Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Buy OSRS Gold

Sell OSRS Gold


  • Content Count

  • Joined

  • Last visited

  • Feedback


Community Reputation

4 Neutral

About ManyGoldPieces

  • Rank
    New Botter

Recent Profile Visitors

589 profile views
  1. It's pretty trivial to change your HWID, at least on Windows. Regedit -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware Profiles\0001, then click HWProfileGuid and change any numbers you want, clear the Jagex cache and do it after every ban wave if you're paranoid. Now if they check individual serial numbers on your HDD or something, it's going to be tougher to spoof. I've never had to do more than the above, though. Playing 2 accounts on one HWID is far from suspicious -- a lot of players have alts, after all. My farms are about 5 accounts per VPS and ban rates are about the same as botting 1 account. I use a variety of bot clients as well, so maybe it's a bit different with Tribot alone.
  2. Their profiling is not that in-depth, otherwise there would a lot of false positives. There are legitimate players running 15 hours per day and never catch a ban, as they themselves confirmed on a data stream. When it comes to anti-cheat, there are really only three things Jagex does: 1. Creating too many accounts on the same IP in a short period of time can get them all banned for a Macroing Major even if you never ran a script on any of the accounts nor during the signup process. This has happened to me and others many times. The solution is to use rotating proxies. 2. If they can detect the client and the fact that you're running a script, that would be proof enough to ban your accounts with absolute certainty that you are botting. I haven't seen any compelling evidence for this, but poorly made clients or changes in detection methods can make this a valid concern. The solution here is to use a different bot client. 3. It's unlikely those are your issues, however. Ban rates mostly boil down to bot clients and specific scripts, and, in my opinion, the way they handle mouse movement, as that is something they provably track from the client. You need to test scripts one at a time on accounts you don't invest a whole lot into, and stick with what works. In the ideal scenario, you would have all of your own private scripts with their own unique quirks. Oh, and NEVER use a script for activities that an autoclicker/mouse recorder can do easily instead, such as Fletching/Cooking/Alching. You should have a ban rate of <=1% if you playback your own mouse recordings as they're guaranteed to be unique. That said, surviving three or four days is decent for a beginner. You're on the right track.
  3. Yeah, there are a few gems to be found throughout the source, not just the mouse recorder. Mouse movement and inputs is likely the prime factor if it isn't the only thing they profile. Even so, I can't think of any factor more damning or evident than reproducing the mouse pattern profile of confirmed bots, and from personal field-testing across hundreds of accounts, paying special attention to the mouse makes all the difference. It seems like a lot to collect, but they could compress that data very easily and I'm pretty sure they send it through packets directly in Client.java.
  4. Anti-cheat in multiplayer games rely on a mix of heuristics and detection of injected code, OSRS is no different. There is nothing special they can do differently short of implementing spyware and seeing when you run a script. I'm not saying mouse movement is the only possible way to trigger bot detection (try clicking on the same door for an hour while your character is stuck), but it is clearly the primary method to distinguish with relative certainty between a bot and a player. After all, the mouse has to be moved in order to accomplish any action in the game. If the injection client is not detected and specifically identified (it isn't), and they can't determine that a script is run (haven't seen any evidence for this in years of botting, otherwise the system would flag you for a ban immediately even if you run an empty script), then the only thing left is heuristics, which is automatically analyzed by the botwatch system. They collect mouse data about 18-22 times per second. I'm sure you're clever enough to put two and two together, this is as close as it gets to absolute proof. Trilez and the developers themselves can attest to this, there is a reason human mouse data was rigorously worked on and implemented. Again, you can even run your own tests with a simple mouse recorder that will reproduce your own human mouse movements -- I have hundreds of accounts that have done just this, and it is my go-to method for training bots. A script that moves the mouse at constant or predictable tick rates with pseudo-random variation will form a bot-like pattern and be caught out nearly instantly if they have the heuristics from other banned bots, whereas you can run the same 5 minute recording of your own human mouse movements and inputs on repeat and be safe for a much longer period of time. I've known this for a long time myself, and public scripts would see dramatic improvements if they took mouse movements seriously and prevented bot-like patterns from forming with them.
  5. @Worthy Fantastic script so far, reacts realistically and the antipattern/mouse movement seems to be on point to avoid immediate bans. If all goes well I'll start another farm with this.
  6. https://github.com/zeruth/runescape-client/blob/master/src/MouseRecorder.java#L40 This is incontrovertible proof btw. Mouse movement is 100% confirmed as the bot detection strategy. Nothing else matters.
  7. You need bots and residential proxies for these types of sites as well if you want to make any real money. They exist, but good luck cashing out on most of them. You can still exploit the BTC sites/faucets fairly easily for quick botting money, I've done it in the past. Just find a decent faucet bot and captcha solver.
  8. The only time reflection is useful is when you have to make the most of scripts with poorly written mouse movement, and even then there's probably still a pattern that's easy to detect. Use better scripts or a mouse recorder if you're paranoid meanwhile.
  9. Tribot only works with Java 8. Make sure you use the 32 bit JDK for best compatibility imo. u102 is a time-tested version for most bot clients, including Tribot. The latest Java 8 should also work just fine.
  10. Most of these theories are only half correct. If you take a look at the deobfuscated game client, you will see that Jagex takes mouse x and y and associated input data at all times. The number one factor in bot detection is mouse movement. It is entirely possible to bot tutorial island or anything on a fresh account, if you want proof simply use a mouse recorder with a few 5-10 minute recordings of you performing any action for the same amount of time that it takes you to get banned using a mediocre script. Having the virtual mouse move at a consistent rates or with discernible patterns is a dead giveaway and can result in bans right away. Humanlike mouse movements will make you invisible to the system, that's all there is to it. Tribot figured this out years ago judging by the archives and is one of a handful of bot clients that take mouse movements seriously as they should. Only use scripts that take full advantage of human mouse data, all others are garbage. This is uniform across all botting clients. Reflection clients like LG are nothing more than CPU-intensive gimmicks for now because of this, but will still be useful if the client is somehow detected. Even if the client is detected, you won't be banned for playing on a botting client, if and only if they can determine with relative certainty that you are botting will they ban you regardless of client. The only realistic reason LG might get you by on poor scripts is because it's possible that the delay between the reflection client and regular game client skews the mouse movement data slightly. As for your LG problem, disable firewall, close out of all other 3rd party applications, and make sure only the 32 bit JDK and the JRE bundled with it are installed. Trying to pigeonhole 64 bit java with 32 bit java is a very bad idea, and the Runelite.jar is 32 bit anyway. LG is broken after today's update, but do this for now.
  11. Private or homebrewed scripts definitely help, especially with methods no one else bots because there are fewer heuristics to compare your activities to, but what bot detection ultimately boils down to is mouse movement. You can play on any proxy or bot client normally without risking a ban, but as soon as you run a script with consistent, poorly thought out mouse movement patterns, that becomes the deciding factor, and it's really obvious if you think about it. It would be a good idea to get VIP-E for the human mouse data and take full advantage of it, or create your own custom mouse movement methods to be basically guaranteed safety. Any account that you don't bot on would be suitable for muling, even a freshly made level 3 works. You should keep mules on separate IPs to be safe. That's all you need to know to be successful.
  12. Looks like the recent update broke LG and it isn't a simple fix. It probably isn't safe to bot for a while even if you do manage a workaround for it.
  13. IPs have almost nothing to do with bans. If that were the case, you'd get banned for playing on a proxy normally. The number one factor in bot detection is mouse movement, I know this because they literally track mouse x and y on the deobfuscated client. Many scripts still pay no attention to this, moving the mouse at consistent tick rates, creating easily detectable patterns that result in bans. Tribot thankfully provides tools to deal with this, but I can't comment on how well every scripter uses them yet. Make sure the scripter takes advantage of human mouse data or lets you set mouse movement parameters and your bots will last longer.
  14. Like some users here, I ran into some trouble trying to test out Looking Glass (thankfully I'm only on a VIP trial for now). After running through multiple fixes posted here with nothing seemingly working, It turns out using a 3rd party program like Proxifier or anything that intercepts your connection, like a firewall, can prevent the client from hooking properly. As soon as I disabled the firewall and exited out of Proxifier, LG worked. I hope this saves some frustration.
  • Create New...