asdttt Posted April 7, 2019 Share Posted April 7, 2019 (edited) Made an earlier post about how all OSBot scripts seem detected, and posted some findings relating to the banrates of changing various things such as timings, clickspeed, movement, and mouse DPI. In testing, I found that almost 100% of all OSBot's mouse movements follow very simplistic patterns that are picked up very quickly by Jagex's anti-bot. This goes for ALL other client's I've tested, all containing some flaw within their mouse movement, whether it be [Other-Bot-Client]'s flawed inaccurate spoofed mouse movement, or [Other-Bot-Client]'s consistency. I've reported these flaws to the developers of OSBot already, but was not met with confirmation on whether or not they'll do anything about it. Possibly because they're still under the illusion that mouse movement doesn't play a big role in detection. So here's a topic to prove just that. First off, let me start by showing that Jagex certainly does record mouse movement: https://github.com/zeruth/runescape-client/blob/master/src/MouseRecorder.java#L40 This shows the frequency of their collection. 50MS ticks, which is equivalent to 20 times a second. Now you could say.. But isn't 50 MS not enough to accurately depict mouse movement? And that is true to some extent, but it's more then enough data to analyse in order to find flaws or patterns. Here's what it looks like to move a mouse on a 50MS tick-rate: https://i.gyazo.com/4eb9de90c1c8a60959e874fb24488ab3.mp4 A common argument may be that collecting mouse movement is an absurd amount of data, but.. They combine the integers into mostly a 2 byte for small/medium, and larger a 3 byte or 4 byte and save/send it as that. That means they can store around 250,000-500,000 x/y captures per 1mb. That translates to around 3.4 HOURS of constant mouse movement data capture per user. That data would obviously build up over-time, but IMO Jagex most likely clears this data either every ban-wave, or every week. Which wouldn't really be that much. You could also compress these integers an insane amount due to how primitive the encoding would be. They also only send movements, not equal, or zero movements: https://github.com/zeruth/runescape-client/blob/master/src/Client.java#L3330 - Although, they still keep track of those equal/zero movements: https://github.com/zeruth/runescape-client/blob/master/src/Client.java#L3332 So we can see they record the data locally, but do they send it to the server? The answer is, yes. Here's proof of that (Annd they send a loot more then just that...): https://github.com/zeruth/runescape-client/blob/master/src/Client.java#L3307 And here's them encoding the difference between mouse x/y movements into a 2 byte integer and appending it to their packet buffer (Only medium speed movements under about 31 pixel per 50MS): https://github.com/zeruth/runescape-client/blob/master/src/Client.java#L3342 And here's them encoding movements into a 3 byte integer and appending it to their packet buffer (var10 = mouseY * 765 + mouseX): https://github.com/zeruth/runescape-client/blob/master/src/Client.java#L3345 And here's them encoding movements into a 4 byte integer and appending it to their packet buffer (var10 = mouseY * 765 + mouseX):: https://github.com/zeruth/runescape-client/blob/master/src/Client.java#L3348 They also can detect when you move your mouse outside of the screen, and how many ticks (Ticks are capped of course): https://github.com/zeruth/runescape-client/blob/master/src/Client.java#L3324 Reconstructing their mouse collection: ||) Equal, or zero movements are tracked by ticks. If you don't move your mouse for 30 ticks, they'll know. They most likely use this for multiple purposes, the biggest being the ability to figure out the entire mouse movement rather then just bits of it. 1) Movement of the mouse is tracked, smalls/medium movements exactly by this (Only medium/small per-tick movement difference under about 30 in length) int yDiff = (recordedY - previouslyRecordedYMove); int xDiff = (recordedX - previouslyRecordedXMove); handler.packetBuffer.putShort(yDiff + (idleIndexesPassed<< 12) + (xDiff << 6)); idleIndexesPassed = 0; movementIndex = the indexes skipped before finding a mouse move in the X/Y mouse recorder. Used to track time between mouse movmenets. 2) Larger movements that are made in less then 8 ticks of "idle" mouse: (Actual location sent) int var10 = (recordedY * 765 + recordedX); handler.packetBuffer.put24bitInt((idleIndexesPassed << 19) + var10 + 8388608); idleIndexesPassed = 0; 3) Large movements that are made 8+ ticks from being "idle" (Actual location sent) int var10 = (recordedY * 765 + recordedX); var14.packetBuffer.putInt((idleIndexesPassed << 19) + var10 + -1073741824); idleIndexesPassed = 0; (Don't mind the -1073741824 or other random numbers. Java doesn't support primitive unsigned numbers, so you have to use hacky stuff to compress your integer sizes) The majority of OSBot's movements would fall under #1's logging. The others are just for larger mouse movements (in terms of last X/Y -> new X/Y). Why do they multiple Y by 765? Because they've capped the X axis from exceeding 764 therefor they can easily mathematically combine the two integers for saving resources, then de-couple them whenever they want. So what does all this have to do with OSBot's mouse movement? Well, I performed a basic test to grab the mouse movement delta's between every 50MS tick (Just as Jagex does) and found 100% consistency among certain parts of their mouse movement patterns: OSBot's mouse movement: https://pastebin.com/AJn2NC31 My own mouse movement: https://pastebin.com/vnGtX16z Right away you should notice many flaws inside OSBot's mouse sample. As you can clearly see, OSBot repeats ONLY 4-5 at the end of movements, AND at the last few deltas at the end of the movement, it goes from Lower, Bigger, Lower, This seems to be the case with virtually all mouse movements over 4-5 pixels large made by OSBot. So if I'm able to detect this flawed mouse movement in a matter of seconds with basic math, then so can Jagex? This would also explain why tasks requiring massive amounts of mouse movement, such as agility, have much higher ban-rates vs something like fighting, or AFK tasks. Does this mean this is the only detection method banning OSBot? Absolutely not. However, in my experience, I've yet to be banned by using OSBot as an API for everything BUT mouse movement, or camera movement (Of course with a lot more human-like behavior sprinkled on top of the scripts). This is purely based on only a little more then a week of botting without a ban, so it's possible I'm not bypassing, but simply delaying my ban. Hell, it's possible I was detected the second my script first started and now i'm just riding a monthly ban wave. Still beats a daily ban wave though... Edited April 9, 2019 by asdttt Fixed some missing info 18 1 Quote Link to comment Share on other sites More sharing options...
asdttt Posted April 7, 2019 Author Share Posted April 7, 2019 (edited) Here's a utility to sample mouse deltas: public class MouseDebugger { private int tick = 0; private int lastMouseX = 0; private int lastMouseY = 0; private boolean endedMovement = true; private int noMoveTicks = 0; private Script script; public MouseDebugger(Script script) { this.script = script; } //Run this on a 50MS tick, or whatever you want to sample on public void tick() { final Point mosePosition = script.mouse.getPosition(); if (lastMouseX != mosePosition.getX() || lastMouseY != mosePosition.getY()) { double actualDistance = Math.sqrt((lastMouseY - mosePosition.getY()) * (lastMouseY - mosePosition.getY()) + (lastMouseX - mosePosition.getX()) * (lastMouseX - mosePosition.getX())); if (actualDistance > 0 && actualDistance != Double.NaN) { script.log("Delta: " + actualDistance + " Tick: " + tick); } endedMovement = false; noMoveTicks = 0; } else { ++noMoveTicks; //Change according to how long you pause until making another mouse movement if (noMoveTicks >= 6) { if (!endedMovement) script.log("--Mouse movement ended"); endedMovement = true; } } lastMouseX = (int) mosePosition.getX(); lastMouseY = (int) mosePosition.getY(); ++tick; } } Edited April 7, 2019 by asdttt 5 Quote Link to comment Share on other sites More sharing options...
nvrsince Posted April 7, 2019 Share Posted April 7, 2019 I highly doubt anything will be done about this unless they're willing to hire you Quote Link to comment Share on other sites More sharing options...
Night Posted April 7, 2019 Share Posted April 7, 2019 I didn't read the post, but you might want to be careful about posting Jagex's code on your github. They tend not to like people doing things like that (redistributing copy-righted code). 1 Quote Link to comment Share on other sites More sharing options...
THS Posted April 7, 2019 Share Posted April 7, 2019 I'm willing to entertain this and I don't even know what I'm looking at. Any script kiddies wanna give me the juice? Quote Link to comment Share on other sites More sharing options...
asdttt Posted April 7, 2019 Author Share Posted April 7, 2019 1 hour ago, THS said: I'm willing to entertain this and I don't even know what I'm looking at. Any script kiddies wanna give me the juice? Tl;Dr: OSBot's API to move the mouse is very flawed, and the appearance of it looking human is only an illusion. Even moving the mouse randomly would produce the same flaws. Only thing that doesn't appear to have flaws is moving the mouse outside the screen. 1 Quote Link to comment Share on other sites More sharing options...
dragonite3000 Posted April 7, 2019 Share Posted April 7, 2019 someone give this man a job 1 Quote Link to comment Share on other sites More sharing options...
Developer Patrick Posted April 7, 2019 Developer Share Posted April 7, 2019 Not only did I already tell you I believe mouse movement can be used for detection - all be it only a very small part of the system -, I also told you it's something we're interested in changing and are discussing. From months of testing I can confirm that you can bot without getting banned when botting 4+ hours almost everyday, when only using the OSBot API. 3 1 Quote Link to comment Share on other sites More sharing options...
Tesh Posted April 7, 2019 Share Posted April 7, 2019 (edited) The fact of the matter is, all bots become detected at some point and there is no way of counteracting that. The way I look at it is, you're going to get banned eventually, so only use accounts you're willing to lose. Edited April 7, 2019 by Tesh Quote Link to comment Share on other sites More sharing options...
asdttt Posted April 7, 2019 Author Share Posted April 7, 2019 (edited) 34 minutes ago, Patrick said: Not only did I already tell you I believe mouse movement can be used for detection - all be it only a very small part of the system -, I also told you it's something we're interested in changing and are discussing. From months of testing I can confirm that you can bot without getting banned when botting 4+ hours almost everyday, when only using the OSBot API. You said, and I quote, "I would have to discuss with the others about changing the mouse movement". You never confirmed whether the mouse movement would be improved..? I figured you and the other devs simply came to the conclusion that the mouse movement was fine, because.. What else was I suppose to believe...? Maybe your testing is outdated. I couldn't find a single miner bot on this entire form, paid or free, that bypassed 3 hours of mining. I had to make my own script to bypass, and only until I stopped using some of OSBot's API was I able to successfully bypass and still to this day I've yet to be banned. Even agility training is bypassing now, which is a very high banrate due to the amount of mouse movement required in most courses. It's got a lot of human-like behavior too like not being consistent, taking tiny breaks - like emulating a human moving the mouse off screen to click something in another window, ect. And yeah, it doesn't account for the majority of their detection's, but it still can and will lead to a ban - which in my case, was the only reason I was actually being banned. Edited April 7, 2019 by asdttt 1 Quote Link to comment Share on other sites More sharing options...
asdttt Posted April 7, 2019 Author Share Posted April 7, 2019 19 minutes ago, Tesh said: The fact of the matter is, all bots become detected at some point and there is no way of counteracting that. The way I look at it is, you're going to get banned eventually, so only use accounts you're willing to lose. This is true, but as RS's history goes, there is always a way around it. Yeah, they can patch it, but that patch is a small piece of tape on a massive industry. It also generally takes multiple months to years for them to fix too which is more then enough time to make a lot of $$. Quote Link to comment Share on other sites More sharing options...
asdttt Posted April 7, 2019 Author Share Posted April 7, 2019 (edited) 37 minutes ago, Malcolm said: Can we be real here for a minute? We are talking about a bot...a macro to do an automated repetitive task. The developers do a fantastic job of supplying us with the tools that we need to give customers a product. I can also tell you that I have success with only using the OSBOT API. I do have some methods to do some things differently but for the most part the API is very good at what it does. There is no reason to bash the API or bash the mouse movements. The days where we could bot for weeks without a ban are gone. Jagex have adapted and their methods of detection are actually decent. Can you beat it? Who knows. Odds are if you bot for 16hrs/day with your own personal API and mouse you're still going to get banned eventually. Who knows, maybe Jagex figured out that you've done something unique and are just gathering information on your new advanced API and mouse movements "We are talking about a bot...a macro to do an automated repetitive task." - Yeah "repetitive task". You mean the very task required for literally any skill on OSRS? You think mining iron, banking, mining iron, banking without botting isn't repetitive....? What's your arugment lmao I think you're completely misunderstanding me and instead think I'm attacking OSBot... I'm not, I'm actually trying to improve OSBot. If I was bashing it, I sure as hell wouldn't still be using it as there are many alternatives. What I said and provided is undenyable proof. If you honestly believe that the samples created from using OSBot's mouse isn't very easy to detect then you're delusional and need to seek help. It's not about being advanced.. The current movement is advanced, and even has deviation in it's mouse movement.. However, the developers who made it probably were more focused on making it LOOK human, rather then trying to see if they themselves could pickup on the pattern. So why make this post? To bring attention to this issue... As simple as that. I've provided more then enough evidence/samples that Patrick should be able to make the necessary changes within OSBot to reduce, or remove this highly flawed mouse movement. Why did I "bash" on using 100% of OSBots API? Well for starters, I wasn't TRYING to, I was simply providing that I myself now suddenly bypass after changing the mouse moving functionality... It was an example to further my claim, which IMO, it has. Edited April 7, 2019 by asdttt 5 Quote Link to comment Share on other sites More sharing options...
Protoprize Posted April 7, 2019 Share Posted April 7, 2019 Do we forget to hover over WC? On a serious note, osbot is fine as is. I'm gonna be honest and just say it. I broke the one rule everyone says not to. I bot my main.... and I started 2 months ago with no ban still because I'm botting smart . Of course, in the end, changing osbot's mouse api would change the ban rates of using the client. But right now, that is a small priority, mostly due to the fact that Jagex is making their bot detection methods more and more obvious (and osbot needs to adapt to them first and foremost). The mouse is not the reason why people get banned. The reason for getting banned is sometimes just luck, but most of the time, it's stupidity. If you bot smart and not hard, you won't have issues. Quote Link to comment Share on other sites More sharing options...
asdttt Posted April 7, 2019 Author Share Posted April 7, 2019 1 minute ago, Protoprize said: Do we forget to hover over WC? On a serious note, osbot is fine as is. I'm gonna be honest and just say it. I broke the one rule everyone says not to. I bot my main.... and I started 2 months ago with no ban still because I'm botting smart . Of course, in the end, changing osbot's mouse api would change the ban rates of using the client. But right now, that is a small priority, mostly due to the fact that Jagex is making their bot detection methods more and more obvious (and osbot needs to adapt to them first and foremost). The mouse is not the reason why people get banned. The reason for getting banned is sometimes just luck, but most of the time, it's stupidity. If you bot smart and not hard, you won't have issues. There's no single reason why we're being banned. It's not as easy as that. This mouse movement is clearly one of many of these detection methods though.. As you can clearly see, it's very different then human mouse movement. It's very close to being there though. Quote Link to comment Share on other sites More sharing options...
Tesh Posted April 7, 2019 Share Posted April 7, 2019 From personal experience, ive been botting for years, and I mean years. Ive only ever gotten one account banned, due to my own stupidity. Been using OSBot for a little while now, not banned as of yet and no ones called me out for botting. Quote Link to comment Share on other sites More sharing options...