Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
IceKontroI

Conspiracy or insight?

Recommended Posts

Some time ago I stumbled on a thread on a botting forum in which one individual claims to have solved the common issue where his accounts get banned seconds after starting a script. The post is a bit difficult to follow as the posts, pictures, and links seem to be out of sync with the actual post. Here are the major points I took away from the post (I'm not posting them as fact, these are just notes):

  • There appear to be two major components involved in deciding the bans for his accounts:
    • The hardware configuration of his computer (flagged computer)
      • Some UUIDs confirmed by the poster to be used in flagging include Netbios name, Computer name, Localhost name, IPV4/6
      • The poster then states that he suspects that many other UUIDs (possibly all of them) are used, so if any match, you are still flagged even if you obfuscated other ones
    • The activity pattern of the script being used (flagged script)
    • When running a flagged script on a flagged computer, the accounts are immediately locked, usually within 7-15 seconds from script start.
    • Other people running the same script on a different PC experience no bans
    • In some cases getting 150 skill total, then running the flagged script on a flagged PC won't get you banned immediately
  • There also seem to be some additional criteria that influence bans generically
    • Members accounts are far less likely to get banned outright
    • Accounts with a skill level of 150+ seem to be resistant to automatic bans
    • Accounts with verified e-mail addresses appear to be somewhat resistant as well
    • Account age may have a protective effect
    • Differentiating accounts by equipping items in non-essential equipment slots may improve bans
      • Equipping random ranged ammunition stacks
      • Wearing random colored boots
    • The typical concept of "antiban" where a player performs nonessential actions within the process of their script seem to be beneficial (we knew this already)
      • Further, the actions don't need to be related to the script
        • Chopping trees down between actions when training Magic by casting teleportation spells
        • Talking to NPCs while making Bowstring
  • Some factors appear to have no impact, but only in the test scenario
    • MAC address
    • Quest point total

The notes above only focus on factors that influence banrates, and I've not included information about report mechanics, corrupt JMods, how to get your computer/script flagged, or bans of accounts merely associated with the person's accounts. If you want to read more about those topics, read the full post. The bullet points above are simply notes taken from the post. I don't necessarily agree or disagree with them. Please post something if you have supporting or contrary evidence to any of the above points.

Edited by YoHoJo

Share this post


Link to post
Share on other sites

The common argument against these theories is that some knowledgeable people checked Runescape client to see what information is being sent back home, and what isn't, and didn't find anything shady.

My own empyrical testing showed they link something beyond IP addresses and behavioural patterns, so I remain sceptical.

Would it be possible for Jagex to turn on additional checks intermittently, in short bursts, to avoid detection (heh) by community software engineers?

Share this post


Link to post
Share on other sites
2 minutes ago, contemporary said:

Would it be possible for Jagex to turn on additional checks intermittently, in short bursts, to avoid detection (heh) by community software engineers?

Of course they could do that. But also in the post I linked, there was a Wireshark test that tried to figure out if any suspicious packets were being sent to Jagex servers. When the script performed its botlike actions, additional packets were sent, and upon ban, different additional packets were also sent. I wasn't sure of what they actually meant so I didn't include it in the notes, but just ctrl + f search for Wireshark and you'll find the documentation in the full post if you're interested in his findings.

Share this post


Link to post
Share on other sites

I can bet you a million jagex's hired software engineers and researchers, probably have accounts on tribot.

 

they follow our antiban as much as we follow their ban tech. cept they keep theirs  much lower key. which gives them an upper hand.

 

the main core of tribot, done by trilez, is about the only thing not publicly posted.

 

they probably even order scripts, to speed up the methods they used to counter it.

Edited by luberda

Share this post


Link to post
Share on other sites
2 hours ago, luberda said:

I can bet you a million jagex's hired software engineers and researchers, probably have accounts on tribot.

 

they follow our antiban as much as we follow their ban tech. cept they keep theirs  much lower key. which gives them an upper hand.

 

the main core of tribot, done by trilez, is about the only thing not publicly posted.

 

they probably even order scripts, to speed up the methods they used to counter it.

Imagine actually paying someone a salary for spying on a few hundred kids in an online forum.

Share this post


Link to post
Share on other sites
2 hours ago, luberda said:

I can bet you a million jagex's hired software engineers and researchers, probably have accounts on tribot.

 

they follow our antiban as much as we follow their ban tech. cept they keep theirs  much lower key. which gives them an upper hand.

 

the main core of tribot, done by trilez, is about the only thing not publicly posted.

 

they probably even order scripts, to speed up the methods they used to counter it.

I really doubt they do this. The majority of their antiban is based off data heuristics, i.e. the millions of mouse movements they can analyze every day to separate the bots from the real players. The data of the 80k+ player base is their biggest advantage over us, as they can analyze things like mouse movements, fatigue rates, play times, etc.

Share this post


Link to post
Share on other sites
22 minutes ago, wastedbro said:

Imagine actually paying someone a salary for spying on a few hundred kids in an online forum.

Looking at it that way...yeah it sounds bad...

 

but if you hire someone to do something "for a game" "for kids".  The initial investigator will find himself at a chat spot of the person they are countering...to develop counter methods efficiently and quicker.

 

Ive seen investigators do much much crazier shit, for the job.

 

edit: but i doubt its currently (((actively happening))) because the data and algorithm is officially in place now.

 

but that doesnt mean that data, wasnt pulled from counter methods used against the very platforms they are creating ban software for.

Edited by luberda

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Our picks

    • This update features:

      Fixed broken hooks from today's update


      Fix wilderness level with RuneLite (Thanks @Todd)


      Add support for Kotlin .class files in scripts (Thanks @wastedbro)


      Overhaul Inventory API (Thanks @wastedbro)


      Add List support for common methods


      Change method grouping to make more sense (by functionality)


      Refactor methods to utilize Java 8 streams instead of cumbersome loops




      Recognize chatbox minimization (Thanks @JoeDezzy1)


      Fix Screen#isInViewport when NPC chat is open (Thanks @JoeDezzy1)


      Fix login bot bugs (Thanks @erickho123)


      Fix hint arrow return values (Thanks @Encoded)


      Fix depositAllExcept functionality (Thanks @wastedbro)


      Change containing box interface bound and adjust for Y values (Thanks @erickho123)
        • Like
      • 150 replies
    • This release will:

      Fix prayers and world hopper API (Thanks @JoeDezzy1 and @erickho123)


      Improve banking API (Thanks @Encoded)


      Adds methods for returning and using Java Lists, rather than arrays


      Slightly randomizes some hardcoded behaviour


      Removes sleeps from waitConditions; the efficiency saving potential is negligible in these use-cases, therefore cleaner code is preferable


      Other back-end improvements





      Note: If you are using LG, please restart both the RS client and TRiBot.
        • Sad
        • Haha
        • Thanks
        • Like
      • 90 replies
    • This release will:

      Add new internal framework for capturing exceptions


      Fix issue with not selecting the last column in world hopper (Thanks @Todd)


      Add a message about pin usage in Banking#openBank (Thanks @Todd)


      Disable the firewall by default (Thanks @Todd)


      Fix handling of the welcome screen after login (Thanks @Encoded)


      Fix wrong amount bank withdrawal (Thanks @Encoded)


      Fix Screen#isInViewport


      Fix Game#isInViewport (Thanks @Encoded)


      Call onBreakEnd for ListenerManager Breaking Listeners (Thanks @Encoded)


      Fix Prayer#getPrayerPoints NumberFormatException (Thanks @JoeDezzy1)



      Note: If you are using LG, please restart both the RS client and TRiBot.
        • Thanks
        • Like
      • 28 replies
    • This release will:

      Fix LG for both OSBuddy and RuneLite


      Fix issue where the resizable client isn't able to be made smaller (Thanks @JoeDezzy1)


      Fix detection of the logout game tab when resizable mode and side panels are enabled (Thanks @JoeDezzy1)


      Add initial support for Sentry to allow us to identify and easily debug exceptions happening with all TRiBot users


      Add methods to determine if the bank is actually loaded, and not just the overarching interface (Thanks @wastedbro)



      Upcoming updates:

      Improved CLI support


      Full Sentry support


      Much more
        • Like
      • 64 replies
    • This release will:

      Fix NPE in Camera API (Thanks @wastedbro)


      Update deposit box interface ids (Thanks @Encoded)


      Add various bank methods (Thanks @wastedbro)


      Banking#getWithdrawXQuantity


      Banking#getDefaultWithdrawQuantity


      Banking#arePlaceholdersOn




      Fix resizeable minimap bug (Thanks @wastedbro)


      Remove Java 8 requirement


      Please note: TRiBot is not yet fully compatible with Java 10+




      Fix the break handler issues by ensuring the break handler thread never gets paused


      Fix broken settings hooks



      Upcoming updates:

      Improved CLI support


      Much more



      Note: If you are using LG, please restart both the RS client and TRiBot
        • Like
      • 68 replies
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...