PDA

View Full Version : What information can Jagex Track? (always use unsigned client)



moparisthebest
09-17-2010, 11:48 PM
I wasn't sure of the best place to put this, so here goes.

Fakawi once asked the question "What information does Jagex track?" on my forums, here is my reply to that post I thought might be helpful to people here:

The best way to go about this is to not ask yourself or others what information they DO track, but instead to ask what they possibly COULD track.

They could track webserver requests, and you wouldn't even need your own custom server, a simple grep of the access logs from any server software could tell you whether a client is an actual web browser with javascript or if it is just wget or a bot.

They could track mouse movements and clicks. (and they actually have code in place to do so, and the data is sent to thier servers from time to time, what they do with it is anyone's guess. It is likely that they run some type of automated program to analyze it to check for blatant bots, but who knows? No one here for sure.)

They could track your key clicks, the duration, if you ever make any mistakes (a human would). Again, how they would analyze it is anyone's guess, but you should make them as real as you can, and make mistakes like a human would.

They can track what version of VM they are running in, and potentially check what operating system you use, and what classes you have loaded in the JVM if you don't protect against this.

I believe the above is about all they can do, IF you run the unsigned client, which is what I always advise to cheat with. If you run the signed client, they can do anything you can do on your computer, which includes countless nasty things. I'll list a few below, but it's pretty near infinite what they can come up with.


Check running processes (running scar.exe?)
Scan the contents of you hard drive (have any bots or scripts in there)
Look at your browser history (have you ever searched 'runescape cheating', visited moparisthebest.com or SRL?).


They could even install code that runs on boot to check all of these things. I wouldn't suggest it for cheating at all, ever.

Nava2
09-18-2010, 12:05 AM
OK, the only issue here is business ethics.

JaGeX is a company! They have ethics they need to uphold. If they also were to add these things into the client we would know. Files on ones computer are also your personal property, thus scanning them with a Java applet would be considered an infringement of privacy laws in almost any country.

They have no right to search your computer for processes nor files. If they did this, without prior informing their clients, they could be sued extensively and possibly face criminal charges.

I do think that they might check Headers and things like that, thus making it a good idea to check out how to spoof these.

Boreas
09-18-2010, 02:09 AM
Can they change ToS without notification?

Nava2
09-18-2010, 03:15 AM
Can they change ToS without notification?

ToS is not greater than privacy laws though.

moparisthebest
09-18-2010, 04:37 AM
OK, the only issue here is business ethics.

JaGeX is a company! They have ethics they need to uphold. If they also were to add these things into the client we would know. Files on ones computer are also your personal property, thus scanning them with a Java applet would be considered an infringement of privacy laws in almost any country.

They have no right to search your computer for processes nor files. If they did this, without prior informing their clients, they could be sued extensively and possibly face criminal charges.

I do think that they might check Headers and things like that, thus making it a good idea to check out how to spoof these.

While I would LIKE to agree with you, it simply isn't true. Look at what Blizzard did with 'warden' (https://secure.wikimedia.org/wikipedia/en/wiki/Warden_%28software%29), it's still running on thousands more computers than runescape runs on. And judges in court allowed it to happen, and, in fact, ruled that it was illegal to try to stop it from running on your own computer.

I'm not saying jagex does these things, I'm saying they COULD, unless the unsigned client is used.

Overtime
09-18-2010, 05:36 AM
Yea, warden scans for anything if you can change thier values with a .dll. Scar is completely different as your not injecting anything into runescape and simply running a script.

There is no way they can track anything on your computer, because like Nava said its against the law. Sure they can SCAN for anything that your computer is sending to there game that may be messing with there functions or w/e. But warden and Jagex scanning is completely different.

Warden scans for anything that injects into the game client, as Runescape, well we aren't injecting anything just the common Java to run it and that's all.

The Claw
09-18-2010, 07:02 AM
Even with unsigned client - "They could track webserver requests, and you wouldn't even need your own custom server, a simple grep of the access logs from any server software could tell you whether a client is an actual web browser with javascript or if it is just wget or a bot."

Does that include SMART?

Boreas
09-18-2010, 04:35 PM
ToS is not greater than privacy laws though.
So, is this right?
1) They search your computer for files without it being in the ToS, it is illegal.

2) It is in the ToS, you agree to it, and then they search, it is legal.

3) It is not in the ToS, you agree to it, they add it to the ToS without telling you about the change (and there was a clause in the ToS when you agreed to it about changing the ToS with notification), then they search, it is probably illegal.

4) It is not in the ToS, you agree to it, they add it to the ToS, message you about the change, and then they search. Probably not legal?

5) It is not in the ToS, you agree to it, they add it to the ToS, they bring up a message about the change and you have to click 'I agree again' to play, then they search. Probably is legal?

Nava2
09-18-2010, 04:45 PM
So, is this right?
1) They search your computer for files without it being in the ToS, it is illegal. Yes

2) It is in the ToS, you agree to it, and then they search, it is legal.I think so, you would have been waiving your rights to privacy.

3) It is not in the ToS, you agree to it, they add it to the ToS without telling you about the change (and there was a clause in the ToS when you agreed to it about changing the ToS with notification), then they search, it is probably illegal. Yes

4) It is not in the ToS, you agree to it, they add it to the ToS, message you about the change, and then they search. Probably not legal? Nope, definitely not legal.

5) It is not in the ToS, you agree to it, they add it to the ToS, they bring up a message about the change and you have to click 'I agree again' to play, then they search. Probably is legal? Legal! If you have to re-agree then you made the decision. They should also tell you what they are changing.

See bold!

Smartzkid
09-18-2010, 06:37 PM
Don't be naïve, Nava.

i luffs yeww
09-18-2010, 06:54 PM
Well this is weird.. I actually can't find the ToS anywhere on RuneScape.com. Searching for "Terms of service" gives http://www.runescape.com/kbase/search.ws?search_query=terms+of+service&title_chk=1&keywords_chk=1&and_rad=1&description_chk=1&body_chk=1&category=null&subcat=null&submit= .. I find that a bit odd.

Anyway, if there's any way of proving that the user had to at some point at least see the terms of service, they can say something like "subject to change at any time without notice" and can change it to whatever they want whenever they want, and people still agree to it. But I don't recall ever seeing any terms of service.

I've never used unsigned.

Bobzilla69
09-18-2010, 07:04 PM
Well this is weird.. I actually can't find the ToS anywhere on RuneScape.com. Searching for "Terms of service" gives http://www.runescape.com/kbase/search.ws?search_query=terms+of+service&title_chk=1&keywords_chk=1&and_rad=1&description_chk=1&body_chk=1&category=null&subcat=null&submit= .. I find that a bit odd.

Anyway, if there's any way of proving that the user had to at some point at least see the terms of service, they can say something like "subject to change at any time without notice" and can change it to whatever they want whenever they want, and people still agree to it. But I don't recall ever seeing any terms of service.

I've never used unsigned.

you agree to the terms when creating an account

link is here (http://www.runescape.com/terms/terms.ws) (Link now working)

Edit: to make link work

moparisthebest
09-19-2010, 02:05 AM
Yea, warden scans for anything if you can change thier values with a .dll. Scar is completely different as your not injecting anything into runescape and simply running a script.

There is no way they can track anything on your computer, because like Nava said its against the law. Sure they can SCAN for anything that your computer is sending to there game that may be messing with there functions or w/e. But warden and Jagex scanning is completely different.

Warden scans for anything that injects into the game client, as Runescape, well we aren't injecting anything just the common Java to run it and that's all.

Warden scans your computer's RAM for one, which is where all sorts of stuff lives, like if you have scar.exe running or a web browser that has visited moparisthebest.com or villavu.com. It's not all that different at all.

And in regards to Jagex's TOS, it has a very similar clause to most other TOS's, that they can change it at any time without notifying you and you agree to all future changes.

Also, you guys are confusing scanning for information directly related to cheating on runescape to scanning for arbitrary information. Obviously it would be illegal for jagex to scan for personal or bank information, but I'm sure a judge would have no problem with them scanning only for information to catch you cheating, in fact judges have already ruled that legal in the blizzard/warden case I mentioned above.

The bottom line is, instead of debating and discussing legalities (none of us are lawyers, after all), it's much better to just avoid any way they could detect us at all.


Even with unsigned client - "They could track webserver requests, and you wouldn't even need your own custom server, a simple grep of the access logs from any server software could tell you whether a client is an actual web browser with javascript or if it is just wget or a bot."

Does that include SMART?

Yes, SMART is easily detectable just by scanning web server logs, see my thread here:
http://villavu.com/forum/showthread.php?goto=newpost&t=58956

Overtime
09-19-2010, 05:50 AM
Warden scans your computer's RAM for one, which is where all sorts of stuff lives, like if you have scar.exe running or a web browser that has visited moparisthebest.com or villavu.com. It's not all that different at all.


Ima have to disagree with that. Because if that was the case, then I would be banned from Diablo II already, as i always run a program called Redvex. Which is almost like Scar in a way. All it does it a plugin/script that runs for D2.

If they scan through my ram/memory, they would see all sorts of crazy stuff that I run for there game.

Warden scans for offsets.

Refer to this link for a SC2 Warden monitor that scans for different offsets. http://skillhackers.com/sc2warden/

You can see in that link that it scans its OWN client such as SC2.exe. It's not going to scan through your Itunes.exe to see if its altering there game.

I've been dodging warden for yearsssssss. They scan for offsets injected by a program into there game client. Not your RAM too scan in there. That would eat up my ram if there was something scanning through there constantly. Which therefore altering my computer performance.

moparisthebest
09-20-2010, 12:49 AM
Ima have to disagree with that. Because if that was the case, then I would be banned from Diablo II already, as i always run a program called Redvex. Which is almost like Scar in a way. All it does it a plugin/script that runs for D2.

If they scan through my ram/memory, they would see all sorts of crazy stuff that I run for there game.

Warden scans for offsets.

Refer to this link for a SC2 Warden monitor that scans for different offsets. http://skillhackers.com/sc2warden/

You can see in that link that it scans its OWN client such as SC2.exe. It's not going to scan through your Itunes.exe to see if its altering there game.

I've been dodging warden for yearsssssss. They scan for offsets injected by a program into there game client. Not your RAM too scan in there. That would eat up my ram if there was something scanning through there constantly. Which therefore altering my computer performance.

I don't know first hand what warden scans for, as I've never played any blizzard games outside of Warcraft III. All I do know is what Jagex CAN do if you run the signed client, and they can do all of those things and I'd be willing to bet a judge would allow it.

TomTuff
09-20-2010, 02:34 AM
Just the fact that they CAN doesn't mean they WILL. JaGeX is also a different company than Blizzard, and as we've all experienced, JaGeX is an uptight company with high morals. I doubt that they would do anything to analyze the contents of your computer, even if they did make it legal by changing their ToS and making you re-agree to them.
EDIT:
and as to the thing about judges, that's really just a case to case thing, and tbh if i somehow found out that JaGeX analyzed the contents of my computer, i would take as high in the US court system as i can.

moparisthebest
09-20-2010, 06:00 AM
Just the fact that they CAN doesn't mean they WILL. JaGeX is also a different company than Blizzard, and as we've all experienced, JaGeX is an uptight company with high morals. I doubt that they would do anything to analyze the contents of your computer, even if they did make it legal by changing their ToS and making you re-agree to them.
EDIT:
and as to the thing about judges, that's really just a case to case thing, and tbh if i somehow found out that JaGeX analyzed the contents of my computer, i would take as high in the US court system as i can.

Just the fact that the police CAN bust you for trafficking drugs doesn't mean they WILL.

Does that mean it's a good idea, or that you should do it? No. You guys can do what you feel comfortable with, but I'd prefer my cheats to not be detectable NO MATTER WHAT. This thread was not made to be a discussion of what Jagex WOULD do, it's about what they COULD do. Start a 'what would they do' thread someplace else if you want. :)

TRiLeZ
09-20-2010, 06:18 AM
So having something like this:


JarURLConnection clientConnection = ((JarURLConnection) getJarURL(
world).openConnection());
clientConnection.addRequestProperty("Protocol", "HTTP/1.1");
clientConnection.addRequestProperty("Connection", "keep-alive");
clientConnection.addRequestProperty("Keep-Alive", "200");
clientConnection.addRequestProperty("Referrer", "-");
clientConnection.addRequestProperty("User-Agent",
"Mozilla/5.0 (" + System.getProperty("os.name") + " "
+ System.getProperty("os.version") + ") Java/"
+ System.getProperty("java.version"));
classLoader = AppletClassLoader
.newInstance(new URL[] { clientConnection.getJarFileURL() });


Would disguise a bot accessing the loader from the runescape website as a web browser, and it would be undetectable, right?

TomTuff
09-20-2010, 06:23 AM
So having something like this:


JarURLConnection clientConnection = ((JarURLConnection) getJarURL(
world).openConnection());
clientConnection.addRequestProperty("Protocol", "HTTP/1.1");
clientConnection.addRequestProperty("Connection", "keep-alive");
clientConnection.addRequestProperty("Keep-Alive", "200");
clientConnection.addRequestProperty("Referrer", "-");
clientConnection.addRequestProperty("User-Agent",
"Mozilla/5.0 (" + System.getProperty("os.name") + " "
+ System.getProperty("os.version") + ") Java/"
+ System.getProperty("java.version"));
classLoader = AppletClassLoader
.newInstance(new URL[] { clientConnection.getJarFileURL() });


Would disguise a bot accessing the loader from the runescape website as a web browser, and it would be undetectable, right?

unless jagex analyzes the content of your hdd/ram, which Mopar says they 'could' do.

TRiLeZ
09-20-2010, 06:32 AM
unless jagex analyzes the content of your hdd/ram, which Mopar says they 'could' do.

I'm talking about access logs for their loader. Jagex could detect RSBot with like 5 lines of code, but they don't, so they won't start scanning your hdd/memory anytime soon.

Zyt3x
09-20-2010, 06:32 AM
The fact that they CAN is enough for me to take notice and try my best not to make them go "WILL".

TomTuff
09-20-2010, 06:35 AM
I'm talking about access logs for their loader. Jagex could detect RSBot with like 5 lines of code, but they don't, so they won't start scanning your hdd/memory anytime soon.

then yes, from my limited knowledge i do beleive that would make us undetectable.

WT-Fakawi
09-20-2010, 07:57 AM
Tactical conclusions will be discussed @ member board ok?

moparisthebest
09-20-2010, 02:25 PM
So having something like this:


JarURLConnection clientConnection = ((JarURLConnection) getJarURL(
world).openConnection());
clientConnection.addRequestProperty("Protocol", "HTTP/1.1");
clientConnection.addRequestProperty("Connection", "keep-alive");
clientConnection.addRequestProperty("Keep-Alive", "200");
clientConnection.addRequestProperty("Referrer", "-");
clientConnection.addRequestProperty("User-Agent",
"Mozilla/5.0 (" + System.getProperty("os.name") + " "
+ System.getProperty("os.version") + ") Java/"
+ System.getProperty("java.version"));
classLoader = AppletClassLoader
.newInstance(new URL[] { clientConnection.getJarFileURL() });


Would disguise a bot accessing the loader from the runescape website as a web browser, and it would be undetectable, right?

That would be the correct request for the jar, they could look to see if you had recently loaded the page though, so I'd request that to parse the parameters first, but it should be undetectable.


unless jagex analyzes the content of your hdd/ram, which Mopar says they 'could' do.

I said they could only do that if you ran the signed client, if you run it unsigned with a proper SecurityManager then they can't do any nasty stuff like that and you will be safe.


Tactical conclusions will be discussed @ member board ok?

It's your forum, so if you want to make a new thread or move this one it's fine by me. Personally I don't think this is something we need to keep secret though, since Jagex already knows what they can do/detect, and if we do it right like we should they won't be able to detect us even if they know exactly how we do what we do. I'm not a fan of security through obscurity, I'd rather just have real security. :D

weequ
09-20-2010, 04:06 PM
Another thing I think they could detect is mouse clicks. SRL mouse never moves the mouse when the mouse button is down. Not even 1 pixel.

Jethr0x
09-22-2010, 03:29 PM
Tbh, Jagex can do nearly anything they want and get away with it, AFAIK, you can't VMWare or SandBoxie RuneScape to see what it's doing (plus if you could just tell the client not to check for anything when those processes are running)

The possibilities are definately there.

One thing is, in Java, its easy to check for running processes =/ ... not sure if its illegal, but something like:


Process p = Runtime.getRuntime().exec(new String[]{"cmd", "/c", "tasklist /svc"});
BufferedReader stdInput = new BufferedReader(new InputStreamReader(p.getInputStream()));
BufferedReader stdError = new BufferedReader(new InputStreamReader(p.getErrorStream()));

Then read the incoming data, and output it as a array...



if (strOutput.length() < 1) {
} else {
String processName[] = Misc.splitArgs(strOutput);
process = new StringBuffer(process).append(" "+processName[0]).toString();
}
strOutput = stdInput.readLine();
}
:S

then check for it with something like.


if process.contains("scar.exe") { Flag.User(); }

or


if process.removeAllBut("java.exe").Length() > 10) { Flag.User(); }
^ Checks form ore than one java.exe process... (botting while on another acc, etc)

I wrote that when I was 16 ... Imagine what Jagex can do >.>

As I said, these can be illegal, but how would we know if they are doing it? I dont think u can VMWare Java Incoming commands :o

then from that they can grab specific information about a process... and since you clicked accepted the signature, they can do w\e they want to your computer...

>.>

moparisthebest
09-22-2010, 04:24 PM
Again, they can't do any of that if it is ran as unsigned.

Cstrike
09-22-2010, 07:13 PM
Again, they can't do any of that if it is ran as unsigned.

So based on what I read, unsigned is the way to go.
Can this get anyone flagged though?

NCDS
09-22-2010, 07:47 PM
So based on what I read, unsigned is the way to go.
Can this get anyone flagged though?

I believe the reason for the unsigned client is for people who's PC's can't run the signed client. So, in that case, no it would not get you flagged.

weequ
09-22-2010, 08:21 PM
My pc can't run unsinged too well.

jerryt
06-01-2011, 03:36 AM
Found this in the Privacy Policy (http://www.runescape.com/privacy/privacy.ws):


What other information is collected and stored?

We use cookies, collect and store IP-addresses, alphanumeric IDs and other unique identifiers in order to identify specific computers that access our websites. We identify and store the versions of Java and .NET (if any) on your computer along with your browser and operating system, and details of your device's hardware and software specifications.

We generate and store logs indicating usage of our websites such as activity in our games and public and private chat communications. This includes monitoring play patterns and anti-tamper checks which verify the correct internal operation of our software and are designed to spot abusive or inappropriate activities.

We may track your use of certain features and areas of our websites to help us improve them.

uncfan1119
06-01-2011, 03:55 AM
Found this in the Privacy Policy (http://www.runescape.com/privacy/privacy.ws):

this is just modern day analytics every company uses

+btw nice grave dig

Home
06-01-2011, 09:58 AM
I don't count this as a gravedig. Because this is still very good read to everyone.

~Home

WT-Fakawi
06-01-2011, 12:17 PM
What other information is collected and stored?

We use cookies, collect and store IP-addresses, alphanumeric IDs and other unique identifiers in order to identify specific computers that access our websites. We identify and store the versions of Java and .NET (if any) on your computer along with your browser and operating system, and details of your device's hardware and software specifications.

We generate and store logs indicating usage of our websites such as activity in our games and public and private chat communications. This includes monitoring play patterns and anti-tamper checks which verify the correct internal operation of our software and are designed to spot abusive or inappropriate activities.

We may track your use of certain features and areas of our websites to help us improve them.

If they do all this, then why the hell haven't they yet banned all of our bots on the spot? They "see" that our Players one after the other log in on the same session, never talk, always do the same ridiculous rounds hours after hours. what the F*** kind of ancient "banning" mechanism is that?

I have been provoking them for weeks now, looooong sessions 24/7. No bans yet???


EDIT: Home: Yes, No gravedig on this kind of info.

tom99
06-01-2011, 12:47 PM
That they use ancient banning mechanism don't come as a bomb lol.

boobooo42
06-01-2011, 04:49 PM
Need to look up standards for EULAs and TOS, and alsofind out what is lawfully allowed in said docs. Just because I "waive my rights" when I agree to it (by clicking, lol) doesn't mean a EULA can have absolute power. Things like constitutions, international law etc. have precedence over some companies quote un-quote contract. For example, if the EULA staed that by using their product, I waive my right to U.S. citizenship, that clause would never hold up in court and the U.S. Government would hopefully come down real hard on their ass.

In the U.S. companies like google are working to update the digital due process laws to give the user more privacy.

Digital Due Process (http://www.digitaldueprocess.org/index.cfm?objectid=37940370-2551-11DF-8E02000C296BA163)

Basically, to update the Electronic Communication Protection Act to protect privacy where privacy is expected, i.e. on ones own computer and between computers (meaning goverments and other groups can't just intercept data.)

I know it is common practice for geeks to be paranoid about such things, but sometimes, chill out man. If you think someone is snooping at your computer... heck we are computer nerds. Write some program to track the accesses and prove it; take 'em to court.

i luffs yeww
06-01-2011, 06:13 PM
If they do all this, then why the hell haven't they yet banned all of our bots on the spot? They "see" that our Players one after the other log in on the same session, never talk, always do the same ridiculous rounds hours after hours. what the F*** kind of ancient "banning" mechanism is that?

I have been provoking them for weeks now, looooong sessions 24/7. No bans yet???

This is exactly why I think there's no automatic banning in place, other than for packet stuff and I dunno what else would be a possibility.

uncfan1119
06-06-2011, 03:54 PM
This is exactly why I think there's no automatic banning in place

This is true as far as modern day macroing, however the automatic system is still in place to find people attempting to use programs like ghostmouse..



I have been provoking them for weeks now, looooong sessions 24/7. No bans yet???


I don't believe they could ban people based on time played a day. It may be a factor that helps red flag an account, but they shouldn't and I don't think they will ever ban just based on time played per day. As far as "play patterns" that is irrelevant having a world wide player base. Play patterns are affected by weather, temperature, energy costs, holidays, night vs day, age, job, family, friends, time of year, security, in-game combat level, in-game skills, in-game content, in-game goals etc..They do not have the technology to monitor that worldwide and could not create a "play pattern" longer then 5 days..Not to mention the database that would log these "play patterns" would take up a huge amount of space. So if any type of player pattern match would take place, they'd have 1 independent variable and compare that to you & the other 200,000 people playing. This would not work because as I have mentioned the world wide player base is affected by different things..

Fun fact for no-lifeing

Randy Gardner holds the scientifically documented record for the longest period of time a human being has intentionally gone without sleep not using stimulants of any kind. In 1964;as a 17-year-old high school student in San Diego, California;Gardner stayed awake for 264 hours (eleven days), breaking the previous record of 260 hours held by Tom Rounds of Honolulu.

Zyt3x
06-06-2011, 04:37 PM
This is true as far as modern day macroing, however the automatic system is still in place to find people attempting to use programs like ghostmouse..Would be fun to test if it even blocks ghostmouse... :P I don't think it would

masterBB
06-06-2011, 04:48 PM
Recently one of my scripts was out of control, spam clicking a wall. When I cam home 6 hours later, it was still clicking. I sometimes have these situations, and I'm not even banned yet.

I think the old banning system has been turned of completely. I can remember someone mentioned that they upgraded the system, but that it gave to much false positives, so they turned it of. Maybe they didn't turned the old system back online?

KingKong
06-07-2011, 12:00 AM
Recently one of my scripts was out of control, spam clicking a wall. When I cam home 6 hours later, it was still clicking. I sometimes have these situations, and I'm not even banned yet.

I think the old banning system has been turned of completely. I can remember someone mentioned that they upgraded the system, but that it gave to much false positives, so they turned it of. Maybe they didn't turned the old system back online?

haha lol, thats soooo like fagex, forgetting to turn on their bot detecting system.