Tree of Savior Forum

[Suggestion] Healthy Anti-Bot System Idea

Gameplay Feedback General Feedback
#1

Introduction

Okay so, we want to keep some rodents away from our cheese. But we also don’t want to spray rat poison on our cheese so we can’t eat it later.

Here are some of the alternatives already presented by the community before:

  • Manually banning bots through player reports (this is already implemented in the game but it doesn’t really solve the problem entirely)
  • Having GMs or moderators in fields and dungeons, banning bots manually (impractical for many reasons)
  • Making decoys or baits for bots (invisible monsters, fake targets, etc).
  • More restriction on trading, auction house, etc or just completely removing them (hurts gameplay for non-botters).
  • Removing or restricting game features related to farming (adding diminishing return to same monster kills, removing rare expensive items from lower level monsters, etc)
  • Adding captcha systems (captchas can already be broken through by most “smart” bots, or there can be a human operator just inserting captcha answers for his bots 24/7)
  • Making grinding more challenging so bots can’t abuse it (addition of strong elite mobs or something like that)

Now, I’m not going to argue on the pros and cons of each of them. But I’m going to say I feel none of them completely solves the bot problem without having at least a drastic consequence.

Therefore, I’m now going to offer my solution (and personal opinion) towards this rodent issue.

Organic Behaviour Detection

The idea to dicern bots from humans is to tell how organic or methodic their actions are. The real idea here is to detect patterns and be able to tell if they are constantly repeating themselves (so the user is most likely a bot) or not.

For example, the most simple and obvious pattern to be detected by the system could be the time delays between input of the keyboard auto-attack key (Z key). A very obvious bot could send the information of the key being pressed every exact 500 miliseconds, while a player would never be able to press the key that methodically in very precise intervals of time.

Other idea of patterns could include:

  • Mouse movement (bots tend to move the mouse in very constant speed and perfect straight lines, which is impossible for humans to do)
  • Mouse clicks (for example, when attacking a monster using the mouse, a bot will likely always click on the dead center of the monster so it always target correctly. This is very unlikely for players to do)
  • Walking in perfect straight lines (bots will very likely to walk in straight lines, which is the shortest path, when chasing monsters or moving from one area to another, most pathfinding algorithms can be really easy to detect due to that behaviour)
  • Time between other key inputs (If you look at the priest bots for example, you can tell they always rebuff their blessing/sacrament exactly at the moment it wears off. Methodically doing that in the exact moment the buff wears off is a typical bot behaviour)
  • And many other patterns to be thought by the devs

Now, I’m not taking this idea off the bat. This idea is actually from Google’s reCAPTCHA anti-bot system for website bot crawlers. If you are interested in this sort of thing, I’d suggest this awesome article as a read on how they think the system works (of course how it really works is hidden from public so they don’t try to abuse it):

Getting more technical

Every optimization programmer knows numbers generated by a machine can’t be completely random at all. Given enough iterations the numbers tend to repeat themselves and thus you are given your patterns to be used in the bot detection.

Detecting a key input every 500ms is trivial, but if the bot programmer changes his bot to input the key every 200 to 700ms randomly, the anti-bot system will have to detect the pattern behind the number generation to be able to catch it.

Client x Server Verifications

Now, I’m honestly not an encryption expert myself, but I’m guessing any sort of client-sided bot verification would be of bad practice. If we were to detect mouse movement into our bot-verification system (and those are usually only client-sided), this could lead to some future reverse-engineering of the system and abuse of it.

Mouse clicks and keyboard input, however, send packets to the server which can be verified server-side (thus hidden from the users) for the anti-bot system. I would say server verifications are the most obvious choices, but, there’s a little problem that makes our life difficult: Lag. It can mess up your patterns and make the whole thing very complicated.

Of course you can (and probably will) establish your patterns based off the signature time the packets were sent. But those can always be maliciously changed (although if the anti-bot system code is hidden from the public the abusers won’t really know how to change it to get around the system).

Conclusion

I don’t want to make this topic much bigger than what it is because it makes people lazy to read. But the whole idea here is to add an anti-bot system that will solve the bot issue (at least until people figure out how to reverse engineering it) and won’t hurt gameplay for normal players (popping up captchas in middle of battle or something like that).

I also didn’t mention but a system like this can also be used to prevent gold spammers in town since many of those are also bots.

If you like this idea give the topic a like or write something to bump it for me :smile: (since its not very nice to bump it myself).

1 Like
Thanks me later IMC, here is how you can remove bots from this game
How to solve bot issue
#2

Go away, we aren’t friends anymore.

#3

That wasnt really my suggestion though. I was just presenting suggestions already posted before.