Ban with bots of toolkit

[kauefelipe]

Hello friends. In the last two weeks all my 6 accounts have been banned. In five of them I had actually made a sale of coins. But one of them was new and had never done any business. Anyone else had trouble with ban these days? What RPM are you using? Did they change anything that the toolkit is not handling and they are detecting?

[jvianafec]

Yes, my account has also been banned 1 week ago.

It used only to increase cast, generate more coins, no sales.

I have used the toolkit since the end of 2015 and had never been banned.

I hope friends can help us with information so we can not be detected.

[JoaoFelipePego]

I was also banned and several accounts.

I believe the problem is tied to the use of WebApp, EA's security policies for WebApp have become more rigid.

[JoaoFelipePego]

Do not use this Toolkit, this week I created a new account after a few matches I was able to unlock the Web App and only logged 4 times through the Toolkit just doing nothing else, and my account was banned after that.

[CoverJ]

any ideas where we start looking?

[JoaoFelipePego]

Looking at fiddler how to login in to the web app compared to what Toolkit performs, I noticed many differences! The ideal would be to login on by the Companion APP to work. The level of security that EA must have applied over the Web App must be very high, any anomaly or suspicious activity is banning ...

[by1338]

I faced the same issues, today my test account was ban after 1 hour of requests on the API.

There is some panic on autobuyer's forums since last night with a massive campaign of ban from EA.

I think EA is currently banning all accounts used from tier-application other than their web app and companion app,as we saw 4 days ago they had already modified some of their url for logging. By the way, even futbin website seems freezed from last night at midnight they surely can't request the API too, prolly EA try to close API doors or they will provide some private keys to access the API as Riot do for example, their new resolution for 2017 ^^

[JoaoFelipePego]

I was able to decompile the Companion application and have access to the source code, I noticed there are really new changes in the way of logging in and the way of authentication, but the codes are all in JavaScript.

I can pass the source code to anyone who is interested in translating for .NET...

I have no time available for this at the moment :(

@trydis

[trydis]

I have no time either and I haven't played FIFA in ages. Contributors to the toolkit are very welcome, trustworthy people will get push access to the repo.

[kauefelipe]

@JoaoFelipePego Pode mandar para mim Joao? Meu email: kaueffreitascampeonatofifa@gmail.com

[kledac]

I'm a C# .NET developer I also have some solid JavaScript knowledge so if you guys want any help with that just let me know.

I never used this toolkit myself but I was going to perfom some tests myself so just let me know :)

[trydis]

@kledac all (useful) contributions are welcome 👍

[losersFocus]

I can confirm that all my bots got banned as well. I use the toolkit only for logging in and have some custom script for trading. I did WebApp logins. I tried to change the RPM. It didnt help. Every night (UTC+1) i get an email, telling me, that I violated against the TOS of EA and that the account will be PERMANENTLY banned.

@all What do you think about screen scrapping bots as alternative. EA should have hard times detecting those?

I already prepare a small machine vision prototype, that does some trading. I will evaluate the results (RPMs, Errors, How much time the bot can be active, ...) Any help appreciated.

[xAranaktu]

@losersFocus You can check mine PeakyBuyer, but imo. it's way less effective than bot based on requests.

[Taggardos]

Does someone resolved the Problem with the banned Accounts?

Lost many in the last couple of Days... I sniffed the Traffic from the Webapp and tried to adjust as many Headers, URL-Strings, etc. as possible from the Toolkit and started my Bot again.

I wil keep you updated, if the Changes are working.

[kauefelipe]

@Taggardos I have used the mobile version that I sent in a Pull request #325 for about 15 days. The bot logs once every hour and relist all items of trade pile.

I have not configured to buy / sell player but I probably will do this soon and notice here if it is not banned as well.

[Taggardos]

I accomplished 24 Hours with 5 Accounts simultaneously from the same IP without a Ban (which is an improvement compared to last week :-D ) Beside the updated Headers, URLs (which was still resulting in Bans), I also implemented the PinEvents based on #260

[A-VORONKIN]

6 accounts were banned tonight. and I don't know why. I had no bans for last month and almost didn't change anything in my soft. and didn't use mobile version.

@Taggardos can you make pull request with PinEvents?

[JoaoFelipePego]

Is 5.0.0 version of the Toolkit still causing Banishing?

@Taggardos is it possible for you to share with us the Toolkit you are using? And what changes did you make?

[Taggardos]

At the Moment the Toolkit I am using is a bit mashed up :-D (as I am trying to implement UserMassInfo Request and Proxy Support)

260 is pretty accurate. The only thing I added was

pinDataCustom.service_plat = "XBO";

and adjusted the Version Number

pinData.v = "v17.0.165353";

in the PinRequest.cs

[Taggardos]

Still received a Ban. It just took a couple of Days longer. Had the Account working for 6-7 Hours a Day... The only "abnormality" I had, was that I had a different Pagesize than the Webapp.

I also noticed, that the normal Webapp Requests contain Cookie Information in the Header, but to be honest, I can't imagine that EA analyzes every Request and extracts the Headers.

[kauefelipe]

Hi @Taggardos What kinds of requests were you making? Buying and selling player? You were using the webapp version, right?

[Taggardos]

Hi @kauefelipe yes, I am using the Webapp Version. I'm using the Toolkit as an Autobuyer. Buying, selling, checking Prices, Tradepile, etc.

[octopuppy99]

I just got all my accounts banned. I use the toolkit with my auto buyer/bidder since the FIFA 17 release. No changes in the last weeks. One of my accounts only used the toolkit to clean up and relist items from the trade pile. The other accounts I used for mass bidding, too. All accounts used the webapp login. And I did no coin transfers with any of the accounts. Looks like EA gets better in identifying these kind of toolkits.

[Bltfast]

Today all my accounts (9 ps4, 1 xboxone) have been banned. I don't understand the logic applied by EA to ban them. Each account played just the necessary games to unlock the WebApp, so I thought it could be that the reason, but the xboxone account was my main account that I used frequently. So this should not be the reason. I'm using an older version of the Toolkit where I added snippets code when errors occurred. For example, when ItemData.cs serialization changed because EA added some new fields or to specify new URLs. But I used the Toolkit with another account, not to buy and sell, just to put players on market , and this is still alive! Maybe it is lucky, maybe it will be banned soon? I don't know, but I'd like to understand EA in order to change the toolkit and f@#k them up! Any idea?

[artielange]

Guys just out of curiosity, how many requests were being made on the accounts that were banned ?

[octopuppy99]

I can't tell how many requests were done with my auto-bidding accounts, but I automatically stop bidding after 50 consecutive failed biddings. My auto-bidding usually ran once per hour for 5 hours.

My main account that didn't do auto-bidding ran once per hour for 12 hours and cleaned a 70 slot trade pile from sold items, re-filled the open slots and then re-listed the stuff. That's maybe 100-120 requests.

With all my accounts, I almost never ran into temporary bans where you have to type a captcha in the webapp to unlock it again.

@Bltfast I feel with you. Any idea how to bypass the account limit on a PS4? I can't create any new accounts :-(

[Bltfast]

I guess the EA banning logic it is not based on requests because my autobuyer worked without problems for more than a year, nothing is changed until now, so in my opinion, the banning parameters are different... I read about other fut libraries and other programs using them that have been banned during these hours too.

@octopuppy99 You should delete your accounts from ps4 than after a month you are able to create new accounts.

[octopuppy99]

@Bltfast Thanks for the hint! I'll try that!

[kauefelipe]

Only one account running with toolkit (only to relist trade pile) and was ban yesterday after a month...

Definitely have some problem. Maybe with the headers of the requests .. i don't know ...

It was running 24x7 and two request each 10 minutes (one to see if was logged and another to relist)... Then i was using 12 requests per hour...

[kauefelipe]

@Bltfast which autobuyer did u using? Maybe we can take a look in that code...

[Bltfast]

@kauefelipe I have written one of mine starting from the @Lululuz autobuyer but adding a lot of "human" behaviors. For example, random time bids, random searching pages, and so on...

[Majed93]

I've had 9 accounts banned, this weekend, all at the same time. Granted coins have been outgoing from the accounts but not in huge quantities. Been using the accounts for a good 3 months now.

[artielange]

I can't imagine its difficult for analysts at EA to determine that the number of requests being performed on an account exceed what's considered normal usage. I also suspect that its easier for EA to ban accounts with suspicious behavior than to inspect individual requests. This seems very logical to me

[jon7776]

in my humble opinion the bans are automated,hence the number of false bans given out to legit gamers I also have had accounts banned that were only active for a couple of hours at a low 5 rpm,so could not possibly of exceeded any normal usage

[Majed93]

@jon7776 what were you doing with the accounts? Searching, bidding etc. ?

[jon7776]

yes searching, bidding, buying,listing, price updates

[bmundt]

Hey, Has anyone been banned for making requests to just their club and not actually searching/relisting/etc on the market. I was looking to extend this to build an SBC builder for items in my club, just wondering about the risk.

[ZardoZ70]

My guess would be that it is the same risk as any other usage. With the latest bans, it seems that it doesn't matter what you do, but that you do, i.e. use a toolkit.

[DanielEzra1]

I think I know why you got ban read this please https://github.com/hunterjm/fifa-autobuyer/issues/152

[A-VORONKIN]

@israeliMaster didn't find any answer there.... I do 2 seconds waiting between searching and buying and still got ban!

[ZardoZ70]

@israeliMaster I think your approach is too simple. Ok, probably EA runs some automatic analysis of a player's behavior, and when you move outside of some predefined parameters, you get an automatic ban. And of course it would be interesting to know more about these parameters. Wait time between request might even be such a parameter.

But I think that there are much more ways on the communication level to distinguish a toolkit from the real webapp, and with the latest bans, I'm afraid EA has started using these. Just look at the PinEvents from #260. I wonder how many toolkits implement these, as things obviously work without them, too.

IMHO, if a toolkit doesn't mimic exactly the behavior of the webapp, EA can (with more or less effort) identify a toolkit user. Maybe they already do so all the time and are just to lazy run bans immediately, so they collect them and run them in batches. Welcome to the next ban wave ;-)

[DanielEzra1]

@ZardoZ70 I didn't get ban after doing it for more than a month. what do you think is the parameters?

@A-VORONKIN can you tell me please what did you do ? did you did a random time or exactly waiting time of the same 2 seconds?

[ZardoZ70]

@israeliMaster I got an account banned that did nothing but relist the trade pile. And it worked fine for 4 months. Then it got banned. And that's why I'm assuming that the bare use of the toolkit can get you banned, no matter what the parameters might be.

[trydis]

IMHO, if a toolkit doesn't mimic exactly the behavior of the webapp, EA can (with more or less effort) identify a toolkit user.

Exactly. That was my goal back when i released the toolkit. I made sure the headers etc. were all there. As time went by i stopped playing FUT and only a few people contributed with code. I guess most people just grabbed what was here and made the adjustments without sharing them.

A few things on the top of my head:

• All the headers must be present in the requests
• The operations that are done must be doable from the FUT web app (i.e. can't use page sizes > what's possible there )
• Besides the regular requests, there are things like the "pin requests" (others too?)
• If we want to be paranoid, perhaps they list players that aren't actually shown in the web app, just to see who bid on them?

And the obvious ones:

• Don't buy players you haven't searched for
• Don't buy too quickly after searching
• Don't search too often
• Don't search every x seconds

I would gladly give push access to the repo to someone who's playing FUT regularly and writes decent code.

[by1338]

It's easy for EA to identify the API caller program. They can know if you are not one of the "trusted" EA application or not . This is the point i think.

Just check the header of this website :) https://ultimatebot.net/ All bot sites are facing this issue. With the increase of this parralel economy EA set up new security rules for 2017 and as a player I can't blame them, prolly they sold less fifa points last autumn

[JoaoFelipePego]

Is anyone still using this Toolkit with any Fifa 17 account that has not been banned again?

[tringler]

It's the root cause I'm not working on that repo anymore - I think a lot of money is needed to identify how they flag the accounts now.

[gladtbx]

All my accounts were banned last December. I stopped FUT since then. Now Fifa18 is out in a couple of days, can anyone confirm if it is still safe to use any auto buyer? Thanks in advance.

[tringler]

Same for me. I would not to recommend any autobuyer as soon as it is not clear how they flag accounts.

[gladtbx]

So no one, one this repo or other auto buyer repo, has ever figured out how EA finds out about bots?