[Release] LuaNinja - Run protected Lua code

[Ssateneth]

So... was this detected only if you ran it on windows XP? I have both w7 and XP machines.

[Argumentative]

I use win 7 x64 and I was detected along with everyone else.

Thank you Cypher for the great app, even tho I only got to use it once the day before the ban wave hit. lol

[Morbidius]

Hello everyone,
I must say what a shame this was detected as I was very convinced of Cypher's argument and wanted to test this as soon as my DK hit 80 (He's now 6, but I should thank my lucky stars for not trying this. Nevertheless I thank Cypher and all those who posted guides/macros/script to make the usage of this wonderful "hack" possible for programming-nubs like myself.

Based on the massive amount of people complaining here I would like to point out the fact that this is just typical consumer behavior... we live in a such world nowadays that people look upon EVERYTHING as a product... if the product somehow goes boom, even though they were warned many times of the risks involved, they complain and demand some sort of compensation. So for all those complaining of permabans after using LuaNinja for 10 seconds, you made 2 huge mistakes:
1. You used LuaNinja knowing fully well that it might cause a ban.
2. You didn't take the necessary precautions before making sure this won't get your account banned (such as starting it on a separate account that you don't really care about).

Anyways, reasserting my argument... Cypher take no heed of those complaining... they're just consumers wanting to have their product fixed so they can get "high" again! If you DO fix LuaNinja and make sure it would not be detected so easily, please DO NOT MAKE IT PUBLIC. I know for a fact (at least from someone working in BlizzardEurope) that the technical team in Blizz takes down code-manipulating software faster and punishes the users harder than they do with other sorts of exploits (like gold sellers, botting...etc), hence the harsh bans for people who even did that for 10 minutes six weeks ago.

However, and in spite of my obvious noobishness in programming and WoW-engine-mechanics (I study politics and social sciences) I'd like to do a round-up of the USEFUL gold nuggets in this thread regarding the possible causes of detection:
1. It was said that Warden is the publicly KNOWN method Blizzard employs to attempt stopping bots and exploit-code. So reverse-engineers might want to take that point into consideration.
2. Some people who got banned used LuaNinja for a considerably short time and once almost 2, 4 or 6 weeks ago. Does this indicate Blizzard was collecting a list of exploiters and when this list reached a certain tolerance-limit, they released a ban wave?
3. Many people complained that LuaNinja was detected fairly early, and that Cypher said it won't be for some time due to laziness of the Warden guy. Could it actually be that the tech guy IS still lazy, but managed to note the increased reaction-time of some players, which made him track their server-side interaction and eventually track down LuaNinja (because no matter how fast your button-mashing might be, you'll remain human with expected reaction times, not the ones LuaNinja+SDM could provide).
4. Last information bit I'll personally contribute and call me a conspiracy-theorist: Could it be that we have a mole among us? Think about it: Blizzard could hire guys to surf known WoW-hacker-and-exploiter forums and make lists of released software based on their threat-level... LuaNinja would probably be on top of the list because it would actually jeopardize the notion of high-level loot as a requirement for higher DPS (unlike leveling bots which lose their aim after reaching level 80 or gold-bots that have some economic benefit to Blizzard)

Having said all I can say about this topic, I apologize for the Wall of Text and am really happy I'm not such a risk-taker... that's why I'll always remain under 10k gold and have mediocre toons

Thanks for reading so much.

[ferodod]

Blizzard admit themselves to being part of the wow hacking community *Why ban a few users when you can find out the people higher up and really make a mark*.

[Cypher]

So... was this detected only if you ran it on windows XP? I have both w7 and XP machines.

No, that was the assumption at first, but that was incorrect. I won't go into the unnecessary details, but suffice to say, the ban wave was caused by code embedded into the client. NOT a Warden update, and NOT as the result of a bug in the anti-detection code (the reports that the OS you were running was relevant were incorrect).

There's really nothing much I can do to defend against checks embedded in the client, short of going through every single change in every little patch, which simply isn't an option due to the amount of work involved. Afaik not even a Tripwire system (like the one used by Glider) would have worked in this case.

Blizzard admit themselves to being part of the wow hacking community *Why ban a few users when you can find out the people higher up and really make a mark*.

Errr... wtf?

[ferodod]

lol, has been posted by many blues on wow and woweu forums. They infiltrate the community and do the bans in waves when the time is right.

[KuRIoS]

lol, has been posted by many blues on wow and woweu forums. They infiltrate the community and do the bans in waves when the time is right.

I am infact a wow gm....

[ferodod]

I am infact a wow gm....

I knew it, how could a nerdy player possibly have such a nice pair of milk glands =(. I still respect you and your assets.

[Cypher]

lol, has been posted by many blues on wow and woweu forums. They infiltrate the community and do the bans in waves when the time is right.

What the **** do they have to 'infiltrate'? LuaNinja was 100% public...

[ferodod]

Well wtf do I know!!! I'm sharing what I know, don't bite my head off for it! =(. Just the community I guess, reading on how people used it and blahhhhhhhhhh. Just, ignore me in future *whistles*.

[antis0c]

No, that was the assumption at first, but that was incorrect. I won't go into the unnecessary details, but suffice to say, the ban wave was caused by code embedded into the client. NOT a Warden update, and NOT as the result of a bug in the anti-detection code (the reports that the OS you were running was relevant were incorrect).

Was it some kind of detection code for LuaNinja specifically? Or was it more checks to verify where protected Lua functions were being called from? Seems like if I were Blizzard, I'd just check the stack trace of the Lua calls and go "hmm CastSpellByName, came from not a secure hook, not our code, ah here we go, AddonFunctionFaceroll() .. thats not right. FLAG!"

[Cypher]

Was it some kind of detection code for LuaNinja specifically? Or was it more checks to verify where protected Lua functions were being called from? Seems like if I were Blizzard, I'd just check the stack trace of the Lua calls and go "hmm CastSpellByName, came from not a secure hook, not our code, ah here we go, AddonFunctionFaceroll() .. thats not right. FLAG!"

LuaNinja specifically.

[Zver1992]

Anyone recevied answer from Blizzard about unban?

[pkaa4eva_jr]

Our approximate wait time is 45-50 minutes what the ****!?!

Rage rage rage rage rage

oh when this poor soul picks up this phone oh man im going to let him have it

anyone ever seen tropic thunder? Tom cruise?

Ya thats gonna be me boiii.

[Sikas]

I got an e-mail saying my account was restored and my password reset.. Just e-mailed them back saying I got banned... but eh.. nothing's been changed.