After reading a lot of posts about detection, something keeps annoying me about the way some people think it's done.
Detection doesn't happen as the process level, it literally scans the memory of the WoW client for injection/hook points. Blizz could care less what applications you've got open or what the process happens to be called or whether or not its 32/64 bit. An injection point would be bypassing the native client interface to trigger an event that would otherwise only be accessed by the client itself. By not interacting with the client (eg: sending keystrokes/clicking things) and performing these actions through the memory hook, there's a possibility of detecting that you're bypassing the client and sending it directly to memory (injecting). A detection "vector" as you may have seen mentioned, is just another method they've added to scan a for a new injection point. When HB detects that they've added a new "detection vector," they have to figure out a workaround to do the same thing without hitting that specific detection point. The same happens on reading memory to get details like distance from enemy, health values, etc. A banwave occurs when HB team fails to identify or fully understand the new method they're using to scan whatever injection point. According to bossland, Blizzard adds "detection vectors" pretty often and when they're found, it prevents another banwave.
Next thing is tripwire. So, tripwire may have, at one point, had a way to detect when HB was being targeted and fire an API to trigger tripwire, but I've seen no evidence that it works that way now. It seems to me that tripwire is nothing more than a way to prevent the community from shooting themselves in the foot. From what I see, it's not being used as anything more than a manual on/off switch or "oh shit" button to prevent people that don't troll forums every day from getting affected.
Last thing is GMs. So, GMs are typically underpaid helpdesk workers with limited IT experience, probably most in college or fresh out of college. All they do is ticket farming and have a pre-determined set of tools provided to them to do their job from development. These tools are all likely web-based and provide limited/no visibility into logs, account activity, or really anything of relevance other than what their tools can grab for them. Like any call center/help desk, the front line people aren't authorized to do much. Think about when you call your credit card company and ask for something, you'll normally have to ask for a supervisor or wait for a supervisor to approve. It's the same concept. So, who you're talking to likely has no idea about what you're even talking about, how the game works, or even what botting entails other than it's "bad." When you open a Blizzard ticket, it takes you to a portal where you select different categories. Depending on the category, the team will have different tools and different authority levels. Long story short, don't ever take anything a GM tells you for anything remotely close to factual, they have nothing to do with WHY or HOW they get the ticket to "investigate." They get a ticket in their queue, look at the description, run a tool that tells them what to do, and copy/paste you a generic "fuck you" email or close the ticket as "no trouble found." Another tip is to ALWAYS try to talk to someone in sales over any other department. They have the most authority/tools. Regardless, don't count on a ban/suspension reversal, a that would take escalation, which would take work, and we all know millennials are lazy pieces of shit
Furthermore helpdesk SLAs are around time to closure so they're actually encouraged to avoid escalations to reduce ticket open times and time to resolution (KPIs in the support world).
Just wanted to share my experiences with ya. Hope it helps.
defnottabot
