Server-Side LCP Detection (2) Solution

Here is the latest and probably the last update from me guys, I have testing a lot of different ideas to avoid being detected and 1 thing I realized is that even with all those precosions <-- (sry for bad english) it's still unprofitable to bot like that, sure prices did jump like crazy but even with that I can hardly make even 5k daily on bot and that's almoust only enough to supply my monthly prepaid cards.... botting is over for me since I can't even earn anything, it's not safe even with everything we tried, I can make more then that just by selling stuff on AH and above all else there is no effort from dev side....I am not counting that 1 response that was made 3 weeks ago and didn't accomplish anything... my prepaid is soon over on my farming acc and I will probably turn him on around a week before it's over and bot like crazy just to get sth out of it....

Was nice knowing you all but this is it for me ^^ take care

 

bye bye

 

Take care Favor98. I've always enjoyed your posts. I think you're making the right choice. Good luck with life.

I too am done with this HB silliness due to the devs ignoring all the obvious bans going on and their lack of response.

Kavlantis, remember all the bans you've had and try to avoid the fanboy train if you can. Stay humble 'n remember the quality of service you've received here regarding your many dev requests. Good luck with your hobby.

 

Good luck with your business, Phelon. Thanks for the free plugins.

 

I dunno I think im more prone to lean towards option 1. option 2 seems like it would be asking for a lot of getting stuck or running into stuff, not to mention, how would option 1 be any less efficient than option 2? likely more efficient tbh...

 

Altering the X/Y or Z by +-5 has no significant impact. The system is not looking for 'exact' coordinate matches. The system's algorithm develops a simplified path that resembles the original path within certain tolerance levels. If you go +-5 from a certain coordinate, after traveling this route for 20 times, blizz will have all the information they need to develop a path with the line simplification algorithm, providing your path AND a certain tolerance level.

'Oh but humans travel the same path all the time'

Page22 of the paper..."To obtain human test data, we instigated a LAN party for an evening (four hours) and had seven people play the game on it, with three more joining over the Internet. The probands ranged from regular WoW players to beginners who had never played the game before. During the test gaming session, we told the players to concentrate on farming so that their gaming style was more likely to resemble that of bots.

The result was 'Path Segments Passed' and 'Longest Common Prefix' both measurably higher on Bots than on people attempting to perform like bots. Small data set, sure. But nonetheless very indicative results. Point is, bots that follow waypoints, no matter how random, will always generate more dots around those waypoints than will human players. Always...

Your coords are always based on x/y/z. Although the line simplification algorithm could be directed to only analyze x/y, it would be foolish to assume that only x/y would be analyzed, when x/y/z would result in a more reliable indicator of bot activity.

 

Hello,

I've read this paper and I find it somewhat flawed. Don't get me wrong, I really appreciate the effort of the community posting this here for the users and devs and it was a good read with well described methods but tbh this is just a (pretty short) paper by some students and I wouldn't be to scared.

This already starts with an odd statement for a paper at this level of education. They're trying to proof their mechanic and why other mechanics are flawed, yet they have no idea what anti-bot processes are already in place or how effective they have been in the past and how effective they are now. Further more in the whole paper, there's no reverse engineering of "Warden" or ANY of the used bots. The thing that sets me off the most though, there's NOT A SINGLE section in their paper about how their method, which consists of tracking INDIVIDUAL players combined with complex detection algorithms, is viable in live environments with (ten)thousends of players logged in simultaneously other then a statement that it works on large live enviroments. Keep in mind that coding is not about only about creating things, but also about doing it in a viable and efficient manner.

I don't know how old this paper is, but I guess the ban reports section already proves that these trivial methods used to prevent detection don't mean shit since people get banned anyway.

Another thing to note is, how will this LCP affect players that for example use approved addons like Gathermate combined with Routes which draws out a visual route on the users map to farm nodes.

Last I wanna say to the users that, although I'm also just a simple HB user too and the paper was appreciated and very fun to read, the real experts on anti-decection tools are not these students with very limited testing mechanics and research, but probably the Honorbuddy programming team.

 

I've noticed that some people said there is NO hotspot randomization in HB - I am talking about simple hotspot shuffle, not the more advanced solutions discussed in this thread.
I just started learning how to write HB profiles a while ago and I noticed that there actually is a Hotspot Randomization switch that you can put in your profile like so:

Code:

   <GrindArea>
       <TargetMinLevel>1</TargetMinLevel>
       <TargetMaxLevel>90</TargetMaxLevel>
       <Factions>23</Factions>
       <MaxDistance>30</MaxDistance>
       [COLOR="#FF0000"]<RandomizeHotspots>True</RandomizeHotspots>[/COLOR]	
       <Hotspots>
	<Hotspot X="-xxx.xxx" Y="xxx.xxx" Z="-xxx.xxx" />
	<Hotspot X="-xxx.xxx" Y="xxx.xxx" Z="-xxx.xxx" />
	<Hotspot X="-xxx.xxx" Y="xxx.xxx" Z="-xxx.xxx" />
       </Hotspots>
   </GrindArea>

And it works ok. It actually shuffles the waypoints of my skinning grind profile. I don't know yet if it works for GB.
I am well aware that this randomization would also be detected in time by an LCP detection system, but I'm thinking that it buys you enough time to change your profile (redo the hotspots) every 1-2 days and thus try to stay under the radar until a better solution comes along.

Now I may be retarded and not know it, so if someone better qualified would comment on this... that would be great!

 

Good feedback... but isn't this an irrational statement considering the amount of ban's we've experienced. If HB dev team is the "real experts on anti-detection" then why is it that people are getting banned at all? I've no doubt that HB is not detectable by warden, I have full confidence in the HB team to circumvent that process, but considering LCP and the HOP method I've posted, no bot on the market can reliably evade those detection methods.

I don't believe that the Blizzard Anti-Cheat team uses any one detection method exclusively, but when you spend over $1million per year on Cheat/Bot Detection (as they've claimed in the lawsuit with Glider in 2008/2009) I think the community and Dev's should be aware of any detection system that poses a potential threat. Maybe the Dev's are, maybe they're not, they haven't told us what they know, and what steps they're taking, if any.

Regarding the ability for LCP and HOP to process player data on live servers, as stated in the paper on page 23, 'it takes WoWalyzer less than two seconds to process four hours of gaming time on a single-core, 1.6-GHz Pentium-M'. That a little under three hours of process time for 5,000 characters with four hours of play per character. The HOP method, which in my opinion is even more reliable and quicker than LCP, states that 'a single processor core is capable of processing tens of thousands of users simultaneously in real-time'. Both seem like legitimate threats to the use of a bot.

Point is, Warden can be/has been circumvented by botters, plus it has potential for privacy issues with varying privacy laws around the world. LCP and HOP systems use legally obtained server-side data, no privacy issue, with reliable detection. The choice seems simple to me.

 

In regards to the method discussed in this thread (LCP detection) this will give you a significantly lower Longest Common Prefix, as LCP only detects the number of waypoints passed in sequence once your common waypoints are established by the system. However, I'd make sure your profile is as large as possible, i.e. 3 hotspots probably won't be enough, but i'm sure you used that as just an example.

However, the methods discussed will be able to detect you using 'Path Segments Passed' since your profile will take you to the same waypoints over and over. This method is less reliable, and has potential to flag humans. No one can say with certainty at what level or which method, if any, Blizz uses to flag characters.

So yes, this can substantially lower your LCP, but still keeps you up there with the botters on 'Path Segments Passed'.

 

This looks like a sollution for now:
http://www.thebuddyforum.com/honorbuddy-forum/120675-gb2-random-profile-generator-free-4.html

This dude has a website that creates randomly generated GB2 profiles for panda only (atm).
I tried it. No scam, it's the real thing.
Shure, you get less nodes/h but, hey, it beats being banned! You just generate a couple of profiles use them with a profile changer plugin (one every hour or so), and when your done generate some more.
Let me know what you think of this.

 

@ SKing - I downloaded a few randomly generated XML files of Jade forest with max hotspots, and could find no similar coords/Hotspots in any of the five profiles that were generated. Appears legit!

@ Roboto - Are the hotspots developed by your program truly random? As long as there not some derivation (say +-10) of pre established x/y/z, then yes, this will circumvent LCP and Path Segments Passed. This probably drops the nodes/hr down to a more human like number, and so long as your botting a reasonable number of hours (i.e. not 24/7) then your making your bot look more human, and evading further detection.

These profiles also appear to have full mailbox/vendor/blackspots as well, nice work Roboto! Personally, I'd do exactly what SKing said, go max hotspot, see how long it took to complete a farm cycle, then set the profile changer to change profiles based on that length of time. Here's a Profile Changer Plugin for those that need it.

Lastly, this DOES NOT circumvent HOP detection which I've described In Another Thread. This method measures keystoke duration, mouse movement/click speed, ect, to detect bots (obviously quicker) apart from humans (obviously slower and more variation). Again, no one really knows what level of detection Blizz uses. HOP evasion will have to come in the form of Bot Base changes i'm guessing, since no addon can really add variation to keystroke duration and mouse movement/click speed.

Defiantly a step in the right direction!

 

Well in my opinion, II think this HOP detection method you speak about is a far lesser threat than LCP. Because, first of all, one can counter it by doing lots of stuff in game by hand and thus if a detection software is watching it will generate an average of your actions and between the boted actions and the human actions it will probably come up with an inconclusive result.
Adding to this the fact that a lot of human players have lightning-fast reactions to in-game events, it would probably generate a lot of false positives. I remember back in the day, there were people playing Quake or Quake3 or other action FPS games... and they were REALLY FAST; i mean you could actually mistake them for bots. If you play a game long enough you get used to the combos and rotations and all the stuff, and after a few years you're like a machine. So IMO this HOP detection method would likely strike and ban blizz's top players along with it's top botters )).
Of course, one would say that there still would be a difference between a human reaction time and a bot one. But it's so small, it would be considered an error margin, for a really experienced player. I speak from experience, because I used to play Q3 and other stuff - and I wasn't particularly great at it, just decent; I could still beat the game bot on the highest difficulty without problem. The said difficulty meant that the bot could turn it's viewpoint instantly and knew at all times every human player's position and status among other things.
My point is that a human player can definitely be a close match for a bot speed of reaction. So I'd like to see what happens when the top wow players with whom Blizz is boasting all the time get banned with all us lowly boters that supply the said top players with in-game cash

 

And btw, a lot of thanks to Roboto for sharing his randomizing tech. I know that the policy among boters is to keep their secrets safe, and thus keep the competition at bay so I can appreciate that it's a really great thing this guy did.

 

This really depends on the window of analysis. The HOP paper identifies that they can conclusively detect bot vs. human in less than 40 seconds with 99.8% accuracy. This is a very small window, and the smaller the analysis window (but greater than 40 seconds) the less chance of mixing human interaction with bot interaction. Even if they increased the window to 5 minutes to ensure ample data collection, the chances that botters interact with their bots every 5 minutes to through off the data is unlikely.

And again, HOP runs real time, with minimal system requirements. 'A server with 5000 users would generate approximately 1.38 hours of trace per second' while...'the analyzer can process approximately 296 hours of traces per second using a single CPU.' So a 5 minute window wouldn't be unreasonable.

It is likely that experienced raiders have quicker reaction times while raiding, its doubtful that they carry those reaction times into the farming environment. Speed Clicking nodes and keypressing as fast as they can while farming is probably an obvious giveaway. IMO even mad-skilled players can consistently match a bot with all these metrics (Keystroke/click duration, Point, Pause, Point-and-Click, Drag-and-Drop).

Even so, I'd speculate that the system only initiates GM investigation, and does not auto ban, thereby letting the GM make a conclusion based on human observation along side the HOP system, thereby allowing a pass humans such as these top players with such mad skills.

Here's a question for someone that knows the inner workings of HB. Does HB move the mouse? It obviously clicks to move, which could be considered a mouse movement right? So if my mouse is say, mousing over an action bar, and my keystrokes/mouse location is being logged, for the mouse to be mousing over my action bar (or anywhere else for that matter) and then suddenly click a space in the screen to move, then immediately be back at the original location, wouldn't my mouse movement velocity be off the charts? and my click duration be consistently lower than human?

 

Well that sounds kind of bad , and you obviously know more about this than me so I believe your word, but I seem to remember a lot of discussion on this forum about CTM type movement that seems to relate to what you are saying. The HB devs keep stating - whenever anyone starts to rant about how the bot's CTM movement allegedly triggers detection - that the blizz wow server DOESN'T receive info about your movement style. It only receives a vector and a speed. So unless this has changed I don't think blizz gets any info about how fast and how precise a player is inputing his commands. If they did, and according to your theory, we would probably see a lot more bans than we are seeing atm. So I believe that right now the new hot thing in bot detection at blizz is probably LCP detection. This is also corroborated by the fact that after the profile randomization site I talked about earlier came to light, a few of the boters came out and said on that thread that they already knew about and were using that type of randomization, and that is how they got through the april bans. They, of course, kept it quiet so that the competition would thin out and gold price rise. Witch is exactly what happened. Just some more facts in favour of the LCP theory..

As to my saying that blizz will ban top raiders, I was only being ironic. Of course they wouldn't ban their top stars... my point was that the HOP detection would flag a lot of false positives. Witch would generate a lot of drama and bad juju for blizz .

 

I think roboto just found a way to get past blizzard detection aslong as you switch profiles often.

However the more random the less efficient these profiles become indeed and that is .

 

Because your never actually going to the same coordinate when you do it by hand but a bot does several times.

 

HTTP Status 500 - Filter execution threw an exception

type Exception report

message Filter execution threw an exception

description The server encountered an internal error that prevented it from fulfilling this request.

exception

javax.servlet.ServletException: Filter execution threw an exception
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
root cause

java.lang.NoClassDefFoundError: org/springframework/security/web/util/UrlUtils
org.springframework.security.web.FilterInvocation.getRequestUrl(FilterInvocation.java:89)
org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource.getAttributes(DefaultFilterInvocationSecurityMetadataSource.java:141)
org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:95)
org.springframework.web.filter.DelegatingFilter*****.invokeDelegate(DelegatingFilter*****.java:237)
org.springframework.web.filter.DelegatingFilter*****.doFilter(DelegatingFilter*****.java:167)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
note The full stack trace of the root cause is available in the Apache Tomcat/7.0.34 logs.

Apache Tomcat/7.0.34 this is some log to trake how that know it a bot

 

Agreed!
I'm using his profiles since it came up last week, 've been stuck 3 times on 8 chars so far
i also recognized that he'd added another option to make the profiles even more random (dont know how it works tho)
i'm currently changing profile every hour along with a 10 minute break - works great on 16/7

thank you again for making your work publich i think it must have been quite hard to develop such a good working system <3

ah btw - to make it short for new people: this is the url we're talking about:
//edithed cause i dont share a link xD

u might check out
buddy rnd [dot] yzi [dot] me

there you go, no link just text xD