[Official] Demonbuddy Auth after Banwave

[eQQ]

I would like to share something here, perhaps it will help you, developers. My friend got banned and after writing an heart-breaking appeal he got somewhat different answer from GM, perhaps the guy simply felt the need to describe the ban in more details as he felt bad about the situation or perhaps you have seen such reply before, but as far as I can tell, this is not ordinary ,,fuck u'' msg :

Dear xxxx,

I apologise that I could not get to you any sooner but I have taken a closer look at your account.

Here are my findings:

Your account has been banned for using 3rd party programme, or any other game exploit, found and verified in your logs in past 2 weeks while only domestic IP had access to this account.

As we do not approve such action, your account will not be overturned and will remain banned. This conclusion is based on gathered evidence in logs.

Please, keep in mind that your account was not compromised at the time, and if any of your friends or family members but you, used such tool, we do take an actual action against the account, not the person and such account takes full responsibility for found evidence.

You can view our stance for any kind of 3rd party programmes in Terms Of Use and The End License Agreement as well.

I am really sorry for your disappointment in this matter and apologise for any inconvenience caused by my reply.

Kind regards,
Game Master Agnantkuz
English Game Master Team
Blizzard Europe

Hope it helps

 

[raphus]

What prevents Diablo3 look at the description of the processes and expose all of your tricks?
Demonbuddy is not protected from a simple scan from Diablo 3.
Renaming a file does not solve the problem.
This is a good way to get banned.

See the example on the picture:
View attachment 74606

Blizzard can't scan running processes or RAM out of the game itself. They can't as its a violation of privacy.

They used to do it back in time with WoW and they had to back after a big shitstorm and possible legal cases.

More info which is still valid for current version of Warden: Warden and 'The Governor'

 

[ad3ddd]

Meh meh mh i wanna botttttt meh meh meh
i know i gotta be patient, but i wanna bot. As someone around here wisely said, botting is highly addictive..

 

[addiktion]

A few good recommendations in here. The truth is we should always be pursing to make DB as human-like as possible to prevent increased detection methods. The happier DB customers are, the more likely they will stick around and recommend it to friends to purchase and purchase more licenses. Obviously with increased exposure comes increased methods at stopping us too, so its a constant battle.

1. Heatmaps are especially important to look at. I think they can pick up on the bot clicking similar locations within a profile. A lot of people may run random profiles, but the clicking zones are largely the same.
2. I agree with others that trying to activate WP's that you don't have is a big indicator of a bot.
3. Not opening the inventory to ID things could be an easy trigger to watch for.
4. Items IDing can be an issue too. I think adding a delay after massive amounts of IDing would be helpful. I know some people don't like that, but most real humans actually check their items before they sell. Selling to different vendors may help, but what may work better is simply moving the bot to slightly different locations when the IDing takes place. It doesn't have to be major, but having the bot I.D in the exact same place could surely be an easy way to setup some type of trigger for detection.
5. Adding actual delays in the game run itself; not just the delay time to create a game. Assuming the bot is stream rolling well and efficient, it will have very similar game time creations and run times. This is easy data for Blizzard to access as they already add up your time played. Human's just don't run this accurate a lot of the times unless the runs are shorter and very specific.
6. Skills repetitive nature could be an indicator, but maybe less so.

Keep in mind that 3 (maybe more) bots got hit here in this last ban wave so their detection is universal to all these bots. I'm leaning more towards heat mapping, items/item IDs/inventory, run times, Auction House patterns, GPH/XPH/RMAH, and accessing WP's you don't have. Once you combine several indicators, you start to become an easy ban target. Simply adding a point system and having someone investigate each account that is iffy to make sure you do not ban legit players but are still actively targeting bots. If you meet enough criteria, its a fast ban as you are way above the human threshold.

So it could work like this (simple model):

50 points = flag for review
80+ points = definite ban now (or later)

25 points = 24/7 over long periods of time.
20 points = trying to create a game for a WP you do not have and receiving that error message. Legit players cannot do this, so it should probably be a instant flag.
10 points = Identical click locations on maps / regular map runs identical in run times and map cycles.
10 points = IDing in the same location all the time / not opening inventory to sell
10 points = warden detects an overload of inputs from client that aren't humanly possible. I've seen DB lock up D3 before doing this and it wasn't until I stopped DB, that it resumed.
5 points = constantly selling gold/items on RMAH
5 points = software crashes and reports strange non-legit behavior regularly
etc, etc, etc

Blizzard has a large data pool of legit users, so the key is to making them look identical to that as much as possible. Obviously each player plays different so its not as easy as it seems to mimic legit players. The more people botting the same profiles/skills/efficiencies/run times/gph/xph/heatmaps is an easy target to stand out in the data and ban that.

 

[antrox]

thx to you. every1 who read ur post in now dumber. god may have mercy with ur soul -_-....

 

[thebeaver]

I wanna bot :'(

 

[babosasa]

I would like to share something here, perhaps it will help you, developers. My friend got banned and after writing an heart-breaking appeal he got somewhat different answer from GM, perhaps the guy simply felt the need to describe the ban in more details as he felt bad about the situation or perhaps you have seen such reply before, but as far as I can tell, this is not ordinary ,,fuck u'' msg :

Dear xxxx,

I apologise that I could not get to you any sooner but I have taken a closer look at your account.

Here are my findings:

Your account has been banned for using 3rd party programme, or any other game exploit, found and verified in your logs in past 2 weeks while only domestic IP had access to this account.

As we do not approve such action, your account will not be overturned and will remain banned. This conclusion is based on gathered evidence in logs.

Please, keep in mind that your account was not compromised at the time, and if any of your friends or family members but you, used such tool, we do take an actual action against the account, not the person and such account takes full responsibility for found evidence.

You can view our stance for any kind of 3rd party programmes in Terms Of Use and The End License Agreement as well.

I am really sorry for your disappointment in this matter and apologise for any inconvenience caused by my reply.

Kind regards,
Game Master Agnantkuz
English Game Master Team
Blizzard Europe

Hope it helps

Indeed this may help, thx!

 

[botleone]

Hi, i wanna share this to you, i survived from banwawe, all my 22accounts. Many paragon 100, have been botting 24/7 many months, have automated batch scripts and so.. But how to do it ->

Just simply get hexeditor, and do the renaming job again.
Yes renaming the demonbuddy.exe file helps, but it means that you must RENAME also all the plain text in the file, so text data inside demonbuddy.exe, MUST be changed! replace Demonbuddy -> Itwillwork or something similar.

Now you are running program Itwillwork.exe and if you look the properties you have Itwillwork in there.
Also remember to change dll file names to correct ones.

Remember november@ anonymous

jay wilson = u failed.

 

[Botishe]

Hi, i wanna share this to you, i survived from banwawe, all my 22accounts. Many paragon 100, have been botting 24/7 many months, have automated batch scripts and so.. But how to do it ->

Just simply get hexeditor, and do the renaming job again.
Yes renaming the demonbuddy.exe file helps, but it means that you must RENAME also all the plain text in the file, so text data inside demonbuddy.exe, MUST be changed! replace Demonbuddy -> Itwillwork or something similar.

Now you are running program Itwillwork.exe and if you look the properties you have Itwillwork in there.
Also remember to change dll file names to correct ones.

Remember november@ anonymous

jay wilson = u failed.

Its kinda hard to trust you with 4 posts, but well, can you explain what do you mean "Also remember to change dll file names to correct ones" please?

 

[botleone]

if theres something called demonbuddy.sadasda.dll inside folder wheres your db is located. or some other file, When you do the renaming to itwillwork it also renames the file paths. So those must be "synchronized"

 

[antrox]

Hi, i wanna share this to you, i survived from banwawe, all my 22accounts. Many paragon 100, have been botting 24/7 many months, have automated batch scripts and so.. But how to do it ->

Just simply get hexeditor, and do the renaming job again.
Yes renaming the demonbuddy.exe file helps, but it means that you must RENAME also all the plain text in the file, so text data inside demonbuddy.exe, MUST be changed! replace Demonbuddy -> Itwillwork or something similar.

Now you are running program Itwillwork.exe and if you look the properties you have Itwillwork in there.
Also remember to change dll file names to correct ones.

Remember november@ anonymous

jay wilson = u failed.

everyone who read your post is now dumber. god may have mercy with your soul -_-

 

[Vidars]

everyone who read your post is now dumber. god may have mercy with your soul -_-

Agreed. Renaming doesn't do shit, if they even were scanning outside of D3 process, MD5 checks you idiots. As it is, they're not legally allowed to scan outside of the D3 process so for the love of god, shut the fuck up about it.

 

[Quadro.Tony]

thx!!! i will rename and will never get ban again

 

[ezpwnd]

There are currently 75 users browsing this thread. (16 members and 59 guests)

yeah!

 

[FyM]

Hope the update comes out soon , waited a day yesterday for it haha .

 

[Cem]

please change the forums to make 95% of it private to paid users

 

[Barthos]

please change the forums to make 95% of it private to paid users

I support this idea!

 

[NHK]

Blizzard can't scan running processes or RAM out of the game itself. They can't as its a violation of privacy.

They used to do it back in time with WoW and they had to back after a big shitstorm and possible legal cases.

More info which is still valid for current version of Warden: Warden and 'The Governor'

I've read this topic: http://www.thebuddyforum.com/demonbuddy-forum/97258-statement-blizzard-gamemaster-ban.html
And Blizzard GM said (in German):
W?hrend der Diablo III (der Client) ausgef?hrt wird, kann der Client den Arbeitsspeicher (RAM) Ihres Computers und / oder die CPU Ihres Computers nach nichtautorisierter Drittanbietersoftware scannen, die zeitgleich mit Diablo III ausgef?hrt wird. Dar?ber hinaus wird der Client das Spielinstallationsverzeichnis scannen, um sicherzustellen, dass nur nicht-gehackte Originalsoftware verwendet wird. Der einzige Zweck dieses Scanvorgangs ist es, sicherzustellen, dass unsere Spieler in einer cheat-freien Umgebung spielen. Die Bezeichnung nichtautorisierte Drittanbietersoftware, wie sie hier verwendet wird, bezieht sich auf jegliche Drittanbietersoftware inklusiver s?mtlicher Add-Ons oder Mods, die im eigenen Ermessen von Blizzard Entertainment

This is exactly the opposite of your statement - that client's RAM and CPU can be scanned for non-legit 3rd party software.
Why would a German GM deliberately misinform dsrmatze? Or just to frighten users?

 

[antrox]

I've read this topic: http://www.thebuddyforum.com/demonbuddy-forum/97258-statement-blizzard-gamemaster-ban.html
And Blizzard GM said (in German):
W?hrend der Diablo III (der Client) ausgef?hrt wird, kann der Client den Arbeitsspeicher (RAM) Ihres Computers und / oder die CPU Ihres Computers nach nichtautorisierter Drittanbietersoftware scannen, die zeitgleich mit Diablo III ausgef?hrt wird. Dar?ber hinaus wird der Client das Spielinstallationsverzeichnis scannen, um sicherzustellen, dass nur nicht-gehackte Originalsoftware verwendet wird. Der einzige Zweck dieses Scanvorgangs ist es, sicherzustellen, dass unsere Spieler in einer cheat-freien Umgebung spielen. Die Bezeichnung nichtautorisierte Drittanbietersoftware, wie sie hier verwendet wird, bezieht sich auf jegliche Drittanbietersoftware inklusiver s?mtlicher Add-Ons oder Mods, die im eigenen Ermessen von Blizzard Entertainment

This is exactly the opposite of your statement - that client's RAM and CPU can be scanned for non-legit 3rd party software.
Why would a German GM deliberately misinform dsrmatze? Or just to frighten users?

there is nothing wrong with it. warden scans processes which are interacting with diablo 3 directly. so whats up!? its allowed and completely OK.

 

[raphus]

Demonbuddy doesn't interact with diablo 3 directly, thats the point.