Jedzkie 58 Posted August 22, 2014 Hi! As we've all known, Ragnarok servers are problematic about BOTS since years ago, but how can we prevent this? Well i have a suggestion regarding on that matter. I don't know if this is possible or not, but i think this is the only way we prevent BOT programs to ruin our server. How about implementing a system that checks if the PLAYER/CHARACTER uses the client to login in the game. For example, Run client -> Type Credentials -> Server checks if the user uses the client -> If (NOT) Disconnected from the Server else Login to the Game I just noticed on some servers even there are harmony installed in their system, some players can still run BOTS. Hopefully my suggestion will implement in the future. Thank you. 1 neil413 reacted to this Quote Share this post Link to post Share on other sites
evilpuncker 504 Posted August 22, 2014 bots can mask everything, that is why they are unstoppable Quote Share this post Link to post Share on other sites
Jedzkie 58 Posted August 22, 2014 bots can mask everything, that is why they are unstoppable Mask everything? even there are checks like that, bots can still login? O_O Quote Share this post Link to post Share on other sites
evilpuncker 504 Posted August 22, 2014 bots can mask everything, that is why they are unstoppable Mask everything? even there are checks like that, bots can still login? O_O yes, that is why we can't really block them 100% since they came out Quote Share this post Link to post Share on other sites
Dastgir 1246 Posted August 22, 2014 bots can mask everything, that is why they are unstoppable Mask everything? even there are checks like that, bots can still login? O_O yes, that is why we can't really block them 100% since they came out Make some hooks which send a completely unique packet id(over a range like from 0x1000 to 0x1111) with some data, which in return, client should return a data which contains encrypted player's data like IP/Mac and validate it server side. Can Assure you 99.9% Botters cannot bot because of this system(unless the system is leaked to the experts and they want to REALLY modify the openKore and bot in your server, which is as low as 0.001% Chance) 3 Hiraeth, anacondaq and karazu reacted to this Quote Share this post Link to post Share on other sites
karazu 33 Posted August 22, 2014 bots can mask everything, that is why they are unstoppable Mask everything? even there are checks like that, bots can still login? O_O yes, that is why we can't really block them 100% since they came out Make some hooks which send a completely unique packet id(over a range like from 0x1000 to 0x1111) with some data, which in return, client should return a data which contains encrypted player's data like IP/Mac and validate it server side. Can Assure you 99.9% Botters cannot bot because of this system(unless the system is leaked to the experts and they want to REALLY modify the openKore and bot in your server, which is as low as 0.001% Chance) Give me! Quote Share this post Link to post Share on other sites
Jedzkie 58 Posted August 23, 2014 bots can mask everything, that is why they are unstoppable Mask everything? even there are checks like that, bots can still login? O_O yes, that is why we can't really block them 100% since they came out Make some hooks which send a completely unique packet id(over a range like from 0x1000 to 0x1111) with some data, which in return, client should return a data which contains encrypted player's data like IP/Mac and validate it server side. Can Assure you 99.9% Botters cannot bot because of this system(unless the system is leaked to the experts and they want to REALLY modify the openKore and bot in your server, which is as low as 0.001% Chance) Give me! LOL! Quote Share this post Link to post Share on other sites
anacondaq 55 Posted August 24, 2014 Hi! As we've all known, Ragnarok servers are problematic about BOTS since years ago, but how can we prevent this? Well i have a suggestion regarding on that matter. I don't know if this is possible or not, but i think this is the only way we prevent BOT programs to ruin our server. How about implementing a system that checks if the PLAYER/CHARACTER uses the client to login in the game. For example, Run client -> Type Credentials -> Server checks if the user uses the client -> If (NOT) Disconnected from the Server else Login to the Game I just noticed on some servers even there are harmony installed in their system, some players can still run BOTS. Hopefully my suggestion will implement in the future. Thank you. The biggest mistake of any "anti-bot" feature is saying about that in public, or adding that to the sources without encryption. Why? Because one of the opencore developers here, at our community, and all "old fags" know them. The only one solution to block bots, it's find a way to make traffic ecnryption. (Sure, i'm talking about packet based bots (opencore, other differnt rops plugins). But mostly, players, and i'm sure 90% of the different adminds, don't hear about dll based (loaded via cps.dll) bots with the very easy logic what playing via ragnarok window. 1 Hiraeth reacted to this Quote Share this post Link to post Share on other sites
mleo1 36 Posted September 26, 2014 How about add captcha to antibots script rathena.org/board/topic/98175-recaptchait would be demotivational Quote Share this post Link to post Share on other sites
Dastgir 1246 Posted September 26, 2014 How about add captcha to antibots script rathena.org/board/topic/98175-recaptcha it would be demotivational still can bot, remember, those links are sended by mes command which are read by openkore, and they can see link, go to that link, and enter captcha. But I agree,it would be demotivational. Quote Share this post Link to post Share on other sites
Zirius 1 Posted September 26, 2014 How about add captcha to antibots script rathena.org/board/topic/98175-recaptcha it would be demotivational still can bot, remember, those links are sended by mes command which are read by openkore, and they can see link, go to that link, and enter captcha. But I agree,it would be demotivational. Bro, I wanna know how could still be bypassable by bot. reCaptcha is an external captcha. Unless, openkore could create script that answers reCaptcha successfully. Quote Share this post Link to post Share on other sites
GmOcean 92 Posted September 26, 2014 There already programs / bots that can answer reCaptcha successfully 100% of the time. All openkore needs to do is borrow that code or hook into those programs. Very easily done for a group of people dedicated to making these bots work. Quote Share this post Link to post Share on other sites
Dastgir 1246 Posted September 27, 2014 There already programs / bots that can answer reCaptcha successfully 100% of the time. All openkore needs to do is borrow that code or hook into those programs. Very easily done for a group of people dedicated to making these bots work. If still they dont code, they can do like, if mes appear, they will be alerted by sound on pc, which can help them to see npc chat on openkore, and the npc message will be somethijg like, <LINK> recaptcha link </LINK> and so, making the link visible to openkore, so they can open up that link, enter recaptcha, and continue botting. Quote Share this post Link to post Share on other sites
Zirius 1 Posted September 27, 2014 (edited) There already programs / bots that can answer reCaptcha successfully 100% of the time. All openkore needs to do is borrow that code or hook into those programs. Very easily done for a group of people dedicated to making these bots work. Thanks! I'm not aware that reCaptcha is already bypassable. But actually, I cannot find any program you are referring to. There already programs / bots that can answer reCaptcha successfully 100% of the time. All openkore needs to do is borrow that code or hook into those programs. Very easily done for a group of people dedicated to making these bots work. If still they dont code, they can do like, if mes appear, they will be alerted by sound on pc, which can help them to see npc chat on openkore, and the npc message will be somethijg like, <LINK> recaptcha link </LINK> and so, making the link visible to openkore, so they can open up that link, enter recaptcha, and continue botting. But that stops botting if the player is not online. After all, the big use of bot is if the user is not in front of his PC. Hence, majority of the job is done. There could be lots of improvement to that antibot. I believe external captcha is key to prevent these bots. Edited September 27, 2014 by Zirius Quote Share this post Link to post Share on other sites
Beret 50 Posted October 2, 2014 At aegis have a system that leaves the exp and drop 0% if the player does not stop playing, this was done on aegis more for a measure to prevent bots that spend all night picking up items and gaining exp for the character. I posted a little while to be added in hercules this system. http://herc.ws/board/topic/2063-stop-message-play/ Quote Share this post Link to post Share on other sites
GmOcean 92 Posted October 2, 2014 I believe there was a client patch released a while ago that disables those messages, since it's in the official client. Coding the 0exp and 0drop wouldn't be that hard to do. Just add it as a permission and change the player's permission until they logout. Quote Share this post Link to post Share on other sites
Dastgir 1246 Posted October 2, 2014 At aegis have a system that leaves the exp and drop 0% if the player does not stop playing, this was done on aegis more for a measure to prevent bots that spend all night picking up items and gaining exp for the character. I posted a little while to be added in hercules this system. http://herc.ws/board/topic/2063-stop-message-play/ Maybe its something related to, decreases x% exp and drop rate every x hour, and finally after some hour, it becomes 0% ratebut what's the preventive method for this? player relogs and again goes to 100%? or it resets every 12 midnight or what? Quote Share this post Link to post Share on other sites
kisuka 178 Posted October 17, 2014 Late reply to this, but captcha is a failed solution. There are some many services based in China that you pay less than 1 cent to solve a captcha. You send the image to the service over HTTP POST and it sends back a reply with the solution. Captcha don't work, plain and simple. The best solution against bots do not come in the form of scripts or gimmicky solutions. The best thing you can do is roll out your own packet encryption with a challenge system (sends a question to the client and expects a correct reply) or use a solution already made such as Harmony. Quote Share this post Link to post Share on other sites
milk 8 Posted October 17, 2014 (edited) nvm Edited November 10, 2014 by milk Quote Share this post Link to post Share on other sites
Xgear 44 Posted October 19, 2014 The only way you can handle bots is 1.- Enable packet encryption 2.- Disable proccess attachment into the client (Right now, most common way of botting is by attaching the bot to the client, so it runs through the client, which rendered method 1 useless) P.D.: Pretty delayed reply, but looks like none mentioned point two before 1 anacondaq reacted to this Quote Share this post Link to post Share on other sites
kisuka 178 Posted October 30, 2014 The only way you can handle bots is 1.- Enable packet encryption 2.- Disable proccess attachment into the client (Right now, most common way of botting is by attaching the bot to the client, so it runs through the client, which rendered method 1 useless) P.D.: Pretty delayed reply, but looks like none mentioned point two before Regrading #2, I thought OpenKore developed a client that doesn't even hook into the game client? Just sends and receives packets on it's own. Quote Share this post Link to post Share on other sites
csnv 12 Posted October 30, 2014 The only way you can handle bots is 1.- Enable packet encryption 2.- Disable proccess attachment into the client (Right now, most common way of botting is by attaching the bot to the client, so it runs through the client, which rendered method 1 useless) P.D.: Pretty delayed reply, but looks like none mentioned point two before Regrading #2, I thought OpenKore developed a client that doesn't even hook into the game client? Just sends and receives packets on it's own. The thing is OpenKore should not, by default, use the encrypted packets your client uses unless you attach the openkore client to your custom client. Quote Share this post Link to post Share on other sites
GmOcean 92 Posted October 30, 2014 (edited) Yeah, but what if they were to use this: http://herc.ws/board/topic/4912-peek-successor-to-yommys-packet-analyzer/ essentially, this would let them see those encrypted packets would it not, since it's your client they'd be using it on >.> if so, then we pretty much gave them the tools. It's a shame really, such skilled people over there helping out with OpenKore. Edited October 30, 2014 by GmOcean Quote Share this post Link to post Share on other sites
Xgear 44 Posted November 4, 2014 Kinda late reply but OpenKore works as a client itself, though xkore hooks into the client itself and works through the client (At least as I recall it). Yeah, but what if they were to use this: http://herc.ws/board/topic/4912-peek-successor-to-yommys-packet-analyzer/ essentially, this would let them see those encrypted packets would it not, since it's your client they'd be using it on >.> if so, then we pretty much gave them the tools. It's a shame really, such skilled people over there helping out with OpenKore. As far as I know, thats a packet analyzer, it is not a packet key decrypting tool. 1 anacondaq reacted to this Quote Share this post Link to post Share on other sites
ubiramen 0 Posted March 18, 2015 Well, the nice openkore Its a beauty, I've used it a lot, and one thing I can tell that if you have some sort of pattern recognizer on your RO, Bots never stop, reload, and they have many things that makes it perfect, so here's where you strike, Look for patterns like, bot never stop, even if you are a high LVLing Human you have to stop, or delays, veeery veeery nice random delays, bot only stops when need HP or SP, so every time stops log HP and SP, every time stands up, check SP and HP, even if the use a "RANDOMIZER" for stand up or sit up It's generated by a software, and becomes repetitive and there is where you catch it. Second, When the bot walks and look for the target, NEVER STOPS, if never stop walking and killing there is another way to catch it, WE as humans have a delay on clicks, one with its own delay, and we send a click for (GO TO X position, one that the server reads) usually on openkore those FIND ROUT are veeeery far away on the map, any way, if I can Log: time between Log in and log out (how often it gets offline,) Record PLAY Hrs, (like, sadistic of how much the players play daily) (Human routines) Record Trades, (this guy trade every day X time to this player [or players] ) How many items get daily (you will see, nobody farms that much as a human) With those even IF Openkore makes a veeery new programming of randomize those, you will be able to find any system with Logs Remember, everything responses under an algorithm and always its the same... even "RANDOM" I know it might sound silly but, it's just an Idea Quote Share this post Link to post Share on other sites