Hey

Ok i've been thinking for a very long time about this.

In java when you click on something it send the Java server a command to perform.

So say you click on attack goblin. If will probably send a command to the RS world saying, Attack Goblin at this co-ordinates.

Now if there was anyway of viewing those commands that the client sends to the server then we can figure out a way to send commands to the server.

Ofcourse as Jagex is so advanced all the commands will be validated and stuff.
So like you cant run from varroc to fally.

But you can send commands to the server to walk/run there step by step.


So does anyone know if it is possible to view these commands.
Oh btw I have no clue on how java works so i dont even know if it actually does what i said.

But if this was possible Autoing would be near 100% accurate. It would make everything so much easier.

For example if you were Automining coal, the server sends a message to the client that there is no coal so the client updates the rock with the empty rock image.
The server then sends the client another message to say there is coal update the image. The script can use this to mine. It would be so much more efficient.

Anyway I think I'm just dreaming a bit too much.

Oh btw this could also be done with a packet sniffer. Maybe. Just send the server packets instead of commands.

Let me know what you guys think.

thats what aryan did...

hmm, Read his name a few times.

Who is he?
And have you got a link that could fill me in this?

Would love to see it in action.

hmm, Read his name a few times.

Who is he?
And have you got a link that could fill me in this?

Would love to see it in action.

lol aryan isnt a person, it was a runescape bot. read about it here
http://kaitnieks.com/AutoRune/

General rule:

The easier it is to script for, the easier it is to detect.

aryan didnt do that, but autorune did

Hmm, didnt realise it was already done.

Ahh well, guess I'll stop thinking about that from now on.

General rule:

The easier it is to script for, the easier it is to detect.
not at all, it depends on the attention the botmake paid to traps.

example old versions of scar did not send all events and therefore were detected.

example mouse functions are dected not based on the bot but on the function.

jagex can't detect ur mouse can they.

When you play the game it uses the windows mouse.
The game doesnt take over the mouse.

I wouldnt think they would be able to detect mouse movements.

Of course they can detect your mouse movements...

jagex can't detect ur mouse can they.

When you play the game it uses the windows mouse.
The game doesnt take over the mouse.

I wouldnt think they would be able to detect mouse movements.
mouse info is taken at the rate of about 5-10 points a second.

Ohh,

Hmm, Jagex know what the hell they are doing.

Ahh well, i guess my idea's scrapped.

Just need to write SCAR/SRL scripts. Seems like the best way ATM

aryan didnt do that, but autorune did
They both did, AutoRune maintained its own object collection during runtime through the parsing of incoming data (pre-Runebot anyway?), and Aryan simply inspected the existing one in the client. Both relied on the "image" (aka id) of the object.

So how did these programs die.

The idea behind it should be more successful then SCAR and SRL.

These programs died because the way they did things involves how RS does things, and when RS changes things...(new engine) It kills the things that revolve around the previous RS things.

Thats why scar is so good in terms of the future, It would be pretty much impossible to kill a colour reliance program off..

It's impossible to view the commands, the packets are encrypted.

It's impossible to view the commands, the packets are encrypted.

So what's the client do? :D

Anyway, this is still possible in theory. It's just prohibitively difficult. You see, you're absolutely correct that the idea should be more successful than SRL and SCAR - it was. It was, in fact, so successful that for years Jagex focused its security updates almost entirely on killing packet bots. So now we have two or three encryption/obscuration algorithms at work on various parts of the protocol that require client hacks to break into. In addition, the protocol itself changes (packet headers, encoding methods, and maybe even payload layouts) every so often. There are also routines in the client that let the server tell if you're actually using a client (and whether or not it's their client, if you're not careful).

All of that combines to give any particular release of a packet-based bot a lifespan of about a week (if you're lucky...first sight of a viable packet bot and they'd probably update within the hour). To keep it going longer you'd need a really good updating system, which would be a royal pain to write. Compare that to the "write-once-use-forever" nature of a color-recognition script and you can see why no one does packet bots anymore :)

It's impossible to view the commands, the packets are encrypted.

Only the login packet, because it contains the password.

It is possible to see all of these 'commands' (they are packets) with a program formerly called ethereal, I believe it is called wireshark now.

As to why autorune died, it is because now every week (every update happens about once per week) runescape changes their entire protocol structure, so it would be near impossible to keep a cheat that operated just by packets updated. Suffice it to say it would be much easier to cheat in different ways, such as updating a bot via bytecode.

Only the login packet, because it contains the password.

It is possible to see all of these 'commands' (they are packets) with a program formerly called ethereal, I believe it is called wireshark now.

As to why autorune died, it is because now every week (every update happens about once per week) runescape changes their entire protocol structure, so it would be near impossible to keep a cheat that operated just by packets updated. Suffice it to say it would be much easier to cheat in different ways, such as updating a bot via bytecode.
It just changes protocol?
I thought they changed the encryption every update?

It just changes protocol?
I thought they changed the encryption every update?

The only encryption is on the login packet to protect the password, but yes that of course changed as well.

I think they might be using additional kinds of encryption now. I used Wireshark to sniff the packets and although a few of them were unencrypted, many of them seem to be encrypted (I was unable to locate chat packets, for example).

In any case, that's not the only obstacle. For what I know, server and client are supposed to be using a pseudo-random number generator to "encrypt" the op-code of each packet, and the seed for the generator is given (encrypted with RSA) to the client. Without that seed, it is impossible to obtain the op-code of each packet.

In order to be able to decrypt RSA, you would need to know the the server's public key and the client's public key, one for incoming packets, and the other for outgoing packets. One is kept by the runescape client itself, and we can assume that it changes with every update (that is, weekly) or that it is randomly generated, the other is sent to the client by the server.

Even if we got to be able to read the packets, and decrypt the packets, we would be unable to send packets back to the server, without much more trouble. Besides, the protocol (opcode numbers, content order, byte order system) changes with every update too. So basically, any program that was made would have to be updated weekly, and seeing how hard reversing the client to the point of being able to make one is, that would be, at least, quite tiresome.

Technically it would be possible if you used statistic analyzation of RS's packets and made the client sniff out the way the RS server works by analyzing what happens after EVERY command packet wise. Would take a LOT of work though, and I don't think anyone from the open-source community would be able to take this task on himself. Only the NSA or the DoD have these kinds of resources.

I think the best way to do this kind of work, if ever, would be to use RS's own client to avoid suspicion and put a packet modulator between the network connection and the client. This modulator would intelligently filter out relevant packets (such as coords) and change them to what the autoer wants. Used in combination with a color clicker, this could greatly improve accuracy and speed - but because of the constant updates, would need a lot of maintenance or a lot of intelligent filters...

EDIT: I mean, you don't edit the packets, you just use them to gather info i.e. where the rock is located on screen approximately and then you can use SCAR to figure out the exact location using findcolor. You already know the color because you can figure out what the video color random factor is by intercepting the packets - I don't think it's clientside, because else it would be harder to detect people autoing and easier to control by RS. And if it's clientside, there arises another question: is it possible to access memory used by the java client?

Ya.

Network traffic manipulation is a bit stupid given you'd need to start emulating all the input events in the form of packets, basically having to recreate their 3D engine in some ways -.-'.

Anyway, as for the encryption, each frame (command) ID is encrypted with a new key every time using some rotation algorithm thingy .. o_O, but a lot (nearly all?) of the time the actual packet data isn't? RSA is only used for login packet tbh.

The op-code of each packet is light encrypted using a synchronized pseudo-random number generator. Probably they just add the random number to the real op-code.

The idea itself isn't bad, I thought of trying myself, but in the end without the statistical analysis someone suggested or some other complex thing, it would have to be updated too often, and it would take too much trouble to be worth the effort.

Just in case someone feels like trying (keep me informed if you do :) or is just curious, my plan was to use PCap (C++ library for packet sniffing) to sniff the packets, then parse them in order to have "priviledged" information about the state of the game, and then respond as a standard color clicker bot. That would make a bot as indetectable as Scar, but with much more precise information about the game (such as coordinates, inventory, randoms, etc.). Of course there are countless problems and that's why I gave up but well.

Mopar, I think there isnt, but just in case, is there anything illegal in viewing and dealing with those commands?
Because WireShark got the No:1 place in my to be downloaded list :)

Edit: sry, forget. I need a bit more exp before doing those things.

I've heard of and used packet sniffers, but so far all I can do is read the packets. I'm not sure how to send certain packets out.

Could someone lead me in the right direction?

Making a full packet bot would indeed be hard, maybe even impossible to keep it updated, but would be interesting to try nonetheless. Simply being able to sniff a few packets and determine their structure through run-time analysis would help color clickers be more accurate, and I don't think it would be too hard. Right now, the runescape protocol seems to be mostly unknown (at least publically).


About packet sniffing:

Wireshark is an open source (kinda) Network Analyzer, aka, a packet sniffer. It is probably the best one, and it is not illegal to use it. It doesn't even modify the packets, not even touch the sniffed program's memory. If I remember right, it sniffs at an ethernet level.

Wireshark can not be used to send packets. There are packet sniffers such as WPEPro (I don't recommend it) which can, but those will be of NO USE with runescape. In fact, trying to send a packet will most likely get you disconnected, and banned in the worst of cases.

As it's been said, Runescape encrypts the opcode of each packet with a synched random generator to prevent packet injection, so a simple sender will either send packet with a wrong opcode or, in the best of cases, desynch your client.

If you are serious about this though, there would be ways to send packets. A first step, however, would be to understand the packets and the encryption and compression algorithms . Seeing how we have access to deobs, the easiest way would be to start with them probably, to know at least the inner workings of the protocol.

Note that packet sniffing can be a bit daunting at first, as it is hard to see the meaning of a bunch of hex numbers, but once you start discovering a few things, it gets more fun.

If any of you feels like dedicating a lot of time and effort to this, and knows at least some programming / scripting, feel free to PM me if you need some help which doesn't take too much time to give (or PM zstars on moparisthebest.com). Answer is in no way guaranteed though, I don't have any special knowledge of the RS protocol, but just of general packet hacking.

hey, i'm new here and i wanna know where could i download a runescape macro/bot what like i set time for 3 hours for it to woodcut and take the logs in bank and goes back woodcuts again takes bank and so on and on and when 3 hours is past then it stops and turns macro/bot off. anyway can any1tell me where to find it?:confused: :confused: :confused:

hey, i'm new here and i wanna know where could i download a runescape macro/bot what like i set time for 3 hours for it to woodcut and take the logs in bank and goes back woodcuts again takes bank and so on and on and when 3 hours is past then it stops and turns macro/bot off. anyway can any1tell me where to find it?:confused: :confused: :confused:

:google:

not all bots that use this are dead, one new one is called ares bot.

06-15-2007, 03:46 Pm

not all bots that use this are dead, one new one is called ares bot.

Roflmao, ares doesnt use packet editing, atleast I think so..

Its a java bot..

Roflmao, ares doesnt use packet editing, atleast I think so..

Its a java bot..

correct, it does not use packet editing
it uses bytecode engineering, its almost the same as Arga

a lot of people these days seem to working on their own private bot, they all work in the same way it seems, just the person who made ares released his, the differance is everyone can get it.

Hold on... I thought ares was open source? Well I have the source... It hacks the client, and looks for id's, then clicks on them. What you are saying is something that gets packets and see what you are doing. this is what KYAB is right? And that to is open source.

Ares V2 does not work, and I don't know alot of java... I wonder if we could fix it =) lol

http://i156.photobucket.com/albums/t30/mosesdog2/ares.jpg

KYAB does not packet editing!

None of the bots do packet editing.

They "peek through the client" like you were watching a book over someone's shoulder.


Anyways, some bots are client hacking bots which then, what I know, (might be with wrong words) inject methods to the classes that receive info from them.

And WTH did you get Ares ?! Its a paybot wtf...

its not a paybot, it was released for free because the author wanted to stop cheating, and also someone go hold of a part of the source and was demanding the rest,
its been removed now though

the reason it doesnt work is probably because runescape was updated

Oh, I saw that thread, though there was no attachment =/

I've seen a lot RSCA people do that you make some post, then when they regret etc and remove the thing they dont say anything, just shut up with teh useless thread :( >:(

I downloaded the source and worked on it a little.

Anyways, I thought that some guy got the source then forced Author to release updater.