bullshit Jagex tricked them into believing.

Finding some flaws/patterns in OSBot's mouse movement already. I'll do a further analysis/logging tomorrow when I hopefully have more time. Until then, I'll leave you guys with this bit of information: Here's a small sample I collected from using basic interact functions from OSBot: (Ignore smallest, I was just insuring it made proper movements) https://pastebin.com/r1PiVRu0 First flaw that instantly pops into your face is the fact that OSBot's mouse nearly ALWAYS ends the movement with a delta of 5.0 pixels or near there. Whereas with a normal user, you'd likely end it with a 1.0 pixel change mostly, or random. Another somewhat flaw (Not nearly as vital) is the fact that OSBot hardly ever moves 1 pixel, and when it does, it NEVER repeats more then just one pixel (Edit: It repeats on tiny mouse movements). which is very very common among a human user (Unless you've got very high sensitivity). Now, if the OSBot had very high sensitivity, that wouldn't be too weird. But... It doesn't. It averages at around 30 or so pixels per movement, which is somewhat of a normal sensitivity - but being normal, it should also produce a good amount of smaller pixel changes awell, ranging from 1-3; As I already mentioned above, I do plan on diving into this further later on when I have more time. I hope you all are beginning to understand my argument now that I've brought evidence to the table. Third flaw: Almost always starts with 1-2 pixel mouse movements Fourth flaw: Last few numbers go from lower, to suddenly higher: [INFO][Bot #1][03/29 05:29:50 AM]: Delta: 2.0 Smallest: 1.0 Tick: 489 [INFO][Bot #1][03/29 05:29:50 AM]: Delta: 1.0 Smallest: 1.0 Tick: 491 [INFO][Bot #1][03/29 05:29:50 AM]: Delta: 4.0 Smallest: 1.0 Tick: 493 [INFO][Bot #1][03/29 05:29:50 AM]: --Mouse movement ended @Patrick @Maxi Might want to look into this. I can detect someone is using OSBot in under 5 minutes. Now imagine if I collected a data-set containing hours of mouse movement data. I'll happily contribute if you've got a repo somewhere on the web. What I'm wondering now is.. With all this data they're storing, there's no way it has no expiration date? I wonder if the data expires relativity quickly after you logout? Maybe that's why people tend to have success with large break times. Maybe they query the data every 12->24 hours then clear it? Maybe it lasts for weeks..? We'll probably never know.... Edit2: The tick-rate, and mouse sampling produced in the samples is based on the draw function provided by OSBot's API.

This might sound stupid, but what if we simulated touchscreen devices...? That'd cut the whole mouse movement tracking variable out which may help reduce bans