Jump to content
ShaneOss

Bypass Bot Detection

Recommended Posts

On 1/15/2020 at 12:08 PM, valchimiiste said:

That would be interesting to know if anyone using this technique had been banned during the last wave

My new account hasn't been banned yet... Time will tell for sure. :D

I just ran a debug profile (logcat) on my emulator (KOPlayer) via Android Studio...

There's lot's of connection issues which I'd expect because it's being blocked. Still going through the log and looking for more info. My thinking was that if one could identify the thread that attempts to send the package to the vendor, that it could be blocked or potentially terminated on launch providing root access was available. Still looking at options. :)

 

01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xbd4bc360: Failure in SSL library, usually a protocol error
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x982ca926:0x00000000)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:448)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.Connection.upgradeToTls(Connection.java:146)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.Connection.connect(Connection.java:107)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:294)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:255)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:206)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:345)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:89)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.internal.http.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:197)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:254)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.mobileapptracker.g.a(Unknown Source)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.mobileapptracker.MobileAppTracker.makeRequest(Unknown Source)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.mobileapptracker.MATEventQueue$Dump.run(Unknown Source)

01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at java.lang.Thread.run(Thread.java:841)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xbd4bc360: Failure in SSL library, usually a protocol error
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x982ca926:0x00000000)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     ... 15 more

 

Share this post


Link to post
Share on other sites

That 'com.mobileapptracker' can measure , and that is the purpose,  any event - Analytics , used by millions like me to get event logging functionality... 

And imo, supercell is using to determinate , game engagement , and credit source , they have several distributors , Apple, Google, Kunlun , 9game etc, maybe just for royalties $ , and maybe just for mkt campaigns , really interesting is determinate what is sending... MITM , example what Microvirt is getting from us,  yes the Emulator :

kfKJRRF.png

 

or from SC :

P1kVyI0.png

 

Blocking and changing the memory pointer to send any random date , like an bypass ;) , can be dangerous... 

like GrumpyHog i'm thinking more on that 3 steps , flag from some data analysis [simple algorithm]  -> step 2 [manually human analysis] -> list for the next wave ban.

Edited by MAJPA

Share this post


Link to post
Share on other sites

Hmmm..... many places have firewall that blocks data.  It's just a question of whether Supercell wishes to investigate those accounts.  Since a human has to manually verify an account I would expect the initial filtering stage to be a bit more complex so I would not be surprised if they contracted this process to Unbotify.

  • Upvote 1

Share this post


Link to post
Share on other sites
On 1/16/2020 at 6:52 AM, ShaneOss said:

My new account hasn't been banned yet... Time will tell for sure. :D

I just ran a debug profile (logcat) on my emulator (KOPlayer) via Android Studio...

There's lot's of connection issues which I'd expect because it's being blocked. Still going through the log and looking for more info. My thinking was that if one could identify the thread that attempts to send the package to the vendor, that it could be blocked or potentially terminated on launch providing root access was available. Still looking at options. :)

 

01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xbd4bc360: Failure in SSL library, usually a protocol error
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x982ca926:0x00000000)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:448)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.Connection.upgradeToTls(Connection.java:146)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.Connection.connect(Connection.java:107)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:294)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.internal.http.HttpEngine.sendSocketRequest(HttpEngine.java:255)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:206)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:345)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:89)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.internal.http.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:197)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:254)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.mobileapptracker.g.a(Unknown Source)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.mobileapptracker.MobileAppTracker.makeRequest(Unknown Source)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.mobileapptracker.MATEventQueue$Dump.run(Unknown Source)

01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at java.lang.Thread.run(Thread.java:841)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xbd4bc360: Failure in SSL library, usually a protocol error
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x982ca926:0x00000000)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405)
01-16 19:12:18.734 14401-14669/com.supercell.clashofclans W/System.err:     ... 15 more

 

I’m aswell using this bypass and haven’t ever received a ban even after the ban wave :)

Share this post


Link to post
Share on other sites
vor 2 Stunden schrieb [Q]'Hollow:

Is it a thing now. Should I use this.

it seems that the actual ban wave is over. and there are no messages from people who did this and got a ban.

 

if more people use this and this protect our accounts, SC find a new way to detect the bot. it is a cat and mouse play.

and SC has the better cards in this game.

 

 

 

 

Edited by ProfiClasher

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...