PDA

View Full Version : RSBuddy's Orion client



Shatterhand
08-09-2013, 02:10 PM
http://www.youtube.com/watch?v=kOueWXd_gJs

http://rsbuddy.com/community/topic/2945-download-orion/

Thoughts?

Olly
08-09-2013, 04:08 PM
reflection/injection clients are legal now or something? lolol.

http://i.imgur.com/J71mH2t.png

J J
08-09-2013, 04:11 PM
Yep, it's 100% safe and legal to use, you won't get banned or in any trouble for using it don't worry. We're planning on releasing a VIP feature at some point but we aren't sure when or what benefits such a group will provide just yet.

Glad you're enjoying the client though - If you have any suggestions or need any help don't hesitate to ask and we'll do our best! :)
How ignorant can you be? It is clear they are using reflection or injection to read these values which is against the rules and CAN get you banned...

Turpinator
08-09-2013, 04:34 PM
http://puu.sh/3XL7M/86982e479c.png
wth? someone with HLF please search there for any information about this.

note: Rogie = Skiller = tryhard pmod.

edit: just realized J J already posted that quote. whoops.

Flight
08-09-2013, 04:34 PM
I'm sorry I think I've missed something here. This client uses reflection or injection to get these in-game values, so without a doubt it's breaking the rules, but what confuses me is it's posted on (and from that I'd assume supported by) RSBuddy which is owned and maintained by Jacmob; a (now) Runescape Moderator.

Ian
08-09-2013, 06:19 PM
Perhaps injection/reflection is allowed as long as you're not using it to bot. Although I don't see why, it still gives users an unfair advantage over others lol.

Brandon
08-09-2013, 07:00 PM
Afaict, the client isn't special.. The way he frames the applet, it moves when it loses focus. It's not a bot really. It just has a couple hooks, a json parser for them and a plugin loader.. Couple mouse hooks and yeah. Anyway.. is that the same "Matt" from here and the same one from PB? Looks nice though I guess.. Doesn't seem to break any rules because it's not really a bot per say..

One of the strings printed a manifest but doesn't seem to be for "scripts". Seems to be for other stuff. It's funny that RSRogie supports it though since Matt is a powerbot member iirc.. And Rogie was bitching at me on IRC about how colour, reflection and injection ruins the game, and yet this client has reflection and plugins and he doesn't say shit.. What a hipocrite. Might not be a bot but it's still reflection. As for the sandbox for the plugin system.. Simply write a plugin script that loads a native dll.


If anyone feels the need or urge to deobfuscate the RSBuddy Orion Client Strings.. Then the code for doing so is:


package deobber;

/**
*
* @author Brandon
*/
public class Deobber {

public static String a;
private static String[] z = new String[35];


/** Returns a String array of all deobbed strings and prints them **/

public static String[] DeobString(String InitString, byte ModCases[], String CaseStrings[]) {
String[] String16 = new String[5];
String[] String17 = String16;
byte byte18 = 0;
String String19 = InitString;
byte byte20 = -1;

while (true) {
char[] char5;
Out:
{
char[] char2 = String19.toCharArray();
int int22 = char2.length;
int int0 = 0;
char5 = char2;
int var6 = int22;
if (int22 > 1) {
char5 = char2;
var6 = int22;
if (int22 <= int0) {
break Out;
}
}

do {
char[] var8 = char5;
int int23 = int0;

while (true) {
char char24 = var8[int23];
byte byte25;
switch (int0 % 5) {
case 0:
byte25 = ModCases[0];
break;
case 1:
byte25 = ModCases[1];
break;
case 2:
byte25 = ModCases[2];
break;
case 3:
byte25 = ModCases[3];
break;
default:
byte25 = ModCases[4];
}

var8[int23] = (char) (char24 ^ byte25);
System.out.print(var8[int23]);
++int0;
if (var6 != 0) {
break;
}

int23 = var6;
var8 = char5;
}
} while (var6 > int0);
}

String var4 = (new String(char5)).intern();
System.out.println();

if (byte20 < 0) {
String17[byte18] = var4;
String17 = String16;
byte18 = 1;
String19 = CaseStrings[CaseStrings.length - 1];
byte20 = 0;
} else if (byte20 >= 0 && byte20 < CaseStrings.length - 1) {
String17[byte18] = var4;
String17 = String16;
byte18 = (byte)(byte20 + 2);
String19 = CaseStrings[byte20];
byte20 = (byte)(byte20 + 1);
} else if (byte20 >= 0 && byte20 < CaseStrings.length) {
String17[byte18] = var4;
z = String16;
return z;
}
}
}



/** Example Usage **/

public static void main(String[] args) {
DeobString("KW3", new byte[]{9, 108, 56, 71, 123}, new String[]{
"{\tK({]4T{V\"\bj\rH\"$|\n3o",
"{\tK({]4TF])(hKj)lM+{BL3",
"JV4{[3g2\'B",
"}]*"
});
}
}



And it prints:


Boot
theme
resources/runescape_uf.ttf
resources/OpenSans-Regular.ttf
Constructing UI...

J J
08-09-2013, 08:50 PM
It would be rather amusing to write a malacious dll or let it do something that will actually get them banned :)

DrChill
08-09-2013, 08:57 PM
So if this became popular, wouldn't reflection botting would be easier because Jagex would be more hesitant to ban people who are just using a tool to track XP etc.?

Sin
08-09-2013, 08:57 PM
It would be rather amusing to write a malacious dll or let it do something that will actually get them banned :)

Y so evil m8?

DrChill
08-09-2013, 08:59 PM
Wait, you can see the GE order book?

Is there a site that shows this as well? This would make merching a lot easier.

Awkwardsaw
08-09-2013, 10:36 PM
It would be rather amusing to write a malacious dll or let it do something that will actually get them banned :)

It would be even more hilarious if you could write plugins that actually are bots ;)

samerdl
08-09-2013, 11:34 PM
I use it and i like it, its good. Can become much better than swiftswitch/swiftswatch or w/e its called.

Flight
08-10-2013, 01:34 AM
It would be rather amusing to write a malacious dll or let it do something that will actually get them banned :)

Now while I'm strict to the belief of never wishing bad upon other people I would agree I'd like to see something go wrong with this client and as a result something happen to the users and a certain someone takes the blame and the someones in charge of OSRS no longer have trust in someone who works there...

John
08-10-2013, 02:20 AM
Afaict, the client isn't special.. The way he frames the applet, it moves when it loses focus. It's not a bot really. It just has a couple hooks, a json parser for them and a plugin loader.. Couple mouse hooks and yeah. Anyway.. is that the same "Matt" from here and the same one from PB? Looks nice though I guess.. Doesn't seem to break any rules because it's not really a bot per say..

One of the strings printed a manifest but doesn't seem to be for "scripts". Seems to be for other stuff. It's funny that RSRogie supports it though since Matt is a powerbot member iirc.. And Rogie was bitching at me on IRC about how colour, reflection and injection ruins the game, and yet this client has reflection and plugins and he doesn't say shit.. What a hipocrite. Might not be a bot but it's still reflection. As for the sandbox for the plugin system.. Simply write a plugin script that loads a native dll.


If anyone feels the need or urge to deobfuscate the RSBuddy Orion Client Strings.. Then the code for doing so is:

*Snip*


I highly doubt it is Matt from here.

Itankbots
08-10-2013, 02:32 AM
Now while I'm strict to the belief of never wishing bad upon other people I would agree I'd like to see something go wrong with this client and as a result something happen to the users and a certain someone takes the blame and the someones in charge of OSRS no longer have trust in someone who works there...

I totally agree...An "oops" is in order here...

Ian
08-10-2013, 02:44 AM
Now while I'm strict to the belief of never wishing bad upon other people I would agree I'd like to see something go wrong with this client and as a result something happen to the users and a certain someone takes the blame and the someones in charge of OSRS no longer have trust in someone who works there...

I am in complete agreement that if something of that nature were to transpire I would not be particularly bothered. :)

J J
08-10-2013, 11:11 AM
It would be even more hilarious if you could write plugins that actually are bots ;)
I think it's definately possible if you make it in c# or c++ to move the mouse en use the keyboard. Their API has enough in their to make proper scripts.

Yew Long
08-11-2013, 01:42 AM
Afaict, the client isn't special.. The way he frames the applet, it moves when it loses focus. It's not a bot really. It just has a couple hooks, a json parser for them and a plugin loader.. Couple mouse hooks and yeah. Anyway.. is that the same "Matt" from here and the same one from PB? Looks nice though I guess.. Doesn't seem to break any rules because it's not really a bot per say..

One of the strings printed a manifest but doesn't seem to be for "scripts". Seems to be for other stuff. It's funny that RSRogie supports it though since Matt is a powerbot member iirc.. And Rogie was bitching at me on IRC about how colour, reflection and injection ruins the game, and yet this client has reflection and plugins and he doesn't say shit.. What a hipocrite. Might not be a bot but it's still reflection. As for the sandbox for the plugin system.. Simply write a plugin script that loads a native dll.


If anyone feels the need or urge to deobfuscate the RSBuddy Orion Client Strings.. Then the code for doing so is:


package deobber;

/**
*
* @author Brandon
*/
public class Deobber {

public static String a;
private static String[] z = new String[35];


/** Returns a String array of all deobbed strings and prints them **/

public static String[] DeobString(String InitString, byte ModCases[], String CaseStrings[]) {
String[] String16 = new String[5];
String[] String17 = String16;
byte byte18 = 0;
String String19 = InitString;
byte byte20 = -1;

while (true) {
char[] char5;
Out:
{
char[] char2 = String19.toCharArray();
int int22 = char2.length;
int int0 = 0;
char5 = char2;
int var6 = int22;
if (int22 > 1) {
char5 = char2;
var6 = int22;
if (int22 <= int0) {
break Out;
}
}

do {
char[] var8 = char5;
int int23 = int0;

while (true) {
char char24 = var8[int23];
byte byte25;
switch (int0 % 5) {
case 0:
byte25 = ModCases[0];
break;
case 1:
byte25 = ModCases[1];
break;
case 2:
byte25 = ModCases[2];
break;
case 3:
byte25 = ModCases[3];
break;
default:
byte25 = ModCases[4];
}

var8[int23] = (char) (char24 ^ byte25);
System.out.print(var8[int23]);
++int0;
if (var6 != 0) {
break;
}

int23 = var6;
var8 = char5;
}
} while (var6 > int0);
}

String var4 = (new String(char5)).intern();
System.out.println();

if (byte20 < 0) {
String17[byte18] = var4;
String17 = String16;
byte18 = 1;
String19 = CaseStrings[CaseStrings.length - 1];
byte20 = 0;
} else if (byte20 >= 0 && byte20 < CaseStrings.length - 1) {
String17[byte18] = var4;
String17 = String16;
byte18 = (byte)(byte20 + 2);
String19 = CaseStrings[byte20];
byte20 = (byte)(byte20 + 1);
} else if (byte20 >= 0 && byte20 < CaseStrings.length) {
String17[byte18] = var4;
z = String16;
return z;
}
}
}



/** Example Usage **/

public static void main(String[] args) {
DeobString("KW3", new byte[]{9, 108, 56, 71, 123}, new String[]{
"{\tK({]4T{V\"\bj\rH\"$|\n3o",
"{\tK({]4TF])(hKj)lM+{BL3",
"JV4{[3g2\'B",
"}]*"
});
}
}



And it prints:


Boot
theme
resources/runescape_uf.ttf
resources/OpenSans-Regular.ttf
Constructing UI...


I am beginning to learn java, could you possibly show me how to use this to undeobfuscate it or post a undeobfuscated version?

Much appreciated.

Brandon
08-11-2013, 03:55 AM
I am beginning to learn java, could you possibly show me how to use this to undeobfuscate it or post a undeobfuscate version of the script?

Much appreciated.



Uhmm what? The code I posted works out of the box.. The code is obfuscated in the RSBuddy Orion jar file.. The code I posted will deobfuscate the strings within the client.. Just decompile the client and then use the above to deob the strings. Not sure what you mean "Deobbed version of the script". What script? :S

Why do you need the source anyway :S It's just a regular client.

Yew Long
08-11-2013, 05:41 AM
Uhmm what? The code I posted works out of the box.. The code is obfuscated in the RSBuddy Orion jar file.. The code I posted will deobfuscate the strings within the client.. Just decompile the client and then use the above to deob the strings. Not sure what you mean "Deobbed version of the script". What script? :S

Why do you need the source anyway :S It's just a regular client.

Yes I know it is obfuscated and I'm sorry if I don't make sense. What I meant by script was all the classes and such ahaha.

And I wanted the source so I could create a personal client as a project, I'm interested in how it shows the hp/pray orbs.

J J
08-11-2013, 10:57 AM
Yes I know it is obfuscated and I'm sorry if I don't make sense. What I meant by script was all the classes and such ahaha.

And I wanted the source so I could create a personal client as a project, I'm interested in how it shows the hp/pray orbs.
Hook the skill level array and replace the RS Canvas. Then you can draw on it yourself and draw the orbs, then draw the values on top of it.

The class you need is client and the fields
@ getSkillLevelArray() --> [I client.ht
@ getSkillExpArray() --> [I client.hu
@ getRealSkillLevelArray() --> [I client.hb

Shatterhand
08-11-2013, 01:22 PM
I saw pk streamers using this client.

Its a huge advantage: hit predictor and hp/pray orbs.

If this is allowed then bots should be too. -.-

Jethr0x
08-12-2013, 01:25 PM
Hello, I'm the one that wrote Orion. Yes I am the Matt from Powerbot. I was also Jethr0x on sythe back in like 2008. After reading through this thread, there are a few things I want to address.

@Brandon: Damnit! Now I need to create my own obfuscator :P. Will probably use my old obfuscator I made last year (should be better).

@Shatterhand: This is nothing like a bot. It just uses a basic reflection engine and calculates things based on the way that a human would. An example is the hit predictor. The hit predictor is not 100% accurate, mostly because a human can't guess 100% what the next hit will be as soon as they see the xp gain. Currently it just gets the difference in HP exp and multiplies it by 0.75, something that most people (including myself) can easily do in their head. I could easily hook the hitsplat arrays and display it with 100% accuracy, but Jagex would not allow that. Orion is limited to only using methods that a real person can access and it can perform calculations on that data, and Orion just displays it in an easily viewable way.

samerdl
08-14-2013, 02:14 AM
Hello, I'm the one that wrote Orion. Yes I am the Matt from Powerbot. I was also Jethr0x on sythe back in like 2008. After reading through this thread, there are a few things I want to address.

@Brandon: Damnit! Now I need to create my own obfuscator :P. Will probably use my old obfuscator I made last year (should be better).

@Shatterhand: This is nothing like a bot. It just uses a basic reflection engine and calculates things based on the way that a human would. An example is the hit predictor. The hit predictor is not 100% accurate, mostly because a human can't guess 100% what the next hit will be as soon as they see the xp gain. Currently it just gets the difference in HP exp and multiplies it by 0.75, something that most people (including myself) can easily do in their head. I could easily hook the hitsplat arrays and display it with 100% accuracy, but Jagex would not allow that. Orion is limited to only using methods that a real person can access and it can perform calculations on that data, and Orion just displays it in an easily viewable way.

Thank you for the Client! I love it.

Thanks a lot and keep up the great work!

edit: i kno you get nagged about this, but please add irc & image uploading support, then its perfect!.