How Runescape Catches Botters And Why They Didnt Catch Me

From Fake News
Jump to: navigation, search

Player automation has always been a big concern in MMORPGs such as World of Warcraft and Runescape, and this kind of game-hacking is very different from traditional cheats in for example shooter games.



One weekend, I decided to take a look at the detection systems put in place by Jagex to prevent player automation in Runescape.



Botting



For the past months, an account named sch0u has been playing on world 67 around the clock doing mundane tasks such as killing mobs or harvesting resources. At first glance, this account looks just like any other player, but there is one key difference: it’s a bot.



I started this bot back in October with the goal of testing the limits of their bot detection system. I tried to find information online on how Jagex combats these botters, and only found videos of commercial bots bragging about how their mouse movement systems are indistinguishable from humans.



Therefore, the only thing I could deduce was that mouse movement matters, or does it? runescape wiki



Heuristics!



I started by analyzing the Runescape client to confirm this theory, and quickly noticed a global called hhk set shortly launch.



This installs a low level hook on the mouse by appending to the system-wide hook chain. This allows applications on Windows to intercept all mouse events, whether or not the events are related to your application. Low level hooks are frequently used by keyloggers, but have legitimate use cases such as heuristics like the aforementioned mouse hook.



The Runescape mouse handler is quite simple in its essence (the following pseudocode has been beautified by hand):



for bandwidth reasons, these rs::heuristics::log_* functions use simple algorithms to skip event data that resembles previous logged events.



This event data is later parsed by the function rs::heuristics::process, which is called every frame by the main render loop.



Away from keyboard?



While reversing, I put effort into knowing the relevance of the function I am looking at, primarily by hooking or patching the function in question. You can usually deduce the relevance of a function by rendering it useless and observing the state of the software, and this methodology lead to an interesting observation.



By preventing the game from calling the function rs::heuristics::process, I didn’t immediately notice anything, but after exactly five minutes, I was logged out of the game. Apparently, Runescape decides if a player is inactive by solely looking at the heuristic data sent to the server by the client, even though you can play the game just fine. runescape wiki This raised a new question: If the server doesn’t think I am playing, does it think I am botting?.



This lead to spending a few days reverse engineering the networking layer of the game, which resulted in my ability to bot almost anything using only network packets. runescape wiki



To prove my theory, I botted twenty four hours a day, seven days a week, without ever moving my mouse. After doing this for thousands of hours, I can safely state that their bot detection either relies on the heuristic event data sent by the client, or is only run when the player is not “afk”. Any player that manages to play without moving their mouse should be banned immediately, thus making this oversight worth revisiting.

Retrieved from "https://fakenews.win/index.php?title=How_Runescape_Catches_Botters_And_Why_They_Didnt_Catch_Me&oldid=2423338"