MMORPG Bot Reverse Engineering and Tracking 

Bonus video with the analysis of the collected data will come within the next 24h. TL;DR summary: If you are a Guild Wars 2 player, don't worry about bots like that. It's child's play. Don't request ArenaNet to waste any resources on it.

I just wanna say that I have watched several tutorials on reverse engineering binaries and I REALLY enjoyed your video because you not only showed what you did to find certain bits of information, but you explained your entire thought process AND you told us the things you did that didn't actually work. 99% of tutorials -- even the good ones -- often leave out explanations of the dead end roads they went down. And the reason that's so important is it helps people who are trying to learn reverse engineering the mindset/thought process they should have when approaching the subject. It's easy to mirror something you watch in a video and think you understand it only to try it on something else and quickly realize you don't really know where to begin or how to approach it. This is the first video I've come across of yours and I'm definitely checking out more after I write this, but I'm really hoping that you take this approach in all of your videos. If not, you should. This is super helpful and you're definitely onto something with this style of talking about a subject. Sorry for the long comment, but I just had to say this. Cheers!

The way that you talk through your way of thinking is so good. Makes it so easy to follow your thought process and your reasons for doing things.

3:31 Sending login credentials over HTTP? Oh boy...

I love these videos. As large a python application developer, getting to explore more about this very unknown world (at least, to me) is super interesting. Keep the videos coming!

Your videos are very informative. It's almost like you have to play detective to discover what you did. Of course, having the right tools under your tool belt also helps ;) Keep up the great videos!

Great video. i really enjoy you reverse engineering these types of MMO bots, i would love you try doing it for more bots as its also very educational :D

great documentation of your workflow. thanks

Your strings are wide which is why IDA didn't notice them. You just need to tell IDA to include wide strings in the strings window (right click and configure)

You showed me nothing I didn't already know, except how to put what I know to use! I appreciate the candor of narration as you work through the problem. That is one of the most important things for people to see, it's OK if you don't know precisely what they next thing you click on is going to do, that's how you learn. Great video, thank you.

Really cool video, I like how you went the extra step and tracked thos bot users for data

I don't even play GW2, yet this was utterly fascinating. You're a goddamn wizard.

Super interessting! And crazy how it was possible to extract such valueable and private information. I bet there's thousands of other companies doing something similar.

Very cool my friend, subscribed - wish there was more content like this!

You deserve so many more subscribers. Please keep this content going :D

Just found your channel. Seems to be educative and I believe I will learn a lot. Keep up the good work.

I would like to see more game related reverse engineering videos. Keep it up.

One of the best channels about reversing on youtube. Thanks for the video

do more bot videos on popular mmos, this is interesting stuff

How didn't I know about fiddler earlier? I love it and constantly mess around with it now! Danke dir

You're so awesome. I love your videos so much! So much to learn, and I really like the way you present the information.

Really interresting video.... I'm subscribing to see what's next :) And i will come back on your videos to see what else you have to teach. Thanks for the share, keep on the good work, keep giving us your taught process (mostly why i subscribed!) Good luck on RU-vid

Awesome video as always. Guild Wars 2 is a great game, as well.

Very good video about deep programming knowledge, without getting complex. It helped me!

Thanks for this amazing video, you never fail to deliver :D

Dein Video ist Gold wert, konnte dadurch echt viel lernen, danke^^

Super cool video, and absolutely hilarious that such a simple request gave you the bot user's account APIs. Talk about a botch job from the bot developer!

I don't think there is a single video of yours that hasn't had a #MindBlown moment for me. I know you think this is a bit mundane, but like all your work, yet again opening a whole world to my view. Thanks, keep up the great work!

Couple tips for Windows executable reverse engineering. 1) There are many programs you can use to check how an executable is compiled and packed, couple of my favorites are Detect it easy and peId. 2) You can use Process Hacker 2 to find strings in memory of an executable. Great video btw!

This is just... WOW. Dude you're awesome. Keep it up!

0_0 I don't know how I ended up here but I couldn't stop watching. This reminds me of how many different programs I find myself using from start to end with making game assets.

I learned a lot today, thank you for this video :)

I enjoyed this video! I will watch more of your videos :)

Super interesting. Thank you for this.

Ich habe keine Ahnung von GW2 und auch nicht vom Programmieren, aber es ist interessant und einigermaßen verständlich für mich. Dankeschön. =)

You've inspired me to get back in GW2 after almost a year of not playing it, thanks

This is some impressive work man!

WoW nice Love this video, thanks for showing me something new :D

Your a boss man! This made me happy to watch.

WoW, That is really amazing. It's inspiring.

Subbed! Awesome videos ;) GW2 reddit brought me here!

Excellent video! Best reverse engineering channel!

I love this video. Please make more videos like this xD

Thanks for the video, very interesting!

I legit spit my coffee out watching this at 7:30 in the morning when I saw you replay and edit the request to get the online users.

I love your channel so, so much

By the way, you can just load the memory dump into ida see the disassembly of whatever they tried to obfuscate/encrypt. Ida can also find strings in there, no need to do it manually.

This guy could get employed by Microsoft Apple Google and Amazon all by himself and save these companies trillions ... He is mind-blowing smart. I use computers since i'm a kid and have strong knowledge about pretty much every computer related stuff but in this video I quickly realised how much of a noob I was. This video made me humble so bad. I'm shocked. Wow.

Just awesomely crazy... Good job.

I love your videos, i just got into the security market and i'm learning from 0 your videos will surely help a lot i've always wanted to make bots for games for the sake of it but never did it. I would love if you could make a video about android apps pen testing

Thanks for the video! you big helped

Hello LiveOverflow, Like you I have analyse two bots from an other game, but in fidler the first bot use https and the second encrypted packet (TCP or UDP). My question is, how to decrypt these packets ? Thank you :)

I would have never thought to reverse engineer the bot program to get all the api calls to their server. that's awesome.

Very interesting. Good job

Nice, I'm always learning something ;) And I'm always a bit suprised to read german Text. Well, I already know you live in Germany, but your englisch is perfect. BTW: I'm German too

You should do more of these documentary's where you reverse engineer a program in the wild.

wow what a great content, subscribed

You could open the memdump (Yes it's a full memory dump) in IDA and let it automatically find/analyze the binary.

Okay.. I didn't like the video until you got the entire list of users.. and then geeked out graphing some data.. You earned my like.. Thumbs up clicked :P

Far, far above my level of knowledge and interest, however well explained and interesting to see what you discovered, even if I could not emulate this myself.

Man!!I wanna be able to do all this. You're a genius

That was so interesting and fun to watch! The thing is, if I had attempted to do this kind of research, I would have given up after the first 5 minutes, because I know nothing about the workflow and how to interpret findings and outputs of these various programs (even most of the shown programs I did not know). So can you give a short explanation of how you collected this mass of knowledge over time? Ps: Schland :D

I have no idea what is going on or where I am but I like this video, even though I understood none of it. I found it enjoying and your voice soothing. Keep making videos, 4am me is out & won't remember this comment :)

What is written at the end of the 2 sentences in python "raw = open ..." and "with open ..." ?

Very interesting. I used to make wallhacks for Soldier Front and aimbots for Gunbound when I was younger... much profits. These videos make me want to get back into it.

Is it possible for you to look into some of the EVE online mob grinding bots? I've run into a couple on my space travels and I'm curious if I can help stomp them out.

yeah good job explaining your approach, and what tools you used.

craaazy stuff ...i have no clue about programming but this is crazyy :)

As the bot requires validation to work, you can remove it by checking for strings related to the login page on IDA, the newr adresses will be the validation ones, then you just need to make it return true

BEST CHANNEL EVER IN THE HISTORY OF RU-vid AND HUMAN CIVILIZATION

Super awesome Sir.

I'm glad you waited for the service to shut down before doing this, a buddy of mine found this issue and showed me how to perform it ages ago. We always used to mess with those filthy cheaters. >:)

I'd love it if someone posted this video on the site where the bot was sold. I don't think they'd be all to happy with it if they found out it just spits your API keys out on request.

You earned a subscriber, don’t let me down

DUDE YOU ARE A FUCKING BOSS. I'm super inspired to try some of these tools. Thank you so much. Love your channel.

For string searching I like ProcessHacker 2 - double click on the process>Memory>[Strings...]>Set the settings>Optionally filter output.

Very awesome and inspiring

This is amazing !! Great!! Get more on mmorpg ;]

Alter, wie geil du einfach bist :D Verdienst auf JEDEN Fall mehr Abonnenten!

Im in college and watching every single video of yours so that i able to solve any ctf challenges thanks men: ∆

you are awsome , fan from Egypt :)

you are defo in the top 5 Comp Sci/Software Eng/Hacking channels.

This is amezing thank you so much for beautifull video

I can recommend ILSpy Smartscreen primarily checks code signing certificate of the program (see the Publisher) - not much of hashes and how many are using it. To avoid the smartscreen you must supply your app (with certificate) to Microsoft. Visual Studio should be able to open the memory dump, and also let you step thru it if you want. (I really hope this is available in the community version)

Great video

Could you explain that hexdump cleaning script, how it works?

how could you know if with deleting the username and password parameter will discover the entire API key?

Fun fact: You just gave pirates a head start in pirating the bot.

you are my favorite channel ☺

Nice video! Awesome reverse engineering...

your intro is awesome

If the memory contains non-obfuscated data you could have easily debugged using some tools like OllyDbg or even Cheat Engine (even if OllyDbg provides a list of strings really similar to the IDA one)

how do i edit and replay a XHR ?? i need it for uhhh.... something

it's hard to really stop injection from happening, when it comes to the mouse clicks you have to rely on the system flag to tell if the clicks are authentic, these need to come from certified drivers (although you can also just patch whatever checks for the flag on the client)

I have no idea whats going on and yet i am going to watch part 2

What mouse do you have?

How did you use the same url to load different pages? Ida version 5.0 and 7.0?

Awesome topic

This video is strangely motivational.

You can do something similar with savewizard, a ps4 save editor?