Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Hypothesis on bot detection


Recommended Posts

after researching for hours and getting banned a few times on the same topic i've came to the conclusion that Jagex has a "black list" in which they pay closer attention to your data.

 

there are several ways to get into this "black list".

 

main one is to be reported by other players or botters.

 

and second one is to use a really shitty/bugged script.

 

once you are within this black list your data will get processed with much more intensity than being outside of it. which will lead to a hand-made ban by a Jagex mod or auto-ban in the case of using a really shitty/bugged script.

 

what this means is that Tribot ABCL and ABC2 or any anti-ban measure is useful to fool the auto-ban system but it would never fool a Jagex mod when he goes over your data after entering the "black list".

 

so, it seems as if time/breaks/quests/manual gameplay in-between botting doesn't make the difference when you are already within this "black list", the only thing that makes the difference is stop botting for a while (weeks/months?) until the auto-flag or "black list" system takes you out from their intensive-data-heuristic research to become a nobody again, until you get flagged again by the system (using shitty/bugged scripts or getting several reports from players and competitive botters).

  • Like 1
  • thonking 2
Link to post
Share on other sites
55 minutes ago, DaAlmyte said:

Excuse me it is 2020 and we have abandoned the terms "black list" and "white list" also you are speaking common sense

who is "we"?

 

maybe it sounds like common sense because common sense is the less common now days.

 

is 2020 and people are still coming out with theories about "breaks", "doing quests", "doing stuff manually" and "botting less than X amount of time", even TrileZ created a VIP-E to sell "looking glass" while non of these things actually have been tested or seem to make a difference when it comes to bans (people still get banned for botting with LG and ABC2 10/10)

 

black lists are actually a thing. white lists are not, because jagex doesn't give a shit about most players unless they are getting reported/or their basic anti-bot software detects botting patterns after 10 hours of a bot being stucked behind a door clicking at the grass.

 

non-common sense looks like superstition.

 

we might be better lighting a candle to avoid getting banned.

Edited by realidadk2
  • thonking 2
Link to post
Share on other sites
1 hour ago, realidadk2 said:

who is "we"?

 

maybe it sounds like common sense because common sense is the less common now days.

 

is 2020 and people are still coming out with theories about "breaks", "doing quests", "doing stuff manually" and "botting less than X amount of time", even TrileZ created a VIP-E to sell "looking glass" while non of these things actually have been tested or seem to make a difference when it comes to bans (people still get banned for botting with LG and ABC2 10/10)

 

black lists are actually a thing. white lists are not, because jagex doesn't give a shit about most players unless they are getting reported/or their basic anti-bot software detects botting patterns after 10 hours of a bot being stucked behind a door clicking at the grass.

 

non-common sense looks like superstition.

 

we might be better lighting a candle to avoid getting banned.

We is every one besides you. We have abandoned the term because #BlackLivesMatter get with the times man get some air go outside

Link to post
Share on other sites
17 minutes ago, DaAlmyte said:

We is every one besides you. We have abandoned the term because #BlackLivesMatter get with the times man get some air go outside

No it isn't everyone except him/her.  The terms etymology does not relate to skin colour whatsoever.  Please educate yourself before patronizing others.

Edited by Okina
Link to post
Share on other sites

What you're saying makes sense but can be better explained with Pattern Recognition.

Every click and mouse movement is being tracked, stored, and analysed using software designed to find recurring patterns and themes in the playing data so Jagex can categorise players. This is for more than just bot detection, this sort of technology is used in advertising to categorise users into groups which can then be targeted differently depending on their identified likes, dislikes, and interests etc. For bot detection I imagine they only need three categories, 'Human', 'Suspicious', and 'Definitely Bot', with the suspicious accounts getting flagged for a mod to manually investigate and the definitely bots receiving automatic bans, this would save Jagex time and money.

So when people are suggesting you use random breaks, mix up botted activities, etc. what they are really suggesting is to create a new pattern that has not already been identified by Jagex and will therefore take longer to detect. ABC2 just randomises your actions, using data collected by real players to try and fit in with their patterns and fool the detection software.

The real issue is it is very hard to create a pattern that looks similar to one a real player would create whilst also being profitable, most real players aren't grinding the low level money makers. You have to create a pattern similar to one a real player would make, otherwise your account gets flagged as 'Suspicious' and then, like you said, it's incredibly difficult to fool a player mod manually checking your account because they can do things in-game in real-time like spawning invisible objects that the bot can find via ID but a human wouldn't click on. I think that no matter how good your script is, eventually it will begin to create its own pattern and over time, depending on how many accounts you run and if its a private or public script, the pattern will be so clear the script is no longer viable and needs to be altered.

 

Link to post
Share on other sites
15 hours ago, digitest said:

Have botters looked at computer vision? For something like chopping oaks say, you would just need to use a walker to get to the place - and then detect the oak and click it somewhere. Jagex could spawn random invisible oaks with the same id but it wouldn't be clicked as they wouldn't be seen.

Yeah there are bots that work by reacting to color changes, unless you mean AI vision with neural nets but I think that's too complicated, in either case it's besides the point I was making. Even if we could detect the invisible objects, the bot would still be caught, a better example might have been them simply talking to the bot and deciding if it is human, if they really wanted to they could force the bot to stop moving or just spawn random objects that any real player would respond to.

I don't want to make it sound like botting is impossible, that's not the case, you just have to understand the bot will eventually be banned no matter how good the script is and work around that because it will eventually create a non-human, Suspicious, data pattern. Heres the answer, this is what you should do, lets call it a brief botting guide:

  1. Calculate your costs. This could be... Base Costs = VPS + setup fees + Tribot Fees... Recurring Bot Costs =  Proxy + Runescape Bond. Unless you're writing your own script you'll want to include the cost of the script too but you may want to create different models to analyse the costs and profitability of different scripts.
  2. Analyse your costs, for example: Lets say the VPS + Tribot costs £50 for the month. Then we say we change our Proxy every 2 bans and it costs £2, so £1 per ban; then we buy 5m gp per account for a bond (4m) and 1m starting cash at £0.50/m so £2.50 per account. So we have the base monthly cost of £50 which will be shared across bots and then £3.50 for every bot that is banned. Focusing on the £3.50 to begin with, we can begin to calculate our bots Break-Even Point.
  3. Work out individual bot Break-Even Point. So lets say we can sell our gp for £0.35/m, this means our bot needs to earn 10m (£3.50) to Break Even with our initial investment. Lets say our bot makes 500k/hour, this means it needs to survive for 20 hours to Break-Even; so for now lets suggest it can survive for 40 hours on average before being banned, it would make 20m which we can sell for £7.
  4. Now calculate each bots share of the £50 Base Costs using the 40 hour survival time per bot. Lets imagine we can use 5 bots at a time on our VPS and each can survive 40 hours which we will say is spread over 4 days at 10 hours per day. So we have 5 new bots every 4 days. We now divide the days in a month, lets just say 28 taking the occassional breaks ;), by our 4 day bot turnover time to work out how many sets of new bots we will use in the month, its 28 / 4 = 7. We then multiply that by how many new bots we use each time to work out the total number of bots used in a month, its 7 * 5 = 35. So now we divide the Base costs by 35 to work out how much it has cost each individual bot, so its £50 / 35 = £1.43 per bot.
  5. Finally we can total the Base Costs and Recurring costs for each individual bot, its £1.43 + £3.50 = £4.93. So we can now say that if our bot survives for 40 hours making 500k/hour it will cost us £4.93 but we can sell what it makes for £7 giving us a profit of £2.07 per bot. Our cost for the month would be £4.93 * 35 = £172.55 and our profit would be £2.07 * 35 = £72.45. This means we have a return on investment of (£72.45 / £172.55) * 100 = 42%, pretty sweet if you can scale it up ;) !!

To summarise, you don't have to create a bot that will survive forever, you don't have to over-complicate things, you just have to survive 40 hours and you'll receive a 42% ROI, ain't no one complaining at that.

Disclaimer: You'll want to factor into your model a percentage of accounts that get banned before you manage to mule because that isn't accounted for here.

Link to post
Share on other sites

I didn't mean simple colour changes, as if it's basic like that then Jagex could say add a single green pixel to a wall and then bots start thinking the wall = tree. I meant something like OpenCV - have it detect a whole oak ( iit's basically just take screenshot - find oak in it. Then Jagex would have to spawn a whole oak to trick bots.

Link to post
Share on other sites
5 minutes ago, digitest said:

I didn't mean simple colour changes, as if it's basic like that then Jagex could say add a single green pixel to a wall and then bots start thinking the wall = tree. I meant something like OpenCV - have it detect a whole oak ( iit's basically just take screenshot - find oak in it. Then Jagex would have to spawn a whole oak to trick bots.

I can see where you're coming from, but I'll try and explain why this doesn't happen.

There's two parts to runescape, the client and the server. The server is completely in jagex's control and the client is completely in our control. This is what people mean when they say something is "Server-side" - it's completely under jagex's control.

The server sends messages to the client to tell it what to display. To use your example, let's say the server sends a message to display a tree at position 0, 0. It doesn't actually send the whole tree, or any of the graphics. All it does is say "put the object with ID 1234 at position 0, 0" - The client handles rendering that object.

Jagex wouldn't be able to send an object with the ID 1234 and have it not display on the game screen "To catch out bots" without having code in the client to do that. Since they would have to put code in the client (which is under our control), we could detect that.

 

Pretty much what I'm saying is sending "bot only" objects can't really happen. It's possible they could put objects in places that might be out of sight of regular player but a bot might pick up, but I don't think they've ever done this - it would probably be pretty obviously pretty fast.

Let me know if this doesn't make much sense

Link to post
Share on other sites
2 hours ago, JustJ said:

I can see where you're coming from, but I'll try and explain why this doesn't happen.

There's two parts to runescape, the client and the server. The server is completely in jagex's control and the client is completely in our control. This is what people mean when they say something is "Server-side" - it's completely under jagex's control.

The server sends messages to the client to tell it what to display. To use your example, let's say the server sends a message to display a tree at position 0, 0. It doesn't actually send the whole tree, or any of the graphics. All it does is say "put the object with ID 1234 at position 0, 0" - The client handles rendering that object.

Jagex wouldn't be able to send an object with the ID 1234 and have it not display on the game screen "To catch out bots" without having code in the client to do that. Since they would have to put code in the client (which is under our control), we could detect that.

 

Pretty much what I'm saying is sending "bot only" objects can't really happen. It's possible they could put objects in places that might be out of sight of regular player but a bot might pick up, but I don't think they've ever done this - it would probably be pretty obviously pretty fast.

Let me know if this doesn't make much sense

a day before my main got its first ban i was collecting a drop that i was usually getting 1 per hour.

 

that day my bot didn't collect ANY of that drop even after 12 hours of grinding the same mobs (mobs didn't drop it so, it wasn't an script bug)

 

i think jagex fucks up with drops to catch bot data.

 

that might be the reason they are so successful at catching goldfarmers.

 

 

also they seem to recognize bots and anti-ban from a mile away when they got you on the spot light.

 

if you stay away from players, your bot usually lasts longer. because most players are brainwashed to report other players even for stupid bs, or they are simply driven by a false sense of justice and envy (mostly on american or english servers, players are full of that stupid XIX century ideals. australians don't give a shit if you are botting unless they are also botting and want to destroy other botters.)

Edited by realidadk2
Link to post
Share on other sites
9 minutes ago, realidadk2 said:

a day before my main got its first ban i was collecting a drop that i was usually getting 1 per hour.

 

that day my bot didn't collect ANY of that drop even after 12 hours of grinding the same mobs (mobs didn't drop it so, it wasn't an script bug)

 

i think jagex fucks up with drops to catch bot data.

 

that might be the reason they are so successful at catching goldfarmers.

 

 

also they seem to recognize bots and anti-ban from a mile away when they got you on the spot light.

 

if you stay away from players, your bot usually lasts longer. because most players are brainwashed to report other players even for stupid bs, or they are simply driven by a false sense of justice and envy (mostly on american or english servers, players are full of that stupid XIX century ideals. germans don't give a shit if you are botting unless they are also botting and want to destroy other botters.)

I don't understand how you think they figured out you were a bot by them not giving you any drops? I very very much doubt that they change drop rates like that honestly.

I do agree that not getting reported helps

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Our picks

    • TRiBot 12 Release Candidate

      The TRiBot team has been hard at work creating the last major version of TRiBot before the TRiBot X release. We've noticed many problems with TRiBot 11 with a lot of users preferring TRiBot 10 over 11. We've heard you, so we took TRiBot 10, added the new features introduced with 11, introduced some other new things, and created TRiBot 12. So without further adieu, here's TRiBot 12.
        • Sad
        • Like
      • 38 replies
    • Gradle is a build tool used to accelerate developer productivity.

      We recently setup a Maven repository (TRiBot Central) to make it easier for scripters to create scripts. Check it out here: https://gitlab.com/trilez-software/tribot/tribot-central/-/packages

      Furthermore, we've released a simple Gradle project to make it easy to run TRiBot and develop scripts for it. Check it out here: https://gitlab.com/trilez-software/tribot/tribot-gradle-launcher

      The goals of TRiBot Central are to:

      Deliver updates to TRiBot faster


      Better organize TRiBot's dependencies (AKA dependancies)


      Make it easier to develop scripts for TRiBot


      Make it easier to use and run TRiBot


      Note: TRiBot won't be able to run scripts from within this project until TRiBot's next release.
        • Like
      • 10 replies
    • Hi everyone,

      I'd like to thank everyone for their patience in this transition period. Since last week, we've worked out the remaining bugs with this integration.

      Some users have still been having issues with connecting their forums account to their Auth0 account. To resolve this, we've imported all forums accounts into Auth0.

      Unfortunately, the accounts which were imported today were using an unsupported password hashing algorithm. Hence, random passwords were set during the import.

      What does this mean for me?

      If you've previously linked your forums account to your Auth0 account, you don't have to do anything. Nothing changes for you.


      If you haven't logged in via our new login yet,

      Try logging in with your forums email address and the last password you used


      If you are unable to login, please use the "Forgot password" tool on the login page:
      Follow the instructions to reset your password
       
        • thonking
        • Like
      • 17 replies
    • Hello everyone,

      Last week we tried to roll out Auth0 Login, but we lost that battle. Now it's time to win the war!

      Important changes

      When logging into the client, you'll now have to enter your Auth0 account credentials instead of your forums credentials

      Note: 2FA is still handled through your forums account (for the time being)



      Changes for existing users

      You'll have to link your Auth0 account to your forums account here: https://tribot.org/forums/settings/login/?service=11


      Auth0 accounts have been created for most existing users. Please use your forums email address and password to login.



      Important notes

      Make sure to verify your email address upon creating a new Auth0 account


      When we mention your Auth0 account, we mean your account used for auth.tribot.org as displayed below
      • 81 replies
    • To better support the upcoming changes (TRiBot X, new repository), we're switching our login handler to Auth0. Instead of logging in with the standard form, you'll now be required to login through our Auth0 application.

      All existing accounts which have been used within approximately the past year have been imported into Auth0 using the same email and password combination which has been stored on the forums.

      What does this mean for users?

      Your account credentials are now even more securely stored


      You'll be able to login via Facebook, Google, and others in the future


      Is there anything users have to do differently now?

      Existing users: You'll have to login with the standard login, open your Account Settings, then link your Auth0 account


      New users: You'll be redirected to our Auth0 app (auth.tribot.org) where you'll be able to create an account


      Why was this change made?

      The new apps we are creating (such as the new repository) aren't able to use the forums to handle user logins


      To centralize all user accounts in one area


      To ensure that the client login doesn't go down when the forums are having problems


      To speed up our development


      Other considerations

      There's no documentation or official support for using Invision Community combined with Auth0, so there are still a few kinks we're working out


      We're in the works of creating an account management panel specifically for Auth0 accounts (ETA August)


      It's not possible to change email addresses for the time being (this will be resolved this August)


      Changing passwords is a weird process for the time being. To change your password, you'll have to use the "Don't remember your password" tool on the Auth0 login page
        • Like
      • 11 replies
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...