There's nothing inherent about packet based bots that make them detectable, at least not compared to mouse/keyboard simulating ones. They're likely harder to implement correctly though.
There's nothing inherent about packet based bots that make them detectable, at least not compared to mouse/keyboard simulating ones. They're likely harder to implement correctly though.
The problem with packet based bots, is that CIP can change the packet when they feel like it, and having a heyday banning/deleting everyone who uses such, Just as they did when they banned people using blackDproxy and Elfbot when they started with their auto detection tool
กิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิ ิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิ ิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิ ิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิ ิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิ ิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิ ิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิ ิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิก ิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิ ิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิ ิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิ ิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิ ิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิ ิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิ ิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิ ิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิ ิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิ ิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิ ิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิ ิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิ ิิิิิิิิ
They can only change the client to server packets at client updates. Analyzing the new client for changes in what packets it creates is something you have to do regardless of how you implement your bot as you have to make sure there's no new client sided detection included in the new update. There's some more room to play with when it comes to the server to client packets, as we saw a few weeks ago when all bots lost their ability to loot, but they're still limited to sending packets that the current client is able to comprehend.
And that is how they banned the people using Elf/blackD.. They sent a "special" packet from the server to the client, and the bots answered the old, but still working packet,that a non bot client did not, and bam banned..
Anyways, the looting problem had nothing to do with that really, they just changed so that monsters did not stay on the battle list with 0% hp for half a sec like they did before (which the bots used to add the monster as dead and to the loot list), but got removed right away when they died.
กิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิ ิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิ ิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิ ิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิ ิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิ ิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิ ิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิ ิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิก ิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิ ิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิ ิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิ ิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิ ิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิ ิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิ ิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิ ิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิ ิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิ ิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิ ิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิ ิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิ ิิิิิิิิ
Which just means that the creators did a poor job in analyzing the update.
Maybe they changed that too, but they did change the order of the loot message, and the new corpse packets too (that's what messed with Xeno).Anyways, the looting problem had nothing to do with that really, they just changed so that monsters did not stay on the battle list with 0% hp for half a sec like they did before (which the bots used to add the monster as dead and to the loot list), but got removed right away when they died.
It is easy to miss something that is only activated if they recived the special packet, and if they only got the normal packets, it just sent the same was the bot did.
Tibia havent really been deeply RE since long ago, and non of the bot creators do that for every single update..
Else all of them would have catched that ever since Flash client got released you have been able to iterat your entier backpack without having any BPs open..
So it is easy to miss stuff you're not looking for.
กิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิ ิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิ ิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิ ิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิ ิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิ ิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิ ิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิ ิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิก ิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิ ิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิ ิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิ ิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิ ิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิ ิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิ ิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิ ิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิ ิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิ ิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิ ิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิ ิิิิิิิิิิิิิิิิกิิิิิิิิิิิิิิิิิิิิกิิิิิิิิิิิิ ิิิิิิิิ
It does not. And it does. It's hard to answer this without understanding exactly what you mean by protocol. The new client adds some network layers such as ProtoBuff which makes it harder to reverse engineer the packet data, but once we've got all the information on it we can store it in a really nice format and use it in some very clever ways. Sadly, though, there are a lot of other changes. They have made more changes just to accommodate what the new client is capable of, so the old client gets different packets from the new one and vice versa.
Further to the above, though, it is indeed possible to make a clientless bot, and at one time BlackD used to have a clientless option. It was incredibly lightweight and comparatively easy to use, but it did lack some functionality (although BlackD was one of the first bots to have "real" capabilities to refill and stuff since other developers didn't want to use packets). To make a clientless bot today, however would not be as easy as it was back then due to the extra stuff that's been added.
Personally, I believe there is actually something that makes them fundamentally more detectable. The primary goal in bot detection (the way CIP is doing it) is to find a pattern and understand it. An example would be that a script which walks the exact same path every time will get you banned much more quickly in like-for-like environments as a script which uses entirely random paths every time (pseudorandom, at least, as random could result in the same output).
Further to things like walking paths, there are timings. If your latency is fixed (which it tends to be, in spite of what the HUDs tell you, it doesn't vary nearly that much - see jitter on pingtest.net for more information), and your computer is powerful, you'll find that as soon as the health lost packet arrives, you are shipping out a spell cast packet. The result? 0ms reaction times. Now, it's not possible just from one heal to work out that someone is using a bot, but when it's taking <100ms to send a packet to a client, have a user see the impact of that packet in their client, react to it, then to recognise the key event for the heal, generate a new packet and send it back to the server, and that's happening every time a player takes damage, it's pretty obvious that person is not genuine.
With software such as WindBot, the bot has to go through those extra layers which add time and randomisation to everything. In my opinion, that makes it inherently more risky to create a proxy based bot, since you must account for that delay each time you perform an action. I won't deny that botting with packets can be just as safe as with keyboard and mouse simulation, since obviously you can manually reproduce that delay and everything else that would need randomising, but by its very nature, a proxy bot will be harder to randomise than a simulation bot.
Finally, sorry for the essay, but just to say that it's not only timings such as healing which are effected in this way. I believe when you pathfind in the client (e.g click the minimap), a packet is generated and sent to the server each time you "reach a tile". If you're manually trying to reproduce this it could be very tricky to get the timing right. I might be wrong on this, been a long time since I looked, but if I'm right (I usually am ) then this could be more reason not to go with proxy bots. There are other examples, though, too. Attack spells, targeting creatures off screen, casting runes at creatures off screen, etc.
To add to that a bit, the new client now updates somewhat secretively on launch, if you didn't notice an update, they could easily enough ship it out and catch thousands of botters all at once. They could play havoc with proxy based bots if they really wanted to, just by changing their encryption method slightly.
Oh, I also think more people got banned by not saying exiva pause than by having some secret packet sent lol
Meu Windbot não concecta, esta sempre desconectado, tem alguma solução??? estou falando desse wind beta test