I just want to take a minute to warn my readers about Gatherbuddy.
Based on the last build i saw, Gatherbuddy injects a DLL for various reasons. Now, you’re thinking “Oh but Mr Kynox! They have anti-wardens and will tell us when there is an update!”.
Gatherbuddy can be detected without a module update, meaning their “tripwire” (which i question even exists) is completely useless. Warden only needs a tiny bit of information added into the already existing scans (via a packet) and thus setting off no alarms.
Until Gatherbuddy drop the dll, you’re even more detectable than Mimic was, before it even started to protect itself.
Filed under: General | Tagged: gatherbuddy, Warden
Thanks for the warning
I appreciate you looking into this. I have stopped using GB as you have been a good indicator of when a ban is coming. Their next update still has the .dll injection and I won’t be going near it until they drop that dependency. Hopefully you’ll be keeping an eye on the updates.
Hey cant crack Mimic anymore or why did you move on?
Because the userbase has dwindled substantially. They took the warnings and are finally building some form of anti-detection. It’s bad.. but it’s a start.
.dll injection removed on the latest beta which is probably a good start.
clicktomove, lua_dostring and interact offsets still around though…
Without the DLL, the bot is immediately a lot less detectable. If it’s just a passive app now, you will be fine until the WardenDev gets bored
Thanks for the heads up on this. I have been using this a lot recently and would rather not have my main account hit. I will stop for now.
Never Bot on Main
“Because the userbase as dwindled substantiall”
Dont believe you still see many users in some Mimic forums.
I allways thougth you was Bored??
No fun anymore?
I bet you cant crack it atm..
proof me wrong
Why would i want to prove you wrong? I don’t give a shit what you think.
So you dont cant crack it ATM?
Much hot Air I guess then.
So since the dll is removed now do you think gatherbuddy is safe until a new warden update?
Arni: Crawl back under the rock you came from. Come back when you have soemthing constructive to add to this matter.
Kynox: Can you cleare something for me?
Do GB have tripwire or does it not? , it seems like a simpel question and I know it is not that simpel to just tell. But you are a skillfull reverser , what do you have to say on the matter?
Thank’s in advance.
Do0z
Before answering, allow me to thank Kynox for the post and the suggestion. If you want a free GB account to carry on monitoring it, please let me know.
Now to answer: Gatherbuddy does NOT have a tripwire. As far as I know this is true of all public bots but in any case, do not bot on an account you’d cry over
I will never use Mimic again. I really do like Gatherbuddy. Thus far it is pretty good.
To those asking, yes. Gatherbuddy is safe unless the WardenDev decides to step it up a notch.
Gatherbuddy is now what is called a Semi-Passive bot. It’s not running inside of WoW, but reading from an external process. There are your occasional codecave injections (from what i gather for DoString, etc) but as long as these are freed accordingly, it should be fine.
To detect Gatherbuddy, Warden will need a new scan or the WoW dev team will need to implement stack traces like has already been suggested.
Hawker: Thank you.
Kynox: Quote’To detect Gatherbuddy, Warden will need a new scan or the WoW dev team will need to implement stack traces like has already been suggested.’
If they did this , than not only GB would be having a hard time. This would frame every public bot hardly.
It would indeed smash the majority of the public bots. It’s puzzling why they haven’t done it thus far.
can you crack mimic or your you cannot?
Can you crack Gatherbuddy or your you cannot?
can you crack Priox or your you cannot?
can you crack gnometools or your you cannot?
SAY the truth PLZ Or shut up FINALLY!!!
and you are ? rimsay
I am rasse8472@googlemail.com
what do you think Bossland? Hey cant crack some bot, he goes after a userbase of 500 how comical is that?
Mimic has still more Users as 500 so the explanation why he does not look after mimic is a joke…..
Your stupidity is astounding. Why would i crack any bot? We never cracked any bot at all.
Furthermore, the bots (other than mimic) haven’t done anything wrong, so kindly fuck off.
Sorry to ask from, but I do not know the answer to it.
Is the Warden does not work on Mackintosh?
Honestly, i haven’t investigated Macs. I don’t see any reason why it wouldn’t work, though.
YES kynox say THE truth FINALLY! U cannot CRACK the MIMIC right? LOL noob SHUT UP.
How do these morons even find blogs like this? oO
omg u are all idiots why he should crack mimic,we can be happy that he gives us helpeful information about warden and the bots.i want to see you monitoring warden @sku
sky:
http://en.wikipedia.org/wiki/Sarcasm
http://en.wikipedia.org/wiki/Troll_(Internet)
This is to all the morons who ask about cracked bots!
Stick you’re heads into the ground and be silent or earn some cash and go buy you’re self a license. Stop comming into these blogs and place’s on the internet where the skilled people have serious discussions, and start asking for crakced appliactions.. srsly .. wtf!?!?
I hope you people get cought by a nasty trojan by downloading a “crakced” bot.
And loose youre credit card# + youre wow accounts. And get finanically raped both in real life cash situation and digitally withing WoW. You morons deserve it.
Wow, some of you guys need to fuck off and learn English.
Although, I must point out one little thing… what the fuck is with the pathetic reverse psychology here? It’s amazingly dull.
I must admit though, the LemonParty bot is pretty good these days.
This is actually entertaining to read
kynox can you explain us how is it about windows guest account is there a security if the bot just reads memory
Let me put it in an analogy.
It’s like putting windscreen wipers on a super sonic aircraft.
Perhaps you can answer this, perhaps not, but i’ll ask either way- Who originally wrote Warden, and are you sure there’s a new Warden dev or might he have just gotten lazy?
For clarification- by ’sure’, I mean saw a job posting for the position or something.
I have no idea. I based my theory of a new developer being on the scene on the obvious lack of detections.
When Glider was being detected, the methods of detection were rather advanced. Lately, it’s been terrible; pushing a broken scan onto the PTR and then onto live on patch day, so it wouldn’t detect anything anyway.
I guess only time shall tell.
Got another question for you, i’m also putting it on Cypher’s last post as well- How is WoWInfinity? Has it ever been detected? Can Warden detect it? If not, is that because of whoever wrote it, or just because of the Warden developer?
@ Erad
The gaiz who r program WuwInfity ar progrm Warden aswel!
LALNUB!
I guess you’re just too retarded to prevent your thoughts from escaping onto the internet. Let me clarify for you: By ‘because of the Warden developer’, I mean ‘because the Warden developer is too lazy, or is not capable of detecting it’.
wowgremlin avail for downloand………?
I was wondering, can you pls make a new glider Kynox? It would mean so much to the community and me and mercury and everyone and it would be cool
I can donate up to $15 to paypal, email me or talk here pls
Let me just… hahahahahaha
gb ist detected now
I’m doubtful of that. There has been no Warden update. The only explanation would be server-side detection.
I think Blizzard has detection methods they just arent banning as often atm unless people are reported and doing something so dumb they deserve it . Blizz doesnt always ban the day your detected sometimes they delay bans. Sometimes its better to study a problem and see how far spread it is and find a way to combat the problem via patch / game change. Blizz is aware of the problem but i don’t belive they feel it’s the right time to take action just yet. My guess is the end of august early september more people will be banned. Just a guess but when it happens feel free to ask me how i know
.
Also keep in mind that Blizzard has proved in the past that they like doing massive banwaves because a press release stating “In keeping with Blizzard’s aggressive stance against cheating in World of Warcraft, we banned over 30,000 accounts in the month of May, and with that removed well over 30 million gold from the economy across all realms.” is a lot more impressive than “We’ve been banning 1800 accounts per week for four months.”
What about Pirox? Is it considered “safe unless the WardenDev decides to step it up a notch.” because it doesn’t inject?
Hey I’m thinking about getting GB what’s the latest word on detection? And does it work good for mining??
since were on the topic of detection you can take a look at the “warden gremlin” and see that gremlin isnt safe
http://www.sendspace.com/file/jofrsf
Gremlin has implemented a supposedly more sophisticated software that helps to connect the bot’s DLL in WOW discreetly,
this is done by changing the module in KERNER32.DLL’s IAT table – NtQUeryVirtualMemory.
NtQueryVirtualMemory’s content is modified so that the data will go through their own database function entrance,
this can also be done through searching the API of VirtualQueryEx, which is accessible in the function where you can
transfer NtQUeryVirtual’s virus signatures.
In fact, this is a very unsophiscated method to be prevented from being detected,
as it is very easy to detect Gremlin’s bot’s code.
The file we had just released – WardenGremlin, its function is to like an anti-virus engine that automatically extract
computer’s virus signatures (where the antivirus engine is WardenGremlin here and Gremlin as the virus signatures).
So yes, its as vulnerable as any bot, not as secured as they say, the DLL all exposed for wardens to see, and not to mention
their bugs too
Actually, it’s not unsophisticated and infact works fine. It’s the same thing Mimic did to ward off Warden, except they have done it properly.
Refer to http://www.cypherjb.com/blog/2009/07/23/wardenmimic-v20090723a/#comments for a more detailed response.
i’ve been using gatherbuddy since it came and i havent been banned or detected once. i usualy use it about 14 hours a day
And here’s the Banwave