• Visit Rebornbuddy
  • Visit Panda Profiles
  • Visit LLamamMagic
  • [Guide] Hiding your bots

    Discussion in 'Archives' started by eddie4, Mar 5, 2011.

    1. eddie4

      eddie4 New Member

      Joined:
      Sep 16, 2010
      Messages:
      296
      Likes Received:
      8
      Trophy Points:
      0
      Hiding Your Bot

      This guide will NOT learn you how to hide your bot’s. It will educate you in the ways you can get detected it is up to you to choose which protection methods you want to use to protect you against these detection mechanisms. Please note that I am not a blizzard employ nor have I decrypted WoW/Warden so I can’t promise that these are the only things they check if not less. Oke that was the disclaimer, now then let’s get into the interesting stuff.


      First things first, Are you running multiple bots at the same time aka concurrent connections? If your answer is: No, then this topic will not help you protect your account. Applying these extra countermeasures will only add to your account insecurity. However if you have multiple bots at once this topic might help you safe them.

      The Golden Rule for botting is: If you can’t change it for every session then don’t bother changing it at all.
      Your bot can be identified in multiple ways: Your connection to the Blizzard, Client Information, Ingame Behavior and Submitted information I’ll go through them point by point.



      Your connection to the Blizzard:

      Everyone that plays wow is connected to Blizzard playing wow would be a lot less fun if it wasn't. Your connection to blizzard looks like this:
      tcp connections.png
      It shows your applications and there connections to servers. Every connection made to wow servers is made by TCP/IP packets and IP packets looks like this.
      voip_5.gif
      This is important because as you can see the TCP packet shows your public ip-address. So blizzard can only identify your connection by IP. Not by MAC But But.... Everyone I saying they ban by MAC Well ill get back to you on that in the Client Information part of this guide.

      So what can blizzard do whit this information. Well they can identify who plays wow from what connection one could say building. If you go to your school or company it will most likely use the same public ip-address for every computer in the building so they can't do much whit that. If they ban via IP they could hit an Internet cafe and have hundreds of angry clients so they won't do so.


      Client Information:

      This is where blizzard will get most of their information. We currently don’t know exactly what information they are getting but we can make an educated guess. Information they could get from your pc:

      IP-Address
      Mac-Address
      SID (Security Identifier)
      GUID (Globally unique identifier)
      Other hardware IDs

      IP-Address:

      But Eddie Didn’t we just talk about this? Yes we did but here it comes again. This time we have got your computer IP-Address. This is usefull because if this is not an privat IP but public IP and the connection IP that we talked about earlier is not the same then there is something fishy going on. Your either running an VPN or proxy or using public IP’s internally which is very uncommon. But most people will be on an private address (10.x.x.x 172.31.x.x or 192.168.1.x) This combined whit the public address and they just identified your computer. If you got reported on one account then they might investigate if you have more clients running on that computer.

      Changing IP-address is the easiest one to do you just get an VPN or Proxy and get your wow to connect trough them. Although a Warning changing your IP address multiple times will get noticed especially if it’s in different country’s so either make sure you always use the same one or leave a day between going offline and reconnecting !!! (This got me in to trouble)


      Mac-Address:

      Media Access Control in short MAC address is a hardware ID that is used to identify your computer before it can get an IP-Address. It is unique for every network card. Changing this will be more of a challenge. Remember you want it to be unique for all your wow sessions.

      I have done some tests where you bind an application to an network adaptor and if you are smart you will bind this to an VPN interface. Although this should change the adapters connected to the application we do not know in what way blizzard detect’s the mac-address. And remember the golden rule: If you can’t change it for every session then don’t bother changing it at all.


      SID (Security Identifier):

      Changing your SID is easy like IP and MAC address. But what we want is different ID’s for all our WoW sessions. Which You simply CAN’T for each sessions!!!!! But we are in luck because SID are personal and used to identify your computer in networks the chance of Blizzard sending this to their server is almost 0%. If they are it’s time to start a lawsuit.

      GUID (Globally unique identifier):

      Well this is the hardest one you can’t change this for each of your sessions. But unlike SID GUID does not have security implications. Many applications use this for their licenses if this changed then I must be on another computer does my license does no longer work. The only way to change this is to change the motherboard in your computer. This is most likely the one blizzard will check on and is confused by a lot of people for being banned on MAC.

      Other hardware IDs:

      I have seen topic’s of people claiming that they got banned on harddisk id’s although not for WoW but I see no reason why any programmer would the same goes for other hardware ID’s. The above are easier to get for software and provide better security. There is no indication of blizzard using harddisk or any other ID’s


      Ingame Behavior:
      Under ingame behavior I file anything you can do in game. A big part of the security ingame is provided by the HB Team. And can be improved by setting your bot up whit so that looks as much as a player as HB will allow. But I won’t get into that because that will be more then what I have written so far.

      Things to avoid are:
      Posting auctions on your bot char.
      Botting in a small area for a long amount of time.
      Transferring large amount of gold between accounts.
      Flooding the AH whit materials from the same bank char.
      Trading any amount of gold between accounts that you don’t own whit out using a mule account.

      More tips here
      http://www.thebuddyforum.com/honorbuddy-forum/guides/99-guide-not-target-bans-tony.html


      Submitted information

      You would be surprised how much information you have given to create an account. My advice is never use the same name twice. But this makes for a lot of paper work: Different names, Secret questions and most annoyingly Email address. Which you can enter all that information again. You could make up all that information on the spot but what if you get hacked or for another reason blizzard asks for your information you entered. Well they didn’t mail that info to you so you need to have remembered it or have saved it somewhere. Well thankfully they have added summary at the end of the account creation. That you can now copy into a text file this whit the serial key will get you past all blizzard ID tests. Well now you have this information stored you can make up all the names you want. I normally mix first name and last name of friends of mine. Well now I need to make a shitload of email address that I can use.

      You should also not give blizzard and payment information. Get your keys and game time at sites that have no affiliation whit blizzard like randyrun or offgamers



      How do I make my bot’s safe

      Dam that was a long read… Yes now how do I hide my bot’s? Well that’s up to you I have shown you in what ways blizzard is able to be detect you. But we lack information to say whit 100% certainty which methods they are using. When you see someone that just lost 3 or more accounts ask them which protection they had?

      Why don't you tell us how you have your bots protected against the above named scanning methods? Because gold selling is a competitive business many gold sellers will mean lower gold prices and less profit for all of us.

      If you are going to copy this to another site and sins this is the internet someone will, give credit and sent me a PM where you posted it.
      Thanks

      Eddie4
      Student at Network Infrastructure Design, Last year
       
      Last edited: Apr 4, 2011
      Crazyd22 and greaterdeath like this.
    2. Lawa

      Lawa New Member

      Joined:
      Jan 24, 2010
      Messages:
      85
      Likes Received:
      0
      Trophy Points:
      0
      Nice guide! Got one question that you might be able to answer.

      "Flooding the AH with materials from the same bank char".
      Have anyone reached the flooding point?
      Since I started botting i've been putting out approx 60 stacks of each material (herbs/ores) on AH at once, 3 times a day. This results in almost 200 stacks each day. I have done this since wotlk and Im still not banned.
      It must be some kind of algorithm Blizzard are using, I can hardly believe GM's are watching AH transactions :p
       
    3. eddie4

      eddie4 New Member

      Joined:
      Sep 16, 2010
      Messages:
      296
      Likes Received:
      8
      Trophy Points:
      0
      I do not expect GM's are taking a look at the AH, Users are if they see you flooding AH whit 30 stacks of the same herb every day then they might begin to think but like you said instead of flooding it all in one day you post more times a day whit different herb.
       
    4. Hayo

      Hayo New Member

      Joined:
      Feb 23, 2011
      Messages:
      60
      Likes Received:
      0
      Trophy Points:
      0
      I have traced an annoying botter destroying the ah. check when he goes offline and then /who 85 twilight higlands. I have yet to report him cuz i don't want to be an asshole but I might. I delete my bankalts every 2 weeks just in case. Botters dont want attention in any way shape or form, this MAY help.
       
    5. Lawa

      Lawa New Member

      Joined:
      Jan 24, 2010
      Messages:
      85
      Likes Received:
      0
      Trophy Points:
      0
      I wasnt accusing you of thinking that, think you missunderstood me a bit. ^^
      My point was that Blizzard must have some other technique finding AH flooders, something automatic that gets you flagged. I want to know where this "flag-point" is just like many other people (I guess). And you seem to know some stuff so I thought that maybe you knew this aswell.

      You told me that users notice when you flood and thats correct, but just like when you bot and someone report you, a GM doesnt have time to check it out. I think you need many reports actually get caught.

      Sorry if this is a bit OT but its very interesting to discuss :)
       
    6. eddie4

      eddie4 New Member

      Joined:
      Sep 16, 2010
      Messages:
      296
      Likes Received:
      8
      Trophy Points:
      0
      I think Blizzard doesn't check the AH at all. It is way more difficult to check. Sins it could also have been a user saving up for lets say darkmoon trinket he gets a drop that is better and dumps all the herbs he saved on the AH. That and if they really did have an automated system against AH flooding then we would have heard about it.


      It's good to discuss it helps the community and the guide be more accurate and complete
       
    7. Lawa

      Lawa New Member

      Joined:
      Jan 24, 2010
      Messages:
      85
      Likes Received:
      0
      Trophy Points:
      0
      You got a point there and I hope you are correct.
      Im botting on a full server so herbs and ores sell almost instant. Very hard for people who gets mad because I undercut them to report me. And why would a buyer report me? He should be happy that I supply him.

      summary:
      -Flooding AH
      -Sell fast (no player reports)
      -1 year without a ban

      With these facts I think you are right. I dont know why I thought anything else. Paranoia? :p
       

    Share This Page