Simple Anti-Bot Client

Discussion in 'Requests' started by Drinc, Jun 14, 2018 at 10:23 PM.

  1. Drinc

    Drinc Active Member

    Joined:
    Jan 25, 2012
    Messages:
    256
    Likes Received:
    26
    Best Answers:
    0
    Hello. I want to create an anti-bot client that forces "well known bots" off the grid. When looking at tibia machine code, every variable is on the exact same memory all the time.(f.e currentHp might be on Tibiaclient.exe + 0xA434C). Can the memory locations be changed by:

    1) Just moving around the functions in the server source code? (I assume not, since this has nothing to do with the client?)
    2) How do i change the memory location for variables in the client?
    3) How do i prevent people logging onto my client through the normal tibia 7.72 + ip changer?

    Thanks.
     
  2. Monkey Budex

    Monkey Budex Thats Not Me Premium User

    Joined:
    Jun 22, 2016
    Messages:
    772
    Likes Received:
    102
    Best Answers:
    15
    Maybe try using OTClient ?
     
  3. Drinc

    Drinc Active Member

    Joined:
    Jan 25, 2012
    Messages:
    256
    Likes Received:
    26
    Best Answers:
    0
    Oh yeah. Aren't there many "well known bots" for OTClient too, though?
     
    Last edited: Jun 15, 2018 at 1:01 AM
  4. Monkey Budex

    Monkey Budex Thats Not Me Premium User

    Joined:
    Jun 22, 2016
    Messages:
    772
    Likes Received:
    102
    Best Answers:
    15
    No clue right, but you could try to edit OTClient if its possible to prevent botting.
    I think that would be faster way instead of normal client.
     
    Drinc likes this.
  5. pasiak12

    pasiak12 Active Member

    Joined:
    Jun 7, 2009
    Messages:
    226
    Likes Received:
    45
    Best Answers:
    10
    afaik otclient has just another bot list for it
    also 'cracker' can easy look into otclient source code - its significant help in bot creation (but on the other side - after all years tibia client has been detailed diagnosed)

    Still, as long as before your server become rly popular you need to handle only already-existing bots, so I will try to defend yourself only against them.
    Moving 'normal variables' wouldn't do much - scanning, finding their new address will take 10 sec, while 'moving' them might take really long time (consider that you need to learn how exactly computer program works at low level + learn how to properly edit it through for example dll injection)

    My advice - if you want to fight hackers - become one. Try to create bot, then you will learn what things needs to blocked/changed first :>


    ip changer block thing - change tibia client version to the one only you know (ex tibia 7.89) (you need to do that on server files too then) - its just one variable. Thats the simplest solution, but maybe you will find something better.
     
    Drinc and Monkey Budex like this.
  6. Drinc

    Drinc Active Member

    Joined:
    Jan 25, 2012
    Messages:
    256
    Likes Received:
    26
    Best Answers:
    0
    Great advice. I've done some simple hacking on tibia servers, and i found out rotating addresses seem to be popular. I don't expect to prevent someone who has hacking experience, i just want to prevent people whom have no or low amount of experience. For example, in similar fashion:

    Every time the client is executed, it receives from server a randomly encrypted (to avoid packet sniffing?) offset value, used to change the addresses. I want to implement something that at least increases the time/knowledge it takes to create a bot, and a dynamic way of changing things up.

    Is this complicated? Can you refer a tutorial, or suggest a path in learning more of this? I have basic programming knowledge in assembly/c/data communication. Thanks
     
  7. pasiak12

    pasiak12 Active Member

    Joined:
    Jun 7, 2009
    Messages:
    226
    Likes Received:
    45
    Best Answers:
    10
    Rotating addresses - Do you mean that some parameter you found (for example in cheat engine) is on another memory address every time you run the client yea?
    - Well if yes, then I need to disappoint you. Those params are just dynamically allocated (while program starts) and mid-experienced cracker will find their position by memory/pointer scanning. In the end It will be something like chain of addresses starting with constant address (that never change its position with respect to base address) pointing to some address, then pointing to some address then pointing to wanted address. Those are exactly multi pointers in C/C++.

    Packet anti-sniffing is already done since tibia 7.7 when RSA encryption was added.

    Im not sure if you can multiply change the physical address of something in your client by easy way. Creating some more 'clone' parameters and defining by server which one is correct in given time might be a solution, but what about time synchronization between server and many clients? Remember that server must confirm every action player do and everything needs to run smooth.

    Anyway you're on good way to go because - you want to create something unique

    Usually cracker just treat tibia client just as every other and try to hack it traditionally, but when he met first extraordinary protection (or client uncommonness) he might and probably will just give up.

    Your server will be safe as long it wont become super popular and it will be worth to spend super-more time to find out what did you create there.


    In future I plan to try to create some easy anti-bot. I will start with creating some tibia-api, dll injection and then try to mess with tibia packets send/receive. Thats how bot works, they just send packets with action codes (opcodes) instead of you. I would recommend you to look there then.

    Would be great if someone more experienced will join this discussion. I'd love to know some already known tips to fights with botters too. If not , there might be also chance to talk about it on some cracker forums - tpforums/tibiapf - you can met there some pros, but usually forums are quite dead.
     
  8. Drinc

    Drinc Active Member

    Joined:
    Jan 25, 2012
    Messages:
    256
    Likes Received:
    26
    Best Answers:
    0
    Thanks for response.

    Voidcores client changes the offset (of some values such as hp, mana, light, etc) by +156 or -156 bytes every time client restarts, for the static values, by using .dll injections i think he said. "It's something at least." - voidcore
    The suggestion you gave me @pasiak12 about changing the client version in server/client is really appreciated. It's easy and smart. I want a similar solution to prevent the already existing cheats out there.
    .dll injections seem like a good route, except for the risk of virus programs treating the client as a virus i guess? I think Voidcore's client is fine tho.
    Preventing cheats with packets received feels tricky. I know some servers have tried auto-ban (auto-ban cheaters = packet sniffing + algorithms ?) and many times they do very little, or they ban people who aren't cheating at all.

    Another question that just popped out: How do you let the clients automatically update? That is, without the player having to re-download the client of the website.
     
  9. pyschod

    pyschod New Member

    Joined:
    Jun 4, 2018
    Messages:
    8
    Likes Received:
    0
    Best Answers:
    0
    This is the question Cipsoft was asking for many years and I think there is no easy solution for it, unfortunately.
    Dealing with bots is the same as dealing with hackers, people always find a way to bypass your protection and make it work. And in a game like tibia even a simple macro can do the job some times, so how to avoid it completely?
    Unless you hire a 3rd party company to deal with it you would need to create your own anti cheat, blocking memory access to the client, signature scanning of common bots, even string scanning, etc. Could be easily bypassed but would protect from most users!
     

Share This Page

Loading...