Cheating in RuneScape is what got me into programming. There was a program called SCAR (I believe) that let you write automation scripts in Pascal. That was a lot of fun.
Same here! It was also my first programming "job". I sold 4 copies of my script for 10$ each. My script would play one of the members-only minigames :D
Which minigame? I made a bot for mage training arena for all rooms, but the most interesting one was the enchanting chamber: there were dragonstones with a very high, but constant respawn rate that were highly contested. My script jumped through different servers and after finding and collecting one, it remembers the time when it spawns on that particular server. It was very satisfying to watch it run there just few seconds before they spawned, leaving other players no chance.
I've wondered as a kid how those scripts work. Do you know of a good explanation? Would they move your mouse based on the GUI, or directly send packets?
Also, while we're on hacker news, is it known how the party hat duplication bug happened? I like reading hacking white papers, but I assume nothing was published regarding that.
It wasn't a complicated bug. The trade interface accepted item quantities for stackable items: gold, bank notes, runes. A modified client allowed you to send a packet of offering into the trade a non-stackable item with zero quantity. Then at some point during the transfer, the quantity for non-stackable items gets ignored, because it should always be one, turning a zero into a one!
> Would they move your mouse based on the GUI, or directly send packets?
Depends on the client that was used. AutoRune was a popular client that sent direct packets. The game client gathered metrics on mouse movement though, so if you used direct packet injection you still had to fake the mouse movement to some extent so you could escape this rudimentary detection. Or your bot could just control the mouse in a somewhat realistic way and avoid needing to do extra work.
For reading game state, many bots in this time used color detection. So for example a flax picking bot might be coded to click on specific colors of cyan on the screen. Jagex would likewise respond with bot mitigation that was intended to fool the color detection system, for example by making flax have the same color whether it could actually be picked or not.
Later, clients would be developed that used decompilation and reflection of the Java game client to directly read game state in the form of Java objects. This would then be able to be queried and interacted with by scripts via an API that the client exposed. So for example, a script could be written that queried for all the flax (identified by their object id) around the player and instructed the client to pick it; the client would handle exactly how to move the mouse and the camera to achieve that.
An interesting bit of trivia: the first bot (that I'm aware of) to use deobfuscation of the game client was called Aryan. It was quite revolutionary for the cheating community because using the true game state worked so much better than the screen state. I don't know the specifics, but apparently the developers were threatened with legal action from Jagex. As part of their agreement with Jagex, the develoeprs released a new version of the client that sent a -1 up to the server for some field on the user that was always supposed to be positive. Jagex used this to mass-ban everyone who was using the bot.
Interesting to see this story here, I didn't know enough of that info was public to even end up here. (You have to be someone I know/know of, right?)
Basically true, though:
- Aryan wasn't the first clientmod, not even the first to deob - probably the first to go fairly 'mainstream' and end up being well known outside the circle of people using it, though (being free probably helped here)
- No legal action, tbh. Well, the same amount of legal action that all of the cheating scene got (some C&D's, domain takedown attempt type stuff at various times, but not the scary kind of legal action in the way other bots got)
- The banwave backdoor did happen, and basically as you say (iirc it was the actual UID but negative, rather than -1) but was more of a conscious decision, there wasn't an 'agreement' beforehand - it was proactively taken. Jagex were informed about it in order to detect it though, as far as I'm aware.
Doubtful. I was just a kid at the time who lurked on forums. Were you involved in the scene? If yes, do you mind if I ask what you ended up doing professionally? RS cheat developers were my role models growing up. I’ve often wondered what members of that community are up to now.
Yep, I used the nick 'Mopman' then, if you remember that name at all. Kind of appropriately for the name, I was mostly a janitor :D Admin @ Moparscape and the public Aryan channels, there's a few commits of mine in the bot but I definitely can't take credit for most of the bot itself, that was other peoples work. I did make few releases of it after the banwave incident you mention, though quickly passed that torch on (it was a lot of hassle, tbh).
Professionally nowadays I'm a pen tester/security consultant.
That's so cool. I'm star struck. I haven't thought about RuneScape in a very long time, but this thread has made me overcome with a bitter sweet sense of nostalgia. I knew so little about programming back then, so people who could manipulate this game I loved with their own code were like gods to me. The whole experience made a very strong impression on me. Thank you!
Worked on contributing a lot to that project, became my first (semi) open source contributions, and the scripts were my first forays into selling my work :)
> Also, while we're on hacker news, is it known how the party hat duplication bug happened?
I don't know for sure but I understand a lot of early bug abuse was due to a failure to perform server side validation. So hypothetically you might enter into a 2 part trade transaction flow where you offer items for trade in the 1st step and then commit that transaction in the 2nd step. Server side validation might be done in the 1st step to make sure you actually own the item you declared an intent to trade, but none is done in the 2nd step. So you could declare an intent to trade a worthless item you possess, but modify the transaction commit packet to give away an item you don't possess.
I was not part of the bug abuse community but I did find one bug in the game that involved multiple actions being done in a single server tick. As I understand it there have been a lot of bugs like this over the years. As a hypothetical example, it might be impossible to teleport while holding a certain item, but if you picked up the item on the same tick as you performed the teleport, the server might process the two actions in such a way that it allowed you to perform both.
Modern bots use reflection on the client itself, including faking the MouseEvent to the canvas/applet. Some bots use typical autohotkey style automation of just moving the mouse around and using color pickers/opencv to validate actions. Packet bots are rare but still do exist, AutoRune was one of them and it was used to duplicate items etc.
Programming scripts for SCAR in Pascal was actually the farthest I ever got in to programming - those scripts were the first things I ever wrote, and also the last. I wonder why.
Me too. I wrote one of the more popular script packs for AutoRune. Looking back AutoRune had a pretty cool event based language. I was a noobie to programming so I didn't really understand at the time.
Me too! I was active on the SRL (SCAR Resource Library) forums and got my first exposure to programming in middle school by tinkering with scripts I found there.
I wonder what this generations "gateway drug" to programming will be? Roblox?
