XenoBot Forums - Powered by vBulletin

User Tag List

Page 1 of 11 123 ... LastLast
Results 1 to 10 of 108

Thread: Botting Security: The Myths, The Facts, and The Solutions.

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    XenoBot Developer DarkstaR's Avatar
    Join Date
    Dec 2010
    Posts
    6,105
    Mentioned
    1316 Post(s)
    Tagged
    13 Thread(s)

    Botting Security: The Myths, The Facts, and The Solutions.

    To begin this post, I would like to reiterate a post I made nearly 2 months ago.

    Quote Originally Posted by DarkstaR View Post
    No bot, not even NeoBot, can be called 100% undetectable. Nobody knows how the system works so saying their bot is safe is misinforming the users.
    What I will say is that I have taken the precautions to make sure that this bot is as undetectable as possible, and that it stays that way. I have made sure to make absolutely no mistakes, I've taken my time, and I mostly allow Tibia to do everything for me(making it safer).

    I wont promise its safe, but I will tell you that I trust it enough to use it on my main characters
    I have said time and time again that I will not promise my bot is safe, and yet this last banwave has sent people crying about how I misinformed them. I'm sorry, but this is not the case. In fact, from this banwave we have learned 4 things:

    1. Injecting into the client has nothing to do with bans
    2. No matter what bot you use, you are not safe - however, some bots are safer than others
    3. "Safe Bots" are nothing but irritating pieces of software which obscure your ability to play by hijacking your mouse and keyboard. We know now that they are not truly safe.
    4. There are many bots that are safe in creation, but used dangerously. These include NeoBot, TUGBot and XenoBot. (Nothing else was created evasively for this system) It is not these bots that get you banned, but how you use them.

    #1: Supporting facts

    • NeoBot was also taken out in the last wave. This means that there must be some server side detection which uses heuristic pattern recognizing algorithms in order to detect non-human actions. This means that if they have a working server sided system, they really have no reason to create a much harder client side detection system.
    • Creating a system to detect injected and modified code would be very tricky -- they would have to find a way to send this information to the server without bot programmers noticing. Every update, I look at every function which calls the winsock send function, and nothing I have found to date has been suspiciously sending data to Cipsoft.
    • Many different programs use global hooks or injected DLL's on all open processes in order to achieve certain results. ObjectDock, for example, is a program which creates Mac-like docks on the desktop for icons. to handle the mouse, it injects code into every process to watch the mouses actions within that process. Another example would be a virus which may inject code into running programs in order to try and steal your personal data or manipulate your computer.

    #2: Supporting facts

    • NeoBot falsely promised its users safety, and some still got banned.
    • Bots like NeoBot, TUGBot, and XenoBot still protect against creating impossible packets and make sure that performed actions are possible without a bot attached. That makes these pieces of software MUCH HARDER to detect.

    #3: Supporting facts

    • No body likes having to leave Tibia maximized to bot, and Nobody likes the way "Safe Bots" hijack their mouse and keyboard. It is irritating, and can often leave you dead in situations where you could have lived if you didn't have a bot that was acting equivalent to a 5 year old brother randomly smashing keys on your keyboard.
    • Look at supporting facts for point #1. Tibia doesn't send data telling the server if its minimized or not, or if anything is injected into it. This means that using actual mouseclicks and keystrokes is just an annoying way of doing what XenoBot does, and is not any safer.

    #4: Supporting facts

    • While people have been banned from use of all bots, there are also many intensive botters who have never been touched - and never will be. This is because they make proper use of their software, and they do not bot suspiciously. Below, I will outline pointers and tips about how you can avoid banishments and still get the most out of any bot.


    Botting Safety Tips

    1. Never bot afk. There is evidence that Cipsoft still has CM's checking up on botters on the down-low, so being at the computer at all times can save you if one comes looking for you. On top of that, you are less likely to be reported if you respond to players.
    2. Spread out your botting sessions and mix up your play. It is very possible and probable that cipsoft has created AI algorithms to detect bot-like behavior. However, due to their lack of resources and current disadvantages of AI technology, you can ea slily throw these functions off by mixing in some human action. For instance, I used to bot stone tomb on my 76 RP. After I used 50 spears, I would go manually do two tasks at energy elementals before going back to stone tomb.
    3. Verify your settings. Don't walk around on a paladin trying to spam exori flam at constant intervals, or walk around on a knight trying to chug great mana potions. Most bots nowadays randomize when they heal, but only when successful. An unsuccessful attempt, however, results in another attempt at a set interval. Continuously doing this can be detected as suspicious behavior.
    4. Do not talk about botting in game, even if its in a private message to a trusted person. For all you know, cipsoft can be searching logs for people talking about botting.
    5. Bot dynamically. Don't use scripts that always deposit with systematic methods. Always withdrawing an exact amount of gold, buying everything in certain order, and throwing items in depot the exact same way is suspicious. I've used NeoBot, and its not hard to randomly decide whether to go to the bank or depot first. Its also not hard to move your items to depot randomly, or to buy supplies in different orders. You may spend extra time making your scripts, but in the long run you get to keep your character.
    6. Use good scripts. Sitting with no gold on a boat and spamming "hi thais yes" for 2 hours is a sure fire way to get banned. So is constantly using your rope on a shovel hole, continuously going in and out of a yalahari gate, or trying to open a depot that is blocked by another player. There is literally a million examples of this, so use discretion and common sense when botting, and always extensively test scripts before you take your eyes off of them.
    7. Keep a realistic timeline. Nobody can play 12 hours a day for a week strait hunting the same monsters with the same methods. Don't bot the same character for more than 35 hours each week, and never more than 10 hours at once - no matter how dynamic your scripts are.
    8. You are the player and the bot is the helper, never vice-versa. Remember who created the character. YOU DID. Your bot didn't. Don't expect it to play the game for you all of the time. If you created a character just to bot your way to the top, then you can expect to get banned. However, if you just use your bot to help you keep up with all of the no-lifers out there and you still spend hours of playtime doing quests, pking, or talking to friends on team hunts, then you have a lot lower chance of getting banned.

    Conclusion
    Using common sense, following these tips, and using the right bot can help you stay safe. No one can ensure your safety, but more than the majority of people who follow these tips have stayed safe - and you can too!

  2. #2
    Super Moderator Luls's Avatar
    Join Date
    Dec 2010
    Location
    Canadaaaa.
    Posts
    1,976
    Mentioned
    186 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DarkstaR View Post
    a bot that was acting equivalent to a 5 year old brother randomly smashing keys on your keyboard.
    I laughed so hard

  3. #3

    Join Date
    Oct 2011
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    For all this "Safe Bot" vs "Injected Bot" war, I respond: there is no proof that the Tibia client sends any information regarding things that an "Injected Bot" usually do => there is no proof that "Injected Bot"s are less safe. It is possible, though.

    Your point is right, but there's no need to say things like "is not any safer" or "a safe bot can leave you dead" simply because there is no proof for none of them.

    Anyway, if you ask me, I would go XenoBot because of it's advantages over NeoBot (more options for players who are not AFK).

  4. #4
    Super Moderator Luls's Avatar
    Join Date
    Dec 2010
    Location
    Canadaaaa.
    Posts
    1,976
    Mentioned
    186 Post(s)
    Tagged
    0 Thread(s)
    Just a bump, because I think it deserves it today.

  5. #5
    Lifetime Subscriber
    Join Date
    Dec 2011
    Location
    Michigan
    Posts
    2,649
    Mentioned
    81 Post(s)
    Tagged
    0 Thread(s)
    I think it's safe

  6. #6
    Lifetime Subscriber thorekz's Avatar
    Join Date
    Dec 2011
    Location
    Santiago, Chile
    Posts
    1,243
    Mentioned
    23 Post(s)
    Tagged
    0 Thread(s)
    like the administrator itself said, theres no 100% safe bot for tibia but we gotta try one dont we?
    now its the time to give xenobot a chance (which looks pretty cool btw)

  7. #7
    XenoBot Developer DarkstaR's Avatar
    Join Date
    Dec 2010
    Posts
    6,105
    Mentioned
    1316 Post(s)
    Tagged
    13 Thread(s)
    Everyone keeps criticising the fact that I say its "not safe." The only reason I say this is to be honest. Ekx lied to everyone by saying Neobot was safe, and banwaves proved that. XenoBot is 100% safe when used properly, but if its not then the repercussions can be bad. I would rather the user know that then have lied.

  8. #8
    Lifetime Subscriber thorekz's Avatar
    Join Date
    Dec 2011
    Location
    Santiago, Chile
    Posts
    1,243
    Mentioned
    23 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DarkstaR View Post
    Everyone keeps criticising the fact that I say its "not safe." The only reason I say this is to be honest. Ekx lied to everyone by saying Neobot was safe, and banwaves proved that. XenoBot is 100% safe when used properly, but if its not then the repercussions can be bad. I would rather the user know that then have lied.
    well it doesnt matter if neobot was safer or not, now its dead so good luck growing your software :P

  9. #9

    Join Date
    Dec 2011
    Posts
    68
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DarkstaR View Post
    Everyone keeps criticising the fact that I say its "not safe." The only reason I say this is to be honest. Ekx lied to everyone by saying Neobot was safe, and banwaves proved that. XenoBot is 100% safe when used properly, but if its not then the repercussions can be bad. I would rather the user know that then have lied.
    what do you mean by if used properly? theres no point adding manabars under hp bars and shit that makes it detectable. if people want to use xenobot on ots and such, make a bot thats just for ots, and for normal tibia make it that nothing is detectable

  10. #10

    Join Date
    Dec 2011
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by taytay13 View Post
    what do you mean by if used properly? theres no point adding manabars under hp bars and shit that makes it detectable. if people want to use xenobot on ots and such, make a bot thats just for ots, and for normal tibia make it that nothing is detectable
    By used properly he means keep switching places you bot in, sometimes hunt manually and do not bot for extremely long times nonstop. non-human behaviour is what gets you caught, not the mana bars.

    Most likely the way cip takes care of botters is server-sided bot detection, monitoring the way ppl behave, the way ppl move.
    If cip detected bots in another way, for example if they could see that you're manipulating the client or running a program called "neobot.exe" while playing, they could just bann every botter at once and get rid of the botters. But thats not the case since they have not banned everyone, just some ppl. These are most likely the ones who probably never used skip nearby nodes in neo, botted the same spawn for more than 10h in a row without taking a break, behaving like a bot.

    Please take a look at this article.
    > http://iseclab.org/papers/botdetection-article.pdf <

    More facts about injecting to the cilent that backs up what I just wrote and what darkstar has said about this matter. Written by darkstar himself!
    >http://forums.tibianeobot.com/showth...oBot-developer<

    Quote Originally Posted by SST View Post
    @ Up

    Botting at 1 place doesn't get you banned, same for botting till lets say 42 - 14 stamina. Many people I know do it at the same place for months, bah.. years! Even on Elfbot they did the same and they never got banned? Its about something else in my opinion, for an ex. me, I only used healing on 1 noob mage around level 80 and I got banned on him. I botted like 10 other knights all 80-100+ to the limits of stamina, non of them was banned, not on neo, not on elfbot
    @SST
    Healing at the exact same hp is non human behaviour, sure you had it randomized? And about being banned by cavebotting, thers a shitload of things that lowers the risk of being caught, anything that breaks the pattern in moving lowers the risk. Probably even a depositter will do it. In neo skipping nodes makes it also harder. Basically almost everything that has impact on how the character moves will do it.
    Last edited by Fire; 12-28-2011 at 11:42 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •