Why Pixel Botting is Detected menu

User Tag List

Page 2 of 2 FirstFirst 12
Results 16 to 30 of 30
  1. #16
    KKira's Avatar Active Member
    Reputation
    20
    Join Date
    Apr 2019
    Posts
    36
    Thanks G/R
    5/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by REGELE33 View Post
    there is an academic paper on cheats and stuff.. you guys should read it and be amazed of what they can do without scanning anything in your computer. if you manage to make a bot using real hardware input it will get detected
    Feel free to link it, we can't guess its name or URL.

    Why Pixel Botting is Detected
  2. #17
    REGELE33's Avatar Member
    Reputation
    1
    Join Date
    Oct 2019
    Posts
    13
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    read it years ago and i can;t find the bookmark for it. basically they said that mouse movement its like an online fingerprint where no two people are the same. if blizzard tracks it and you gonna play at your friend house they can tell its you. to beat it you would need human movement+hardware input (seems like in wow input doesn't matter that much) and it can be done. then they can't ban you because its basically a human playing )) has anyone been falsely banned for botting ?

  3. #18
    TehVoyager's Avatar I just love KuRIoS
    Reputation
    1282
    Join Date
    Nov 2010
    Posts
    2,733
    Thanks G/R
    85/470
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by fonillius View Post
    Yes, very simple method! thx
    at same go i made artificial-intelligence-one-button-bot with arduino
    for the longest time, I would wonder "why hasn't someone started using an intel Nuc with some sort of USB and HDMI passthrough device and just have a hardware bot

    I guess that snarky answer explains why


    (don't post things I post to Patreon.)

  4. #19
    KijoSenzo's Avatar Member
    Reputation
    1
    Join Date
    Oct 2019
    Posts
    7
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Was planning to make a simple AHK script where I press one button and have it send a key based on image searching.

    Detectable and bannable?

  5. #20
    InnerSilence's Avatar Active Member
    Reputation
    29
    Join Date
    Oct 2019
    Posts
    81
    Thanks G/R
    13/16
    Trade Feedback
    0 (0%)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Xaxoxuxu View Post
    Is this the detection method they use? I can't think of external applications that could possibly be legit and use SendInput ?
    Well, that's not the only windows API that can be used to get simulated inputs. About legit software, Windows on screen keyboard sends simulated inputs too! Or when you use steam or other software to stream your game those probably send simulated inputs too. Anyway hiding inputs with UIAccess even if was possible was as bad as sending simulated inputs to the game.

    Originally Posted by ChimpeonFan View Post
    Personally I think Blizzard simply looks for known pixel bots in memory or on the hard drive. If you keep a pixel bot completely private, Blizzard never gets to hear about it and you won't get banned (although I've not tested this personally). It is only when the pixel bot gets popular in the public domain (like Chimpeon did) will it become detected by Blizzard. There are ways to circumvent detection - using the pixel bot on a PC remote from WOW being one... Chimpeon 101 - Using Chimpeon on a Remote PC
    Looking in the hard drive is pretty lame and they wont do it, still they can search memory for signature of known bots as u said just like what antiviruses do. And to be honest it is not easy to hide from signature detection methods for public bots. Using bot on a remote PC prevents signature detection but still you are sending simulated inputs to WoW which is suspicious and can get you flagged.

    Originally Posted by aerichardso3 View Post
    Has anyone found a solution to this, minus purchasing and coding a physical button pressing bot?
    Yes there are some ways, but not without hassle. If you want hardware input you need to do it from driver level.

    Originally Posted by REGELE33 View Post
    there is an academic paper on cheats and stuff.. you guys should read it and be amazed of what they can do without scanning anything in your computer. if you manage to make a bot using real hardware input it will get detected
    True, there are actually many papers about bot detection. Most bots are detectable because they act very stupidly. i.e. no human player can move his mouse from point A to point B instantly or on a perfectly straight line. Or when honnerbuddy used to work I always knew that despite what they claim their bot was so detectable because all path findings where based on a single algorithm which caused all bots that wanted to move from a point A to B walk through a similar path. You could easily see this in BGs where all bots moved together.

  6. #21
    nemesis2578's Avatar Member
    Reputation
    8
    Join Date
    Aug 2017
    Posts
    10
    Thanks G/R
    1/2
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Hazzbazzy View Post
    ... I cannot emulate a hardware keypress with SendInput, even with the UIAccess flag set to true and the application being (self)signed.
    I was playing with it a bit and managed to use "mouse_event" and still have INPUT_MESSAGE_ORIGIN_ID set to: IMO_HARDWARE. It is important to meet ALL those 3 requirements(described here: Security Considerations for Assistive Technologies - Windows applications | Microsoft Docs ):

    1] Be signed with a certificate to interact with applications running at a higher privilege level.
    2] Be trusted by the system. The application must be installed in a secure location that requires a user account control (UAC) prompt for access. For example, the Program Files folder.
    3] Be built with a manifest file that includes the uiAccess flag.

    For 1, I used OpenSSL and generated CA key+cert, then generated user certificate used for signing. Then exported it to .pfx and used with signtool.exe to sign my .NET app. Also I had to import this CA cert into computer's trusted root CA.
    For 2, I moved it into C:\Program Files\Test. I think you might be missing this part. When I was running it from C:\Users\xxx\repos\.... I was not getting any errors/warnings, but result was IMO_INJECTED.
    For 3, It is quite simple, no need to describe it more.

  7. #22
    InnerSilence's Avatar Active Member
    Reputation
    29
    Join Date
    Oct 2019
    Posts
    81
    Thanks G/R
    13/16
    Trade Feedback
    0 (0%)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by nemesis2578 View Post
    I was playing with it a bit and managed to use "mouse_event" and still have INPUT_MESSAGE_ORIGIN_ID set to: IMO_HARDWARE. It is important to meet ALL those 3 requirements(described here: Security Considerations for Assistive Technologies - Windows applications | Microsoft Docs ):

    1] Be signed with a certificate to interact with applications running at a higher privilege level.
    2] Be trusted by the system. The application must be installed in a secure location that requires a user account control (UAC) prompt for access. For example, the Program Files folder.
    3] Be built with a manifest file that includes the uiAccess flag.

    For 1, I used OpenSSL and generated CA key+cert, then generated user certificate used for signing. Then exported it to .pfx and used with signtool.exe to sign my .NET app. Also I had to import this CA cert into computer's trusted root CA.
    For 2, I moved it into C:\Program Files\Test. I think you might be missing this part. When I was running it from C:\Users\xxx\repos\.... I was not getting any errors/warnings, but result was IMO_INJECTED.
    For 3, It is quite simple, no need to describe it more.
    Please check hooking with SetWindowsHookEx api and see if you are still not getting Injected flag. If any program wants to check source of input, most likely will use that function not the one mentioned in this topic.

  8. #23
    REGELE33's Avatar Member
    Reputation
    1
    Join Date
    Oct 2019
    Posts
    13
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i need something like this 403 Forbidden if anyone knows a software or a device like this lmk
    Anti-AFK Undetectable Hardware Device - YouTube
    hardware bot Basic AFK Leveling - YouTube
    Last edited by REGELE33; 10-28-2019 at 09:44 AM.

  9. #24
    nemesis2578's Avatar Member
    Reputation
    8
    Join Date
    Aug 2017
    Posts
    10
    Thanks G/R
    1/2
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by InnerSilence View Post
    Please check hooking with SetWindowsHookEx api and see if you are still not getting Injected flag. If any program wants to check source of input, most likely will use that function not the one mentioned in this topic.
    You are right, after hooking SetWindowsHookEx and inspecting lParam.flags I have there LLMHF_INJECTED(=0x00000001). Question is how to prevent it(beside having some hardware machine). Would device driver be sufficient?

  10. #25
    Kwapuzzi's Avatar Member
    Reputation
    12
    Join Date
    Apr 2007
    Posts
    62
    Thanks G/R
    2/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    For Mouse Clicks you could build this. I tested this when blizz random disconnects me on classic launch. Wanted to test of they check real hardware inputs. Worked well. Open Java/C# libary for switching the relais and sending mouse 1,2,3
    t7MHjhl.jpg

  11. #26
    InnerSilence's Avatar Active Member
    Reputation
    29
    Join Date
    Oct 2019
    Posts
    81
    Thanks G/R
    13/16
    Trade Feedback
    0 (0%)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by nemesis2578 View Post
    You are right, after hooking SetWindowsHookEx and inspecting lParam.flags I have there LLMHF_INJECTED(=0x00000001). Question is how to prevent it(beside having some hardware machine). Would device driver be sufficient?
    Emulating hardware input is not only point of interest of wow. There are many games out there people looking for such methods for long time. As I said before solution depends on howmuch trouble you can endure. There are some unsigned drivers out there you can use but you need to configure windows to allow it. Also there is well knowned one named 'interception driver' which is signed but free version has some limitations and is not easy to use.

  12. #27
    anaithnid's Avatar Member
    Reputation
    1
    Join Date
    Nov 2019
    Posts
    1
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by KKira View Post
    Solution: Use Arduino and simulate real keyboard input, no need to over-complicate an easy work around.
    While this is a funny thought it also is a brilliant idea.
    An arduino due with a camera module could read "pixels" on your screen and send key presses simulating a USB keyboard.
    I guess there is no way that warden will ever detect that.

  13. #28
    makkk's Avatar Member
    Reputation
    1
    Join Date
    Jan 2020
    Posts
    2
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Kwapuzzi View Post
    For Mouse Clicks you could build this. I tested this when blizz random disconnects me on classic launch. Wanted to test of they check real hardware inputs. Worked well. Open Java/C# libary for switching the relais and sending mouse 1,2,3
    t7MHjhl.jpg
    That's pretty cool, did you buy it somewhere or make it yourself?

  14. #29
    makkk's Avatar Member
    Reputation
    1
    Join Date
    Jan 2020
    Posts
    2
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Allowed software such as multiboxing tools or key scramblers or whatever use the same APIs, so would this be a major problem for non-public bots at all?

  15. #30
    aua's Avatar Member
    Reputation
    1
    Join Date
    Jun 2008
    Posts
    2
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just tryed on a VM (Windows 10, ESXi 6.7u3 Host, latest VMware-Tools) with "IdentifyInputSource" (Windows-classic-samples/Samples/IdentifyInputSource at master . microsoft/Windows-classic-samples . GitHub.
    Inputs over VMware Console and RemoteDesktop are recognized as hardware input. PixelBots via RemoteDesktop or Vmware console should not be detectable via this method.

Page 2 of 2 FirstFirst 12

Similar Threads

  1. I think i figured out why bots are detected.
    By ItalianAce1942 in forum Pokemon GO Hacks|Cheats
    Replies: 35
    Last Post: 08-30-2016, 08:32 AM
  2. All Bots are detected..
    By lito in forum Pokemon GO Hacks|Cheats
    Replies: 6
    Last Post: 08-23-2016, 06:04 AM
  3. [Question] Which bot is the best and why?
    By Unknown-x in forum Pokemon GO Chat
    Replies: 5
    Last Post: 07-31-2016, 10:40 PM
  4. Why/How Bots are detected
    By Diablo3Bot in forum Diablo 3 Bots Questions & Requests
    Replies: 4
    Last Post: 07-13-2012, 03:52 PM
  5. Heretic (macro, window, pixel and image detection bot)
    By Malarkey in forum World of Warcraft Bots and Programs
    Replies: 10
    Last Post: 02-25-2009, 07:30 AM
All times are GMT -5. The time now is 12:58 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search