APB Ultimate

[Methuselas]

i have many different passwords, really many lol.
the weirdest thing is that I should have received an email if the guy logged in from a different IP than mine. (they have a "guard" system)
I really doubt my email is compromised, but nothing is impossible of course.

Check to make sure it wasn't turned off on the website. If it wasn't, contact CS. They're actually not bad.

[Rhendanwan]

My account just got stripped of everything of worth.
No idea if it is related to the recent use of this bot.

Can anyone check how safe it is?

damn.. now you got me worried.
can you give more details? so you still have access to your account?
so someone mailed himself your ad and items in-game or what exactly?

[electropica]

If it's from the bot, owner is slow because I had 200k AD few days ago and no one stole them in time...

[Olegsander]

damn.. now you got me worried.
can you give more details? so you still have access to your account?
so someone mailed himself your ad and items in-game or what exactly?

How do you want me to give you more details, i log out - everything fine, i log in few hours later - i dont have any AD, all enchants disappeared, all zen gone. It's not like he left a message "i mailed everything to myself, oh thanks btw"

@Methuselas: i can't find that option on the website

@electropica: i'm talking about dozens millions of AD, not 200k.

[Rhendanwan]

How do you want me to give you more details, i log out - everything fine, i log in few hours later - i dont have any AD, all enchants disappeared, all zen gone. It's not like he left a message "i mailed everything to myself, oh thanks btw"

@Methuselas: i can't find that option on the website

@electropica: i'm talking about dozens millions of AD, not 200k.

alright,alright I just wanted to know what exactly was taken no need to get upset over the question.
I guess the only option is for cryptic to try to check for IP from that login and to where it was mailed.. but I guess that will also be fake or some kind of bot account.. I'm really sorry this happened to you

[Olegsander]

What I wanted is for someone with the how-to knowledge to check if BaseN version may or may not be used to gather the login information. The bot in itself works good, and I really feel bad about letting this be a shadow to your work, but the coïncidence is there. Started using this and got hacked shortly after.

[Darxide23]

What I wanted is for someone with the how-to knowledge to check if BaseN version may or may not be used to gather the login information. The bot in itself works good, and I really feel bad about letting this be a shadow to your work, but the coïncidence is there. Started using this and got hacked shortly after.

correlation =/= causation

I accidentally hit start again while the bot was running but this time I got to my process viewer fast enough to kill it before it brought everything down. In 5 seconds the bot was already using 2.5 Gigs of RAM and climbing. That's a scary bug.

[BaseN]

I know you said you were done on loop logic but here's something to mark down for later.

Ok, tad complicated. I had a loop setup like this:

Plate Armor +4
Plate Armor +2
Plate Armor +1
Plate Armor

And had it set to first possible. I have 6 open slots so after the loop timed out on the + armor it got to the regular Plate Armor, started tasks for the first 3 slots. Then it got to the 4th slot and the loop will have timed out on all tasks since there were no lower armors to make higher armors and it couldn't make Plate Armor again because the first 3 sots were already doing it. I had expected the loop to time out on slot 4, 5, and 6 and then delay and loop again. This way, when the Plate Armor from the first loop was finished then it would just continue on normally. Instead, it just stopped after a couple of minutes.

This is compliacated. I can't know what the first slots are actually running (I could keep track of it but that would waste resources and would be messy between restarts), but most importantly I can't skip a slot entirely and move to next one because if the slot is free it will mess your queues. Same issue I was talking a couple of days ago. For such cases I suggest putting a first tier gathering task at the end of the slot so it will start that and move to next.

Could you disable the start button once the bot is already running? I accidentally hit start a second time and the bot stopped responding and it took my computer with it. I had to hard reset.

Good idea!

What I wanted is for someone with the how-to knowledge to check if BaseN version may or may not be used to gather the login information. The bot in itself works good, and I really feel bad about letting this be a shadow to your work, but the coïncidence is there. Started using this and got hacked shortly after.

This is why my code is not obfuscated or the executable packed. Anyone that knows their way around a debugger can check what it does without even specialized knowledge in reverse engineering. Sorry but APBU has nothing to do with it (as long as you download it from its official location that is, if you download APBU randomly from the net I can not vouch for its integrity. From the next version I will also post SHA-1 hashes of the .rar file).

Since you didn't get an email that someone tried to log into your account, it is absolutely certain that your email account has been hijacked. Logging into neverwinter from an ip not matching yours geographically would trigger the One-Time code thing. Since you didn't get that it's 100% sure, someone got it from your email and deleted it.

[BaseN]

correlation =/= causation

I accidentally hit start again while the bot was running but this time I got to my process viewer fast enough to kill it before it brought everything down. In 5 seconds the bot was already using 2.5 Gigs of RAM and climbing. That's a scary bug.

Yeah, that happens because when you hit start again it goes into infinite loop that allocates memory. Nasty. Next version will disable the start button until it's stopped.

[Darxide23]

For such cases I suggest putting a first tier gathering task at the end of the slot so it will start that and move to next.

Why didn't I think of that.

Hmm, I added the Tier 1 gather to the end and it's still stopping after a short time. The status message says this:

Stopped! Timeout while starting new task after Free

When I checked the tasks that were running, there were 3 of the Plate Armor ones, 1 Plate Armor +1 (ready for collection), one Tier 1 Gather and one empty slot. So it actually did get to the gather on one of them. The timeout happened elsewhere. Perhaps once the log is ready we can nail that one down.

[qmancan]

What I wanted is for someone with the how-to knowledge to check if BaseN version may or may not be used to gather the login information. The bot in itself works good, and I really feel bad about letting this be a shadow to your work, but the coïncidence is there. Started using this and got hacked shortly after.

First I will start this off by saying I am by no means an expert in this area! There are far smarter people out there than me when it comes to this so do not take what I am about to say as gospel. Again don't take this as be all end all and test it yourself or maybe others that are far smarter than myself can add to this.

The tools to monitor what a programs does on your system are out there and free. A really simple one to use is Process monitor for Microsoft. You can Google it and download it.

I have been monitoring the program since the first version I installed 1.4. I was not having much success with it till version 1.6. Version 1.6 till current I have been using and not many issues so my logs are pretty good.

In my viewing and reading the logs I have not seen this bot do anything strange. I have not seen it contact any mysterious web location or upload or download any files from any ips or webpages.

Does this mean the program is certified clean? Again, I am no expert so I am not willing to say that. He could have been sneaky and loaded a different exe that does that work. Again the logs I have don't show anything like this so it is not obvious.

With all that said..... I have donated to BaseN and I feel comfortable that this program is not doing anything funky.

Again, I am no security guru but with my "enough knowledge to be dangerous" I feel comfortable that this bot is not doing anything crazy!

[BaseN]

Yeah adding the Log Window at this point is imperative. I will probably finish it tomorrow if my flu allows it, heh.

That message you're getting though pinpoints the code for me. Is this on the latest version?

Edit: Thanks for the vote of confidence qmancan and for the donation of course

Like I said any programmer with knowledge on how to operate a debugger can just run it under the debugger, examine it and give a professional verdict. The PE executable is not packed and there's no obfuscation in the code. Examining what it does is a matter of 20-30 minutes with a debugger. Malware payloads always come in packed PE executables because they make examination under a debugger harder (you need to unpack it). There's absolutely no anti-debugging protection on the .exe so examine it at your leisure.

You can also run it under a software firewall and you'll see that it connects to gateway.playneverwinter.com only and 1e100.net which is a google owned domain that maintains google services (https://support.google.com/faqs/answer/174717?hl=en) in this particular case it is used by QtWebkit for the SafeBrowsing feature (see here: http://superuser.com/questions/75841...rts-open-to-it)

This last test anyone can do without any specialized or programming knowledge. So this is my last comment on the subject as I prefer spending my time coding it instead of trying to prove that I'm not an elephant when everyone can do it themselves.

On a last note: This is a game were stealing account details like this is not really possible due to the One-Time feature. For anyone to log into your account even if they have the account details they would also NEED access to the email account you have registered your account with. Do use some common sense. No one can get into your account without access to your email.

[Darxide23]

Yeah adding the Log Window at this point is imperative. I will probably finish it tomorrow if my flu allows it, heh.

That message you're getting though pinpoints the code for me. Is this on the latest version?

0.2.7b

Also, Here's something odd. Again, my queue looks like this:

Plate Armor +4
Plate Armor +2
Plate Armor +1
Plate Armor
Iron Ore Gather

At some point, Plate Armor +1 will change on it's own to Defender's Plate Armor +1. I checked the xml and everything is fine there. Defender's Plate Armor +1 comes right before Plate Armor +1 in the xml, but I don't know if that's the problem.

Plate Armor +1 internal name: Hvy_Armorsmithing_Tier1_Plate_Armor_Set_1
Defender's Plate Armor +1 internal name: Hvy_Armorsmithing_Tier1_Plate_Armor_Set_3

I can't see any reason it would change on it's own. It doesn't make much sense. I'm going to stop trying to work this particular queue for now and do something else until it's sorted.

[BaseN]

Ah that explains it. The string Plate Armor +1 is contained in Defender's Plate Armor +1. I'm doing a contains check instead of an equality check. Hold on fixing it.

[BaseN]

0.2.8b:
--Fixed an issue with Queue Planner task lookups.