Interaction through chat commands - detectable?

[Bogie]

Hi,

I'm trying to write up a small external, memory read-only bot.
By nature of being passive only, I can't directly execute any LUA functions. At the same time, invoking some basic lua functions would be immensely helpful of course.

I'm contemplating executing nearly any and all (inter)actions through chat-based LUA commands. E.g. copy a command (say "/run CastSpellById(...)") to clipboard, then just paste it into chat through the ususal SendKeys.

Obviously, if anyone were to notice all interactions are done this way, the ban hammer would likely hit hard and fast. So I'm curious to get some thoughts on detectability.
For a start, has anyone ever looked into whether such chat-based commands are sent to the server (my gut feeling from a network optimization point of view would be no, but who knows..)? Is there any other known detection mechanism that would commonly pick up such behaviour?

Thanks!

[Hazzbazzy]

Hi,

I'm trying to write up a small external, memory read-only bot.
By nature of being passive only, I can't directly execute any LUA functions. At the same time, invoking some basic lua functions would be immensely helpful of course.

I'm contemplating executing nearly any and all (inter)actions through chat-based LUA commands. E.g. copy a command (say "/run CastSpellById(...)") to clipboard, then just paste it into chat through the ususal SendKeys.

Obviously, if anyone were to notice all interactions are done this way, the ban hammer would likely hit hard and fast. So I'm curious to get some thoughts on detectability.
For a start, has anyone ever looked into whether such chat-based commands are sent to the server (my gut feeling from a network optimization point of view would be no, but who knows..)? Is there any other known detection mechanism that would commonly pick up such behaviour?

Thanks!

Off-topic perhaps, but SendKeys is certainly detectable.

[Bogie]

Off-topic perhaps, but SendKeys is certainly detectable.

Thanks, yes -- mostly based on event source being implicitly sent from what I know?

I'm not sure if there have been many bans because of that, but since I won't sell this / will just use if privately (except for maybe sharing specific bits and pieces on these boards here), I'm not too concerned there given there's a few legitimate tools using similar APIs. I'm admittedly a bit more concerned about mouse events, I'm not sure if any non-botting tools propagate those.

But anyways, if push really comes to shove I have a few ideas in mind that should hopefully circumvent this (maybe running win7 in a VM, I think the input event source is win10 only? or otherwise, just fake a hardware keyboard through an Arduino or so). So all in all, I'm currently a bit more concerned about what I'm sending.

[charles420]

you Should be fine for sending stuff like that as for sendkey.. hook windows function they hook and fake return info if paranoid but so far they are not detecting you this way

[Corthezz]

Anyone remember farmer john bot? Farmer John Bot - YouTube

[Bogie]

Anyone remember farmer john bot? Farmer John Bot - YouTube

Brilliant I'm getting the strange feeling this isn't exactly a prime example of a great bot these days, but truth be told, that does actually look somewhat close to what I'm aiming for.

you Should be fine for sending stuff like that as for sendkey.. hook windows function they hook and fake return info if paranoid but so far they are not detecting you this way

Thanks, appreciate it. I'm not too paraoid about SendKeys so far to be honest (unless you guys convince me otherwise, of course ). Has anyone actually discovered they check for the source of SendKeys anywhere in the client, or is it more of a theoretical issue so far?

[Narache]

Yes you can start by sending lua commands to cast spells, it's fine nowdays.
It's just that one day or an other they might ban you for it as it it could be very easily be detected that a character cast all its spells this way!!!

As you have access to wow memory, you could do this is a more human fashion aka :
- Read the action bars memory to know where the spells are on the action bars
- Press the key corresponding to the actionbar slot.

Later on, you can even read the spell book to know if their is a usefull spell that is not present on your actionbars!!!
Even one more step ahead, retrieve the key binds corresponding to each action bars slot (so you don't have to manually keep a map of key binds!)

This is how players interact with the game to cast spells, so it's probably the best way to do as it replicate a normal human playing the game.

The second problematic is to "sendKey" in a non detectable way, as for now it looks perfectly safe.
Many people use a kernel driver to emulate a real keyboard (so it prevent "fake events" that are generated via sendKey api) but even this could possibly be detected in the future.


Don't forget to wrap your CastSpell in a nice class so you can change your implementation anytime without breaking your bot

[Bogie]

Yes you can start by sending lua commands to cast spells, it's fine nowdays.
It's just that one day or an other they might ban you for it as it it could be very easily be detected that a character cast all its spells this way!!!

As you have access to wow memory, you could do this is a more human fashion aka :
- Read the action bars memory to know where the spells are on the action bars
- Press the key corresponding to the actionbar slot.

Later on, you can even read the spell book to know if their is a usefull spell that is not present on your actionbars!!!
Even one more step ahead, retrieve the key binds corresponding to each action bars slot (so you don't have to manually keep a map of key binds!)

This is how players interact with the game to cast spells, so it's probably the best way to do as it replicate a normal human playing the game.

Thanks mate, appreciate the input!

I'm a bit torn there to be honest. I've implemented something similar for e.g. questing now, but that was a lot of digging and reverse engineering. And even worse - I'm developing for 1.12.1 right now, because I can test that locally (and well, because I'm a rookie I'd get banned instantly if I attempted that stuff on live). But I do plan to port this over to classic when it's done. Meaning, whatever I do in terms of memory reads now, I'll probably have to dig through for the classic client again to at very least update all offsets (and while I don't want to think about it just yet, given the classic client is vastly more recent than the 1.12.1 one - I'm not even sure if just changing offsets will do, I could imagine that many core implementations of their data structures might have changed).

So if I can do things without needing to implement specifics about the client, I usually try to take these shortcuts at the moment, hoping it will save some work later on. But it's certainly a big tradeoff..!

The second problematic is to "sendKey" in a non detectable way, as for now it looks perfectly safe.
Many people use a kernel driver to emulate a real keyboard (so it prevent "fake events" that are generated via sendKey api) but even this could possibly be detected in the future.

Hmm yes, I've been reading up a little bit about driver based implementations. I don't have extensive knowledge there, so I might be off track, but from what I understand, these don't sound super safe to me either. The driver itself might be, but loading it up .. I'm thinking, running Windows in test mode, or having some known vulberable driver (Capcom etc) installed etc. would probably look at lot more suspicious to me, if I was an anticheat dev, than receiving "fake" input by itself. I'm sure smarter people have better way of doing that in a stealthy way though

[Hazzbazzy]

The second problematic is to "sendKey" in a non detectable way, as for now it looks perfectly safe.
Many people use a kernel driver to emulate a real keyboard (so it prevent "fake events" that are generated via sendKey api) but even this could possibly be detected in the future.

Writing your own kernel driver for this is a bit of a rabbit hole, there's a lot of ways you can do it but not a lot of *specific* documenation. There's a lot of talk about it on OSR however, example:
Simulate keystroke — OSR

[Narache]

Anyway it doen't really matter, sending events to the game is not what will take you the most time, just do a simple one for now and keep going on on your bot where you'll have fun implementing stuffs !!!

or you can bot on linux ! Wine and DXVK are open source so you just OWN the Win API and DirectX layer... Hook yourself wherever you want, send whatever events you need to the game...