Northdale Warden scanning for hardware?

[itsalex 1]

5 minutes ago, CocoChanel said:

They see your pc, not your ip

Ofcourse they see your IP

[LukeJudd 6]

22 minutes ago, itsalex said:

Ofcourse they see your IP

Why of course? How can they possibly see your IP if a) you create the accounts through a VPN and b) you bot each account through an individual proxy?

[itsalex 1]

10 minutes ago, LukeJudd said:

Why of course? How can they possibly see your IP if a) you create the accounts through a VPN and b) you bot each account through an individual proxy?

They see your IP cause you connect to their servers... They will not see your real IP if you connect with proxies, but Coco said they see your PC only and not your IP which is not true.

[shadydealer 3]

Pls itsalex, dont spread untrue facts in this thread. It is beyond proven that they can, if they decide to check, see all clients that are connected from the same machine. No matter what proxy, vpn or whatever else you use to let clients connect though different IPs.

[itsalex 1]

9 hours ago, shadydealer said:

Pls itsalex, dont spread untrue facts in this thread. It is beyond proven that they can, if they decide to check, see all clients that are connected from the same machine. No matter what proxy, vpn or whatever else you use to let clients connect though different IPs.

So you're telling me you can connect to their servers and they don't get any IP information? Please, I never said the opposite. Learn to read.

[Matenia 620]

People still thinking they can get the hardware ID or MAC address... no.
Even if they could access the MAC address of your current network adapter used to connect to their server, you wouldn't need a VM to get past their detection.

[Ordush 185]

And no it's not a fact that they can see people, it's a fact that SOME of you are exposing yourselves somehow.

Some of us are not having any issues.

You people need to remember that unless you are using a modified wow client, they won't be able to do anything that blizzard could not do when they made that client.

[shadydealer 3]

3 hours ago, Matenia said:

People still thinking they can get the hardware ID or MAC address... no.
Even if they could access the MAC address of your current network adapter used to connect to their server, you wouldn't need a VM to get past their detection.

 

So, where is your proof of that? Multiple people in this thread including me getting hit by ban waves with the only link between accounts being the same machine. No, proxies are not leaking, no we are not too stupid to create accounts. Hell I even got accounts banned that other people created for me for testing purposes. Again to all the people saying they can't make out your machine: where is your proof? Or in other words, tell us what we are doing wrong. 

 

My personal theory: once you start to get banned multiple times on different occasions, their system flags your machine. When they check on you, bye all online accounts. All the people that say they are safe only didn't get caught enough times. 

[Matenia 620]

My proof: I know how warden works and what the limitations of it are. If there is a way to actually do this with vanilla warden, then it sure as hell isn't intended functionality and a genius like namreeb found a way to exploit the vanilla client, remotely, through warden to gain more access to your system than is intended. 

If they ACTUALLY had a way to tell which accounts are run on the same machine, they wouldn't only ban accounts that are online at the time and they wouldn't wait for you to get banned to flag your machine. They'd instantly see (because it's automated) that a single machine is currently running more than 1 client (which already breaks their rules) and investigate if not just auto ban.

[shadydealer 3]

20 minutes ago, Matenia said:

If they ACTUALLY had a way to tell which accounts are run on the same machine, they wouldn't only ban accounts that are online at the time and they wouldn't wait for you to get banned to flag your machine. They'd instantly see (because it's automated) that a single machine is currently running more than 1 client (which already breaks their rules) and investigate if not just auto ban.

That actually is a point. It still doesn't explain why some people seem to be totally fine, while others get chainbanned. I mean setting up Proxifier, making a rule for proxies and getting some SOCKS5 proxies isn't like the most complicated thing, where so many things can go wrong. I dont't see, what we should be doing wrong. There are no IP leaks, so how do they connect random accounts, created by different real people from all over the world. Don't get me wrong, it's not about who is right or wrong, it's about finding the solution and so far nobody provided a solid fix to the problem.

[Matenia 620]

As far as I know you can execute Lua code through warden in Vanilla. If this is possible they could do something like this:
- they collected a few proxy IPs to put on a blacklist
- everyone currently logged into those IPs is made to execute some Lua snippet
- it makes you join a channel but hides all messages that would indicate this from the UI
- sends a message to that channel (either from server or client itself)
- message could contain a hash of some sort that the server expects (maybe wRobot blocks this entirely and they don't receive the hash at all => must be bot)
- message could contain GetTime() (Lua function) which tells you EXACTLY how long your PC has been running in milliseconds (they assume no PCs connected to their server will ever return the same time)

I'm not sure how @Droidz blocks Lua unlock detection. If he prevents the server from executing FrameScipt_Execute entirely through Warden, it would mean wRobot is detected and they would probably ban a lot of people. So this is unlikely.
If the server is allowed to execute this, they can access your computer's uptime to have a very loose indicator that some clients might run on the same computer (but really out of 10000 players, what are the chances that 6 suspected botting accounts all have started their computer within 3-5 milliseconds of each other?).

If they use GetTime() to tell computer identity (I'm laughing internally at the combined genius and stupidity of this), this following line put into the chat after you log into the game (you cannot relog after this or reload the UI) would fix detection:
 

/run getTimeConstant = math.random(0, 10000000); _gt = GetTime; function GetTime() return _gt() + getTimeConstant  end

Keep in mind, that this can break many things, such as cooldown calculation for spells. Use with care.

[tonycali 24]

Ones not being banned are they not using relogger?.

[Matenia 620]

1 minute ago, CocoChanel said:

Fuck namreeb.

It's a guess and I am 99.99% sure he did not find a way to exploit warden in such a way.

[CocoChanel 63]

Just now, Matenia said:

It's a guess and I am 99.99% sure he did not find a way to exploit warden in such a way.

I dont think he did, I think Nostalrius or Elysium/Lightshope found out how to do it. I talked with some of the staff.

[tonycali 24]

what if its something as simple as the ip you create an account on such as VPN then u play on ur proxy for that account the ip's dont match and flag for investigation of bot. i got "Your computer or network may be sending automated queries. To protect our users, we can't process your request right now. For more details visit our help page" when creating a 2nd account after i switched vpn location from the first account created.

[mutolisk 0]

Just some facts from me.

First account about lvl 25 banned with proxy ipvanish ON (account registration from proxy too).

Next account about lvl 15 banned yesterday with using my home IP. 

I have some char's from another computer with same ip that is not yet banned about 25 lvl.

I am use only one active char at time.

So i think that they can mark computer and they don't care about proxy you use at all.

If your ip or machine are already marked they can easy ban you again. Also they ban only online accounts.

I guess all this systems are script based and fully automated. The GM's just check already banned char's or prepared list for ban's that all is correct (like bot chains, quest finished or mobs killed) or maybe select some char's and port them to GM room.

Some lighthope's GM's can easy read this forum and this thread like all of us. And then can use bot too to see how it works and improve there scripts.

The only way now is more tests about your config. If you already banned what methods are you used and what you have tried?

 

 

[Ordush 185]

Also want to point out that someone sorted screenshot of gm telling him his account was mistakenly ported to the box, because there was no note on his account.

Which would indicate that they note up bots and then do a sweep.

Also I did not even get banned for accidentally making 5 bots run in circles in Orgrimmar. (Matenia can confirm this happened, because he knows the circumstances where this happens.)

As soon as I realized I stopped the bots and haven't logged them in-game since. According to the site they are not banned. There is on chance in hell they did not get reported.

But since they have not been online to be checked, nothing has happened. My other bots has not been banned or anything, although they have been running.

So I an positive that it's not hardware that is the fault here.

You have all done a lot of research and I am sure that within some time, you will have this figured out.

Edited July 20, 2018 by Ordush

[CocoChanel 63]

This is what I think it is: An automatic scan for your LAN. Whenever 1 of your accounts are caught, it will scan your LAN and find other bots and report it to the GM's. I have no fucking idea on how you did it Ordush, but I guess that you were lucky.

[milkme 0]

Well to post an update from me, I'm just confused, I have no idea what is going on.

As I mentioned before, I'm running 2 machines on different routers currently. On one router 1 character got banned on northdale EVER, on the other router every single character except the very first one got banned(and I stopped botting with that before the very first time I got hit with a banwave).

The wrobot config is exactly the same on both machines, same profiles, fight classes, settings(so I doubt wrobot is detected or they are detecting the patterns of profiles).

Curiously on the router on that everything got banned, I switched what server I run the bots on, fresh windows install, completely different hardware ids for the machine, just the router stayed the same. -> Still got hit with a wave within the first day.

Really if this wouldn't be happening to me I'd probably not even believe the people in this thread, but this is just bizarre.

I mean 2 identically configured machines on different routers, on one router 29 out of 30 bots get banned, on the other router 1 out of 30 gets banned.

[tonycali 24]

Milkme its not just u until someone posts some proof of multiple at the very least 45+errs on ndale with names blacked aint nobody going unbanned if botting more than 1-2.

[Findeh 34]

14 hours ago, milkme said:

Well to post an update from me, I'm just confused, I have no idea what is going on.

As I mentioned before, I'm running 2 machines on different routers currently. On one router 1 character got banned on northdale EVER, on the other router every single character except the very first one got banned(and I stopped botting with that before the very first time I got hit with a banwave).

The wrobot config is exactly the same on both machines, same profiles, fight classes, settings(so I doubt wrobot is detected or they are detecting the patterns of profiles).

Curiously on the router on that everything got banned, I switched what server I run the bots on, fresh windows install, completely different hardware ids for the machine, just the router stayed the same. -> Still got hit with a wave within the first day.

Really if this wouldn't be happening to me I'd probably not even believe the people in this thread, but this is just bizarre.

I mean 2 identically configured machines on different routers, on one router 29 out of 30 bots get banned, on the other router 1 out of 30 gets banned.

I wonder what will happen if you will change computers s routers pairs. I mean if you got PC1 + Internet 1 (router 1) and PC2 + Internet2 (router 2), what will happen if you'll make pairs PC1 + Internet2 and PC2 +Internet1.

Will they continue to ban the same pc or will they start to ban a new one.

[CocoChanel 63]

Been tweaking my VM and changing some settings, and I can now run my Virtualbox at at 8-17% of my total cpu with 2 wows running on it. 100% worth it to run a VM.

[Ordush 185]

13 hours ago, tonycali said:

Milkme its not just u until someone posts some proof of multiple at the very least 45+errs on ndale with names blacked aint nobody going unbanned if botting more than 1-2.

Rofl, are you seriously still not believing that some of us are having no issues?

That is so funny.

[BetterSister 366]

my priest got banned today at 36 lvl and i know it is because of my fight class. Guaranteed not detection related

[tonycali 24]

45 minutes ago, Ordush said:

Rofl, are you seriously still not believing that some of us are having no issues?

That is so funny.

The only thing that's funny is the servers been open 3 weeks now yet you can't show zero proof you have your 10 accounts level 45+ and now its some of us? so now its more and more just mass botting 10-20 accounts zero bans just stacking away level 60's zero bans.  The only thing that is funny is believing in something that hasn't been confirmed with proof.  Hell i should start believing in Santa Clause again.  Bettersister there is some form a detection and im not suggesting its the bot because if i stay around 3 bots on proxies they will go undetected but when i load up 6+ ban city each on premium proxies and new sets cause i even changed them and called my ip to change my ISP ip. im suggesting when you have mass connections and one gets banned they somehow get the rest when they shouldn't be finding socks5 proxies and nobody is putting it past some private server owners who sell gold from scanning your comp and banning the rest of the connects.  Didn't even blizzard get in trouble of that a decade ago they were scanning ram or something and see everything in your task manager.