Jump to content

21-Oct-2011 - Bot-Busting and Bonuses For All


Octarine

Recommended Posts

I think the important thing is if Jagex can keep coming up with updates like these to keep the bot makers on their toes or make it such that coding the bots will require an insane amount of time and effort. I am happy with this update based on purely hearsay, we will see what happens in the coming days.

Link to comment
Share on other sites

  • Replies 344
  • Created
  • Last Reply

Top Posters In This Topic

Found this on a bot website, looks like Jagex actually did something quite substantial. I doubt this will keep them away forever, but it'll take a LOT of resources to get around (if I understand what they're saying)

EDIT: Imeant to put this in the other topic. I'll leave this here anyway.

the array is just an Object[][]

 

Jagex is just down right cruel... I wonder how they manage to program like that, seems pretty obscure.

crossed_body.png
Link to comment
Share on other sites

3. Lots and lots of people realizing their 9 year old cousin botted on their main account over the summer while they were away helping the orphans in Africa. Expect lots of threads pointing out this injustice.

 

Ok -- I LOL'd IRL ... :lol:

 

But, here's a question for you (or anyone else who wants to answer it) -- at what level will you accept Clusterflutterer to be a "success"? Only if it manages to eliminate 98% of all bots AND these accounts and all correlated accounts are permanently banned?

 

Are you willing to accept less and just appreciate the effort? :unsure:

Right now, Jagex says that the changes will stop 98% of the current bots. Now, assuming they're honest after the fact, that should mean around 100,000 bots active at any one time. Again, I assume that's the number of bots messed up after each update only this time they stay messed up. If it's not near 100k, then I'd consider it a failure.

 

Now, how they treat those that they've identified is another tale. I don't mind rollbacks cause it does the same as banning and starting a new character for most. That's assuming they're just botting for levels and not gold farming for RWT.

If 98% of bots are stopped and you expect 100k bots active at any one time, then you're saying that 50 x 100k = 5m bots are active at any one time. That makes no sense.

Bots don't need to log off after long hours. That 100k could represent just the computers set up for botting with accounts rotating through them. There's no telling how many throw away accounts are on that. However, if the average number of active players at any one time is now about 50% of the average over the last year, I think it'd be safe to say that Jagex did its intended change. Right now 93k players are online, so what was that like over the last week at this time? Of course, I'm more interested in what happens in four weeks when what Jagex actually did is better understood.

 

There'll still be bots, but new methods will need to be found to circumvent both Jagex auto detection and basic player tricks to mess up the bots.

nukemarine.png

Learn how to Learn Japanese on your own - Nukemarine's Suggested Guide for Beginners in Japanese
Stop Forgetting Stuff for College and Life - Anki - a program which makes remembering things easy
Reach Elite Fitness - CrossFit

Link to comment
Share on other sites

So they haven't really done anything that inventive. They just dumped everything into a giant Object[][]. They probably have some code generation tool for it.

 

But really, it doesn't really prevent the botmakers from doing anything; they'll just need to be really aggressive now. I can totally see some smart person using bytecode instrumentation - almost like a profiler - to intercept any constructor calls and maintaining private references to everything. And it doesn't prevent reverse engineering of the network protocol.

 

Moreover, there are definitely performance issues. If they dumped every single object into an Object[][], how will garbage collection function? Maybe they're using something from java.lang.ref instead. Otherwise, they need to explicitly release every single object reference, to prevent unholy memory leakage.

This is practically like explicit memory management, in a language that has memory management built in. Even in compiled high-level languages, the heap taken care of by the compiler. It's a very interesting, albeit limiting, approach they've taken.

 

Also, I think they just made it impossible for them to use generics.

 

Anyway, I used to report + - 10 botters a day (minimum) and I chat alot so I don't show bot behaviour in any way.

 

It's not exactly a mark of a bot if you don't talk. This has been discussed to death.

It's a mark of not being a bot if you talk. Not talking is not the mark of a bot.

 

It's not, though. Like I said, it's been discussed to death. Many of the more popular scripts have 'human-like' actions programmed into it, like bankstanding for a small amount of time, periodically examining people and objects, turning the camera, and talking.

Well, if I'm talking in HYT chat constantly, and I make sense, either I'm a person or the best chatting AI ever invented; and I should be working for google designing their next advance in search algorithms, having passed the Turing test... I'm not talking about Siri like intelligence - responding to queries about my levels and what not - but actual intelligence.

 

Of course, there could be bots that allow chatting while botting :s

 

3. Lots and lots of people realizing their 9 year old cousin botted on their main account over the summer while they were away helping the orphans in Africa. Expect lots of threads pointing out this injustice.

 

Ok -- I LOL'd IRL ... :lol:

 

But, here's a question for you (or anyone else who wants to answer it) -- at what level will you accept Clusterflutterer to be a "success"? Only if it manages to eliminate 98% of all bots AND these accounts and all correlated accounts are permanently banned?

 

Are you willing to accept less and just appreciate the effort? :unsure:

Right now, Jagex says that the changes will stop 98% of the current bots. Now, assuming they're honest after the fact, that should mean around 100,000 bots active at any one time. Again, I assume that's the number of bots messed up after each update only this time they stay messed up. If it's not near 100k, then I'd consider it a failure.

 

Now, how they treat those that they've identified is another tale. I don't mind rollbacks cause it does the same as banning and starting a new character for most. That's assuming they're just botting for levels and not gold farming for RWT.

If 98% of bots are stopped and you expect 100k bots active at any one time, then you're saying that 50 x 100k = 5m bots are active at any one time. That makes no sense.

Bots don't need to log off after long hours. That 100k could represent just the computers set up for botting with accounts rotating through them. There's no telling how many throw away accounts are on that. However, if the average number of active players at any one time is now about 50% of the average over the last year, I think it'd be safe to say that Jagex did its intended change. Right now 93k players are online, so what was that like over the last week at this time? Of course, I'm more interested in what happens in four weeks when what Jagex actually did is better understood.

 

There'll still be bots, but new methods will need to be found to circumvent both Jagex auto detection and basic player tricks to mess up the bots.

You still haven't explained things in a way that makes sense to me. If there are 100k computers set up for botting, each with multiple accounts, then the number of bots shoots up to an even higher and more ludicrous number.

 

Fact is, on the rs front page we see how many players are online at one point. I don't ever remember seeing anything over 1m, much less 5m. It doesn't matter how many throwaway accounts they have or mules; 100k botting accounts active at any time after a 98% reduction implies an original steady bot population of 5 million.

Link to comment
Share on other sites

So they haven't really done anything that inventive. They just dumped everything into a giant Object[][]. They probably have some code generation tool for it.

 

But really, it doesn't really prevent the botmakers from doing anything; they'll just need to be really aggressive now. I can totally see some smart person using bytecode instrumentation - almost like a profiler - to intercept any constructor calls and maintaining private references to everything. And it doesn't prevent reverse engineering of the network protocol.

 

Moreover, there are definitely performance issues. If they dumped every single object into an Object[][], how will garbage collection function? Maybe they're using something from java.lang.ref instead. Otherwise, they need to explicitly release every single object reference, to prevent unholy memory leakage.

This is practically like explicit memory management, in a language that has memory management built in. Even in compiled high-level languages, the heap taken care of by the compiler. It's a very interesting, albeit limiting, approach they've taken.

 

Also, I think they just made it impossible for them to use generics.

True. Disabling the garbage collection is a gutsy move, especially when java isn't very well known for manual memory management.

crossed_body.png
Link to comment
Share on other sites

So they haven't really done anything that inventive. They just dumped everything into a giant Object[][]. They probably have some code generation tool for it.

 

But really, it doesn't really prevent the botmakers from doing anything; they'll just need to be really aggressive now. I can totally see some smart person using bytecode instrumentation - almost like a profiler - to intercept any constructor calls and maintaining private references to everything. And it doesn't prevent reverse engineering of the network protocol.

 

Moreover, there are definitely performance issues. If they dumped every single object into an Object[][], how will garbage collection function? Maybe they're using something from java.lang.ref instead. Otherwise, they need to explicitly release every single object reference, to prevent unholy memory leakage.

This is practically like explicit memory management, in a language that has memory management built in. Even in compiled high-level languages, the heap taken care of by the compiler. It's a very interesting, albeit limiting, approach they've taken.

 

Also, I think they just made it impossible for them to use generics.

True. Disabling the garbage collection is a gutsy move, especially when java isn't very well known for manual memory management.

 

Garbage collection isn't disabled, per se - it's just so clamped down now that it can't help but be considered disabled. If the memory locations are explicitly released then there won't be much of an issue, but that essentially turns Java's memory management scheme into C++.

 

On to the actual Object[][]: It's just given bot makers a really interesting problem to solve. Given enough time, it will be overcome. I'm not sure what this would accomplish for the long run yet.

Linux User/Enthusiast Full-Stack Software Engineer | Stack Overflow Member | GIMP User
s1L0U.jpg
...Alright, the Elf City update lured me back to RS over a year ago.

Link to comment
Share on other sites

Garbage collection isn't disabled, per se - it's just so clamped down now that it can't help but be considered disabled. If the memory locations are explicitly released then there won't be much of an issue, but that essentially turns Java's memory management scheme into C++.

 

On to the actual Object[][]: It's just given bot makers a really interesting problem to solve. Given enough time, it will be overcome. I'm not sure what this would accomplish for the long run yet.

 

An array of Object[][] is actually very hard to get around. The botter has to figure out the PRECISE object layout, since the type is (hopefully) hidden on the server. Also, properly encyrpting and randomizing the layout of the object array would make it difficult.

 

The thing is, yes, you can crack the object array. But how difficult is it? Can jagex just shift things again and make you have to do the same amount of work on your end for little work on theirs...

 

Being able to typecast out the object array is a very useful feature for explicitly hiding the contents of the object from the calling code.

Serena_Sedai.png
Maxed since Sunday, January 9th, 2014
Completionist since Wednesday, June 4th, 2014

Link to comment
Share on other sites

Garbage collection isn't disabled, per se - it's just so clamped down now that it can't help but be considered disabled. If the memory locations are explicitly released then there won't be much of an issue, but that essentially turns Java's memory management scheme into C++.

 

On to the actual Object[][]: It's just given bot makers a really interesting problem to solve. Given enough time, it will be overcome. I'm not sure what this would accomplish for the long run yet.

 

An array of Object[][] is actually very hard to get around. The botter has to figure out the PRECISE object layout, since the type is (hopefully) hidden on the server. Also, properly encyrpting and randomizing the layout of the object array would make it difficult.

 

The thing is, yes, you can crack the object array. But how difficult is it? Can jagex just shift things again and make you have to do the same amount of work on your end for little work on theirs...

 

Being able to typecast out the object array is a very useful feature for explicitly hiding the contents of the object from the calling code.

 

... which begs the question -- just how HARD is it to break?

 

One of the comments from bot-makers was that, the reason why so many people botted Runescape was because it was so easy to do. But what now? It's not so easy anymore.

 

Is this the virtual lock that's so difficult to get past that it prompts the burglar to just move along to the next house?

 

:unsure:

nyuseg.png

Link to comment
Share on other sites

Biyaunte, we don't know. Our best bet is to wait and see - there really hasn't been many MMO precedents.

 

This is one of the few instances where a company has stood out and said, "alright, bots are a problem. Let's see what we can do to fix it." That, in itself, is impressive. What remains to see is to see how hard the botting companies push back. There are websites who are stating that they'll be back in business within the end of the week. Whether that's also propaganda ...

 

Well, you decide.

Link to comment
Share on other sites

Well, there are definitely performance issues. I actually had to switch to low graphics in w60 today, got about 2 fps with my usual(max) settings. I didn't even get that in w2 ge before.

 

 

That said, remember to spy your pengs today! Only about 5 hours left if you want to be able to get triple instead of just double points!

Link to comment
Share on other sites

Biyaunte, we don't know. Our best bet is to wait and see - there really hasn't been many MMO precedents.

 

This is one of the few instances where a company has stood out and said, "alright, bots are a problem. Let's see what we can do to fix it." That, in itself, is impressive. What remains to see is to see how hard the botting companies push back. There are websites who are stating that they'll be back in business within the end of the week. Whether that's also propaganda ...

 

Well, you decide.

 

I am hardly in a position to make a decision on behalf of any botting group as to whether or not they've got the props to take up Jagex's anti-bot gauntlet.

 

But I do wonder how long these bot "companies" can operate without a revenue stream and, at what point do they say "[bleep] it, time to move on to easier prey ..." :unsure:

 

... and my name is "B-L-Y-A-U-N-T-E" ... <_<

nyuseg.png

Link to comment
Share on other sites

Biyaunte, we don't know. Our best bet is to wait and see - there really hasn't been many MMO precedents.

 

This is one of the few instances where a company has stood out and said, "alright, bots are a problem. Let's see what we can do to fix it." That, in itself, is impressive. What remains to see is to see how hard the botting companies push back. There are websites who are stating that they'll be back in business within the end of the week. Whether that's also propaganda ...

 

Well, you decide.

 

Other companies have made a stand, however not a public one. There are all kinds of spywaretools that they have made to help prevent running bot programs (Warden from WoW for example). But none of them made a public stand and said "enough is enough."

 

However, I don't think the issue was as large. Take a look at the F2P populations.. Some worlds are <100 players... that hasn't happened since classic (that I recall)

 

About the non-english servers, they rarely had bots on them. Most bots ran on the english servers...

Edited by Serena_Myr

Serena_Sedai.png
Maxed since Sunday, January 9th, 2014
Completionist since Wednesday, June 4th, 2014

Link to comment
Share on other sites

Take a look at the F2P populations.. Some worlds are <100 players... that hasn't happened since classic (that I recall)

It's quite common on the foreign language servers, especially the German ones, but you're right, it's very rare on the English servers.

 

Edit: I've also noticed that w1 hasn't been full since the update yesterday.

 

f2punitedfcbanner_zpsf83da077.png

THE place for all free players to connect, hang out and talk about how awesome it is to be F2P.

So, Kaida is the real version of every fictional science-badass? That explains a lot, actually...

Link to comment
Share on other sites

I am hardly in a position to make a decision on behalf of any botting group as to whether or not they've got the props to take up Jagex's anti-bot gauntlet.

 

But I do wonder how long these bot "companies" can operate without a revenue stream and, at what point do they say "[bleep] it, time to move on to easier prey ..." :unsure:

 

... and my name is "B-L-Y-A-U-N-T-E" ... <_<

 

Oh. My bad. Read your name as Biyaunte the first time and it sort of stuck. :blink:

Link to comment
Share on other sites

About the non-english servers, they rarely had bots on them. Most bots ran on the english servers...

That's why so many people felt like they had been driven onto the foreign servers by bots. I know I did sometimes. <_<

 

f2punitedfcbanner_zpsf83da077.png

THE place for all free players to connect, hang out and talk about how awesome it is to be F2P.

So, Kaida is the real version of every fictional science-badass? That explains a lot, actually...

Link to comment
Share on other sites

That's why so many people felt like they had been driven onto the foreign servers by bots. I know I did sometimes. <_<

 

Yeah.. The surprising thing is to see just how MANY of the F2P characters weren't legitimate. I mean, I watched the spam/adbot videos, but I didn't realize just how bad it really was :o

Serena_Sedai.png
Maxed since Sunday, January 9th, 2014
Completionist since Wednesday, June 4th, 2014

Link to comment
Share on other sites

It seems that most of the high rank obvious fishing bots have now been removed (although the top one is still around at the time of posting). However, the other stats where the high end of the hiscores was overloaded with bots still are flooded with them (even though a few names have vanished). Let's hope that they see more action over the next few days, in order to clear these hiscores as well. :)

I created a new account following the tip it hack thing as I was unable to retrieve my old account due to it being registered with an email address that ceased to exist in 2007.

 

My previous username was Amethyst Gem

Link to comment
Share on other sites

So they haven't really done anything that inventive. They just dumped everything into a giant Object[][]. They probably have some code generation tool for it.

 

But really, it doesn't really prevent the botmakers from doing anything; they'll just need to be really aggressive now. I can totally see some smart person using bytecode instrumentation - almost like a profiler - to intercept any constructor calls and maintaining private references to everything. And it doesn't prevent reverse engineering of the network protocol.

 

Moreover, there are definitely performance issues. If they dumped every single object into an Object[][], how will garbage collection function? Maybe they're using something from java.lang.ref instead. Otherwise, they need to explicitly release every single object reference, to prevent unholy memory leakage.

This is practically like explicit memory management, in a language that has memory management built in. Even in compiled high-level languages, the heap taken care of by the compiler. It's a very interesting, albeit limiting, approach they've taken.

 

Also, I think they just made it impossible for them to use generics.

True. Disabling the garbage collection is a gutsy move, especially when java isn't very well known for manual memory management.

 

Garbage collection isn't disabled, per se - it's just so clamped down now that it can't help but be considered disabled. If the memory locations are explicitly released then there won't be much of an issue, but that essentially turns Java's memory management scheme into C++.

 

On to the actual Object[][]: It's just given bot makers a really interesting problem to solve. Given enough time, it will be overcome. I'm not sure what this would accomplish for the long run yet.

It's far, far, FAR less efficient than C++'s manual garbage collection.

 

Jagex basically needs to keep track of objects and release them manually. Essentially, think of its this way: before, a garbage collector went around picking up garbage. Now, we have two parallel universes. The moment one garbage collector - Jagex's - picks up a piece of garbage, it is magically transferred to the parallel universe. Then, Java's garbage collector picks it up and releases memory (recycles it). Ignore double finalization.

This is obviously highly inefficient.

 

I've thought of another thing. Mountains of data have shown that most objects are "dead" moments after creation. Modern GC is tuned for this; they segment objects into generations. Basically, you have new - aka eden - mid, and old generations. Normal behavior involves the garbage collector prioritizing checking eden first - because that's where all the garbage is!

 

Now, I don't know how good Jagex's garbage collection scheme is. I don't expect it to exactly be optimal; which would involve immediate release moments after the object is no longer used. In any case, they've probably flipped the paradigm around which GC is designed upside down. It's almost as if people suddenly decided to move all their garbage cans into 50 foot sequoia trees. The garbage collector will scratch his head, wonder where all the garbage is; and when the heap grows too large, will eventually invoke "stop the world" - a full stop to execution and a full graphing of references. Pause times for this often run into thousands of milliseconds...

 

Garbage collection isn't disabled, per se - it's just so clamped down now that it can't help but be considered disabled. If the memory locations are explicitly released then there won't be much of an issue, but that essentially turns Java's memory management scheme into C++.

 

On to the actual Object[][]: It's just given bot makers a really interesting problem to solve. Given enough time, it will be overcome. I'm not sure what this would accomplish for the long run yet.

 

An array of Object[][] is actually very hard to get around. The botter has to figure out the PRECISE object layout, since the type is (hopefully) hidden on the server. Also, properly encyrpting and randomizing the layout of the object array would make it difficult.

 

The thing is, yes, you can crack the object array. But how difficult is it? Can jagex just shift things again and make you have to do the same amount of work on your end for little work on theirs...

 

Being able to typecast out the object array is a very useful feature for explicitly hiding the contents of the object from the calling code.

 

Well, you could always instanceof the objects in question through a ton of known types. Or, you could try reflection on the object itself. Jagex broke reflection using obfuscation, and not, if the info we have is correct, by actually prohibiting reflection.

 

Here's how you get type:

 

Object o = Main.ClusterFlutterer[234][567];

Class c = o.getClass();

 

Can you explain how you would typecast out the object array? Don't you eventually have to dereference the object to do anything to it? And how would you have type stored on the server?

 

EDIT: I just got it, Object[] are a subclass of Object, and Object[][] are a subclass of Object[] and Object, etc. But I still need some help seeing how that helps.

 

And does anyone think it wouldn't be a bad idea to split off all the technical discussion?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.