Getting closer to discovering the detection algorithm... (Part 2)

[asdttt]

This is part two of my findings, although this time I created an entire 3D imaging software to bot with. Previously I was banned using a randomized alching macro script, paired with a HID device completely indistinguishable from a normal mouse in terms of appearance to native programs - although it took around two weeks of near constant alching. 

The software...

Similar to how colorbots work, but based on imaging physical objects due to all the free libraries all over, computational speeds, and the simplicity of 3D objects in-game. I created a new software to control my HID device using a COM's port (Which it then translated to natural HID input). My mouse mover was a very advanced algorithm I worked on when I used to use OSBot, including a trained neural network portion which aided in speed/translations/overshoots/deviation/whatever. Multiple hours trained using my movements in-game to insure Jagex wouldn't be able to establish a difference between my movement, and the bots movement.

The HID device was then seeded by https://www.random.org/  as generated a seed on a device is incredibly difficult due to the simplicity of the OS and overall hardware obviously.

The bot, although somewhat slow at times, was very similar to my own movements. It's job was to simply mine for around 10 hours a day, then turn off.  Then turn on the next day. Surprisingly this bot managed to net 3 million GP mining tin, in the course of about 1-2 weeks, with some days off. That compared to MirrorMode on OSBot is a MASSIVE increase in botting time. Sadly, it was just banned for Macro Major..

 

Ban cause speculation

This ban bothers me. The software, undetected, the physical "mouse", undetected, the mouse movement, exactly as my own.. I'm really thinking, what pattern could possibly be this blatantly obvious that they would ban my poor bot permanently? No way it's the mouse movement? The pattern in mining, doubt it as it was based on my own (once more), and is simply too basic to detect a pattern. The timings?  Should of been very random, with unbounded lengths (Meaning a random integer between 1-100 could result in 20,000 randomly), but still not ruling this out.

Then lastly, the ban time frame.. It matches the alch bot near-perfect. A bot that did nothing but click a mouse, which didn't rely on software on the computer at all..

Is it possible that... Mouse down -> Mouse UP timing (A record I've already shown they logged), is responsible for these bans? Is it possible they're brute-forcing our seeds or using some type of algorithm which eventually learns our random patterns and can predict the next random number in the sequence (Given our randomizers use pseudorandom chains). 

Since we all use a static range of numbers between Mouse Down/Up, they will eventually detect regions of time of where our click events contain a constant, say 50-200MS between bound. Theoretically, given enough time, most numbers between these given bounds will result in the near-same number of uses. Writing an algorithm to detect a randomness pattern between the up/down (Or in other words, time it takes to click) would not be difficult, it would just require a lot of data. Furthermore, the ban rates tend to reflect mouse clicks. Agility for instance, requires clicking every 2 seconds.

Essentially my conclusion: Randomization is a double edged sword. May appear random, but given enough time, creates a perfectly symmetrical shape. Instead of a horizontal random number picker, perhaps we need to look into more "human-like" randomization.

 

Plans going forward...

What I plan to do now, for anyone who cares, is to graph some of this data to visualize the data Jagex is being sent just to see how "random" looks. My next plan is to once more bot the living FUCK out of some rudimentary task, but this time with mouse delays based on my own timings. If I'm still banned, I'm just going to assume Jagex carelessly bans anyone who is doing a task for too long and this whole thing is a waste of time lmao

The reason I focused on the mouse click delay in this thread is because it's the easiest input to track. No matter what bot, script, or macro you use, they all have randomized clicking. This is also the easiest pattern as it's consistent throughout all botting tasks

 

Edited February 25, 2022 by asdttt

[asdttt]

Here's some more data on these mouse events. This is only 300 clicks because I'm lazy

 

My mouse, manually:

https://i.imgur.com/3xqGR6X.png

An autoclicker

https://i.imgur.com/tBSKIOX.png

 

Right off the bat you'll notice two things. One, the randomization, or so we thought, is more evenly spread out. Contains a visually predictable median. Secondly, you'll see that in my manual clicks, there's an obvious hot spot where clicks are more likely to land between. Not only that, but my min/max clicks are very very minor.

It wouldn't take a rocket scientist to create an algorithm to detect the autoclicker. Now imagine this data with thousands of clicks. Millions possibly. That autoclicker graph would practically flat-line, even among the min/max which logically should be the most difficult to hit.

 

[Medusa]

apolgy for bad english

where were u wen club penguin is die

i was at house eating dorito when phone ring

"Club penguin is kill"

"no"

[Manwhodreams]

6 hours ago, Medusa said:

apolgy for bad english

where were u wen club penguin is die

i was at house eating dorito when phone ring

"Club penguin is kill"

"no"

"yes"

[iGaM3Ri]

here we go again with you posting quality info and people replying shitpost or disregard. funny thing is the last time after all the gaslighting they finally listened to your findings and said to have changed mouse interactions.

[evaker]

this sounds kinda troll. went for ten hours each day doing nothing but mining and the ban bothers you? hmmmmmm. 

if you seriously want to avoid bans it's simple, do not appear like a bot in any way at surface level look of your account. See you've gained 10b exp in mining, doesn't matter what your clicks look like I'd expect an auto ban

Edited February 26, 2022 by evaker

[asdttt]

14 minutes ago, evaker said:

this sounds kinda troll. went for ten hours each day doing nothing but mining and the ban bothers you? hmmmmmm. 

if you seriously want to avoid bans it's simple, do not appear like a bot in any way at surface level look of your account. See you've gained 10b exp in mining, doesn't matter what your clicks look like I'd expect an auto ban

It's not about avoiding bans, it's about figuring out what Jagex is looking for. 10 hours may sound like a lot to you, but it's pretty normal once you get passed the first couple layers: Client detection, non-HID (Or possibly just hardware mouse position checks), mouse movement patterns. There are guys who bot over 10 hours daily with zero issues. Even some who have AFK botted nightmare zone for an ENTIRE WEEK straight with OSBot lol. The less input a task requires, the longer you can bot it.

Every time I adjust my client/scripts, I get a longer and longer botting time. It's only a matter of time.

[Gunman]

8 hours ago, evaker said:

this sounds kinda troll. went for ten hours each day doing nothing but mining and the ban bothers you? hmmmmmm. 

if you seriously want to avoid bans it's simple, do not appear like a bot in any way at surface level look of your account. See you've gained 10b exp in mining, doesn't matter what your clicks look like I'd expect an auto ban

By that logic the people doing 1 99 at a time would also be getting auto banned, which they don't

[evaker]

1 hour ago, Gunman said:

By that logic the people doing 1 99 at a time would also be getting auto banned, which they don't

logic includes inhuman log in times

[evaker]

9 hours ago, asdttt said:

It's not about avoiding bans, it's about figuring out what Jagex is looking for. 10 hours may sound like a lot to you, but it's pretty normal once you get passed the first couple layers: Client detection, non-HID (Or possibly just hardware mouse position checks), mouse movement patterns. There are guys who bot over 10 hours daily with zero issues. Even some who have AFK botted nightmare zone for an ENTIRE WEEK straight with OSBot lol. The less input a task requires, the longer you can bot it.

Every time I adjust my client/scripts, I get a longer and longer botting time. It's only a matter of time.

I'm sure long log-in time does have something to do with accounts getting flagged. Taking breaks is important and logging out every once in a while does matter if you're only doing one activity. Or are you saying that this logic is just wrong and their system works on something entirely different than what most people have a conception of, because, what, you're implying you can possibly get closer to not getting banned while sustaining these really extended botting periods? 

I can't explain nmz bots going on and on, I feel like those would be easy bans. But it shows I don't really know much. I know I haven't gotten banned but I know that's also lucky. I'm wondering still what you're really trying to say, if you think it's random or not actually. 

Is it not about avoiding bans? you're figuring out what they're looking for to avoid bans right? 

Edited February 26, 2022 by evaker

[FuryShark]

wait you guys are getting bans?

[Valkyr]

Could you not at least partially solve this using gaussians?

[Chris]

23 hours ago, iGaM3Ri said:

here we go again with you posting quality info and people replying shitpost or disregard. funny thing is the last time after all the gaslighting they finally listened to your findings and said to have changed mouse interactions.

who + asked + dont + care + ratio
deez nuts

 

[asdttt]

44 minutes ago, Valkyr said:

Could you not at least partially solve this using gaussians?

I believe so, and OSBot already uses them. But their logic is flawed (Unless this is their intended behavior?)

 

This is OSBot's current clicking.

Reason it looks like this is because they turn negative random guassians into positive, which defeats the purpose of using them unless you are purposely trying to create this downward graph? Obviously this is EXTREMELY easy to detect still, as they're hitting the minimum far too often

 

This is their current "flawed" code for generating randoms for the mouse events. Might be used all over, I only verified that they use it for clicking.

    public static int gRandom(int iIiiiiiIIiIi, double d) throws IllegalArgumentException {

        double d1 = Math.abs(random.nextGaussian()) * d + iIiiiiiIIiIi;
        d = iIiiiiiIIiIi + d * 3.0D;
        if (d1 > d)
            d1 = d;
        return (int)Math.max(0L, Math.round(d1));
    }

 

Instead of that, they could do something like this

    public static int gRandom2(int iIiiiiiIIiIi, double d) throws IllegalArgumentException {

        double mod;

        double result;

        do {
            double guassian = random.nextGaussian();

            if (guassian < 0)
                iIiiiiiIIiIi += d;

            mod = d * guassian;

        } while ((result = (iIiiiiiIIiIi + mod)) < 35);

        return (int) result;
    }

This code is not perfect, it's just more of an example of a direction they could try.

That code produces this

[z10n]

Great job OP, about the bans, my friend was banned after botting for 2 weeks straight (with breaks, but the same activity and didnt play legit within those 2 weeks).

 

I belive the reason you got detected is the activity, real players, will randomly do new things, such as rotate the screen , examine items, have random AFKs, talk to people, open quest guides in-game, open world map, walk places and talk to people.

 

Whereas the bot is singularily focused on its one objective, in this case mining tin.

I think if you had moved to a different mine, a different ore, and or botted less hours per day, such as 4-6 hours per day instead of 10 hours per day, you may of not been banned.

Also I agree, instead of Randomization, we should isntead focus on 'Human Timing/Human Emulation'. Because as you said, random delays +/- 10% variance become easily plotted onto a graph.