EQ TLP - Vaniki (Level-Locked Progression)

Tuco said:

Seems like they're mostly cracking down on show EQ and macroquest and leaving Gamparse, GINA, inner space boxer etc alone. If they start going after ISBoxer users they'll lose a lot of users without really hurting botting much. ISBoxer makes life easier for manual users than it does for someone trying to automate stuff with autohotkey. Will be a lot more people using the linux version of ShowEQ on a separate computer if this continues, which can be done in an 100% undetectable way.

This doesn't make sense from a business perspective but I kind of wish DPG embraced botting and whitelisted a version of macroquest + plugins that didn't have any warping for usage on a special server where botting was encouraged. Maybe it's just that I've been playing a lot of Factorio lately but EQ is such an automation friendly RPG that it could be fun to bot. I imagine the server would be totally dead though, most people who bot either want to make $$$ or do more than just bot trivial content on their server.

Click to expand...

EQ2 cracks down on Innerspace already, actually. If anyone uses it to broadcast keystrokes, they can detect and ban all of that.

Secrets said:

EQ2 cracks down on Innerspace already, actually. If anyone uses it to broadcast keystrokes, they can detect and ban all of that.

Click to expand...

Isn't that the same in EQ1 where you get "true boxed" because it detected from the same IP address keystrokes going at the same time and instantly get kicked?

Zog said:

Heard vicious is interested in starting a guild on Yelinak... Sure would be fucking nice.

View attachment 420454

Click to expand...

He was hanging in a public discord voice with 2 officers from WR, make of that what you will, didn't listen in or enquire as to what was discussed.

The server could definitely use a top end guild IMO I don't think Resurgence or WR could compete if he bought his gang here. I'd expect both guilds to be hit with some defections as well.

Crone said:

Isn't that the same in EQ1 where you get "true boxed" because it detected from the same IP address keystrokes going at the same time and instantly get kicked?

Click to expand...

They explicitly check for the DLL names.

See earlier in this thread for the image Zaide linked. That's about the extent of what they can track in terms of process names, and DLL module names.
It's the full path (except if it's in a system folder, and excluding the Windows username for privacy reasons).

They also exclude common paths - ie; C:\Windows\System32\wsock32.dll - from the list and shorten them to <system>\wsock32.dll

By the way, I don't mean to post this to shit on their work or anything, or encourage you all to bypass anything. If you bypass by renaming the program, it's likely you'll be caught anyways if you don't know how to properly hide it. if you're reported for fuckery, they can still check your processes for nonstandard ones. That alone may be enough to nail you if you're disruptive.

All it takes is one fuckup and you're flagged anyways. You might think it'd be easy to avoid - but eventually, everyone slips up at least once due to overconfidence or forgetting to unload something, or some system timing happens at the same time that prevents MQ2 from hiding a process, or your process is launched from the wrong folder - and even then, you'd have to have Windows internals to know all of the ways they could catch you.

On my servers, that was commonplace. I had someone on Rise of Zek rename their MySEQ instance to "Panda.exe" in C:\Vacation, but I was able to detect it anyways due to window titles, the size of the dll itself, and the player was also removing the no-nameplate skeletons from the GlobalLoad to make PVP targeting easier. All it takes is one day of your complacency and them to add a small 'gotcha' and your months of work are gone.

Tuco said:

I knew EQ2 was a mistake.

Click to expand...

EQ2 has had a lot more drama regarding third party programs, to be honest. It's the nature of their player base to be angry and witch hunt people they don't like... even outside of botting.

EQ2's community can be described as a Christian Minecraft server mentality. They're against swearing, loud noises, anything that breaks traditional guild structure (IE; good luck ever doing a GDKP-style run in that game), and are against anything that ruins gameplay as they believe the developers intended - like RMT, multiboxing, exploiting, etc.

I think EQ2 is where I picked up on the whole, "Botting = Cheating = Ban 100% of the time" thing that I had to unlearn from when I was younger. EQ2 was my primary MMO for most of my childhood as opposed to EQ1. I was also literally 11-14 years old, so take that how you will. Rule breaking and doing something wrong was my main concern when I didn't understand how the world worked yet in the offline world, let alone the online culture.

EQ2 also tried various efforts to contain various undesirable playstyles over the years:
-Station Exchange: The Bazaar / Vox servers which allowed for eBay-style bids on characters, lump sums of platinum, and items.
-Drunder, the prison server for rule breakers.

A lot of their players did not like ISXEQ2 botters, and they often lump them into the same bucket as Innerspace users that keystroke broadcast (without ISXGames' module). So the EQ2 team has just enforced blanket bans on various methods of module/keystroke injection over the years, and do not warn when they no longer ban for methods of injection.

In 2013 or so, Linux users saw perma-bans without recourse due to the VM detection in EQ2 that was ported over from EQ1. They got backlash, so they stopped doing that.

Part of me wonders if they discriminate a little bit between Krono users and Subscribers, my suspicion is that long time subscribers get a bit more leeway compared to brand new krono driven accounts but I could be wrong.

As somebody that has a few accounts with very high sub time I seem to get away with a lot.

Greyman said:

Part of me wonders if they discriminate a little bit between Krono users and Subscribers, my suspicion is that long time subscribers get a bit more leeway compared to brand new krono driven accounts but I could be wrong.

As somebody that has a few accounts with very high sub time I seem to get away with a lot.

Click to expand...

I'd definitely say this is true. At least insofar as I've never gotten banned at all on either of my two main accounts and they've both loaded MQ2 plenty of times on live servers. I always loaded it on throwaways for TLPs though and even at that only briefly to check on a couple of theories. Those accounts never got banned either though.

If they are actually gathering and analyzing data, it has to be pretty easy to spot bottish behavior. I'd also bet with the 64 bit client they implemented a few more detection procedures (i.e. GetCurrentInputMessageSource function (winuser.h) - Win32 apps)

Greyman said:

Part of me wonders if they discriminate a little bit between Krono users and Subscribers, my suspicion is that long time subscribers get a bit more leeway compared to brand new krono driven accounts but I could be wrong.

As somebody that has a few accounts with very high sub time I seem to get away with a lot.

Click to expand...

They dont.

alavaz said:

I'd definitely say this is true. At least insofar as I've never gotten banned at all on either of my two main accounts and they've both loaded MQ2 plenty of times on live servers. I always loaded it on throwaways for TLPs though and even at that only briefly to check on a couple of theories. Those accounts never got banned either though.

If they are actually gathering and analyzing data, it has to be pretty easy to spot bottish behavior. I'd also bet with the 64 bit client they implemented a few more detection procedures (i.e. GetCurrentInputMessageSource function (winuser.h) - Win32 apps)

Click to expand...

They dont.

A ton of misinformation going on in this thread. In part because of how things "used" to work vs how they are working now. What they are doing is pretty simple, and it has about a 25% error (false detection, association) rate.

They're definitely stricter on you if you aren't phone verified or haven't made a CC purchase.

Mrniceguy said:

They're definitely stricter on you if you aren't phone verified or haven't made a CC purchase.

Click to expand...

Yes you should 2fa every account, and use a throwaway phone number. It will save a ton of potential problems later on.

Or you could just, ya know, not cheat?

I wonder what the overlap is for cheaters and people that leave their shopping carts behind.

Kharzette said:

Or you could just, ya know, not cheat?

I wonder what the overlap is for cheaters and people that leave their shopping carts behind.

Click to expand...

Even those who play clean get caught up in false flags normally by account association. It happens far more than people think.

Its like having your identity stolen. Most people will never have it stolen, but even those who are very diligent can have it stolen without any fault of their own.

Wonder what percent of those people who are actually clean, shared their account info with someone who cheats and thats what got them flagged.

Elderan said:

A ton of misinformation going on in this thread. In part because of how things "used" to work vs how they are working now. What they are doing is pretty simple, and it has about a 25% error (false detection, association) rate.

Click to expand...

I don't want to question your methods because the last time someone asked how you come up with your random server population numbers you got all butt hurt. So I'm just going to ignore this statement since it's not backed by a shred of evidence lol.

Elderan said:

They dont.



They dont.

A ton of misinformation going on in this thread. In part because of how things "used" to work vs how they are working now. What they are doing is pretty simple, and it has about a 25% error (false detection, association) rate.

Click to expand...

Zero misinformation from my part. If they use the detection I am mentioning, it has a 0% false detection/association rate.

MQNext is aware of this functionality, and bypasses it for itself, but not MySEQ.


MySEQ is 100% detectable this way. The launchpad has HWID tracking capabilities. The game client and game loginserver uses the same utility (it's part of a library) and allows them to track you across games.

They even left in the slash command (albeit not hooked up) to test this stuff.



Beyond that, there's the normal 'memory check' stuff that has existed since 2003, though they don't use it anymore as I think ASLR broke it, though it's still used on spellcasts:




That same functionality is used for checking to see if you have the proper eqgame.exe, spells, basedata, skill caps, newzone_info, player profile length received from the server, etc:



The string MQ2 uses to identify itself is part of this checksum, in fact.

Beyond that, the zone server can request this data as part of a network message:




I don't believe any of that is used anymore, but it's hard to tell without emulating it to see what MQ2 changes, or making a mockup of the functions in a standalone program.

That brings me back to my point: None of what I said was based on misinformation. There's multiple layers of detection and none of them are surface visible to the average MQ user. I've named a handful of them, and not all of them are clientsided like these examples are. Analytics is a big part of our industry, EQ is no exception.

Animosity said:

Wonder what percent of those people who are actually clean, shared their account info with someone who cheats and thats what got them flagged.

Click to expand...

Fairly high. This is why MMO companies tell you to not share your account, and why CSRs will often deny account change requests that can't prove they are actually the owner. It's a clusterfuck for CSRs to deal with if they arbitrarily allowed that shit. It's why account to account transfers require ownership proof. It's so they can take the burden of responsibility off of them and onto you, and why they have no qualms banning people based on detections on your account.

"Your account is your responsibility."

Secrets said:

It's why account to account transfers require ownership proof. It's so they can take the burden of responsibility off of them and onto you, and why they have no qualms banning people based on detections on your account.

"Your account is your responsibility."

Click to expand...

Or in DBG's case, "the guy who knew how to do those quit".