caketeaparty Posted May 3, 2019 Share Posted May 3, 2019 3 minutes ago, asdttt said: Injection uses reflection. Reflection is just API that allows you modify the behavior of methods, classes, ect at runtime. And idk what you're doing to get banned that fast. I bot 6 hours a day on my main training various stats, even mining, and I've yet to be banned. The client check most likely is a result of already being flagged as a bot, or assumed as a bot. It might add to the % a user is a bot. I'd go as far as saying if they detect you're using the official client (mirror mode), the ban requirements are slightly raised. Yeah, automatic flagging could be the main culprit in how quickly I'm getting banned. In a previous thread, I did note I got much better results botting on a residential IP on injection, but even then, all accounts were eventually banned. It still doesn't explain the huge discrepancy between bans on Injection and Reflection for me if they are essentially the same. The only conclusion I can come to is that they are not quite the same. Quote Link to comment Share on other sites More sharing options...
asdttt Posted May 3, 2019 Share Posted May 3, 2019 1 hour ago, caketeaparty said: Yeah, automatic flagging could be the main culprit in how quickly I'm getting banned. In a previous thread, I did note I got much better results botting on a residential IP on injection, but even then, all accounts were eventually banned. It still doesn't explain the huge discrepancy between bans on Injection and Reflection for me if they are essentially the same. The only conclusion I can come to is that they are not quite the same. Idk the anti-bot is simply too big to pinpoint exactly what's causing the bans. Residential IP's 100% result in a lower banrate as opposed to VPN/proxy IP's that are flagged as such however. All the users on here generally claim that either mirror mode makes no difference in their banrates, or a slight difference. I think it just boils down to what I said though - essentially that non-official clients will flag faster due to being a an unofficial client (Mirror mode would flag as official in theory from the checks I mentioned). Almost certain Jagex's anti-bot measures are tiered anyways. It's possible client detection is the X tier that feeds into their bot % chance. It's even possible that one of their higher tiers loads a .dll which would detect things like non-hardware mouse movement/clicks from an OS level (Such as windows/Linux/Mac API). One thing that seems to be for certain is bot/play time 100% is used in their anti-bot detection. Whether it's for teiring their anti-cheat measures, or simply for feeding into a pool of checks that produces a bot certainly output on the selected players idk. Quote Link to comment Share on other sites More sharing options...
ilikecheating Posted May 3, 2019 Share Posted May 3, 2019 I think mirror mode is much safer than si Botting for 8 hours+ daily and still no bans Quote Link to comment Share on other sites More sharing options...
caketeaparty Posted May 4, 2019 Share Posted May 4, 2019 (edited) On 5/2/2019 at 9:19 PM, asdttt said: Idk the anti-bot is simply too big to pinpoint exactly what's causing the bans. Residential IP's 100% result in a lower banrate as opposed to VPN/proxy IP's that are flagged as such however. All the users on here generally claim that either mirror mode makes no difference in their banrates, or a slight difference. I think it just boils down to what I said though - essentially that non-official clients will flag faster due to being a an unofficial client (Mirror mode would flag as official in theory from the checks I mentioned). Almost certain Jagex's anti-bot measures are tiered anyways. It's possible client detection is the X tier that feeds into their bot % chance. It's even possible that one of their higher tiers loads a .dll which would detect things like non-hardware mouse movement/clicks from an OS level (Such as windows/Linux/Mac API). One thing that seems to be for certain is bot/play time 100% is used in their anti-bot detection. Whether it's for teiring their anti-cheat measures, or simply for feeding into a pool of checks that produces a bot certainly output on the selected players idk. Now that you mention it, it does make a lot of sense that they would have different thresholds/tiers based on the factors they can or cannot detect. It seems to me that when botting on Mirror, botwatch doesn't scrutinize accounts as heavily presumably because they see the official client being used like you said. It could explain why it's much easier to get away with randomized autoclickers and mouse recorders on the official client, too, and Mirror just plays off of that weakness in their algo. On the other hand, if they detect you're using a proxy + 3rd party client, you're a much higher threat and on the radar at all times, right? Do you have any data on how injection fares on Linux vs. Mac and Windows? I use Windows vps mostly for Mirror of course, that could also be a major factor. Is there a chance they can't get certain data out of a certain OS that would effect the ban rate? Edited May 4, 2019 by caketeaparty Quote Link to comment Share on other sites More sharing options...
asdttt Posted May 4, 2019 Share Posted May 4, 2019 44 minutes ago, caketeaparty said: Now that you mention it, it does make a lot of sense that they would have different thresholds/tiers based on the factors they can or cannot detect. It seems to me that when botting on Mirror, botwatch doesn't scrutinize accounts as heavily presumably because they see the official client being used like you said. It could explain why it's much easier to get away with randomized autoclickers and mouse recorders on the official client, too, and Mirror just plays off of that weakness in their algo. On the other hand, if they detect you're using a proxy + 3rd party client, you're a much higher threat and on the radar at all times, right? Do you have any data on how injection fares on Linux vs. Mac and Windows? I use Windows vps mostly for Mirror of course, that could also be a major factor. Is there a chance they can't get certain data out of a certain OS that would effect the ban rate? The method's (such as GC/class checker) are both within the JVM, so the OS doesn't really matter for those checks. If they load native anti-cheat code (Hasn't been detected on OSRS), then they could detect whether the bots keyboard/mouse is coming from hardware, or software - although there's zero evidence to support they do this and it'd still be bypassable with some effort annd it'd need to be different methods per OS since it'd be different API and kernels. As for unofficial clients, I doubt it puts you on the radar 100% of the time. Runelight at this point is probably the most widely used client out of all of them and differs from each installation due to the plugins installed. Sure seems to put you on the radar FASTER according to the banrates on here (I myself have never used mirror mode, so this is 100% speculation). Your windows VPS may also have it's IP flagged as a proxy/vpn/dangerous IP. Although it's pretty obvious to find out because they'll lock your account shortly after beginning to bot lol. 1 Quote Link to comment Share on other sites More sharing options...
caketeaparty Posted May 4, 2019 Share Posted May 4, 2019 3 minutes ago, asdttt said: The method's (such as GC/class checker) are both within the JVM, so the OS doesn't really matter for those checks. If they load native anti-cheat code (Hasn't been detected on OSRS), then they could detect whether the bots keyboard/mouse is coming from hardware, or software - although there's zero evidence to support they do this and it'd still be bypassable with some effort annd it'd need to be different methods per OS since it'd be different API and kernels. As for unofficial clients, I doubt it puts you on the radar 100% of the time. Runelight at this point is probably the most widely used client out of all of them and differs from each installation due to the plugins installed. Sure seems to put you on the radar FASTER according to the banrates on here (I myself have never used mirror mode, so this is 100% speculation). Your windows VPS may also have it's IP flagged as a proxy/vpn/dangerous IP. Although it's pretty obvious to find out because they'll lock your account shortly after beginning to bot lol. True lol. I've found some stable proxies from Cogent and Verizon (some marked as residential) that still get locks. It's really hit or miss, but surprisingly Mirror keeps my accounts alive even on datacenter proxies that result in locks -- that's the main reason it's such a godsend to me. Hm...Maybe a different java version could produce different results then? I know next to nothing about Java, just trying to look at all possibilities. Quote Link to comment Share on other sites More sharing options...