Can anyone tell me what the hell is going on?? I started playing tibia half year ago, and was botting half year without any ban, I was so happy that so many people complain about bans, and im still not banned to this time.Actually what happened is that today I was BANNED on 30 or more accounts. Accounts passwords and numbers were like this : number : blabla1,2,3,4,5...20 and passwrd was difficult word and also 1,2,3,4,5..20.
Thing that shocked me is that, I HAVE BEEN DELETED ON MAIN CHAR WHERE I HAVE NEVER BOTTING, WHERE I HAD 30 + PREMIUM SCROLLS.
What the hell is going on??????? Another shocking thing is that they banned brand newaccount with number for example blabla25, pass:tratra25, which had 2 days, didnt even started botting on that acc , didnt ever log in on that acc. So????? What the hell is going on??? How they are banning that my main account never botted got deleted , and another innocent account, where i have never logged in was deleted??

You took the risk of botting so stop cry now.
You wanted to bot so you get punishment.

Things which I would do on your position :

1) Stop cry
2) Give few days a break
3) Make new 20 accounts and start botting again
4) Leave home go meet friends
5) Make lvl , make cash and stop holding 30 premium scrolls even on non-botted account.

Good luck =)

They get the IP + graphic card every time you log on. You can see the information sent by using wireshark. Possibly more. If you want a safe main account you need 2 computers or a fast vitual one and the the virtual/second one via proxy. Or have main over a ping reducing gaming proxy. That way you are most likely to not lose main in a banwave against your IP as both have different IP + hardware. You may even bot kinda hardcore on main with low banchance if you have alert on player detected.

They get the IP + graphic card every time you log on. You can see the information sent by using wireshark. Possibly more. If you want a safe main account you need 2 computers or a fast vitual one and the the virtual/second one via proxy. Or have main over a ping reducing gaming proxy. That way you are most likely to not lose main in a banwave against your IP as both have different IP + hardware. You may even bot kinda hardcore on main with low banchance if you have alert on player detected.

If i use VPN, will i avoid ban from main acc?

They get the IP + graphic card every time you log on. You can see the information sent by using wireshark. Possibly more. If you want a safe main account you need 2 computers or a fast vitual one and the the virtual/second one via proxy. Or have main over a ping reducing gaming proxy. That way you are most likely to not lose main in a banwave against your IP as both have different IP + hardware. You may even bot kinda hardcore on main with low banchance if you have alert on player detected.


Data is encrypted, you can't see it being sent.

Data is encrypted, you can't see it being sent.
Do you know if the tibia client sends suspicious data to the tibia servers? Things like us modifying the client or information about our system? I don't know how their anti cheat works but my guess would be that they check for weird behaviour but I don't know if this is done server side or client side.

They get the IP + graphic card every time you log on.

They been sending non-unique system information (ie: no unique IDs), including your CPU & GPU related information such as basic model strings, in the RSA encrypted login packet ever since version 8.42 released in April 2009. The unencrypted GPU string added in 10.61 is merely a more detailed model string containing the full vendor and model names along with the supported OpenGL version, and just like the previous system information doesn't include any unique IDs and thus does't actually provide any more possibilities for detection than what was already possible with the data already gather since 8.42. Without any unique identifiers all they can do is create a system profile which at best only indicates the possibility of multi-clienting or ownership of multiple accounts but isn't absolute proof of either which is where they would have to look at other account data for more evidence.

Perhaps it's time though for a feature in bots and MCs to spoof this system information to a random or a specified configuration, if nothing else it would get rid of one point of possible evidence against you.

Perhaps it's time though for a feature in bots and MCs to spoof this system information to a random or a specified configuration, if nothing else it would get rid of one point of possible evidence against you.

Would be nice indeed :)

if such a thing is possible/easy to implement

if such a thing is possible/easy to implement

It is especially for someone like DarkstaR, it's really just a matter of figuring out exactly what data is sent and ensuring the spoofed data is correctly formatted with how the client would send it, particularly the CPU and GPU model strings. The big question is whether it's actually worth the effort to implement as we have really have no idea how or even if CIP are using the data with regards to detection as it certainly wasn't its initial purpose considering the kind of data being collected, I do think it is definitely worth considering as at the very least it will somewhat reduce your risks but of course by no means would it mean you are safe.

If I recall correctly, mc is legal

If I recall correctly, mc is legal

yea it is, But as soon as they see u get exp on 2 characters at the same time its not legal anymore

yea it is, But as soon as they see u get exp on 2 characters at the same time its not legal anymore
Yes it is. If I open up flash client + normal client and I xp both chars it's still legal as long as I don't use a bot.

Yes it is. If I open up flash client + normal client and I xp both chars it's still legal as long as I don't use a bot.

Tell me how thats possible. Its pretty impossible to play on client + flash without using a bot if u dont hunt rats ofc

Well ofc u can sit tabbing but i doubt cipsoft would take that as a real thing. since its pretty annoying to do

Tell me how thats possible. Its pretty impossible to play on client + flash without using a bot if u dont hunt rats ofc

Well ofc u can sit tabbing but i doubt cipsoft would take that as a real thing. since its pretty annoying to do
I could probably hunt on 2 chars at the same time, like rots on 1 char and cycs on the other for example.
1 client on each screen.

I could probably hunt on 2 chars at the same time, like rots on 1 char and cycs on the other for example.
1 client on each screen.

and then you would be the under lvl 40 allstar team

You can multibox tibia without a bot, but it's still just as illegal because of the macros.

After i got banned on 30 accs+ , two days ago, i created 12 accs, with 20 characters to this time. Every account had random passwords ( not 1,2,3,4,5 system).
I was changing outfit with every char manually to avoid ban. Every account had 0 reports im 100% sure. I was playing on other adress ip than before. What actually happened is...... after 2 fuckin hard work days , 10 accs got banned. Acc nr 1 and nr 11 stayed, rest deleted.

After i got banned on 30 accs+ , two days ago, i created 12 accs, with 20 characters to this time. Every account had random passwords ( not 1,2,3,4,5 system).
I was changing outfit with every char manually to avoid ban. Every account had 0 reports im 100% sure. I was playing on other adress ip than before. What actually happened is...... after 2 fuckin hard work days , 10 accs got banned. Acc nr 1 and nr 11 stayed, rest deleted.
skurwysyn could you provide a little more information, like.... did you use a different email for all of them? how different were the account names? did you create all the accounts in the same timeframe (within a range of 3 hours for example)?

I will just post one single thing, nothing else.

If you bot, you WILL be banned, no matter what, someday you will get caught.

They been sending non-unique system information (ie: no unique IDs), including your CPU & GPU related information such as basic model strings, in the RSA encrypted login packet ever since version 8.42 released in April 2009. The unencrypted GPU string added in 10.61 is merely a more detailed model string containing the full vendor and model names along with the supported OpenGL version, and just like the previous system information doesn't include any unique IDs and thus does't actually provide any more possibilities for detection than what was already possible with the data already gather since 8.42. Without any unique identifiers all they can do is create a system profile which at best only indicates the possibility of multi-clienting or ownership of multiple accounts but isn't absolute proof of either which is where they would have to look at other account data for more evidence.

Perhaps it's time though for a feature in bots and MCs to spoof this system information to a random or a specified configuration, if nothing else it would get rid of one point of possible evidence against you.

Thanks, did not know that. All i remember is seeing a post where someone pointed out his wireshark findings where the login pack sent had increased by 25% etc. Cant find it anymore

Maybe they are mass banning lately to free up space for more server mergers. Getting rid of so many servers must save a shitload of money, and if they get on steam a game full of botters dont seem appealing for new ones.

I will just post one single thing, nothing else.

If you bot, you WILL be banned, no matter what, someday you will get caught.

Craban, is this you o.0

skurwysyn could you provide a little more information, like.... did you use a different email for all of them? how different were the account names? did you create all the accounts in the same timeframe (within a range of 3 hours for example)?

Yes, my password and acc number were 100% different, i will give u example. acc numb : kronoss000 / pass : 921543zy, passwords and acc numbers, were not close to eachother. Emails were also 100% different . I created 3 emails on deautchalnd mail, 3 on usa mail, 3 on poland, and 3 on new zeland. Every email of each country was other( 3 different services). All accounts created within 5 hours. But i think cip dont look at creation date. From my point of view, they have written somewhere how many accounts are running from same adres ip. If its more than 3 they check and ban accounts. Thats only what i think.

Craban, is this you o.0


ahahahahaha

They been sending non-unique system information (ie: no unique IDs), including your CPU & GPU related information such as basic model strings, in the RSA encrypted login packet ever since version 8.42 released in April 2009. The unencrypted GPU string added in 10.61 is merely a more detailed model string containing the full vendor and model names along with the supported OpenGL version, and just like the previous system information doesn't include any unique IDs and thus does't actually provide any more possibilities for detection than what was already possible with the data already gather since 8.42. Without any unique identifiers all they can do is create a system profile which at best only indicates the possibility of multi-clienting or ownership of multiple accounts but isn't absolute proof of either which is where they would have to look at other account data for more evidence.

Perhaps it's time though for a feature in bots and MCs to spoof this system information to a random or a specified configuration, if nothing else it would get rid of one point of possible evidence against you.


In a recent update, they also began sending peak FPS and average FPS information to the server. This can be used for detecting FPS limiters, but I think it's just so they can get a performance metric on how terrible their client is.

As for spoofing configuration, I was considering it the other day. All possible strings are stored in clear-text in the binary, and can be easily extracted from each binary and sent at random. My worry there, though, is that sending so many different configurations to the server would be indicative of such a system. Moreover, the spoofer may have to make sure the data makes sense; What, for example if I say it's a PCIE3 card but a processor who socket is ancient, and not on any boards past PCIE1? Or can we assume Cip wouldn't try to detect this either?

If they also send FPS they can be almost absolute sure it is MC botting when it is on a large scale. They have IP, hardware, and they see that the avarge and peak FPS drop drasticly when more and more logon on that IP/hardware. Is it possible to tunnel each tibia client through a proxy so all got different IP?

In a recent update, they also began sending peak FPS and average FPS information to the server. This can be used for detecting FPS limiters, but I think it's just so they can get a performance metric on how terrible their client is.

Yeah I noticed your post about it on TP, I agree probably just performance metric which would be useful to have to help the development of a new client which they have said to be working on.



As for spoofing configuration, I was considering it the other day. All possible strings are stored in clear-text in the binary, and can be easily extracted from each binary and sent at random. My worry there, though, is that sending so many different configurations to the server would be indicative of such a system. Moreover, the spoofer may have to make sure the data makes sense; What, for example if I say it's a PCIE3 card but a processor who socket is ancient, and not on any boards past PCIE1? Or can we assume Cip wouldn't try to detect this either?

I didn't think of that worry about using many different configurations, probably because they would have to account for usage of proxy servers and multiple people legitimately playing from the same private network. So I'm not sure how likely it is they would look for that, at the very least you would definitely want to have an account stick to using just a single configuration. And yeah I would personally make sure the data makes sense with the chosen CPU & GPU models but I am a stickler for perfection with my own programming, I kinda doubt CIP would think to detect like this but you never know.

I didn't think of that worry about using many different configurations, probably because they would have to account for usage of proxy servers and multiple people legitimately playing from the same private network.

My worry is not so much about so many configurations from the same network, but rather so many configurations tied to one account.