Aion Launcher detects Bots !
<ScanRemoteProcesses>
Check the memory area of the game using a CRC checksum to detect any writes to memory if a memory write is detected then the account is instantly flagged. The CRC checksum is stored in the NCSoft launcher so to successfully memory write Aion you would need to update the client "aion.bin" and the NCSoft launcher at the same time either way its to risky don't use memory writing!
Check for loaded modules into the "aion.bin" this is checking for anything that has been injected into the client it CRC checks all known modules and flags for any unknown modules.
<ScanCurrentProcess>
Checks the names of every running process on the system it then recursively checks all parent and child window names for known strings most are Chinese there are also a few references to AionSz and to the damncheaters client. If this manages to spot anything it spawns a small window with the title "Bot Detected" and the message of the prompt is collected from the server.
My testing with a packet editor I was able to filter out the message to the server using a combination of wpepro and wireshark this is what i learnt from my testing:
<ScanRemoteProcesses> runs about every half hour I made a small application in vb.net to inject my location into the game it basically made the character walk around in circles using eight coordinates, I did this in an area with know one around and after a few minuets the game sent the packet that was stoped by my filter and then logged me out and displayed this message:
We are sorry but this account does not currenly have access to Aion. Your account has been suspended because you breached the Aion game service agreement or the company's operation policy. For more information about the account suspension, contact us by visiting the cusomer center on the plaync website (
) or by calling the customer center [1 (512) 498-4099].I closed this and tried to login and was able to so at this point I'm happy I know how to stop the flag packet the next test was injecting a module I had no idea how to do this so I had a friend make one for me that just changed the Aion window name to the time injection was successful and the account flag packet was sent again spawning the same message above.
The third test was testing the window name detection I made a vb.net application with the same process name as AionSz bot and left it open ... nothing happened so i tried some more playing around and after about an hour i discovered that the only way to spawn the process checker was to /AutoHuntReport myself after just one report the process started the flag packet was sent (and stopped) and a message box spawned from the client "Bot Detected" no message I had filtered that out.
I retried this test with a random process name and a window name it did not like and then again with a random process name and a child name it did not like and both times it was able to detect it, this means that the random naming system (where you choose what macro goblin is called at the start) is not a perfect way around the detection system.
I would suggest that any mod developers use randomly generated window names and put the title of there mod as a label below the window name as this is more secure for future updates!
Finally seen as my sister do sent play Aion any more I decided to see what the packet i had been blocking actually does to an account please note that I did none of my testing on this account its never had kinah or power levelling or botting and was a perfectly legit account. After sending the packet the account went from being logged in to logged out and this message is displayed.
My login screen: (Note name changed so you can see im not just downloading something from google images you can also see my Aion Goblin forum)
This was almost instant after sending the packet my friend helped me identify as the detection packet.
A side note to all the people who flamed the idea of NCSoft detecting paths, your arguments are the processing power needed the detect this and that the Aion bot leaves the path regularly. My counter argument is its really simple to detect your ignore mobs return routes and it would take very little processing to flag a user who hits 10 coordinates in succession plus the likelihood of this happening to a real player are so small its none existent. But then how do you gather these way points? simple you register an account on a forum like this and download them. Now I'm not saying don't share your way points but i am saying use them for an idea of where to bot and then make your own way points and return paths!
We are looking at one last module that uses an algorithm to check folders for files it does not actually work because the trigger requires an un used variable to be set to true (its un-used this will never happen) but looking into it encase this is something they fix in the future.
Basically and don't hold me to this yet as honestly the algorithm is huge and will take time to work out its looking in %WINDIR% and %ProgramFiles% (these are short paths windows replaces then with actual paths when used for example.
%WINDIR% = C:\Windows
%ProgramFiles% = C:\Program Files
For some files with Chinese names (reassuringly there are no English names in the list) then it starts a process that looks like it would flag the account and spawn a message box different to the "Bot Detected" one this is as far as I have got.
This is the english names checked by the <ScanCurrentProcess> module I haven't bothered with the Chinese ones because I don't believe they work with Aion EU/US:
autoCraft
AionKtz
AionSz
Aionmation
AionMono
MMOBro
Nyerkbot
AionGrind
Pete's AION Radar
NoFap
AngelBot
AionGather
AionBot
justBOTTinG
AutoAion
FarmBot
DamnCheaters
MMOGuider
MMO Guider
greetings Hank
