How you are getting caught - Detection

First off, let me say I really feel for you guys in EU/US facing the bannings that seem at an all time high.

I am an Ex-Pat living and playing/botting WoW in China on China servers. So we face a few differences than you do in EU/US. First, we pay for game time by the minute, not by a flat fee for the month. So in many ways, in China WoW, Bots are actually profitable to the game company who runs the Blizzard WoW here. Keep in mind, it is a different company who admins WoW in China, it is not Blizzard. While this does mean we can get away with running our bots and not face bans currently.

This does mean we can develop and write plugins, profiles etc and test the hell out of them in China without facing a risk to banning even testing. What it does not allow us to do is actually test new undetectable profiles or plugins etc to see if they would work in USA/EU.

I have been writing private profiles and selling them for a while to USA/EU customers but have stopped because it is obvious to me that no matter the fact that the private profile was created on China servers and is truly "private" to whoever I sell it to (meaning that when you get it, it has never even been run one time in EU/US, even while being created/tested), that these private GB2 profiles are getting nailed by Blizzard anyhow.

So I developed a new method that 100% beats the concept of LCP detection. Now the profiles I sell are custom made and expected that the end user uses the new app in order to keep the profile completely off the LCP radar (Takes 5 seconds to mash the profile through the app and have it revised and ready to be used fresh). But this is not my point. My main point I am writing about is HOW are they detecting you guys.

The theories so far:

1) "They can detect HonorBuddy running" - Well I do not buy this theory and most pros on these boards agree with me that Blizz is not detecting HB running. It is illegal from my understanding and would not be the route Blizz would take given that there are better and more permanent ways to catch botters now and in the future.

2) "NPH is too high, they catch us" - Well it could be that, but honestly we would simply react by running our bots differently and less efficiently than any normal player, despite lower NPH, we would not care as its better to have 70% efficiency and not get caught than the run super bots capable of 500+ NPH etc. - I do not believe this is how.

3) "They download public profiles and use those to catch people who do not bot smart!" - Nope, I do not buy this either. Too many of you are reporting getting nailed when running private profiles.

4) "Player reports!" - Ya, players reporting you would do it and certainly it accounts for some of the bannings. CRZ has put more people in the lesser used zones and this creates more opportunity for bots to get reported. But it should not cause such an increase in bannings and certainly not create the bannings where ppl ran in slow zones at odd hours for a few hours and got nailed.

5) "CTM (Click to Move)!" - Could be if they wanted. Afterall, no one CTMs while flying etc. But the workaround would be so easy and what about the low level players who cant even fly and are running Kicks questing profile running on the ground? Some players do use CTM when they first play the game especially if they have never played and flown a mount before. I doubt this would be the method they would use. I believe they would know that we would simply react and get rid of CTM anyhow.

6) "LCP detection" - I believe this is the situation. And not only individual LCP, but they have managed to chart it across players. It would need to be using data from players and mashing it up to catch Questing profiles etc, because no one player will run the same routes over and over while questing enough to really trigger it. Yet it gets caught. Reason why is simple, those questing bots are run using public profiles and therefore over time, those "known LCP paths" are learned by Blizzard's servers and anyone hitting a threshold of even 20+ LCP could easily get nailed even before they hit level 20. And for gathering it is worse. Run a public gathering profile? You are nailed. They already have the comparable LCP for your profile as soon as someone has run it a few times. Private profile or a custom script? Sure. It will be ok for a little bit, but think of it this way, Profile LCP is generated while being created if you fly the route using zaprecorder etc, then you run it once or twice...three times, four times...and within 2 hours of running it, you are now flagged as a bot because you just tripped up using your own private profile. Point is, a "set path" profile will trigger this detection no matter how private it is. LCP detection would account 100% for most of the bannings going on whether you use private or public profiles, it would catch you.

What it really means, is that botters, especially gather bots are going to need to actively use counter-measures to the concept of LCP. In fact, it requires testing on the EU/US servers to be sure that this is what is taking place, but I cannot really think of another method that would account for the bannings other than LCP. The system I developed and others have posted about, while it lowers efficiency, it completely beats any form of LCP detection since LCP relies on repeated strings of hotspots being hit in sequence, something that is impossible for a human to relicate repeatedly over time.

If your botting method does not actively beat LCP detection, I would honestly recommend to not Bot it. You will eventually get caught whether you run 2 hours or 12 hours.

And my recommendations for the devs:

1) Abandon CTM, it seems risky to me
2) Rewrite GB2 to either work "zones" at complete random and have profiles now set to just list blackspots. So a profile would be set to <Zone> and just have Blackspots.
-And/Or
3) Rewrite GB2 to have the option to run "random Hotspots", so it picks a hot spot from your list at random, then another at random and so on, thereby beating LCP as it never paths the same sequences.

A final question I have: Is there currently any way for GB2/HB to run profile one time only and once it has finished going to all the Hotspots in a profile...to stop completely???

Thanks and good luck to all you botters in EU/USA facing these problems.

Azile

 

i just got baned again. on 4th of may i moved from EU servers to US servers, after i lost 57 bots on EU.
i started small on US servers just to try it out (just 5 bots).

all accounts were not linked in any way with each other. all paid by different credit cards, all on different pc's, all an own ip. all online at different times, precaution as much as possible.

my profiles were all private made by myself. so i am 100% sure, that nobody uses same hotspots that i used.

my believe right now,... blizzard is checking CTM behavior.
i am not a coder, and maybe my thought is absolutely wrong, but i will tell you, what i think.
for a human it is impossible to click a position in thin air, if you use CTM by hand. you will always click either a position on the ground, or an obstacle, or a point on the horizon.
the bot is always setting the CTM location to a thin air point.

it should be easy as 1,2,3 for blizz to identify us in this way. just check our clicked CTM position with Mapdata, if CTMclick is in thin air= ban.

 

don?t think you are right. People got banned before they reach lvl 58/60 while using Kick?s leveling profiles.

Anyway to get rid of ctm woul?d be nice. Oh and i use ctm even without bot. It?s nice to use a key bind to interact with mouseover/target.

 

Good post.

 

pretty informative post, but still, only speculation.

HB definitely has to abandon CTM though, that's pretty much only thing uniting all botters/botbases/profiles.

 

I use CTM manually.. with my left hand slightly impaired, it's tedious to use the keyboard to navigate.
It would be insane to ban me, just for using CTM.

Regarding CTM "in thin air" .. Flying around using CTM is not easy, but it's definitely possible and only needs some practice.
Clicking both mouse buttons to move, helps a lot in this as well, by the way.

Nah .. I don't think CTM will provide conclusive evidence that it's a bot operating the toon.

 

yes, many players use CTM to move. and blizz won't ban anybody for using CTM.

but as you can see, if you, as a human click somewhere, you will always click on the horizon, or a spot on the ground or environment. it is impossible for you to click in the air 10 yards away from you.
and thats what the bot is doing all the time. making this nice yellow circle at a point, that can't be clicked by a human.

i dont think, it is hard for blizz to read the CTM positions. and if the position isn't possible to be clicked by a human, it must be a bot or a hack. ... and i think, thats what blizz is writing in ther ban-mails. ...These programs (commonly called cheats, bots, and hacks) automate certain aspects of gameplay...

 

Interesting thought .. so why would a program like HB use CTM and not the keys on the keyboard?

 

As I posted, people using Kicks are even getting banned before reaching level 20, which is why I believe CTM is not their detection method, but "learned" LCP across many players is. Kicks will use the same hotspots, and those provide an LCP base for them to work other people's LCP against. Basically Bot A, B, C, D, E run kicks. They hit same hotspot sequence and provide LCP data for Blizz. Now when player F,G, H etc run kicks, they trigger the LCP data they already have, and are banned before even hitting level 20.

I guess my main point is that I believe LCP is indeed the method they are using and they are using LCP across many players not just yourself. So any public profile has likely already provided the LCP data and gets nailed very fast. Any GB2 profile that you make and is private will still trigger the LCP after you use the "route" a few times. Given that people have posted getting banned using a GB2 private/custom profile within even 2 hours of using it, means that the threshold gets hit quite fast, perhaps even 5 times through a route is enough to trigger the threshold.

To test to see if HB is at all possible to be detected is very simple as well:

1) Take a fresh clean account.
2) Run HB.
3) Create a route manually, not by pathfinding, does not matter how effective it is, as long as you have maybe 50 spots within a zone parameters.
4) Run it, but do not let it repeat the route, just run the route once.
5) Do another in same zone but completely new hotspots.
6) Rinse and repeat this method over and over.

Yes it would a time consuming test but it would lend data towards LCP detection VS CTM detection VS HB detection.

Again I am on China servers, so these tests, I cannot even begin to use here because we don't get banned in China for this stuff...yet.

 

i dont think blizz has just one detecting mechanism. kick users are banned since ages. would be a typical LCP detection.

but this massive GB2 (and other gatherbots that use CTM) bans are pretty new. started april on EU servers.
don't get me wrong, there were always bans for gathering, but since april it is a lot more.

i dont know there are more or less bans for kicks profiles.
but i know, there are a lot more bans for gathering (at least for me). and CTM-spot-clickable-checking could be a detection possibility.

 

Ctm is basically client side as far is i know, Bliizard can not tell if you used CTM or WASD to get to said hotspot.

 

They can and have collected even less important facts about the players.

 

Proof please

 

how i hate this "proof please" .... proof against please.

 

What does LCP mean please?

 

It means "Lowest Common Prefix" and there is another post in this forum detailing it as well as a link to the white paper detailing its ability and method. To sum it up, it is a method that tracks movement through specific cords and basically if you were to track this movement over time and space only a Bot could get a threshold rating high enough of hitting the same sequences of spots over and over than a human.

The theory is that Blizzard is using this or a form similar to it to nail bots who would trigger the LCP. To test that, one would need to test running GB2 with a method that would beat LCP detection for a consistent amount of time and not get banned. And that would likely require a large investment of time by someone running an anti-LCP type script/method on an otherwise clean account and even then, if you got nailed by being reported or other means, we would have a false positive, so would need to be used by quite a few people to see if this theory holds true.

 

dude !!! just lsn to me for a sec.... i might be on to something....
i've been using KICK for quite long time...

i have 11 chars lvl 90 on my account ALL LEVELED BY KICK and im still not caught!!!!
so the theory you're talking about might be false....

and i leveled a spare account all 11 chars on same server with kick, and it still works like a charm...
i didn't use RAF or any xp helping items... just running kick all over again... and im still not caught!?

can you explain why im still not caught ??

 

I hate it too haha.

But there was a post by apoc about it not to long ago and if someone outside of blizzard knows how wow works, its apoc.

The server doesn't know where you click or wasd to. It only gets the "I am here" command by the client. (No clue if this was/is changeable.)
The change from CTM to wasd would be like 10 lines of code in the HB base, but since CTM is way more exact, faster and not different for the server, they use it.

To proof him wrong you could find a wasd bot and test it for quite some time.

Found the proof, thanks google:

 

The way to kill LCP-Detection is simple, but its difficult to get a smart solution not to spend hours to create these ways.

 

Thanks.

I wonder how many bot accounts Blizzard has banned. Surely not every single HB user posts the fact that their account was banned.