Ban theory

[bizzy1one]

I noticed a lot more errors / crashes in the last few weeks on my bots. Yesterday all of them crashed out when the ban happened. Is it possible for them to send a packet or command or something that will crash the client of a user using automation?

Seems like a fairly easy thing to do even on a large scale. Mass send a command to a list of accounts which report back crash or not?

Was just something i was thinking about.

 

[ezpwnd]

I was noticing odd behavior about 2 hours before the banhammer hit as well.

 

[richarjb]

I noticed a lot more errors / crashes in the last few weeks on my bots. Yesterday all of them crashed out when the ban happened. Is it possible for them to send a packet or command or something that will crash the client of a user using automation?

Seems like a fairly easy thing to do even on a large scale. Mass send a command to a list of accounts which report back crash or not?

Was just something i was thinking about.

yes. yes. yes.

Unless DB does something that prevents the crashes from being reported and sent to blizz this is a huge issue.

Even if they do prevent the crashlog from being sent (it is generated for sure) they can still see clients disconnect.

Reloggers are bad news if you set them up wrong too.

All that said, I find it highly unlikely that they are targeting demonbuddy with a DoS. It's more likely the crashes are occuring due to bugs in DB and/or 3rd party plugins. The plugins cause an invalid state... client crashes... reloggers repeat process.

 

[blista08]

yes. yes. yes.

Unless DB does something that prevents the crashes from being reported and sent to blizz this is a huge issue.

Even if they do prevent the crashlog from being sent (it is generated for sure) they can still see clients disconnect.

Reloggers are bad news if you set them up wrong too.

All that said, I find it highly unlikely that they are targeting demonbuddy with a DoS. It's more likely the crashes are occuring due to bugs in DB and/or 3rd party plugins. The plugins cause an invalid state... client crashes... reloggers repeat process.

Block with firewall/Antivirus ... there are numerous posts on this.

 

[jackus]

yeah I had quite alot of crashes aswell :/ before the ban

 

[bizzy1one]

All that said, I find it highly unlikely that they are targeting demonbuddy with a DoS. It's more likely the crashes are occuring due to bugs in DB and/or 3rd party plugins. The plugins cause an invalid state... client crashes... reloggers repeat process

My theory was more along the lines of blizzard sending info that caused an invalid state and then logs if successful or not and adds to ban list.

 

[TerminatorX]

There are a lot of tinfoil hat theory's so I'll through mine in. They most likely have a group of people working to stop botting. And the group most likely has a DB account. They have been backwards engineering it just like the DB staff backward engineers D3. They most likely had a break through to detect what DB does in the last week and implemented the detection in a patch. If I were blizzard that's what I'd be doing.

 

[richarjb]

There are a lot of tinfoil hat theory's so I'll through mine in. They most likely have a group of people working to stop botting. And the group most likely has a DB account. They have been backwards engineering it just like the DB staff backward engineers D3. They most likely had a break through to detect what DB does in the last week and implemented the detection in a patch. If I were blizzard that's what I'd be doing.

It's usually called 'reverse engineering'. I don't know if blizzard is doing it. I suspect the DB dev team have a EULA (lol) against reversing DB. I won't say too much here because I don't want to get into trouble but lets just say that DB has much much MUCH better protection against reversing than D3. Is it impossible? No. Does it require knowledge of unpacking, anti-debuggging tricks, hells yes.

If they are doing their jobs, the team that detects bots certainly have a copy of DB installed and they are working on generating client signatures that they can detect server side. It is much easier than reversing. Much safer from a legal/political point of view, and it scales better.

 

[StrangerThanFiction]

Wouldn't make sense for Blizz to go that route.. As a corporation it would cause them alot of trouble if found to be "reverse engineering" software. On a separate note if this was the case DB would be the only bot affected, or every other bot that was affected would have had near 100% wipeouts as they don't have a tripwire or auth disable like DB does. Fact is other bots were banned also..

It would be far more effective for Blizzard to have developed an organic method of detection... Something that is generic doesn't require many updates and can unilaterally detect different types of bots.... IMO they are data mining the paths we are taking in areas. If that is true than they can do all kinds of things with that information... Such as statistical comparisons, and run probabilities of stopping on the same point 100 times while blacklisting certain area's.. Its also a technology that is widely available in many different forms and is fairly easy to implement...

You have to realize if it had anything to do with memory scanning or DB detection why do some of us still have bots standing that evaded the banhammer.... The only conclusion would be they have not obtained "definitive" proof on there end to warrant an action... This also indicates its server-side detection from data-mining...


I have 2 bots still standing, the only thing different about them was the # of profiles I had them running... They were running 24/7 but with 17 profiles and they only ran each profile 1 time before randomly swapping to a different profile... YAR is a beautiful thing