Empire out of boredom: An Infosec's journey

[awssupport]

About
I played runescape back when 07 released because my buddies all played the OG game before the game got ruined by updates.  I quit after a bit and came back because all my same friends started playing again and had maxed accounts.  I remember botting for the hell of it right before I quit for the first time and I was immediately drawn into watching my bot play automatically, even though it was a hands free afkable activity I still found myself mesmerized by the bot.  

Fast forward to today and I find myself between jobs with an interesting skill set.  I've been working in in Infosec/IT roles for a bit.  While I have almost no experience with Java, I have been tinkering with C++ for a while and have been seriously using python, bash/shell scripting, and a few other languages for sys admin/linux engineering roles.  Obviously my coding could be much better but with the right resources and API I should be able to write scripts as needed.  Additionally, my experience with linux, automation, cloud deployment, security auditing, and programming I can see that while botting now has a high ban rate, with enough knowledge and self-made scripts, it can be quite profitable to run a full blown farming empire.

Goals 
(x = complete, o = in progress, blank = not started)

[x] Create Golden Image for VPN server allowing for scaleability as needed
[x] Identify 1 niche farming methods for p2p or f2p
[x] Write custom scripts handling farming & muling with redundancy for bans/disconnects/other issues across the supply chain
[o] Do testing for accounts running at various hours and times to identify patterns for banning and max hours per bond before ban
[x] 1 bot running with 1 mule
[ ] 25 bots running at all times
[ ] 50 bots running at all times
[o] Identify more farming methods to diversify income, reduce bottleneck, and reduce ban rate
[x] Farm first 1m
[o] Farm first 25m
[ ] Farm first 50m
[ ] Farm first 100m
[ ] Farm first 250m
[ ] Farm first 500m
[ ] Farm first 1b

Journal
9/13/2017 - Began setting up infrastructure for botting.  Already own/pay for a bunch of cloud infrastructure so I just spun up some containers with OpenVPN.  Experimented with running proxy servers but its honestly not worth the effort so far.  Not comfortable running unencrypted connections, and doing ssh proxychains magic isn't something I care to invest time into making stable and fault-proof/redundant, plus the current solutions are not up to my standards.  Open for linux-based suggestions if someone has input.  

9/17/2017 - Started running ~10 bots off various VPN connections on some Linux machines.  Only doing F2P botting with various public scripts to understand ban rate, profit per hour, botting functions, and get a feel for what I'd like to implement and not.  Collected decent data on time 2 ban for various duration of time.  Strongly suspecting that detection results in a delayed ban, much like Valve Anti-Cheat.  Likely core functions of the bot are detect that most people utilize or don't bother to custom make.  Will do more testing with my own scripts though.  Made my first 1m, but not counting this as its not my script and not using methods I want.  Going to put it towards the Bonds buying fund.  Beginning to look for methods to make money that are niche.

9/25/2017 - Identified a farming method with profits varying from 420k-600k/hr depending on market conditions.  Scale-able to a degree and not well known.  Working on my first script and quickly rummaging through some Java references to learn key differences between C++ and Java.  (Side note: I've always hated Java and have purposely avoided learning it for years).  Must have read almost every single post in the snippets section until I hit mid 2013s.  Also looked for open source scripts which give me ideas on how people structure their scripts and handle situations.

9/26/2017 - First semblance of a functioning script coming into existence.  Able to move between any locations, define areas, interact with NPCs, widgets, and handle combat.  Had script at about 60% today and left it unsaved like an idiot when I went out to grab dinner with my girl.  Came back and closed my development VM without thinking losing most of the work.  Not discouraged, actually find it kind of funny.  I'll remake it tomorrow better and build it more modular so that I can port functions to other future scripts and simply pass parameters as needed instead of hard coding information.  

9/27/2017 - Woke up early today determined to make up for yesterday's mistake.  Finished my script after a lot of fixing silly errors and babysitting the bot for a few hours.   My first bot is pulling in ~500k / hour.  Due to limited funds for bonds hopefully this one's profits will allow me to exponentially grow the amount of bots running this method until I can diversify.  Working on a second script utilizing world-hopping but don't want to use the API's built in functions for that as I suspect that will have a higher ban rate.  Trying to get ideas from other open-source solutions, likely will have to tackle this from scratch. 

9/28/2017 - Giving my test bot an off-day while I offload my supply of farmed goods.  Hoping for the best in terms of no ban, but if it happens I can dial in on detected techniques and work from there.  Can't do much progress today as I have to drive 2 hours out of town to work at a client site that requires Incident Response and some policy work to reduce chance of further breach... I'd much rather be programming today! 

9/29/2017 - Just got home, haven't slept in 36 hours of Incident Response work at a work site (Shoutouts to APT29 for being solid adversaries).  I checked on my bot and hes not banned yet!  Really didn't run the bot much as I ended up staying out of town due to the scale of work I was thrown into.  Going to grab some food and crash for a bit, then start this project back up in the morning when I can think clearer.

10/4/2017 - Had to go back to the office for a few days again, had some trouble dumping some of my farmed items on the market so I'll have to rethink my initial money making strategy.  I think I can layer it on top of a second one for a boost in income over the duration of the bond.  I'm anticipating that with my current rate I will remain unbanned at the end of my bond.  Missed a few days of botting here and there but the next attempt I will ramp up the hours and introduce 2 more farming methods.  Still not ready to scale up yet.  Found 1 new method two days ago for ~200k/hr, might need to add a third method to keep it rotating anyways.

10/11/2017 - Started a new job last week.  Significant travel time for significant higher pay than what I was making at my last one.  The downside is I have only 2 hours of free time or less per day during the week.  By the time I eat dinner and catch a single episode of any show its time to hit the sack.  I'll have to move the project to weekend only mode for now until I finish up my lease and move closer to the new job site.  Made it through a bond and a half without any bans on the same bot, so I'm doing something right.  

Edited October 11, 2017 by awssupport

[Runnwith]

Very good, I hope to see this grow. I'm looking into Farming, but have been to busy/make up my own excuses why I can't make a functioning farm.

[DeathmatchesGG]

This is awesome to see. Can't wait more updates:)

[transmission]

awesome start so far, good luck brother!

[Colonel_Panic]

Ooooh this'll be good. Glad to see someone else with technical background putting their knowledge to good use

[Anomaly]

bro the ratio is like 1/10 people who stick around. Dont get ur hopes up for anything going your way at all

[Butters]

Just now, adam k said:

bro the ratio is like 1/10 people who stick around. Dont get ur hopes up for anything going your way at all

Well he started on the right track and knows what he is doing.

Best of luck

[Anomaly]

Just remember everything is temporary when you bot... Everything. Sell the gold when you have it. Dont get greedy. Botting is about making money now not leveling up or whatever. Maybe Nmz is an exception i guess

[awssupport]

6 hours ago, adam k said:

Just remember everything is temporary when you bot... Everything. Sell the gold when you have it. Dont get greedy. Botting is about making money now not leveling up or whatever. Maybe Nmz is an exception i guess

Very true, I'm probably going to offload fast once I start getting a grasp of everything.  Right now I'm thinking I can reinvest for more bonds and increase the amount of bots I have at once.  

Added an entry for today, probably wont have time to do much today.  Have to do some IR work today pretty far out of town in dense traffic.  

[Anomaly]

I've always gone under the mindset of selling before reinvesting... contrary to irl mindset of business ik. Works

[awssupport]

6 hours ago, adam k said:

I've always gone under the mindset of selling before reinvesting... contrary to irl mindset of business ik. Works

I'll keep that in mind.  I think I'm most worried about mules getting banned than anything, so I'd imagine offloading fast works against that issue.  The thing is I want to build up to a certain level of bots before I start selling.  I guess things will all be determined based on how the early stages of this go.  

[Colonel_Panic]

49 minutes ago, awssupport said:

I'll keep that in mind.  I think I'm most worried about mules getting banned than anything, so I'd imagine offloading fast works against that issue.  The thing is I want to build up to a certain level of bots before I start selling.  I guess things will all be determined based on how the early stages of this go.  

From my limited experience + talking to people who run larger farms.  Mules very rarely get banned, and to really limit your exposure, simply trade all the gold from your mules to a main account (or at least one that has some real play time on it) every day or so. 

Anyone else reading this who has had a different experience, feel free to correct me. 


 

Edited September 30, 2017 by Colonel_Panic

[Anomaly]

14 hours ago, awssupport said:

I'll keep that in mind.  I think I'm most worried about mules getting banned than anything, so I'd imagine offloading fast works against that issue.  The thing is I want to build up to a certain level of bots before I start selling.  I guess things will all be determined based on how the early stages of this go.  

No, jagex dosent start looking at mules unless youre trading a lot of diff ip's daily or always have 500m+ on the account

[awssupport]

Alright, so one of my money making methods is very low ban rate but the items take a bit to sell.  My idea is the bots will rotate into this method occasionally as the items sell to keep constantly selling them and to break up doing just one or two activities.  

My current bot looks like its going to hit the end of its bond with no ban.  I plan on considering the bots "burned" after one bond.  Its trivial to get the stat requirements/quest requirements I need anyways.  I'm in the process (about 70-75% complete) programming a third money making method.  Next test account I plan to approach the bot in a different way.  I will start off with lower risk activities with slower sell rates, once I dump those onto the GE I will increase the risk and profit per hour activities until either a ban happens or the end of bond.  Currently, I have mule support, but I'm doing the mule by hand with no bot client.  I'm hesitant to automate the mule role, but I don't think this will be too scaleable without doing so.

I'm considering programming a service which will only be accessible to those VPNd in locally or within the cloud network [putting self-programmed services into public internet is a really good way to get hacked, FYI, secure programming isn't easy and crypto is real hard to implement correctly contrary to the terrible advice on stack overflow.  But keep doing it so I keep getting hired ].  The service will handle communication between bots.  At first I aim to do something simple such as tell all bots to enter a mule routine and come to the correct world, location, and trade (gold - gold required on hand) to the mule(s).  This will also serve as a backbone for potential ideas such as the ability to have a party/swarm of bots working towards a central goal, with a single server (with a continuity server in case it crashes) handling their actions.  An example of this could be used for raiding, bossing, pvp, or other actions which coordination results in benefit or the ability to complete tasks. 

I'm more interested in doing this for a few reason, one being its a fun learning experience.  Two, its extremely useful if I ever begin working on long-term higher stat accounts.  
 

[TL57]

Nice read bro.