Page 1 of 2 12 LastLast
Results 1 to 25 of 39

Thread: few java questions. and idea on insanely autoing on RS

  1. #1
    Join Date
    Feb 2007
    Posts
    66
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default few java questions. and idea on insanely autoing on RS

    Hey

    Ok i've been thinking for a very long time about this.

    In java when you click on something it send the Java server a command to perform.

    So say you click on attack goblin. If will probably send a command to the RS world saying, Attack Goblin at this co-ordinates.

    Now if there was anyway of viewing those commands that the client sends to the server then we can figure out a way to send commands to the server.

    Ofcourse as Jagex is so advanced all the commands will be validated and stuff.
    So like you cant run from varroc to fally.

    But you can send commands to the server to walk/run there step by step.


    So does anyone know if it is possible to view these commands.
    Oh btw I have no clue on how java works so i dont even know if it actually does what i said.

    But if this was possible Autoing would be near 100% accurate. It would make everything so much easier.

    For example if you were Automining coal, the server sends a message to the client that there is no coal so the client updates the rock with the empty rock image.
    The server then sends the client another message to say there is coal update the image. The script can use this to mine. It would be so much more efficient.

    Anyway I think I'm just dreaming a bit too much.

    Oh btw this could also be done with a packet sniffer. Maybe. Just send the server packets instead of commands.

    Let me know what you guys think.

  2. #2
    Join Date
    Jun 2006
    Location
    Tennessee, USA
    Posts
    2,603
    Mentioned
    1 Post(s)
    Quoted
    46 Post(s)

    Default

    thats what aryan did...

  3. #3
    Join Date
    Feb 2007
    Posts
    66
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    hmm, Read his name a few times.

    Who is he?
    And have you got a link that could fill me in this?

    Would love to see it in action.

  4. #4
    Join Date
    Jun 2006
    Location
    Tennessee, USA
    Posts
    2,603
    Mentioned
    1 Post(s)
    Quoted
    46 Post(s)

    Default

    Quote Originally Posted by stylen View Post
    hmm, Read his name a few times.

    Who is he?
    And have you got a link that could fill me in this?

    Would love to see it in action.
    lol aryan isnt a person, it was a runescape bot. read about it here
    http://kaitnieks.com/AutoRune/

  5. #5
    Join Date
    Sep 2006
    Posts
    5,219
    Mentioned
    4 Post(s)
    Quoted
    1 Post(s)

    Default

    General rule:

    The easier it is to script for, the easier it is to detect.

  6. #6
    Join Date
    Aug 2006
    Location
    London
    Posts
    2,021
    Mentioned
    2 Post(s)
    Quoted
    0 Post(s)

    Default

    aryan didnt do that, but autorune did
    Join the Official SRL IRC channel. Learn how to Here.

  7. #7
    Join Date
    Feb 2007
    Posts
    66
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Hmm, didnt realise it was already done.

    Ahh well, guess I'll stop thinking about that from now on.

  8. #8
    Join Date
    Feb 2006
    Posts
    411
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by Boreas View Post
    General rule:

    The easier it is to script for, the easier it is to detect.
    not at all, it depends on the attention the botmake paid to traps.

    example old versions of scar did not send all events and therefore were detected.

    example mouse functions are dected not based on the bot but on the function.
    www.rscheata.net
    Home of iBot on neXus: a multi-client, minimizable, Hyrid, Color, Reflection, scriptable, multi-threaded Java Bot.

  9. #9
    Join Date
    Feb 2007
    Posts
    66
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    jagex can't detect ur mouse can they.

    When you play the game it uses the windows mouse.
    The game doesnt take over the mouse.

    I wouldnt think they would be able to detect mouse movements.

  10. #10
    Join Date
    Jun 2006
    Posts
    3,861
    Mentioned
    3 Post(s)
    Quoted
    1 Post(s)

    Default

    Of course they can detect your mouse movements...

  11. #11
    Join Date
    Feb 2006
    Posts
    411
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by stylen View Post
    jagex can't detect ur mouse can they.

    When you play the game it uses the windows mouse.
    The game doesnt take over the mouse.

    I wouldnt think they would be able to detect mouse movements.
    mouse info is taken at the rate of about 5-10 points a second.
    www.rscheata.net
    Home of iBot on neXus: a multi-client, minimizable, Hyrid, Color, Reflection, scriptable, multi-threaded Java Bot.

  12. #12
    Join Date
    Feb 2007
    Posts
    66
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Ohh,

    Hmm, Jagex know what the hell they are doing.

    Ahh well, i guess my idea's scrapped.

    Just need to write SCAR/SRL scripts. Seems like the best way ATM

  13. #13
    Join Date
    Jun 2006
    Posts
    31
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by Yakman View Post
    aryan didnt do that, but autorune did
    They both did, AutoRune maintained its own object collection during runtime through the parsing of incoming data (pre-Runebot anyway?), and Aryan simply inspected the existing one in the client. Both relied on the "image" (aka id) of the object.

  14. #14
    Join Date
    Feb 2007
    Posts
    66
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    So how did these programs die.

    The idea behind it should be more successful then SCAR and SRL.

  15. #15
    Join Date
    May 2006
    Location
    West Coast
    Posts
    820
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    These programs died because the way they did things involves how RS does things, and when RS changes things...(new engine) It kills the things that revolve around the previous RS things.

  16. #16
    Join Date
    Dec 2006
    Location
    Australia
    Posts
    698
    Mentioned
    0 Post(s)
    Quoted
    2 Post(s)

    Default

    Thats why scar is so good in terms of the future, It would be pretty much impossible to kill a colour reliance program off..

  17. #17
    Join Date
    Feb 2006
    Location
    n00bland
    Posts
    17
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    It's impossible to view the commands, the packets are encrypted.

  18. #18
    Join Date
    May 2006
    Posts
    56
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by ilyaostr View Post
    It's impossible to view the commands, the packets are encrypted.
    So what's the client do?

    Anyway, this is still possible in theory. It's just prohibitively difficult. You see, you're absolutely correct that the idea should be more successful than SRL and SCAR - it was. It was, in fact, so successful that for years Jagex focused its security updates almost entirely on killing packet bots. So now we have two or three encryption/obscuration algorithms at work on various parts of the protocol that require client hacks to break into. In addition, the protocol itself changes (packet headers, encoding methods, and maybe even payload layouts) every so often. There are also routines in the client that let the server tell if you're actually using a client (and whether or not it's their client, if you're not careful).

    All of that combines to give any particular release of a packet-based bot a lifespan of about a week (if you're lucky...first sight of a viable packet bot and they'd probably update within the hour). To keep it going longer you'd need a really good updating system, which would be a royal pain to write. Compare that to the "write-once-use-forever" nature of a color-recognition script and you can see why no one does packet bots anymore

  19. #19
    Join Date
    Feb 2006
    Location
    Franklin, Ohio, USA
    Posts
    991
    Mentioned
    1 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by ilyaostr View Post
    It's impossible to view the commands, the packets are encrypted.
    Only the login packet, because it contains the password.

    It is possible to see all of these 'commands' (they are packets) with a program formerly called ethereal, I believe it is called wireshark now.

    As to why autorune died, it is because now every week (every update happens about once per week) runescape changes their entire protocol structure, so it would be near impossible to keep a cheat that operated just by packets updated. Suffice it to say it would be much easier to cheat in different ways, such as updating a bot via bytecode.

  20. #20
    Join Date
    Jun 2006
    Posts
    50
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by moparisthebest View Post
    Only the login packet, because it contains the password.

    It is possible to see all of these 'commands' (they are packets) with a program formerly called ethereal, I believe it is called wireshark now.

    As to why autorune died, it is because now every week (every update happens about once per week) runescape changes their entire protocol structure, so it would be near impossible to keep a cheat that operated just by packets updated. Suffice it to say it would be much easier to cheat in different ways, such as updating a bot via bytecode.
    It just changes protocol?
    I thought they changed the encryption every update?

  21. #21
    Join Date
    Feb 2006
    Location
    Franklin, Ohio, USA
    Posts
    991
    Mentioned
    1 Post(s)
    Quoted
    0 Post(s)

    Default

    Quote Originally Posted by t3h ub3r k1tten View Post
    It just changes protocol?
    I thought they changed the encryption every update?
    The only encryption is on the login packet to protect the password, but yes that of course changed as well.

  22. #22
    Join Date
    Jan 2007
    Posts
    23
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    I think they might be using additional kinds of encryption now. I used Wireshark to sniff the packets and although a few of them were unencrypted, many of them seem to be encrypted (I was unable to locate chat packets, for example).

    In any case, that's not the only obstacle. For what I know, server and client are supposed to be using a pseudo-random number generator to "encrypt" the op-code of each packet, and the seed for the generator is given (encrypted with RSA) to the client. Without that seed, it is impossible to obtain the op-code of each packet.

    In order to be able to decrypt RSA, you would need to know the the server's public key and the client's public key, one for incoming packets, and the other for outgoing packets. One is kept by the runescape client itself, and we can assume that it changes with every update (that is, weekly) or that it is randomly generated, the other is sent to the client by the server.

    Even if we got to be able to read the packets, and decrypt the packets, we would be unable to send packets back to the server, without much more trouble. Besides, the protocol (opcode numbers, content order, byte order system) changes with every update too. So basically, any program that was made would have to be updated weekly, and seeing how hard reversing the client to the point of being able to make one is, that would be, at least, quite tiresome.

  23. #23
    Join Date
    Oct 2006
    Location
    I'm a figment of your imagination
    Posts
    422
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Technically it would be possible if you used statistic analyzation of RS's packets and made the client sniff out the way the RS server works by analyzing what happens after EVERY command packet wise. Would take a LOT of work though, and I don't think anyone from the open-source community would be able to take this task on himself. Only the NSA or the DoD have these kinds of resources.

    I think the best way to do this kind of work, if ever, would be to use RS's own client to avoid suspicion and put a packet modulator between the network connection and the client. This modulator would intelligently filter out relevant packets (such as coords) and change them to what the autoer wants. Used in combination with a color clicker, this could greatly improve accuracy and speed - but because of the constant updates, would need a lot of maintenance or a lot of intelligent filters...

    EDIT: I mean, you don't edit the packets, you just use them to gather info i.e. where the rock is located on screen approximately and then you can use SCAR to figure out the exact location using findcolor. You already know the color because you can figure out what the video color random factor is by intercepting the packets - I don't think it's clientside, because else it would be harder to detect people autoing and easier to control by RS. And if it's clientside, there arises another question: is it possible to access memory used by the java client?

    It's been a while... but I'm BACK!!!

  24. #24
    Join Date
    Jun 2006
    Posts
    31
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    Ya.

    Network traffic manipulation is a bit stupid given you'd need to start emulating all the input events in the form of packets, basically having to recreate their 3D engine in some ways -.-'.

    Anyway, as for the encryption, each frame (command) ID is encrypted with a new key every time using some rotation algorithm thingy .. o_O, but a lot (nearly all?) of the time the actual packet data isn't? RSA is only used for login packet tbh.

  25. #25
    Join Date
    Jan 2007
    Posts
    23
    Mentioned
    0 Post(s)
    Quoted
    0 Post(s)

    Default

    The op-code of each packet is light encrypted using a synchronized pseudo-random number generator. Probably they just add the random number to the real op-code.

    The idea itself isn't bad, I thought of trying myself, but in the end without the statistical analysis someone suggested or some other complex thing, it would have to be updated too often, and it would take too much trouble to be worth the effort.

    Just in case someone feels like trying (keep me informed if you do or is just curious, my plan was to use PCap (C++ library for packet sniffing) to sniff the packets, then parse them in order to have "priviledged" information about the state of the game, and then respond as a standard color clicker bot. That would make a bot as indetectable as Scar, but with much more precise information about the game (such as coordinates, inventory, randoms, etc.). Of course there are countless problems and that's why I gave up but well.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. More Java Questions! (Beginner's stuff)
    By Kik in forum Java Help and Tutorials
    Replies: 6
    Last Post: 01-05-2008, 11:54 PM
  2. A few questions... I'm an extreme newbie at Java
    By Kik in forum Java Help and Tutorials
    Replies: 5
    Last Post: 12-01-2007, 07:43 AM
  3. 2 questions about bans for autoing.
    By CheetahNub in forum RuneScape News and General
    Replies: 11
    Last Post: 08-21-2007, 02:05 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •