What information does Jagex Track?

Haven’t been very active around here, but the SCAR/SIMBA community is still alive, though we have been reduced to a marginal group in the light of the current JAVA RS-cheating scene. I have a burning question about what kind of information Jagex sends to their servers. Some years ago there was consensus about Mouse Clicks; currently it is believed that Jagex also tracks mouse movements. And since I regard this insideforum as state-of-the-art in cheating, I turn to you guys.

What information does Jagex Track?

Well obviously nobody knows, and I expect this thread to descend into a flamewar as everybody tries to assert their opinion.

It depends what you mean by “track”. Personally I very much doubt mouse operations are used for much other than being run through an algorithm to detect really blatant automation.

[quote=“Mopman, post:2, topic:325729”]Well obviously nobody knows, and I expect this thread to descend into a flamewar as everybody tries to assert their opinion.[/quote] FlameWars, here? Anyway, I am just very curious to hear the specialitsts

Gl with getting useful info here… =/

Like all modern companies, they can track cookies, they track users, habits and which adverts bring the most revenue. Anti cheating measures are probably minimal… There’s no evidence proving one way or the other. They wrote their own web server, tracking which users don’t download a pages resources probably throw a flag… If you load the page and not the pictures? Seems rather simple… Even netbooks load pictures.

But knowing what exactly they track, is hard to say, as we have no client side info telling us anything!

Or they just use something like JRun and have it return some bullshit header.

You have some nerve coming here and asking like this after all the shit SRL has done to shit on Java developers at your site.

However, having said that, I will give you input on what I know. The ability to “track mouse movements” is possible, however recently people are actually, in opposition to what you stated, believing that Jagex do not track your mouse movements.

Simply put, Jagex can’t ban you for anything that could be legit. Some tablet computers do not have mouse movements, for example.

[quote=“the bank, post:7, topic:325729”]You have some nerve coming here and asking like this after all the shit SRL has done to shit on Java developers at your site.

However, having said that, I will give you input on what I know. The ability to “track mouse movements” is possible, however recently people are actually, in opposition to what you stated, believing that Jagex do not track your mouse movements.

Simply put, Jagex can’t ban you for anything that could be legit. Some tablet computers do not have mouse movements, for example.[/quote]

It’s called profiling. And frankly they do… Semaphore and I covered tablet PC’s… We covered touch pads… And various other forms of input. They do track your mouse, they always have. Did you know they even track the “random” that vary your colors to give color clickers a hard time? Banning for stuff that “could be legit” is what jagex is all about! And guess what, it’s all automated. For no other reason would you need an appeal system.

And lets not forget the past, there’s been several, mass bans… Jagex is like all other game manufacturers… Money grubbing whores. You play their game, you generate them revenue. You cheat the game, you still are. And just as it ruins the game overall, they take all the things they supposedly “do not track” and throw them right at you and 3000 players in classic. Or the 10’s of thousands in rs2.

If you think you’re not being kept in check, that you’re so smart. You’re completely fucking wrong. The industry is the same as all others, end profit is all that matters…

As part of our continued effort to ensure a fair and fun online experience for all Battle.net players, we have expanded our efforts to remove cheaters from StarCraft and Diablo II. We have identified and closed over 350,000 StarCraft and Diablo II accounts which were found to be using third-party hacks.

The Diablo II CD keys associated with the closed Diablo II accounts are now restricted from playing on Battle.net for approximately 30 days. Repeat offenders will have their accounts closed and their CD keys permanently banned from Battle.net.

As a reminder, we reserve the right to close the accounts and ban the CD keys of players who are caught cheating on Battle.net. Cheating ruins the game experience for legitimate players, and we will not tolerate it.

Jagex isn’t the first, it won’t be the last. But nothing about it is original.

Which massban has there been where we don’t know exactly what the trigger was? Your memory may be better than mine, but I can’t bring to mind one.

When you say “mass ban” how exactly do you define that now?.. a few years ago “mass” was a few thousand. Now I hear they’re banning or were banning tens of thousands of accounts per day. I can only presume they’re ~99% free accounts otherwise Jagex wouldn’t be running such a ruthless ban system for reasons stated by psb.

Anyway, to be catching that many people they must be one step ahead all the time and that could possibly be by monitoring and tracking more than we think.

Is SCAR now getting much more bans or something?

The best way to go about this is to not ask yourself or others what information they DO track, but instead to ask what they possibly COULD track.

They could track webserver requests, and you wouldn’t even need your own custom server, a simple grep of the access logs from any server software could tell you whether a client is an actual web browser with javascript or if it is just wget or a bot.

They could track mouse movements and clicks. (and they actually have code in place to do so, and the data is sent to thier servers from time to time, what they do with it is anyone’s guess. It is likely that they run some type of automated program to analyze it to check for blatant bots, but who knows? No one here for sure.)

They could track your key clicks, the duration, if you ever make any mistakes (a human would). Again, how they would analyze it is anyone’s guess, but you should make them as real as you can, and make mistakes like a human would.

They can track what version of VM they are running in, and potentially check what operating system you use, and what classes you have loaded in the JVM if you don’t protect against this.

I believe the above is about all they can do, IF you run the unsigned client, which is what I always advise to cheat with. If you run the signed client, they can do anything you can do on your computer, which includes countless nasty things. I’ll list a few below, but it’s pretty near infinite what they can come up with.

Check running processes (running scar.exe?), contents of you hard drive (have any bots or scripts in there), your browser history (have you ever searched ‘runescape cheating’, visited moparisthebest.com or SRL?). They could even install code that runs on boot to check all of these things. I wouldn’t suggest it for cheating at all.

[quote=“Moparisthebest, post:11, topic:325729”]The best way to go about this is to not ask yourself or others what information they DO track, but instead to ask what they possibly COULD track.

They could track webserver requests, and you wouldn’t even need your own custom server, a simple grep of the access logs from any server software could tell you whether a client is an actual web browser with javascript or if it is just wget or a bot.

They could track mouse movements and clicks. (and they actually have code in place to do so, and the data is sent to thier servers from time to time, what they do with it is anyone’s guess. It is likely that they run some type of automated program to analyze it to check for blatant bots, but who knows? No one here for sure.)

They could track your key clicks, the duration, if you ever make any mistakes (a human would). Again, how they would analyze it is anyone’s guess, but you should make them as real as you can, and make mistakes like a human would.

They can track what version of VM they are running in, and potentially check what operating system you use, and what classes you have loaded in the JVM if you don’t protect against this.

I believe the above is about all they can do, IF you run the unsigned client, which is what I always advise to cheat with. If you run the signed client, they can do anything you can do on your computer, which includes countless nasty things. I’ll list a few below, but it’s pretty near infinite what they can come up with.

Check running processes (running scar.exe?), contents of you hard drive (have any bots or scripts in there), your browser history (have you ever searched ‘runescape cheating’, visited moparisthebest.com or SRL?). They could even install code that runs on boot to check all of these things. I wouldn’t suggest it for cheating at all.[/quote]If they did most of the things you talked about related to a signed client i presume they would have to state this in their TOS.

I don’t know if they would, you choose to run their code on your machine. They probably have something in their TOS already saying they can detect bots, does anyone read it?

PSB mentioned profiling of players, and that is most likely. When they released the Adventurer logs, which allow players to view the amount of game hours they have clocked up, it was made blatantly obvious that they probably look for behaviour in a player that they could consider unusual.
For example, say someone plays the game for half hour a day for 6 months. And then all of a sudden they’re playing 5 to 8 hours a day. This would warrant more in-depth scrutiny being applied to the account. Of course, they would factor other things in if they did take this approach – they might consider that someone is approaching a 99 in a skill, for example.

I imagine that they also consider interaction with things outside of experience farming or resource farming too. An account that doesn’t participate in any aspect of the game besides picking and selling flax would be suspect in my eyes, and I’d be putting such an account under the microscope.

There was a pmod forum leak done by svew (I think that was his name), and I took the time to read a fair bit of it. One jmod revealed that the macro detection system couldn’t detect auto typers, and also stated that the information was to be kept between staff and pmods.
Another question came up about the purpose of reporting someone for macroing, and the staff member stated that reporting someone for macroing simply starts the macro detection systems.
In short, if they do detect mouse movements and clicks and they do profile it and compare it to human mouse movement then it’s done on a case by case basis; it’s not something that runs around the clock from day one.

[quote=“Moparisthebest, post:11, topic:325729”]The best way to go about this is to not ask yourself or others what information they DO track, but instead to ask what they possibly COULD track.

They could track webserver requests, and you wouldn’t even need your own custom server, a simple grep of the access logs from any server software could tell you whether a client is an actual web browser with javascript or if it is just wget or a bot.

They could track mouse movements and clicks. (and they actually have code in place to do so, and the data is sent to thier servers from time to time, what they do with it is anyone’s guess. It is likely that they run some type of automated program to analyze it to check for blatant bots, but who knows? No one here for sure.)

They could track your key clicks, the duration, if you ever make any mistakes (a human would). Again, how they would analyze it is anyone’s guess, but you should make them as real as you can, and make mistakes like a human would.

They can track what version of VM they are running in, and potentially check what operating system you use, and what classes you have loaded in the JVM if you don’t protect against this.

I believe the above is about all they can do, IF you run the unsigned client, which is what I always advise to cheat with. If you run the signed client, they can do anything you can do on your computer, which includes countless nasty things. I’ll list a few below, but it’s pretty near infinite what they can come up with.

Check running processes (running scar.exe?), contents of you hard drive (have any bots or scripts in there), your browser history (have you ever searched ‘runescape cheating’, visited moparisthebest.com or SRL?). They could even install code that runs on boot to check all of these things. I wouldn’t suggest it for cheating at all.[/quote]
Wouldn’t a lot of that actually breach the privacy law if not included in their TOS? Also how would you protect yourself from them getting what classes you’ve loaded in the process?

learn how the jvm works and dont be retarded is a good first step, freddy

rep++ nice tut will use in future

I don’t recall asking you, I would’ve visited Trollheim if I wanted to do that…

It would be interesting to do some controlled tests to see if we could gain some additional insight regarding the server side detections.

For example, have Player A run a bot that cuts down trees while moving the mouse in perfectly straight lines with no overshoot or other human characteristics for an hour or two, then have Player B report Player A and see what happens. The “control group” could be Player C running the same bot and not having anyone report him, or even having Player D cut down trees legitimately, then being reported by Player B.

One could even go so far as to gradually increase the complexity (human likeness) of the mouse algorithms while performing the above tests to see just how advanced Jagex’s detection algorithms can get (assuming they have any at all).

Evidently a lot of effort, up to you if it’s worth it.

they check for the loaded advert, make sure it’s in the right language etc,
javascript is called to get an instance of the client aswell so make sure you implement a netscape object into your client