[Sneakpeak] New PoE hack/botting program!

[XianPoE]

Hey guys,

I've been an MMO hacker for over 10 years. A few years ago I reversed PoE and found quite a few exploits (now patched).

A few days ago I re-updated my program and wanted to see if there were people out there interested in using it, or making a community.

Capture.JPG

Capture1.JPG

What the tool has:
Maphack
Lighting increase
Entity spawning (logs to a console of any rare chests, very helpful for delve offpathing)
Very rough map botting (certain maps like BA used to work)
Auto-flasking
Packet logging and sending (doubt any tool has provided this yet)
...And much more!


Feel free to add me on discord (SNIPPED BY MODERATOR) or PM/post me here! It's been forever since I played PoE and only around lvl 30 so it'd be nice to make some friends.

GitHub - XianLabs/BoExile: AI bot + Network manipulator for Path of Exile. for open source project

[Sychotix]

I removed your discord username as this sounds too much like a trade thread. If you are trying to sell this, use the trade section.

Also, I think Maphack/lighting are in ExMap... packet logging was in the original exmap, but I think it got removed to tighten up detection and I'm not sure anyone was using it anyways. Raw packet data doesn't mean much to 99.9% of the userbase here =P


Entity spawning is done with ExileAPI, but we draw on the minimap instead of logging to a console. Can't see much use of just listing the metadata path like that. Autoflasking is done in ExileAPI and various pixel searching AHK scripts.

Botting is unique as HUD is specifically avoiding that. Be careful with that as GGG has some fairly beefy server sided detection and handling for bots.

[XianPoE]

oh no, i have a different job and i'm not trying to sell it. this is an open source project like many others are, and is in no way perfect. I just want to see if there's a community out there. this game was filled with packet exploits back in the day, it was easy to find a new instance crash + rollback pretty much daily but that's gotten alot tougher now and the content they add isn't very interesting packet-wise.

I'm a bit confused what you mean by raw packet data though? that data is de-crypted packets after their crypto is applied and essential to reading numerical and string values in packets. then you send your own to exploit of course. it is -the- only way to make any good money off games :P

i've included various anti-cheats they do including maphack stuff, packet sending crashing @ map change, etc. I didn't really put much time into the screenshots or cleaning up the console as I just recently updated back from 2 years ago or so.

[dankula]

I'd definitely use it. The packet stuff seems really interesting to me although I have no experience in finding crash exploits.

[Williamwillbera]

I removed your discord username as this sounds too much like a trade thread. If you are trying to sell this, use the trade section.

Also, I think Maphack/lighting are in ExMap... packet logging was in the original exmap, but I think it got removed to tighten up detection and I'm not sure anyone was using it anyways. Raw packet data doesn't mean much to 99.9% of the userbase here =P


Entity spawning is done with ExileAPI, but we draw on the minimap instead of logging to a console. Can't see much use of just listing the metadata path like that. Autoflasking is done in ExileAPI and various pixel searching AHK scripts.

Botting is unique as HUD is specifically avoiding that. Be careful with that as GGG has some fairly beefy server sided detection and handling for bots.

I was just wondering if you could expand a little on what you mean by server sided detection and handling for bots? Do you think they are analyzing the behavior of players clicks, behavior patterns etc? Would it be possible for ggg to do this in the client and send processed data to their servers? Or would those measures be discovered very quickly by the reverse engineers here?

[XianPoE]

I was just wondering if you could expand a little on what you mean by server sided detection and handling for bots? Do you think they are analyzing the behavior of players clicks, behavior patterns etc? Would it be possible for ggg to do this in the client and send processed data to their servers? Or would those measures be discovered very quickly by the reverse engineers here?

Raw packet patterns. When you move, you send a packet with a Vector2 for your X,Y. If you take some specific path (say for botting blood aqua.) and time your movements robotically its very obvious.

There's also the packets themselves. When you click once, it sends two packets out - one for where youre going and one for "stop moving" once you reach there. If you continuously move, your client sends out different packet opcodes telling the server youre scrolling with the mouse instead of moving once. Obviously someone who continiously moves alot is much less likely to be a bot, and coding the continuous scrolling is alot harder than sending single clicks via packets.

Here's an example:

Single click:

00 F9 [FF FF FF FD] [00 00 00 11] [29 09] [04] [08 00]

^Opcode, X, Y, Skill ID (Movement) (Job ID, I think), (Unknown 08 00)

Finish movement:

00 FF (single opcode, no data)


Continous movements:
00 F9 FF FF FF F2 FF FF FF FD 29 09 04 08 00 (Start movement)
00 FD FF FF FF FA FF FF FF F5 (Scroll mouse to move)
00 FD 00 00 00 07 FF FF FF E9 (Keep scrolling)
00 FD 00 00 00 0F FF FF FF E7 (Keep scrolling)
00 FF (End movement)

So based on above, it's clear to say its much easier to make a bot using single clicks and skills than it is to make a human-like bot with scrolling movement. I've never personally been banned for botting using my own bots with single clicks, but they don't take specific paths and instead move dynamically to where monsters are. It's included in the program I made, but needs updating for that section as it's been 1-2 years (working on finding the ingame player action function again, AoB broke).

Add me ingame on Harvest - DaredevilBlue! I'd appreciate the company and any help getting back into the game. I'd be happy to share my work, and can share a ton of previous interesting exploits that we could brainstorm on.

For crash exploits, you basically want to manipulate a packet such that the server "gets confused" or throws an exception and crashes, causing it to not save instance data. You could do things like re-roll sockets then crash the instance if you wanted to roll a 6 link "for free". You could also do this with prophecy cards, this is why the price crashed a year or two ago, I found a rollback inside ascendance entrance with a single opcode packet. I'm also the reason delve items + fossils completely became influx and tanked. I could dupe delve nodes and teleport to any node I wanted. It was quite amazing at the time.

Kudos, hope this helps.

[Williamwillbera]

Thanks. How are you comfortable linking your poe account name to your ownedcore account name though? At the moment my only interest is making a private bot without packet manipulation and injection, as a fun hobby project. And due to that I have become a bit interested in how games would go about detecting bots without spending too much money on processing power. Not really interested in exploits, but thank you for the offer!

[Sychotix]

Thanks. How are you comfortable linking your poe account name to your ownedcore account name though? At the moment my only interest is making a private bot without packet manipulation and injection, as a fun hobby project. And due to that I have become a bit interested in how games would go about detecting bots without spending too much money on processing power. Not really interested in exploits, but thank you for the offer!

I agree with this. We know GGG is aware of these forums. Posting your in-game name is not very wise. I would edit it out... but the choice is yours.

EDIT: Also, feel free to add back your discord to the original post. I only removed it to prevent potential scams or trading outside of the trade section. It is clear this isn't a trade thread.

[NoobToken]

I see you're still pushing updates in the github(latest commit being some while ago, though github repo said it was outdated). I built the source and run into some problems "ERROR: Invalid two byte opcode something" (I'm on amd ryzen).

Some offsets changed in todays patch, for example new SendPacketFuncOffset is 0x11663b0

I'm pretty interested in this project, mostly the packet logging and sending part. If you could elaborate on the methods you use to log and send packets, that would be great!