L2J Server

poltomb wrote: If there was a feasible, 100% successful anti-bot system, I am damn positive that NCZ0ft would have implemented it years ago and there would not be such a botting problem on retail servers. The fact is, if a bot can emulate EVERYTHING about the client, then there is no way to tell if it is a bot (from across the network). If a bot sends exactly the same responses a client sends, then you will not be able to tell if it is a client or a bot.

that is soooo wrong ^^ you're forgetting botters still PAY, which is NCZ0ft's main goal

antibot existed. but it must be a local proxy between client and server with couple or 4 keys to encrypt traffic.
thats all. banks are using this system and it almost immortal
once i have such of protection..but loose it while teleporting my server to another location
if i find it on my home PC - i will feedback

denser wrote:antibot existed. but it must be a local proxy between client and server with couple or 4 keys to encrypt traffic.
thats all. banks are using this system and it almost immortal
once i have such of protection..but loose it while teleporting my server to another location
if i find it on my home PC - i will feedback

I don't see how that would work. Considering you cannot modify the client, the encryption you mention would need to be done outside of it. What would stop - new - bots from implementing the same encryption and thus end up sending valid packets as well?

Probe wrote:

poltomb wrote: If there was a feasible, 100% successful anti-bot system, I am damn positive that NCZ0ft would have implemented it years ago and there would not be such a botting problem on retail servers. The fact is, if a bot can emulate EVERYTHING about the client, then there is no way to tell if it is a bot (from across the network). If a bot sends exactly the same responses a client sends, then you will not be able to tell if it is a client or a bot.

that is soooo wrong ^^ you're forgetting botters still PAY, which is NCZ0ft's main goal

Yes, that is their ultimate goal, but if you know anything from sociology and economics, you will understand that many if not most players on retail that do not bot or buy adena, hate botters. The more botters, the less rule-following players in the game. The ones who do buy adena, only do so to (quickly and easily) catch up to the players who have put in the hard work. Then the 'good' players say "screw this, I'm leaving". After, the people who paid for adena realize, typically being less dedicated players, see the server population going down, so they leave. Finally, since the botters do not have anyone left to buy their adena, they leave. No more people on the server.

It is still in NCZ0ft's best interest to limit the amount of botting. They do so by using a small measure of anti-bot software (game guard). This software keeps the laziest botters out, but it is still can be easily bypassed.

macdonald12 wrote:What would stop - new - bots from implementing the same encryption and thus end up sending valid packets as well?

Macdonald12, you just made my day with that sentence

Bots are bots, and they don't have enough AI (for now) to reply a question like "what color is the white house?"
But well, maybe some players don't have enough "I" to reply that neither, so let's discard this way to detect bots...

The question is to detect bot's strange behavior (mainly in packets level). For instance, one day I left L2NET on my server to test lvlin up and when I came back I found it stuck with a "cannot see target" message every second.
A player can try to attack a target and get that message, yeah.. but 1000 followed times??? (only 20 mins of stucked bot).

Then, we have a problem. If we develop that and say that publicly (like "hey guys, we detect bots wit bla bla") the bot devs will fuck it up with one of their updates.

Sooo.. what's the solution?
Just discuss it in a private forum and if you develop it don't publish any explanation/patch/source, I'm sure that then the bot devs would "fix" it in their way ^^

And this is how it is working for now. Everyone (who's able and has time) does his own work to detect bots and don't tell anyone about it, because [everyone can be a bot dev]

Just study the bot's behavior and find things that a player would never do

If you want to create an antibot script i recommend you see the methods of a game how Ragnarok Online, in special the best script i saw on DarkRO Force.

i was wondering MAYBE just maybe if lets say there are a connection controller for character login running on a different port it can mean some kind of protection?i think that because as i know eg l2net need the port number to login but that way there are another port for character login and another port for the gameserver...

What you think something like that can be done and can be usefull?

Intrepid wrote:i was wondering MAYBE just maybe if lets say there are a connection controller for character login running on a different port it can mean some kind of protection?i think that because as i know eg l2net need the port number to login but that way there are another port for character login and another port for the gameserver...

What you think something like that can be done and can be usefull?

So generally you mean to change the login port? If yes then, won't the client need modding to change the ports? Dunno if the client has default port for login 2106 but I guess so...

pokiokio wrote:

Intrepid wrote:i was wondering MAYBE just maybe if lets say there are a connection controller for character login running on a different port it can mean some kind of protection?i think that because as i know eg l2net need the port number to login but that way there are another port for character login and another port for the gameserver...

What you think something like that can be done and can be usefull?

So generally you mean to change the login port? If yes then, won't the client need modding to change the ports? Dunno if the client has default port for login 2106 but I guess so...

Yes, to change the login port on the server, the client will need to be modified as well (and you know the rules about client mod chat here, blah blah blah lol). As for stopping bots, the best bot that I have seen and tested has a login server port parameter.

No not the login port

Heres the idea you login and on character login when you press ok it calls some check(gameguard,dual box or such)which is running on a different Socket if true ok go to the license screen and the server selection if false stay on login window

Intrepid wrote:No not the login port

Heres the idea you login and on character login when you press ok it calls some check(gameguard,dual box or such)which is running on a different Socket if true ok go to the license screen and the server selection if false stay on login window

License is shown before char login. Maybe it would be better to check while it says "You're currently logging in..." and if check is ok continue, if not show the sys msg that says to close unnecessary software.

Intrepid wrote:No not the login port

Heres the idea you login and on character login when you press ok it calls some check(gameguard,dual box or such)which is running on a different Socket if true ok go to the license screen and the server selection if false stay on login window

Gameguard is a fail, and dualbox has got nothing to do with bots. Your idea is flawed from the start because without modding the client you will not be able to differentiate between client or bot.

macdonald12 wrote:

Intrepid wrote:No not the login port

Heres the idea you login and on character login when you press ok it calls some check(gameguard,dual box or such)which is running on a different Socket if true ok go to the license screen and the server selection if false stay on login window

Gameguard is a fail, and dualbox has got nothing to do with bots. Your idea is flawed from the start because without modding the client you will not be able to differentiate between client or bot.

you dont get it.I dont said gameguard i dont know from where you get it.Dual box was just an example for what checks can be run there.I never said i want to find the difference from software side beetwen bot and client.

I tell it again maybe this time you understand it.Take for example l2net you need the servers port to connect right? what if the login procedure goes like this:open client type in login info if the client is authed a check runs in a connection controller on a different port so maybe the bot will fail because of incorrect port for character login(1 port for login, 1 port for the connection controller, 1 port for the gameserver)

K, I'll share my idea, tested, implemented, used and 100% l2.net proof:

1) when sending gameguard query to client, shows up community board window, with graphical riddle
2) player has 30s to solve riddle correctly (I've added a simple matching images choosing, generated randomly every time)
3) if player doesnt solve riddle during that 30s, just send disconnect packet to client, the same that is send when gameguard authentication fails

l2.net can't see the riddle. So player using it, wont be able to get pass. And l2.net was last of bots I was not protected from.

Btw I've also found few other ways of disconnecting l2.net. But they're much more harder to implement, and none of them were always 100% sucessfull. Community Board method is 100% sucessfull, every time

Intrepid wrote:

macdonald12 wrote:

Intrepid wrote:No not the login port

Heres the idea you login and on character login when you press ok it calls some check(gameguard,dual box or such)which is running on a different Socket if true ok go to the license screen and the server selection if false stay on login window

Gameguard is a fail, and dualbox has got nothing to do with bots. Your idea is flawed from the start because without modding the client you will not be able to differentiate between client or bot.

you dont get it.I dont said gameguard i dont know from where you get it.Dual box was just an example for what checks can be run there.I never said i want to find the difference from software side beetwen bot and client.

I tell it again maybe this time you understand it.Take for example l2net you need the servers port to connect right? what if the login procedure goes like this:open client type in login info if the client is authed a check runs in a connection controller on a different port so maybe the bot will fail because of incorrect port for character login(1 port for login, 1 port for the connection controller, 1 port for the gameserver)

That would require either client modding (illegal) or it would require a loader type program. This loader would need to have access to the client data, so it can know when the character is authed or not.