Banned? Wipe those tears. Let's discuss security

[atmos]

Something funky I noticed with the previous update is that it asked for admin priviledge, to which I clicked "**** nope" and it continued like nothing had happened.
Worked as fine as always and haven't received any bans either. Maybe nothing to do with it maybe everything.

Edit: If the above is false then I'm fairly sure that Blizzard just gathered a bunch of human submitted and human (or some algorithm) reviewed reports and those using obvious scripts/hacks were delayed for the banwave to maximize the fear mongering effect of when they'll be banned. Essentially creating the illusion of omnipotent Blizzard with it's impregnable defenses. Since my account is still unbanned I don't mind running each of the "detected" hacks every couple weeks or so to see if any of them is actually detected.

[spoofjack]

I too am not banned (yet) I haven't used anything "public" yet. One version i have in Java used last night still no ban. The C++ Version i have not used ingame once yet.

[CuT]

One does not simply "take a quick look at the anti cheat."

Also, we already know a driver is the best solution. I pointed out a while back that virtual inputs could be detected and that it was a security flaw. Mouse movements being so direct is also another issue that should probably be solved... which could possibly be handled in the driver as well.

When i was looking into using the trigger/aimbot that seemed sketchy (anyone who thought they wouldn't get banned for a lolAHKscript is insane) I saw that post and decided it would be stupid to cheat.

Thanks for looking out for the community.

[MaFi0s0]

Had both accounts banned in the latest ban wave, I heard I need a new computer but thats out of the question so I just got a new account and I am worried I will banned in the next wave even if I am not using anything.

[spoofjack]

Had both accounts banned in the latest ban wave, I heard I need a new computer but thats out of the question so I just got a new account and I am worried I will banned in the next wave even if I am not using anything.

You don't need new PC. I got hit in Tyrant sweep and launched new email and account and have had no issues.

[Nerdrenx]

Not banned because i'm not a moron using public hacks in , so far, the most "fullnazimode" game.
Doing my own stuff with emulated inputs and works fine

[Torpedoes]

It was implied that a program running in Robot-JS was untouchable. Clearly it's not.

So, I'm not sure who implied that Robot-JS was untouchable but they're wrong. When I wrote Robot-JS it was meant to be a safer alternative to things like AHK and AutoIt, but certainly not bulletproof. It was also not designed to stand up to the massive anti-hacking efforts put on by Blizzard with Overwatch, but rather, the more relaxed environments of Diablo 3 and World of Warcraft. That being said, we still have no idea what part (if any) of Robot-JS was actually detected, but if I had to place money, I would place it on virtual inputs coupled with the somewhat sketchy code of the bot.

Both @Sychotix and myself have been discussing the possibility of virtual input detection since the bot hit mass markets. And on more than one occasion I had to provide patches to various developers to improve the security of their bot (i.e. not accidentally opening handles to the game process, etc). Does this mean that Robot-JS is compromised, I still think that when compared to AHK and AutoIt, it's certainly safer. And if you're not opening handles to the process or simulating key or button presses then it should be fine. I say that because if you're running your Robot-JS scripts in admin mode then Blizzard has no way to tell what script is being ran (through signature scanning or otherwise).

Now what can we do about virtual inputs, the easiest solution would be to have some sort of driver that removes the "injected" flag. Having a generic driver do that would be very difficult to track down and would solve the problem. Another solution would be to use some sort of hardware solution, either an arduino or some other programmable board. Either way, there's no easy way to remove the "injected" flag from simulated input, as far as I know, which is annoying.

Also, we already know a driver is the best solution.

I'll have to disagree with you there. Drivers, in the right hands, have the potential to be infinitely better than any other solution out there. BUT, it is extremely difficult to write and only a handful of people can do it in such a way that would make it completely undetectable. In my opinion the "best" solution is to piggyback on a legitimate windows process, reusing existing process handles (or opening new handles if using process hollowing). That way, the game has no way to distinguish legitimate applications from compromised ones. You still have the problem of injected input but that's a special problem that can be solved in some other way. Let me know what you think.

[Sychotix]

I'll have to disagree with you there. Drivers, in the right hands, have the potential to be infinitely better than any other solution out there. BUT, it is extremely difficult to write and only a handful of people can do it in such a way that would make it completely undetectable. In my opinion the "best" solution is to piggyback on a legitimate windows process, reusing existing process handles (or opening new handles if using process hollowing). That way, the game has no way to distinguish legitimate applications from compromised ones. You still have the problem of injected input but that's a special problem that can be solved in some other way. Let me know what you think.

I'm still not sure why injecting our code into another process or hollowing out a process would help. Based on what someone mentioned earlier with them using Guard-IT (https://www.arxan.com/products/product-overview/), it mostly does pattern recognition to flag things. If it is searching through memory and happens upon the section where we injected our code (hollowed or not), would it not detect it?

Maybe some sort of code reorganize could be used to ensure that there are little to no patterns? A driver that simulates inputs without them being marked as virtual would be an extra layer of security... but as you said they can be difficult to program.

[Torpedoes]

I'm still not sure why injecting our code into another process or hollowing out a process would help. Based on what someone mentioned earlier with them using Guard-IT (https://www.arxan.com/products/product-overview/), it mostly does pattern recognition to flag things. If it is searching through memory and happens upon the section where we injected our code (hollowed or not), would it not detect it?

How's the game going to scan the memory of a process when it's running in admin mode? Especially a Windows process like svchost or csrss. Like I know I keep mentioning this technique and I have yet to try it out myself but it's just so cool. Though even if you have an undetectable system, it turns out that it's really difficult to actually pretend like you're not cheating. I've cheated in a number of other FPS games and it's always harder to pretend you're not cheating than to play well in the first place.

[seldane]

How's the game going to scan the memory of a process when it's running in admin mode? Especially a Windows process like svchost or csrss. Like I know I keep mentioning this technique and I have yet to try it out myself but it's just so cool. Though even if you have an undetectable system, it turns out that it's really difficult to actually pretend like you're not cheating.

That does sound like a good way to sneak in. I would be interested if you go this route.

I've cheated in a number of other FPS games and it's always harder to pretend you're not cheating than to play well in the first place.

I have a bunch of code snippets and/or pseudocode that I can translate into any language for you that will help solve this issue, as long as you're able to find a safe way in. Just let me know

[Sychotix]

How's the game going to scan the memory of a process when it's running in admin mode? Especially a Windows process like svchost or csrss. Like I know I keep mentioning this technique and I have yet to try it out myself but it's just so cool. Though even if you have an undetectable system, it turns out that it's really difficult to actually pretend like you're not cheating. I've cheated in a number of other FPS games and it's always harder to pretend you're not cheating than to play well in the first place.

I assume you mean when it isn't running in admin mode. And that, I don't know, I'm just basing it off https://www.thebuddyforum.com/watcho...ml#post2213947

and someone earlier mentioned that they were scanning memory for patterns. Maybe I misinterpreted that and the pattern scans stay within process only. And yeah, the process hollowing is a neat idea, but I'm honestly not sure what it would accomplish. Seems like you basically just launch a dummy application and swap out the binary. Could be useful if something scanned processes when they launched (like an antivirus?), but I don't think so in this case.

I actually don't really like/approve of cheating in FPS games =P I have a pretty big interest in AI and reverse engineering. Cheats tend to have a good bit of both.

[Torpedoes]

That does sound like a good way to sneak in. I would be interested if you go this route.

Maybe after my WoW binge :-P

I have a bunch of code snippets and/or pseudocode that I can translate into any language for you that will help solve this issue, as long as you're able to find a safe way in. Just let me know

I still have my old code from my CS/TF hacking days as well. As for the technique, it's fairly simple, in fact I'm waiting to see what developments people will make while I work on other projects. I wish I had the time to try all this stuff out!!

I actually don't really like/approve of cheating in FPS games =P I have a pretty big interest in AI and reverse engineering. Cheats tend to have a good bit of both.

Same. It's all about the journey.

[monkeypaw]

Being a cheater comes with a certain degree of danger. Yeah, Blizzard ****ed you up because you're not clever enough when you roam the game with your aim bots. That's on you, pal.

Maybe the kids will wise up and learn from their mistakes in ten years. Maybe not. I'll continue using my keybot, knowing that Blizzard will never find me.

[monkeypaw]

I have a bunch of code snippets and/or pseudocode that I can translate into any language for you that will help solve this issue, as long as you're able to find a safe way in. Just let me know

Ha ha! That's bullshit, mate.

Who are you, the Glimmerman?

[seldane]

Ha ha! That's bullshit, mate.

Who are you, the Glimmerman?

Who or what is a Glimmerman? hahaha

But real talk, I will repeat that my offer is legitimate. Every aimbot boils down to this pseudocode:
1) Find enemy target
2) Move mouse to enemy target in a non-robotic way

Right now, the entire OW hacking community is struggling with #1 and the best anyone has come up with is Pixel scanning, which adequate but it's inaccurate and simply barbaric. And honestly, making #2 look legit and not robotic is not incredibly difficult (it sounds like Torpedoes has the same thing), but it did take me a couple tries and I'd like to save community members time and effort.