Sign in to follow this  
Followers 0
trDna

[Mini Tut] How to write your own bot

30 posts in this topic

This is intended to be a [u]short summary[/u] on how people create their own bots ([u][b]not[/b][/u] scripts). It may not be the best tutorial, but I hope to give people an idea of how to make them.
[b]Note: If you wish to use ASM, then feel free to look at my repo.[/b]
http://www.powerbot.org/community/topic/812449-asm-experimentationsamples-repository/

[b][u]Requirements[/u][/b][list]
[*]Knowledge of basic Java
[*]An IDE of your choice.
[*]Basic knowledge of BCEL or ASM (will provide links below).
[*]Common sense
[*]Knowing how to use Google
[*]Patience
[*]The ability to cope with legal issues if you plan to hack Jagex's RS client.
[/list]
[b][u]Tips[/u][/b][list=1]
[*]First off, I do not recommend hacking into the official RS client.
[*]If you plan to create the bot quickly, then I suggest you hack into an RS private server client. They usually have most things de-obfuscated and therefore, it's easier to grab the data you will need.
[*]Only grab the data that you will need for your scripts for your bot.
[/list]
[b][u]Steps[/u][/b]
Go through all of these links. It will teach you how to start to make a bot from scratch using BCEL (can't find any detailed ASM tutorials).
Make sure that you download the external JARs for BCEL and ASM and add it as external JARs for your bot project folder.

Credits: [u]Freddy[/u] of [u]rs-hacking.com[/u]

You will need to make an account there to view these links. I'm going to post his tutorial threads in order.[list=1]
[*][url="http://rs-hacking.com/showthread.php?tid=57"][BCEL] Building your first updater[/url]

[*][url="http://rs-hacking.com/showthread.php?tid=65"][BCEL] The abstract transform[/url]

[*][url="http://rs-hacking.com/showthread.php?tid=88"][BCEL] Injecting accessor methods[/url]

[*][url="http://rs-hacking.com/showthread.php?tid=89"][BCEL] Dumping the jar[/url]

[*][url="http://rs-hacking.com/showthread.php?tid=114"][BCEL] Interface mapping[/url]
[/list]
Alternatively, you can also go to rs-hacking.com, login to their site, and go Reflection/Injection -> Tutorials & FAQ

I'll be explaining how to continue this in BCEL.
Here is a sample injector that I've found using Google.
I could of just posted my own, but I'm trying to prove that Google can be your best friend.

Credits to Echo_ at villavu.com (Simba's community):
[CODE]
import org.apache.*;
import org.apache.bcel.*;
import org.apache.bcel.classfile.*;
import org.apache.bcel.generic.*;
import org.apache.bcel.util.*;
import org.apache.bcel.verifier.*;
import org.apache.bcel.verifier.exc.*;
import org.apache.bcel.verifier.statics.*;
import org.apache.bcel.verifier.structurals.*;
import java.io.IOException;
/**
*
* BCEL Injector
*
* @author: Echo_
*
*/
public class Injector {
private ClassGen cGen;
public Injector() {
loadClass();
modify();
dumpClass();
}
private void loadClass() {
try {
cGen = new ClassGen(new ClassParser("vs.class").parse());
} catch (ClassFormatException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
private void modify() {
cGen.addInterface("Animable");
for(Method m : cGen.getMethods()) {
if(m.getName().equals("p")) {
System.out.println("Method p found!");
break;
}
}
InstructionList methodIList = new InstructionList();
ConstantPoolGen theCPool = cGen.getConstantPool();
MethodGen pixelXMethod = new MethodGen(Constants.ACC_PUBLIC,Type.INT,Type.NO_AR GS,new String[]{},"pixelX",cGen.getClassName(),methodIList,theCPool);
InstructionFactory iFactory = new InstructionFactory(cGen,theCPool);
Instruction pushThis = new ALOAD(0);
Instruction pixelXField = iFactory.createFieldAccess(cGen.getClassName(),"p",Type.INT,Constants.GETSTATIC);
Instruction returnPixelX = InstructionFactory.createReturn(Type.INT);
methodIList.append(pushThis);
methodIList.append(pixelXField);
methodIList.append(returnPixelX);
pixelXMethod.setMaxStack();
pixelXMethod.setMaxLocals();
cGen.addMethod(pixelXMethod.getMethod());
}
public void dumpClass() {
try {
cGen.getJavaClass().dump("vs.class");
} catch (IOException ex) {
ex.printStackTrace();
}
}
public static void main(String[] args) {
new Injector();
}
}
[/CODE]
He does go more in detail in his post here: [url="http://villavu.com/forum/archive/index.php/t-62265.html"]http://villavu.com/f...hp/t-62265.html[/url]

If you look at that, he explains that he uses a decompiler so that way, you can see the code of the .class file that you want to hack. I recommend using the JAD decompiler in order to see a .class file's variables and code (Google it).

The next part is pretty much the end of my mini-tutorial.

Most people usually have trouble of getting their information from their accessor methods, (which is the interfaces that you make to get your data).
Below is an example of how one may get their data, and is just an example using random Java files that I've made.

[b][u]Example of getting the data from accessor methods (Done completely by myself)[/u][/b]
Lets say that there is a program that you want to hack to get "theSecretString" 's value. I've commented each file out to help understand what's happening.
If you look below, notice how it's STATIC.

Assume that all files (including the files that you use to inject and extract the data, as well as the program's file) are all in the same package/folder (no imports will be needed).
[CODE]
/**
*
* @author A nerdy programmer
*
*/
public class TheProgram { //Using a BCEL or an ASM-based injector, you must make the class implement the interface (accessor) in order to retrieve the data.

private static String theSecretString = "Hello. My name is Bob."; //You will need to return this value.
public static void main(String[]args){ //Pretend its some sort of epic program.
System.out.println("TheProgram's string value = " + theSecretString);
}
}
[/CODE]
As you can see above, you will need to make your injector so that it implements the interface to get what theSecretString is.
Before doing that, you will need to make the interface that you implement. Since theSecretString is a String, then you must make an accessor interface which retrieves the data of theSecretString.
[CODE]
public interface Accessor {
/**
*
* @return Retrieves the data of theSecretString.
*/
public String nameOfString();
}
[/CODE]

Make the injector using BCEL or ASM and implement the Accessor interface. Remember to also add the method that the interface requires through the injector. TheProgram class would look something like this (excluding the comments):
[CODE]
/**
*
* @author A nerdy programmer
*
*/
public class TheProgram implements Accessor { //Using a BCEL or an ASM-based injector, you must make the class implement the interface (accessor) in order to retrieve the data.

private static String theSecretString = "Hello. My name is Bob."; //You will need to return this value.
public static void main(String[]args){ //Pretend its some sort of epic program.
System.out.println("TheProgram's string value = " + theSecretString);
}
@Override
public String nameOfString() {
return theSecretString; //Using a BCEL or an ASM-based injector, you must make the theString as the return type.
}
}
[/CODE]

After this, make an abstract class that would "get" the accessor's interface.
[CODE]
public abstract class GetAccessorClass {
/**
*
* @return The Accessor interface.
*/
public abstract Accessor getAccessor();
}
[/CODE]

After this, most people choose to make another interface which is similar to the Accessor method, for use of bot scripts.
[CODE]
public interface MethodInterface {
/**
*
* @return The string that we want from TheProgram.
*/
public String getTheHiddenString();
}
[/CODE]

After that, you would need to make a class that gets theHiddenString. This class would have similar methods for use in scripts.
For example, "PlayerInfoGetter.java" may contain methods that retrieve data related to player operations.

In this case, we are hacking the whole program in total, and not just one aspect of it. That's why I've named the class "Getter" because its related to getting methods of the whole program (all in one class).
I've also left a SoftReference, as I've seen RSBot's old bot code, and it seems like a great way of saving memory on a computer while running your bot.
[CODE]
import java.lang.ref.SoftReference;
/**
*
* @author trDna
*
*/
/*
* Pretty much a class that contains similar methods that are retrieved from the Accessor accessor.
* For example, "PlayerInfoGetter.java" may contain methods that retrieve data related to player operations.
*/
public class Getter extends GetAccessorClass implements MethodInterface{
private SoftReference<Accessor> sr; //optional, allows for garbage collection, which makes the Accessor accessor perform faster (less memory would be used up).


public Getter(final Accessor acx){ //Accepts any class that implements Accessor.
sr = new SoftReference<Accessor>(acx);
}

@Override
public Accessor getAccessor() {
return sr.get();
}
@Override
public String getTheHiddenString() {
return getAccessor().nameOfString();
}

}
[/CODE]

Now you must start up your "bot" (really just a data retriever) through your program. You need to inject your code before hand, and then create an instance of TheProgram. I've invoked the main method of TheProgram in order to mimic what would happen when the RS/RSPS client loads (however, this just displays a string). After this, you would need to set up the Getter class, and use TheProgram's instance as an argument, because it implements the Accessor interface that we made.
After this, you could simply print out the String that you have retrieved.
[CODE]
/**
*
* @author trDna
*
*/
public class Setter {
public static void main(String[]args){
//Your injection code must go here, so that you can get theSecretString, for example.

TheProgram tp = new TheProgram(); //A new instance of TheProgram, which is supposed to be modified.

TheProgram.main(null); //Invoking the main method. We're just doing this to replicate how the RS client would load and display something. In this case, "Hello. My name is Bob". This line isn't needed.

Getter get = new Getter(tp); //The Accessor accessor (lol).


/*
* You could make a method context class to get the data from the Getter class so its easier to utilise the methods that you would make.
* I've simply made it shorter by getting theHiddenString straight from the Getter class to speed things up.
* This may not be perfect (or technically "correct"), but it shows an approach of how to access the accessor methods that you inject.
*
*/
System.out.println("The setter class's reference of the string: " + get.getTheHiddenString());


}

}
[/CODE]


Your output should be:
TheProgram's string value = Hello. My name is Bob.
The setter class's reference of the string: Hello. My name is Bob.

If you got this output, congratulations! You have just retrieved the accessor data by injection!

There are better ways of doing that, but this is just a really simple way of doing it, and it may be a lot harder when hacking into the client of your choice.

[b]Note: Accessor methods only work out when you are returning a value of a STATIC variable. This is because non-static variables' method signatures change here and there, and as a result, you will most likely get an NPE.[/b]

[b][u]Here are some more links you could use to help yourself out:[/u][/b][list]
[*][url="http://www.moparisthebest.com/smf/index.php/topic,334616.0.html"]http://www.moparisth...c,334616.0.html[/url] - Tutorials and resources (Requires registration & ToS acceptance)
[*][url="http://www.moparisthebest.com/smf/index.php/topic,160681.0.html"]http://www.moparisth...c,160681.0.html[/url] - BCEL Tutorial by yakman (Requires registration & ToS acceptance)
[*][url="http://www.moparisthebest.com/smf/index.php/topic,155681.0.html"]http://www.moparisth...c,155681.0.html[/url] - Loading RS classes using ASM/Javassist/BCEL by Fasga (Requires registration & ToS acceptance)
[*][url="http://www.moparisthebest.com/smf/index.php/topic,335547.0.html"]http://www.moparisth...c,335547.0.html[/url] - Parsing client params by Freddy1990 (The same guy with the tutorials at rs-hacking.com) (Requires registration & ToS acceptance)
[*][url="http://www.moparisthebest.com/smf/index.php/topic,216985.0.html"]http://www.moparisth...c,216985.0.html[/url] - Ultimate BCEL tutorial by imafatmess (Requires registration & ToS acceptance)
[*][url="http://www.moparisthebest.com/smf/index.php/topic,396252.0.html"]http://www.moparisth...c,396252.0.html[/url] - How to hack the Client's Canvas by BAsh (Requires registration & ToS acceptance)
[/list]
I hope that this tutorial helped some of you out. Feel free to leave suggestions, and I can add/edit this thread [img]http://powerbot-gold4rs.netdna-ssl.com/community//public/style_emoticons/default/happy.png[/img] Edited by 0

Share this post


Link to post


[quote name='Graser' timestamp='1341429447' post='8759570']
Google is Your Best Friend.
[/quote]
I've mentioned that in the thread :)
I just left this thread to help people out a little more than Google does.

Share this post


Link to post
I will read this later; looks like a nice tutorial though.

I may ask, shall we be expecting client work by yourself? (sorry if you do have your own project and i just don't know! :-P)

Share this post


Link to post
That's not the only and probably also not the easiest way to make a bot, but it's a nice tut. Though this wasn't necessary because all this information can be found on RS-Hacking.com

Share this post


Link to post
[quote name='Linear' timestamp='1341432717' post='8760063']
I will read this later; looks like a nice tutorial though.

I may ask, shall we be expecting client work by yourself? (sorry if you do have your own project and i just don't know! :-P)
[/quote]
Not exactly sure what you mean specifically, but I'm not planning to create a bot client of my own. I did start on one, but I chose to leave it unfinished. [img]http://powerbot-gold4rs.netdna-ssl.com/community//public/style_emoticons/default/tongue.png[/img]
[quote name='Revertion' timestamp='1341432766' post='8760071']
That's not the only and probably also not the easiest way to make a bot, but it's a nice tut. Though this wasn't necessary because all this information can be found on RS-Hacking.com
[/quote]
1) As I mentioned in the original post, there are better ways of doing it, but this thread outlines what most people do.
2) Thanks :)
3) Not all of it, getting data from the accessor methods are not explained there, which is why I created my own examples to help people out.
[quote name='Webjoch' timestamp='1341434076' post='8760259']
Thank you for this tutorial. Exactly where I was looking for!
[/quote]
You're welcome! Glad I could help [img]http://powerbot-gold4rs.netdna-ssl.com/community//public/style_emoticons/default/happy.png[/img] Edited by 0

Share this post


Link to post
[quote name='robbiegast' timestamp='1341414151' post='8757610']
a mini tutorial for making a bot while scripters need a whole page for a yak script! You sir are a legend.
[/quote]
Dafuq.

Share this post


Link to post
I have been working on my own sort of custom client but I was having trouble getting data from accessor methods because they were never explained well on rs-hacking. Your example was very easy to follow and was explained well. Thank you very much. :)

Share this post


Link to post
[quote name='Legend' timestamp='1341437268' post='8760718']

Dafuq.
[/quote][quote name='Legend' timestamp='1341437268' post='8760718']

Dafuq.
[/quote]
^

Share this post


Link to post
[quote name='llaver' timestamp='1341439940' post='8761023']
I have been working on my own sort of custom client but I was having trouble getting data from accessor methods because they were never explained well on rs-hacking. Your example was very easy to follow and was explained well. Thank you very much. [img]http://powerbot-gold4rs.netdna-ssl.com/community//public/style_emoticons/default/happy.png[/img]
[/quote]
You're welcome. Glad to see that you understand my example [img]http://powerbot-gold4rs.netdna-ssl.com/community//public/style_emoticons/default/happy.png[/img] Edited by 0

Share this post


Link to post
Damn I sweep through alittle, plan on fully reading later, but this is great! I was planning on trying alittle bit just to get a grasp on it for future references and better understanding of the bots. Thank you sir!

Share this post


Link to post
Btw "First off, I do not recommend hacking into the official RS client. It's hard enough to deobfuscate their client, but also to keep up with the updates."
1. They made it open source.
2. They haven't updated it for a really really really long time.
3. -.-

Share this post


Link to post
[quote name='Cake' timestamp='1341460960' post='8763180']
Btw "First off, I do not recommend hacking into the official RS client. It's hard enough to deobfuscate their client, but also to keep up with the updates."
1. They made it open source.
2. They haven't updated it for a really really really long time.
3. -.-
[/quote]
How are you a contributor? Read the second point dud.

Share this post


Link to post
[quote name='Cake' timestamp='1341460960' post='8763180']
Btw "First off, I do not recommend hacking into the official RS client. It's hard enough to deobfuscate their client, but also to keep up with the updates."
1. They made it open source.
2. They haven't updated it for a really really really long time.
3. -.-
[/quote]
1. Edited.
2. ?
3. Ouch.. negativity much :(

Share this post


Link to post
[quote name='Cake' timestamp='1341460960' post='8763180']
Btw "First off, I do not recommend hacking into the official RS client. It's hard enough to deobfuscate their client, but also to keep up with the updates."
1. They made it open source.
2. They haven't updated it for a really really really long time.
3. -.-
[/quote]
Whaaaaat? When was the rsclient made open source? And where can I find it?

Share this post


Link to post
[quote name='llaver' timestamp='1341615151' post='8777758']

Whaaaaat? When was the rsclient made open source? And where can I find it?
[/quote]
Always been,
And are you so fucking stupid that you can't even go look for 3 sec?
[img]http://i.imm.io/voVw.png[/img]

Share this post


Link to post
[quote name='Cake' timestamp='1341619070' post='8778116']
Always been,
And are you so fucking stupid that you can't even go look for 3 sec?
[img]http://i.imm.io/voVw.png[/img]
[/quote]
Just a question, isn't that only for the launcher, not the game code?

Share this post


Link to post
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0