What's new
By:
  • Visit Rebornbuddy
  • Visit Panda Profiles
  • Visit LLamamMagic
  • Visit Resources
  • Visit Downloads
  • Visit Portal
RebornBuddy Forums

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Suspicious signs in game similar to last ban wave.

Status
Not open for further replies.
WTB A Noob

WTB A Noob

Member
Joined
Oct 23, 2012
Messages
135
Hey guys, Last ban wave me and a few others noticed the game showed the background down loader symbol (the green circle at top of the screen) when no patch was being downloaded in the back etc.
Just now when I attached my bot I seen the green circle pop up like a background patch was being downloaded. No patch has popped up, nothing is downloading. I immediately closed the bot and the green circle disappeared and didn't return.

I don't have anything to confirm if this means anything but its a thing some members here noticed last time, so just a heads up or perhaps take a look into it or share thoughts?
Im going to stop botting for a bit and wait things out.
 
I don't see anything wrong with sharing information gathered. be it right or wrong. It might be useful to be on the lookout for things. as I have never experienced this without the bot.
 
best guess...

You renamed your wow-64.exe file to launch the 32 bit wow and your b.net app is re-downloading the correct file.

This happens to me every time I use b.net.
 
phazeshifta123 said:
best guess...

You renamed your wow-64.exe file to launch the 32 bit wow and your b.net app is re-downloading the correct file.

This happens to me every time I use b.net.
Click to expand...

I did not sir. and my client/game was open for a few hours before i started the bot.
 
WTB A Noob said:
Hey guys, Last ban wave me and a few others noticed the game showed the background down loader symbol (the green circle at top of the screen) when no patch was being downloaded in the back etc.
Just now when I attached my bot I seen the green circle pop up like a background patch was being downloaded. No patch has popped up, nothing is downloading. I immediately closed the bot and the green circle disappeared and didn't return.

I don't have anything to confirm if this means anything but its a thing some members here noticed last time, so just a heads up or perhaps take a look into it or share thoughts?
Im going to stop botting for a bit and wait things out.
Click to expand...

tks for sharing
 
The definition of insanity is trying the same thing over and over expecting different results.

That beeing said.

I've been banned twice now, lived through 1 suspension and now another one.

So i got a new account and stopped botting.

In the current user agreement you consent to let the wow client scan your ram for 3rd party programs, so there's that.

Blizzard isnt a bunch of noobs nor amateurs, they what they are doing and I guess at some point they decided they dont want bots in their game. And honestly, they are doing a pretty good job. I have searched and searched for alternatives to HB and every program i find has reported banwaves all over forums.

They dont want bots and its their house.

Deal with it.
 
Slingshot said:
The definition of insanity is trying the same thing over and over expecting different results.

That beeing said.

I've been banned twice now, lived through 1 suspension and now another one.

So i got a new account and stopped botting.

In the current user agreement you consent to let the wow client scan your ram for 3rd party programs, so there's that.

Blizzard isnt a bunch of noobs nor amateurs, they what they are doing and I guess at some point they decided they dont want bots in their game. And honestly, they are doing a pretty good job. I have searched and searched for alternatives to HB and every program i find has reported banwaves all over forums.

They dont want bots and its their house.

Deal with it.
Click to expand...

Welp, there it is folks. Slingshit says to deal with it.
 
The answer is for a bot that stealths it's signature in the active programs like a virus would. It will however probably cause some false positives but that's the only way I see around the scans.
 
Demondog70 said:
The answer is for a bot that stealths it's signature in the active programs like a virus would. It will however probably cause some false positives but that's the only way I see around the scans.
Click to expand...


But once they caught up to that couldnt they scan it out the same way an Anti-virus picks out a virus? Im thinking if they can scan ram for .exe, they are able to extend this, no?

Im asking from aprox. 0 knowledge of programming btw, not trolling.
 
No. It would change the signature random and it would be part of the handshake between HB and your software.

So when you start up HB say that morning it would sign you in with your key and issue you a signature that shows up in the active programs like chrome.exe *32. The bot server side would then know to change whatever parameters for YOUR bot to that signature. The issue is that the bot would have to be maintaining a variety of signatures on a daily basis but hopefully it's a small download from the bot to your system to morph you. Because it's random and not the same for any user it would be difficult to impossible for Blizz to just scan and find it. Even if they have a bot working themselves it would be a different signature for them than for mine or yours.

Now the only way they could discern the bot would be to actively dig into the program itself but I doubt seriously they are doing that much digging. I feel strongly they are only looking for "bad words" in the active program list. Would they seriously be looking deeply into 100's of thousands of computers? Millions even? I doubt it.

This is stage one of defying the scan.

Much less I think they are running brutally close to invasion of privacy. Scanning routines in the active programs is one thing but looking into programs and software I think is another thing completely and one could argue what else did they look at?? But again I say, I doubt HIGHLY they would do that because how would they chose which accounts to look into and what to look for. It could say Chrome.exe on one computer or ieplorer.exe on another or word.exe on another and sometimes there are like 5 or 6 of them in the active list.
 
Last edited:
Demondog70 said:
No. It would change the signature random and it would be part of the handshake between HB and your software.

So when you start up HB say that morning it would sign you in with your key and issue you a signature that shows up in the active programs like chrome.exe *32. The bot server side would then know to change whatever parameters for YOUR bot to that signature. The issue is that the bot would have to be maintaining a variety of signatures on a daily basis but hopefully it's a small download from the bot to your system to morph you. Because it's random and not the same for any user it would be difficult to impossible for Blizz to just scan and find it. Even if they have a bot working themselves it would be a different signature for them than for mine or yours.

Now the only way they could discern the bot would be to actively dig into the program itself but I doubt seriously they are doing that much digging. I feel strongly they are only looking for "bad words" in the active program list. Would they seriously be looking deeply into 100's of thousands of computers? Millions even? I doubt it.

This is stage one of defying the scan.

Much less I think they are running brutally close to invasion of privacy. Scanning routines in the active programs is one thing but looking into programs and software I think is another thing completely and one could argue what else did they look at?? But again I say, I doubt HIGHLY they would do that because how would they chose which accounts to look into and what to look for. It could say Chrome.exe on one computer or ieplorer.exe on another or word.exe on another and sometimes there are like 5 or 6 of them in the active list.
Click to expand...


I don't think its that simple. The way i see these detection's happening is there is a team at blizz sitting in a room, around a pc that is running the bot. Trying to find it in a way that does not break any law, then they implement the detection after they find and verify that they can find it.
 
gamerhead said:
I don't think its that simple. The way i see these detection's happening is there is a team at blizz sitting in a room, around a pc that is running the bot. Trying to find it in a way that does not break any law, then they implement the detection after they find and verify that they can find it.
Click to expand...

Well from conversations I have heard they are scanning active processes within the active programs module of the PC and if they go there an idiot and his blind dog could find Honorbuddy in 2 seconds flat. This would avoid that aspect of things. We are more or less 100% sure this is being scanned.
 
Demondog70 said:
Well from conversations I have heard they are scanning active processes within the active programs module of the PC and if they go there an idiot and his blind dog could find Honorbuddy in 2 seconds flat. This would avoid that aspect of things. We are more or less 100% sure this is being scanned.
Click to expand...

So you think if a non-botter player is renaming his/her chrome.exe or firefox.exe into "honorbuddy.exe" any account online on this PC will be banned ?
 
Demondog70 said:
The answer is for a bot that stealths it's signature in the active programs like a virus would. It will however probably cause some false positives but that's the only way I see around the scans.
Click to expand...

I've always thought "how stupid is this! It says honorbuddy right in my task manager wtf bossland!"
 
cheezemode said:
I've always thought "how stupid is this! It says honorbuddy right in my task manager wtf bossland!"
Click to expand...

Blizzard doesn't read those values like names. They read hexadecimal values in the RAM. And on top of that, they can only read values within their own memory space.

Renaming processes is absolutely not doing what you think it does, nor does hit help avoid detections.
 
Status
Not open for further replies.
Back
Top