I just read the topic from Slixz after he has pointed me towards it. I really couldn't believe how many users were just writing down rubbish to top up their post count. 

 

His question was a valid one, and in such terms that it made more sense than all the replies he obtained in return. What he was trying to ask was if the client itself was safe to use. How obvious can it be to say 'Yeah, it's never safe. You shouldn't use the crowded spots! '. The login response (the bytes that the client receives when you login) contains a byte that is used in some CS2s ('scripts' that are located inside the cache and are interpret on runtime). This is some example code of the usage of the boolean:

 

if (instruction == 3323) {
    if (Client.aBool2770) {
        Class65.cs2ScriptStack[stackPointer++] = 1;
    } else {
        Class65.cs2ScriptStack[stackPointer++] = 0;
    }
    continue;
}

Instruction 3323 puts the boolean on the stack. Those scripts are the same ones that determine if the client should forward mouse and camera information to the server. You can name this boolean 'accountFlagged'.

 

Another example of their moves is the one below. It's part of the client that processes a packet, which requests the contents of a method that the game server can specify. How easy could it be to request "org.osbot.Boot" and check if it returns data? They would be capable of instant-banning everyone if they did this.

 

	public static void requestClassInformation(Buffer buffer, int var1, byte var2) {
		ClassInformation var3 = new ClassInformation();
		var3.anInt1516 = buffer.readUByte() * -1179448607;
		var3.anInt1519 = buffer.readInteger() * -626141929;
		var3.anIntArray1523 = new int[var3.anInt1516 * 636467489];
		var3.anIntArray1518 = new int[var3.anInt1516 * 636467489];
		var3.aFieldArray1521 = new Field[var3.anInt1516 * 636467489];
		var3.anIntArray1520 = new int[var3.anInt1516 * 636467489];
		var3.aMethodArray1515 = new Method[var3.anInt1516 * 636467489];
		var3.aByteArrayArrayArray1522 = new byte[var3.anInt1516 * 636467489][][];

		for (int var4 = 0; var4 < var3.anInt1516 * 636467489; ++var4) {
			try {
				int var5 = buffer.readUByte();
				String var6;
				String var7;
				int var8;
				if (var5 != 0 && var5 != 1 && var5 != 2) {
					if (var5 == 3 || var5 == 4) {
						var6 = new String(buffer.readString());
						var7 = new String(buffer.readString());
						var8 = buffer.readUByte();
						String[] var9 = new String[var8];

						for (int var10 = 0; var10 < var8; ++var10) {
							var9[var10] = new String(buffer.readString());
						}

						byte[][] var18 = new byte[var8][];
						int var12;
						if (var5 == 3) {
							for (int var11 = 0; var11 < var8; ++var11) {
								var12 = buffer.readInteger();
								var18[var11] = new byte[var12];
								buffer.readBytes(var18[var11], 0, var12);
							}
						}

						var3.anIntArray1523[var4] = var5;
						Class[] var19 = new Class[var8];

						for (var12 = 0; var12 < var8; ++var12) {
							var19[var12] = IsaacCipher.method263(var9[var12], (byte) -35);
						}

						var3.aMethodArray1515[var4] = IsaacCipher.method263(var6, (byte) -22).getDeclaredMethod(var7, var19);
						var3.aByteArrayArrayArray1522[var4] = var18;
					}
				} else {
					var6 = new String(buffer.readString());
					var7 = new String(buffer.readString());
					var8 = 0;
					if (var5 == 1) {
						var8 = buffer.readInteger();
					}

					var3.anIntArray1523[var4] = var5;
					var3.anIntArray1520[var4] = var8;
					var3.aFieldArray1521[var4] = IsaacCipher.method263(var6, (byte) -111).getDeclaredField(var7);
				}
			} catch (ClassNotFoundException var13) {
				var3.anIntArray1518[var4] = -1;
			} catch (SecurityException var14) {
				var3.anIntArray1518[var4] = -2;
			} catch (NullPointerException var15) {
				var3.anIntArray1518[var4] = -3;
			} catch (Exception var16) {
				var3.anIntArray1518[var4] = -4;
			} catch (Throwable var17) {
				var3.anIntArray1518[var4] = -5;
			}
		}

		Class11.aClass4_49.method53(var3);
	}

 

Another thing that is remarkable: RuneScape has been encrypting their maps since revision ~370. Maps can only be read when the server sends the XTEA keyset. This is aswell the reason why the community-called 'webwalking' is not available in terms of walking to the end of the map and back. Quite interesting, that RuneScape's EoC client has stopped encrypting these. They apparently are so confident of their abilities of banning bots that they are not afraid anymore to have bots parse the entire map. Just to give you an idea of their current plans and activities.

I could provide even more of this information, but I think I have made my point clear. 

TL;DR version: don't post on a technical subject unless you know what you're talking about.

Edited June 30, 201312 yr by Velocity

What you are talking about is what we call the classpath check. The method they have in the client could theoretically check for anything that isn't from Java libraries and methods and or classes on the classpath that aren't theirs. However so far we have not found evidence that they are using it to detect our classes on the classpath or any injections done in the client's classes. If however they ever will start doing this, we do have a system in place that we can enable on the fly to fool their check.

What you are talking about is what we call the classpath check. The method they have in the client could theoretically check for anything that isn't from Java libraries and methods and or classes on the classpath that aren't theirs. However so far we have not found evidence that they are using it to detect our classes on the classpath or any injections done in the client's classes. If however they ever will start doing this, we do have a system in place to fool their check.

Thank you, I was unsure if OSBot had something implemented to combat this. I remember I provided this information to Lazaro before, but didn't know it has been implemented.

What you are talking about is what we call the classpath check. The method they have in the client could theoretically check for anything that isn't from Java libraries and methods and or classes on the classpath that aren't theirs. However so far we have not found evidence that they are using it to detect our classes on the classpath or any injections done in the client's classes. If however they ever will start doing this, we do have a system in place that we can enable on the fly to fool their check.

Excellent.

What you are talking about is what we call the classpath check. The method they have in the client could theoretically check for anything that isn't from Java libraries and methods and or classes on the classpath that aren't theirs. However so far we have not found evidence that they are using it to detect our classes on the classpath or any injections done in the client's classes. If however they ever will start doing this, we do have a system in place that we can enable on the fly to fool their check.

Sometimes, smart people scare me and this is why... always prepared and a step ahead

same lol

Btw, this system to fool the classpath check was enabled in 1.6.11 to 1.7.1, but we removed it after finding no evidence of them checking on anything that could lead to an instant flag. I have checked a couple of days ago, and it's still not being used for this purpose. The bans are most probably coming from their automated learning bot detection system which they are probably testing after having it populated with data over the past months. Their bans seem to be inaccurate though as there are also many legit players who are receiving a ban. One of the arguments that make me believe this is the cause of the bans is also because they are using very short ban times, possibly to compensate for the possible error in their system.

It's nice to know that there is a system setup for when it's needed.

Oh jesus edit this and delete the examples so a Jagex member can't just come see this.

Oh jesus edit this and delete the examples so a Jagex member can't just come see this.

But why wouldn't a Jagex member know about their own code?