Reflection vs Injection

[Swaq]

I need clarification on what the differences are between the two. Maybe someone can clarify this for me please?

[Master Chief]

Reflection is usually better for more complicated scripts since the client has been coded so every single object in rs is on its memory and it knows what different objects are without even getting the color.

 

Injection is when the client is modified so it sends data to the bot, it knows what all noted items are on floor on a pile even though the colors are all the same.

 

I'm not pro by any means so I'm probably wrong lol

[Swizzbeat]

 

You can have injection without reflection.

You can have reflection without injection.

Neither one depend on each other, you can also use both.

 

Reflection: 'reflects' the value of fields, or better said inspects. It's a resource intens system and has its limitations for bots however you can perfectly fine use it to create one, OSBot used it in its early days. It is useful to inspect the state of a program and is more accessible for programmers to use and understand than injection.

 

Injection: 'injects' code, for example getter methods to return value of fields. This behaves as normal code but is done on bytecode level. Getting a field value with injection through an injected getter is faster than with reflection. But it's not limited to injecting getters, one can inject other logic, for example event dispatchers, which makes it a very strong tool.

[Swaq]

So which is more human-like?

[Swizzbeat]

So which is more human-like?

Do you mean more detectable? Because neither one has anything to do with humans....

[PolishCivil]

Reflection:

ClassLoader.getClass(client).getField©;

myPlayer = Classloader.getClass(client.cb):

myPlayer.ds;

myPlayer.dc;

Injection:

ByteCodeLibrary -> addMethod -> client -> getFieldC() return c;

ByteCodeLibrary -> addWrapper -> Player -> getPositionX return cb.ds; getPositionY return cb.dc;

 

Reflection security:
ClassLoader checks,reflection disabling etc

Injection security:
Class code chec, method invoke checks, trace checks etc.

Conclusion:
Nowadays everything is simple to use and can be used 100% safe. Why nowadays? Because we know tons of fagex shit.

New bot way:
Deobfuscate client and live edit code : Awesomeness

 

 

Guys please... not method matters the api matters how we actually use injection/reflection. How we move mouse, how fast we react etc.

 

Edited May 30, 2014 by PolishCivil

[Dog_]

Jagex have code to check for modified clients, but osbot bypasses that.

[Th3]

Reflection is is much harder to detect but uses more resources and is slower.

 

Injection is easier to detect but faster. But if you do it right it becomes hard to detect.

[Swizzbeat]

Reflection:

ClassLoader.getClass(client).getField©;

myPlayer = Classloader.getClass(client.cb):

myPlayer.ds;

myPlayer.dc;

Injection:

ByteCodeLibrary -> addMethod -> client -> getFieldC() return c;

ByteCodeLibrary -> addWrapper -> Player -> getPositionX return cb.ds; getPositionY return cb.dc;

 

Reflection security:

ClassLoader checks,reflection disabling etc

Injection security:

Class code chec, method invoke checks, trace checks etc.

Conclusion:

Nowadays everything is simple to use and can be used 100% safe. Why nowadays? Because we know tons of fagex shit.

New bot way:

Deobfuscate client and live edit code : Awesomeness

 

 

Guys please... not method matters the api matters how we actually use injection/reflection. How we move mouse, how fast we react etc.

This. It's also easy for them to detect things if, for example, someone sends a MOUSE_MOVED event while the left mouse button is being held down (should be a drag event).

[PolishCivil]

This. It's also easy for them to detect things if, for example, someone sends a MOUSE_MOVED event while the left mouse button is being held down (should be a drag event).

 

You can simply avoid this situation.

Btw i remember back in days sending raw packets to fagex and this was my first bot i ever used and never got banned lol. (been using this like week tho xD) This is funny.