What's new
By:
  • Visit Rebornbuddy
  • Visit Panda Profiles
  • Visit LLamamMagic
  • Visit Resources
  • Visit Downloads
  • Visit Portal

Current Warden Scans

Apoc said:
Good thing we don't load any modules in the process, and warden can't see our allocs!

Edit: Just posting this to avoid confusion in the future.

1) No buddy product injects any library (or even loads one in the target process), so that part of the "*Buddy is detected" line is pointless.

2) None of our memory allocations are detectable by Warden, unless they drastically change how Warden works. (If they ever do, we can easily get around that as well, at the cost of a slight performance loss overall)
Click to expand...


Apoc so youre saying DB is still undetectable?
 
obliterate said:
Apoc so youre saying DB is still undetectable?
Click to expand...

Correct me if i am wrong...
I have read that...
the DB bot ITSELF is undetectable. (Bliz checking RAM/Warden)
That DOES NOT mean that bot reoccurring actions are not... (same way points, specific vendor sells, TP force, whatever, etc.) <-this is currently undefined and up for debate.

-So yes and no.
 
ZoiD answer again in his forum he still says:
This looks like an injected library to me... even if it's manually mapped, it's still injected.
Bkjkf.png


Thx, nice bot. Btw, There is only 1 warden module, but yes some scans have been omitted to keep the post relevant.

Look there is no e-peen here, that is difficult to express without a lot of verbose (losing track of what matters). It's just everyone needs to get their head out of the sand and stop pretending Warden cannot see them.

The last major banwave in Starcraft 2 was cause by a hack not cleaning up the thread entry-point into a manually mapped library. It was only a handful of bytes in size yet it got countless people banned, proving Blizzard will target any hack trail, no matter how large.

Your hack can pretend to be whatever you want it to be, but at the end of the day Blizzard only need to target a handful of rogue bytes in their process to issue a ban wave.

The combined warden scan count hits 137, It's very naive to just assume all those scans are for maphacks/zoom hacks and not the most popular bots online.

Solution? Study the DLL I posted up, or PM me privately for advice. Once you have established 100% that warden cannot see you, then you can focus on the server-side detection mechanisms. Guess work and debating isn't going to secure bots against Blizzard.
Click to expand...

a bit confused :/
 
For lazy people the reply by Apoc:

What you're seeing is our EndScene hook (which... countless programs do). We randomize our hook code so sig scans don't really work all that well. We've even messed with Blizzard (and other companies) by ensuring parts of our code "matched" legit programs, so they'd get false positives if they ever sig scanned it. (Some companies fell for it... idiots...)

We don't pretend Warden can't see us, we're well aware of its capabilities. (We had a fun laugh when we saw the actual D3 warden, and how simplified it was from the WoW/SC versions)

We actively check all the scans Warden has (yes, all of them) to ensure none of them tread on our security. (Most of them are actually some... weird scans, as you've seen)

No matter what we do client side (even just flat out disabling Warden all together [which is possible by emulating it]), server-side detection will still be the end-all detection mechanism. Hopefully we'll get that "fixed" soon as well, but that's the tough one to fix.

Anyhow, feel free to PM me if you want further discussion.
Click to expand...

Nothing to worry about, they know what they do, keep on botting.
 
buzzerbeater said:
For lazy people the reply by Apoc:



Nothing to worry about, they know what they do, keep on botting.
Click to expand...

There is still the server side detection to worry about dude. That is getting so many people banned
 
Apoc said:
Not a shootout. Just an exchange of information. :)
ZoiD is very smart, I have nothing bad to say about him.
Click to expand...

Then you guys should hire him :) ALthough it seems like you are a bit smarter than him lol
 
jinny1 said:
Then you guys should hire him :) ALthough it seems like you are a bit smarter than him lol
Click to expand...

Not just me. We have at least 2-3 people with full working knowledge of Warden. But we do know what we're doing folks! If there is a problem that we somehow overlooked, our tripwire should kill our bots anyway. We do some "sneaky" stuff to detect when Warden is scanning anything related to our products, and will kill them within 45 seconds of that happening. I can't say more than that though. :)
 
Apoc, I'm slightly confused if your not injecting a dll, how are you going about pushing calls onto the stack. I am not as knowledgeable as yourself or Zoid, but I do know the basics (i.e. how an exe is structured, base addresses, dll injection to push params to the stack and jmp to an offset etc), and a little bit beyond the basics.

I am just trying to learn more; if you have the time shot me a PM, if you don't have time NP.
 
xsol said:
Apoc, I'm slightly confused if your not injecting a dll, how are you going about pushing calls onto the stack. I am not as knowledgeable as yourself or Zoid, but I do know the basics (i.e. how an exe is structured, base addresses, dll injection to push params to the stack and jmp to an offset etc), and a little bit beyond the basics.

I am just trying to learn more; if you have the time shot me a PM, if you don't have time NP.
Click to expand...

Injection... without injection. :)
 
Apoc said:
Injection... without injection. :)
Click to expand...

I thought you would say that... I just didn't know if that would work the way I think it could. I need to stop playing so much and study more.
 
Well, i am still botting.. my delay is between 5 and 43.. it slowed my GPH.. who cares it made me now 1m gold :D
 
Last edited:
BuddyTeam has always been good with warden. No worries guys, bot hard. Only thing to worry about is the server side "detection" thing. Btw to be honest I think BuddyTeam has the warden guy from the "never been detected WoW Hack" (doesn't exist anymore) which name I'm not going to mention here.

Anyway great work BuddyTeam :)
 
his logic doesn't add up, why would he put it in a code box...

when he could of sent the link?

abit fishy.
 
You must log in or register to reply here.
Back
Top