[Informational] IS/Glider

[ubrpwnt]

Thank you, everything else, looks correct to me And imo this flamer needs to gtfo, he obviously doesn't know who Apoc is. Most of OB wouldn't be here if it wasn't for Apoc so shut the hell out and learn who you're flaming.

[Remus]

o.o as apoc said Epic thread is epic.

[Apoc]

Thank you, everything else, looks correct to me And imo this flamer needs to gtfo, he obviously doesn't know who Apoc is. Most of OB wouldn't be here if it wasn't for Apoc so shut the hell out and learn who you're flaming.

Not quite true at all. I actually didn't do a whole lot of work on the OB core. (For the exception of oBG) Most of OB was written by Glave, JHn, and Fluffster. (As well as oog, M^3, Ritz, death_goes, etc) I just fixed a good bit of bugs, and optimized a bunch of the code.

I just happened to be the most active dev (who knew way too much about the bot for his own good)

[undrgrnd59]

You do know that both Glider and Openbot use two complete different methods all together (not talking about the anti-detection stuff). Openbot uses Injection while Glider just reads from the process.

What if their methods of protection were completely the same (no i'm not saying they are). Warden goes... ok... let me scan for everything that has touched WoW.exe...

"ok... there's something that's reading the memory... no big deal." "Uh oh... here is something that is writing to the memory... *waves banstick*".

Exactly what I was trying to say above as for why Glider people don't necessarily get banned when IS do. Thankyou.

[benny32]

Inner Space itself, has NOTHING (I repeat NOTHING) to do with WoW. It's a platform for people to write extensions that can interact with DirectX games. It does not come out of the box ready to start reading/writing WoW's memory.

Quoted for truth....

As stated in previous posts by several people, myself included, IS is not what gets you banned alone, you must have ISXWoW or something they consider naughty loaded up to get you smacked with the ban stick. You could run the plain install of IS on every machine you've ever played or plan to play and as long as you don't have game modifying extensions there will be no bans.

[benny32]

Well there actually was a bit more hostility than I expected but what else can be expected from an innocent post :P

Benny32 (third post down):
I'll admit I'm an IS user through and through so some of my posts may seem to have that IS edge on them (I'll try to keep it to a minimum). As far as you comment about detection being complete guesswork, well that's not entirely true, simply reading though the OnWarden blog posts will give you a greater understanding. Obviously Lax/Glider don't come out and say all they know about Warden because it would be bad for business.

Undrgrnd, I wasn't calling you a fanboy but I knew that unreasonable people would eventually latch onto this and then the bullshit would start to fly. It actually took longer than I thought.

As far as the guesswork stuff see my second comment in response to Apoc, I just wasn't clear in my first post I don't think. I believe the detection protection on the client side is pretty clear as Warden isn't a huge mystery but the server side is a complete unknown and will stay that way.

[Apoc]

Quoted for truth....

As stated in previous posts by several people, myself included, IS is not what gets you banned alone, you must have ISXWoW or something they consider naughty loaded up to get you smacked with the ban stick. You could run the plain install of IS on every machine you've ever played or plan to play and as long as you don't have game modifying extensions there will be no bans.

IS users can be banned whether they're using it for WoW or not. (Some extra detection in the binaries proves this)

[benny32]

IS users can be banned whether they're using it for WoW or not. (Some extra detection in the binaries proves this)

Ahhh, was not aware of this. This thread actually ended up being useful to me.

[puppychow]

Blizzard can always detect any bot, no matter what you do. Then the bot author can write a method to avoid the new detection. That doesn't help the people who got banned by it though. Panda is a nice guy but the only reason zolo isn't detected is because Blizzard isn't targeting zolo right now, if a ton of people started using it they will. Rootkits, process permissions, etc all don't matter - even if you somehow lock down the wow process so it can't do shit, thats a huge signal to Blizzard that something weird is up with your account and a GM better investigate.

Blizzard also loves to quietly log all the activity from botters it finds for a few weeks and then ban them all at once. So even though Glider may seem safe right now, for all you know they are quietly logging everyone using it and a month from now a massive ban wave will go out.

The thing to remember is that they brought back in patch 2.4.3 wow.exe anti-bot checking. From when TBC was released they kept all their bot/hack checking code in the little warden code block, and it was easy for Merc and Lax to check through it every update, make sure nothing new was screwy, and then make their software updates. But now WoW.Exe itself has scattered around it anti-bot checks, and some of them don't go active right away, waiting instead a while to go hot. Its not feasible to go through the millions of lines of code in the wow.exe looking for anti-bot measures, it would take forever. And when patch 2.4.4 or whatever the next one is, it all starts again.

Perhaps Lax can figure out some commonality between the new bot checking code and always safeguard against it, or we need some sort of obfustucator so everyones Innerspace is completely different (memory signature wise), or who knows. But as many people have said, the safest bot is the one that only you know about and use.

imo at this point both IS and Glider are dead botting platforms, if you use either you are pretty much guaranteeing your account will get banned.

[Apoc]

Blizzard can always detect any bot, no matter what you do. Then the bot author can write a method to avoid the new detection. That doesn't help the people who got banned by it though. Panda is a nice guy but the only reason zolo isn't detected is because Blizzard isn't targeting zolo right now, if a ton of people started using it they will. Rootkits, process permissions, etc all don't matter - even if you somehow lock down the wow process so it can't do shit, thats a huge signal to Blizzard that something weird is up with your account and a GM better investigate.

Blizzard also loves to quietly log all the activity from botters it finds for a few weeks and then ban them all at once. So even though Glider may seem safe right now, for all you know they are quietly logging everyone using it and a month from now a massive ban wave will go out.

The thing to remember is that they brought back in patch 2.4.3 wow.exe anti-bot checking. From when TBC was released they kept all their bot/hack checking code in the little warden code block, and it was easy for Merc and Lax to check through it every update, make sure nothing new was screwy, and then make their software updates. But now WoW.Exe itself has scattered around it anti-bot checks, and some of them don't go active right away, waiting instead a while to go hot. Its not feasible to go through the millions of lines of code in the wow.exe looking for anti-bot measures, it would take forever. And when patch 2.4.4 or whatever the next one is, it all starts again.

Perhaps Lax can figure out some commonality between the new bot checking code and always safeguard against it, or we need some sort of obfustucator so everyones Innerspace is completely different (memory signature wise), or who knows. But as many people have said, the safest bot is the one that only you know about and use.

imo at this point both IS and Glider are dead botting platforms, if you use either you are pretty much guaranteeing your account will get banned.

Pretty much dead on for the exception of the last sentence. Neither IS or Glider are dead. They are far from it actually.

And sifting through the patch diff's isn't exactly hard, as it is time consuming.

[Haitamo]

fail fail fail fail fail fail fail fail fail is and glider arent dead

[Yeti]

glider will be dead when they get sued, lol.

[wowpanda]

To all of you idiots saying UG doesn't know what he's talking about. Take a step back, and re-read his post. 90% of it is spot on. (And wowpanda, Zolofighter can easily be detected if Blizzard decides to scan for it. Windows priv's or not. You're taking Warden completely for granted.)

No matter how good Blizzard is, they can't by pass windows security (Unless there is some security hole that allows guest complete control of a system, which would allow hacker all over the world immediate access to any windows computers). As long as Blizzard can't install drivers on your system, you are safe from memory scanning. In fact glider users should do the same.

There are much fewer ways for a guest user to collect information, and those can be fixed easily, and don't need to recheck every patch.

[puppychow]

you forget blizzard controls both the client and server. The server sends down a "warden, check shit out please" command. Warden returns to the server with a "I can't read memory, sorry". The server can log that person X is staying X hours a day in zones known to be bot zones, AND is not responding to warden sniffs, so it can send a GM to investigate after a bunch of log entries. He watches the player for a few minutes, sees the obvious botting, and blam, ban.

The whole point of the thing is to not to just avoid software detection, its to avoid any notice whatsoever from Blizzard. The act of hiding completely and saying "you can't look at me! You can't look at me!" is itself a giant red flag.

Of course you could figure out Blizzard's packet system and send back encrypted fake responses that say everything scanned ok and no problems, but thats a lot of work.

[Apoc]

No matter how good Blizzard is, they can't by pass windows security (Unless there is some security hole that allows guest complete control of a system, which would allow hacker all over the world immediate access to any windows computers). As long as Blizzard can't install drivers on your system, you are safe from memory scanning. In fact glider users should do the same.

There are much fewer ways for a guest user to collect information, and those can be fixed easily, and don't need to recheck every patch.

They aren't bypassing any Windows security. (They don't need to in fact)

Running WoW allows the packet based warden to scan. (No matter what security measures you have Window's using) Think of it this way, Warden uses the exact same things that the rest of WoW uses to function properly. If you think you've stopped warden from scanning, and WoW still runs, you're wrong.