What's new
By:
  • Visit Rebornbuddy
  • Visit Panda Profiles
  • Visit LLamamMagic
  • Visit Resources
  • Visit Downloads
  • Visit Portal
RebornBuddy Forums

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Banwave 10-11-2016 Discussion

Status
Not open for further replies.
chinajade said:
Just trying to stop a war before it starts...
So in practice, the 'MAC address uniqueness' is not strictly true, but is a very reasonable assumption. The 'uniqueness' must be guaranteed for you to have a functional network. So, at least on your local LAN, each MAC address—whether it be hardware-based, spoofed, or synthesized—must be unique.

'Clever' programs running on your machine can weed out all the synthesized and spoofed MAC addresses used by your box, and obtain the [size=-2](one or more)[/size] real, hardware-assigned MAC address. Keep in mind that if your machine is using a spoofed/synthesized MAC address, then you must have at least one hardware MAC address available. Most modern machines have at least two hardware MAC addresses—one for the wireless 802.11 adapter, and one for a wired 802.3 adapter. So, even if you've spoofed or synthesized a MAC address, it will be meaningless in the presence of a 'clever' program. And 'yes', there are techniques for obtaining this information that work even in the presence of VMs.

chinajade
Click to expand...

Interesting comment, Chinajade

You are right in the fact that each Network adapter on your comp will have a different MaC. But, what prevents you from changing them all?? I mean, if you are going through changing/spoofing one of them...why aren't you changing the rest of them? It's not like it's hard. Or obvious.

Ma_C.png


So, the "more than one MaC Addresses" part is not that important to its uniqueness. Specially when there are plenty of HardwareId's and Guids that you can't spoof with that ease...or even at all.

About the techniques to obtain the original MaC Address info of the active network adapter, and ignore whatever spoofing has been done, I know nothing.
 
Hi again, Pampampum,

[size=-2]Just an aside: I've sharpened the wording in the post since you quoted it.[/size]

The original hardware-assigned MAC address is still around (made available by the hardware) to be obtained by a 'clever' program. This is illustrated by your screenshot—the program distinguishes between the 'original' MAC address and the 'active' one. The program also supports a "Restore Original" button.

In short, the spoofing utility you show us is in itself, a 'clever' program. :D

You may have several programs like the one you show. Use a different, but similar program, to restore your MAC address. This should prove to you that the 'original information' is not stored in a data file unique to that particular program. Instead, the original MAC address is made available from an authoritative source [size=-2](i.e., the hardware)[/size]. Any program can obtain the needed original and unique MAC address from this authoritative source.

The gist is that if your spoofing programs can get access to the original, universally unique MAC address, so can a WoWclient [size=-2](or a program running on its behalf)[/size]. At this point, we hope its clear that spoofing a MAC address is meaningless to any program running on your machine, if that program wants to 'spy' on you.

cheers,
chinajade
 
Last edited:
chinajade said:
In short, the spoofing utility you show us is in itself, a 'clever' program. :D

You may have several programs like the one you show. Use a different, but similar program, to restore your MAC address. This should prove to you that the 'original information' is not stored in a data file unique to that particular program. Instead, the original MAC address is made available from an authoritative source [size=-2](i.e., the hardware)[/size]. Any program can obtain the needed original and unique MAC address from this authoritative source.

At this point, we hope its clear that spoofing a MAC address is meaningless to any program running on your machine, if that program wants to 'spy' on you.
Click to expand...


That's true. The fact that changing the physical Network adapter to another computer restores it to the original MaC Adress is proof enough that the information has to be there, available, somehow.

1 thing that makes me wonder, though, its administrative privileges. If I "spoof" my MaC address, or any Hardware ID for that fact, as a System Admin, but a program that is running without admin privileges is able to see through it with whatever means, it sounds like unintended or at least, not working properly.

I'm thinking of this because all HwID modding programs I've used, and they've been a few, all required to be Run as an admin. Wow, as far as I recall, doesnt. (That's assuming that the "spy" process is one of wow-related processes, which I find a safe assumption)
 
Last edited:
pimpampum said:
Under current circumstances, not on the slightest.

"Current circumstances" assume that the latest banwave was due to process detection, which seems to be the current consensus.

Perhaps the "little changes made to tripwire" do help. But that is a matter of opinion, since they can't or won't provide more information. What we know is that nothing real was found , just theories. And the "little changes" paragraph sounds too advertising to me.
Click to expand...


Ok, good we have ppl like you who put energy into this. I mysle f have no clue about stuff like this :)
 
roneo1 said:
You have no idea wtf you're talking about. The users who bot on their main are simply retarded, and that isn't even what comprises most of the bot population. People running bot farms are what make it up. And those people are happy to see banwaves, myself included. Less bots, more gold to be made, and covering the investment is done in less than 5 days usually. So no, HB is not dead, and won't be dead for a long time. It will however be less used by noobs on their mains, which frankly is also great, because a portion of those will resort to botters for gold. WIN-WIN-WIN
Click to expand...

Damn you're a tough guy! I bet you roll your cigs up in your sleeve!!!
 
I have another suggestion. Make the forums private. 1 so blizzard team cannot see them without buying a subscription.
Since I live close to Blizzard I always see blizzard employee at different restaurants and few times they were talking about things they have seen on this forum.
I also was caught in the ban.
I don't believe there will ever be able to beat the detection when the client connects to game.
Most likely I will never play Wow again so just a suggestion.
 
rebelyel2575 said:
I have another suggestion. Make the forums private. 1 so blizzard team cannot see them without buying a subscription.
Since I live close to Blizzard I always see blizzard employee at different restaurants and few times they were talking about things they have seen on this forum.
I also was caught in the ban.
I don't believe there will ever be able to beat the detection when the client connects to game.
Most likely I will never play Wow again so just a suggestion.
Click to expand...
foolish man
 
After 1 night of using HB after the banwave (on a new account) I got banned again. I guess i'll wait a while before I use HB again
 
chinajade said:
Just trying to stop a war before it starts...

The MAC address was designed for use in packet transport headers. MAC addresses in transport headers are replaced each time the packet changes networks [size=-2](e.g., leaves your LAN headed to the ISP)[/size]. So, Pimpampum is right in that the MAC addresses never 'escape' from your local network when used in transport headers.

However, there is nothing to prevent a program from capturing your machine's MAC address(es), wrapping it up in a data packet, and sending it to a server. Doing such a thing pretty much makes your machine 'uniquely identifiable'. [size=-2](We're not saying Bliz does this, but it is certainly possible for them to do this.)[/size]


MAC addresses are assigned by the manufacturer [size=-2](from a range specified for that manufacturer by the IEEE)[/size], and are universally unique [size=-2](for all time and space)[/size] to the ethernet adapter--whether it be Wifi or hard-wired. There are exceptions that can break the 'universally unique' contraint:
  • It is possible for devices to spoof a MAC address.
    You see this feature present on many routers.
  • There are programs that allow users to alter a machine's MAC address.
    This is just another form of spoofing.
  • VPNs and VMs will use a synthesized MAC address.
So in practice, the 'MAC address universal uniqueness' is not strictly true, but is a very reasonable assumption. Local 'uniqueness' must be guaranteed for you to have a functional network. So, at least on your local LAN, each MAC address—whether it be hardware-based, spoofed, or synthesized—must be unique.

'Clever' programs running on your machine can weed out all the synthesized and spoofed MAC addresses used by your box, and obtain the [size=-2](one or more)[/size] real, hardware-assigned MAC address. Keep in mind that if your machine is using a spoofed/synthesized MAC address, then you must have at least one hardware MAC address available. Most modern machines have at least two hardware MAC addresses—one for the wireless 802.11 adapter, and one for a wired 802.3 adapter. Most modern machines also have a Bluetooth 802.15 adapter.

It is these hardware-based MAC addresses that will be of interest to a 'clever' program—since they are guaranteed to be universally unique. Any one of these hardware-based MAC addresses can uniquely identify your machine. And, modern machines typically provide two or three to pick from. So, even if you've spoofed or synthesized a MAC address, it will be meaningless in the presence of a 'clever' program. And 'yes', there are techniques for obtaining this information that work even in the presence of VMs.


So in summary, both of you are correct...
Pimpampum is correct if the MAC address is used solely as it was designed to be used.
Demondog70 is correct if the MAC address is used in 'other ways'.

We are not addressing the 'bigger picture' here of whether this is actually done or not. Its just technically possible to use a MAC address to uniquely identify a machine.

Let's not get into a battle. :D

cheers,
chinajade
Click to expand...

I think ip6 sends more than ip4 it sends the mac adresss in ipv6
 
Why are the forums not private anyway? seems like the number1 thing to do at the moment?
 
thormx11 said:
After 1 night of using HB after the banwave (on a new account) I got banned again. I guess i'll wait a while before I use HB again
Click to expand...
Did you submit a report for this? We would all be interested in having more details of this new ban for a new account
 
8 Accounts invested same day as new release. 6/8 banned after 24 hours of botting. No suspension, permanently closed.
 
That happened to me on previous ban.....rafed a few accounts and started leveling. No botting at all both got banned for abuse of economy within the first week.

Apeal also was nogo......blizz can terminate an account whenever they want for whatever reason theu want.

Few weeks later i made a new bnet and rafed 48 toons to 90 over course of the raf window. (non bot use that time too). So really i just think its luck.
 
many new reports on ban section... maybe the forgot to enable tripwire or player reports?
 
Heomn said:
many new reports on ban section... maybe the forgot to enable tripwire or player reports?
Click to expand...

Orrrrrrr it's still just as detectable as they didn't fix it? /surprisedface

Botting community is in a bad way until they figure out how to hide the hook they're all yolo.

Hundred milly+ a month in revenue will attract some skills it appears.
 
but also many people started again (me included on the same battle.net as my banned account but not hardcore) and no problems so far.
 
Heomn said:
but also many people started again (me included on the same battle.net as my banned account but not hardcore) and no problems so far.
Click to expand...

Yeah. At this point is pure speculation.

But it would make sense for blizzard to focus on the botters that are going to make their "investment" return faster ( obviously, those gathering herbs and ores) and save the ones who aren't going to make a return that fast (levelers, routiners, causals....) for whenever they feel like it. Namely, next banwave, or next miniwave, whenever they choose.

What is really troubling is how fast this gatherers are being banned. Previously, unless you had a botting record in your machine / IP, they wouldn't instantly ban you, even when catching us blatantly botting.

Now it seems it is not the case. 1 single pass is enough to determine an account as botter and gg account.

I would certainly love to receive some kind of info from the buddy staff on the status. Even if its made of opinions. Whatever, to appeal the masses. To give us some sort of "its been worked on" feeling.

Their latest official message was as dissapointing as this blizzcon for d3 players. And that's saying a lot!


Btw. big thanks to all those "testers" who are spending their 50+ bucks in guinea-pigging for the rest of us. It's appreciated.
 
Last edited:
Status
Not open for further replies.
Back
Top