PDA

View Full Version : Color vs Reflection? Detection vs Efficiency?



terrorbyte
02-13-2016, 04:07 PM
Hey guys

I keep hearing tons of good things about reflection and of course color detection is least of our concern on code-level detection. We know they can but they don't so for the sake of argument we're going to assume that color bots are currently undetected.

Now I know when it comes to color scripting, the efficiency decreases of the bot itself but it all depends on the scripter. the better the scipter, the better the results of your script you'll generally see. But in all honesty, color bots have their own limitations, limitations to which injection bots aren't subjected to (too bad injection bot almost always mean insta-ban).

Now I'll admit, I don't know much about Reflection bot and how exactly they operate differently in comparison to color and injection bot. So if someone can share their opinion and shed the light on this topic, it'll be great.

cheers

KeepBotting
02-13-2016, 04:13 PM
I hate linking to powerbot but one of the developers over there posted a pretty good explanation of the different types of bots

https://www.powerbot.org/community/topic/1173836-os-changing-ids-discussion/?p=14273061

Here's the verbatim quote for anyone who can't/won't view powerbot


Let me give you a heads up. A color bot hacks the canvas to get the canvas image or uses native like SCAR to identify the frame and leech the graphics through-out graphics buffer. From there it uses bitmap finding algorithms or pattern algorithms. These are an array of pixels to identify. For text they use OCR with a neural network or pattern matcher. In general they use pattern matching in different colorspaces such as HSV/HSL or RGB. To identify stuff in the inventory they use coordinates and run pattern matching algorithm in the bounding rect. Injection bots use a bytecode engineering library like BCEL or ASM to edit the client's class files to they can identify which field belongs to what class. First they will download the client which are class files. They would decompile the class files to turn them back to java files. When this is done they would refactor the fields and classes so the code looks readable. When the client is fully understood they search for bytecode patterns to identify these classes and fields. When you have a program that identifies these classes and fields you have yourself an updater. An injection bot will load the RuneScape client like the webpage setting an useragent when the client is downloaded these files get edited. Thanks to the updater we know which fields are what so we could do



Lets say the "Player" class is called aL and the field "Player health" is called wK



We could write this interface



public interface Player {



public int getPlayerHealth();



}



So we can add this interface to our aL (player class) throughout bytecode (basically we link our written interface to the client's class to "hook" our api with the original client) and inject the getter.



public class aL implements Player {



private int wK; //Obfuscated field



public int getPlayerHealth() {//Inherited from interface Player

return wK;

}



}



Remember we have 4 kinds of bots

Color - which uses the canvas' graphics to identify the current state of the player

Injection - which injects getters into the client to retrieve data

Inflection - which edits fields/classes to redirect information

Reflection - which "looks" at the loaded client's classes in the JVM and returns the information it contains (this has been become a lot harder, so you actually need a bit of injection/inflection to hack the loader of the client)



The loader of the client has basically became Jagex's legal security. When a new bot spawns they know they had to hack/decompile the loader which is illegal in some countries like the USA (look at Nexus iBot).



Seems like this post became longer and longer as I started typing

However there are links and things you won't be able to see unless you view the real page

That entire thread is also pretty informative as it mainly consists of a KeepBotting from two years ago asking about what other types of bots can do that color can't, and how

I'm sure there are better explanations out there but this is the one I've always referred back to

Lol there's actually a post by ggzz (our own Brandon) in there too

the bank
02-13-2016, 05:58 PM
I can not conceive of any way that reflection can be detected.

Essentially, everytime we call class.getDeclaredFields() it will return a NEW instance of those fields, as a snapshot so to speak.

This means we can essentially do whatever we want (such as making private fields accessible) without them being able to check, because if they did the same they would get a different NEW instance.

Just thinking now... I suppose they could Xboot a custom version of the Class or Field object, but that would be incredibly obvious and they currently do not.

AFools
02-13-2016, 08:19 PM
Assuming most people use the SMART client for either method.. The client would be detected first. So detection would be based on the script and how the user employs both techniques.

JJordan
07-05-2016, 05:05 PM
I can not conceive of any way that reflection can be detected.

Essentially, everytime we call class.getDeclaredFields() it will return a NEW instance of those fields, as a snapshot so to speak.

This means we can essentially do whatever we want (such as making private fields accessible) without them being able to check, because if they did the same they would get a different NEW instance.

Just thinking now... I suppose they could Xboot a custom version of the Class or Field object, but that would be incredibly obvious and they currently do not.

Bad Reflection clients are being detected by checking the jvms garbage collection frequency.

Even injection can be detected by GC frequency and is why I'm a strong proponent of keeping the runescape client and the bot running in different processes.

tls
07-05-2016, 06:16 PM
The bit about the use of reflection requiring hacking the loader is wrong. Just because that is how smart and essentially every other bot does it, doesn't make it required.

jacz24
11-24-2016, 09:45 PM
Reading this post was very informative regarding reflection. From what it seems is that reflection is about as safe as colour botting since you would most likely be running in SMART most of the time. The only time colour is safer is when you are running it right to the original client or osbuddy. They can detect SMART now but they don't, right? Does this mean everyone should be using reflection or are their downsides I don't know about? I always used and scripted in colour. Should I switch?

One Kid
11-25-2016, 12:31 AM
They can't detect smart. Everyone would be banned if they could, without question. JaGex likes to overstate their capabilities, because there is no downside to it and it might deter people from using bots in the first place.

Harrier
11-25-2016, 03:02 PM
They can't detect smart. Everyone would be banned if they could, without question. JaGex likes to overstate their capabilities, because there is no downside to it and it might deter people from using bots in the first place.

Are you trying to say the developers at Jagex don't have the knowledge or that they cannot do it with their current game client? since both are completely untrue. Feel free to search around the forums to see either brandon or benland100 explain how SMART is detectable and even the code to do it.

One Kid
11-25-2016, 03:09 PM
Are you trying to say the developers at Jagex don't have the knowledge or that they cannot do it with their current game client? since both are completely untrue. Feel free to search around the forums to see either brandon or benland100 explain how SMART is detectable and even the code to do it.

Theory VS Practice are two different things.

Harrier
11-25-2016, 03:21 PM
Theory VS Practice are two different things.

Yes in theory they can and in practice they haven't yet it doesn't mean they cannot do it. SMART is a small target and they rarely even target larger bots like RuneMate, RSBot or Epicbot but they have proven in the past they can detect them.

acow
11-25-2016, 03:22 PM
Theory VS Practice are two different things.

You now understand that the statement

They can't detect smart.
is simply not true, correct?

webbydee
11-27-2016, 12:53 AM
Yes in theory they can and in practice they haven't yet it doesn't mean they cannot do it. SMART is a small target and they rarely even target larger bots like RuneMate, RSBot or Epicbot but they have proven in the past they can detect them.

Isn't this essentially what the bot nuke thing was? Jagex detecting all botting clients and straight up banning everybody.

Kasi
11-27-2016, 02:13 AM
Isn't this essentially what the bot nuke thing was? Jagex detecting all botting clients and straight up banning everybody.

You can't say for sure but yes i also agree with this.

webbydee
11-27-2016, 05:22 AM
You can't say for sure but yes i also agree with this.

Were people using SMART clients also banned? wouldn't this settle the is SMART detectable debate once and for all?

jstemper
11-27-2016, 06:41 AM
Were people using SMART clients also banned? wouldn't this settle the is SMART detectable debate once and for all?

The detect-ability of SMART is/has been settled. The question that remains is whether or not it triggers/leads to more bans (If Jagex even gives a shit). What I mean by more bans - Say you ran the same color script over a long period of time on the official client, then ran it again, this time using SMART. Would you see any drastic differences in ban patterns? (Ex. amount of time it took to get banned)

Kasi
11-27-2016, 04:30 PM
Were people using SMART clients also banned? wouldn't this settle the is SMART detectable debate once and for all?

There's a difference between something being detectable and it being detected. Example: You have cancer (unaware), which would be easy to detect but you haven't had a medical examination in a while, so the following is true; The cancer is undetected but easily detectable.

SMART is detectable, just as every other client/bot out there is, including the private ones. Whether Jagex is currently detecting it is another story. The SMART detectable debate has already been settled. It's possible to detect every bot/client. Anyone who says otherwise (RID, Trent! etc) simply has no idea what they're talking about.

jacz24
11-28-2016, 12:27 AM
There's a difference between something being detectable and it being detected. Example: You have cancer (unaware), which would be easy to detect but you haven't had a medical examination in a while, so the following is true; The cancer is undetected but easily detectable.

SMART is detectable, just as every other client/bot out there is, including the private ones. Whether Jagex is currently detecting it is another story. The SMART detectable debate has already been settled. It's possible to detect every bot/client. Anyone who says otherwise (RID, Trent! etc) simply has no idea what they're talking about.

I fully agree with this. It's not a debate anymore, we know. Coming to a day where SMART is undected is unreasonable because it would just be a constant rat race if its even possible in the first place(not like they dectect it now anyways). Am I wrong? The question I asked orginally.... Should people use colour bots anymore? I'm starting to think the answer is no when it comes to anything beyond just for fun.

IMayoboeiI
01-25-2017, 02:59 PM
It's common knowledge that reflection is more detectable than color.

terd
05-04-2017, 03:21 AM
It's common knowledge that reflection is more detectable than color.

Do you know any exact reason for that? I've botted reflection for a lot of years and never been banned.

theholyone1
05-18-2017, 10:25 PM
It really depends on what you're using it for, atm for me personally: Reflection = all non NPC related, anything related to finding NPC i use colour which sounds weird, but it's the only way I can get it to work

kingarabian
05-25-2017, 11:34 PM
SRL's been around for a long time, and it's a shame we didn't crowdsource a large Runescape ban study. There's so many variables in place when it comes to bot detection, it's ridiculous. Color, reflection. They're both equally detectable. Just matters if your script shows enough automation to trigger a ban.

Example:

Wrote a hunter script in reflection. 7 accounts of mine got banned. Not all at once. Kept making new accounts to see why my script is bannable. They kept getting banned, to the point where I think I'm flagged. So I bot other tasks on other accounts. No bans. So that tells me the script has something wrong with it. Converted it to color. Another 5 accounts banned. So currently converting into a hybrid, using reflection and color and completely rewrote the logic of the script. Still seeing bans.

It's really confusing because the hunter scripts on RSbot have trashier logic's than mine, and break all the time yet the ban rate is so low.

Brandon
05-25-2017, 11:42 PM
I just bot 1 to 99 Magic on OSRS using an autoclicker in Objective-C on OSX.. no ban for a month now.. I bot it 24/7 but I did it in my player owned house so that I won't get banned. I figured OSX would have less of a chance of getting banned than any other OS since barely anyone uses it and Simba doesn't run well on it.. neither does RSBot (at least for me on Sierra 10.12.5). Level 1 every other skill (level 30 each skill now). Clicked the EXACT same spot every time. I figure Jagex is basing their bans on "Loaded Clients".. like custom loaders or based on player reports.. I did have to give up my mouse for 2 weeks though (sucked). But again, no one knows.. :l

kingarabian
05-26-2017, 12:17 AM
I just bot 1 to 99 Magic on OSRS using an autoclicker in Objective-C on OSX.. no ban for a month now.. I bot it 24/7 but I did it in my player owned house so that I won't get banned. I figured OSX would have less of a chance of getting banned than any other OS since barely anyone uses it and Simba doesn't run well on it.. neither does RSBot (at least for me on Sierra 10.12.5). Level 1 every other skill (level 30 each skill now). Clicked the EXACT same spot every time. I figure Jagex is basing their bans on "Loaded Clients".. like custom loaders or based on player reports.. I did have to give up my mouse for 2 weeks though (sucked). But again, no one knows.. :l

Damn.

It's so confusing because one skill is allowed to be botted freely on particular bot client, yet it triggers a ban on another bot client. Despite the former having a far higher usage rate.

dan1
05-26-2017, 12:34 AM
How jammy bans bots:

Flag account:
client heuristics (is client modified? gc rate. os. java version)
ip (includes flagging blocks if multiple ips are flagged in the block)
player reports
player action pattern heuristics
manually checking accounts in areas

All the data is fed into some machine learning algorithm (neural net?) which provides wealth with which accounts to check on.

After account is flagged:
manually review account (wealth)
or ban if detected doing something marked as instaban (tutorial island, red chins)


How do not get banned:
use a script that is human (very hard cause you are competing with machine learning. easier if you just bot 1 account)
avoid getting flagged (easier)

there are lots of good papers on bot detection that you can find on google.

Kasi
05-26-2017, 10:28 AM
How jammy bans bots:

Flag account:
client heuristics (is client modified? gc rate. os. java version)
ip (includes flagging blocks if multiple ips are flagged in the block)
player reports
player action pattern heuristics
manually checking accounts in areas

All the data is fed into some machine learning algorithm (neural net?) which provides wealth with which accounts to check on.

After account is flagged:
manually review account (wealth)
or ban if detected doing something marked as instaban (tutorial island, red chins)


How do not get banned:
use a script that is human (very hard cause you are competing with machine learning. easier if you just bot 1 account)
avoid getting flagged (easier)

there are lots of good papers on bot detection that you can find on google.

Give this man a medal. Pretty accurate explanation up to the "how to not get banned" section IMO.

alar82
05-26-2017, 05:25 PM
I think their detection consist two phases.
1)Automatic. Client detection or player reports, non hardware mouse. Account gets flagged.
2)Manual. Then jmods sit down and look those flagged acounts, what account is doing and so on. This opinion is based on fact that they said once on livestream that every account is reviewed by human before banning. Therefor botwatch is flawless and decision is final. Livestream was about botanybay on rs3 I think. On OSR would be bit silly to ban thousands of bots manually 1by1 all day :D

Grunt
06-04-2017, 07:50 PM
I just bot 1 to 99 Magic on OSRS using an autoclicker in Objective-C on OSX.. no ban for a month now.. I bot it 24/7 but I did it in my player owned house so that I won't get banned. I figured OSX would have less of a chance of getting banned than any other OS since barely anyone uses it and Simba doesn't run well on it.. neither does RSBot (at least for me on Sierra 10.12.5). Level 1 every other skill (level 30 each skill now). Clicked the EXACT same spot every time. I figure Jagex is basing their bans on "Loaded Clients".. like custom loaders or based on player reports.. I did have to give up my mouse for 2 weeks though (sucked). But again, no one knows.. :l

My arduino bot never got me banned, despite having no antiban measures at all. Currently trying this on linux kernel, so far so good.

It seems like jagex detection algorithm comes down to "hardware mouse", custom loaders and perhaps some kind of process scanning. It explains their complete ban of autohotkey and why they said that using the hd client could get you banned.

edit: it would be really interesting to see if Jagex actually use human-like heuristics to detect bot pattern. It probably wouldn't be too difficult, just use a recurrent neural network to predict the click point of bots. Since they have tons of human data and bot data, it really should be quite easy for them. I am not sure how effective it would be, and I somehow doubt they try this system.

One Kid
07-11-2017, 02:39 PM
My arduino bot never got me banned, despite having no antiban measures at all. Currently trying this on linux kernel, so far so good.

It seems like jagex detection algorithm comes down to "hardware mouse", custom loaders and perhaps some kind of process scanning. It explains their complete ban of autohotkey and why they said that using the hd client could get you banned.

edit: it would be really interesting to see if Jagex actually use human-like heuristics to detect bot pattern. It probably wouldn't be too difficult, just use a recurrent neural network to predict the click point of bots. Since they have tons of human data and bot data, it really should be quite easy for them. I am not sure how effective it would be, and I somehow doubt they try this system.

How did you make an arduino bot? Curious to know.

ccesssu
07-26-2017, 11:40 PM
I just bot 1 to 99 Magic on OSRS using an autoclicker in Objective-C on OSX.. no ban for a month now.. I bot it 24/7 but I did it in my player owned house so that I won't get banned. I figured OSX would have less of a chance of getting banned than any other OS since barely anyone uses it and Simba doesn't run well on it.. neither does RSBot (at least for me on Sierra 10.12.5). Level 1 every other skill (level 30 each skill now). Clicked the EXACT same spot every time. I figure Jagex is basing their bans on "Loaded Clients".. like custom loaders or based on player reports.. I did have to give up my mouse for 2 weeks though (sucked). But again, no one knows.. :l

No random location...but did you do random timing for clicks?

Brandon
07-27-2017, 01:20 AM
No random location...but did you do random timing for clicks?

No random timing at all. I used the below code directly.


#include <cstdio>
#include <thread>
#include <iostream>

#include <dlfcn.h>

#include <ApplicationServices/ApplicationServices.h>
#include <unistd.h>


void moveMouse(CGFloat X, CGFloat Y)
{
CGEventRef moveEvent = CGEventCreateMouseEvent(nil, kCGEventMouseMoved, CGPointMake(X, Y), kCGMouseButtonLeft);
CGEventPost(kCGHIDEventTap, moveEvent);
//CGEventPostToPid(process_id, moveEvent); Send event to specific process.
CFRelease(moveEvent);
}

void clickMouse(CGFloat X, CGFloat Y, bool left)
{
CGEventRef downEvent = CGEventCreateMouseEvent(nil, kCGEventLeftMouseDown, CGPointMake(X, Y), left ? kCGMouseButtonLeft : kCGMouseButtonRight);
CGEventRef upEvent = CGEventCreateMouseEvent(nil, kCGEventLeftMouseUp, CGPointMake(X, Y), left ? kCGMouseButtonLeft : kCGMouseButtonRight);

CGEventPost(kCGHIDEventTap, downEvent);
CGEventPost(kCGHIDEventTap, upEvent);

CFRelease(downEvent);
CFRelease(upEvent);
}


I did sleep for exactly 1200ms after each click to give the interface time to change from the spell to the inventory and account for slight lag.. lol. I'd buy 25K alchs for a day to make sure I don't run out and it ends up clicking empty spell and inventory spots.. After alching like 15K to 18K, I'd use the money to buy more and go back to alching. Sometimes I'd babysit for about 5 mins or check up on it every 4 or 5 hours. Sometimes I'd do a random if I see it in time. I alched in my player owned house so no one could bother me (build mode set to ON or guest mode set to off so others can't enter).

ccesssu
07-27-2017, 07:38 PM
No random timing at all. I used the below code directly.


#include <cstdio>
#include <thread>
#include <iostream>

#include <dlfcn.h>

#include <ApplicationServices/ApplicationServices.h>
#include <unistd.h>


void moveMouse(CGFloat X, CGFloat Y)
{
CGEventRef moveEvent = CGEventCreateMouseEvent(nil, kCGEventMouseMoved, CGPointMake(X, Y), kCGMouseButtonLeft);
CGEventPost(kCGHIDEventTap, moveEvent);
//CGEventPostToPid(process_id, moveEvent); Send event to specific process.
CFRelease(moveEvent);
}

void clickMouse(CGFloat X, CGFloat Y, bool left)
{
CGEventRef downEvent = CGEventCreateMouseEvent(nil, kCGEventLeftMouseDown, CGPointMake(X, Y), left ? kCGMouseButtonLeft : kCGMouseButtonRight);
CGEventRef upEvent = CGEventCreateMouseEvent(nil, kCGEventLeftMouseUp, CGPointMake(X, Y), left ? kCGMouseButtonLeft : kCGMouseButtonRight);

CGEventPost(kCGHIDEventTap, downEvent);
CGEventPost(kCGHIDEventTap, upEvent);

CFRelease(downEvent);
CFRelease(upEvent);
}


I did sleep for exactly 1200ms after each click to give the interface time to change from the spell to the inventory and account for slight lag.. lol. I'd buy 25K alchs for a day to make sure I don't run out and it ends up clicking empty spell and inventory spots.. After alching like 15K to 18K, I'd use the money to buy more and go back to alching. Sometimes I'd babysit for about 5 mins or check up on it every 4 or 5 hours. Sometimes I'd do a random if I see it in time. I alched in my player owned house so no one could bother me (build mode set to ON or guest mode set to off so others can't enter).

wow interesting, I figure they would send some sort of data regarding timing between clicks from their client...same with hours played....