URGENT ! New banning system. RS.

[rsutton]

I Suggest everyone who is using scar to bot with stop right away within the next 20 days as Optimus rolls out ( which it did today ) . The source file was found that it can track "SMART" users very easily. Then a smaller update in time will even hit the bots harder on even color clicking. but as it stands SMART client will get you banned, if not today then it will come in due time.

 

I am warning everyone now. If you want to bot the safest way is the old school coding standards with scar divi ( not attaching to smart )

 

Everyone here who knows me, knows that I am a respectful member of this community.

 

"Today's release has seen the introduction of the Optimus platform in place of many older build systems. As you've seen, this means that the recent performance issues have be resolved for almost all players, although there are still some engine updates being worked on to improve performance even further in various areas.

 

blah blah blah... then it goes into the bots and destroying them.

Jagex code is below for the implemented baning system.

 

 

int __stdcall Java_jaclib_ping_IcmpService_run(JNIEnv *env, jobject this)

{

jclass icmp_service_class; // edi@1

jobject this_ref; // eax@1

jmethodID (__stdcall *get_method_id)(JNIEnv *, jclass, const char *, const char *); // edx@1

HHOOK hook; // eax@1

jmethodID (__stdcall *_get_method_id)(JNIEnv *, jclass, const char *, const char *); // edx@1

jmethodID *notify2_method_id; // eax@1

int result; // eax@3

MSG msg; // [sp+30h] [bp-1Ch]@1

 

icmp_service_class = (*(*env + 31))(env, this);// env->GetObjectClass

this_ref = (*(*env + 21))(env, this); // env->NewGlobalRef

get_method_id = *(*env + 33); // env->GetMethodID

service_this = this_ref;

notify1_method_id = get_method_id(env, icmp_service_class, "notify", "(III)V");

hook_thread_id = GetCurrentThreadId();

hook = SetWindowsHookExA(WH_MOUSE_LL, mouse_hook_func, cur_module, 0);

_get_method_id = *(*env + 33);

mouse_hook = hook;

notify2_method_id = _get_method_id(env, icmp_service_class, "notify", "(I)V");

call_void_method(env, service_this, notify2_method_id, 0);

while ( GetMessageA(&msg, 0, 0, 0) )

{

TranslateMessage(&msg);

DispatchMessageA(&msg);

}

UnhookWindowsHookEx(mouse_hook);

(*(*env + 22))(env, service_this); // env->ReleaseGlobalRef

result = 0;

notify1_method_id = 0;

mouse_hook = 0;

return result;

}

 

 

 

 

.text:10005DC0 ; =============== S U B R O U T I N E =======================================

.text:10005DC0

.text:10005DC0

.text:10005DC0 ; LRESULT __stdcall mouse_hook_func(int code, int message_id, MSLLHOOKSTRUCT *hook_struct)

.text:10005DC0 mouse_hook_func proc near ; DATA XREF: Java_jaclib_ping_IcmpService_run(x,x)+55o

.text:10005DC0

.text:10005DC0 env = dword ptr -4

.text:10005DC0 code = dword ptr 4

.text:10005DC0 message_id = dword ptr 8

.text:10005DC0 hook_struct = dword ptr 0Ch

.text:10005DC0

.text:10005DC0 push ecx ; preserve ecx

.text:10005DC1 mov eax, jvm_ptr

.text:10005DC6 mov ecx, [eax] ; store the JavaVM *vm in ecx

.text:10005DC8 push esi

.text:10005DC9 push edi ; preserve esi,edi

.text:10005DCA push 0 ; push null for attach args

.text:10005DCC lea edx, [esp+10h+env] ; store &env in edx

.text:10005DD0 push edx ; push &env

.text:10005DD1 mov [esp+14h+env], 0 ; initialize JNIEnv *env

.text:10005DD9 push eax ; preserve eax

.text:10005DDA mov eax, [ecx+10h]

.text:10005DDD call eax ; call vm->AttachCurrentThread(vm, &env, 0)

.text:10005DDF mov esi, [esp+0Ch+hook_struct] ; store the MSLLHOOKSTRUCT *hook_struct in esi

.text:10005DE3 mov ecx, [esi+0Ch] ; store hook_struct->mouseData in ecx

.text:10005DE6 mov edx, [esi+4] ; store hook_struct->pt.y in edx

.text:10005DE9 mov eax, [esi] ; store hook_struct->pt.x in eax

.text:10005DEB mov edi, [esp+0Ch+message_id] ; store message_id

.text:10005DEF push ecx ; push mouseData

.text:10005DF0 mov ecx, notify1_method_id ; store the handle to notify(III)V in ecx

.text:10005DF6 and edx, 0FFFFh

.text:10005DFC shl eax, 10h

.text:10005DFF or edx, eax ; pack coords (y & 0xffff) << 16 | x into edx

.text:10005E01 mov eax, [esp+10h+env] ; push env

.text:10005E05 push edi ; push message_id

.text:10005E06 push edx ; char

.text:10005E07 mov edx, service_this

.text:10005E0D push ecx ; push the notify(III)V method id

.text:10005E0E push edx ; push the IcmpService instance

.text:10005E0F call call_void_method ; call IcmpService.notify(mouseData, (y & 0xffff) << 16 | x, message_id)

.text:10005E14 mov eax, [esp+20h+code] ; store code in eax

.text:10005E18 mov ecx, mouse_hook ; store mouse_hook in ecx

.text:10005E1E add esp, 14h ; reset the stack height

.text:10005E21 push esi ; push hook_struct

.text:10005E22 push edi ; push message_id

.text:10005E23 push eax ; push code

.text:10005E24 push ecx ; push mouse_hook

.text:10005E25 call ds:CallNextHookEx ; continue the hook chain

.text:10005E2B pop edi

.text:10005E2C pop esi

.text:10005E2D pop ecx ; restore edi,esi,ecx

.text:10005E2E retn 0Ch

.text:10005E2E mouse_hook_func endp

.text:10005E2E

.text:10005E2E ; ---------------------------------------------------------------------------

[rsutton]

Looks like jagex is going further than they used to. Now invading our external original mouse. Wow these bastards will stop at nothing.

[FHannes]

Judging by that code they're basically hooking into the mouse and probably comparing the actual mouse events with the input they receive in the client. They could also use the mouse hook to check if the clicking is generated by an application... I'm actually surprised it took them this long to implement this...

[BryceTheCoder]

Judging by that code they're basically hooking into the mouse and probably comparing the actual mouse events with the input they receive in the client. They could also use the mouse hook to check if the clicking is generated by an application... I'm actually surprised it took them this long to implement this...

 

Damn... so now what? Were tottaly screwed on botting or will someone have to update the way our mouse is and how it clicks to make it look like a legit mouse and to make it undetectable that its coming from a application?

[rsutton]

You can still bot. You have to use old school scripting practices. Im not sure they can detect pascal script taking over mouse can they ? that is a bit if'y on my thought. But if you bot right now as our current coding standards. your screwed

[FHannes]

Damn... so now what? Were tottaly screwed on botting or will someone have to update the way our mouse is and how it clicks to make it look like a legit mouse and to make it undetectable that its coming from a application?

 

Going by your post there is no way of knowing what they're doing exactly, but it is very much possible to detect application generated input events from a mouse hook, the only way that i know of to make it impossible to detect this, is to create a kernel-mode driver which emulates a mouse and can be controlled by SCAR. The problem with that is, that it is incredibly hard to create Windows device drivers, or any device drivers in general. Drivers have to be absolutely free of bugs, or they will crash the entire system. Aside from that, kernel-mode programming is a lot more complex than regular user-mode programming, it requires tons of experience and it isn't easy to learn. I've been looking into kernel-mode programming for quite a while now, but I'm nowhere near a point where I could create an actual driver myself without crippling the entire OS...

 

Im not sure they can detect pascal script taking over mouse can they ? that is a bit if'y on my thought.

They could if they wanted to, I'm assuming they would... Mouse hooks get passed a special flag along with a mouse event if they are application-generated.

Edited July 4, 2012 by Freddy

[LordJashin]

Is there a open source, mouse drivers? This is amazing they can detect from beyond the browser Mouse Input? Well is there a way to send commands to mouse drivers directly or Pretend to be the mouse driver? I remember there was a thread on here about Blue Eye and their virtual mouse stuff.

 

This is the next step in macroing solutions.

 

Edit: Is there a way to send a mouse event/command in a certain way as to emulate that it came from a mouse driver?

Edited July 4, 2012 by LordJashin

[FHannes]

There are open-source mouse drivers, but nothing like what is needed here. I'm not entirely sure they can detect mouse input from beyond the browser process with a low-level hook. However, the hook is native code, once they leave Java's environment, there's not really a limit to what they can do...

 

As far as I'm aware there's no way to spoof this, the flag was built into Windows specifically by Microsoft to allow applications to generate input events, but also block virtual input if it's not desired.

[LordJashin]

Hmm, maybe find the source for it and make an overrided function for it. Never did look deep into that.

 

Couldn't we use code to find out what windows thinks the mouse is then spoof it? Is there like a TMouse class or something?

 

Edit:

 

@RSutton where is your source for this? How do you know ...it rolled out today?

 

Sounds like your pulling our legs here. I didnt find any Jagex post on news about this or anything on Simba about it.

Edited July 4, 2012 by LordJashin

[rsutton]

Then bot.

[LordJashin]

It's like when you have a cookie jar you risk getting caught taking a cookie, but you do it anyway usually when you know no1 is around?

 

So who is this that has said our cookie box method (smart) will get us caught? RSutton has.

Have you been put in time out? Is anyone else talking about this?

 

Just raw cookie dough Isnt good, you need to tell us about the whole cooking process and even how the cookie jar started detecting hand input.

[shadowrecon]

I agree we need to see some links to a source of this information. I guarantee injection bots are done if this is for true but color bots will be just fine. No need to raise a panic with people anyways with no proof! Please post proof other wise this was just a waste of my time reading.

[LordJashin]

Don't be a cookie monster share the cookies.

[FHannes]

Hmm, maybe find the source for it and make an overrided function for it. Never did look deep into that.

 

Couldn't we use code to find out what windows thinks the mouse is then spoof it? Is there like a TMouse class or something?

 

Edit:

 

@RSutton where is your source for this? How do you know ...it rolled out today?

 

Sounds like your pulling our legs here. I didnt find any Jagex post on news about this or anything on Simba about it.

 

I don't think you quite understand the gravity of the issue... There's simply no way to spoof this, as all of this stuff happens in kernel-mode, which you simply can't access from user-mode under normal circumstances. It would probably be possible to edit the client's mousehook library to disable this detection method though (by flipping/removing the check for the flag if it's present), that wouldn't solve the SMART issue though.

 

As for rsutton's info, it looks pretty legit, there's not much more he can do to prove this.

[nemolorn]

you say normal circumstances. What extra ordinary circumstances would let you run through kernel mode?

[FHannes]

you say normal circumstances. What extra ordinary circumstances would let you run through kernel mode?

 

Mostly, exploits of vulnerabilities in the OS...

[LordJashin]

So are you saying that there is no way to directly move the mouse/click/etc, I mean we can get info about the mouse i think through System.Info, there isnt like a System.Cursor?

 

Could we perhaps get the hook to get our simulated mouse b4 hooking our real mouse? Workarounds?

 

Can't really research too much atm.

[FHannes]

On a side-note, this topic is related to RS and is NOT an announcement related to SCAR, this belongs in the RS section.

[FHannes]

So are you saying that there is no way to directly move the mouse/click/etc, I mean we can get info about the mouse i think through System.Info, there isnt like a System.Cursor?

 

Could we perhaps get the hook to get our simulated mouse b4 hooking our real mouse? Workarounds?

 

Can't really research too much atm.

 

Well, as I said, it will probably be possible to modify their hook to suit our needs...

[LordJashin]

Well, as I said, it will probably be possible to modify their hook to suit our needs...

 

I don't want to modify their hook. I mean to trick the hook. So when JAVA loads, it hooks our simulated mouse, rather than the real mouse.

 

How, would we achieve this though. The hook couldn't possibly be in Kernal Mode right? So they would have to have a way to hook our "Real" mouse. But they can't because they can't target the OS's mouse and hook it?

 

So that means they hook the first mouse that interacts with it/ is sending it mouse events. So it could be a simulated one? But then they could only accept real mouse events with that Flag?

Edited July 5, 2012 by LordJashin

[rsutton]

The hook cannot be modified, in or out of source. Error will occur in any circumstances of any type of change. You will receive error. Not even to mention this is jagex running the code. You think about if they look into your mouse and it is not giving them correct data for exactly what they want it is good bye. You will not be able to change the source to make it a work around. You will need a external process. with internal attributes, Freddy has already talked of basically the only method available.

[FHannes]

The hook cannot be modified, in or out of source. Error will occur in any circumstances of any type of change. You will receive error. Not even to mention this is jagex running the code. You think about if they look into your mouse and it is not giving them correct data for exactly what they want it is good bye. You will not be able to change the source to make it a work around. You will need a external process. with internal attributes, Freddy has already talked of basically the only method available.

 

It should be possible to hack the hook DLL...

[LordJashin]

It should be possible to hack the hook DLL...

Modifying Jagex source code is not a good idea. I will research this more indepth next week, but there is ways around this, if you google around there is tons of info out there.

 

I am good at that too, so I will be trying some things.

 

@Freddy what is used for the "select a client" button. What functions/w/e in delphi can be used to do that. I know Simba has it, been too busy to look at their source though.

[FHannes]

Modifying Jagex source code is not a good idea.

 

People have been doing it for years...

 

What is used for the "select a client" button. What functions/w/e in delphi can be used to do that. I know Simba has it, been too busy to look at their source though.

 

GetCursorPos+WindowFromPoint

[LordJashin]

Been doing it for years but if Ben were to do that in SMART he could get sued for hacking the client. multitudes of people using it.

 

Will that create the red box? Or is that something I have to figure out myself lol.