Valhalla Legends Forums Archive | Battle.net Bot Development | Packets

AuthorMessageTime
TriCk
Is there a faster way of sending a text packet than &HE ? Or is there a way to make it fast enough to ban floods? Right now im testing...
[code]
InsertNTString "/ban " & username
SendPacket &HE
[/code]

Code = vb6

Has anyone created a successful bot to ban the turtle(or better floodbot) EVERY time yet? If so share me your strategy... i.e. how did u send the packet fast enough and recieve it fast enough for the bot to ban it in time?
I'm guessing its my receive speed.
November 26, 2003, 11:14 AM
Stealth
Discussed here: https://davnit.net/bnet/vL/phpbbs/index.php?board=17;action=display;threadid=3231
November 26, 2003, 2:39 PM
TriCk
Yeah i'm aware of those certain aspects.
I got none of those things implimented... all my bot shows is Battle.net Information such as If the User was banned or "That user is not logged on."
Could Select Case's be slowing me down?

This is what i currently have as most floods (Turtle) have 0ms pingtime i figure to not ban all people that come in a pingban applies. But im not sure if this technique is fast enough...
This is in the Winsocks DataArrival it refers to a sub
[code]
Select Case packetid
Case &HF
Username = KillNull(Mid$(Data, 29))
Message = KillNull(Mid$(Data, Len(Username) + 30))
Ping = MakeLong(Mid$(Data, 13, 4))
Select Case MakeLong(Mid$(Data, 5, 4))
Case &H2
If Ping = 0 Then
InsertNTString "/ban " & Username: SendPacket2 &HE ': TextAdd "0x02: " & Username
End If
End Select
[/code]

Note: SendPacket2 was my attempt at sending the packet faster... I tried to use this way... As i thought it might speed it up momentarily

[code]
Public Function SendPacket2(PacketID As Byte)
Dim Result As String * 2
CopyMemory ByVal Result, Len(Buffer) + 4, 2
sck1.SendData Chr(&HFF) & Chr(PacketID) & Result & Buffer
Buffer = ""
End Function
[/code]
November 26, 2003, 10:55 PM
TriCk
True.
How would i write the SendData function though?

I got
[code]
Public Declare Function Send Lib "wsock32.dll" Alias "send" (ByVal s As Long, buf As Any, ByVal buflen As Long, ByVal flags As Long) As Long
[/code]

What would s, buf, buflen, and flags be? how would i use this?
Whats difference between ws2_32.dll and wsock32.dll?
How would i declare ws2_32.dll?
November 26, 2003, 11:25 PM
Myndfyr
This is when we suggest that you look at the MSDN documentation.

This is the MSDN article

According to the docs, we have:

s is a pointer to the Socket - a SOCKET handle.
buf is the pointer to the string (I imagine that this is marshaled automagically)
bufLen is the length of the string in case you couldn't guess.
flags should be a bitwise combination of the following flags included in some .h file somewhere:

MSG_DONTROUTE Specifies that the data should not be subject to routing. A Windows Sockets service provider can choose to ignore this flag.
MSG_OOB Sends OOB data (stream-style socket such as SOCK_STREAM only. Also see DECnet Out-Of-band data for a discussion of this topic).

See the MSDN article I pointed you to for more info. Note that it took me all of two minutes to open another browser window, type "http://msdn.microsoft.com/library/", and do a search for "send windows sockets" - it was the FIRST item to come up.
November 26, 2003, 11:49 PM
TriCk
im a little confused what s is...

Would i refer that to sck1 on my form1? or... what? Would...

Under the function SendData(socket as string, buff as string) As String
SendData = Send(s, buff, Len(buff), 0)

Would that work? or sumthing like that?
November 27, 2003, 12:00 AM
TriCk
SocketHandle would be my connected sock like Form1.sck1 am i right?
November 27, 2003, 12:10 AM
TriCk
So i'll have to rewrite my bot using Declares?
If so what declares will i need?
November 27, 2003, 12:14 AM
Skywing
[quote author=TriCk link=board=17;threadid=3861;start=0#msg31836 date=1069892086]
So i'll have to rewrite my bot using Declares?
[/quote]It is most likely not worth pursuing this venture as it is possible to construct a floodbot attack that cannot be banned from a remote channel operator simply due to network transit times. Any speed you would gain from using winsock directly would probably be negligible in this instance.
November 27, 2003, 12:16 AM
TriCk
I think ur suggesting, if Battle.net's server is too slow it wont matter how fast my bot is?
November 27, 2003, 12:19 AM
Skywing
[quote author=TriCk link=board=17;threadid=3861;start=0#msg31840 date=1069892347]
But If i get it on a good connection... I want it to be able to ban floods.

I think ur suggesting, if Battle.net's server is too slow it wont matter how fast my bot is?
[/quote]
Consider if an attacker sent a join and a leave message in the same TCP packet. No matter how fast your connection to the server is, I find it extremely unlikely that you'll be able to ban such an attack, given that the time between a join and a leave is in this case limited only by the processing speed of the server.
November 27, 2003, 12:21 AM
TriCk
Well what if someone sends say 6 rejoins
And i know its bannable because i have seen people ban it. thats what i want to achieve with my bot
November 27, 2003, 12:22 AM
Arta
The latency of your connection to Battle.net has a great, great deal more to do with it than the speed of your program. Compared to the time that it takes your '/ban' command to get to Battle.net, the speed of your program is irrelevent. Your best bet is to get your operator bot hosted on the fastest connection you can find, and even that is a long shot. A far, far better approach - the one, incidentally, used by most of vL - is to use clients that can filter the crap that floodbots send, so that you never even see it. The nature of floodbot attacks makes it fairly simple to do this automatically.
November 27, 2003, 12:49 AM
TriCk
Well Fr0z3n[xL]@USWest claims he can ban turtles "EZ"
Gangz@USWest i have seen him ban a turtleflood 2 times in 1 flood every time.
And they're connections aren't great...
November 27, 2003, 12:55 AM
TriCk
Yeah, i'm guessing ur right, but how can people ban it if this is true?
November 27, 2003, 1:06 AM
Dyndrilliac
[quote author=TriCk link=board=17;threadid=3861;start=15#msg31845 date=1069892567]
Well what if someone sends say 6 rejoins
And i know its bannable because i have seen people ban it. thats what i want to achieve with my bot
[/quote]

6 Rejoins would cause an IP ban if done on the same connection. You would have to do it in an instance of 4 then an instance of 2 after reconnecting. I've tested this with my own crude work up of a small FloodBot.

My test results have conclusively pointed out that the most optimum Non IP Bannable data is:

50 second reconnect delay
.001 Second Rejoin Delay
4 Rejoins Per Connect

Using that data, a StealthBot on EFP will ban my bot roughly 1 out of 4 reconnects. Assuming you had enough keys you could theoretically make the spam infinite with the above data by falling in "Safe" parameters so as not to be IP banned.

My Connection speed is 1.7 megabits per second, on Cable btw.
November 27, 2003, 1:22 AM
Skywing
Note that available bandwidth doesn't really guarantee a fast connection (low response times). For instance, take a look at satellite connections.
November 27, 2003, 2:36 AM
iago
[quote author=UserLoser. link=board=17;threadid=3861;start=15#msg31881 date=1069895004]
Put it this way on banning a floodbot (*correct me if I'm wrong about server<->server, just what I'm guessing on how the Battle.net servers are operated*):

The floodbot connects to one of the many servers on the gateway, joins a channel, and starts to rejoin. That one server has to send a message to each server on that Gateway which says you joined, then left, then joined, ect, the channel. Each server then has to send out a join/leave message to each user in that channel, and send the channel user list to the floodbot every time it joins. Probably before the servers even start to communicate with each other, the floodbot already disconnects from the server, or shortly after. Anyways, along the way of the moderation bot recieving one of the many join messages, has to process the incoming data, then processes the username through a database (most likely, but shouldn't take any longer than a few milliseconds), then send out the ban message to the server it's on, which has to relay it across the other servers. [u]So your bot basically has a few milliseconds to send a ban message to the server before the server thinks the floodbot is disconnected...[/u]
[/quote]

You made sense right until that last statement. From what you're saying, the bot had already disconnected from the server by the time you get the message, so it doesn't matter how fast the bot is.
November 27, 2003, 2:56 AM
iago
How about just, "Because of network latency it's impossible"?
November 27, 2003, 3:08 AM
TriCk
[quote author=Dyndrilliac link=board=17;threadid=3861;start=15#msg31888 date=1069896143]
[quote author=TriCk link=board=17;threadid=3861;start=15#msg31845 date=1069892567]
Well what if someone sends say 6 rejoins
And i know its bannable because i have seen people ban it. thats what i want to achieve with my bot
[/quote]

6 Rejoins would cause an IP ban if done on the same connection. You would have to do it in an instance of 4 then an instance of 2 after reconnecting. I've tested this with my own crude work up of a small FloodBot.

My test results have conclusively pointed out that the most optimum Non IP Bannable data is:

50 second reconnect delay
.001 Second Rejoin Delay
4 Rejoins Per Connect

Using that data, a StealthBot on EFP will ban my bot roughly 1 out of 4 reconnects. Assuming you had enough keys you could theoretically make the spam infinite with the above data by falling in "Safe" parameters so as not to be IP banned.

My Connection speed is 1.7 megabits per second, on Cable btw.
[/quote]


No its not impossible to send 6 rejoins i can get 6 rejoins easily, even on the massbot i made i can, as fast as a floodbot
Mine are...

0.00 rj wait
6 rj's
0 wait to reconnect. (i can do this for 1hr or 2hrs before ipban)
November 27, 2003, 3:11 AM
Dyndrilliac
[quote author=TriCk link=board=17;threadid=3861;start=15#msg31845 date=1069892567]
No its not impossible to send 6 rejoins i can get 6 rejoins easily, even on the massbot i made i can, as fast as a floodbot
Mine are...

0.00 rj wait
6 rj's
0 wait to reconnect. (i can do this for 1hr or 2hrs before ipban)
[/quote]

That's kind of retarded since if you put 0 in a timer in VB the timer itself would completely cease to function....thus making your entire post just now a complete waste.

Edit: And if you mean rapid instant Reconnects you're wrong there too....if you reconnected at .01 delay 5 times you'd be IP banned before you could say "Man, that guy who made sense was right!".
November 27, 2003, 4:52 AM
Lenny
Well you're making the assumption he used a timer in the first place-He probably used a loop....

And I believe the max rejoin is 7
Depends on what kind of rejoin you do also.....
(Joining the void and coming back vs. making a private game and coming back)
But the reconnect part (0.00) isn't possible for 1-2 hrs...Even if you were switching between gateways(which would make no sense)

Also, can one server ban the user if it thinks it still connected (not the server that the floodbot was connected to)
November 27, 2003, 5:18 AM
Kp
Having taken actual packet captures during floodbot attacks, I have millisecond-precision about when the messages came in and the clustering thereof. The floodbots that have attacked vL in recent memory performed their attack in such a way that all the join, talk, and leave events arrived in one mass. This means that, even if I had reacted instantly, I couldn't have done anything about them - they were already gone (offline). I have also observed far less efficient floodbots that move quite slow (including a few that stalled out and took several seconds to get out of channel again). Such were quite easy to ban, but it's generally easier to let our client filtering just delete them instead of even bothering to ban them. It saves queue space on the operator. The ones that you see getting banned are, IMO, not designed very well.

Though it's technically impossible to guarantee that the peer will or will not receive all your data as a glob, there are measures which can give very high assurance of globbing (or of fragmentation, though there's really no good reason for wanting that). Taking such measures makes it far less likely that the floodbot will get caught.

No, I will not tell you what those measures are. Just from what I've said, it ought to be fairly obvious. If it isn't, that's good too.
November 27, 2003, 7:06 AM
TriCk
[quote]
That's kind of retarded since if you put 0 in a timer in VB the timer itself would completely cease to function....thus making your entire post just now a complete waste.
[/quote]

Who said anything about a timer?
Ever heard of the kernel32 sleep function?
Or
Not having a timer at all?
November 27, 2003, 8:59 AM
Spht
Like this thread, people are going to let it keep going. In that thread, the concept was explained several times but people ignore it, and decide to go with how they think it works instead. I've tried NUMEROUS times explaining this to different people on Battle.net, and they'll either ignore you because they don't understand, or very few will actually think "oh yeahhh," and then go on to teach the MANY MANY others why they can't ban floodbots and sometimes they can, because far too many people don't understand how it works.

For those which are still not satisfied, I suggest going back and viewing this thread, and especially read every post that Skywing and Kp made, because it explains in very complete detail how the whole concept works.
November 27, 2003, 3:53 PM
Dyndrilliac
[quote author=TriCk link=board=17;threadid=3861;start=30#msg31965 date=1069923570]
[quote]
That's kind of retarded since if you put 0 in a timer in VB the timer itself would completely cease to function....thus making your entire post just now a complete waste.
[/quote]

Who said anything about a timer?
Ever heard of the kernel32 sleep function?
Or
Not having a timer at all?[/quote]

Using sleep function would still give you a small delay?

My point was rapid reconnections at 0 is impossible.
November 27, 2003, 4:02 PM

Search