Runescape Macro Detection Revealed

The Truth Behind Runescape Macro Detection


1.0 Introduction

For a long time now people have been asking me an article on my opinion on the inner workings of Runescape's macro detection software. Well here it is. Before I begin let me explain what this article is and isn't. This isn't some guide telling you to switch from a BCEL based client to a Reflection based client. This isn't an article bashing Jagex or the game itself. This is a guide about my opinion on how Runescape macro detection works. I am not affiliated with Jagex. I have no extra advantage to understanding how it works than any of you. Everything in this article comes the research that I did and my ability to use logic to and apply the information that I gathered into a piratical working system.

1.1 My Story

I didn't always support the use of macros in a game like Runescape (and in many areas I still don't). I don't believe it is OK to use a macro to gold farm and make millions off of level 3 characters. Honestly this is unnecessary and just plain annoying. Runescape is a grinding based game and this comes with a ridiculous amount of boredom. In the real world when you have a monotonous task you try to find a way to make it less monotonous and more efficient. Just look at all the automation methods employed in factories. With this logic in mind I began to look for a safe way to maximize the efficiency of playing. This is how I began my quest in understanding the methods of Runescape's Macro/Bot detection.



1.2 Runescape Client Input

The first thing that anyone must understand when using a bot/macro is that the RS client receives and records all types of input. Here are the following inputs that we know the client detects (within the client window): mouse, key, camera, and screen (of the client window only). Each of these inputs is then sent to a server somewhere and analyzed. If any of the inputs looks bot like it is flagged and moved to level two of analysis (we'll talk about this later). An example of an input that can look bot-like is a jumping mouse. Many crappy unsophisticated scripts simply “jump” the mouse from one set of coordinates to another. This is a red flag and if it happens enough Jagex will lay it aside and analyze it.
I once heard a rumor that remains unconfirmed but does sound feasible. This rumor states that a players input are deleted from these servers every 60 seconds. We know that when reporting somebody the last 60 seconds of that players history is sent to Jagex. This could be evidence for this rumor, but there is no hard evidence. However if this was the case a bot would only have to randomize a set of functions for 60 seconds before it could repeat it again, thus avoiding detection.

1.3 BCEL is it dangerous?

This is a tough question. For those of you wondering BCEL (Byte Code Engeneering Library) is a method that literally “hacks” the Runescape client. What does is inject (write) code directly into the RS client thus allowing it to pull data like coordinates, object id numbers, and thousands of other useful pieces of data that allow it to figure out where it is in the game and how to preform its task. Clients that use it (Rsbot -- currently Powerbot) glean a ridiculous amount of information from the client in order to make the RS avatar move and act a certain way that looks normal both to the clients input detection, and to real life players.
So where does the danger come in? The dangerous problem is not that it looks anymore bot like then reflection based bots (mentioned later), it is that if a player is under suspicion Jagex can confirm with 100% certainty that you are using a bot. Let me back up and say that I do NOT believe Jagex has written some extremely complexed program that detects BCEL in real-time. Think about it they have to manage over one-hundred thousand people online at any given time; the most powerful super computer in the world would have trouble doing this. What I do believe is that if Jagex suspects you enough they will look at your saved client history. They can then use a method called reflection look back and read the RS client to see if it has had any code “injected” in an unnatural way.

1.4 Reflection vs. BCEL

The advantage to reflection is that there is no way Jagex can say with 100% certainty so and so was blotting. This is because reflection does not do anything intrusive. It simply reads the Runescape client. Looking for things like coordinates and item id numbers. Unlike BCEL it is not detectable. If you are running a reflection client it will look like you are using some non-browser client to run the game. Although this can look suspicious it is not illegal and you cannot get banned for it. “But I have a friend who uses reflection and he got banned?” This is a valid question that you may be asking yourself. Here is how that might happen. In June of 2009 Jagex announced they had some new “super advanced macro detection software.” (I already mentioned how I believe it works 1.2). Jagex then went on to banned 3,000 accounts with this super-advanced software many of which used reflection. How did this happen? Well what Jagex failed to mention is that same day they added the tab system to banks. Bots didn't know what to do and were stuck clicking one tab over-and-over-and-over-and-over again.
Using their impeccable logic Jagex figured out that no human being would click the same pixel 2,000 times in a row every 2.36432 seconds. They then banned the accounts. The same methods are used today. There is a point that possible becomes some improbable that Jagex no longer gives the person the benefit of the doubt and bans them even if they can't prove it 100% like in BCEL.

1.5 Levels of detection

Jagex employs many methods of detection. I'll label them below.

Level One: Client input red-flags/player reports (includes moderator mutes)
Level Two: Random events
Level Three: Check for use of BCEL

As mentioned above I believe the first method used would be taking running player inputs through servers and seeing if there bot like. However even better than this is getting human intuition. Nothing beats human intuition. Where a well crafted script can make 30 bots look human to a computer program any normal person seeing this would without a doubt know a bot was being used.
The second level would be the use of “Random” events. I say random only because I believe these events are not very random at all. Yes, there are some points when a random event comes along and teleports you out of a task, and yes sometimes this can be random. However under normal circumstances I believe random events (I don't include fishing whirl pools and other bot preventative events in this mix) come along because a player has been flagged by either of the two reasons mentioned in level one. As a matter of fact I think you can even be flagged for playing a certain amount of time straight. Randoms simply act as another confirmation layer.
This doesn't mean that failing a random even will result in a ban. However if you fail one “random” event you will probably receive more. I once saw a whole group of macros receive a “strange old man” event at the exact same time. It would be improbable to assume this was random.
If you fail enough you will probably have your client input activity sent to a team for examination. They would check for things like if you were clicking the exact same place on the screen once you were teleported into a random event. They may look at the accuracy of each click. Ironically perfection isn't the mark of a good bot. A good bot is imperfect and human like. They will check for obvious methods that bots use to read the client (such as BCEL). This is the point that they will make a decision whether they have gathered enough evidence to give a ban.



1.5 Future actions taken against bots

As Jagex has already demonstrated they will take action against botters and those that create the software. They have already shut down such sites as rsbots.org. In the future I believe Jagex may eventually try to decompile many of the clients that botters use such as Nexus/ Ibot. People may think this is somewhat paranoid, but any company that is willing to take its legal team to another country just to shut down a site that pisses them off may very well take action. Fortunately for botters these clients are very secure and highly obfuscated. In the future I think one of the many things Jagex will do is employ professionals to write scripts to try to trick their detection software so they can secure another hole in their detection methods.

1.6 Closing thoughts

I hope that this article has proven beneficial to many of you please leave your comments below. I am hoping that this shed some light on the issue, but I am always open to more input!

Thank you

 

Interesting, thanks for the information. Do you believe that suiciding is dangerous in conjunction with your theories?

 

I can only appreciate the logic you put into this, very nicely produced...

This could be a 'bang on' theory, it certainly seem's that way from a common sense point of veiw...

Nice guide!

 

I like this - detailed and actually seem correct, unlike many other topics I've seen.

~Rulth

 

Sorry about the multiple thread posts. My browser was acting up.

@Don't Care -- I believe suiciding is very risky. This is because again you are using a bot 24/7. Human beings need sleep and even with a 15 minute break every 30 minutes to an hour (as many scripts now incorporated in them) it still seems risky. This is because most (and notice I do say most) have a life outside the game. This will immediately make you a target of suspicion. My conclusion on suiciding would be if you have put zero work into the account other than getting it off tutorial then do it. But if you have alot to lose don't. And if you want to make it all the way to 99 you better have a reliable script.

 

I'm pretty sure they wouldn't need a team of professionals to be hired to create a script to find cheaters in a Java game. They probably have programmers who have been using Java for 10+ years.

 

Runescape's engine (Runetech5 I think) is written on java, but developers there actually created a language written on java commonly called "RuneScript." My point is that these are game developers they are not trained to go in and look for exploits in the code. And I would be very surprised if they did not have a special department handled issues specific to game exploitation.

 

A very good read. Thanks alot for this. It was really useful for me becoz i was thinking of purchasing a nexus bot after running a free auth for like 8 hrs.

True. I believe there's a separate department that settles account investigation, which is not surprising for an organisation/company that's well known.
It's really hard to confirm how they detect macro-ers as the findings that people get usually are not very constant. For example, some 24/7 botters get away with it and a FEW botters getting banned using a well known script.

 

That is an excellent point. Again I don't believe that Jagex can detect botting scripts in real-time. I think all of them need to be sent through a server. Plus the amount of information going from client to server is immense! Its amazing they find botters at all. Jagex really is at a huge disadvantage. But they will do anything to cover this up (like mass bans)

 

Very nice thread, read it all. You didn't seem very conclusive at the end, sort of like a joke without a punch-line. Informative nonetheless.

Thanks.

 

This is a lot of very interesting information. The little tidbit about Jagex only holding on to 60 seconds of information is intriguing to say the least. Can't imagine how much memory it must take to even store 60 seconds of everyone's game time. (Easily over 100k people playing at any given time). Thanks for the read. Look forward to reading more by you in the future.

-Dud

 

Yeah that was what I had in mind. They have a high playerbase and don't think they have enough manpower/time to investigate all suspicious accounts. Unless they use softwares like GameGuard that run on OUR system resources, which i don't see happening as RS has their focus on "browser gaming" and as lightweight as possible. It's a down point they have to live with. I think they also are not FULL ON trying to ban people because some botters pay for members.

In all, I think people have to be careful when botting, after reading this guide from JaminB, I'm sure it helps for both bot writers, and also users.

p.s. I hate leechers because they don't give constructive feedback to help develop the bot to make it stronger. I can't imagine myself being a writer haha. I have to give credit to Powerbot, Kbot, Quirlion and SharpF. Great job.