You can now purchase access to CyberRune with RSGP! - Click here to learn more

CyberRune Maintenance - Big Changes

Asentrix

Administrator
Staff member
VIP
Current Status
Hey there everyone, sorry for the lack of updates/progress reports.
About a week ago Jagex released an update which introduced a bunch of new stuff into the game.
We're currently working on getting the client back up and running, while also working on a lot of changes
I wanted to drop an update so people know what's happening
As it currently stands, due to the downtime, we wont be taking new sales.

CyberRune is moving from C# to CPP!
Around a month ago we decided to release a trial version of CyberRune for everyone to try
We understand not everyone can afford to purchase it, but want everyone to at least experience RS3 botting.
Well unfortunately we had a security hole in our software which allowed a user to access private areas of the tool, private scripts etc.
We remotely shut down the trial version and made sure this user couldn't take advantage of this security hole.
Unfortunately this meant we had to remove the trial version.
We decided that C# just isn't secure enough, so we're switching to CPP, which is far more secure and reliable.
The downside is we aren't extremely experienced with CPP, so progress has been quite slow, but we're nearly there.
We've been converting the entire project to CPP and only have a few more crucial things to convert, once that's done, the new project will be released.

We're re-branding!
We're switching to "Runebot" and our new projects name is "Mimesis"
We had a few issues with our current brand-name, mainly SEO issues.
This decision was also made due to user feedback, we're very happy with our new brand name.
Runebot.net/Runebot.org is coming soon :)

New forum!
We've received a lot of feedback about the website and navigation
The current website is confusing and hard to navigate, so we're switching from xenforo to IPB
You can checkout the new forums here:
Although that forum is just a demonstration and wont be the final forum link.

Botting API!
We've made a lot of progress towards our API.
Originally we were leaning towards our scripts being wrote in C# but we've switched to lua.
lua is more user friendly and makes things a lot easier for us.
The API is almost complete and should be in version 2.0.1 of Runebot/Mimesis

Switching Licensing Engines!
We're switching how we handle licensing and payments.
Our current licensing system is far too expensive to maintain.
it's also missing a lot of features, including the ability to search all customers and update licenses, so we're making our own back-end licensing system.
Our new licensing system will allow your license to be activated on 2 PC's through HWID locks.
A user can modify which 2 PC's are authorized per license, so if you want to use a different computer, you can remove your old one and add your new one.

Sorry again for keeping you guys in the dark, we're just extremely busy currently.
Looking forward to releasing Runebot, stay tuned!​
 
Last edited:

LifeCoder

New member
Aight, so I registered here just to write my comment. I don't mean to be rude or offensive. Just want to share my thoughts.
"We decided that C# just isn't secure enough, so we're switching to CPP, which is far more secure and reliable. "
Well no programming language is "secure" I've done work on C# and C++ and the security depends on you entirely. My C# program is more secure than the C++ one, why? Important stuff should not be put in the application, rather you should store it on the server and send it to successfully authenticated clients. Then they can't just patch it, you can also make the private methods(which you should put in a dll) have a signature, without which they wouldn't run. Easy to see which user then decided to share his dll he dumped from the memory. C++ is not necessarily more reliable, it's harder and is sometimes very unreliable(not as unreliable as javascript though) how would you dynamically load code? (not the lua scripts, we'll get to that) loading shellcode is a dangerous practice(probably not something that would be included). If I really want to, then it doesn't matter if you used C# or C++. I will get it. You'll probably stream lua scripts seamlessly to the client. But how do you know the client doesn't save them or otherwise tampers with the application? For both programming languages, use VMProtect and SIGN the code(expensive but worth it) also send the application hash with every request. Do as much as possible server side and you'll keep people away from stuff they shouldn't have access to(until a dedicated cracker appears, then it's best to call it a quit) want to be 100% sure you control everything? Take screenshots from the client's game. Send these to the server, server calculates where it should click and send that back to the client. No way anyone will crack that! Though I'm just spilling ideas, and they came from reading that "C++ is more secure and reliable" in the end, no programming language is more secure or reliable. Your knowledge is what makes it secure and reliable code.

Looking forward to this though!
 

kodmi

New member
"lifecoder" is right. Won't matter if you move to C++ every application has a hole no matter what... even Adobe can't hide from it.
FYI lifecoder.... even the methods you mentioned are still hackable...

The only prevention you can do is add another wall for them to work around, once's they figure that out... add another wall.... eventually your wall will be built so tough most will just not even bother because it will require too much effort.

I'd stay with C# if your more knowledgeable. You'll just create twice as many hole using C++ due to lack of experience.

Really the only advantage to switching would be app resource usage and speed plus cross OS support... and strong not advised with lack of experience.
 
Last edited:

Asentrix

Administrator
Staff member
VIP
Aight, so I registered here just to write my comment. I don't mean to be rude or offensive. Just want to share my thoughts.
"We decided that C# just isn't secure enough, so we're switching to CPP, which is far more secure and reliable. "
Well no programming language is "secure" I've done work on C# and C++ and the security depends on you entirely. My C# program is more secure than the C++ one, why? Important stuff should not be put in the application, rather you should store it on the server and send it to successfully authenticated clients. Then they can't just patch it, you can also make the private methods(which you should put in a dll) have a signature, without which they wouldn't run. Easy to see which user then decided to share his dll he dumped from the memory. C++ is not necessarily more reliable, it's harder and is sometimes very unreliable(not as unreliable as javascript though) how would you dynamically load code? (not the lua scripts, we'll get to that) loading shellcode is a dangerous practice(probably not something that would be included). If I really want to, then it doesn't matter if you used C# or C++. I will get it. You'll probably stream lua scripts seamlessly to the client. But how do you know the client doesn't save them or otherwise tampers with the application? For both programming languages, use VMProtect and SIGN the code(expensive but worth it) also send the application hash with every request. Do as much as possible server side and you'll keep people away from stuff they shouldn't have access to(until a dedicated cracker appears, then it's best to call it a quit) want to be 100% sure you control everything? Take screenshots from the client's game. Send these to the server, server calculates where it should click and send that back to the client. No way anyone will crack that! Though I'm just spilling ideas, and they came from reading that "C++ is more secure and reliable" in the end, no programming language is more secure or reliable. Your knowledge is what makes it secure and reliable code.

Looking forward to this though!
We do keep all the important stuff external and encrypted of course, but yeah we're switching to cpp for a few reasons, security is just one of them :p
Yep I did bring up VMProtect to CyberRune but yeah, due to the downtime and lack of sales we wont be buying that anytime soon haha

Appreciate the feedback :)
 

Asentrix

Administrator
Staff member
VIP
"lifecoder" is right. Won't matter if you move to C++ every application has a hole no matter what... even Adobe can't hide from it.
FYI lifecoder.... even the methods you mentioned are still hackable...

The only prevention you can do is add another wall for them to work around, once's they figure that out... add another wall.... eventually your wall will be built so tough most will just not even bother because it will require too much effort.

I'd stay with C# if your more knowledgeable. You'll just create twice as many hole using C++ due to lack of experience.

Really the only advantage to switching would be app resource usage and speed plus cross OS support... and strong not advised with lack of experience.
Cross OS support? What do you mean by that? haha
I mean the benefits of switching to cpp are well worth it, honestly the guys working on it aren't extremely inexperienced they know what they're doing, it's just they're more experienced in C# I guess

Basically in regards to us switching to cpp, security wise, rather than our source being decompiled, it would need to be reversed.
We're aware it can be reversed, we just want to make it not worth doing so

We store all the important stuff remotely and encrypt everything using our own private encryption method
If a version does happen to get released and cracked, we'll remotely shut it down so it becomes useless, release and update and suspend the leaker/cracker
 

kodmi

New member
Cross OS support? What do you mean by that? haha
I mean the benefits of switching to cpp are well worth it, honestly the guys working on it aren't extremely inexperienced they know what they're doing, it's just they're more experienced in C# I guess

Basically in regards to us switching to cpp, security wise, rather than our source being decompiled, it would need to be reversed.
We're aware it can be reversed, we just want to make it not worth doing so

We store all the important stuff remotely and encrypt everything using our own private encryption method
If a version does happen to get released and cracked, we'll remotely shut it down so it becomes useless, release and update and suspend the leaker/cracker
Cross-OS: cross platform support for Mac/Mobile/Linux/Windows, requires less work.

"
We store all the important stuff remotely and encrypt everything using our own private encryption method
If a version does happen to get released and cracked, we'll remotely shut it down so it becomes useless, release and update and suspend the leaker/cracker
"
Sound promising but almost certain your remote shut down wont work as good as planned. Sounds like wasted effort to me. Big Business can't even get a proper functional version.
 

Asentrix

Administrator
Staff member
VIP
Cross-OS: cross platform support for Mac/Mobile/Linux/Windows, requires less work.

"
We store all the important stuff remotely and encrypt everything using our own private encryption method
If a version does happen to get released and cracked, we'll remotely shut it down so it becomes useless, release and update and suspend the leaker/cracker
"
Sound promising but almost certain your remote shut down wont work as good as planned. Sounds like wasted effort to me. Big Business can't even get a proper functional version.
Imagine you need to know the memory address of NPC's, we fetch that from our server using the client, which is encrypted.
After Runescape update it changes.
If the user doesn't have the latest version (memory address is hard coded in the client) they won't have the latest memory address
 

kodmi

New member
Imagine you need to know the memory address of NPC's, we fetch that from our server using the client, which is encrypted.
After Runescape update it changes.
If the user doesn't have the latest version (memory address is hard coded in the client) they won't have the latest memory address
If there skilled enough to break pass the activation system.. I'm sure they can update the program when the new one is released, even after you've blocked them.
 
Top