Jump to content
Frequently Asked Questions
  • Are you not able to open the client? Try following our getting started guide
  • Still not working? Try downloading and running JarFix
  • Help! My bot doesn't do anything! Enable fresh start in client settings and restart the client
  • How to purchase with PayPal/OSRS/Crypto gold? You can purchase vouchers from other users
  • Try asking for help in the chatbox
  • Client Suggestions/Changes


    Defiled
     Share

    Recommended Posts

    Greetings,

    So over the time I spent away from DreamBot I learned a lot about Client Development & Bytecode Engineering and I've noticed somethings in the DreamBot client that could be changed to make the Botting experience better. Here are they:

    1) Scripts Running on the same JVM

    Jagex has the ability to detect changes in the Garbage Collector Frequency and if say.. a new scripter or even a seasoned one created a script that throws a lot of objects into the garbage collector and increase the frequency that will trigger something at Jagex's Side.

    My suggestion here is to not use the same JVM as the gamepack and to only have reflection methods on that side while reading everything through something like Sockets, RMI, or even Memory Mapped Files. & saving objects in a ReferenceMap (where access keys are strong and the object/value is weak)

     

    2) Loading the gamepack on Dreambot's appletviewer

    I've done a lot of tests throughout my scripting career and found out that accounts tend to get locked faster on a custom appletviewer than on the Official Client.

    I tested over 50 accounts throughout months on both clients and one of the results is:

    Logged into a brand new account on the Official Client: No locks (I hopped around many world and nothing happened)

    Logged into the same account as above on DreamBot: Locked instantly or after Hop

    Did the other way around and the same result. Locks don't tend to happen if the account is members (on both clients)

    I think this has to do with the Loader file (.exe).. I think there is some kind of signature there or something of that kind

    as when I tried to load the JagexAppletViewer.jar file (official client loader jar) locks occurred same as DreamBot, but when I loaded the client from the .exe file: no locks what so ever.

    My suggestion here is to use Instrumentation (will also solve problem #1, 2 birds 1 stone). I know I've talked about this problem to @Pandemic a year ago but this is very crucial to extremely improve DreamBot as a whole.

     

    3) Executing Events (Mouse) & Paint

    Since making a mouse or painting requires overriding the native Canvas.java file or injecting into the RSCanvas this could raise flags on Jagex's part.

    Suggestion:

    For Paint:

    1) Live Edit the Native Canvas class (Through a Bytecode manipulation library) and add in 3 buffered image fields, then in the getGraphics method have the paint on one of the buffered images and the game on the other then paint both of them onto the third and return its graphics instead of painting on the game graphics.

    or 

    2) Using OpenGL (through C++) overlay the paint this way (guaranteed not to flag anything but can be a bit wonky)

     

    For the Mouse:

    1) Mouse can be also overlayed using C++ exbb and this way the events execution of the Mouse will be exactly as a Human Being. 

    2) Mouse Movements Recording + Fuzz Testing (This is an app I made to do this (except the fuzz testing bit).. has some bugs .. will probably get around to working on it more later on (when I say later on, I mean months l0l) 

     

     

    3) Keyboard Events (I'm not sure how the Dream Team does this so I'm gonna paste my code which I wrote 9 months back)

    (Disclaimer: excuse its ugliness, but it gets the point)

    I've basically mimicked the events reading I got from Manual Human Key Strokes (the order of the events, the information provided within the events, etc..)

        private static final int[] SHIFT_KEYS = {'!','@','#','$','%','^','&','*','(',')','_','+','{','}',
                ':','"','|','<','>','?','~'};
       
    	public static synchronized void typeKey(char c) {
            isTyping = true;
            if((c >= 'A' && c <= 'Z') || Utils.contains(SHIFT_KEYS,c)) {
                int mask = KeyEvent.SHIFT_DOWN_MASK;
                Canvas.getCanvas().dispatchEvent(new KeyEvent(Canvas.getCanvas(),KeyEvent.KEY_PRESSED,
                        System.currentTimeMillis(),mask,
                        KeyEvent.VK_SHIFT, (char) KeyEvent.VK_SHIFT,KeyEvent.KEY_LOCATION_STANDARD));
                Utils.sleep(Utils.random(20,50));
                int code = pressTypeEvent(c, mask);
                Utils.sleep(Utils.random(60, 100));
                Canvas.getCanvas().dispatchEvent(new KeyEvent(Canvas.getCanvas(), KeyEvent.KEY_RELEASED,
                        System.currentTimeMillis(), mask, code, c, KeyEvent.KEY_LOCATION_STANDARD));
                Utils.sleep(Utils.random(20,50));
                Canvas.getCanvas().dispatchEvent(new KeyEvent(Canvas.getCanvas(), KeyEvent.KEY_RELEASED,
                        System.currentTimeMillis(), 0, KeyEvent.VK_SHIFT, (char) KeyEvent.VK_SHIFT,
                        KeyEvent.KEY_LOCATION_STANDARD));
            } else {
                int code = pressTypeEvent(c, 0);
                Utils.sleep(Utils.random(60, 100));
                Canvas.getCanvas().dispatchEvent(new KeyEvent(Canvas.getCanvas(), KeyEvent.KEY_RELEASED,
                        System.currentTimeMillis() + 33, 0, code, c, KeyEvent.KEY_LOCATION_STANDARD));
            }
            isTyping = false;
        }
    
        public static synchronized void holdKey(char c, int mask, Condition condition, int timeOut) {
            isTyping = true;
            int code = 0;
            if (!(c >= KeyEvent.VK_LEFT && c <= KeyEvent.VK_DOWN)) {
                code = pressTypeEvent(c,mask);
                Utils.sleepUntil(condition, timeOut);
            } else {
                long currentTime = System.currentTimeMillis();
                while(!condition.verify()) {
                    if((System.currentTimeMillis() - currentTime) >= timeOut) break;
                    Utils.sleep(Utils.random(45,100));
                    code = pressTypeEvent(c,mask);
                }
                Utils.sleep(Utils.random(45,100));
            }
            Canvas.getCanvas().dispatchEvent(new KeyEvent(Canvas.getCanvas(),KeyEvent.KEY_RELEASED,
                  System.currentTimeMillis()+33,mask,code,c,KeyEvent.KEY_LOCATION_STANDARD));
            isTyping = false;
        }
    
        private static synchronized int pressTypeEvent(char c, int mask) {
            int modifier = AWTKeyStroke.getAWTKeyStroke(c,mask).getModifiers();
            long time = System.currentTimeMillis();
            int code = c;
            if(c >= 'a' && c <= 'z') code -= 32;
            Canvas.getCanvas().dispatchEvent(new KeyEvent(Canvas.getCanvas(),KeyEvent.KEY_PRESSED,
                    time+33,modifier,code,c,KeyEvent.KEY_LOCATION_STANDARD));
            if (!(c >= KeyEvent.VK_LEFT && c <= KeyEvent.VK_DOWN))
                Canvas.getCanvas().dispatchEvent(new KeyEvent(Canvas.getCanvas(),KeyEvent.KEY_TYPED,
                        time+33,modifier,0, c));
            return code;
        }

    I've noticed that some of the event information in bot key event execution doesn't include all the information about the mask.. code.. etc... so I added that.

    also some keys differ in events executed before and after the Press Event.

    This way has really worked in lengthening the life of spammer bots immensely but nevertheless It should be written more neatly lmao.

     

    That's all the notes I can remember for now.

    If I'm mistaken in anything please let me know!

    Edited by Defiled
    Link to comment
    Share on other sites

    GC is irrelevant but if ur worried about it why wouldnt u just spoof it instead of doing what u said its literally 20x less effort

     

    Official client or not literally doesnt matter, reflection is already bad enough dont downgrade to instrumentation just fix the locks? Xd

     

    Painting is a bit redundant and inefficient too, what exactly are they gonna detect from a paint lmao everyone and their dads play with heavily modded clients in fact it's more sus if you're NOT using a modded client

     

    Link to comment
    Share on other sites

    7 hours ago, dogaforgotema said:

    GC is irrelevant but if ur worried about it why wouldnt u just spoof it instead of doing what u said its literally 20x less effort

     

    Official client or not literally doesnt matter, reflection is already bad enough dont downgrade to instrumentation just fix the locks? Xd

     

    Painting is a bit redundant and inefficient too, what exactly are they gonna detect from a paint lmao everyone and their dads play with heavily modded clients in fact it's more sus if you're NOT using a modded client

     

    Firstly to address the "just fix the locks" statement you said: This is a major problem in the community, many people quit Botting cuz of it.. so its not a "just" problem. I've talked to many new botters over my days in the Botting community and the most talked about problem is locks to the point account creators started linking the accounts and making web-unlockers to try and combat the problem. also there are many problems that can be solved with the official client and it's arguably safer.

    Secondly, regarding the GC problem.. GC is just one of many factors that encourage having the scripts and/or client logic on another JVM. Jagex can only play with what is on the gamepack JVM so moving the heavy loads to somewhere jagex can't touch is a big plus even with the resource-cuts.

    Thirdly regarding paint. yes its the least problematic out of the bunch but Jagex can detect executed events and process them server-side.. yes you can go about your spoofing ways but you can't cover ground you don't know.

    Link to comment
    Share on other sites

    23 minutes ago, dogaforgotema said:

    did u read any of what i said lol besides maybe my comment on locks

    Yes I did read what you said in your one and only comment.

    Let me reply to the statements that I felt needed no reply to because of their obviousness

     

    You said "Official client or not literally doesnt matter, reflection is already bad enough dont downgrade to instrumentation just fix the locks? Xd"

    Instrumentation isn't a replacement for reflection so its not really a downgrade. (a downgrade in speed and efficiency yes, but in detectability no). It's basically dynamic injection into a JVM, so where you can communicate and interact with the Official Client. This way the Dream Team can have the reflection methods on the gamepack with some listeners (like gameticks and what not) and the rest of logic on another JVM.

    Did you read what I said in my thread and replies on why I think instrumentation is needed but has a cost which I think many botters are prepared to pay?

     

    You said "GC is irrelevant but if ur worried about it why wouldnt u just spoof it instead of doing what u said its literally 20x less effort"

    I answered this in my previous reply.

     

    You said "Painting is a bit redundant and inefficient too, what exactly are they gonna detect from a paint lmao everyone and their dads play with heavily modded clients in fact it's more sus if you're NOT using a modded client"

    I replied to this too in the previous reply, and yes your statement may be true if you're running the game on RuneLite or OSBuddy. and no its not more "sus" if you're not modding a client. Do you really think Jagex doesn't monitor RuneLite? with all the abusive plugins and all?

     

     

    Edited by Defiled
    Link to comment
    Share on other sites

    23 minutes ago, Defiled said:

    Yes I did read what you said in your one and only comment.

    Let me reply to the statements that I felt needed no reply to because of their obviousness

     

    You said "Official client or not literally doesnt matter, reflection is already bad enough dont downgrade to instrumentation just fix the locks? Xd"

    Instrumentation isn't a replacement for reflection so its not really a downgrade. (a downgrade in speed and efficiency yes, but in detectability no). It's basically dynamic injection into a JVM, so where you can communicate and interact with the Official Client. This way the Dream Team can have the reflection methods on the gamepack with some listeners (like gameticks and what not) and the rest of logic on another JVM.

    Did you read what I said in my thread and replies on why I think instrumentation is needed but has a cost which I think many botters are prepared to pay?

     

    You said "GC is irrelevant but if ur worried about it why wouldnt u just spoof it instead of doing what u said its literally 20x less effort"

    I answered this in my previous reply.

     

    You said "Painting is a bit redundant and inefficient too, what exactly are they gonna detect from a paint lmao everyone and their dads play with heavily modded clients in fact it's more sus if you're NOT using a modded client"

    I replied to this too in the previous reply, and yes your statement may be true if you're running the game on RuneLite or OSBuddy. and no its not more "sus" if you're not modding a client. Do you really think Jagex doesn't monitor RuneLite? with all the abusive plugins and all?

     

     

    you didnt really answer the gc part at all, you just went to explain how it works (which i already know and suggested a better solution to begin with...)

    Link to comment
    Share on other sites

    2 hours ago, dogaforgotema said:

    you didnt really answer the gc part at all, you just went to explain how it works (which i already know and suggested a better solution to begin with...)

    The point I said in the the post is: "1) Scripts Running on the same JVM"

    You replied with "That thing can be spoofed"

    I replied in the reply with "You can spoof what you know, but you can't cover unknown ground" and "GC frequency is but one factor of many that encourage being on a separate JVM"

    Also having the heavy loads on a separate JVM will give DreamBot a cover for any future updates that have the goal of detecting anything on the JVM or something of that kind.

    The world of Botting is rapidly changing and going for new ways and better ways is always the right step for a better future for this community.

    and again just if you have short-term memory loss again : You can patch the holes in your boat (spoof) but overtime you won't be able to patch every hole and the boat will sink. also you can only patch the holes that you see.

    Link to comment
    Share on other sites

    52 minutes ago, Defiled said:

    You can patch the holes in your boat (spoof) but overtime you won't be able to patch every hole and the boat will sink

    They rly dont add that much shit over time when it comes to tracking. So 'overtime' you WILL be able to patch every hole :D
     

    53 minutes ago, Defiled said:

    also you can only patch the holes that you see.

    Speaking that you can literally see exactly what they r sending via packets, i think you'll be able to see them xd

    Link to comment
    Share on other sites

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share

    ×
    ×
    • Create New...

    Important Information

    We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.