L2J Server

Posted: **Thu Apr 08, 2010 10:26 am**

Szponiasty wrote:btw, when you flood client with few hundred gg queries, one after another, l2net is getting disconnected (and normal epi. client works ok). not too profesional way of dealing with it, but also not that bad at all. im going to check it on live server, to see will it not lag/crash/etc with 200+ online.

And how long do you think L2Net will take to fix that? Waste of effort i think

Posted: **Thu Apr 08, 2010 10:35 pm**

Szponiasty wrote:
ZaKaX wrote:Personally, I think you didn't...think much ;o) That's like... super uber easy to bypass, pointless.
Not that easy Ofc assuming that it will be non-standarised solution. I've found few cool packets in epilogue client, to display messages/htmls in totally nonstandard windows, that none "textmode" bot is able to display in a way, that player could read and answer even simplest question

btw, when you flood client with few hundred gg queries, one after another, l2net is getting disconnected (and normal epi. client works ok). not too profesional way of dealing with it, but also not that bad at all. im going to check it on live server, to see will it not lag/crash/etc with 200+ online.

I would have kept that a secret if I were you...too late

Posted: **Thu Apr 08, 2010 11:29 pm**

Szponiasty wrote: Not that easy Ofc assuming that it will be non-standarised solution. I've found few cool packets in epilogue client, to display messages/htmls in totally nonstandard windows, that none "textmode" bot is able to display in a way, that player could read and answer even simplest question

Very Easy to beat. Considering I wrote the anti-antibot script for l2.net for the servers L2relapse(pitiful attempt at an antibot [in 2 hours]) and I also wrote the non public anti-antibot for l2ownage (a bit harder to beat but not too complicated either, love rgb color values, by the way splitting the messages between system "CLIENT" messages and html was kinda silly).

The bot can intercept , parse, resend, emulate, decode, decrypt any packet that the server/client sends. And since what you speak involves data being sent and received, a packet is required to do so.

Here's a small excerpt from the l2ownage anti - 'ANTIBOT' and it works 99% of the time

This is not the finished script in full, I didn't release it on l2.net forums for reasons I will not discuss.

Code: Select all

//Yellow = (255,255,0)            1DISTANCE DIST X Y Z #i255 #i255 #i0PRINT_TEXT "<&DIST&> AND <&BESTCOLORDIST&>"IF DIST <= BESTCOLORDIST  BESTCOLORDIST = DIST  COLOR = #i1ENDIF

Code: Select all

 FUNCTION NpcHtml   DEFINE INT PacketType 0  DEFINE INT ID 0   PACKET.READ_BYTE PacketType  PACKET.READ_INT32 ID  PACKET.READ_STRING HTML   PRINT_TEXT "Recieved NpcHtmlMessage Packet  !!"  PRINT_TEXT "ID = <&ID&> | HTML = <&HTML&>"   NEWHTML = HTML.REPLACE HTMLFILTER1 BLANK   NEWHTML = NEWHTML.REPLACE HTMLFILTER2 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER3 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER4 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER5 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER6 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER7 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER8 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER9 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER10 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER11 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER12 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER13 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER14 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER15 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER16 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER17 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER18 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER19 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER20 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER21 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER22 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER23 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER24 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER25 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER26 BLANK  NEWHTML = NEWHTML.REPLACE HTMLFILTER27 SEP  NEWHTML = NEWHTML.REPLACE HTMLFILTER28 SEP  NEWHTML = NEWHTML.REPLACE FILTER4 BLANK NEWHTML = NEWHTML.TRIM PRINT_TEXT "NEWHTML: <&NEWHTML&>"//CALLSUB ParseHTMLRETURN VOID  FUNCTION ClientScreen   DEFINE INT PacketType 0  DEFINE INT ID 0       // packetexid  DEFINE INT Type 0  DEFINE INT Sysmsg_id 0  DEFINE INT Position 0  DEFINE INT unk1 0  DEFINE INT Size 0  DEFINE INT unk2 0  DEFINE INT unk3 0  DEFINE INT Effect 0  DEFINE INT Time 0  DEFINE INT unk4 0   PACKET.READ_BYTE PacketType  PACKET.READ_INT16 ID  PACKET.READ_INT32 Type  PACKET.READ_INT32 Sysmsg_id  PACKET.READ_INT32 Position  PACKET.READ_INT32 unk1  PACKET.READ_INT32 Size  PACKET.READ_INT32 unk2  PACKET.READ_INT32 unk3  PACKET.READ_INT32 Effect  PACKET.READ_INT32 Time  PACKET.READ_INT32 unk4  PACKET.READ_STRING Message    PRINT_TEXT "Recieved Client Screen Message Ex Packet  !!"  PRINT_TEXT "ID = <&ID&> | Type = <&Type&> | Sysmsg_id = <&Sysmsg_id&> | Position = <&Position&>"  PRINT_TEXT "unk1 = <&unk1&> | Size = <&Size&> | unk2 = <&unk2&> | unk3 = <&unk3&>"  PRINT_TEXT "Effect = <&Effect&> | Time = <&Time&> | unk4 = <&unk4&> | Message = <&Message&>" IF Message.LENGTH > #i0  NEWMESSAGE = Message.REPLACE FILTER1 BLANK  NEWMESSAGE = NEWMESSAGE.REPLACE FILTER5 SEP  NEWMESSAGE = NEWMESSAGE.REPLACE FILTER4 SEP  NEWMESSAGE = NEWMESSAGE.REPLACE FILTER3 SEP  NEWMESSAGE = NEWMESSAGE.REPLACE FILTER2 SEP   PRINT_TEXT "<&NEWMESSAGE&>"  CALLSUB ParseStringENDIF RETURN VOID  SUB FindWordSLEEP 5000 FOREACH S STRING ScreenMessageWords TEMPWORD = ScreenMessageWords.S  IF "NEWHTML.CONTAINS #$<&TEMPWORD&>" == TRUE 	Word = ScreenMessageWords.S	PRINT_TEXT "Common Word is: <&Word&>"  ENDIFNEXTEACH RETURNSUB SUB ParseString 	DEFINE INT a 1	ScreenMessageWords.CLEAR	CALL_EXTERN parse-function.l2s parse VOID 3 NEWMESSAGE SEP ScreenMessageWords FOREACH S STRING ScreenMessageWords	PRINT_TEXT "<&ScreenMessageWords.S&>"NEXTEACH CALLSUB FindWordRETURNSUB   SUB ParseHTML 	DEFINE INT a 1	HtmlMessageWords.CLEAR	CALL_EXTERN parse-function.l2s parse VOID 3 NEWHTML SEP HtmlMessageWords FOREACH S STRING HtmlMessageWords	PRINT_TEXT "<&HtmlMessageWords.S&>"NEXTEACH RETURNSUB

EDIT: Btw I like how poltomb is taking a special interest in this thread, what's been up buddy? I still agree with you, nothing can or will ever stop bots 100% with no margin for error factor. Get an active good, smart, GM.

As for the Gameguard packets flooding out L2.net, thanks, I'll have to test that. But honestly, how long do you think that would take slothmo (the maker of l2.net) to fix? I am almost willing to bet, not very long.

Posted: **Fri Apr 09, 2010 6:43 am**

Yeah right. Every way is easy to bypass, especially when someone tells of how it works. I think i would be able to bypass antibots similar to mine if I found ones on other servers. And really easy. So thats true that probably one of the best methods is to have active and good GMs. But where to find them?

Nobody wanna do it without access to GMshop. And giving access to GM shop for a person that you probably know no more than 10 minutues is gonna be most likely much worse catastrophy than even letting freely botting to everyone

So I'm pro automated antibot systems, and the more often they change, the more sucessful they are. I'm also back to experimenting with a system that tries to find bot patterns by tracking live behaviour and comparing them with constantly gathered data. And first tests and playing with it shows that its pretty promising. The only worst thing about this is collecting data and trying to do sth with it to be usefull and wont lag to death server in the meantime. I had to add many limits, cleaning, low priority calculation tasks, when amount of data gathered everyday was higher than anything else on server and some ppl started to lag server when they were logging in and checking all traces (that leaded to 1000+ other accounts xD) took few seconds for each one... But its very good for detective work lol. And pretty good as antifeed tool, where simple checks like "is that char not this guy other account and didnt he only have changed ip"... anyway we could talk about it for days. Its pretty interesting subject thou, but really who wanna babble about it endlesly...

Posted: **Fri Apr 09, 2010 7:10 pm**

Nobody "told" me how L2ownages bot check worked. I simply captured packets for a week straight and decoded them to find how it worked. Binladen I liked your (or whoevers) hidden subliminal message (comment) in your code too. That cracked me up right off the bat. I won't be releasing that script to the general public though, so no need to "keep working with many other ideas"

@Szponiasty
I do like your idea of comparison, however, if not really well thought out and structured, among other things, it could lead to a lot of False positives. And as you said the lag factor of all the calculations, threading, and what not could be overwhelming for a big server population.

Posted: **Fri Apr 09, 2010 9:39 pm**

there is only one valid "anti-bot" system (other than a GM) : requiring an AI which would be too difficult to program (to slow).

that's what Captcha try to do... But there are other way to do it... One of them would be to have the system ask some question and test the answer with a dabatase of hundreds of questions.

what would be difficult is to do questions that would not cause any trouble to players (who are not always that smart) and would need some basic knowledge. A good example is to have non-sense sentences or basic questions hidden in babble.

"My head is black, my hands are black, my feet are black, what colour are my teeth ?"
--> spelling : OK
--> Syntax : OK
--> AI will notice the number of "black" and basic try would be to say "black"

Langage analysis is a very difficult task... if there are enough questions to avoid going through the same question several times, bots can't do much...

Well, as with any cryptographic system, the "testing protocol" is as important as the testing system... We need to be sure that an human won't be able to enter the answer then go away and let the bot run for hours... Best way to do it is to
1) use popups (like chats with NPC or similar) and not standard private messages
2) don't limit to ONE question at the beginning. have timed (random timer) event + event on "suspicious behaviour" (like farming same mob for more than X time) + random non-timed events.
3) in case of error, ask another question... with several tries... in case of repeated errors, ban IP and flag account for investigation

Zero Tolerance is also important... If someone is caught cheating, all his characters should be deleted on all his accounts and accounts with which the offending account traded should be investigated.

You should avoid questions based on color (think about colorblind people)... well, you may ask things like "what do you get when you mix red and white" (light-red or rose accepted) or "what colour between red and yellow" (orange), ...

Posted: **Mon Apr 12, 2010 11:05 am**

No way, I've tested with a very silly pop up which asks:
Are you a bot?
<button>No, I'm not a bot</button>

There is no "I'm a bot" button, you have only to press the button and done!

And.. LOL, lots of no-botters got ban because they closed the windows all the 10 times that they appeared (I've programmed 10 chances distributed in 1 chance every 5 seconds). Lots of them thought that it was a joke, others didn't even read and others didn't even understand the question (LOL).

So about your captchas, forget it

Posted: **Mon Apr 12, 2010 11:32 am**

and if player is AFK, will be kicked and banned ? XD

Posted: **Mon Apr 12, 2010 12:28 pm**

idle players arent under control

if you hunting like a bot(some players have similar behavior

), farming, chatting etc - here can add check about dumb question.

i.e.

press 1

[3] [1] [2]

in TCMD like this popup

buttons have random order each popup

may be random position in window...not hard to do
play with tags and Rnd.Get

or play with skill images

several images in line and several in other. under other line - links with 1 2 3 bypasses.
in script save order to press it ) etc etc

i think everybody know icons of skills

Posted: **Mon Apr 12, 2010 1:16 pm**

the skill icon idea is really good, except you shouldn't use new skill icons, only the ones that are more or less popular (NOT lv 80+)
you could also include action icons (attack, sit etc.)
or inventory icons (helmet/armor/gloves), and present an item of a category and let character choose which slot does it take

Posted: **Mon Apr 12, 2010 3:06 pm**

jurchiks wrote:the skill icon idea is really good, except you shouldn't use new skill icons, only the ones that are more or less popular (NOT lv 80+)
you could also include action icons (attack, sit etc.)
or inventory icons (helmet/armor/gloves), and present an item of a category and let character choose which slot does it take

It would be nice to use skill images...but the bots can read the text name of the skill image, therefore matching the skill image with the correct button to press.

Posted: **Mon Apr 12, 2010 5:37 pm**

One idea for captcha...:

Posted: **Mon Apr 12, 2010 5:56 pm**

LasTravel wrote:One idea for captcha...:

dont you understand that the bot can parse the image names? that one would really not help you, very easy to bypass with a bot.

a system where the captchas would be generated on fly, with random name files is more usable. but you still cannot stop IG bots.

Posted: **Mon Apr 12, 2010 6:08 pm**

Is only one idea without client mod -.-'', with this attitude all is "easy" to bypass...

Posted: **Mon Apr 12, 2010 6:32 pm**

i did not write about client modding. i am sure it is possible to send own images without client modding

L2J Server

Against bots

Re: Against bots

Re: Against bots

Re: Against bots

Re: Against bots

Re: Against bots

Re: Against bots

Re: Against bots

Re: Against bots

Re: Against bots

Re: Against bots

Re: Against bots

Re: Against bots

Re: Against bots

Re: Against bots

Re: Against bots