How the hell do we know so little regarding detection ?

[Bertrand]

Ok this are just a couple of ideas i would like to throw out here for some of the developers, and people with more knowledge regarding detection, packages sent, and db core functionality. A month ago i saw nesox, one of the core db developers, mentioning something about packages that are sent to blizzard, and theoretically used to detect us. Recently i encountered strange experience while botting. Whenever i leave game manually and the bot is still not stopped manually the game would crash right after the bot goes into character screen menu. The reason for this is probably db giving d3 client instructions that cannot be performed in the character screen menu, such as movement to waypoints, attacks, picking up items.

Another thing i encoutnered are error dialogs when trying to create a game of which quest you havent unlocked. It happened couple of times while lvling when i accidentally loaded an act 3 profile while act 3 was not yet unlocked.
I know very little about "sent packages", but common sense implies that this actions, that are impossible to be performed by a human player might trigger sending different information to blizzard, than common gaming does. All i am sugesting for anyone involved deeply with the development of this bot is to test this situations and monitor the sent packages, is there anything unusual about them while the bot goes into character screen without being stopped, thus crashing the client ? What happens when we try to create game of which quest we havent unlocked ? Put gold inactivity timer to 10 sec, and let the bot recreate games for hours at end, and monitor those informations sent...
I mean, i am just casual bob, even if i volunteer knowing that i would 99% lose the account, i still can provide you with little to none information, besides being banned or not. I think it would be really good idea to have couple of dummy accounts and do all sort of humanly impossible actions on them just to see if anything else is triggered, such as some crash sender or anything out of the ordinary behavior...

 

[Immortality]

I used to be a developer @ a runescape bot (Rsbot). I'll tell you what I know generally in regards to detection/botting and since you are so interested packets...
I'm going to start with a question answer segment.

Let's start basic, What does a bot do?
- Emulates humans playing a specific game

How does it do it?
- Every time we make a movement that needs server confirmation we send the server a bit of information of a specific size and content. So a bot would also send these bits of information and this is what we call "packets"

How do we get caught?
- Well humans are humans, we aren't perfect, we are not predictable, we are energetic, social, and complex. Bot on the other hand find it hard to be totally human I mean if we had programs that act totally human we would not have all this talk about Wilson the computer intelligence. So server side detection is used to see how "human" the bots are, if the bots are more human then there might be a algorithm that gives it a less likely to be a bot mark. When the algorithm says it is very likely we get marked and probably a human comes in and makes the final judgement. Then we get banned.

What type of information is sent to the diablo 3 server and how did so many people get banned recently?
- To be completely honest I think Demonbuddy was to blame. Demonbuddy doesn't update every time diablo is updated therefore if something changes in the client marking if we are viewing a specific menu while at the waypoint is sent to server we would be labeled as bots (notice this is one of the changes we see in demonbuddy after the banwave). Ok, so the developers here are not retarded but things can be overlooked, Blizzard probably owns a copy or a few copies of demonbuddy directly or indirectly they can decompile and see where demonbuddy is scanning for changes and make changes elsewhere hidden from demonbuddy and will need to be found by hand. I truthfully think the demonbuddy staff overlooked something and we all got banned (of course they will never admit to such a thing). I forgive them regardless they are only human right?

So how are bots made?
- Smart people decompile the client code and see what is send to the server and make fake human packets that are sent to the server the same way a human would cause the client to send packets. Decompiling is difficult in all programming languages some languages harder than others. In the end we programmers end up reading byte code... PUSH/goto.... blah blah blah. It isn't as fun as you think to make a bot.

 

[Hawker]

We can see what is sent to Blizzard by the Diablo 3 client. What we can't see is what is done with the information. We know that a lot of detection is done by scripts serverside so if we recommend a particular course of action, and you all take that course of action, then we have gotten a lot of you banned. Just try to make sure that you are different from the guys who bot 24/4 and hopefully the scripts that nail them won't nail you too.

 

[Immortality]

Every time people say server side detection it means... "I have no idea I guess they do this and that but really I don't know unless you hack the server for me"

This is and will forever be true in the world of automation. Server side algorithms are number 1 reason we get banned.

 

[packetloss]

Well we do have some idea of what kinds of things they look for. It's all a matter of patterns. This is why everything that gets done by the bot needs some form of randomization. If you recall the first change that was done by DB was to introduce random restart times for games. The reason is that if they capture a time stamp for clicking on exit and a ts for starting a game and see that 90% of the time it all happens within 100ms those are the types of patters that are easilly detected and indicate usage of a bot or script. Similar types of things could be collected and analyzed for lots of other behaviours (combat, navigation, etc, etc). Thus random waits kind of need to be added to all activities.

One other thing to consider is that the more frequently you run the same script over a period of time, the more data they will have to analyze. Your best bet would be to alternate between different acts and different profiles for the same zones. I won't even take a guess at what they might be looking for in terms of the combat routine, but if you peroidically changed up your skills it probably wouldn't hurt.

 

[Bertrand]

We can see what is sent to Blizzard by the Diablo 3 client. What we can't see is what is done with the information. We know that a lot of detection is done by scripts serverside so if we recommend a particular course of action, and you all take that course of action, then we have gotten a lot of you banned. Just try to make sure that you are different from the guys who bot 24/4 and hopefully the scripts that nail them won't nail you too.

So hawker, how about a full list or screen shot or upload a script where everyone can read of everything that is sent to blizzard, so we know of which things we should take care most of ? Game creation time ? Potions in inventory ? Areas taken in a run ? It would be nice if you could upload a full log of everything sent to blizzard in couple of hours of play ?

 

[Coldfish]

So hawker, how about a full list or screen shot or upload a script where everyone can read of everything that is sent to blizzard, so we know of which things we should take care most of ? Game creation time ? Potions in inventory ? Areas taken in a run ? It would be nice if you could upload a full log of everything sent to blizzard in couple of hours of play ?

I'm not sure here, but a reason for not uploading it is firstly we would not understand it, since it?s data not actual words. Secondly showing what the bot actually sends would make it easy to know what to look for.

TLDR: I like the way the crew keeps things secret

 

[Bertrand]

I'm not sure here, but a reason for not uploading it is firstly we would not understand it, since it?s data not actual words. Secondly showing what the bot actually sends would make it easy to know what to look for.

TLDR: I like the way the crew keeps things secret

Lol no... the bot doesn't send anything, the client does. Thebot just navigates it... What we need to know is what should we take care of ? For example, my bot never surpass 100 potions in inventory, so does the diablo 3 client sends inventory state ? Also, does the client send information of how long time we took sitting in char screen until game creation (Default db is 1-15 sec) so if in 1 week someone make every god damn game within this time frame a script would fish him out. The point is that i think we realyl deserve to know how to catch this information that is sent to blizzard, so that more devoted botters can take better care of their bot. And i really dont see how is this harming db bot in any way whatsoever, on the contrary, if more people can have look into this matter the more information we can all gather and help improve this bot.

 

[Harmacintyre]

why would they care if you have 100 potions. what they might care about, is how you bought them, such as if you use a macro, you can see how many clicks/actions per second/millisecond you did in order to buy them. like 1000 clicks within 30 seconds would be a clear sign that its not a human doing that. (in no way am i saying that macros get you banned). there is no real reason for them to post anything regarding this. Its mostly just common sense things. blizzard is collecting huge amounts of data even from people that are not botting. There is no way you could 100% decipher what they are even looking for when they are searching for things to ban people. Some of the data they collect is also for their personal gain and information to see what is happening in the game for the normal player.

I would also like to point out that i dont actually think this even falls under DB's purchase agreement. Even if it did, why would they reveal what they are trying to hide from blizzard in the first place. The whole point of a bot is to go undetected. Everyone always keeps whining and asking for more information. In my opinion, i think they shouldnt tell people shit except for their deadlines of when new releases etc. The less the people know about demonbuddy, the less blizzard will know about it.

If you want to see what packets are being sent between you and blizz, look for yourself.

 

[Bertrand]

If you want to see what packets are being sent between you and blizz, look for yourself.

How do i do that ?

 

[Hawker]

Your client does not have 100 potions. 100 potions are on the server and your client gets told about them and then displays them to you. The whole game is played on the server and your client is only used to pass signals to the server and to display the data that is on the server.

Botting is D3 is profitable - most people are in profit after they have an account for a week. With that in mind, you know Blizzard will stomp on obvious bots so you have to decide yourself how you want to be less obvious or if you just want to go all out.

 

[blista08]

So hawker, how about a full list or screen shot or upload a script where everyone can read of everything that is sent to blizzard, so we know of which things we should take care most of ? Game creation time ? Potions in inventory ? Areas taken in a run ? It would be nice if you could upload a full log of everything sent to blizzard in couple of hours of play ?

Bert, I only read the title. Simple answer -- we don't work for Blizzard. Why don't you go an "work on the inside" and let us know please? .

 

[blista08]

How do i do that ?

There are a bunch of different programs... Not sure if Wireshark is still that big, but that's what I used in the past.

Fun Fact: Wireshark used to be able to easily pick up people's accounts, passwords, and other crap before tunneling and encryption became really big (used to tinker with it when I lived in the dorms).