• Visit Rebornbuddy
  • Ways Blizzard could ban you (eg: your IP, MAC address, etc)

    Discussion in 'Archives' started by bob2k, Sep 2, 2011.

    Thread Status:
    Not open for further replies.
    1. bob2k

      bob2k New Member

      Joined:
      Jul 22, 2011
      Messages:
      82
      Likes Received:
      2
      Trophy Points:
      0
      This isn't an attempt to scare anyone, or a guide on how to avoid getting banned, just merely a list of ways Blizzard *could* (not necessarily "are") identify that you're botting or link multiple accounts to your computer:

      (Keep in mind that by running WoW.exe they could basically be executing any code on your machine, not just "game logic", or in-game stuff... literally anything any other program could do)

      Detecting HonorBuddy: (could also apply to other hacks/bots)
      1. Check to see if a program called "Honor Buddy" is running (in title of the application's window - or "Attached to WoW with ID" :/)
      2. Check to see if a program with the filename "HonorBuddy.exe" is running
      3. Check to see if any program has certain DLLs, such as "Tripper.Tools.dll", loaded
      4. Check to see if any program running has a certain checksum of any known "bad programs" (this is much less likely check, but still possible)

      Detecting Botters:
      1. Check for excessive "invalid" or "illegal" commands, either repeatedly or on a regular basis (eg: someone running a "daily" profile every day, and common invalid things happening - I also remember reading on this forum about a profile or Custom Class that was trying to execute a Druid spell, which other classes don't have - also interacting with a quest giver repeatedly without picking up or handing in the quest - something my HN does often :/)
      2. Detect "stuck-movement" - character's running but co-ords in the game aren't changing over a period of time (this could happen fairly easily, for a bit of time, without botting so they'd probably have a fairly high time limit on this)
      3. Check for (lack of) mouse movements in/over the WoW window
      4. Check for (lack of) key presses in/on the WoW window
      5. Check for character activity, while WoW is not the active (focused) window
      (though the above 3 could also be triggered by mulit-boxing, I'd imagine)
      6. Check if Windows is locked, screensaver's on, or if the monitor's in standby mode (see GetDevicePowerState if you don't believe me :p) but the character's still moving
      7. Check if Windows (and WoW) is running in a VirtualMachine
      8. Checking to see if action bars have been setup

      Detecting other accounts: (that might be related to a botting account)
      1. Possibly guild members
      2. Possibly people items/gold have been mailed to
      3. Possibly accounts characters have been transferred to/from
      4. Same computer name used
      5. Same IP address used
      6. Same computer MAC address used
      7. Same router MAC address used
      8. Same computer names on the network
      9. Same hardware signatures (device IDs)
      10. Same Windows install date and time
      11. Cookies left by Launcher (it uses a web browser component, to read in the news, I believe)
      12. Same "last modified" date/time stamp on (WoW) files
      13. Same browser footprint used to log in to BattleNet site (browser version, plugins, etc)
      14. Same contact/billing/username/password info for BattleNet accounts

      I'm not saying any 1 thing is enough for Blizzard to ban us, but these are all things they could use to strengthen their suspicions :p This also isn't a complete list, just some of the things I've thought up, if you doubt any of them I'd be more than happy to provide more info but you should also be able to Google for most of it.

      The reality is you could find away around all of the above, run a bad profile, get reported, have a GM watch you, and still get banned - you're never going to be 100% safe.

      Personally I've renamed my HonorBuddy.exe file to another very common app, have a separate BattleNet account for botting with different contact details and payment (vouchers), and I don't log my main account from the same IP as my bot account (I basically never log my main account anymore... just in case :p)

      Using something like WoWTunnels or WTFast might help with the IP issue - I don't think they'd ban EVERYONE using it, just because 1 person using it was botting (plus you can make it look like you're connecting from a different location).
       
    2. Altoids

      Altoids New Member

      Joined:
      Jul 21, 2011
      Messages:
      936
      Likes Received:
      8
      Trophy Points:
      0
      I read over your post but it certainly seems to me that 99% of what you posted is either well known or painfully obvious. Of course they could do alot of the things that you mentioned (track keypresses, mouse movements...) but what exactly is your point? Do you have a seperate program move your mouse and press keys for you just in case Blizz just happened to be monitoring your account/computer? Other than that literally using utilities to do that and to obscure the many other things that they COULD track, you're basically relying on the fact that Bliz doesn't want to try and track that on every machine that's running and therefore doesn't. They basically don't watch you until there's a reason - you've been reported by others, you've been playing for 3 weeks straight without a 'potty break' or something else along those lines...

      Just my .02 worth...
      PS. if running the honorbuddy executable was something Bliz was watching for, then there would be MANY more Ban reports daily...
       
      Last edited: Sep 2, 2011
    3. timotyman

      timotyman Member

      Joined:
      Jan 15, 2010
      Messages:
      733
      Likes Received:
      8
      Trophy Points:
      18
      Ways blizzard will ban you.
      -player reports.
       
    4. timotyman

      timotyman Member

      Joined:
      Jan 15, 2010
      Messages:
      733
      Likes Received:
      8
      Trophy Points:
      18
      And i am pretty sure it is illegal for them to check running processes.I might be wrong though.
       
    5. bob2k

      bob2k New Member

      Joined:
      Jul 22, 2011
      Messages:
      82
      Likes Received:
      2
      Trophy Points:
      0
      Altoids: I agree, no rocket science in my post, but it seems like a fair deal of people on these forums don't know most of it. And you and timotyman are right (and like I said), it just takes 1 report to get you banned. Although I didn't say it above, you're also right about if Blizzard was checking for "HonorBuddy.exe" - the reality is they could, and IF they were we would all know about it right away... so no, I don't think they're "detecting HonorBuddy" as some have said.

      timotyman: I believe that's what Warden started out doing... and they need not necessarily send that information back to Blizzard (which might be the "illegal" part), WoW (warden) could just check if running processes match their list and if so send a "warning" back to Blizz to investigate how you're playing or whatever. They also wouldn't be looking inside the programs (which Blizzard seems to think is breach of copyright, based on the argument they use against bot makers).
       
    6. shakazara

      shakazara New Member

      Joined:
      Jan 15, 2010
      Messages:
      212
      Likes Received:
      10
      Trophy Points:
      0
      To be honest, then there is 2 ways that is currently known to be discovered banning:
      1. Writing/injecting into wow's memory (Warden is only able to scan memory within the wow.exe file) - though a good warden protection should prevent it (when warden protection is not proper, that is when a banwave usually happens).
      2. A Player reporting you.

      Just to de-mistify, then wow does not scan outside it's own memory - therefor renaming the window is pretty useless (also if it wanted to check window names, then is can get the native window name pretty easily, so renaming wouldn't really help)
       
    7. jungly

      jungly New Member

      Joined:
      Apr 19, 2010
      Messages:
      394
      Likes Received:
      5
      Trophy Points:
      0
      They IP blacklist, dont believe me? read my previous ban thread, their customer service rep basically told me "that account was on a IP that has had previous bans" ... basically stating they IP blacklisted
       
    8. Dubbelu

      Dubbelu New Member

      Joined:
      May 13, 2011
      Messages:
      138
      Likes Received:
      0
      Trophy Points:
      0
      You're right, they can't do that anymore. But they can check for injected processes, altough they can't detect HB.
       
    9. shakazara

      shakazara New Member

      Joined:
      Jan 15, 2010
      Messages:
      212
      Likes Received:
      10
      Trophy Points:
      0
      They ip blacklist, but that is not enough to Ban you. They, however, doesn't just ip/MAC ban or blacklist without you actually being regularly banned on a account.
       
    10. jim87

      jim87 New Member

      Joined:
      Aug 26, 2011
      Messages:
      445
      Likes Received:
      7
      Trophy Points:
      0

      IP: you can safely say blizzard you're under an internet provider's NAT and you're not the only one who accesses with that IP which, in any case, periodically change.
      MAC address: it's a myth, WoW can't know your MAC address, as well as blizzard servers. Wow.exe can't access such information, Blizzard servers see at least the LAST MAC address in the row between you and their servers.
       
    11. bob2k

      bob2k New Member

      Joined:
      Jul 22, 2011
      Messages:
      82
      Likes Received:
      2
      Trophy Points:
      0
      jim87: technically WoW.exe can know your MAC address - they just need to run some code on your machine, as part of their EXE, to get it ;) But no, I don't think they do or are allowed to.
       
    12. Hogger

      Hogger New Member

      Joined:
      Jan 15, 2011
      Messages:
      54
      Likes Received:
      1
      Trophy Points:
      0
      Please remove this thread NOW!
      Blizzard is actively watching these forums.


      +

      This is common sense anyway...
       
    13. Wallid

      Wallid Member

      Joined:
      Feb 20, 2011
      Messages:
      33
      Likes Received:
      0
      Trophy Points:
      6
      Detecting HonorBuddy: (could also apply to other hacks/bots)
      1. Check to see if a program called "Honor Buddy" is running (in title of the application's window - or "Attached to WoW with ID" :/)
      2. Check to see if a program with the filename "HonorBuddy.exe" is running
      3. Check to see if any program has certain DLLs, such as "Tripper.Tools.dll", loaded
      4. Check to see if any program running has a certain checksum of any known "bad programs" (this is much less likely check, but still possible)

      I think all these ways are illegal?
       
    14. jim87

      jim87 New Member

      Joined:
      Aug 26, 2011
      Messages:
      445
      Likes Received:
      7
      Trophy Points:
      0
      In any case Triwire is there just to avoid Warden send infos, thus even if it detects HB, the latter will shut down the former first.
       
    15. bob2k

      bob2k New Member

      Joined:
      Jul 22, 2011
      Messages:
      82
      Likes Received:
      2
      Trophy Points:
      0
      Hogger: you want the thread deleted because it lists "common sense" that Blizzard might see? I assure you, they know everything I posted and FAR more... this thread isn't going to make a bit of difference to them detecting HB. If they're not detecting it, it's because they're not doing things for legal reasons (as Wallid just suggested) or for other reasons... not because they don't know how.
       
    16. eddie4

      eddie4 New Member

      Joined:
      Sep 16, 2010
      Messages:
      296
      Likes Received:
      8
      Trophy Points:
      0
      Blizzard doesn't want to destroy gold sellers if they wished to do that they could whit not 2 much effort. This is why most what blizzard does is to keep up apprentices and respond to player complaints.

      Detecting HonorBuddy:

      Not our job and the ppl from HB are pro's so don't worry

      Detecting Botters:

      Will require way to much processing power on blizzards part so isn't cost affective.

      Detecting other accounts:
      See my sig there is some info there about that.
       
    17. jungly

      jungly New Member

      Joined:
      Apr 19, 2010
      Messages:
      394
      Likes Received:
      5
      Trophy Points:
      0
      Read your guide. Question,

      Is this following safe to do ?

      BOTS vpn1 -> ingame mail matts to AuctionHouse vanilla lvl1 bankAlt on vpn2

      Eventually the bankalt will get banned from auctionhousing, but will they ever look at who mailed him the items, even though it came from different vpn?
       
    18. Dubbelu

      Dubbelu New Member

      Joined:
      May 13, 2011
      Messages:
      138
      Likes Received:
      0
      Trophy Points:
      0
      And I want the thread deleted because you gave a list of things they can't do, and post them like they are facts. Don't post something unless you do have the facts, unless your intention is to scare people.
       
    19. Dver

      Dver New Member

      Joined:
      Nov 20, 2010
      Messages:
      4
      Likes Received:
      0
      Trophy Points:
      0
      If anyone were EVER to be ban anyone by software detection (outside of obvious dll injection), you would be able to sue them cause they would have to snoop around your pc for processes/files which would practically be the same as infecting you with a backdoor for privacy laws...
       
    20. eZsp

      eZsp Member

      Joined:
      Aug 19, 2011
      Messages:
      58
      Likes Received:
      0
      Trophy Points:
      6
      "just merely a list of ways Blizzard *could*"

      I realise that most of the OP is speculation but this statement is most certainly un-true as many others have already pointed out. This thread should be deleted before more members are misinformed
       
    Thread Status:
    Not open for further replies.

    Share This Page