Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
IceKontroI

Conspiracy or insight?

Recommended Posts

Some time ago I stumbled on a thread on a botting forum in which one individual claims to have solved the common issue where his accounts get banned seconds after starting a script. The post is a bit difficult to follow as the posts, pictures, and links seem to be out of sync with the actual post. Here are the major points I took away from the post (I'm not posting them as fact, these are just notes):

  • There appear to be two major components involved in deciding the bans for his accounts:
    • The hardware configuration of his computer (flagged computer)
      • Some UUIDs confirmed by the poster to be used in flagging include Netbios name, Computer name, Localhost name, IPV4/6
      • The poster then states that he suspects that many other UUIDs (possibly all of them) are used, so if any match, you are still flagged even if you obfuscated other ones
    • The activity pattern of the script being used (flagged script)
    • When running a flagged script on a flagged computer, the accounts are immediately locked, usually within 7-15 seconds from script start.
    • Other people running the same script on a different PC experience no bans
    • In some cases getting 150 skill total, then running the flagged script on a flagged PC won't get you banned immediately
  • There also seem to be some additional criteria that influence bans generically
    • Members accounts are far less likely to get banned outright
    • Accounts with a skill level of 150+ seem to be resistant to automatic bans
    • Accounts with verified e-mail addresses appear to be somewhat resistant as well
    • Account age may have a protective effect
    • Differentiating accounts by equipping items in non-essential equipment slots may improve bans
      • Equipping random ranged ammunition stacks
      • Wearing random colored boots
    • The typical concept of "antiban" where a player performs nonessential actions within the process of their script seem to be beneficial (we knew this already)
      • Further, the actions don't need to be related to the script
        • Chopping trees down between actions when training Magic by casting teleportation spells
        • Talking to NPCs while making Bowstring
  • Some factors appear to have no impact, but only in the test scenario
    • MAC address
    • Quest point total

The notes above only focus on factors that influence banrates, and I've not included information about report mechanics, corrupt JMods, how to get your computer/script flagged, or bans of accounts merely associated with the person's accounts. If you want to read more about those topics, read the full post. The bullet points above are simply notes taken from the post. I don't necessarily agree or disagree with them. Please post something if you have supporting or contrary evidence to any of the above points.

Edited by YoHoJo

Share this post


Link to post
Share on other sites

The common argument against these theories is that some knowledgeable people checked Runescape client to see what information is being sent back home, and what isn't, and didn't find anything shady.

My own empyrical testing showed they link something beyond IP addresses and behavioural patterns, so I remain sceptical.

Would it be possible for Jagex to turn on additional checks intermittently, in short bursts, to avoid detection (heh) by community software engineers?

Share this post


Link to post
Share on other sites
2 minutes ago, contemporary said:

Would it be possible for Jagex to turn on additional checks intermittently, in short bursts, to avoid detection (heh) by community software engineers?

Of course they could do that. But also in the post I linked, there was a Wireshark test that tried to figure out if any suspicious packets were being sent to Jagex servers. When the script performed its botlike actions, additional packets were sent, and upon ban, different additional packets were also sent. I wasn't sure of what they actually meant so I didn't include it in the notes, but just ctrl + f search for Wireshark and you'll find the documentation in the full post if you're interested in his findings.

Share this post


Link to post
Share on other sites

I can bet you a million jagex's hired software engineers and researchers, probably have accounts on tribot.

 

they follow our antiban as much as we follow their ban tech. cept they keep theirs  much lower key. which gives them an upper hand.

 

the main core of tribot, done by trilez, is about the only thing not publicly posted.

 

they probably even order scripts, to speed up the methods they used to counter it.

Edited by luberda

Share this post


Link to post
Share on other sites
2 hours ago, luberda said:

I can bet you a million jagex's hired software engineers and researchers, probably have accounts on tribot.

 

they follow our antiban as much as we follow their ban tech. cept they keep theirs  much lower key. which gives them an upper hand.

 

the main core of tribot, done by trilez, is about the only thing not publicly posted.

 

they probably even order scripts, to speed up the methods they used to counter it.

Imagine actually paying someone a salary for spying on a few hundred kids in an online forum.

Share this post


Link to post
Share on other sites
2 hours ago, luberda said:

I can bet you a million jagex's hired software engineers and researchers, probably have accounts on tribot.

 

they follow our antiban as much as we follow their ban tech. cept they keep theirs  much lower key. which gives them an upper hand.

 

the main core of tribot, done by trilez, is about the only thing not publicly posted.

 

they probably even order scripts, to speed up the methods they used to counter it.

I really doubt they do this. The majority of their antiban is based off data heuristics, i.e. the millions of mouse movements they can analyze every day to separate the bots from the real players. The data of the 80k+ player base is their biggest advantage over us, as they can analyze things like mouse movements, fatigue rates, play times, etc.

Share this post


Link to post
Share on other sites
22 minutes ago, wastedbro said:

Imagine actually paying someone a salary for spying on a few hundred kids in an online forum.

Looking at it that way...yeah it sounds bad...

 

but if you hire someone to do something "for a game" "for kids".  The initial investigator will find himself at a chat spot of the person they are countering...to develop counter methods efficiently and quicker.

 

Ive seen investigators do much much crazier shit, for the job.

 

edit: but i doubt its currently (((actively happening))) because the data and algorithm is officially in place now.

 

but that doesnt mean that data, wasnt pulled from counter methods used against the very platforms they are creating ban software for.

Edited by luberda

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Our picks

    • [READ TO THE END FOR A TEASER]

      I've noticed some new TRiBotters have had some troubles finding out sources of how to do certain things, such as using advanced scripts and often get lost in the forums.

      We are still getting posts asking where to start, what to do, recommended scripts, etc. 

      As many of you know, I am new to the team, and had troubles myself learning how to bot, let alone script. 

      So, what our team decided to do was make it easier to learn how to bot, how to script, and just become an overall better botter and scripter faster. 

      As some of you might have seen, I've posted 3 new blogs, you can check it out by clicking on the following picture or here.


      These first 3 blogs are the first of many blogs that will be TRiBot official. They are encouraged to be challenged, improved upon and act as A Best Practices Guide for Botters.

      What information would you like to see in the blogs?

      👇 [TEASER] 👇

      .

      .

      .

      We are going to be hosting a  CONTEST  this  OCTOBER.

      Its scary to think how soon you'll find out.👻

      Stay tuned.


      - RileyZ
      • 7 replies
    • Today marks a big day for TRiBot! To make it easier for users to use TRiBot, we've created installers available for every platform! These installers are all bundled with the latest version of OpenJDK 1.8 (Java 😎, which is LG compatible.

      Using TRiBot is now easy. Simply download the installer for your platform, install TRiBot, and run it. The TRiBot Loader will correctly identify the bundled JDK so there's no need to change the Java selection.

      Windows

      EXE installer: TRiBot-windows-x64-4.0.3.exe


      MSI installer: TRiBot-windows-x64-4.0.3.msi


      Portable version: TRiBot-windows-x64-4.0.3.zip


      Mac OS

      Installer: TRiBot-macos-4.0.3.dmg


      Portable version: TRiBot-macos-4.0.3.tgz


      Unix/Linux

      Installer: TRiBot-unix-4.0.3.sh


      RPM installer (CentOS/Fedora): TRiBot-linux-4.0.3.rpm


      DEB installer (Debian): TRiBot-linux-4.0.3.deb


      Portable version: TRiBot-unix-4.0.3.tar.gz


      Platform Independent

      JAR file: tribot-loader-4.0.3.jar


      Note that this jar file does not include the bundled JDK.



      Windows and Mac OS users may notice a warning message stating that the installer/application is un-recognized or un-trusted. Please ignore this message and proceed with running the installer/application. We need to acquire a code signing certificate so that we can sign the installers letting the operating system know that these files can be trusted. It will take a week or more to acquire one, so please hold tight.

      Other notable changes to the TRiBot Loader:

      Support getting the version from OpenJDK distributions


      Add check for bundled JDK


      Copy OpenJDK tools.jar to the bundled JDK if not present


      Set the current java as the first available list entry


      Ignore Java versions which are symbolic links


      Make the bundled JDK the preferred Java version


      Update icon images


      Reduce the number of HTTP calls
      • 18 replies
    • TRiBot is looking to improve a lot of its customer relationship management, customer on boarding process, customer experience, design elements, community engagement and pretty much everything else you can imagine when it comes to marketing.

      Our goal: To ensure that the marketing done TRULY reflects the experience and does not shine an inaccurate light on what TRiBot is lacking in.

      So I ask, what do you love about TRiBot and what do you hate about TRiBot? What does O S Bot, Rune M8, PowR Bot and Dre amBot do better? (yes I purposely didn't spell it right 😂).

      Love, 

      RileyZ
      • 17 replies
    • Hello TRiBot,

      Today we have a significant release that has been in the works for the last month addressing several key issues, features and bugs in the backlog.

      With these changes, we are also including a new TRiBot Loader which will allow you to select any version that is released. This adds the flexibility of allowing you to revert to a previous version should an issue arise, run development only builds, view an accurate change log between versions etc. we are very proud to offer this feature and think it will add a lot more functionality down the road as we continue to release new versions.

      These changes include 80+ commits by our development team, a list of them is summarized below and also available for your viewing pleasure in the new TRiBot Loader.

      In addition, we have taken additional steps to improve as a development team by adding continuous integration and deployment into our workflow to assist in delivering timely releases such as bug fixes as well as new features on a weekly basis depending on our development cycle.
      • 39 replies
    • Over the last three weeks, I've been working on upgrading our server infrastructure. It's finally ready and is now live!

      Why?

      Increased reliability - less server errors


      Increased availability - less downtime


      Increased security - keeping us and you secure


      Increased capacity - ability to serve you better


      Increased speed - less waiting for things to load


      Faster development - server and service updates will come faster


      What are the changes?

      Move from a single AWS EC2 instance to AWS ECS (Elastic Container Service)


      Distributed computing


      Load balancing


      Git management of server files and filesystem


      Redis caching


      How?

      AWS ECS (with 10 EC2 instances)


      AWS ElastiCache (Redis)


      AWS Load Balancing


      AWS EFS (Elastic file system)


      Please bare with us as I continue to tune the server for maximum performance. Slow loading speeds may occur temporarily. I thank everyone for their patience.

      Please post on this thread if you experience any issues other than slow loading times.
      • 51 replies
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...