*Possible* methods of bot detection

[Taran32]

I didn't use a Garrison bot or plugin, As I said i used the garrison profile along with manually. The profile could only mine perhaps 4 of the nodes in the mines, Had to mine manually. There would be no routing pattern to detect. Lua maybe. And Yes 3 years ago,at the beginning of MOP, (I only gain pvp for a boost on new toons for raid gear, after the initial boost on gear I would not have any reason to go back to a bg) But in WOD I haven't. I have never botted Ashran, when it was new bots wouldn't run in ashran, and i used ashran for my pvp gear ( again for a fill in the gaps raid gear boost) at the start and never botted it. Haven't run BG buddy at all in WOD and gatherbuddy is a waste of time in WOD. I don't and haven't used AH bots. I tried using AH bots in MOP and it wasn't worth it, took too long to try and set them up and there wasn't enough support for the problems with it, so I didn't use an AH bot.

I am giving this information to try and help to figure out how bliz is detecting. Not to throw darts at people. You seem pretty defensive.

None of this detracts from Blizzard stating that HB was seen running on my computer.

The fix has to be easy, simply make us rename the exe that shows up on the computer when we turn it on.

I'm not intending to sound defensive (think you're misinterpreting what that words means anyway in this context) or to throw darts at you either, dude. I'm just pointing out that your account might have already been more scrutinized than you think based on your past botting practices, and things you might have gotten careless with recently got you noticed again. Put those two together, and Blizzard might have deemed your account worthy of harsher punishment. Just saying you need to consider that as a large possibility, despite those things happening "in MoP." As I mentioned previously, many of the users who lost accounts in the PQR banwave did so because Blizzard justified it by saying "You've been using this for a very long time. We have records going back 6 and 7 months." MoP ended not too long ago, as you very well know.

 

[Aion]

The representative said Honorably by name, I adamantly claimed I didn't have any other software on my computer and didn't even know what they spoke off. Then she said honorbuddy and i said I would run a scan but I was sure I wouldn't find anything and that they were mistaken somehow. She said that honorbuddy was running on my computer at the same time wow was up, not that it was attached or anything else. simply that it was on my computer running while I was on wow. I never mentioned botting at all she did, I never mentioned HB by name she did. She even explained that it was hard to set up, and that it wasn't an addon and more in detail. She pretty much educated me on botting when I asked her why my malware software never found it. I will still claim that I wasn't boting and didn't ever have a bot if it ever comes up again. I never used it like others. I used it very little. Again you need to read what I said before you accuse me of being tricked.

How did my other game get banned if they didn't see it on my computer? This is why I was asking about the LUA. And this whole conversation was after my second account was banned. I had appealed the action for both accounts.

I am giving this information to try and help to figure out how bliz is detecting. Not to throw darts at people. You seem pretty defensive.

None of this detracts from Blizzard stating that HB was seen running on my computer.

The fix has to be easy, simply make us rename the exe that shows up on the computer when we turn it on.

Rowman598, again - this scenario you describe, while chatting with the Blizzard representative is unlikely to be happened. But if it does honestly had taken place, then you were badly trolled, indeed, and again you seems to had became victim of the Blizzard representative's social engineering skills for the following reasons:

1. Blizzard do not have legal possibility on their own to check if certain customer run certain applications on their computer systems. I underlined "on their own", because if any customer "in his free will" give them such information, they could use it, of course: Like sending Blizzard screenshots, Dxdiag logs, Crash dumps or similar.
That way they could legally acquire information, which could used them at their favor - For example, that you were running Honorbuddy, while dumping DxDiag logs.

2. The way, common users think that Blizzard do perform scans on your RAM or Hard Drive for botting software is not technically possible again, because they have to do it with their own client software only which is installed on the customers computers.

These scanning methods have to be either pre-coded and embedded within the client software, or sent online on-the-fly like the famous dynamic Warden modules, but both of the above are monitored, debugged and reversed virtually by thousands of individuals, a few of which have developer experience and background, much superior than the one Blizzard developers together have.

So if Blizzard do unofficially try and obtain any information from its customers outside their legal playground borders, the following will happen:
- The fact with its corresponding details will be recorded and leaked to the public by numbers of individuals, usually almost in the same time.
- It will get targeted on various social networks and forums in matter of hours.
- Sooner or later it will get into the radar of the thousands of organizations or individuals, which do make their living off filling class suits vs corporations in their home countries. Usually those would be not even aware what "World of Warcraft" stands for, but they do not need to, they just need opportunity to make their living!

 

[shelaine]

Nevertheless, the confidence Blizzard has been showing for a week now is scary. no matter what.

rowman is not the only one reporting about such (or similar) conversations with Blizzard during this week. Actually, most of the people who describe their appeal are talking about similar conversations. I personally was next to my roommate when he called Blizzard, and while the GM didn't mention HB directly, the essence of the conversation was similar to what rowman wrote. they are shit damn confident. and while I agree that spreading panic is a possibility, I still do not believe that a company of that size would flat out lie to every (!) customer trying to appeal. It might be that they exaggerate a bit, but the core of what they say, the terrible confidence in how and what they talk about, and the confidence in rejecting any appeal is alarming.

I did a lot of appeals in the past, - I never had a Blizz employee being that confident, or talking like that at all. Ever. This is new. And they pretty sure don't do it "just like that."

 

[pimpampum]

Imtakingusrs, will all due respect, you couldn't be more wrong.

Your comments in the previous post are so utterly out of touch with reality.

"These scanning methods have to be either pre-coded and embedded within the client software, or sent online on-the-fly like the famous dynamic Warden modules, but both of the above are monitored, debugged and reversed virtually by thousands of individuals, a few of which have developer experience and background, much superior than the one Blizzard developers together have."

Thousands means less than 20? Even then, the good ones, will get hired by blizzard to fuck us. That's the way it works.


Your consideration about what would happen if Blizzard "do unofficially try and obtain any information from its customers outside their legal playground borders" is absolutely insane.
Perhaps you have seen a comercial of those attorney firms that "wanna defend your rights" if you have suffered X or Y illness, and think they would be interested in this sort of legal facing Blizzard?

There's no money in here for them. Blizzard is not gonna pay 1 million dollars for each computer they had invaded.

It seems to me that you have strong ideals and a quite utopic sense of justice. May you keep it for long! Normally life tends to correct that on its own. Life is money, buddy.

 

[Aion]

Imtakingusrs, will all due respect, you couldn't be more wrong.

Your comments in the previous post are so utterly out of touch with reality.

"These scanning methods have to be either pre-coded and embedded within the client software, or sent online on-the-fly like the famous dynamic Warden modules, but both of the above are monitored, debugged and reversed virtually by thousands of individuals, a few of which have developer experience and background, much superior than the one Blizzard developers together have."

Thousands means less than 20? Even then, the good ones, will get hired by blizzard to fuck us. That's the way it works.


Your consideration about what would happen if Blizzard "do unofficially try and obtain any information from its customers outside their legal playground borders" is absolutely insane.
Perhaps you have seen a comercial of those attorney firms that "wanna defend your rights" if you have suffered X or Y illness, and think they would be interested in this sort of legal facing Blizzard?

There's no money in here for them. Blizzard is not gonna pay 1 million dollars for each computer they had invaded.

It seems to me that you have strong ideals and a quite utopic sense of justice. May you keep it for long! Normally life tends to correct that on its own. Life is money, buddy.

Everyone is free to think and assume anything, but the common sense and the practice usually delivers more than any assumption!

About Blizzard "hired the best professionals" is a good but delusional assumption - this question is too complex and even off-topic to discuss it here, indeed.

About the attorneys "example", again people tend to follow common customer fashions, but here in Europe we have different approach about such violations and thankfully, Bossland still stand against Blizzard's offensive after 3+ years, which I guess could not be happened in US for example.

TLDR: Think outside the box, and you will got it!

 

[rowman598]

Why is everyone forgetting that in the tos we give Blizz permission to scan our computer if they wish to. It is not illegal for them to do so no matter what lawsuits happened in the past. In the tos they have permission to do it, and we agree to it when we log on.

And yes Blizz named hb by name to me. said it was running on my computer. not that it was attached to any game just up and running.

If Imtakingusrs or anyone knows so much then find a way to keep hb from being recognized on my computer. You could even find a way to get banned or use a banned account and try and get it back talk to a representative, play stupid about botting and see what they tell you.

 

[Poptarts]

Just a note for future readers, the moment some barely sentient teenager comes in to say "b,b,but the ToS/EULA!" I suggest putting them on ignore, as everything else coming out of their mouth is likely to be a stream of mind poison.

EULA's are large, vague documents used to cover a companies ass. They're very broad and would be very much in violation of a lot of laws if enforced as-is. Having someone "sign" one doesn't make the illegal legal, Blizzard cannot skirt security and privacy laws just because they say they can. Given the way EULA's tend to be worded, there's probably a clause in there that they claim ownership over your payment method and the terminal you use to log onto Battle.net as well.

 

[Tarathiel2]

How many times do we have to repeat that a section of ToS is irrelevant if it conflicts with local law? If your country's laws say it's illegal, then it is illegal. No ifs and buts.

And of course the Blizzard employee is going to tell you that you used HB, since it's the most popular bot, so he has a high chance of guessing right. But that's all he's doing: guessing. Try using and getting banned with a different bot, he's still going to tell you that you used HB.

HB is not detected and you're falling for the lamest social engineering tricks.

 

[Gentoo]

Blizzard cant go against the law and scan what programs we are running unless they really want to get another lawsuit.

Ever wonder why they don't SHOW you proof you were botting? They can do whatever they want, what are you going to do about it?

 

[Poptarts]

How many times do we have to repeat that a section of ToS is irrelevant if it conflicts with local law? If your country's laws say it's illegal, then it is illegal. No ifs and buts.

And of course the Blizzard employee is going to tell you that you used HB, since it's the most popular bot, so he has a high chance of guessing right. But that's all he's doing: guessing. Try using and getting banned with a different bot, he's still going to tell you that you used HB.

HB is not detected and you're falling for the lamest social engineering tricks.

No bro, they can totally scan your whole PC, see all of your personal information, work documents, sensitive programs, etc and feed it ALL to low level grunts to protect their video game! They can violate the most sensitive privacy laws out there and do whatever they want, because I'm an asshole on a message board and I think I know something!

Remember when Chrome came out and basically said they owned your bank account if you clicked yes? That's why I'm broke now, bro! They took my money!

 

[pimpampum]

Ever wonder why they don't SHOW you proof you were botting? They can do whatever they want, what are you going to do about it?

That is a concept many people here are not willing to accept.

Blizzard could do whatever scan they wanted, and we could never realise it (if done adequately).

Furthermore, the ToS against local law some people here are claiming as true is absolutely debatable in Internacional law. Chances are it would drift into a court up-jurisdictional issue that could never be clearly solved.

I'm not even sure why I'm trying to explaing this, as in the next 5 posts someone will come and say "but but but ToS is against my law". They heard it once, never understood it, but hey it makes them so safe. Lol.

 

[Aion]

That is a concept many people here are not willing to accept.

Blizzard could do whatever scan they wanted, and we could never realise it (if done adequately).

Furthermore, the ToS against local law some people here are claiming as true is absolutely debatable in Internacional law. Chances are it would drift into a court up-jurisdictional issue that could never be clearly solved.

I'm not even sure why I'm trying to explaing this, as in the next 5 posts someone will come and say "but but but ToS is against my law". They heard it once, never understood it, but hey it makes them so safe. Lol.

Me and you definitely, but here the Tripware take place, and work 24/7 for our security.

Of course it cannot save us from the server side behaviour analysis and heuristic techniques, which do successfully flag&take down quite a few bots in the last years.

But that's the way it is!

It cannot save us from our own mistakes too, like sending DxDiag or Crash reports to Blizzard while Honorbuddy is running, but whatever, we needs moments to laugh at ourselves too, don't we?

 

[pimpampum]

Tripware take place, and work 24/7 for our security.

I do not know enough about the Tripwire mechanism to give my estimation on it.

Just to speculate, afaik tripwire looks for changes in Warden, and if found, instantly disconnects all Hb clients until further checks are done. But , what would happen if blizzard choose to put some detection somewhere else? Knowing that they normally use Warden, would this system still works if the change was made in any other part of the wow code?

I've always appreciated Apoc's honesty. It has ever been refreshing compared to other developers way of acting. Now, you can go and check last post on him. He, at the very least, ackowledges the issue, and I'm sure you can find more information implicit in his post.

 

[DeathKnight]

I put my 2 posts.... ERRRRR cents sorry.

0) So playing in windowed/32b/ctm is forbidden.
1) That's a good point. has been there for now shit ton of years tho.
2) Every official addon makes lua calls... You get the point.

admin I request you close this thread due to pure speculations and only giving the third party on how this bot operates I think the one who post this thread didnt take that into consideration, thanks

 

[Tyrantp]

you are assuming everyone who uses HB uses these forums. I am the only one out of 6 botting friends who has posted here. I would guess a very small % of botters visit here regularly and even less post when they are banned.

I'm the only one of our small group who even knew these forums existed, I had to walk a few friends through setting theirs up lol. The point still stands though, I downloaded like over 200 profiles/bots etc. Was able to use under 10 of them before suspended on my 'main' account, these included ashran farming, daily quest farming, garrison whatever once or twice (though it bugged and never worked so I stopped). However, when I was suspended...it was less than an hour after running a simcraft perfected (I say perfected as in I made a simcraft loadout personalized to my toon) in a LFR. I assumed, due to the timely nature of the suspension the CR was to blame. I drove to my brothers, 45 minutes away in another city. Payed him 20$ (what he payed for the account) and downloaded HB, simcraft raidbot, and made a profile. His shaman made it 20 minutes into a LFR before he was banned. I even checked default plugins to be 100% safe. From a scientific standpoint I removed EVERY variable possible except a combat routine in a raid, this to me is confirmation it isn't safe. Do I blame anyone on these forums or HB devs? Hell no, I hack or script or buy a bot for every mmo I play, it's the only option for some one with a job and kids that wants to play at the top.

Why anyone keeps assuming every person banned had illegitimate HB or is trolling or just an idiot running speed or /godmodeon hacks is silly imo.

Will I play WoW again? Probably not, everquest has a class server coming out soon.

If I did play WoW again would I load HB again? Probably, but I wouldn't use a combat routine.

 

[JUANNY]

I'm the only one of our small group who even knew these forums existed, I had to walk a few friends through setting theirs up lol. The point still stands though, I downloaded like over 200 profiles/bots etc. Was able to use under 10 of them before suspended on my 'main' account, these included ashran farming, daily quest farming, garrison whatever once or twice (though it bugged and never worked so I stopped). However, when I was suspended...it was less than an hour after running a simcraft perfected (I say perfected as in I made a simcraft loadout personalized to my toon) in a LFR. I assumed, due to the timely nature of the suspension the CR was to blame. I drove to my brothers, 45 minutes away in another city. Payed him 20$ (what he payed for the account) and downloaded HB, simcraft raidbot, and made a profile. His shaman made it 20 minutes into a LFR before he was banned. I even checked default plugins to be 100% safe. From a scientific standpoint I removed EVERY variable possible except a combat routine in a raid, this to me is confirmation it isn't safe. Do I blame anyone on these forums or HB devs? Hell no, I hack or script or buy a bot for every mmo I play, it's the only option for some one with a job and kids that wants to play at the top.

Why anyone keeps assuming every person banned had illegitimate HB or is trolling or just an idiot running speed or /godmodeon hacks is silly imo.

Will I play WoW again? Probably not, everquest has a class server coming out soon.

If I did play WoW again would I load HB again? Probably, but I wouldn't use a combat routine.

good info that brings to light a very legitimate question-since the buddystore came into play recently and a number or crs and profiles are streamed through the store-how well do the HB developers check the streamed products for possible coding sloppyness that could lead to a detection-are they even screened? How much falls on the store for making them available or the product developer for a possible unsafe product. BTW i was suspended for 6 months while in a BRF raid using demonic premium-i dont gold grind nor did i use the garrison suspected profiles

 

[shelaine]

admin I request you close this thread due to pure speculations and only giving the third party on how this bot operates I think the one who post this thread didnt take that into consideration, thanks

well, the reason behind this thread and this subforum is to speculate/discuss. And it's great that the staff gave us a place where we can do this. If you don't like discussions or can't handle other opinions, just ignore the thread.

 

[Weird0]

now i am sure that with a probability of 99% this is just some weird coincidence but everytime i am starting up hb for my weekly cr usage (enyo + yrb2) suddenly the people in my raid complain about "sudden lag"

anyone else noticed this or is this really just a super weird coincidence ?

 

[Aion]

now i am sure that with a probability of 99% this is just some weird coincidence but everytime i am starting up hb for my weekly cr usage (enyo + yrb2) suddenly the people in my raid complain about "sudden lag"

anyone else noticed this or is this really just a super weird coincidence ?

There is noticeable lag here and there recently, with or without your CR, then I really doubt you are the only one, using CRs in raids, even in your group!

Plus, YRB2 is pretty nice CR too.

Coincidence or not, but I do not remember seen ban reports for using it and I read quite a few reports in the last week!

 

[Mario27]

now that we have heard from the 60 people who were banned only using Enyo and a CR, i'd like to hear from the 19,940 people who didn't get banned.

i didnt got banned and i questbot and use enyo for my private routines but i do got banned quite alot 6 7 months ago.