Curse

Killed u man · Mar 10, 2011, 05:14 PM // 17:14

After seeing more and more botters turn up in both RA, HA and GvG, I decided to make another thead regarding this issue, as I feel people need to be re-educated in botting in order to effectively get the botters banned.

The initial botwave used an injection method which was easily detected by Anet, similar to Texmod injections. The recent released bots, however, proove to be alot more resilient, and afaik are undetectable through conventional methods, so for now visual conformation is all we can go by.

This new wave of interrupt bots is almost identical to the previous ones, only the botters seemed to have learned a lesson. Browsing through the publically released ones teaches us that every bot now has a "miss interrupts" function, aswell as a built-in delay function, so visual conformation is harder than ever.

I suggest when people notice "superhuman" reflex behaviour, they should start report for botting again. However, just because someone got a lucky interrupt does NOT mean they are botting. Going through the code of the bots, however, there are several tricks you can use which might just lure out botting behaviour though they do require you to loose your RA match.

If you're a Monk and you notice alot of your skills getting interrupted, refrain from casting anything and move next to the character which you think is interrupting you. Then at random times (completely random) you cast different skills and see if they get interrupted. (Try 1/4's and 3/4's as bots are able to interrupt both) Make sure you leave enough time between casting 2 spells, atleast 5 seconds so the mesmer wouldn't just be able to call an interrupt "anticipated". If you find that any 1/4'th got interrupt, you're probably dealing with a botter, and you should report him accordingly.

The most recent addition and maybe the most malicious one is a DDoS bot. It simply allows you to select a certain party member from the opposing team and make him lag or even DC for a period of time you can decide.

I don't know the exact inner workings of these bots, but I do know I've faced them a couple of times in HA, and it's an absolute bitch trying to call going from a perfect connection before the match (<100 ms with absolutely no lagg spikes) to an average ping of 20K during the match back to <100 ms the millisecond the opposing team leaves the match.

If you experience this type of "very coincidental" lagg, I sugges you take a screenshot and send in a report to NCSoft. They might not detect any injections, but if the same player keeps popping up on different screenshots, the know what time it is...

Lastly, I would like to bring some good news from the dark side, which is that there is ways of detecting botters with a degree of certainty. Currently some programs exist, or are under development, which allow you to see wether or not other people in your instance are using injections. (Unlike Anet which only have logs to show for) I can't give much more information on these programs, other than I do know they exist, and with a bit of luck they might get released aswell.

Schnellburg · Mar 10, 2011, 06:42 PM // 18:42

The game is over 5 years old. Give it a break. People will keep botting regardless of what you post here. Yes the bots are harder to detect as they don't rely on injecting anymore, but they also take a bit longer to set up, and write. HA is dead, RA is boring, and Gvg is not what is use to be. If this were 3-4 years ago it would be a different story.

*lemming* · Mar 10, 2011, 06:46 PM // 18:46

Quote:

Originally Posted by Killed u man

Lastly, I would like to bring some good news from the dark side, which is that there is ways of detecting botters with a degree of certainty. Currently some programs exist, or are under development, which allow you to see wether or not other people in your instance are using injections. (Unlike Anet which only have logs to show for) I can't give much more information on these programs, other than I do know they exist, and with a bit of luck they might get released aswell.

Don't tell us, tell Anet.

If they still don't do anything after the fact, you can go embarrass them with that.

Missing HB · Mar 10, 2011, 06:49 PM // 18:49

I think that last time they did ban botters because some were obvious ( on TV for GvG ) but also because many PvE'rs noticed it ( you can't deny the fact that among all pages of topic , 90% were made by PvE'rs..)
Now , if this happens in RA , noone will care at all ( because there people are already busied enough with syncs and crap builds)
A major issue happened with HA ( i mean massive leave of players ) , thus i don't think players left ( aka bbwayers or grenth dervs ) do care of bots...

Let's hope that people start running it in GvG so that something is done , but otherwise , i think it's probably pointless.....

JSX · Mar 10, 2011, 07:14 PM // 19:14

Wow funny I just recently saw this topic.. Ive been in RA today, and I notice every now and then I get MASSIVE LAG for a match like 1k ping.. and then its gone afterwards... And I dont lag anywhere.. not even in HA... Man.. I think playing a mes made me a target for ddos bots? (never had this happen on my Warr or Derv before )

Killed u man · Mar 10, 2011, 07:39 PM // 19:39

Obviously, there is that offchance you really get bad luck and have a coincidental laggspike during a match, but if you notice you start lagging the second you start fighting, and it ends as soon as you leave the instance, then usually something more is up.

For now, I would just screenshot all the names of the players in the enemy team, and if it happens on more occasions, see if any names match up.

Ariena Najea · Mar 10, 2011, 07:44 PM // 19:44

I haven't seen any bots lately outside of AB, JQ, and FA; outside of these areas and RA there is little reason to run afk-style bots for points. As for DDoS bots, definitely tell support if you know a way of detecting them... you should probably go straight to Gaile with it.

Reverend Dr · Mar 10, 2011, 07:48 PM // 19:48

Quote:

Originally Posted by lemming

If they still don't do anything after the fact, you can go embarrass them with that.

They won't do anything.

And posts on a fan messageboard is hardly going to embarrass a company.

Chthon · Mar 10, 2011, 07:49 PM // 19:49

1. Uh... I've never seen the Texmod source code, but I was of the impression that it was nothing more than a proxy dll for directx. I wouldn't call that "injection" per se. Nor can I imagine how it's detectable without the sort of invasive system-wide scans you get from crap like WoW's anti-cheat stuff. Are you sure early bots resembled texmod in functionality?

2. Targetted DDoS bot sounds like a myth. Sure, they exist in D2, but D2 was very poorly designed. The bottom line is that you should not be able to DDoS someone unless the server tells you their IP, and there is absolutely no reason for it to be doing that. A more likely possibility is that the server can be convinced to forward malformed packets to another player because it does not sanity check them properly before forwarding. I vaguely recall that Pablo exposed a bug like this that allowed force disconnects a couple years back. Another possibility is overactive imagination.

3. A program that can detect whether other players are running with an injected dll sounds like utter nonsense.

crazy daggerfighter · Mar 10, 2011, 08:04 PM // 20:04

Quote:

Originally Posted by Chthon

2. Targetted DDoS bot sounds like a myth. Sure, they exist in D2, but D2 was very poorly designed. The bottom line is that you should not be able to DDoS someone unless the server tells you their IP, and there is absolutely no reason for it to be doing that. A more likely possibility is that the server can be convinced to forward malformed packets to another player because it does not sanity check them properly before forwarding. I vaguely recall that Pablo exposed a bug like this that allowed force disconnects a couple years back. Another possibility is overactive imagination.

3. A program that can detect whether other players are running with an injected dll sounds like utter nonsense.

The first person with a brain to comment here imo

Lithril Ashwalker · Mar 10, 2011, 08:14 PM // 20:14

apparently looking at a website, they auto inject the dll files so its not detected as a manual injection, and thus they use a script program like Auto It to outsource nd externally bot.

already sent several "working" programs to anet for "dissection"
(by working i mean i read the responses and ratings of the program in the thread the program is submitted...so dont worry i never tried sch programs")

so in a way im a snitch...

Killed u man · Mar 10, 2011, 08:40 PM // 20:40

Quote:

Originally Posted by Chthon

1. Uh... I've never seen the Texmod source code, but I was of the impression that it was nothing more than a proxy dll for directx. I wouldn't call that "injection" per se. Nor can I imagine how it's detectable without the sort of invasive system-wide scans you get from crap like WoW's anti-cheat stuff. Are you sure early bots resembled texmod in functionality?

2. Targetted DDoS bot sounds like a myth. Sure, they exist in D2, but D2 was very poorly designed. The bottom line is that you should not be able to DDoS someone unless the server tells you their IP, and there is absolutely no reason for it to be doing that. A more likely possibility is that the server can be convinced to forward malformed packets to another player because it does not sanity check them properly before forwarding. I vaguely recall that Pablo exposed a bug like this that allowed force disconnects a couple years back. Another possibility is overactive imagination.

3. A program that can detect whether other players are running with an injected dll sounds like utter nonsense.

You are, or were atleast, a pretty big player in the underground community, so you should know very well what it and isn't possible. I used DDoS as a general term, it would require alot of resources from the player running the bot to DDoS another player, I just used it as a general term to describe what was going on. I don't know how this works, as I have no education in coding languages. (Or dos) All I know is that it exists, and it probably works in a way you described, which is overload the target's connection some how.

As for the program that can detect, with my limited knowledge of the client-server relationship gained from reading on the various forums, aswell as talking to a former GWCA (or wherever he's from) member, it would be very well possible to see wether or not people are running injections.

Chrisworld · Mar 10, 2011, 09:53 PM // 21:53

Quote:

Originally Posted by Chthon

1. Uh... I've never seen the Texmod source code, but I was of the impression that it was nothing more than a proxy dll for directx. I wouldn't call that "injection" per se. Nor can I imagine how it's detectable without the sort of invasive system-wide scans you get from crap like WoW's anti-cheat stuff. Are you sure early bots resembled texmod in functionality?

What I've been trying to tell all the less knowledgeable for years. TexMod has not and will not get you banned nor is it "injection" as we know it. Injection makes it sound so malicious. It's more of an on-the-fly thing for Direct X (DX9 only btw). From what I can gather, when you launch a game from TM with mods, TM scans the process for the image ID's that are being replaced with the ones in the TPF file and then just send the modified ones right to the system ram/vram assigned with the GW process. It might sound like injection but it's nowhere near the kind of injection we know with dll's and Guild Wars. DLL injection is making the game client do something it shouldn't right from the get go. TexMod is just a texture editor for the Direct X layer. The only action I have ever seen taken aganst TexMod is when it is used in Call of Duty 4 on a Punkbuster enabled server because PB is highly sensitive to incorrect CRC's and a big list of system process it does not want to be friends with. GW does not have a punkbuster, that would require Anet to add one or make people download a tool to run alongside Guild Wars before it starts up. I don't see the tool one happening and I sure as hell don't see them adding code to GW to transparently run one as that a serious breach of system privacy.

Quote:

Originally Posted by Killed u man

I don't know the exact inner workings of these bots, but I do know I've faced them a couple of times in HA, and it's an absolute bitch trying to call going from a perfect connection before the match (<100 ms with absolutely no lagg spikes) to an average ping of 20K during the match back to <100 ms the millisecond the opposing team leaves the match.

If you experience this type of "very coincidental" lagg, I sugges you take a screenshot and send in a report to NCSoft. They might not detect any injections, but if the same player keeps popping up on different screenshots, the know what time it is...

While it's pretty much impossible to DDoS someome even in an FPS game let alone a highly encrypted MMO, if people were DDoS/DoS'ing other people then this is probably a pretty isolated case of extreme malicious behavior which is ALSO highly unlikely given the work to do it and reward are just too far apart.

[epicsarcasm]
And I love your suggestion on taking the screenshots too. Perhaps I should take screenshots of an entire district of people before I go farming and when I don't get any gold weapon drops from some runs I should match up shots taken before the "bad runs" and start accusing tons of innocent people of mass illegal server and database hacking through backdoors and SQL injection all so they can put a little rainy cloud over MY head out of the thousands of other selections of players in the game.
[/epicsarcasm]

Enchanted Krystal · Mar 10, 2011, 10:00 PM // 22:00

I have noticed many "Bots" farming in ToPK, at least i think they are... I have confirmed at least one, and reported them, but 3 days have passed since the 1st report & every day I still see the same char still farming.(I have reported this char at least 4 times now over 3 days) How long should it take for Anet to look into my report of Botting?

*lemming* · Mar 10, 2011, 10:15 PM // 22:15

Quote:

Originally Posted by Enchanted Krystal

I have noticed many "Bots" farming in ToPK, at least i think they are... I have confirmed at least one, and reported them, but 3 days have passed since the 1st report & every day I still see the same char still farming.(I have reported this char at least 4 times now over 3 days) How long should it take for Anet to look into my report of Botting?

NCSoft Support is thoroughly indifferent to bots.

urania · Mar 10, 2011, 10:35 PM // 22:35

since you mentioned bots, faced a funny ranger in a synch (HA guild with korean letters tag ) that rupted in a most peculiar way.

not a single time in about 4-5 mins did he "miss" a 1/4 cast, but ALWAYS rupted guard halfway and signet almost instantly (faked 3 times in a row on all rupts), so basicaly it was click and cancel for me and a rupt landed instantly after. the reason why i believe thats a bot is he did not waste a single rupt on me even when i was spamming 1/4 (rof+patient under boon) on recharge because target was low (and all rangers spam their rupts at the time, or least all the ones who arent completely blind). so, if he rupted guard halfway and signet of dev virtually instantly (hence he ought to have been a reflex rupter), why did he not miss on any 1/4 casts?

on a side note, he'd nail guard out of no where, wasnt a chained cast, but the manner was the same both times..halfway. he'd also easily rupt hammer warr's elite (enraged smash), but that one is probably doable without a bot too.

gremlin · Mar 10, 2011, 11:28 PM // 23:28

Just as a matter of interest just how much of your gaming time would have to be given over to bot spotting.

Yes in an ideal world they should be stopped by any means possible but I would rather play than police the game.

Swingline · Mar 11, 2011, 12:05 AM // 00:05

Anet probably doesnt care that much anymore because they are trying to make GW2 bot free.

Enchanted Krystal · Mar 11, 2011, 12:13 AM // 00:13

Quote:

Originally Posted by gremlin

Just as a matter of interest just how much of your gaming time would have to be given over to bot spotting.

Yes in an ideal world they should be stopped by any means possible but I would rather play than police the game.

Well, what else am i supposed to do when i stop for a chop? Spot BOTS!

cantalus · Mar 11, 2011, 01:35 AM // 01:35

Quote:

Originally Posted by crazy daggerfighter

The first person with a brain to comment here imo

and you're from MoO...

some of the posts responding to Borat's seem a bit defensive, however there are definitely bots back in HA, another of the many good reasons not to go there