• Visit Rebornbuddy
  • Visit Panda Profiles
  • Visit LLamamMagic
  • 32-bit Detection Method and possible Anti-Way

    Discussion in 'Discussions (no Ban Reports here)' started by redhand, May 15, 2015.

    Thread Status:
    Not open for further replies.
    1. lolp1

      lolp1 New Member

      Joined:
      Feb 18, 2012
      Messages:
      42
      Likes Received:
      1
      Trophy Points:
      0
      FAIR WARNING: I'm not an expert or even good at this kind of info I'm going to mention. It's just what I've heard and my experience and piecing together a guessing game based off that. Grain of salt.

      Most people saying they were banned and never use it are likely not all truthful, but I can confirm that the bans happened to non-honor buddy users who use the same method they did for lua stuff, or at least I assume that is why I got banned on some accounts I did not use HB on. At first glance, it seems that some kind of trace on a call stack from a lua related function caught it.

      I'm just not fully confident in that though because while I was banned as well on private software with no HB use at all on those accounts, I also have zero protection in the 'software' to protect my self from checks on the call stacks, solutions exist in a few different ways and I assume honorbuddy had already added protection for this when they noticed the hook added to a client a few months ago and analyzed it.

      I'd say right now it is more likely their protection was just simply not enough to avoid detection or added another way to detect it as a side effect of the fix. It would work sort of like this if it is the case, though:

      1. Login > Receive detection packets > Detection hook on _lua_load starts > detection packer handler loaded
      2. User loads HB or program using the same code to execute lua stuff or close code.
      3. The hook on _lua_load catches it by checking the call stack for anything calling this outside of WoW directly.
      4. Blizzard sees the call coming from the stack to _lua_load now, flags you for a ban, ba
       
      Frayman likes this.
    2. roboto

      roboto Well-Known Member Buddy Store Developer

      Joined:
      May 25, 2013
      Messages:
      1,937
      Likes Received:
      50
      Trophy Points:
      48
      redhand, i dunno if this has been created by youself or you're just quoting oc,
      thanks for sharing regardless
       
    3. <Weischbier>

      <Weischbier> Member Buddy Store Developer

      Joined:
      Jan 18, 2013
      Messages:
      562
      Likes Received:
      16
      Trophy Points:
      18
      Thanks, haven't seen that yet!

      @Keanu: shut up...
       
      Frayman likes this.
    4. hackersrage

      hackersrage Member Buddy Store Developer

      Joined:
      Nov 18, 2012
      Messages:
      342
      Likes Received:
      15
      Trophy Points:
      18
      You do realize that ownedcore thread is quite dated right, and does not pertain to this issue.
       
    5. lolp1

      lolp1 New Member

      Joined:
      Feb 18, 2012
      Messages:
      42
      Likes Received:
      1
      Trophy Points:
      0
      This is actually miss-leading. It is very directly related at the very least to recent bans - that I do know.
       
    6. redhand

      redhand New Member

      Joined:
      May 15, 2015
      Messages:
      12
      Likes Received:
      1
      Trophy Points:
      0
      I am not full copy info from ownedcore, just ref the topic. And I add my analyzing and opinion.
       
    7. redhand

      redhand New Member

      Joined:
      May 15, 2015
      Messages:
      12
      Likes Received:
      1
      Trophy Points:
      0
      People got banned, they need to known the actual reason, right?

      Blizz always have multi dectection method to avoid spam, usualy:
      1、Server Data Analyzing - They save all account's behavior data, and maintain a behavior pattern feature library. If your account behavior 1 or more match the spam behavior pattern, you got XX% banned, not all. By this way, you got an email said "Data Exception" and somthing like that.

      2、Client Behavior Dectection - They have at least 3 type of dectetion methods:
      A) Scan.dll - Auto Updated/Loaded after game launch/Scan other processes/The earliest dectection way
      B) Warden Model - Like a back door/Auto Updated/Server side code/Load into game memory dynamic after login/Self proctected/Packet drive to scan memory/lua/stack and more
      C) Special Method - Pre build in game exe/Not Auto Updated/Packet drive to change original code like hook/Base on stack and API check
      If your bot trigger the detection, you got YY% banned, not all. By this way, you got an email said "Software Spam" and somthing like that.

      3、Network Detection - They analyzing single IP's repetitive network packets, if your run muti account and do same thing, you got caught and possible got kicked or warning

      4、Manual Report - GM manual to check the behavior who were reported by other player, usualy you got an email said "Hinder..Ban for 3 days" and somthing like that.

      Here is my poem for all botters:
      -------------------------------------------
      Survival and Balance

      You pay Blizz, you pay Bot, Pay and pay.
      Gamer play game, you play them, Play and play.
      You farm mobs, Blizz farm you, Farm and farm.
      Blizz updated, Bot updated, Round and round.

      Let it be, Let it be...
      Let it go, Let it go...
       
      Last edited: May 15, 2015
    8. redhand

      redhand New Member

      Joined:
      May 15, 2015
      Messages:
      12
      Likes Received:
      1
      Trophy Points:
      0
      Early build, it does check no far enouth, so Bosland and other bot ignored this. But currrent build it is effective.
       
    9. chinajade

      chinajade Well-Known Member Moderator Buddy Core Dev

      Joined:
      Jul 20, 2010
      Messages:
      17,540
      Likes Received:
      172
      Trophy Points:
      63
      Thread closed—the thread is absolutely full of misguided speculation.

      The technique cited is two years old. And two years ago, the original post describing it was available on another website to be read by all. My GOSH, PLEASE apply some common sense before posting!

      Please do not open another thread on this topic.

      cj
       
      Last edited: May 15, 2015
    Thread Status:
    Not open for further replies.

    Share This Page