An Idea to get rid of gold bots. MUST READ

[Pan_Raider(`_´)]

overriding this primitive selling system where you need a stall to sell would be an effective way to rid the servers of clientless stallers.
that would be one part...

getting rid of them all at once like JBerlyn would not amuse Joymax..
would be too much work

[JBerlyn]

overriding this primitive selling system where you need a stall to sell would be an effective way to rid the servers of clientless stallers.
that would be one part...

getting rid of them all at once like JBerlyn would not amuse Joymax..
would be too much work

2 lines of code a week...too much work? GG Joymax.

[Progress]

2. "then encrypt them much more than they already have." LoL'd my ass off. there is nothing encrypted. its a nice system (and effective btw!) how the build up the OPCodes.
3. Salting would be ok, but could be cracked easily in 1-2 days too. MD5 isnt possible, cause MD5 is basing on the machine's system time. even the iSRO servers arent syncronized in time.

Are you saying that if i generate an MD5 string from something on this computer, that result would be different on another computer if the clocks are not in sync?

If I generate an MD5 hash on this computer with a file, then you generate something with the same file in a different country, they would not be different.

Do me a favor, go research about checksum algorithms before posting. My suggestion will stop all clientless bots, I just don't think Joymax has the programming knowledge to do so.

Why? I'm not the one who thinks MD5 generates results based on the system's clock. How about you actually read (and comprehend) the post before you tell people to take a hike.

Your suggestion will not stop anything. If the client can decode/interpret something, their bot will be able to do the same. You do realize that they disassemble and study the client, right?

[Rendoqoz]

Soon you can buy SP from Item Mall, and later, you can even buy a FF char lvl 100 with gear and so on.

[JBerlyn]

Why? I'm not the one who thinks MD5 generates results based on the system's clock. How about you actually read (and comprehend) the post before you tell people to take a hike.

Your suggestion will not stop anything. If the client can decode/interpret something, their bot will be able to do the same. You do realize that they disassemble and study the client, right?

I never said the string is generated based on time. I know exactly how MD5 works. And MD5 cannot be decrypted because it isn't a freaking encryption method, and since a salt string will be embedded with the packet subject which is then MD5 hashed. It would work. Now go to 5 years of computer engineering studies before you can argue with me dipshit.

[Pan_Raider(`_´)]

Soon you can buy SP from Item Mall, and later, you can even buy a FF char lvl 100 with gear and so on.

sp..
not too soon, nor the ff char

not even till 110.
but for 120 it would be very stimulating for silk buyers though...
even joymax would figure that

[Progress]

Why? I'm not the one who thinks MD5 generates results based on the system's clock. How about you actually read (and comprehend) the post before you tell people to take a hike.

Your suggestion will not stop anything. If the client can decode/interpret something, their bot will be able to do the same. You do realize that they disassemble and study the client, right?

I never said the string is generated based on time. I know exactly how MD5 works. And MD5 cannot be decrypted because it isn't a freaking encryption method, and since a salt string will be embedded with the packet subject which is then MD5 hashed. It would work. Now go to 5 years of computer engineering studies before you can argue with me dipshit.

Neither did I. That's what you fail to understand. I'm not arguing that MD5 can be decrypted nor did i say it was somehow based on the system clock.

I wanted to be clear on what this other person meant by throwing the "system clock" into his argument. So i asked for clarification.

I think your description leaves out a lot of details. But im still going to try to guess what you mean. I'm sure you will correct me if I'm wrong.

I believe these are your key points:

They could use a salt string and MD5 hashing to read and send the message subjects.

Okay. The client would have the salt as well, right?

and since a salt string will be embedded with the packet subject which is then MD5 hashed.

So the salt string is hashed also? Or is it just embedded? Or is it embedded and hashed? Can you be more specific?

This would ruins clientless bots, as by the time they decrypted the packet subject to use for their bot application (which with MD5 is impossible), Joymax will have changed it the next week.

Without the salt, the client would be unable to find out what kind of packet was sent. So the client somehow receives the salt, right? What makes this salt unobtainable for the bot makers?

You leave out too many details and you are way too defensive for someone who has supposedly studied computer engineering for 5 years.

[JBerlyn]

Okay. I'll try to explain somewhat better.

For example, they have a packet subject called "login". In the default message handler on their server, they wouldn't have a message subject case statement for "login", they would have the MD5 value of the string "login".

To securitize it even more, they would then use a salt string which is just a random value. It could be "joymaxisstupid" or "ilovebots". Either way, that is stored in an array inside the client. Then, before sending a packet to the server, it would run a function/handler that would obtain the MD5 value of the packet subject as well as the MD5 value of the salt string, then combine the two, and send the packet to the server.

The server would then interpret the packet subject based around the MD5 value that is passed to it. They could then just change the salt string every week at inspection time in both the server and client, that way, bot companies would need to release a new bot every week to keep up, and they would still need to obtain the salt string within that week from the array, which believe me, is difficult to obtain without heavy dissemblance. Even so, the client could use an integer as the salt string as this would make it even more secure to people that pull apart the client.

I don't know if I can explain this any better. But I hope you understand.

[Progress]

Okay. I'll try to explain somewhat better.

For example, they have a packet subject called "login". In the default message handler on their server, they wouldn't have a message subject case statement for "login", they would have the MD5 value of the string "login".

To securitize it even more, they would then use a salt string which is just a random value. It could be "joymaxisstupid" or "ilovebots". Either way, that is stored in an array inside the client. Then, before sending a packet to the server, it would run a function/handler that would obtain the MD5 value of the packet subject as well as the MD5 value of the salt string, then combine the two, and send the packet to the server.

The server would then interpret the packet subject based around the MD5 value that is passed to it. They could then just change the salt string every week at inspection time in both the server and client, that way, bot companies would need to release a new bot every week to keep up, and they would still need to obtain the salt string within that week from the array, which believe me, is difficult to obtain without heavy dissemblance. Even so, the client could use an integer as the salt string as this would make it even more secure to people that pull apart the client.

I don't know if I can explain this any better. But I hope you understand.

Thank you. That was indeed a better explanation. However, it will not solve the problem. The salt (the secret) is located at both ends. This means that, as you have pointed out, the bot makers will be able to obtain this salt.

Unless the client is packed (which it once was (aspack?), but is no longer(i think)), the salt would be located at the same place every time JM releases a new client (unless they manually change it). Which means the process of obtaining the salt could be automated. So if they can obtain the salt, they can easily create the tools needed to auto-generate a new bot, or just have it fetch the new salt every week from their server.

I believe the packets are sill encrypted (not hashed) with some kind of blowfish variant. This, however, was not enough since the bot companies simply disassembled the client and obtained the key and the algorithm. With that in mind, what makes you think that it would be so complicated for them to obtain the salt? Even if it takes some time, eventually they would get it and your system would be broken.

The only way to stop bots from a technical standpoint is trusted computing. For those of you who are not familiar with it, it would basically keep encryption keys private, in a chip or in the processor. It would then use that key (which is unobtainable by the computer user/owner) to verify that the software that is going to be executed is "signed". Since programs not authorized by the company would not be signed, they cannot run. Problem solved - at the expense of your freedom to run what ever you want.

[PR0METHEUS]

I already came up with the idea to rid (or greatly reduce) the game of the gold bots at least. And that idea was to remove gold drops from the game completely. No gold drops from mobs anymore. And the items the mobs drop would worth a very very small amount when sold to NPC..(Like real small). Not even worth selling.


Our gold would come from triangular conflicts and not from mobs anymore. Increase the amount of gold that can be made from thieving, trading or defending a trade(hunting). If JM makes you get a lot of gold from doing a simple trade run then there is no need for gold bots anymore.


Gold bot owners wouldn't dare write a program to do trade runs knowing that everyone in the game would want to rob it out of sheer revenge, spite, greed and anger. Just look at how some high lvls kill these gold bots as they leave town with NPC thieves on your sever. And bots are dumb...they couldn't properly defend themselves since their actions are predetermined.

I've seen this idea before and I think it's a great idea for handling the gold bot situation. It would suck though for people who don't really want to job.

Take my wife for example (when we used to play). She had no interest in jobbing. She just wanted to grind and do quests. She liked quests because it gave her something to 'look forward to' during her grinds. When we moved to Venus, she made a glaiver and did just about every Chinese AND European quest up until we stopped playing around lvl 40. Lack of gold drops would make it pretty difficult for her to play. I guess she'd quickly learn to enjoy jobbing

[TheKnight]

I already came up with the idea to rid (or greatly reduce) the game of the gold bots at least. And that idea was to remove gold drops from the game completely. No gold drops from mobs anymore. And the items the mobs drop would worth a very very small amount when sold to NPC..(Like real small). Not even worth selling.


Our gold would come from triangular conflicts and not from mobs anymore. Increase the amount of gold that can be made from thieving, trading or defending a trade(hunting). If JM makes you get a lot of gold from doing a simple trade run then there is no need for gold bots anymore.


Gold bot owners wouldn't dare write a program to do trade runs knowing that everyone in the game would want to rob it out of sheer revenge, spite, greed and anger. Just look at how some high lvls kill these gold bots as they leave town with NPC thieves on your sever. And bots are dumb...they couldn't properly defend themselves since their actions are predetermined.

I've seen this idea before and I think it's a great idea for handling the gold bot situation. It would suck though for people who don't really want to job.

Take my wife for example (when we used to play). She had no interest in jobbing. She just wanted to grind and do quests. She liked quests because it gave her something to 'look forward to' during her grinds. When we moved to Venus, she made a glaiver and did just about every Chinese AND European quest up until we stopped playing around lvl 40. Lack of gold drops would make it pretty difficult for her to play. I guess she'd quickly learn to enjoy jobbing

And That All would make Jobbing back to life, but better not to remove gold from everywhere, like just make gold drops 80% Smaller & same for items. Do you think stalling would be much more harder then?

[PR0METHEUS]

The only way clientless bots can be stopped, is if Joymax changes all the packet subjects they use for Silkroad Online's client, then encrypt them much more than they already have. They could use a salt string and MD5 hashing to read and send the message subjects. Then weekly, they can change the salt string to something else, which would only require 2 lines of work each week. This would ruins clientless bots, as by the time they decrypted the packet subject to use for their bot application (which with MD5 is impossible), Joymax will have changed it the next week.

This system isn't even difficult. Since all message handling in the server is done in a single function as far as I know. I could code it if I was given the opportunity.

If I generate an MD5 hash on this computer with a file, then you generate something with the same file in a different country, they would not be different.

Do me a favor, go research about checksum algorithms before posting. My suggestion will stop all clientless bots, I just don't think Joymax has the programming knowledge to do so.[/quote]

I can see how this would help stop clientless bots since the encryption algorithm used would be in the client, and clientless bots wouldn't have that algorithm. You need both the key and algorithm to encrypt/decrypt. By the time the algorithm is discovered, they could change it, or change the key. However, the only use there would be for MD5 would be to verify that the packets that we're receiving have not been altered.

[1337]

This would make every item in the game raise in price by like over 9000%

[Drabon]

the gold prices would actually drop cause of the low pool, but yeah its over 9000

[Odanez]

u all know this will never be implemented by joymax, there are tons of ways they can improve on their game but they won't.

The only thing I see now that is possible for everyone against goldbots is when high lvl players dress up in job items and stand (with a transport) on a goldbot waypoint. the spawned lightning thieves splash damage onto the goldbots, killing them (if theyre much lower level than you).

If there would be about 20 people on every server doing this at any given time, and over a long period of time (ok it costs pots and time) goldbots could be a thing of the past. but I doubt enough people will do this. If my char is high enough I will definately do it.

If you dunno what I'm talking about go to youtube and search for "silkroad goldbot" - there will be enough videos