Unveiling the Secrets of RuneScape Bot Detection
This blog highlights the core of the RuneScape bot detection system. What causes bans, how we combat each method and what we plan on doing in the future, as well as what other bot clients currently do correctly and incorrectly.
- BotWatch: The name of the RuneScape bot detection system
- Profile: A comprehensive and dynamic amalgamation of player actions within the game environment. This includes a combination of mouse movements, clicks, and menu actions performed by a player during a specific timeframe. A profile encapsulates the unique behavioural patterns exhibited by an individual player during gameplay.
- HWID / UID / random.dat: A unique identifier Jagex assigns to your system.
Section 1: Understanding BotWatch
BotWatch is a fully server sided system which Jagex utilises in order to detect bots. Since it's server sided, we know that anything they can do is limited to what the game sends to the server. Through years of reverse engineering, extensive packet analysis and general testing, we have concluded that BotWatch mostly utilises 3 things that are sent to the server.
1. Mouse motion
The game snapshots your mouse position at regular intervals (50ms on the Java Client). While this doesn't tell Jagex 100% how you move your mouse, the snapshots give them a rough idea of it, and they're able to gauge things like speed.
2. Mouse clicks
When you click, the game sends all mouse movement snapshots that led up to that click. With this they're able to analyse the context of that click, which offers them insight regarding the action you just did.
3. Menu Actions
When you perform an action, (e.g. attacking an npc) they send the action data to the server. While this data serves to update the game/player state, it's also of value for comprehensive analysis of player behaviour. Knowing exactly what action you did and when, Jagex are able to notice patterns such as spamming an action.
How does this data all work together?
Jagex efficiently categorizes profiles by activity through the seamless integration of mouse movements, clicks, and menu actions. This approach allows the game system to create a nuanced understanding of player behaviour. Notably, most bot clients employ suboptimal mouse algorithms that fail to consistently align movements with specific in-game activities.
Section 2: Inubot Antiban
Contextual mouse algorithm
As mentioned prior, a generic mouse algorithm would never be a good solution for BotWatch because it doesn't take into account activity. One of the systems we have in place allows users to record their own mouse data. Just like the game does, we store and categorize this data by activity, so our algorithms can process them easily and generate contextual mouse movements and clicks. This essentially ensures that any activity you bot aligns with genuine user behaviour and interactions.
Our future plan regarding the above is to reduce and remove the requirement for users to record data for activities that aren't covered by using a more advanced neural network to generate them based on existing data. Unfortunately this plan is heavily reliant on users recording more data, so it may take a while.
Automatic picking up on unintended behaviour
Not all scripts are perfect - especially when developing or testing. Sometimes you might run your script, go outside and come back to it stuck, either afk or spamming the bank. Not great, is it? We feel that Jagex can easily pick up on unintended repetitive actions or prolonged inactivity so we plan on adding something to pick up on it ourselves and stop your script!
Section 3: System Information & HWID based detection
Two of the packets that we didn't mention earlier are your System Information and a derivative of a HWID that Jagex sends to the server. These don't fall under the behavioural analysis that BotWatch employs, but they are very well used.
While this doesn't sound like a big deal, verified clients such as RuneLite and the official Java client send somewhat unusual, tampered values. This can essentially be thought of as a signature that they send to Jagex, so they're able to tell what client you're using.
If you used a RuneLite based client such as OpenOSRS in June 2022, there was a huge third party client ban scandal around that time which was caused by Jagex detecting this. Another similar wave happened just last month (November 2023)! If you used Hydra plugins or RLPL, you most likely got hit during this time for the same reason. While this isn't a common occurrence, it is still something that should be taken care of. Since Inubot uses the C++ client, we don't have to modify any of this since there is no detection in place for us regarding System Information.
Jagex has a UID system in place called
random.dat. In this file they store the UID they assigned to you, allowing them to easily identify what accounts you logged into on your system. If you use a proxy without resetting the UID, they're able to tell it's you on the same computer. A lot of other bots seem to just delete this UID whenever you log in, which makes Jagex give you a new one. While this works to some extent, it's a bit odd if you're logging into an account with a new UID every session. Inubot requests and stores your UIDs, as well as groups them by IP address, Jagex are unable to use this as a means to detect us. Usually this method of banning is common in chain bans.
The inner workings of Jagex's BotWatch system have been unveiled, exposing its reliance on mouse data, clicks, and menu actions to discern player behaviour. This comprehensive analysis forms the backbone of our systems, specifically designed to align with genuine user interactions while outsmarting the limitations of algorithms used by other bots.
As highlighted in our explanations, the meticulous categorization of profiles by activity enables Inubot to integrate mouse movements, clicks, and menu actions in a sophisticated and safe manner which makes it difficult to distinguish bots from players. Inubot's contextual mouse algorithm, as detailed in Section 2, stands as a testament to our commitment in regards to antiban measures. By allowing users to record and categorize their own mouse data, we've pioneered a system that mirrors genuine user behaviour across various in-game activities.
Looking towards the future, our focus on data generation through advanced neural networks aims to further diminish the need for manual recording, promoting a more user-friendly experience. Additionally, our upcoming systems will automatically identify unintended behaviours, ensuring scripts remain effective and responsive.
In Section 3, we visit the significance of system information and hardware-based detection, emphasizing how Inubot deals with this all to provide a secure and undetectable environment for users. Our meticulous handling of system information and the grouping of HWIDs ensures a reliable experience, minimizing the risk of chain bans.
As the game continues to evolve, so too will Inubot, providing you the best botting experience possible.