How does botting work? - game testing

First and foremost - the goal of this topic and discussion is NOT to create or popularize botting in Lost Ark, I do not promote any actions that are against ToS and neither should anyone else here. This topic is more about applying botting principles in game testing.

So I’m a test specialist (QA) who has mostly been working with fintech website and mobile app test automation, but I’m trying to get into game testing.
Seeing how smart the bots on Lost Ark are and how difficult it is to create in-game restrictions that would completely block them, it seems like a lot of same principles that went into creating these bots could be reused by game QAs, even for same game.

Does anyone have any technical info on how these or similar bots work? For example do they use some API, how do they get access or even any documentation (just scouring through game files?), how much of it is image recognition/matching etc.

There have been a lot of discussions on high-level strategies that bots follow and engineer to get gold, but I haven’t seen much discussion on the technical aspects of how they make the chars move, detect location of mobs, properly use skills, manage their inventory with random drops etc.

As far as I read botters managed to bypass EAC and bots just directly interact with game’s memory, you can make literally anything happen once you go that far as long as server does not have it’s own validation and by Thronespire dmg hack we can see it does not have it (hopefully it will).

Official governance, a cool batch
Measure up, flush, flush

interesting. Although I wonder how they manage to make bots walk around and farm mobs then. It’s not like they force them to spawn or just spam skills in hopes that the mob will be there. These bots seem to react to the environment. So I wonder what kind of information do they access and how they process it

Lots of code, and lots more.

Tbh, lots of different ways and not just code, first they will more than likely be using stolen/new steam accounts most of the time.

• Pixel mapping
• Game memory
• Pre-recorded inputs then script
• Macros

Guess it also depends on the level of expertise on those writing the bots. I have always been intrigued by it myself but meh, not really relevant for me to delve into any deeper. Github has to pretty good examples of bots though and not the usual Discord bots either.

Client has all of the information, tho. I guess if they want bot to go to the NPC they just look him up in the game files and tell the char to go there programmatically, that’s why sometimes they get stuck on the path, pathfinding in this game is quite good but not really perfect.

Just visualise it like this, bypassing EAC the botters can interact with the game like programmer with levels in Unity in Debug mode sans the designer (only through injecting code). I think that dmg hack is done this way, client sends data to server with godly dmg and server is like, yeah sure, I trust you, EAC says you’re good boi, after all.

I am highly theorizing of course , I have never made such a bot myself but I did spent a fair amount playing around in game engines.

Github has to pretty good examples

@Jammyuk could you please provide some examples or at least suggest how I find them?

brother

ain’t no one on this forum has the IQ to know the in’s and outs of how bots work outside their skills to do a quick google search and how they “think” bots work.

lets be honest.

we on this forum are not qualified and you should take EVERYTHING you read with a MASSIVE grain of salt that it’s VERY likely BS and or just MASSIVELY exaggerated speculation from HIGHLY unqualified basement dwelling nobodies still living with their parents.

You know nothing, drop it, even since wow or before, bot use all kind of tech, there is pixel detection, who does not acces memorie value and just read screen and boxs via pixels.

there is also injected bots that can acces memory and see hp, loc etc, usualy they follow a road with waypoint and attack on sight, can use pots at set hp value, have random action timing or interval to avoid detection etc etc.

usualy they even have a custom launcher that update automaticaly when there is update or security risk. (you pay a subscription fee for that)

tldr you are no one and know nothing not even the basics and this thread is useless.

from : someone who used to buy cheap wow account, use bots on them to lvl max, sell the gold, then the account with the char. (i was like idk … maybe 16 ?)

It depends, there are multiple techniques when it comes to making Bots and any other chat tool for a game, there are plenty of tutorials outheres and a lot of basic bots and tools you can find them on github for multiple games. Let’s go over some of the basic techniques:

Macros: this one is easy to understand, some players just program their own macros either with native functionality of their hardware/sowftware or by using a third party software. Macros are simple but can be game breaking.

Recorded inputs or Macro Recorder: You basically use a program that tracks your movements and replicates them, as a QA engineer you may be familiar with this one.

Pixel mapping: This one is fairly simple but is more personalized and somewhat harder to detect, basically you take a library such as PyInput that reads the pixels on your screen and then allows you to do stuff with that information, Code Bullet has a ton of tutorials and projects automating game interactions and most of them use pixel mapping https://www.youtube.com/c/CodeBullet. Also here’s a free python book that teaches this technique (along many other) https://automatetheboringstuff.com/

Memory mapping/scrapping: tbh idk if it has an official name, this is how all advanced bots and tools are usually made (C# is often the language of choice because it makes development easier by nature but C++ is also a popular option) and is basically on another level of complexity, but the idea is very simple, you attach your program to a process, then read the memory output of the game, and basically either use than information to get stuff like players/enemys positions health and whatnot, this technique is often used for other malicious purposes like making Memory Scrapping Malwares. Although this method is by far the best because it gives the most amount of in-game information and is faster and more precise that pixel-mapping, is the easiest kind of automation to detect tools like EAC specializes in detecting these (although this is a constant battle since hackers always find a way to bypass it then they patch it, rinse and repeat), hackers usually bypass EAC with a Kernel-injection tool (most of them out there are malware don’t use them). This technique usually requires a fair knowledge in the Assembly language and namely Reverse engineering some tools have been developed to make this process easier such as CheatEngine (which is free), but there are some other more advanced tools such as BinaryNinja there are some others free and paid tools but BinaryNinja is my personal favorite. If you want to learn more about Reverse Engineering, by far the best Reverse Engineering book I know of is this one: "Reverse Engineering for Beginners" free book and is free.

Network mapping/sniffing: Basically the same as memory mapping in essence, basically is a program that sniffs network traffic, and then use this to get information and modify it before is send to the server, most old online game suffer of this kind of vulnerability because a lot of the stuff happens on the client side and is not double checked on the server side, old CSGo aimbots where usually made like this. LiveOverflow’s video on Pwny Island by far explains it better than what I ever will. For these kind of tools usually Python is the language of choice because it’s just easier and there’s a lot of documentation about it.

I’m not an expert, but I hope this helps answering some of your questions, Cheers!

Honorable mention:

Self Hosted Servers, when you are the owner of the server, you are basically god, only limited by your knowledge, the best example of a recent game that uses Self Hosted Servers in malicious ways (Steal accounts, leak Intellectual Property, etc) is Genshin Impact, you may have seen some vieos of character leaks months before they are released, or people swapping character models and whatnot, well, this is how they do it!

@SniffingMentos @Jadearna are you guys okay?
No, not everyone else is dumb, not everything here is “bs” and no need to be so dismissive and aggressive. If you are not interested in this topic and find this thread useless, please move along, no need to bait for attention.
On the other hand if you personally know about some concepts and care to share or explain them, or to suggest some other page where it’s explained, please go ahead.
My goal when creating this thread wasn’t to play detectives and to find out exactly how every botting company works on Lost Ark, but instead educate myself on different botting strategies that could be reused in game test automation world.

go on a bot forum, get it, use a virtual machine with a vpn, run lost ark with fresh account, try and analyse. done. debating this on forums in absolutly useless, and you dont have the requiered knowledge for this thread to be of any use

Oi, I got my Soft. Eng. degree by googling everything, I still do to this day, don’t insult my work.

Thanks a lot! This is extremely helpful, well explained and even with sources attached <3
And thanks for reminding about codebullet, I’ve watched him in the past and trying to replicate one of his works might fun.