• Visit Rebornbuddy
  • Visit Panda Profiles
  • Visit LLamamMagic
  • blizzard wins, admit defeat.

    Discussion in 'Discussions (no Ban Reports here)' started by virtual, May 20, 2016.

    1. ozzy1133

      ozzy1133 Member

      Joined:
      Apr 12, 2015
      Messages:
      91
      Likes Received:
      1
      Trophy Points:
      8
      I was botting 24/7 and had 3 accounts banned yesterday permanently. lol. It seems these days you have to get as much gold as possible before they perma ban you.
       
    2. standza

      standza Member

      Joined:
      Mar 16, 2012
      Messages:
      885
      Likes Received:
      4
      Trophy Points:
      18
      Well I just got banned for 5 man leveling at 65 lvl. Also perma ban. I am not sure should I appeal.
       
    3. anubite

      anubite Banned

      Joined:
      Jul 12, 2015
      Messages:
      454
      Likes Received:
      6
      Trophy Points:
      0
      don't even waste your time on 5man teams when they are caught you got no chance of getting them unbanned.
       
    4. Owneth

      Owneth Member

      Joined:
      Jan 15, 2010
      Messages:
      723
      Likes Received:
      5
      Trophy Points:
      18
      /\ This. /\

      And tripwire cannot detect Blizzard Scanning the Software Driven Memory Mouse have you... that is created by HB either. But shhhhh that's a secret!!! It's "Protected". Bull$hit!!!

      That is the #1 reason I believe and the Software Driven Memory Keyboard "device" have you... that Blizzard is seeing. Because no one thinks to look deeply and I am sure I will get some response about how I don't know anything and I am not a DEV or Admin so how could I possibly know that...

      Well... If I can detect it with some simple software that sees a keylogger device ... only when HB is ran... I am pretty certain the same thing can be detected by "Warden"...

      Not to mention you click 10,000+ times with Click to move in a single session? Wouldn't that be detectable? YES IT FREAKING WOULD!!!

      Along with "key presses" via "memory"...

      No one needs to be a developer or genius to see the obvious.

      Your software needs some serious changes.
       
    5. raphus

      raphus Administrator Staff Member Moderator Buddy Core Dev

      Joined:
      Jun 17, 2010
      Messages:
      2,094
      Likes Received:
      492
      Trophy Points:
      83
      Please stop making assumptions. I wonder have you ever investigated or had the ability to check what happens when you Click to Move.

      CTM is completely client side. What happens when you do a click to move is a series of Movement packets being sent to the server from your client. Here is a bit more detail for you:

      Click To Move on a point right in front of the toon: Movement start packet with Forward movement flag is sent to the server. Toon reaches the point and Movement stop packet is sent to the server. This is the exact same packets being sent when you hold W key and release it.

      Click To Move on a point where the toon is not facing: SetFacing packet is sent to the server with the rotation information which is followed by the same packets above. This is also exact same when you turn your toon by holding right mouse button.

      All in all, stop speculating, start talking with facts.
       
    6. Owneth

      Owneth Member

      Joined:
      Jan 15, 2010
      Messages:
      723
      Likes Received:
      5
      Trophy Points:
      18
      Fact is you did exactly what I expected. Downplayed what I said in other wording pretty much affirming what I said in a developers words. :)
       
    7. bossland

      bossland Administrator

      Joined:
      Jan 15, 2010
      Messages:
      14,883
      Likes Received:
      259
      Trophy Points:
      146
      I am not a developer and i am not an admin, but i certainly understood what raphus said. I did not get one thing you said.

      Correct me if i am wrong:

      You said, Blizzard simply has to plug-in an usb device with a keylogger software to see if keylogging is used? Its very easy and 100 % detection.

      I then ask, why do they not do it day after day, that would have drained us out of life in 2 weeks. I do not get it. They pay over 2 million in guarantees and lawyer costs, can not find our users for couple of years, if it was that simple.

      Raphus said, it does not matter if you use click to move, your head, your finger or a lego made robot that presses the keys, what the wow server gets, is exactly the same response.

      That one i perfectly get.
       
    8. laurenkx

      laurenkx New Member

      Joined:
      Mar 6, 2013
      Messages:
      12
      Likes Received:
      0
      Trophy Points:
      0
      That is funny considering what Bossland said in another topic.
       
    9. Hirocho

      Hirocho Member

      Joined:
      Sep 24, 2015
      Messages:
      44
      Likes Received:
      0
      Trophy Points:
      6
      I am not a honorbuddy user, I was thinking to buy a license. I am DB user. However there seems to be a lot of bans in the banwave section.

      Whether its safe or not, I can't comment. Nevertheless it seems they are active with banwaves as they were not in Diablo for a long time.
       
    10. supasitario

      supasitario Member

      Joined:
      Mar 19, 2014
      Messages:
      70
      Likes Received:
      0
      Trophy Points:
      6
      glad to see someone of bossland. I mean, that shows true interest from you to us (clients, friends, supporters and trolls)

      Bossland just if you could tell some depvs to ban some issues around the ports to block and kill some process determination
      what makes HB "not safe". I guess you already check some ways people gets the Banny hammer
      i mean, It dosent make it 100% safe but a 99% its always as good as 100% right?

      the blocks of memory Blizz is scanning cant be shown by doing that and that will prevent people to get banned a lot.

      Just that and btw GOOD WORK with new bots and hope to find more about buddies in Legion

      edit. Everyone have a nice day
       
      Last edited: Jun 5, 2016
    11. Exite

      Exite New Member

      Joined:
      Nov 17, 2014
      Messages:
      220
      Likes Received:
      0
      Trophy Points:
      0
      Wow that's the worst writen post I'v ever seen..
       
    12. udpn

      udpn New Member

      Joined:
      Oct 21, 2012
      Messages:
      4
      Likes Received:
      1
      Trophy Points:
      0
      I've read though this thread, and I'm quite lost 'cause nobody links the topics they're citing. "Bossland said this", "Bossland said that", yet I'm lost searching that thread on a forum.

      HB could've been fully moved from user-space to kernel-space (or even into a virtualization host), and there would be no single way Blizzard could challenge it. WoW would run in an environment that has lower rights than HB, and could do nothing to detect an existence of HB. Also there would be no single way to add a service to WoW that would run in the same environment and detect HB, because it would certainly create serious problems for their end-users when it malfunctions (otherwise they'd use such services for DRM in their games). Yet HB can handle running such unsafe code, because users can always play the game without HB, and because they always know what they do.

      If I remember it right, HB uses C# for scripting, and there's no way C# could be run in kernel-space. Lua wouldn't be easy to setup, but it could work. Anyway, technical issues are always solvable by some amount of read manuals, smoked cigarettes and consumed coffee.

      I can understand why devs didn't go this way yet. It's an enormous amount of work, anyway. But since Blizz got rampant on destroying HB, no other approach than total kernel-level paranoia can be trusted. If Bossland won't start using something similar in their Legion release, I would have started thinking they don't care anymore as they know their product is approaching its "end of life".
       
      JGreen likes this.
    13. Endus

      Endus Community Developer

      Joined:
      Jul 9, 2012
      Messages:
      458
      Likes Received:
      6
      Trophy Points:
      18
      The problem with that is the Buddy team depends on community developers for the majority of functionality for a lot of their bots. If they change their language they're going to lose most of the community support and the bots will become barebones. Also, I know little about the kernel, but I'm not sure there's a way to read/manipulate WoW's memory/packets without Warden knowing the source of the read/manipulation, even if it's kernel level.

      The only real way I can think of would be to block the reporting process before it sends the signal back to Warden to flag you (which I assume was the function of "trip-wire"). In games like BDO it's as simple as locking down the rights to some log files and blocking a specific file's outbound connectivity (firewall) but obviously it's much more advanced with WoW.

      The main problem here is Blizzard. Most other companies don't take anti-cheat so seriously. Just look at Overwatch. Most of the well-known FPS cheat websites won't touch it (while they all have aimbots and the likes for all the other popular FPS games). The Buddy team has their work cut out for them.
       
      Last edited: Jun 5, 2016
    14. UnderratedPost

      UnderratedPost Member

      Joined:
      Dec 18, 2015
      Messages:
      363
      Likes Received:
      6
      Trophy Points:
      18
      i really dont like the sound of that. being able to use third party plugins is one of the biggest features of HB that no other bot can compete with.
       
    15. udpn

      udpn New Member

      Joined:
      Oct 21, 2012
      Messages:
      4
      Likes Received:
      1
      Trophy Points:
      0
      I'm unsure how exactly do they check the state of WoW memory, but I'd expect some well-known solutions like having several places where a certain variable is stored in different formats and memory getting constantly hashed at random moments of game loop to check for modifications. Warden hashes some part of another user-space programs' RAM. Running something in kernel-mode may not even spawn a process. It's just there, and it runs. Getting access to kernel-space RAM from a user-space program is forbidden anyway, it's usually just sending messages to drivers via DeviceIoControl. So they'd have to run something in kernel-mode and scan the whole kernel memory, having a chance to read some device-mapped memory and killing the whole system.

      For a virtualization solution there's just no way to know what's going on outside. It's just the same as asking what's outside of our universe. If it doesn't want to show its traces inside, we have no way to know about it.

      I've just come up with another unbreakable solution: having it done in hardware. HB runs on a computer A, WoW runs at computer B, and some piece of cheap hardware connected to computer A via USB and to computer B via another USB gets commands from computer A and emulates USB HID mouse and keyboard. In reverse direction it either reads from a virtual screen or directly from memory via something like a JTAG interface (there're lots of solutions for hardware direct memory access, and I can't tell which are the most viable 'cause I never tried them). The best think Blizz could do is to hijack a webcam to look on your PC.

      Packet manipulation is a no-go, because Blizz can change the whole protocol on a weekly basis, just by adding a simple (week or two worth of work for a couple of devs) build step to their software, and I'm pretty surprised they didn't yet.

      I came to this thread as it became clear to me from their efficiency that Blizz almost certainly started using some machine learning technology to find bots and I've thought to have a good battle with it. HB was always best at circumventing things that are not related to this detection measures, so I'm hoping Bossland will handle this issue somehow.

      Edit. Look, a person that advocates the same and only correct solution is on a first page of official discussion of the recent banwave.

      Edit 2. Actually, it's been known since 2005: http://www.theregister.co.uk/2005/11/04/secfocus_wow_bot/.
       
      Last edited: Jun 5, 2016
    16. udpn

      udpn New Member

      Joined:
      Oct 21, 2012
      Messages:
      4
      Likes Received:
      1
      Trophy Points:
      0
      Oh, don't take it serious. MS is open-sourcing C# compiler as Roslyn and there is also Mono. C# scripts can be run in a VirtualBox, and a kernel-space driver can talk to them via a TCP (or even HTTPS) channel. Actually there are solutions that leave C# intact. I meant that something like Lua would be much easier to use, as it's developed as a standalone scripting language interpreter.
       
    17. JGreen

      JGreen Member

      Joined:
      Nov 4, 2015
      Messages:
      106
      Likes Received:
      0
      Trophy Points:
      16
      Interesting proposal/solution, however if I'm not mistaken HB send the controls via injection through memory (RAM), not via keyboard and mouse control. For this solution to work HB needs to be modified - how extensive is the modification work? Only Dev can answer that but the proposed solution seems legit to me.

      Cheers..
      JG
       
    18. udpn

      udpn New Member

      Joined:
      Oct 21, 2012
      Messages:
      4
      Likes Received:
      1
      Trophy Points:
      0
      Every proper solution requires extensive modification of HB, and if that was easy, Bossland would do it long ago. Current solution with RAM modification is plain wrong, as we may see from several banwaves.
       
    19. biGGer

      biGGer Member

      Joined:
      Jan 26, 2014
      Messages:
      76
      Likes Received:
      2
      Trophy Points:
      8
      You do not earn enough to buy them nor have the privilege to even get a quote.
       
    20. eravex

      eravex Member

      Joined:
      Mar 5, 2013
      Messages:
      79
      Likes Received:
      2
      Trophy Points:
      8

      They have spent an insane amount of cash on the legal battle with Bossland. If they had the ability to detect the bot early on, before Bossland had the money to fight back, or before HB even gained enough popularity to be more of a threat to blizzard, then they would have. They have managed to kill other botting programs cold in their tracks. There is no logical reason why Blizzard would have waited nearly half a decade or so to start really *****ing down. They are doing it now because they can. Because its doable, and also its good at padding numbers. Any suspended account is still considered a subscriber, and if even 10% of the players banned buy new accounts then blizzard benefits. They could have done the same thing years ago, had they been able to detect Hb as easy.

      Now on to the Topic of this post. No HB has never been safe. And there has always been a warning. But HB has used Tripwire as a selling point for a while. Claiming that although botting isn't safe that they could provide some protection against server side attempts. Although, Blizzard nor Bossland will disclose how Hb is begin caught. You can google and see a lot of information about plausible options. All that aside. Is HB as safe as it was Before May 2015? NO! its apparent it isn't. And you can argue blizzard "could always detect it" not really a valid argument because they never did. its a simple question. Before the past years mass waves. You were nearly 100% safe to attach HB if you did not hit start on the bot at all. Because most all bans were a product of interaction in the World of Warcraft, Now the program it self is being detected which means one who hasn't even used it but just had it attached, loaded, and running is at a fair risk of being banned. That simple fact makes it not as safe as always. Do I think that the risk of blizzard detecting HB has always been there? SURE! However, until it happens its a plausible risk and not an actual guaranteed event. Now if you bot even as safely as possible or only hang in your garrison, if you are on HB with any regularity that account will catch a ban.

      Unless a whole new method of detection prevention is established then HB will continue to get banned a few times a year. Just accept it and move on. NEVER BOT ON YOUR MAIN, that's always been a rule. Yeah, the risk is higher now and I'll lose accounts a few times a year pretty much guaranteed, but they are cheap and its still worth it to me. At least at the moment.

      The future is coming though. Blizzard detection is getting better everyday, and Blizzard can afford the best, I've said it before and ill say it again. Deep learning machines in time could easily identify real players from bots with little effort. Sure, there will be a few false positives here or there, at first. A human employee might have to look over flagged accounts. But, that's the thing about deep learning algorithms they only get better the more they run and learn from their mistakes. They can easily pick up on the behaviors, as well as maximum response times and reflexes of the a few million real players and then ban anyone that deviates beyond a range of that. We know Blizzard can Identify the bot, who's to say they didn't target a few 1000 known botters and have the computer watch them making note of key differences that it can identify between the known botters and the human players. Not saying they did but it is well within the realm of possibility and technology to do so.

      Botting in wow as it is done now has always had a limited life span. Sure its a bit more risky now. But there may well come a day when every bots banned immediately, or where its detected even while trying to attach. GOOD news is that days not today. And probably not tomorrow either. So no question its not as safe as it was a few years ago, but also its never been totally safe anyways. Either accept the risk, or don't. The choice has always been yours. Sure Bossland shouldn't say its as safe as ever. But also YOU SHOULDN'T BOT ON ANYTHING YOU'RE NOT WILLING TO LOSE.
       

    Share This Page