Signup Now
Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Free User jakub's Avatar
    Join Date
    Dec 2013
    Location
    Poland
    Posts
    132
    Reputation
    32
    Rep Power
    21

    Bypassing battle eye by using Linux

    Hello,

    Tibia linux client doesn't require root to run. Yet cipsoft claims it incorporates battleye. It has indeed anti-debug flag set.
    Howerver since 2012 there are two new methods in the linux kernel which allows to read other process memory without setting up ptrace.
    process_vm_readv and process_vm_writev. docs: http://man7.org/linux/man-pages/man2..._writev.2.html

    I checked it on Ubuntu 16.04 and I was able to read and write Tibia memory without any issue.

    I think it's worth considering porting Windbot to Linux.

    Greetigns,
    Jakub Trzebiatowski

    PS. If you're interested in checking it by yourself but you are not very familiar with coding you can use https://github.com/scanmem/scanmem. It's cheat engine clone for linux.
    Last edited by jakub; 11-19-2017 at 06:17 PM.

  2. #2
    Free User
    Join Date
    Sep 2014
    Posts
    2
    Reputation
    10
    Rep Power
    0
    Jakub so kid... battleeye can easily create update and deny then why spend time it??

  3. #3
    Moderator Josh's Avatar
    Join Date
    Dec 2013
    Posts
    1,395
    Reputation
    183
    Rep Power
    24
    A few of us are very well aware that this functionality exists, however exploiting it in the way that you describe (aka porting WindBot to Linux) will not achieve anything more than a massive headache. Scanmem and GameConqueror are crap, to start with, and would need expanding or replacing so that pointer scanning is less of a PITA, and as noted, attaching a debugger to the process is difficult at best (although Zuna and Zunera make this simpler).

    If you'll crack open the Linux BattlEye library in a debugger, you'll be able to browse through it and see exactly what it's capable of, including its capability of binary scanning. This effectively means that whatever you do on Linux, you'll eventually meet the same fate (detection and blocking).
    Interested in software development and/or programming for Tibia?
    Check out the new Tibia Programming Forums (TibiaPF) by clicking the image below.

    Looking for a bot for the MMORPG, Medivia?
    Check out MediviaBotter, a powerful, injected bot by clicking the link below.


  4. #4
    Free User jakub's Avatar
    Join Date
    Dec 2013
    Location
    Poland
    Posts
    132
    Reputation
    32
    Rep Power
    21
    Thank you for your answer Josh.

    Such a bummer then.

    I have a few other ideas you guys probably already considered.
    1. Virtualization. Reading guest memory from the host.
    • probably very easy to detect by battle eye

    2. Image processing using CUDA
    • requires "a few" very advanced algorithms to detect the game world
    • I made very simple location tracing, on nvidia gt210 it took <100 ms to find players position using very unoptimized algorithm



    Sorry if it's not a right topic.

    Regards,
    Jakub Trzebiatowski

  5. #5
    Free User
    Join Date
    Sep 2017
    Posts
    26
    Reputation
    10
    Rep Power
    0
    Quote Originally Posted by jakub View Post
    Thank you for your answer Josh.

    Such a bummer then.

    I have a few other ideas you guys probably already considered.
    1. Virtualization. Reading guest memory from the host.
    • probably very easy to detect by battle eye

    2. Image processing using CUDA
    • requires "a few" very advanced algorithms to detect the game world
    • I made very simple location tracing, on nvidia gt210 it took <100 ms to find players position using very unoptimized algorithm



    Sorry if it's not a right topic.

    Regards,
    Jakub Trzebiatowski
    I am pretty sure you don't need CUDA to do image processing. I am using this approach and it works. The problem is that it is time consuming to do the whole bot from scratch. Also it has some limitations. It is also hard to make it work in different computers.

    Check this: https://forums.tibiawindbot.com/show...394#post540394

  6. #6
    Free User
    Join Date
    Oct 2014
    Posts
    33
    Reputation
    2
    Rep Power
    0
    wront thread

  7. #7
    Moderator Josh's Avatar
    Join Date
    Dec 2013
    Posts
    1,395
    Reputation
    183
    Rep Power
    24
    Both suggestions come with their own problems, none of which can really be properly mitigated.

    The core problem of virtualisation is that really, nobody plays Tibia in a virtual machine. It would be really simple for CipSoft to block virtual machine specific drivers, and unless you're an expert in hypervisors, or fancy rewriting your stuff every couple of weeks for a different environment (hypervisor, operating system, etc) it just won't work. In reality, though, this is an ideal way for home users to bot. The beauty of botting in a virtual machine is that it can be made to look exactly the same as a regular computer. The disadvantage is that the amount of work required to make it so is absolutely huge. It would be impossible to detect by any method other than that listed above, though, so the suggestion is entirely valid and actually not that bad of an idea at all.

    Image processing in itself is awful. It's unreliable, and it can only be used for basic tasks. If someone manages to build a bot with the same capabilities as WindBot which can run on a regular computer at "human-like speeds", they are more than worthy of any profits they might accrue from it. Sadly, I don't think it's physically possible with current computer specifications. There are far too many variables and datas to examine to produce a reliable bot using this method, and even if something were built, it faces the same problem that running WindBot on Linux would. It will inevitably be detected by CipSoft if it ever gets popular.

    All of the above methods are perfectly acceptable to use for a home-brew bot, and they'll all do what you might ask of them, within reason. A pixel reader bot is perfectly capable of healing and, as you've probably seen, even following basic waypoints using minimap markers. An injected bot on Linux could be as capable as Elfbot and Magebot are in terms of speed, with the functionality of WindBot with suitable development.

    What I'm doing personally, right now, is running a bot which sits watching for bosses 24/7. This is controlled by using a piece of software called Sikuli, which detects images on the screen and reacts according to a script I've written. That runs on the host machine, with the client in a guest VM, just sending basic commands to login and to move occasionally (as well as detecting when the client gets disconnected, and relogging). The guest of the VM is sat there running a small binary which searches the heap of the client to find text strings which match a given pattern, and it's being triggered every 5 seconds by a Python script which is integrated with PushBullet. This stuff is all really basic, but it demonstrates that yes, you can make huge use of the lack of Linux BE support in some way, but that it should only ever be used at that personal level. If I were to start selling my little toolkit, within a few hours the binary would've been fingerprinted and shipped off to BattlEye HQ where it would be blacklisted, and inevitably result in account or HWID bans.

    We're heading back to the days when if you wanted a bot, you had to write it yourself, and personally I see that as a bit of a good thing. Lots of people are showing an interest and many of them have great ideas. What WindBot became was an extortion tool. We were destroying the game bit by bit here, and that's not good. Having this personal touch enforced on anyone with the willpower will restore some balance in the game and hopefully make it more enjoyable for both botters (those who remain) and fair players alike.
    Interested in software development and/or programming for Tibia?
    Check out the new Tibia Programming Forums (TibiaPF) by clicking the image below.

    Looking for a bot for the MMORPG, Medivia?
    Check out MediviaBotter, a powerful, injected bot by clicking the link below.


  8. #8
    Free User
    Join Date
    Oct 2014
    Posts
    33
    Reputation
    2
    Rep Power
    0
    Ive done some tries in disguising a virtual machine into a real machine a few months ago, too much of a headache, seems like almost impossible for me. Gave up on virtual machines. I'll be doing my image stuff on normal machines with time. Ive thought about doing it in linux a few time ago, but I have no idea how linux work, Im so noob I might not be able to pass what ive done so far into linux.

    PS: Beye tried to give me a Tibia Client update when I logged a few 30+ old accounts. Looked like a Beye update, since I ignored it, and I could still log in the characters, after some time, it became a obligatory update, which I evaded by changing the "computer" i was at.

  9. #9
    Free User
    Join Date
    Sep 2017
    Posts
    26
    Reputation
    10
    Rep Power
    0
    Quote Originally Posted by Josh View Post
    Both suggestions come with their own problems, none of which can really be properly mitigated.

    Image processing in itself is awful. It's unreliable, and it can only be used for basic tasks. If someone manages to build a bot with the same capabilities as WindBot which can run on a regular computer at "human-like speeds", they are more than worthy of any profits they might accrue from it. Sadly, I don't think it's physically possible with current computer specifications. There are far too many variables and datas to examine to produce a reliable bot using this method, and even if something were built, it faces the same problem that running WindBot on Linux would. It will inevitably be detected by CipSoft if it ever gets popular.
    I disagree with this. The game is played by looking at the tibia window and making simple decisions in around 0.2s. Which capability do you think is not possible using image processing? It is possible to do more than 1000000 operations in 0.2s with an average computer, and the game window has only around 500x500 = 250000 pixels.

    I've currently done the following:
    - Waypoints using minimap images (without marks). I use the keyboard to walk and it does not get trapped by parcels, etc.
    - Actions like using rope, shovel, stairs, etc.
    - Scripts, like talking to npcs, label checking or refilling.
    - Targeting by scanning monsters on screen and using battle list. I am able to detect monster positions and check if they are reachable.
    - Looting 'old-style' using loot lists (I am using facc's). I can loot 95% of monsters using this method and probably 100% if I use the auto-looting method.
    - Deposit/Withdraw items from depot.
    - Healing
    - Check item count, like mana potions, spears, etc.
    - Check cap, etc..

    With this I am able to hunt all night with my maker afk. I currently have only one maker and two working scripts. The way to create scripts is also similar to windbot or other old bots.

    The only thing that is missing at the moment is using area/target spells to attack monsters and keeping distance when targeting. But I don't see why it is not possible.
    Which other capabilities does a bot need?

    At the moment I am running Tibia and the bot in the same PC. It is possible to run tibia inside a virtual machine and the bot outside of it in order to be undetectable. The only problem I am facing is that I can't get good framerates running tibia 11 inside a vm. For some reason vmware does not detect my graphics card.

    Cipsoft might block tibia from being played inside a vm, but they can't delete the character. And all the programs I've seen that blocked its execution inside a vm were easily executed after changing some vm configurations. Do you know if there is an example of a program that blocked vm execution completely?

  10. #10
    Moderator Josh's Avatar
    Join Date
    Dec 2013
    Posts
    1,395
    Reputation
    183
    Rep Power
    24
    Quote Originally Posted by kadenlothar View Post
    I disagree with this. The game is played by looking at the tibia window and making simple decisions in around 0.2s. Which capability do you think is not possible using image processing? It is possible to do more than 1000000 operations in 0.2s with an average computer, and the game window has only around 500x500 = 250000 pixels.

    I've currently done the following:
    - Waypoints using minimap images (without marks). I use the keyboard to walk and it does not get trapped by parcels, etc.
    - Actions like using rope, shovel, stairs, etc.
    - Scripts, like talking to npcs, label checking or refilling.
    - Targeting by scanning monsters on screen and using battle list. I am able to detect monster positions and check if they are reachable.
    - Looting 'old-style' using loot lists (I am using facc's). I can loot 95% of monsters using this method and probably 100% if I use the auto-looting method.
    - Deposit/Withdraw items from depot.
    - Healing
    - Check item count, like mana potions, spears, etc.
    - Check cap, etc..

    With this I am able to hunt all night with my maker afk. I currently have only one maker and two working scripts. The way to create scripts is also similar to windbot or other old bots.

    The only thing that is missing at the moment is using area/target spells to attack monsters and keeping distance when targeting. But I don't see why it is not possible.
    Which other capabilities does a bot need?

    At the moment I am running Tibia and the bot in the same PC. It is possible to run tibia inside a virtual machine and the bot outside of it in order to be undetectable. The only problem I am facing is that I can't get good framerates running tibia 11 inside a vm. For some reason vmware does not detect my graphics card.

    Cipsoft might block tibia from being played inside a vm, but they can't delete the character. And all the programs I've seen that blocked its execution inside a vm were easily executed after changing some vm configurations. Do you know if there is an example of a program that blocked vm execution completely?
    Your counts for "operations" on a computer have no backing. Simple fact is, whilst a CPU can operate at very high speeds, the methods in which it processes data cannot be anywhere nearly as fast as the human brain. Computers are designed to crunch numbers only, and they are very good at that, but when a calculation reaches the same degree of complexity as that which humans make, it is beyond the power of a computer to calculate. Aside from that, image processing is probably one of the least efficient things to do on a regular desktop processor. Using a graphics processor it's a lot less inefficient, but I doubt anyone is going to write a bot in such a way that it really utilises that.

    I've also never really denied that botting with image processing is possible, as we've seen it done in other, far more complex games than Tibia, but it's not efficient, nor will the majority of Tibia players computers be up to the task. People will never be able to bot in the same scale that they have in the past on real Tibia again, not unless someone makes something truly revolutionary.

    Then there are the problems of configuration. It's very easy to setup a bot like that using AutoIt or a similar application to perform basic tasks such as recognising and clicking on specific images, but once you switch to another computer with a different resolution and slightly different window configurations, it all gets a bit more complicated. We've already seen some bots which require a 10 minute setup when first running, to tell them where your health bars are. The people writing these don't know any better, and I can prove that by quite simply stating that if they did, they wouldn't be relying on the user to input such data, instead they would be calculating it by looking for the images they are asking the user to click on the screen itself - these operations are often very complex and processor heavy, and basic AutoIt scripts have very little power to shift the workload off to a fit-for-purpose graphics processor.

    A bot, more than anything else, needs stability and reliability, especially in a game like Tibia. Processing graphics input through an application is not a reliable method of data acquisition. It only takes a tiny change in a single operating system component and suddenly everything is rendering differently. That change could (in your configuration) come from the host OS, guest OS, hypervisor, or any of the drivers in the guest. All it takes is a tiny change and the pixels are offset slightly, maybe they are rounded differently or something in an algorithm changes and everything breaks and needs re-programming.

    As for area runes and stuff, well, that's a bit more complicated. Not because it's any harder to do, since as you suggest you can easily find creatures using image recognition (though doing so will be inherently more difficult due to other animations happening on screen), but more importantly at that point you'll need to be scanning the game view very regularly, and with things like keeping distance you'll also have to account for finding walls and water, so the character doesn't get stuck trying to keep away by running through a wall... It sounds simple enough, and clicking a few map markers then watching the battle list really can be, but going into the advanced detail makes things more challenging.

    Talking about virtual machines, well, the entire driver stack for VMWare and VirtualBox VMs uses bespoke drivers, all of which can be detected. I don't know what gives you the impression that "they can't delete the character" - they absolutely can and based on experience of BattlEye integrations, yes, they absolutely will. Nobody plays Tibia legitimately inside a VM, except a handful of Mac users who don't like the native client, and even then they are probably exclusively using Bootcamp which has its own drivers. It would be very easy even just to look at any character using a virtual machine, look at the client configuration, and deduce that a client is botting from that alone... Does he have map marks? Does he walk in a fixed pattern? They can derive 99.9% certainty that a character is botting from that information alone, and that's more than enough. There is no "innocent until proven guilty", here.

    That's not to say that there are not ways to bot, however, as I know of a new method which will probably be hitting the shelves in the next few months. I won't go into detail, but it's sufficient to say very little stuff ever happens on the end user computer, and no virtualisation is involved. It's possible on both Windows and Linux, and it's probably going to be the future of any fights against CipSoft or BattlEye, if we can get it past a proof of concept. Time will out, though.
    Interested in software development and/or programming for Tibia?
    Check out the new Tibia Programming Forums (TibiaPF) by clicking the image below.

    Looking for a bot for the MMORPG, Medivia?
    Check out MediviaBotter, a powerful, injected bot by clicking the link below.


 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •