Understanding How Bots Work

[jasignhagj]

You can't say Jagex isn't banning some bots. There are days I look at my Runetracker and I've gained ranks in a skill without even leveling it.

[SwreeTak]

I can agree with quite a lot of the posters in this thread. Certainly the "masses"'s usage of bots are irritating, but the big problem is the goldfarmers. These guys haven't got one or just a few bot/bots like most players, but instead they own and run huge amounts of them. They don't care about the rules and if some of their bots gets banned. They just want the profit they can make from selling the gold their bots produce. The goldfarmers won't stop unless Jagex takes some serious action, and doesn't make botting worth it.

I also think that some kind of bot-preventing client would be a good idea. I'm not an expert on the subject (rather the opposite) but I think that this might stop at least some of the players that uses bots from breaking the rules of the game. To have to work around the prevention will be a process that would probably decrease the amount of bots in the game.

Finally, a thank you to the poster, Urza285, for learning us all more about bots with his post.

[The Observer]

As others have pointed out, players have gotten through Warden so anything Jagex can implement can only be circumvented as well.

 

Yes, players can get through Warden, but why is there such a small number of bots compared to RuneScape? The cost and the graphics play a huge role. The cost is a lot compared to RuneScape. This makes it harder for bots to play. Ignoring the fact that Java can be easily reverse engineered, the graphics require at least a half decent computer to bot with, not to mention on RuneScape you can multilog. Try running two WoW clients at once and try not to lag. You would have to load about 5 RS clients at once in order to experience the same lag. Not to mention most bots would run on low detail anyway.

 

Overall, players don't understand the magnitude of what they are asking for. Botting is fairly easy in this game, and trying to remove them all is close to impossible.

[Kaida23]

You can't say Jagex isn't banning some bots. There are days I look at my Runetracker and I've gained ranks in a skill without even leveling it.

They're not necessarily being banned, Jagex has been doing a lot of skill rollbacks on people who bot. That way the person keeps playing and paying. It's more profitable than simply banning them.

[Urza285]

You can't say Jagex isn't banning some bots. There are days I look at my Runetracker and I've gained ranks in a skill without even leveling it.

They're not necessarily being banned, Jagex has been doing a lot of skill rollbacks on people who bot. That way the person keeps playing and paying. It's more profitable than simply banning them.

If you consider just the actual player who is botting to level up Jagex's skill-rollbacks are actually a decent idea. My perception of this is that they are making botting players climb a ladder that is ever moving downward and they are staying in the same location. What I wouldn't mind seeing is Jagex creating a public announcement (which would also be published in the Knowledge Base somewhere) to introduce, lay out and inform players of a system where they progressively roll back a botting players skills being misused. We all understand that once an account and any other accounts that were played on under the same IP are all red flagged for botting. We also know that players are also made to pay if they want their accounts unbanned. How, I don't necessarily understand and haven't seen anyone give a run down of how Jagex or the players interact to make this transaction.

 

Once this has been done I'm curious how Jagex might handle gold farm bots. My whole idea of IP banning everyone from China still sounds good, but I can understand that the financial downfall would really hurt Jagex and therefore isn't a viable option.

[Kaida23]

My whole idea of IP banning everyone from China still sounds good, but I can understand that the financial downfall would really hurt Jagex and therefore isn't a viable option.

It would also block legitimate players who live in China from being able to play.

[lordkafei]

You can't say Jagex isn't banning some bots. There are days I look at my Runetracker and I've gained ranks in a skill without even leveling it.

They're not necessarily being banned, Jagex has been doing a lot of skill rollbacks on people who bot. That way the person keeps playing and paying. It's more profitable than simply banning them.

 

They definitely roll back, and not just low to mid levels. I just checked my rankings for the first time in months, and I seem to have gone up a smidgen (7701), despite not having garnered meaningful XP since January.

 

Its not a matter of Jagex being unable to detect bots - its a matter of them being unwilling to do anything more punitive.

[n64jive]

Ip bans would not work because most home users have dynamic IP's, meaning they change pretty frequently.

 

A popular botting software is becoming more and more advanced. They are constantly coming up with new ways to cheat, including a new release that will map out the entire world of runescape with the ability to control walking to and from any location of the map. This will allow for more advanced bots, which will lead to activities that aren't commonly botted due to the complexity to be botted (see slayer, boss hunting, clues, etc)

 

As a Software/Hardware engineer that has recently experience integrating business models with video game engines(Unity), Jagex would not be able to make more of their system server side. Basically, any time you perform some action on runescape, you send a request to the server. The information is updated on the server, and an acknowledgement is sent back to the client, which then updates the client. Jagex has set this process to happen within intervals known as "game ticks", which occur at 600ms intervals.

 

The reason this can be processed this fast is because the data that needs to be sent is small. If Jagex hosted all id's and such within their server, all that information would need to be sent "over the wires" which would massively slow down the game. The way it is now, the requests can simply be sent, the request are processed by the server, and a request is sent back, which updates the graphic's properties of the client.

[Normalize]

Many players stance towards Jagex progress in the game in relation towards working together wholly to stop bots has been a big issue rose up in every Runescape community. Whether or not Jagex should halt their actual content update and put 110% effort into their bot stopping research is what a good portion of the community seems to be screaming for out of Jagex. The issue I see is that Jagex understands that there will always be botters in a way most players do not. I fail to believe that Jagex isn't looking for ways to deal with these abusive programs and players, though, but in doing so effectively its going to take some time and probably some cooperation that most players will not be willing to cooperate in and I'll explain that later. To give you an understanding of what a bot looks for in the game and use let me give you a few variables:

 

Variable #1: The game uses a coordinate system exactly the same to how clue scrolls work and every square on the map has a grid number. If you've played Runescape since the early days of RSC then you would definitely know that the jmods back in the day had a system available only to them where they could "teleport" to any location on the world map simply by entering a command phrase and the coordinates.

 

Variable #2: Each and every piece of content has a code number. That means a monkfish, the chair in the bank, your house altar, the grand exchange clerk, and the walls of the bank all have codes. What bots use in their programs are player side model identifiers using the model numbers. An example of how Jagex accidentally messed up botters with models and their numbers was during an update when they changed the models of the operating winch to go down into the living rock caverns. Bot programs can look up and render the models and know where to click by looking them up by their model numbers. Due to Jagex either changing this particular model bots got caught up in a misunderstanding of how to handle that particular model.

 

Variable #3: Everything that a bot needs is literally sent to your computer and stored in an encrypted file that is updated every time Jagex updates their servers. Because of this it makes it much easier for bot makers to correct their programs after updates. The only thing Jagex has done for this is threaten to use legal action through patents and claims of intellectual property, but this does little to actually prevent the bot makers from distributing their program. Jagex pay tear down sites, but in reality theyll just create another and keep distributing.

 

The real issue to botting, being the head of the beast, is really that Jagex has made runescape information mostly player side due to it being a browser-based game. So if Jagex wanted to proverbially cut the head off the beast it wouldnt be to take legal action against bot makers. That would be similar to cutting off the hydras heads, but not burning the stumps. Jagex needs to burn the stumps of the wound by making their game completely server side. To further boost their protection they could implement something similar to how World of Warcraft monitors bot usage. WoW uses a program called Warden that scans your computer for spyware programs (bot programs classify as spyware). I suppose Jagex could work on creating a way for players to access server side information through a client that has such a program running alongside it.

 

An issue Ive noticed the community has with handling this problem is that more often than not players do more complaining on Jagex way of handling the situation. Instead I believe we should be trying to work together to find a better foothold on how to help the community to understand how Jagex should be trying to correct the issue. By that I mean how Jagex could be controlling the variables mentioned. If we could get the community to understand how the bots work then we would at the very least have a legitimate reason to being angry with Jagex for not upping the ante on handling the botting issue. Should Jagex actually take in what Ive said here and gave players the option to play on a closed client I would be supportive and join in using it.

 

If anyone who is knowledgeable in creating these types of anti-botting software and Jagex capabilities to replicating their own feel free to contribute to the conversation.

 

 

ARE YOU KIDDING? Thats just crazy, you're out of your mind, not that many people.

[Urza285]

Ip bans would not work because most home users have dynamic IP's, meaning they change pretty frequently.

 

A popular botting software is becoming more and more advanced. They are constantly coming up with new ways to cheat, including a new release that will map out the entire world of runescape with the ability to control walking to and from any location of the map. This will allow for more advanced bots, which will lead to activities that aren't commonly botted due to the complexity to be botted (see slayer, boss hunting, clues, etc)

 

As a Software/Hardware engineer that has recently experience integrating business models with video game engines(Unity), Jagex would not be able to make more of their system server side. Basically, any time you perform some action on runescape, you send a request to the server. The information is updated on the server, and an acknowledgement is sent back to the client, which then updates the client. Jagex has set this process to happen within intervals known as "game ticks", which occur at 600ms intervals.

 

The reason this can be processed this fast is because the data that needs to be sent is small. If Jagex hosted all id's and such within their server, all that information would need to be sent "over the wires" which would massively slow down the game. The way it is now, the requests can simply be sent, the request are processed by the server, and a request is sent back, which updates the graphic's properties of the client.

I like what you had to contribute here. From what I read it seems that runescape may never truly recover from botters. I honestly wouldn't be too surprised to see botting clients so integrated to handle the majority of the world map.

[glasscube]

Jagex has all the means to stop bots, they just chose not to. The signed client has access to everything it needs (file writing, file reading, memory reading, etc etc). All they have to do is ax unsigned and put it in their ToS that they have every right to search your computer for hacks.

 

Heck, they could even check your browsing history with the signed client to see what sites you visited (Have you been on site X? banned). It would not be difficult at all for Jagex to check your hard drive for bot scripts.

 

My only guess is that they are afraid to lose customers because some techniques may invade user's privacy. But at this point I've quit RS entirely because Jagex hasn't done [cabbage] about the bots and maybe I may come back if they actually got off their ass. Maybe, I'm enjoying all my free time.

[WiFi]

Quick note: Jagex do not honestly care of getting rid of bots. They like that there are bots. True fact, you know how you can tell. They stopped banning people and started "Rolling-Back" accounts. They do this so the user will buy membership over and over. See the profits being made? There is no way to ultimately combat botting as amateur scripters can implement there own Chat Responder system into a bot. It isn't hard, especially for most people at PowerBot and RSBuddy, all you have to do is use the already pre coded methods. And if amateur scripters can write such codes then bots will become more and more complex in the not to distant future. Understanding how bots work is not hard at all if you have any basic Java language experience. The only reason someone such as us (non staff) would want to know how they work is to lure a bot by using a flaw in the bot.

[amitoz]

The simple solution is that Jagex needs to introduce bot-breaking updates frequently.

They can:

1. Download and use available botting programs to profile them

2. Develop new content and observe how the bots react.

3. Roll out new content days after a server reset and get all botters in one fell swoop.

4. Rinse and repeat, until the masses know it is no longer safe to bot.

The masses aren't the main problem. It's the gold farming companies that have thousands of bots running at any given time. They aren't worried about how "safe" it is to bot. They are only worried about their profits.

 

"They are only worried about their profits."

 

I think this speaks volumes for Jagex, as well.

[Bxpprod]

Businesses are about profit, first and foremost.

[wotmania505]

So, I'm kinda annoyed with the way people seem to think Jagex doesn't want to get rid of bots. I think its more likely that they would like to get rid of the bots (Yes, I am suggesting the Jagex still cares about the game, and not just the money), but that it would take far more effort than is feasible. Any method they implement will be circumvented within a matter of days or weeks, which is much shorter than the development time needed to produce such methods. If they devote too much of their effort to stopping bots (and not producing content), the game will stagnate and die, which is something I don't think anyone wants. So..... the situation seems hopeless, but not in a malicious way.

 

 

 

A couple more random thoughts I've been pondering while writing this (my mind tends to go off on tangents)

 

- Stat role-backs are not a method to stop gold-farmers, but rather a way to discourage legitimate players from breaking rules, and to punish otherwise well-meaning players without eliminating them entirely.

 

- stopping gold-farming bots requires not better anti-botting techniques, instead requires deincentivising purchasing gold/accounts

 

- the idea of program that monitors computer for botting programs seems like a viable idea, but seems like it would be easier to circumvent than it would be to maintain.

 

- Legal options are slim. While Jagex could make the case that botting is a breach of contract, or something else of the sort, actually proving it in any way or in any forum that matters would be nearly impossible. Plus, the actual creation and distribution of botting software is completely legal..

 

-Jagex is still producing fun and interesting content - at least for me :)

 

 

Alright, done musing. Continue with your conversation.

[Ts_Stormrage]

The true head of the snake is the scumbag that is actually buying gold from such companies...

 

In the past I mapped out a solution that would severely reduce the merits of botting, simply because of a "scare" factor...

[Urza285]

I don't necessarily believe in scare tactics. I'll check your link, though out of respect for your contribution.

[Makoto_the_Phoenix]

Jagex has all the means to stop bots, they just chose not to. The signed client has access to everything it needs (file writing, file reading, memory reading, etc etc). All they have to do is ax unsigned and put it in their ToS that they have every right to search your computer for hacks.

 

Heck, they could even check your browsing history with the signed client to see what sites you visited (Have you been on site X? banned). It would not be difficult at all for Jagex to check your hard drive for bot scripts.

 

My only guess is that they are afraid to lose customers because some techniques may invade user's privacy. But at this point I've quit RS entirely because Jagex hasn't done [cabbage] about the bots and maybe I may come back if they actually got off their ass. Maybe, I'm enjoying all my free time.

 

This post. Your signature. So much irony.

 

That aside, it would be invasive, since this gives them some legal right to monitor every activity you do on your computer - and I for one would probably sue.

[jasignhagj]

Jagex has all the means to stop bots, they just chose not to. The signed client has access to everything it needs (file writing, file reading, memory reading, etc etc). All they have to do is ax unsigned and put it in their ToS that they have every right to search your computer for hacks.

 

Heck, they could even check your browsing history with the signed client to see what sites you visited (Have you been on site X? banned). It would not be difficult at all for Jagex to check your hard drive for bot scripts.

 

My only guess is that they are afraid to lose customers because some techniques may invade user's privacy. But at this point I've quit RS entirely because Jagex hasn't done [cabbage] about the bots and maybe I may come back if they actually got off their ass. Maybe, I'm enjoying all my free time.

 

This post. Your signature. So much irony.

 

That aside, it would be invasive, since this gives them some legal right to monitor every activity you do on your computer - and I for one would probably sue.

You would sue? On what grounds? Jagex would write that they have the right to monitor your computer in the ToS, which you would have to agree to before playing.

[Lose No Hope]

Jagex has all the means to stop bots, they just chose not to. The signed client has access to everything it needs (file writing, file reading, memory reading, etc etc). All they have to do is ax unsigned and put it in their ToS that they have every right to search your computer for hacks.

 

Heck, they could even check your browsing history with the signed client to see what sites you visited (Have you been on site X? banned). It would not be difficult at all for Jagex to check your hard drive for bot scripts.

 

My only guess is that they are afraid to lose customers because some techniques may invade user's privacy. But at this point I've quit RS entirely because Jagex hasn't done [cabbage] about the bots and maybe I may come back if they actually got off their ass. Maybe, I'm enjoying all my free time.

 

This post. Your signature. So much irony.

 

That aside, it would be invasive, since this gives them some legal right to monitor every activity you do on your computer - and I for one would probably sue.

You would sue? On what grounds? Jagex would write that they have the right to monitor your computer in the ToS, which you would have to agree to before playing.

This.

The only grounds he would possibly have is if Jagex added it into the ToS without prompting the user to agree to the updated version.

[Makoto_the_Phoenix]

Jagex has all the means to stop bots, they just chose not to. The signed client has access to everything it needs (file writing, file reading, memory reading, etc etc). All they have to do is ax unsigned and put it in their ToS that they have every right to search your computer for hacks.

 

Heck, they could even check your browsing history with the signed client to see what sites you visited (Have you been on site X? banned). It would not be difficult at all for Jagex to check your hard drive for bot scripts.

 

My only guess is that they are afraid to lose customers because some techniques may invade user's privacy. But at this point I've quit RS entirely because Jagex hasn't done [cabbage] about the bots and maybe I may come back if they actually got off their ass. Maybe, I'm enjoying all my free time.

 

This post. Your signature. So much irony.

 

That aside, it would be invasive, since this gives them some legal right to monitor every activity you do on your computer - and I for one would probably sue.

You would sue? On what grounds? Jagex would write that they have the right to monitor your computer in the ToS, which you would have to agree to before playing.

This.

The only grounds he would possibly have is if Jagex added it into the ToS without prompting the user to agree to the updated version.

I would still sue. Just because it's in a ToS doesn't mean it would hold in court. Besides, you get into really sticky situations when you write that into a ToS - what about a computer with sensitive information on it? What about a public computer? Why would Jagex have the ability to override the Fourth Amendment, since I expect a reasonable amount of privacy when I use my personal computer?

 

Thankfully, I read these kinds of things so I would be wary that it had changed. However, there are a lot of people that wouldn't read it, and the legal ramifications from dealing with it would be more nightmarish than the problem it would try to solve.

 

 

[Lose No Hope]

Jagex has all the means to stop bots, they just chose not to. The signed client has access to everything it needs (file writing, file reading, memory reading, etc etc). All they have to do is ax unsigned and put it in their ToS that they have every right to search your computer for hacks.

 

Heck, they could even check your browsing history with the signed client to see what sites you visited (Have you been on site X? banned). It would not be difficult at all for Jagex to check your hard drive for bot scripts.

 

My only guess is that they are afraid to lose customers because some techniques may invade user's privacy. But at this point I've quit RS entirely because Jagex hasn't done [cabbage] about the bots and maybe I may come back if they actually got off their ass. Maybe, I'm enjoying all my free time.

 

This post. Your signature. So much irony.

 

That aside, it would be invasive, since this gives them some legal right to monitor every activity you do on your computer - and I for one would probably sue.

You would sue? On what grounds? Jagex would write that they have the right to monitor your computer in the ToS, which you would have to agree to before playing.

This.

The only grounds he would possibly have is if Jagex added it into the ToS without prompting the user to agree to the updated version.

I would still sue. Just because it's in a ToS doesn't mean it would hold in court. Besides, you get into really sticky situations when you write that into a ToS - what about a computer with sensitive information on it? What about a public computer? Why would Jagex have the ability to override the Fourth Amendment, since I expect a reasonable amount of privacy when I use my personal computer?

 

Thankfully, I read these kinds of things so I would be wary that it had changed. However, there are a lot of people that wouldn't read it, and the legal ramifications from dealing with it would be more nightmarish than the problem it would try to solve.

A possible response from them could be, "If you don't like our ToS, don't use our service."

 

I do agree with you that it would be a violation of privacy.

[jasignhagj]

http://www.truecrypt.org/

[Makoto_the_Phoenix]

http://www.truecrypt.org/

I use that all the time. It doesn't encrypt live memory though.

[Stev]

Jagex has all the means to stop bots, they just chose not to. The signed client has access to everything it needs (file writing, file reading, memory reading, etc etc). All they have to do is ax unsigned and put it in their ToS that they have every right to search your computer for hacks.

They start to use software to scan and search PCs for hacks and bot software, I'll write a bypass for it in under an hour.

 

:).