Results 1 to 20 of 20

Thread: How can Jagex Stop bots?

  1. #1
    Join Date
    Mar 2015
    Posts
    189
    Mentioned
    3 Post(s)
    Quoted
    73 Post(s)

    Default How can Jagex Stop bots?

    Hello,

    Lets picture that you would be working for jagex to stop bots, how would you approach this withouth interfering with the normal player gameplay?

    Lets see some interesting suggestions!

  2. #2
    Join Date
    Dec 2011
    Posts
    2,147
    Mentioned
    221 Post(s)
    Quoted
    1068 Post(s)

    Default

    Quote Originally Posted by Brandon
    I don't see why these threads come up so often and it's always the same thing :S "How to detect SMART or Simba".. Since most use Windows (most stuff below is native).. Anyway, you could just ask Benland100 how to detect SMART. He will most likely tell you the best way. For Simba, it's harder.. by a lot.. Go to gamedeception or unknowncheats and look at the decompiled code and circumventions for many detection engines (ie: punkbuster) to see how they do it: http://www.unknowncheats.me/forum/anti-cheat-bypass/ Post a thread on rohitab or w/e.. they will tell you exactly how a company could detect you. Some games are so serious about cheating, they ban you by hardware ID's.. lol.


    Here's the most naive ways I could come up with (by no means advanced):


    Simba:

    - ReadProcessMemory from Winapi could scan for a specific signature in each process (perhaps the layout of one of the functions that hasn't changed in ages). Just like how malware scan for signatures (and UGC condition zero servers).

    - Get each process's physical location on disk, map the file, and scan for known signature and name.

    - Scan each process's import and export tables.. Look for "FindCol" or "FindColorTol", etc..

    - Scan each process's folder for .dll's or export table to find all loaded modules.. Read each dll's export table. Look for tesseract's exports, smart's exports, etc..

    - If simba uses SendInput and set the dwExtraInfo as the hwnd or anything that can be used to identify it, you can read this with a low-level keyboard or mouse hook. And yes, that would rule out teamviewer and vnc (no false positives).

    - Scan the resource table (almost never changes). Read the resource strings, images, etc..

    - Install a global hook module (installs to every process automatically aka low-level hook [similar to keyboard mouse hook]) and hook any GDI functions that deal with bitmaps (GetDC is extremely common; if not, a must). Check if the returned DC or HWND parameter is that of our applet. Ban for attempting to screen scrape. Unhook upon termination (as usual).

    - Install a global hook module. Do whatever you want to detect whatever you want. Global hooks are installed into every process (FRAPS for example.. uses such a hook to decide what dx applications to capture).


    Smart:

    - Scan module tables: LoadLibraryEx("some_module.dll", NULL, DONT_RESOLVE_DLL_REFERENCES); and check for exported function names that don't belong. Anything beginning with SMART_. You'd of course enumerate each module from all processes running (keep a hash table of the names of modules checked already.. this way you don't check the same ones twice [user32, kernel32, etc.. are loaded by every process always]). This is actually very fast. Also can be done in a thread.

    - Scan the PEB and TEB tables (undocumented winapi) to see if any unknown modules were loaded once or twice (opengl or direct-x or any smart plugins and smart itself.. can be patched). VAC2 does this (or at least.. they used to. Not sure if they still do). The PEB alone contains: ProcessParameters, BeingDebugged, ImageBaseAddress, ImageSubsystem (can be used to see if it is a DLL or EXE.. Smart is a dll), .

    - Scan the PEB table (could also just use NtQueryInformationProcess to get a pointer to it) and read: RTL_USER_PROCESS_PARAMETERS. SMART passes specific parameters upon creation of the process. RTL_USER_PROCESS_PARAMETERS contains: CurrentDirectory, ImagePathName, CommandLine, DebugFlags, WindowTitle.

    - ipcs -m on linux will give a list of processes using SharedMemory. Since RS does not use it and has no need for it, you can ban if your process id shows up in the list (granted, this is a pretty bad technique). SMART relies on SHM. On windows, use: GetMappedFileName.

    - Scan the title bar (ineffective)

    - Get the highest parent of the applet owner. Use reflection to get the hwnd, call GetWindowClass, if it's not the regular, ban.. Most bots use SunAwtFrame (a JFrame).. but a browser doesn't.. Would probably have to take measures to not ban that RSBuddy thing.

    - Call CreateToolhelpSnapshot(TH32CS_SNAPMODULE, processID) to find a list of all modules loaded (same as peb/teb.. patch peb/teb, it disables this). Scan each module's import and export table for smart's exports, OpenGL smart plugin export, direct-x smart plugin export, etc..

    - Call List<String> getInputArguments() to get a list of JVM arguments. Look for -Xbootclasspath and ban.. Use JNI to make this not easily patchable by regular java programmers. There is no browser out there that uses -Xbootclasspath and neither does the official client.

    - Use JNI, attach to current JVM using JNI_GetCreatedJavaVMs (from jni.dll/jni.so). Attach to the first JVM found (because usually only one JVM can be ran per process). After attaching, call whatever you want. I'd call "env->FindClass" to find classes that are known to be in bots. Can be used for injection bots as well.. Hard to remove for the average Java programmers. You have a pointer to the JVM, environment, etc.. You can do whatever you feel like.

    - To prevent removal of library loading from the Java side (such as System.load or System.loadLibrary), I'd have the module ping the server upon loading with the same identifier they use when a jar is distributed per person. That way, if you log in and the server doesn't have the ping + extra info for that client, ban the user for circumvention.

    - Implement a java security policy to prevent reflection and "setAccessible": System.setSecurityManager(new SecurityManager()) should do the trick. Otherwise a custom security manager can be used.

    - Call NtQueryInformationProcess (undocumented) and check for the ProcessImageFileName and ban upon known names. Call the same function to check for the parent process id and name and signature (because Simba start's SMART with shellexecute, simba would be detected here and not SMART itself).


    Could go on forever.. Now stop asking these questions. Every bot is detectable in infinite amounts of ways (and the dumbest/naive but easiest ways are shown above).. Do they do it? No.. do they have time for it? maybe.. Do they have the knowledge on their team? Maybe.. You'll never know.. It can be done (natively as mostly shown above or on the java side [barely shown above]). Cat-mouse game goes on; it is a risk you take with ALL bots.

    You'll know if you're being hunted (everyone would be banned.. not just you) and that's all the proof you need..
    Best post on the subject I've seen yet. Maybe we should make a sticky for all these threads

  3. #3
    Join Date
    Jan 2007
    Posts
    31
    Mentioned
    0 Post(s)
    Quoted
    4 Post(s)

    Default

    Nice try Mod Mark.

  4. #4
    Join Date
    Dec 2011
    Posts
    2,147
    Mentioned
    221 Post(s)
    Quoted
    1068 Post(s)

  5. #5
    Join Date
    Jan 2012
    Posts
    85
    Mentioned
    0 Post(s)
    Quoted
    40 Post(s)

    Default

    i read a whitepaper by a phd candidate a few years back about bot detection. in summary, he concluded the easiest way to detect bots was by using regression to determine the frequency and continuity of actions. the idea was to use server wide telemetry to find certain outliers that differentiated from from organic human behavior

  6. #6
    Join Date
    Jan 2007
    Location
    East Coast, USA
    Posts
    138
    Mentioned
    0 Post(s)
    Quoted
    38 Post(s)

    Default

    I'd put captchas in the game required to solve for specific actions. And ofc a way to pay in RuneCoins to avoid the captchas.

  7. #7
    Join Date
    Aug 2013
    Posts
    105
    Mentioned
    0 Post(s)
    Quoted
    43 Post(s)

    Default

    Quote Originally Posted by fastler View Post
    I'd put captchas in the game required to solve for specific actions. And ofc a way to pay in RuneCoins to avoid the captchas.
    I'm pretty sure everyone in Runescape would quit if this happened captcha is by far the most annoying thing on the internet!

  8. #8
    Join Date
    Dec 2011
    Location
    Holland
    Posts
    545
    Mentioned
    0 Post(s)
    Quoted
    19 Post(s)

    Default

    Quote Originally Posted by fastler View Post
    I'd put captchas in the game required to solve for specific actions. And ofc a way to pay in RuneCoins to avoid the captchas.
    This was actually done in RuneScape classic, people had to sleep in-game every once in a while and had to solve a captcha before continuing. There was actually an IRC system so that botters could solve them for others and get credits to have them solved for their own bot. (If I remember correctly)

  9. #9
    Join Date
    Feb 2006
    Location
    Helsinki, Finland
    Posts
    1,395
    Mentioned
    30 Post(s)
    Quoted
    107 Post(s)

    Default

    Quote Originally Posted by Chris View Post
    This was actually done in RuneScape classic, people had to sleep in-game every once in a while and had to solve a captcha before continuing. There was actually an IRC system so that botters could solve them for others and get credits to have them solved for their own bot. (If I remember correctly)
    Yep Chris, you remember right. As in, good ol' SleepWalker (link is to Kaitnieks.com page, "SleepWalker history"-section has some nice details aswell)

    I personally typed thousands of words in it back then. Fun times, hehe.

  10. #10
    Join Date
    Mar 2015
    Posts
    189
    Mentioned
    3 Post(s)
    Quoted
    73 Post(s)

    Default

    Quote Originally Posted by flambint View Post
    Best post on the subject I've seen yet. Maybe we should make a sticky for all these threads
    Very interesting post man, good to know that bots are actually quite simple to detect, but I think jagex is holding back a lot more because their not allowed to scan files/process on our machine? They spent so much time on the botwatch, it's hard to think that they won't do some of the options that were listed above.
    Quote Originally Posted by Clarity View Post
    Nice try Mod Mark.
    Had me laughing there

  11. #11
    Join Date
    Dec 2011
    Location
    East Coast, USA
    Posts
    4,231
    Mentioned
    112 Post(s)
    Quoted
    1869 Post(s)

    Default

    Quote Originally Posted by fastler View Post
    I'd put captchas in the game required to solve for specific actions. And ofc a way to pay in RuneCoins to avoid the captchas.
    This was done in RuneScape Classic. Sleeping bags. Of course the scene quickly found a way around that ... good old Kaitnieks and his SleepWalker program.

    E: didn't see Chris and Jani's posts above
    GitLab projects | Simba 1.4 | Find me on IRC or Discord | ScapeRune scripts | Come play bot ScapeRune!

    <BenLand100> we're just in the transitional phase where society reclassifies guns as Badâ„¢ before everyone gets laser pistols

  12. #12
    Join Date
    Sep 2008
    Location
    Not here.
    Posts
    5,422
    Mentioned
    13 Post(s)
    Quoted
    242 Post(s)

    Default

    100% guaranteed way to stop bots: Kill Runescape.

  13. #13
    Join Date
    Dec 2011
    Location
    East Coast, USA
    Posts
    4,231
    Mentioned
    112 Post(s)
    Quoted
    1869 Post(s)

    Default

    Quote Originally Posted by tls View Post
    100% guaranteed way to stop bots: Kill Runescape.
    Inevitable, no? But if RuneScape dies, so does Jagex. I'm not aware of any other product that they produce as a company.

    So technically, that won't be Jagex stopping bots ... it'll be a realization of the impossibility of RuneScape's infinite continuation...
    GitLab projects | Simba 1.4 | Find me on IRC or Discord | ScapeRune scripts | Come play bot ScapeRune!

    <BenLand100> we're just in the transitional phase where society reclassifies guns as Badâ„¢ before everyone gets laser pistols

  14. #14
    Join Date
    Sep 2008
    Location
    Not here.
    Posts
    5,422
    Mentioned
    13 Post(s)
    Quoted
    242 Post(s)

    Default

    Quote Originally Posted by KeepBotting View Post
    Inevitable, no? But if RuneScape dies, so does Jagex. I'm not aware of any other product that they produce as a company.

    So technically, that won't be Jagex stopping bots ... it'll be a realization of the impossibility of RuneScape's infinite continuation...
    Irregardless, it would stop bots.

  15. #15
    Join Date
    Dec 2011
    Posts
    2,147
    Mentioned
    221 Post(s)
    Quoted
    1068 Post(s)

    Default

    Quote Originally Posted by KeepBotting View Post
    Inevitable, no? But if RuneScape dies, so does Jagex. I'm not aware of any other product that they produce as a company.

    So technically, that won't be Jagex stopping bots ... it'll be a realization of the impossibility of RuneScape's infinite continuation...
    Block N Load. It's very very good imo.

  16. #16
    Join Date
    Dec 2011
    Location
    East Coast, USA
    Posts
    4,231
    Mentioned
    112 Post(s)
    Quoted
    1869 Post(s)

    Default

    Quote Originally Posted by Clarity View Post
    Block N Load. It's very very good imo.
    Huh?
    GitLab projects | Simba 1.4 | Find me on IRC or Discord | ScapeRune scripts | Come play bot ScapeRune!

    <BenLand100> we're just in the transitional phase where society reclassifies guns as Badâ„¢ before everyone gets laser pistols

  17. #17
    Join Date
    Jun 2012
    Posts
    4,867
    Mentioned
    74 Post(s)
    Quoted
    1663 Post(s)

    Default

    Quote Originally Posted by KeepBotting View Post
    Huh?
    It's another game made by Jagex.

  18. #18
    Join Date
    Mar 2014
    Posts
    205
    Mentioned
    4 Post(s)
    Quoted
    116 Post(s)

    Default

    Quote Originally Posted by KeepBotting View Post
    Huh?
    As far as I can tell, it's sort of a first person shooter MOBA mixed with Minecraft.

  19. #19
    Join Date
    Aug 2006
    Posts
    33
    Mentioned
    1 Post(s)
    Quoted
    10 Post(s)

    Default

    Quote Originally Posted by adc View Post
    As far as I can tell, it's sort of a first person shooter MOBA mixed with Minecraft.
    What i played of it on the free steam weekend they had, it was a bit meh. It didnt really have any real replay value for me. I did enjoy mining udnerground and popping up at the enemy base but it got old after a few games.

  20. #20
    Join Date
    Dec 2011
    Location
    East Coast, USA
    Posts
    4,231
    Mentioned
    112 Post(s)
    Quoted
    1869 Post(s)

    Default

    Quote Originally Posted by adc View Post
    As far as I can tell, it's sort of a first person shooter MOBA mixed with Minecraft.
    Quote Originally Posted by ste View Post
    What i played of it on the free steam weekend they had, it was a bit meh. It didnt really have any real replay value for me. I did enjoy mining udnerground and popping up at the enemy base but it got old after a few games.
    I'm sure it's a rehash of the age-old elements that makes games like Minecraft, Counter-Strike and Team Fortress fun to play.

    No doubt it's enjoyable while the novelty lasts, but from the trailer, it looks like "League of FortressCraft-Strike."
    GitLab projects | Simba 1.4 | Find me on IRC or Discord | ScapeRune scripts | Come play bot ScapeRune!

    <BenLand100> we're just in the transitional phase where society reclassifies guns as Badâ„¢ before everyone gets laser pistols

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •