The end - for botters. BattlEye comes to Tibia

Discussion in 'Tibia' started by Kuzyn, Feb 15, 2017.

  1. poopsiedoodle

    poopsiedoodle Gibe moni plos

    Joined:
    Nov 23, 2011
    Messages:
    2,394
    Likes Received:
    510
    Best Answers:
    0
    @Fenrisus

    Or, you could just like, idk, not be a piece of shit botter?
     
    Azze19 likes this.
  2. Fenrisus

    Fenrisus Ferin-Sha

    Joined:
    Mar 19, 2010
    Messages:
    202
    Likes Received:
    310
    Best Answers:
    0
    Botting was wrong nowadays, and you are wrong with understanding of that. In the past, i did that just for - my self fun. Feel the difference:

    1) My bot has been never shared to others. And it's has been fully written on UOPilot script.
    2)My bot had ~50k words, dialogs & constructions ("Talking module") for respond to players and talk with them.
    3)I remember as GM tried to catch me, and check me manually... So... no one knows who are playing - me or bot. Well, that the point.
    4)I did that with same motivation & ideas in mind, as other developers did a ICQ chat-bots.
    5)Cant tell - i am earn alot of ingame profit with that.... But i am earn most important & priceless thing - expirience. Nowadays that expirience help me a doing an advanced AI for various games. ;)
     
  3. eldera

    eldera Member

    Joined:
    Oct 27, 2012
    Messages:
    122
    Likes Received:
    16
    Best Answers:
    0
    Actually that software doesn't have to be undetectable (and most likely is not) just because it doesn't hook anything...

    It is simulating keyboard strokes and that is enough for BE to "detect" it. What is more BE can check what programs you are running in the background (yes it doesn't only monitor single Tibia process) and do stuff... Nothing is undetectable - especially 1000% undetectable as you stated. Just my 2 cents =)
     
  4. poopsiedoodle

    poopsiedoodle Gibe moni plos

    Joined:
    Nov 23, 2011
    Messages:
    2,394
    Likes Received:
    510
    Best Answers:
    0
    I'm not sure how saying that a bot is undetectable is supposed to change my opinion of botting as a whole (which is that it's a shitty thing to do, and people trying to keep it alive are the worst).
     
  5. Fenrisus

    Fenrisus Ferin-Sha

    Joined:
    Mar 19, 2010
    Messages:
    202
    Likes Received:
    310
    Best Answers:
    0
    UO Pilot simulating keyboard/mouse on low-level. I.e. that is "Hardware" clicker (it means he does not uses common WindowsAPI for emulate mouse click, he call Mouse/Keyboard driver for it directly). BE cant recognize hardware mouse events, cuz any real, physical mouse or keyboard action may be threated as positive detection. In that case that was stuppid. BE "monitor" - is kinda primitive. Easy to foolish them. Also, it's not able to recognize where he launched (hello VMWare, Sandbox and etc.) That is the cost payed for "make BE clean", otherwise - it will be detected as Keylogger/Malware/Virus software by any antivirus in your system. That obivious, "advanced" scanning, intercept and other "tecnhologies" mainly (and first) used on DDOS bot-net bots, trojans, worms and other things. If BE going to use same methods - it's simple will be blocked.

    Finally, BE - is a kind of client-server protection, based on Windows API (client side) plus has a some self anti-reverse things (that protects BE itself) and his "key" feature - server side protection.

    In case of UOPilot, that can be "blocked" or "detected" just in case of manual added 16-bytes memory-dump signature inside BE client.
    Something like that:
    Code (Text):
    1.  
    2. {0x12C5B8, {0x75, 0x07, 0x8B, 0x1E, 0x83, 0xEE, 0xFC, 0x11, 0xDB, 0x72, 0xED, 0xB8, 0x01, 0x00, 0x00, 0x00}, {"UoPilot.exe"}},
    3.  
    But, for avoid them, take a UOPilot source code (it's avalible in public) and re-compile them self... And you will have a something like this:
    Code (Text):
    1.  
    2. {0x5E9AA0, {0x60, 0xbe, 0x00, 0xb0, 0x55, 0x00, 0x8d, 0xbe, 0x00, 0x60, 0xea, 0xff, 0x57, 0x83, 0xcd, 0xff}, {"LeagueClient.exe"}}//or whatever
    3.  
    Technically (for any detection systems) UOPilot do nothing strange.
    Any cases of UOPilot "detection", appears just from memory-dump signatures/windows text(caption, name) handlers, etc. manually binded by developers into their software (and also, common users, not able to recompile them self, cuz they are not a developers). Also, you must understand, game developers, cant bind each self-maded version of UOPilot anyways. For doing that, they should obtain your compiled version somehow. If you have a some skills (or just can read and follow tutorials) isnt a big problem to obtain your very own, undetectable completely, version of UOPilot.

    PS.
    Mainly UOPilot is not created as Botting software. UOPilot created as assistant for Ultima Online, cuz their "Classic" Client - fully non userfriendly, lack of UI and that is impossible to play without such helper. UO Controls & UI is literally pain.

    [​IMG]
    Just imagine, how you will control your ship? Type in chat? Ahh, and there is no hotkeys at all ;)
     
    Last edited: Oct 6, 2017
    Sajgon likes this.
  6. poopsiedoodle

    poopsiedoodle Gibe moni plos

    Joined:
    Nov 23, 2011
    Messages:
    2,394
    Likes Received:
    510
    Best Answers:
    0
    It's still an external program that is playing the game for you (even if it's only partially helping). That's a bot.
     
  7. Marcus

    Marcus User.postCount++; Premium User

    Joined:
    Nov 14, 2015
    Messages:
    1,041
    Likes Received:
    345
    Best Answers:
    9
    @Fenrisus
    Don't take it as flame or anything, but just to point out.
    It's detectable for sure.
    In my new MasterCores that's coming soon, I can detect something as simple as a macro.. just a simple keyboard recording.
    And it doesn't matter if you record yourself for 5 seconds and loot.. or 29 years.

    The limit in detection, is in the minds of the ones trying to detect it :)
    Of course normal OTs wouldn't be able to detect it without checking it up ingame for a good while, but for those who builds clients and external applications can take detections to another level.

    But then we have CipSoft, they're not too motivated to detect people, honestly..
    BattleEye can detect and have players deleted in seconds in any other game, but in Tibia.com they're not allowed to neither detect nor delete/ban, they're only allowed to block certain applications.
    CipSoft recently lifted the macro-blocking, so people can use macros again, they were unable to do that a few weeks ago, but today you can use any macro on any world.
     
  8. Fenrisus

    Fenrisus Ferin-Sha

    Joined:
    Mar 19, 2010
    Messages:
    202
    Likes Received:
    310
    Best Answers:
    0
    You are partially right, but again. Can you explain, how you will detect hardware mouse & keyboard events 1:1 to real, and recognize it? =) Literally you can detect a key-press, but in this case, you cant say who did them. UOPilot or real-human. Same as other Driver/Hardware.

    As for note, nowadays, many gaming mouses or even multimedia keyboard can record macross & be very advanced (Hello Logitech). How you will recognize, what i am using now, Logitech mouse or UOPilot? :) Technically "output" is 100% identical (i mean detection positive). How you will solve it? No way. Or you should add "Unallowed hardware" statement into your game TOS/EULA :)

    Also, you can count mouse clicks timing and do other things... but... in cause of UOPilot - clicks also can be randomized, and ofc that is not a "simple macro".

    For be fair, you can detect only Windows API emulated (programatically) key/mouse events. But hardware detection in the right way - is impossible, cuz you may be banned just for using your keyboard/mouse :D (The key here: you may detect it, but you cant 100% recognize a source of hardware click.

    Just for lulz. I can take a PIC controller, make a "bot-bios" on it via Programmator and attach them as Mouse (USB Device). Try to detect it ^_^
    Something like that:
    [​IMG]
    Also you may "recognize" bot via gameplay, but you cant proof it in this case technically. What if i am always play, that seems like i am botting? :)
     
  9. Wirless

    Wirless 7.6 is the best :D

    Joined:
    Nov 3, 2012
    Messages:
    820
    Likes Received:
    159
    Best Answers:
    0
    you can run battleye inside of Virtual machine :) #GG
    or ssh to other computer on your network. #GGCIP
     
  10. eldera

    eldera Member

    Joined:
    Oct 27, 2012
    Messages:
    122
    Likes Received:
    16
    Best Answers:
    0
    @Wirless

    Run can run Tibia with BE inside of VM but they can detect that you are running thier shit on VM and mark you as potencial botter.
     
  11. Wirless

    Wirless 7.6 is the best :D

    Joined:
    Nov 3, 2012
    Messages:
    820
    Likes Received:
    159
    Best Answers:
    0
    then as i said SSH INTO computer on your network lol
     
  12. eldera

    eldera Member

    Joined:
    Oct 27, 2012
    Messages:
    122
    Likes Received:
    16
    Best Answers:
    0
    [​IMG]
     
  13. Wirless

    Wirless 7.6 is the best :D

    Joined:
    Nov 3, 2012
    Messages:
    820
    Likes Received:
    159
    Best Answers:
    0
    ever heard of remote desktop connection? check out liquidsky..
     
  14. eldera

    eldera Member

    Joined:
    Oct 27, 2012
    Messages:
    122
    Likes Received:
    16
    Best Answers:
    0
    Yeah I know what SSH and RDP are but what does they have to do with bypassing BE? If you connect via SSH or RDP you still have to somehow control Tibia Client.
     

Share This Page

Loading...