Sign in with
Sign up | Sign in

Avoiding Detection

TG Daily interview: Chat with a World of Warcraft bot programmer

TG Daily: One of the things I've see with bot programs is that they try to appear more human (to lessen the chance of being banned). What are some of the technical measures that Glider tries to do?

Mercury: Avoiding detection is rather exciting, to be sure. Since Blizzard does not want bots running at all, it's a violation to use them. Detection is cleanly divided into two methods: software and human. Avoiding human detection is fairly difficult because, let's face it, if another player gives Glider a Turing test in the game, it's not human. Rather than attack that problem at its strength (I'm a big Art of War fan), Glider tries to attack it at its weakness by not causing a player to become curious at all.

We try to add little mannerisms here and there, like jumps and random strafing and bits of randomness to combat. For instance, if you tell Glider to use the Bloodrage skill with your warrior, it will sometimes use it before shooting the gun, sometimes after. If it's charging, it'll sometimes use it after the charge - and sometimes not at all. We try our best to make it not set off that first curious look from another player, but it's very difficult.

Of course, a good part of avoiding player detection is, ironically, detecting players. Just like if it was your 10-year old nephew, Glider will alert you if there is another player following around for too long. So you can configure to play a sound clip at high volume so you can come and investigate - or simply log off. When it comes to suspensions or bans, discretion is more than just the better part of valor.

TG Daily: How difficult is it to stay one step ahead of Blizzard? Also, can you empathize with the GMs who try to catch botters?

Mercury: Staying one step ahead of Blizzard is just about impossible because you never know what they're going to do next. The technical nature of the game is that the Warden, which is where Blizzard's hack-detection code lives, is dynamically updated. The code itself doesn't even exist in the game client, but is sent down when you connect, just like your spellbook is. Given that agility and the fact that the game can update any time on a regular or hotfix patch, it's tricky. With all of the focus on the Warden lately, it wouldn't surprise me at all if Blizzard decided to bury a few simple checks in the game code itself. Some clever engineering would make that virtually impossible to find, as nobody can disassemble the entire enormous game client. XOR a few values together to make disassemblers miss the pointer reference and you've got some very stealthy flag-setting happening in the guts of, say, an item trade. So we have to make sure that Glider won't get picked up by anything that simple, which means we can't do a lot of things, like putting code into the game directly or altering its data structures.

For us, staying ahead is really about the business decisions for Blizzard. What we do is figure out what's easy for them to detect, such as by changing a simple parameter in the Warden or adding a small bit of code. Then we make sure Glider is not detected as passively as possible, such as using regular Windows security to limit the game's access or randomizing process names. The trick here is that Blizzard has a finite amount of development and test resources, so we want to make it bad business to spend that much time altering their detection code to find Glider, since Glider's negative effect on the game is debatable. A number of people, including myself, are still playing WoW and have even activated second accounts solely because of the opportunity to use Glider to create a level 60 character of another class. When the Blizzard project managers sit down with the issues list, we want Glider to slip down the list behind other work.

The bottom line is that Blizzard can detect anything that's available to the public with enough effort, since they control the client. So rather than attack that strength, we attack the weakness and try to make it a bad idea or make their changes very risky, since they don't want to risk banning or crashing innocent customers.

As for GM's, it must be an interesting part of their jobs. Being a WoW GM seems like it would be one of the toughest jobs in the world, since they're effectively a level 1 help desk for gamers - and playing a game that they probably love. I imagine a GM has a little more fun when shadowing a suspected botter than simply helping someone get their lost Arcanite Bars back. I know I would. We don't see them as "the cops" or "the enemy" or anything like that. They're just guys doing their jobs.