BOT Inquiry (Can't test so I need to ask)

[ProjectX 0]

I'm trying to have knowledge of how the openkore bot works, to be able to come up with something on how to prevent it. (Hopefully).
Coz just wondering that maybe Gepard got bypassed by some players since there are still lots of bots on the server I know. 

 

Here are some of the questions I want to know ~

 

~ Can both communicate to an NPC even if it's not visible on the screen? (They are both in the same MAP it is just that the NPC is not visible on screen because it's moving or changing coordinates.)

~ Can BOT identify the NPC on the screen (some kind of ID? How?) and click it or go to the location to communicate? 

 

Hopefully, someone knowledgeable can help answer this.
 

[KirieZ 78]

I am not an expert in OpenKore, but:

OpenKore (and any other bot that works by emulating client behavior/packets) works by receiving packets from server and sending other packets just like a normal RO client. But, not being the original RO client, it may send packets as it wishes.

 

Moving into your questions:

- ~ Can both communicate to an NPC even if it's not visible on the screen? (They are both in the same MAP it is just that the NPC is not visible on screen because it's moving or changing coordinates.)

 

Every unit (NPC, Player, Monster, Homun, Mercenary, ....) has a unique ID (what is called GID). Those IDs are sent to the client by Herc when you get near a unit, along with other info such as appearance and what kind of unit it is. When you click an NPC through the original client, the client sends a packet with something like "Hey Server, I clicked NPC ID X".

 

As official clients will make the npc disappear once it is a few cells aways, you won't be able to click an NPC that is far away or in another map. BUT this is just because your screen doesn't allow it.

 

OpenKore can still send this packet through the network, provided it knows the GID of the NPC, it has nothing preventing it to saying he wants to talk to that NPC in the other side of the map.

 

BUT, on the other hand, Hercules does have measures to prevent those kinds of exploits, it won't simply accept the client request. Before executing the NPC, hercules will ensure the player is close enough to that NPC.

 

So the answer is: It could try to, but it will be forced to be in acceptable distance in order to really work (due to Hercules checks)

 

 

~ Can BOT identify the NPC on the screen (some kind of ID? How?) and click it or go to the location to communicate?

I don't know the details inside OpenKore, but it will receive info on every unit that enters, moves or leaves the near area, because hercules has to send that to a normal client, and openkore does need that info if it wants to interact with something (because of the GID I mentioned before)

 

It is also able to communicate with NPCs, move to coordinates, and etc just like a normal client does. That's how it works in order to interact with RO world. It will send the same packets a normal client needs to send in order to perform the same operations.

 

It can even tell about NPCs that has invisible sprites if Hercules is sending them to the client  

 

Given that it knows the position of everything, telling if something is in the screen would be possible if you know your position and the other unit position, it is a simple distance in 2d space. also several clients (if not all) relies on Hercules sending enter/leave packets, which controls what is in the near area.

 

There might be features that are not fully coded in OpenKore, like some specific UI or things like that. But this would be more of a "not implemented yet" (just like Hercules misses some features the client has), rather than a "it can't do that"

 

 

Edit:

I think it is valuable to add that: OpenKore (and any other tool that imitates an official client) can do anything an official client can, with the addition that it is not limited to any constraint posed by client side logic (e.g. it is not limited by buttons in the UI, by information rendered in the screen, client-forced delays, etc). It is able to send any kind of data to server, whenever it wants. What prevents it from causing a complete chaos is that the server validates (or at least it should) everything to match what an official client should or should not do. And usually, those tools are coded in a way that at least it won´t be doing stuff server doesn´t accept, or it wouldn't work to begin with.

 

Hope this helps

Edited April 16, 2023 by KirieZ

[ProjectX 0]

22 hours ago, KirieZ said:

 

BUT, on the other hand, Hercules does have measures to prevent those kinds of exploits, it won't simply accept the client request. Before executing the NPC, hercules will ensure the player is close enough to that NPC.

 

So the answer is: It could try to, but it will be forced to be in acceptable distance in order to really work (due to Hercules checks)

Wow someone replied. Thank you so much. So based on this, BOT can Identify the NPC GID but needs to go near it so herc allow to send the packet. (do I need to code it or it is just the way it is right now without an extra script?)

 

 

22 hours ago, KirieZ said:

I don't know the details inside OpenKore, but it will receive info on every unit that enters, moves or leaves the near area, because hercules has to send that to a normal client, and openkore does need that info if it wants to interact with something (because of the GID I mentioned before)

 

It is also able to communicate with NPCs, move to coordinates, and etc just like a normal client does. That's how it works in order to interact with RO world. It will send the same packets a normal client needs to send in order to perform the same operations.

 

It can even tell about NPCs that has invisible sprites if Hercules is sending them to the client  

 

Given that it knows the position of everything, telling if something is in the screen would be possible if you know your position and the other unit position, it is a simple distance in 2d space. also several clients (if not all) relies on Hercules sending enter/leave packets, which controls what is in the near area.

 

There might be features that are not fully coded in OpenKore, like some specific UI or things like that. But this would be more of a "not implemented yet" (just like Hercules misses some features the client has), rather than a "it can't do that"

Hmm.. then maybe other distractions can also help fool the BOT like monsters and a constantly changing NPC to make it hard for the BOT to identify the GID.

[KirieZ 78]

2 hours ago, ProjectX said:

Wow someone replied. Thank you so much. So based on this, BOT can Identify the NPC GID but needs to go near it so herc allow to send the packet. (do I need to code it or it is just the way it is right now without an extra script?)

 

 

Hmm.. then maybe other distractions can also help fool the BOT like monsters and a constantly changing NPC to make it hard for the BOT to identify the GID.

the packet itself may be sent regardless of Herc allowing it or not. A packet is simply a message. The client may send it whenever it wants and with whatever content it wants. Herc will have to parse this message and process the action in it (if it thinks it should)

 

The distance check is performed by Herc by default. You can see here:

- NPC Clicked packet parsing: https://github.com/HerculesWS/Hercules/blob/stable/src/map/clif.c#L12795 (clif_parse_NpcClicked is where the packet for NPC Click gets parsed and an action is taken)

- Distance check in npc_click: https://github.com/HerculesWS/Hercules/blob/stable/src/map/npc.c#L1374

 

---

Not sure what you meant about monsters and changing NPCs, but note that the GID is not something hidden, simply getting near the NPC is enough to get their GID, because Hercules will give it. And GIDs are assigned during unit creation (e.g. monster spawn, NPC load, etc). And bots simply need the GID once they are close, so if they had to get close anyway, the GID is already there This is just how the client tells it is clicking something (instead of a name or something else, it uses this id).

 

Depending on what you are trying to achieve, extra NPCs and monster may help for very specific cases (help, not solve), but if there is a way to tell them apart via code, someone that knows how to touch a bot code can do it. As a general solution for botting, I am not so sure this would work

 

BOTs may also be coded to do whatever their user wants with the data they receive. For example, a long time ago I made a code to use OpenKore to generate NPC files for Herc as I played. If I clicked a npc, every dialog, menu, input, etc that I saw was written to a file

[ProjectX 0]

Thank you. That's actually the goal. BOT has everything it needs to send a packet, but having difficulty finding the right NPC unless you're human playing will make it hard to bypass the security.
Changing NPCs so it will have difficulty getting constant GID, and monsters around, if BOT is set up to attack all then it won't get a chance to find the NPC.

Also thinking of another way that is almost impossible to bypass using Webhook but is not supported atm. Not even sure if it can be integrated.

[ProjectX 0]

Additional question, can BOT read the entire NPC script? 
What about VARIABLES?

[KirieZ 78]

Not the script itself, it will be able to read what is being sent to the client. This is NOT the script, but messages (packets) to do the actions that the client has to see.

 

for example, when you a script like that:

 

prontera,150,123,4   script   Nice Npc    1_M_01,{
	mes("Hello");
  mes("How are you?");
  next();
  switch (select("Fine", "Bad")) {
  case 1:
     .@var = rand(100);
     mesf("Cool! %d", .@var);
     close();

  case 2:
     mes("That's bad");
     close();
  }
}

 

Let's go back to the NPC identification first, once the player character (regardless of being a real client or a bot) gets near the NPC, hercules will send something like:

- Hey, there is a unit of type NPC (GID: 1234, Sprite: 47) at coordinates 150,123 looking in direction 4. This NPC is named "Nice Npc".

 

The player clicks the NPC, and client sends:

- Hey server, I want to talk to unit 1234

 

Hercules will then process this request, see that the player is in distance and start executing the script, and thus will start sending messages telling the client what it needs to do:

- Hey, Show Message  "Hello"  (first mes)

- Hey, Show Message: "How are you?" (second mes)

- Hey, Show Next Button

 

At some point, the client will send a next clikcked input, and then Hercules:

- Hey, Show Menu: "Fine, "Bad"

 

Client will then send whether it clicked in 1 or 2, let's say the client says it clicked 1. Hercules wil lthen send:

- Hey, Show Message  "Cool! 50" --- Or any random number here ; note that the variable and "rand" didn't send info to the client

- Hey, Show Close Button

 

It won't send the script itself, but the stuff it needed for the client to show. It won't give script internals, like variables or function calls, but if there is something that does something in the client (e.g. render a message, show a next/close/menu, show a effect), these will be sent to the client in a message format that is suited for the communication.

 

Note that some things in this example were NOT sent to the client:

- Variables,

- The random itself -- only the result of the execution is

- The message for case 2 (we just clicked case 1, only case 1 will be sent)

 

You can check what is being sent to the client using packetlogger plugin (https://github.com/HerculesWS/StaffPlugins/tree/master/4144/packetlogger), it will dump every packet sent on the network to a file (in binary form, so some knowledge on how RO networking works would be required to actually understand everything).

 

 

The example I gave before that openkore could generate a script is that, if you pick all those "Hey, SHow MessagE" and write to a file as being a "mes("message")" , you kinda create the NPC back. it is not perfect, but except for the internal logic, you got all the messages, menus, effects, etc

[ProjectX 0]

That's good news if BOT can't read what's on the variable's value. What I'm going to do is encrypt a bot code and send it to a browser, the PHP will decrypt back the code, and the player will input the value to the input.

So let's say I have .@encrypted$ string which is an encrypted string of a real value of 5 digit numbers. (e.g 27524 will have an encrypted value of 5754565A57)
The user will get the decrypted value in the browser and will get a match if typed correctly in an NPC input.

Do you think BOT can bypass the encryption? Take note that this value is not displayed anywhere in the NPC dialog but the encrypted value is appended to the <URL> so PHP can decrypt it.

And this NPC is constantly moving around where only real players can follow and click. BOT can see the NPC ID but move to it's location is the issue since the location is changing every second, so if herc only allows a click when the bot is near the NPC then it will definitely give a hard time to the bot, especially on a time pressure situation

Edited April 19, 2023 by ProjectX

[KirieZ 78]

I think I should step back first and explain a few things:

 

Most things the bot can do requires someone that knows what they are doing. Making it talk to custom NPCs generally requires someone to do some advanced config telling it what do to. It is not simply "use this super cool npc" and it is ready. At the very least people would have to code the conversation sequence, etc.

 

And as more custom stuff is required, it will require more knowledge for the one coding it. And I may be totally wrong, but usually the amount of users with advanced knowledge is far smaller than the ones with very simple knowledge of setting a "kill monster and use storage" config.

 

If the target is to stop even the ones with advanced knowledge, most things you can do using Hercules only will be bypassable. If you are targeting the majority that has less knowledge, simply having a NPC may make it somewhat hard for a considerable amount of botters.

 

I think the main thing to keep in mind is that, the bot is simply another software, and it is coded in a programming language (openkore specifically is coded in Perl), anyone with knowledge to change it can code it to do anything the language allows them to, even outside RO scope (if there is a way to open a web page in perl, openkore could be coded to do it too).

 

General purpose antibot measures are hardly things made in the game itself, and it is hard to make it completely safe (and sometimes it becomes something too intrusive to the real players). Measures against packet-based bots tends to be changes in the client/server communication, like custom packet encryption, or requiring other protection software running together with the game, which performs checks in the user client/computer, etc. But these only targets some classes of bots, and even them may be bypassed if there is someone with the knowledge and desire to do so (Let's say, 0.1% of botters would be able to do it? or even less..).

 

When people limit the scope of what their cheat can do, they can even get more creative: I saw cases where people used image recognition to drive where their mouse will click, so you are not even touching the game in unnatural ways, but you get a limited scope as you have to make the image recognition pick exactly what you want (e.g. talking to a NPC gets much harder). keyboard/mouse macros are another case too (ok, this one wouldn't work to talk to NPCs, but works for hunting aggressive monsters, for example).

 

And this is more of a suggestion: be careful to not make something so intrusive that real players starts hating the antibot haha

 

----

 

Going back to your message,

 

If I understood it right, your NPC will be something like that:

.@theRealCode$ = ...;
.@encrypted$ = getMyEncryptedCode(.@theRealCode); // Imagine getMyEncryptedCode does the encryption work you mentioned
mesf("Go to <URL>Code Page<INFO>http://www.myserver.com/antibot?code=%s</INFO></URL> to get your code", .@encrypted$);
input(.@input$);

if (strcmp(.@theRealCode$, .@input$) == 0)
    mes("Ok, you are not a bot");
//...

If that's the case, as long as the bot user knows how to code the bot, they could read the message, make a request to this URL (which would have the encrypted code), get the value, and input it. Maybe if the URL shows the text inside an image will make it harder? probably, extracting text from image would be harder (not impossible, there are many OCR technologies today).

 

If the programmer has knowledge to do it, and it is feasible to programmatically do something, it can do, and may be even faster than a human at that. Note that this requires someone with programming knowledge, so as long as there isn't someone with knowledge who does it and give to everybody, you would be blocking people who are simply bot users with the basic knowledge of how to config it (which I think is the majority). But not someone that knows what they are doing.

 

[ProjectX 0]

Thanks. Love reading your insight. 

I just want to make sure the answer to my question about reading what's inside the variable.

if this is my variable .@encrypted$ in the NPC. Can BOT read its value?
Because if not, there's no way they can decrypt it. OR if they can they also need to decrypt it first because the value inside is also encrypted, the value exposed in the URL parameter needs to be decrypted as well before it shows on the webpage or before they know the real value. But of course, they can scrape maybe the value from the web page but that's something that requires more resources which maybe not worth it unless I have 2 to 5k unique players. 
 

 

Edited April 21, 2023 by ProjectX

[KirieZ 78]

It won´t be able to read the variable itself, but if the variable value is included in soemthing that is sent to the player (e.g. in a mes), it will be written in plain text there.

 

if .@encrypted$ is part of the url you are writing with mes command, it will be in the text.

 

.@encrypted$ = "lalala";

// Until now, .@encrypted$ is only visible to the server

.@urlForClient$ = "<URL>Code Page<INFO>http://www.myserver.com/antibot?code="  + .@encrypted$ + "</INFO></URL>";

// .@urlForClient$ is still only visible to the server, but it contains the value of .@encrypted$ inside it (Because we are concatenating)

mes("Go to " + .@urlForClient$ +"  to get your code"); // The text will be sent to the client, including the url, that includes the text in ".@encrypted$"
// The client doesn't know that there is a concat here, but it will receive a text like that:
// "Go to <URL>Code Page<INFO>http://www.myserver.com/antibot?code=lalala</INFO></URL> to get your code"
//
// Note the value originally in ".@encrypted$" is part of this text (because I concatenated it in the steps above).
// I only get the final text in client, but I could just search for "code=" and pick the value in front of it. Or search for "INFO>" and get the entire URL.

input(.@input$);

if (strcmp(.@theRealCode$, .@input$) == 0)
    mes("Ok, you are not a bot");
//...

 

But you are right that, this value being encrypted, the bot developer/user have to open the website and scrap the decrypted value that was shown in there.

[ProjectX 0]

Thank you for all the details. I have now the bot protection that uses all possible prevention mentioned here. 
Managed to prevent the scrapping as well by decrypting the bot code via API call. So the available bot code in the source code is still encrypted value.