Poker-AI.org

Poker AI and Botting Discussion Forum
It is currently Mon Nov 13, 2023 6:48 pm

All times are UTC




Post new topic Reply to topic  [ 31 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: ipoker html5 apps
PostPosted: Mon Apr 29, 2013 8:53 pm 
Offline
Site Admin
User avatar

Joined: Thu Feb 28, 2013 5:24 pm
Posts: 230
I don't think you can catch CC scammers with hardware IDs. Having said that, there shouldn't be a difference between native apps or web apps in detecting those.

However, this forum is for poker AI and for bots so if we are talking about security, we are usually talking about security against bots so eugen's post is a valid question. I don't think many people have looked into that yet as it's a pretty new thing. Maybe somebody else has some good ideas.

_________________
Cheers.


Top
 Profile  
 
 Post subject: Re: ipoker html5 apps
PostPosted: Mon Apr 29, 2013 11:56 pm 
Offline
Regular Member

Joined: Thu Mar 07, 2013 2:44 pm
Posts: 72
long session without misclick. This is not a 100% guarantee that you're a bot, but they do not need 100% to ban you.


Top
 Profile  
 
 Post subject: Re: ipoker html5 apps
PostPosted: Tue Apr 30, 2013 12:13 am 
Offline
Site Admin
User avatar

Joined: Thu Feb 28, 2013 5:24 pm
Posts: 230
I don't think they can record mouse clicks itself, or did you mean accidentally folding a strong hand e.g.?
That would fall in the category of playing behavior: Schedule, session length, reaction times, playing patterns, etc. Those they still have and always will have access to completely independent of the client interface.

But like I said, since iPoker isn't really doing anything on terms of hardware detection and such (since that would be the skins responsibility), I think HTML5 isn't really that much different security-wise on there.

Now if PokerStars offered it, that would be a different story.

_________________
Cheers.


Top
 Profile  
 
 Post subject: Re: ipoker html5 apps
PostPosted: Tue Apr 30, 2013 7:51 am 
Offline
Veteran Member

Joined: Thu Feb 28, 2013 2:39 am
Posts: 437
They can record click locations:
http://stackoverflow.com/questions/6154 ... k-location

They can detect things like click up/down times:
http://www.quirksmode.org/dom/events/click.html

Although, like c4tw said, it's unlikely they'll start worrying about that stuff now. And, if they did, I'd guess it would be easy to spoof. I'd be more concerned about them looking at other info (IP, OS, Browser, strategy, game play hours, etc.) or just the speed at which you're sending information to their servers. If you play super-human, or super consistent, then that might get you some complaints.


Top
 Profile  
 
 Post subject: Re: ipoker html5 apps
PostPosted: Tue Apr 30, 2013 8:10 am 
Offline
Junior Member

Joined: Mon Mar 25, 2013 8:14 pm
Posts: 45
As I said earlier, there's nothing you can't easily spoof, including "recording" of click locations and up/down times, you have full control of the information that is sent back to the server.

You can run a headless browser (meaning there's no browser open in the traditional sense) and endpoint server would never know...


Top
 Profile  
 
 Post subject: Re: ipoker html5 apps
PostPosted: Tue Apr 30, 2013 12:48 pm 
Offline
Regular Member

Joined: Thu Mar 07, 2013 2:44 pm
Posts: 72
Coffee4tw wrote:
accidentally folding a strong hand e.g.?

yeah. However, if the investigation begins only with the complaints of players, than you can complain about the players. Ipoker cease to take them seriously, if you will be sending hundreds of emails a day.


Top
 Profile  
 
 Post subject: Re: ipoker html5 apps
PostPosted: Wed May 01, 2013 12:52 am 
Offline
Site Admin
User avatar

Joined: Thu Feb 28, 2013 5:24 pm
Posts: 230
flop+2cards wrote:
yeah. However, if the investigation begins only with the complaints of players, than you can complain about the players. Ipoker cease to take them seriously, if you will be sending hundreds of emails a day.

This is one of the most ridiculous ideas for "counter measures" that I've ever heard.

_________________
Cheers.


Top
 Profile  
 
 Post subject: Re: ipoker html5 apps
PostPosted: Tue May 07, 2013 8:29 pm 
Offline
New Member
User avatar

Joined: Tue May 07, 2013 8:22 pm
Posts: 1
Coffee4tw wrote:
Now if PokerStars offered it, that would be a different story.


gods that would be a good day hahah


Top
 Profile  
 
 Post subject: Re: ipoker html5 apps
PostPosted: Tue Aug 06, 2013 11:23 pm 
Offline
New Member

Joined: Tue Aug 06, 2013 10:39 pm
Posts: 7
Is this the client that's primarily Java based? I recently took a look at this myself if so. (The one where it says play in browser on their site)

If so, yes, they can detect extremely easily. If they had any sense they would also detect mouse movements.
It's also extremely easy to detect whether or not it was opened in a browser or not. (Just crossmatch your IP or w/e loads of ways)

Both are still extremely easy for us to spoof if we are doing a Java based bot interface. Infact we can even move the mouse inside the Java client (not moving our actual mouse). Simulate the entire mouse movement (based on human-like splines and randomness). + Random timings/locations on the click.

I have really been wanting to try to get this running on my PC. I have had great trouble though because I don't understand alot about how these applets and the javascript etc. interact. If anyone AT ALL manages to get it running on your PC (by running I mean literally loading, I don't care about whether it will login or whether it will connect etc. it's quite likely it would need some small alterations inside the client).

I personally think it would be really nice to get it running from your own PC, get this fully deobfuscated, decompiled & recompileable. I took a look at this client a little already and it's pretty straightforward ZKM obfuscation. Just string encryption, BS variable renaming and some stuff done to the flow etc. I managed to actually get a pretty decent decompile, with pretty much most of the flow sorted. Ofc the decompile was ugly as fuck and barely understandable, but I'm pretty sure I coulda got it to recompile with some tweaking. If someone can get this client running, I could start work on a fully deobfuscated renamed client. I think it'd be super super interesting for a bot.

Ofc vs this method they will slam in detection mechanisms that will be either A) hard to spoof OR B) hard to find/realise they're doing. That's fine though I know many ways to get around dumb checks like checksums & method access levels.

Infact I would only use deobfuscation & renamed client for research. I'd most definitely use a completely hidden method where the client remains absolutely untouched and is actually loaded in the end from their site. - Let's not talk about this so publicly though.

This method would just be so insane though, having direct access to any input/output methods you want. No errors, no time wasted, no moving of your own mouse etc. Lot's and lot's of benefits. (+ benefits of knowing who you're playing at anon table etc.)

Actually I'd love to talk about this in depth but this is way too public. I think I posted plenty too much already. Any ideas how to get into the restricted areas?


Top
 Profile  
 
 Post subject: Re: ipoker html5 apps
PostPosted: Wed Aug 07, 2013 5:28 pm 
Offline
New Member

Joined: Tue Aug 06, 2013 10:39 pm
Posts: 7
Ignore my post I read it as partypoker not ipoker my bad. Ill make a thred for partypoker


Top
 Profile  
 
 Post subject: Re: ipoker html5 apps
PostPosted: Wed Sep 04, 2013 7:56 am 
Offline
Regular Member

Joined: Thu Mar 07, 2013 2:44 pm
Posts: 72
mpoker.winner. com


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 31 posts ]  Go to page Previous  1, 2

All times are UTC


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Group