Very interesting post on how we are being detected.

[virtual]

So on another forum, A user had made a post that he had noticed blizzard was Lagging him for very short bursts and sending him False packets, something like a split second and his health was dropped to almost dead and then back to normal so fast a human could not detect or notice this, this person said this was happening during PVE and PVP.
So basically they where saying that the bot responds so fast and can pick up these false packets and respond to them when its not humanly possible for us to do this and this is flagging us as botters.

Just thought this would be a good place to post this.

Even if its not what is happening to get us caught i thought it was a pretty slick way for blizzard to combat bots.


If i where to take a guess and this is what is happening blizzard could run bots in house and test this against each bot and form a signature response from each different bot on the market and start to create a pattern for each one which would explain ban waves without the tripwires.

 

[ryedbread]

Do you have any proof or does the person you're referring to?

 

[virtual]

Nope I have no proof. I found that persons post i will quote it.

I noticed this during pvp and pve.

Blizzard is randomly spiking (less then half a second) clients with wrong information to produce a super human response from the client(bot).

EG:

If you are running a Combat Routine which involves using defensives (perform X ability when HP <= 20%). Blizzard servers will spike your HP to 0.1% and try to bait the super human response before hp is returned to normal.

I can only assume this information is logged over a period of time and reviewed by a human at a later date.

I highly recommend removing all defensive cooldowns from your CR's.

Like i said this may not be true, but how hard could this be for HB team to look at if it means discovering something that might be overlooked.
I don't know how any of these works, so for all i know it could be true or not even possible.

But like i said im posting it here where people who understand how these things work might look at this and say hmmmm that could be it or just say nope not it.

 

[TheLoFaT]

So on another forum, A user had made a post that he had noticed blizzard was Lagging him for very short bursts and sending him False packets, something like a split second and his health was dropped to almost dead and then back to normal so fast a human could not detect or notice this, this person said this was happening during PVE and PVP.
So basically they where saying that the bot responds so fast and can pick up these false packets and respond to them when its not humanly possible for us to do this and this is flagging us as botters.

Just thought this would be a good place to post this.

Even if its not what is happening to get us caught i thought it was a pretty slick way for blizzard to combat bots.


If i where to take a guess and this is what is happening blizzard could run bots in house and test this against each bot and form a signature response from each different bot on the market and start to create a pattern for each one which would explain ban waves without the tripwires.

This is no big secret. But I doubt that they use it in massive waves to search for people. Most of the time, when staff is investigating player reports of botters, they will port their client to your location and will be able to automate commands on you that they can then discern as reasonable suspicion for you to be using a third party program. But this is case by case basis. If you are playing and notice things like this, it could be very likely that you are being investigated. Which doesn't mean they will take immediate action against your account. But you could be one more name on the pile in future ban waves.

Still, even with me doubting, this could be the case. It might not just be bending the game mechanics like health but other stuff too. Could explain a lot of force closes too.

 

[webhond]

why is this so interesting?

you think they need to go this far?

Im scanning 1000's of auctions to find my stuff, and sell stuff.

They scan 1000's of clients to detect a program present hooked or whatever.

Why u all keep thinking so next gen. You really think blizz needs to do stuff like that
to detect you. They showed us, on banwave, if they want us... we are done.

Interesting question here should be, why arent they banning us every week.

So easy to get us once, you can do this on a weekly basis?

Or is something else happening behind the curtains and in november, when we will
be getting our accounts back, we wil be done alltogether?

 

[Snotya]

Interesting question here should be, why arent they banning us every week.

QUOTE]

I have been wondering that myself. Also what ever they are using to detect us is specific to each bot client. 1 day they pick on HB the next some other bot. I can only assume from the length between banwaves and specific targeting of each is that it takes up a lot of their server resources to scan for us. And they don't like doing it.

I think more people (smarter people than me) need to be looking into that tripwire event that happened a month or so back. A lot of bans rolled in that day. I think that was the trial run.

 

[Lister]

it takes up a lot of their server resources to scan for us

yea just like google gets down when they get DDOSed (do they even notice?)

It was definitly some kinde of Software Detection even her in the EU becaues one Accoutn I lost I uesed only for ab 1 Hour (no errors or anything) with that other Bot on the 06.06.2015 the rest of the Time i played per Hand but that Account did also get hit

 

[Mario27]

thats right with the bot there is alot of lag without bot im fine on ultra no issues

 

[exdeus67]

So on another forum, A user had made a post that he had noticed blizzard was Lagging him for very short bursts and sending him False packets, something like a split second and his health was dropped to almost dead and then back to normal so fast a human could not detect or notice this, this person said this was happening during PVE and PVP.
So basically they where saying that the bot responds so fast and can pick up these false packets and respond to them when its not humanly possible for us to do this and this is flagging us as botters.

Just thought this would be a good place to post this.

Even if its not what is happening to get us caught i thought it was a pretty slick way for blizzard to combat bots.


If i where to take a guess and this is what is happening blizzard could run bots in house and test this against each bot and form a signature response from each different bot on the market and start to create a pattern for each one which would explain ban waves without the tripwires.

i notice same thing sometime when i enter in arena....

 

[klepp0906]

Tbh they probably just flag every person running x86 on an x64 box which narrows the search 1000 fold if not better. At that point they just run whatever script or method they're using on a fraction of the playerbase and clean up. We make it easy on them. Even after all this they refuse to change or try to be proactive. I predict bad things. Hopefully the other "mainstream" bot comes up with something during their investigation. So far the only bots I know of that have been perpetually untouched are the x64 ones. Ironically they perform better as well.

Interesting future ahead no doubt. I imagine bots will die, bots will be born, and the community will be spread much wider than in the past.

Then again if blizzard doesn't do something amazing with the next xpac I don't see wow going anywhere but further downhill gameplay and population wise as has been the case for years now. I told my guild last night that they are the single solitary reason I still play and have been for awhile.

Anyways, the end.

 

[virtual]

untouched are the x64 ones. Ironically they perform better as well.

The only 64 bit Bots i can find are fishing bots.

 

[Toko]

Tbh they probably just flag every person running x86 on an x64 box which narrows the search 1000 fold if not better. At that point they just run whatever script or method they're using on a fraction of the playerbase and clean up. We make it easy on them. Even after all this they refuse to change or try to be proactive. I predict bad things. Hopefully the other "mainstream" bot comes up with something during their investigation. So far the only bots I know of that have been perpetually untouched are the x64 ones. Ironically they perform better as well.

Interesting future ahead no doubt. I imagine bots will die, bots will be born, and the community will be spread much wider than in the past.

Then again if blizzard doesn't do something amazing with the next xpac I don't see wow going anywhere but further downhill gameplay and population wise as has been the case for years now. I told my guild last night that they are the single solitary reason I still play and have been for awhile.

Anyways, the end.

Fir3h4ck runs on x64, they got banned too.....

 

[McWeiss]

Fir3h4ck runs on x64, they got banned too.....

But with the one you mentioned you could do alot of other things like flying where you could not and stuff like that...

 

[Morga]

I have noticed burst of lag every time I create a new toon and log in. I'm on a different machine, bnet and ip. This only started after I got banned on a different bnet account.

 

[Aetheric]

I have noticed burst of lag every time I create a new toon and log in. I'm on a different machine, bnet and ip. This only started after I got banned on a different bnet account.

Same here. I thought it was my connection, but I heard this many times from others as well. Suspicious to say the least.

 

[Aetheric]

Tbh they probably just flag every person running x86 on an x64 box which narrows the search 1000 fold if not better.

Whatever the fanbois are constantly trying to tell the community that it doesn't make any difference, x86 or x64 in terms of detection, it absolutely narrows scans down to a fraction of those 6 million active accounts.
And that _does_ make a hell of a difference ..

The waiting is on a. a x64 version of HB and b. stealth.

Especially stealth - I don't care if that will trigger every virus scanner in the world, but HB needs to become like a self-mutating virus. And in such a way, that it's too much of an overhead for the WoW client to contain an anti-virus scanner as well.

I have no idea whether that would be technically possible, but at least it would cripple the other "Trojan", called "Warden".

 

[ryftobuddy]

prove to me that only a fraction of users use x86. Oh, you can't? That's what I thought.

All the people spewing nonsense that x64 is mandatory at this point can't give a single, sensible reason why other than "it will keep us safer". But how? How does switching to x64 keep us safer? It doesn't, you have no clue what you're talking about and you don't have a single figure showing that more users use x64 compared to x86.

As someone pointed out earlier, x64 bots have been caught in a recent banwave. It doesn't matter that the bots had additional features, it simply proves that x64 does absolutely nothing to protect a bot from being detected. Bots are still going to have interact with the game in a way that x64 makes no difference about.

 

[pimpampum]

prove to me that only a fraction of users use x86. Oh, you can't? That's what I thought.

All the people spewing nonsense that x64 is mandatory at this point can't give a single, sensible reason why other than "it will keep us safer". But how? How does switching to x64 keep us safer? It doesn't, you have no clue what you're talking about and you don't have a single figure showing that more users use x64 compared to x86.

As someone pointed out earlier, x64 bots have been caught in a recent banwave. It doesn't matter that the bots had additional features, it simply proves that x64 does absolutely nothing to protect a bot from being detected. Bots are still going to have interact with the game in a way that x64 makes no difference about.

Are you serious?

Getting a little tired of these "prove to me" things. It's completely OBVIOUS a massive amount of the playerbase use x64, because it simply works better in a x64 OS. Or you could "prove to me" that we are wrong. That's what I thought.

Firehack, that thing you apparently tried to compare to Hb due to having had a banwave (Which wouldn't be a banwave in Hb terms but probably woulda been labelled as "normal bans") is a wide scale multi-HACK. It should be much higher than any bot in Blizz's banning list, yet it have been undetected until now.

Any program, no matter if it is x64 or x32, would be found if you look for the correct footprints, namely x Lua API call or similar. We understand that.

What we state , is it is harder to be identified when you are in a 6 million pool of users, that in a 1 million pool. (x64 -x32 analogy, with made up numbers. I think the real should be much more out of proportions.)

I also remember reading, and it made quite a lot of sense, that most people using x32 came from Asia, where access to more powerful comps is really harder, in some countries at least.

One would think, it they were Blizzard EU or Blizzard US, that they would use a lot less firepower if they reduce the search to x32 systems. Wouldn't you do?

 

[Aion]

Are you serious?

Getting a little tired of these "prove to me" things. It's completely OBVIOUS a massive amount of the playerbase use x64, because it simply works better in a x64 OS. Or you could "prove to me" that we are wrong. That's what I thought.

Firehack, that thing you apparently tried to compare to Hb due to having had a banwave (Which wouldn't be a banwave in Hb terms but probably woulda been labelled as "normal bans") is a wide scale multi-HACK. It should be much higher than any bot in Blizz's banning list, yet it have been undetected until now.

Any program, no matter if it is x64 or x32, would be found if you look for the correct footprints, namely x Lua API call or similar. We understand that.

What we state , is it is harder to be identified when you are in a 6 million pool of users, that in a 1 million pool. (x64 -x32 analogy, with made up numbers. I think the real should be much more out of proportions.)

I also remember reading, and it made quite a lot of sense, that most people using x32 came from Asia, where access to more powerful comps is really harder, in some countries at least.

One would think, it they were Blizzard EU or Blizzard US, that they would use a lot less firepower if they reduce the search to x32 systems. Wouldn't you do?

Do you live in Asia? Or following "common" but obsolete model that Western>Eastern in therms of Quality of Live. But I must assure you, the Eastern "world", more commonly known as Far East have the greatest progression in the last decade, and all the modern computer system are much more accessible there too - They are way cheaper there for tons of reasons, including 64bit systems, so the example is not relevant at all.

And no, Im not from Asia - native EU here, but this does not change the truth.

 

[pimpampum]

Do you live in Asia? Or following "common" but obsolete model that Western>Eastern in therms of Quality of Live. But I must assure you, the Eastern "world", more commonly known as Far East have the greatest progression in the last decade, and all the modern computer system are much more accessible there too - They are way cheaper there for tons of reasons, including 64bit systems, so the example is not relevant at all.

And no, Im not from Asia - native EU here, but this does not change the truth.

That's a nice attempt to abruptly change the theme of this conversation, Aion.

Anyway, I'll bite. Of course I know certain countries, located in eastern Asia, like South Korea or Japan, have high standards in computerisation. Higher than the average in EU or US.

That doesn't change the fact that most Asian people , and as Blizzard once reported, a huge majority of Wow users in the Area, don't come from these countries. China and India represent 60% of the population in the zone. Japan and S. Korea, 4%.

When people talk in general terms about Asia, they are more probably referring to the majority of the population there, not to specific cases.

The same could be applied to the EU term. When someone refers to the European Union, they probably picture some of the largest countries there. Name your pick, it's easy to offend here, so I won't walk the line.

But they will hardly call EU to recent additions to the EU that don't share the overall wealth and standards of the "main countries".

It is right, or fair? Nopes. Estonia, Cyprus, Romania and Bulgaria are as much EU, as France , Germany, Italy or any other member. But it's the reality of the situation.