Bablosoft

URGENT Since today (06/28/2020) BAS is detected as a bot by google after UPDATE

Support
  • J

    @support Hi, thank you for taking the time to answer.

    • First of all, recaptcha v3 score and gmail signup are unralted.

    I understand your deduction which is half true, google recaptcha and gmail its two different service, if recaptcha gives you a bad score, you have no chance of having a good score in another google service of course, either for account creation or for Google ads analysis for example which is one of the most elevated security level by google because of click fraud ...

    When another bot gets 0.7/0.9 on the same test, i think is that enough reason to not get around the problem.

    • I don't think that it is possible to do multiple registrations without sms, if it worked for some, it doesn't means, that it will work forever and you definitely shouldn't rely on that.

    Certainly yes, creating a new google account is just an example, for the sake of a undetectable tool we are looking for the best possible anti-detection of course, and a score of 0.3 is not effective especially for an exceptional tool like BAS, so to use option like "PerfectCanvas" and "Receive sms" is just a way to get around the problem despite that it is two verry great tools, in my opinion the only "solution" is to find what google has to find to suddenly give to BAS a low score, i repeat that we were 0.7 until before yesterday.

    • As long as you are a premium user, if you have any more question, please try to describe it in details with steps to reproduce the problem, and send to premium email.

    I posted on the forum because i think a forum it is made for this :))) moreover that iam not the only one affected by this problem. Higher up in this post i have already provided the details and even a functional test project to test and see the leack.

    I will post here if I find a technical theory of this sudden problem,
    thank you all

    0 1 Reply
    0
  • 0

    @jonigood

    As support mentioned you should know that reCaptcha and Google services registrations does not use the same techniques to determine the authority of the visitors.

    Example G services draws canvases when signing up to determine the likelihood if you lie about your UA and base a score of that out of a lot of other things.

    While reCaptcha uses native functions and doesn't draw canvas to determine the likelihood of lied OS. That's why it's harder to pass reCaptcha than it is to sign up.

    One example if you tell recaptcha you visit from Android with Chrome 83+ that must means that every function from 83+ should be supported. For this example:
    This useragent means it must support a relatively new feature called "Native Share" so running this code should return a true:

    if(navigator.canShare(data)) {
  // CanShare
}

    While if you use a Desktop and claim to use the same browser, it will return an "undefined function".
    This means you can't possibly use Android and Chrome 83+ and you will be scored 0.1 but still have the chance to prove you are human (maybe) through multiple hoops.

    Mobile uses touch events Desktop uses Click events. If you claim to use mobile but sends click events thats a bad sign.

    Same goes if you use Chrome but claim to use Firefox, Firefox have functions Chrome doesn't support like moz so if your browser code doesn't support it means you cannot possibly use Firefox and again your score will be low. This is why you sometimes have more success than others since the browser engine is sometimes updated it means its harder to detect but eventually new functions are released to the Chrome or Chromium which leaves the browser obsolete. Sometimes vital functions that gets easy to distinguish than others.

    A lot of other techniques I know they use so this is just one reason why recaptcha is different from the signups. But you are partly right they share some common features but not all. Recaptcha is more advanced and maybe that is because a lot of sites rely on reCaptcha to stop bad browsers and bots from mass actions. Even if you bypass captcha with bot, just implementing captcha to a site rates the limits of bots actions.

    With all this said BAS is the most throughoutly implemented framework for automation whatever yo uuse it for specially the fingerprint technology. And most sites you work with you won't have a problem as most sites doesn't have advanced detections like this. You can try compare Geckodriver with Chromedriver yourself if you want to explore more between the difference automating Firefox and Chrome.

    J 1 Reply
    0
  • J

    @0xSentinel

    First of all thank you very much for taking the time to explain all this in detail, it is instructive for some, and it triggers a deeper analysis of the problem.

    As support mentioned you should know that reCaptcha and Google services registrations does not use the same techniques to determine the authority of the visitors.

    I do not know if for sure i understand what you mean by authority of the visitors, to clarify,
    Yes that's right, the problem here is that we're talking about visitor "classification", reCaptcha is not to determine good users or bad users, it's to determine "human" users OR "bot" users. Captcha means: Automated Public Turing test to tell Computers and Humans Apart.

    i understand of course with these known technique that you explain is used by new detection system to identify bots, again this is not the case, in my opinion Recaptcha does not use native function detection, if a function like canShare() (or any other function, even CSS) is called in a browser which does not support this function we find in the console a nice

    Uncaught ReferenceError: canShare is not defined

    We deduce that Recaptcha detects something else and not the native nonexistent/existing browser function. (i assume that you wase talking about the native function of the BROWSER)

    There are function compatibility databases like caniuse.com, we can see that the function you mentioned above is chrome 81 comptaible on android : https://caniuse.com/#search=canShare

    I mean that is possible to obtain a list of missing functions by comparing two versions of chrome, it would be wunderful for bablosoft to code a plugin to synchronize the fingerprint to add/remove (or simulate ...) the necessary functions, it is only an idea ... which would surely reduce the risk of function detection, not completely of course because it is not enough to return a true or false to totally be sure that the native function are operational or not, it will just be operational to answer false or true, that's good for a start. example by comparing chorme 70 and chorme 81: https://caniuse.com/#compare=chrome+70,chrome+86&compare_cats=JS,JS API
    we get the difference function compatibility between the two browsers ...

    If wee deepen the analysis, what can happen other than the detection of native function or verification of fingerprint/canvas ... what remains ?

    A extrapolate theory would be the Fingerprint of the TCP/IP stack in order to deduct the OS and to compare it to the OS send by header, i strongly doubt that this is the case, firstly because of the execution time of this process which is a little long ... in the doubt, i made a config in perfect correlation with my system, in order to test in the most optimal environment to counter the two verificaiton evoked (native function/OS detection):

    My real OS is windows 10x64.

    The config:

    • Set browser setting
    • Set Fingerprint, The fingerprint chosen is windows 10x64, from that, the fingerprint of the TCP/IP return the same OS as the browser header + The User-agent is chrome 79.0.3945.130 to have the same version as the chrome version of the last BAS (22.8.1), this should avoids the detection of native function since it is the same version.
    • Apply fingerprint
    • Proxy set (to synchronize language/geolocation/webrtc/timezone)
    • We check the config befor to check Recaptcha score whit f.vision and others ....

    All right, screenshot here:

    alt text

    We Check now ths Recaptcha score :

    alt text

    Score 0.3

    The test Project : NativeFunctionAndOsBypass.xml

    So, can we now deduct that is not about native function and/or OS détection ?

    With all this said BAS is the most throughoutly implemented framework for automation whatever yo uuse it for specially the fingerprint technology. And most sites you work with you won't have a problem as most sites doesn't have advanced detections like this. You can try compare Geckodriver with Chromedriver yourself if you want to explore more between the difference automating Firefox and Chrome.

    After having already try all ..., it is undeniable, BAS is great, with a high level of development.

    On the other hand i can provide screenshoot or video of anti-detection browser which pass Recaptcha V3 whit a score of 0.9, a f.vision whit score of 100% ... (Geckodriver), and this with fingerprint/user-agents which are different from my OS, so there is always possible improvements no matter the level reached, i'm still looking for a solution to raise the score at least 0.7 ... i would post here if I find something ...

    Thank you all, Thank you again @0xSentinel

    T 1 Reply
    0
  • 0

    No these example ways how to detect browser versions from other element except Canvas, user-agent header etc.
    TCP stack sounds overkill I dont think google use it, maybe mostly for banks and financial institutions.

    Haven't tried recaptchav3 much since few months back where I scored 0.7 many times but most times were 0.1 and 0.3 using fingerprint switcher. I can look into it again when I have time later. For now I don't think problem because not many sites uses recaptcha v3 at the moment but as soon as it becomes a problem to me I will make sure to find a solution.

    Have you tried set user agent to as close to stock Chromium as possible? I think this is what CEF is based on so using Googles own product as useragent and hope to bypass their own system is hard job. Better try set the user agent header for Chromium, Brave, etc and other browsers using Chromium.

    J 1 Reply
    0
  • J

    @0xSentinel

    Yes it is exactly true, my bot operates in the following way :

    • first it will get a fingerprint and assigned it a score according to the results from multiple tests (Recapctha V3 is the first one).
    • if the score is low, browser is resetting and go to get another fingeprint and test it again
    • until to find a fingerprint that pass google whit a minimum score of 0.7 the bot continue to get and try fingerprints ...

    I take for example my works from this last month, the bot has never exceeded 3 or 4 attempts before having a fingerprint which obtains a score of 0.7 at least, today i can let it run for hours it no longer finds any fingerprint which get socre more than 0.3, so i wase thinking of a problem with fingerprints from fingerprinswitcher, to test this hipothese i use a profile that have a fingerprint which has a score of 0.7 on Recapctah V3 befor the problem, and it does not pass the test, it now gets a 0.3, it seems that the problem does not come from fingerprintswitcher.

    I can look into it again when I have time later. For now I don't think problem because not many sites uses recaptcha v3 at the moment but as soon as it becomes a problem to me i will make sure to find a solution.

    It is not my case :) I am impacted by this problem and must find a solution to be able to continue to use BAS :)

    TCP stack sounds overkill I dont think google use it, maybe mostly for banks and financial institutions.

    Yes, as i said i strongly doubt that this is the case for google, it was just to evoke all the possibilities on this post in order to avoid future quesitons...

    Have you tried set user agent to as close to stock Chromium as possible ? I think this is what CEF is based on so using Googles own product as useragent and hope to bypass their own system is hard job. Better try set the user agent header for Chromium, Brave, etc and other browsers using Chromium.

    You are right It is quite obvious, i will try and give you my feedback.

    thanks

    0
  • T

    @jonigood How are you even getting an score of 0.3? I am getting only a score of 0.1 which causes me to get a lot of captchas, How are you getting a score of 0.3? Also how are you putting in verification checks to get fingerprints that are above a specific score? Could you help me do that?

    J 1 Reply
    0
  • J

    @tatwa Hi, each user of BAS have these tips and configurations to get a better score, it depends on a lot of parameters, you must configure and test your project before launching the recaptcha test, you must pass all the online detection tests like f.vision ect ect ... this n 'is that you have to try recatcha, i provided one or two test project on this post, try them ...

    T 1 Reply
    0
  • T

    @jonigood I am passing all the online detection tests and that is not what I am asking about, What I am asking is how are you implementing a test to filter out fingerprints that give a low score and only select fingerprints that are high quality and use them?

    J 1 Reply
    0
  • J

    @tatwa

    • Set browser setting
    • Get Fingerprint
    • Apply fingerprint
    • Proxy set (to synchronize language/geolocation/webrtc/timezone)
    • Open link : recaptcha v3 socre request link
    • parse result : capture text score like 0.1, 0.3, 0.7, 0.9 ...
    • If :
      capture text score less then 0.7
      stop script and start it again (whit a loop or label ...)
    • else :
      continue your script ....
    FastSpaceF 1 Reply
    0
  • FastSpaceF

    @jonigood Что ты какой-то сказочник. Скор дает еще гретый профиль.
    Кстате у меня с кучей авторизации в нормальном хроме тоже 0.3.

    DoctorKrolicD 1 Reply
    0
  • 0

    I scrolled through with my regular browser with regular activity. Recaptcha must have had an update as I was hit with lots of captchas. Before I got about 80-90% of the times green checkbox but the last day I have had to solve fast fading images.
    This is with a stock browser and clean IP.
    No wonder then it's harder to get good score.

    Figured I tell you this, may be valueable to you.

    J 1 Reply
    0
  • DoctorKrolicD

    @FastSpace Я раньше рукапчей увлекался, так там после 10-15 минут решения рекапчи в боте вообще score до 0.1 падал. Кроме прогретого профиля влияет и количество решённых за последнее время рекапч, и то, насколько давно вы последний раз грели профиль и, наверное, уйма других факторов.

    J 1 Reply
    0
  • J

    @DoctorKrolic @FastSpace

    friends, please write in english, we don't understand notthing, google translat is ineffective with abbreviated russian language ...

    @FastSpace Что ты какой-то сказочник. Скор дает еще гретый профиль.
    Кстате у меня с кучей авторизации в нормальном хроме тоже 0.3.

    I never had less than 0.9 on a real chrome

    alt text

    0
  • J

    @0xSentinel hi, Recaptcha V3 updated its code betwen the 27/06/2020 and 28/06/2020 ... it is now very "difficult" (to not write "impossible") to obtain an acceptable score of 0.7 whit BAS.

    0