Randomization - What is it and how to do it?

[Josh]

I'm sure that randomizing spell casting, flask dropping, key strokes etc (single actions) is more important than randomizing waypoints because cipsoft can analyse these actions much easier. Think how much data needs to be gathered and how much computing must be done to find a pattern in walking in in 4 hours hunt.

And here or on tibia forum I whole list of science papers about how to detect bots in mmorpg games and I just took a quick look and there was much about how they see patterns repetitive behaviours.
One method of detection was to gather ALL requests sent by a client and their timestamps. So I don't know how the communication works between client and server in this case but I imagine as said before - simple actions like: one step west, cast exori, use mana potion, attack next mob etc. So they gather all this info and they look at the distribution. They know how it should look like, it should not be total random obviously but they can spot bot in those charts.

Especially if they put other SERVER actions on this chart and watch how fast you react on these actions. Let's say normal user see mob and click attack in 1-3 seconds after mob was seen on the screen. But sometimes human is busy and he will click attack in 10 seconds instead of 2. But bot will always stick to the same rules. I can see that my bot is attacking mob 0,000001 sec after mob is spawned near him that's impossible for human to always react like this. Or if I use mana trainer in healer section on my bot and I gain level, then ALWAYS I cast utani hur or something 0,5 second after every single level up because my mana is full then... cmon guys...

I use some spell in targeting and I wanted to cast it not just after cooldown expires but a moment later so I set spam rate to max (which is 4000ms to 4000ms) and it didn't work at all for me, is it working for you? I mean it was casting exori ico excacly at the moment when old exori ico cooldown ended.

I think that windbot should be more randomized itself, allow us to choose larger periods etc.

I looked xenobot forum once and people there claim that yes windbot is more powerfull but it is easier to detect and ppl get deleted quickly. (I never even see xeno so I have no idea how it really is, it is just something that i read there)


Shame I don't have link to this papers anymore, if anyone have it please share it here

Edit: there are whole semesters on universities about pseudorandom number generators and how they are extremly hard to be made, there are tests to check if pseudo random generator is generating good enough output and it's easy to notice that this one is bad and that one is better (but never great ) so that's why I focused on these things that can be easily put into simle charts where X axis is time and Y axis is
- request timestamp,
- or response time to some game event like mob entering screen.

Regarding your first statement, while it's technically correct that map data varies a lot more than timings, they are already doing it. They have released heatmaps of where is most visited in Tibia and it's quite clear that they had an interest in this sort of statistical analysis. If they aren't using it to detect bots, I would be hugely surprised.

Science papers are great, as is research, but it doesn't always play out in the real world. In most games, it's very difficult to track coordinates of players because they are decimal and nowhere near as binary as Tibia. In Tibia there is a fixed number of places a player can be and directions they can face, this makes the game very different from the majority of subjects (most likely the paper was written about World of Warcraft or something, much more popular game). Bots do stick to rules, but they do also have random behaviours.

Spam rate is how often bot will press the button when he needs to. For example, if you set it to 30ms and your ping is 60ms, he might send key 2x because first one wasn't recognised before spamrate timed out. It's reset each time the spell is cast.

WindBot is already very random by comparison to XenoBot. XenoBot would be the easiest to detect in my experience because it is very rigid. The scripting interface is bad and this makes players rely on the same generic functionality a lot more, which will increase the probability of CIP finding patterns in players using it. WindBot, on the other hand, has a variety of ways to do everything, all of which can be hugely customised by editing Lua. In reality, it depends on how DarkstaR implemented things in XenoBot, but I don't feel he would've gone to the effort to make everything as random as it could be with WindBot.

Finally, true random number generators are impossible in computer science. It's impossible to design something to be random. You can design it to select a number which you didn't choose in advance, but it will be preset by the state of the machine at first boot. If you were to re-build the same machine, in the same way again, it will result in the same random numbers coming out thus isn't truly random. Psuedorandom is all we have, but it's good enough. If you use a good enough seed, it's near impossible to work out what it is unless you know how it's implemented and every time it's used.

[gondogando]

Regarding your first statement, while it's technically correct that map data varies a lot more than timings, they are already doing it. They have released heatmaps of where is most visited in Tibia and it's quite clear that they had an interest in this sort of statistical analysis. If they aren't using it to detect bots, I would be hugely surprised.

It's easy to calculate in real time and store information about how many times some char stepped on a tile - I mean to put a 'counter' on each tile and see how many times "it was stepped on".
But it's harder to calculate in real time on which tiles and at what time did specific character stepped. To do that 'per character' it takes much more effort. Servers are limited, we already have lags.
But ye these are just speculation, maybe you are right and they gather all this data, we can't now it for sure so I guess it's better to protect yourself by randomizing waypoints as you suggested.

Spam rate is how often bot will press the button when he needs to. For example, if you set it to 30ms and your ping is 60ms, he might send key 2x because first one wasn't recognised before spamrate timed out. It's reset each time the spell is cast.

That's what I was 50% sure of ye so this is a drawback of windbot, we can't set up offset when the spell should be cast after the cooldown or we can't set offset when mob should be attacked or body opened. (OK we can set it indirectly by seting Type Wait Time / Press Time etc, I hope it is working)

If you use a good enough seed, it's near impossible to work out what it is unless you know how it's implemented and every time it's used.

I'm no expert on this but I'm pretty sure that seed is irrelevant, what is relevant is pseudo random engine that generates them, seed only ensures you that you will get different numbers than the other guy who uses the same engine but the patterns inside, the cycles will be there, doesn't matter what engine you will use, some are better and some are worse.
Simple googling of "test of random generator" and first hit is https://www.random.org/analysis/ and there are two pictures generated by pseudo random gen, first is from php rand() and the other is created by their custom generator.

This image is hosted on a possibly dangerous website (https://www.random.org/analysis/randbitmap-wamp.png). Please consider reuploading it on Imgur.com.

This image is hosted on a possibly dangerous website (https://www.random.org/analysis/randbitmap-rdo.png). Please consider reuploading it on Imgur.com.

You can clearly see patterns of cycles on the php one which I believe is probably close to what we get if we use generic generator in lua or c++ that I belive was used to create windbot. If you use different seed in php generator you will get different numbers (or dots in this case) but the pattern will look the same.
Unfortunatelly first image only looks random but if you would have bigger picture, 10, 100, 1000 etc times bigger I'm sure you would see similar patterns.
As you said we can't have truly random, but we can have better or worse type of random.

Anyway whatever is used in windbot it would be really nice to have option to put more random periods (like we can do with spam rates now)
Interesting topic