Jagex new announcement for third party clients

[Bryno 21]

2 hours ago, kenovo00000 said:

They can detect dreambot, my 10 years account just open dreambot  got banned 

Oh God I'm so sorry to hear that happened to you!  

However, I have to agree with @RSMasterGuard I believe the ban would have a statement saying "...for the use of an unapproved third party client..."

[Bryno 21]

Just to hopefully validate what I'm saying, here is my 100% dreambotted account so far AFTER the date of executing client-detection bans.

[xhannyah 0]

On 6/29/2022 at 1:16 PM, camalCase said:

Why would altering the way you bot help against this? jagex claims to be able to detect third party clients if they really can you would get banned without even botting, how you bot would be irrelevant to this new info.

Jagex can detect all non official clients that are publicly available, including true reflection bots that reflect clients externally. Why won't you get banned by just logging into a botting client (although, they did ban a bunch of open osrs users who weren't using illegal plugins) is simple: Computer resources. It would take a ridiculous amount of resources to monitor each and every account at all times. Therefore, Jagex's system uses specific criteria to flag accounts, monitor them somehow (This can include obtaining data from your ram), then the system automatically determines if it should ban or not.

[xhannyah 0]

5 hours ago, Bryno said:

Oh God I'm so sorry to hear that happened to you!  

However, I have to agree with @RSMasterGuard I believe the ban would have a statement saying "...for the use of an unapproved third party client..."

They're issuing Macroing (major) account bans for the use of unapproved clients on accs that already had a previous, active Macroing offence. 

[bcgsmx 0]

20 hours ago, xhannyah said:

Jagex can detect all non official clients that are publicly available, including true reflection bots that reflect clients externally. Why won't you get banned by just logging into a botting client (although, they did ban a bunch of open osrs users who weren't using illegal plugins) is simple: Computer resources. It would take a ridiculous amount of resources to monitor each and every account at all times. Therefore, Jagex's system uses specific criteria to flag accounts, monitor them somehow (This can include obtaining data from your ram), then the system automatically determines if it should ban or not.

I agree they can, but I don't think that computational resources are the only thing stopping them from doing it. Why? Well, client side detection will not consume Jagex's computational resources, since the resource that plays a whole here is your own computer.

I would agree if were talking about engineering resources, since such mechanism would require programmers and an anti-cheat department. After all, client-side anti-cheats require constant maintenance and update.

It is possible to detect any third party software touching yours, although sometimes it's not that easy. But I believe that, as of now, they don't even try to client-side detect (In an automated way). To confirm whether my statement is right, we would need to reverse their current client. I haven't had time to do that. Also, my knowledge mostly rely on reverse engineering natively compiled code (asm), but maybe some day I can give Java's bytecode a try.

Not sure if our Java reverse engineering Gurus here (Aka Pandemic and Nezz) have analyzed the client in order to identify such a feature. But I think they did at some point.

On top of that, bots still bring a lot of money to Jagex. I truly believe they don't really care about ppl who bots casually and NOT in obvious and stupid way. But that's just speculation on my side.

Edited July 2, 2022 by bcgsmx

[Bryno 21]

20 hours ago, xhannyah said:

Jagex can detect all non official clients that are publicly available, including true reflection bots that reflect clients externally. Why won't you get banned by just logging into a botting client (although, they did ban a bunch of open osrs users who weren't using illegal plugins) is simple: Computer resources. It would take a ridiculous amount of resources to monitor each and every account at all times. Therefore, Jagex's system uses specific criteria to flag accounts, monitor them somehow (This can include obtaining data from your ram), then the system automatically determines if it should ban or not.

It takes no additional computation resources to ban a player that is using an unofficial client.

If jagex can truly detect ANY client that is not the official client then that IMMEDIATLEY breaks their TOS which results in a ban. Why would you need any more additional resources to ban this player? Whether they are botting or not isn't even the question anymore... It's simply the fact that breaking TOS is justified by a ban and TOS states no unofficial clients.

The only addition resource needed is a simple SQL statement execution to their database to set banned = true  

[Bryno 21]

7 minutes ago, bcgsmx said:

I agree they can, but I don't think that computational resources are the only thing stopping them from doing it. Why? Well, client side detection will not consume Jagex's computational resources, since the resource that plays a whole here is your own computer.

I would agree if were talking about engineering resources, since such mechanism would require programmers and an anti-cheat department. After all, client-side anti-cheats require constant maintenance and update.

It is possible to detect any third party software touching yours, although sometimes it's not that easy. But I believe that, as of now, they don't even try to client-side detect (In an automated way). To confirm whether my statement, we would need to reverse their current client. I haven't had time to do that. Also, my knowledge mostly rely on reverse engineering natively compiled code (asm), but maybe some day I can give Java's bytecode a try.

Not sure if our Java reverse engineering Gurus here (Aka Pandemic and Nezz) have analyzed the client in order to identify such a feature. But I think they did at some point.

On top of that, bots still bring a lot of money to Jagex. I truly believe they don't really care about ppl who bots casually and NOT in obvious and stupid way. But that's just speculation on my side.

Whenever jagex first started to combat against bots (way back when classic was the latest game), they have always done client-sided things to prevent botting. Such as simple packet encryption, client obfuscation, fake methods, etc.

However, this is an absolutely terrible idea and just ensures yourself to always be at the losing side the the cat-and-mouse game.

Around 2012-2014 is when they hired jacmob and he introduced the entirely server-sided system to monitor account's behaviors. (No more client sided things like obfuscation or fake methods) This was an ingenious solution however even this is still very hard to detect bots without ungodly amounts of data. Which they really do have a lot of data at this point, but still. Nevertheless, catching bots is incredibly hard to do. Bots have literally became so advanced no these days.

This post is simply to say I disagree that jagex is just allowing some people to bot casually; I believe it's just incredibly harder than you think to catch bots now these days.

[bcgsmx 0]

2 hours ago, Bryno said:

Whenever jagex first started to combat against bots (way back when classic was the latest game), they have always done client-sided things to prevent botting. Such as simple packet encryption, client obfuscation, fake methods, etc.

However, this is an absolutely terrible idea and just ensures yourself to always be at the losing side the the cat-and-mouse game.

Around 2012-2014 is when they hired jacmob and he introduced the entirely server-sided system to monitor account's behaviors. (No more client sided things like obfuscation or fake methods) This was an ingenious solution however even this is still very hard to detect bots without ungodly amounts of data. Which they really do have a lot of data at this point, but still. Nevertheless, catching bots is incredibly hard to do. Bots have literally became so advanced no these days.

This post is simply to say I disagree that jagex is just allowing some people to bot casually; I believe it's just incredibly harder than you think to catch bots now these days.

I might not have been clear. By client side detection I mean, active detection. Obfuscation, packet encryption and client shielding are passive approaches.

I don't agree it ensures they are in the losing side. Actually I've seen many games drastically reduce the amount of bots by introducing active detection. Active detection is not really effective on games which you can just create a new account and keep playing. For MMORPGs that's a different story, there is too much at stake (losing progress as well as thousand of hours gaming). I've seen games using anti-cheats even for passive protection being successful (Ex: Tibia). By successful I mean that they managed to decrease botting significantly. Of course they never completely stopped bots. We can agree that's near impossible.

But I agree, that's a cat-and-mouse game and they will spend a lot of money that might not me be worth.

Regarding Jagex, I didn't really say they allow botting. But that actually they don't care about small fishes at this point. By that I mean, they prefer to focus on ppl that are massively botting (using multiple accounts and single-handily making significant impact in the game) than banning individuals. Also I'm not saying they are ignoring individuals, it is still possible to get caught even casually botting, but less likely.

I'm sorry if my statements were not clear in the last post.

Edited July 2, 2022 by bcgsmx

[hotyute 8]

Jagex bans in delayed waves. It’s as simple as that. Even if your account gets a ban in 10 seconds or 365 days later - it most likely was flagged first. The exception only applies to manual bans.

 

This strategy was first introduced several years ago to throw off users who sought out to bypass bot detection; it’s sort of meant to confuse the user and not provide a clear line to reasons why they got caught. Judging by some of these posts, that strategy seems to be working quite well.

 

I tell you this with strong conviction as I was once affiliated with the company.

Edited July 3, 2022 by hotyute

[420x69x420 72]

3 hours ago, hotyute said:

Jagex bans in delayed waves. It’s as simple as that. Even if your account gets a ban in 10 seconds or 365 days later - it most likely was flagged first. The exception only applies to manual bans.

 

This strategy was first introduced several years ago to throw off users who sought out to bypass bot detection; it’s sort of meant to confuse the user and not provide a clear line to reasons why they got caught. Judging by some of these posts, that strategy seems to be working quite well.

 

I tell you this with strong conviction as I was once affiliated with the company.

Another part of that is to only ban some, not all, of the accounts (or maybe their flagging system sucks)

Before I realized this: "Holy shit Jagex must be monitoring my video game screen, they know, omg"

Afterwards: "Awesome they didn't ban all my accounts this ban wave! Time to keep botting them"

If I had to guess then the newest type of 2-week temp ban for logging into OpenOSRS is automated and applied immediately because they've gotten fed up with Hydra Plugins being actually undetectable (within the scope of playing on OpenOSRS) so just banned OpenOSRS altogether. RIP to all the rich players who paid for scouting plugins and have to actually scout their own Raids / PvP now.