Posts Tagged ‘customer service’

Customer Server Exploits – Hack any runescape accounts

Sunday, November 2nd, 2008


topofgames.com


Runescape

What Is Customer Support?
This guide talks about how (in general) the Runescape Customer Support (CS) system works. It is an extremely complex and advanced system, but is so open to abuse it’s ridiculous. Now this guide is not necessarily going to teach you how to abuse the CS, more so teach you about how the system works and the ins and outs of it. It will surely give you some resources to use and also to look for and will give you a good idea on how to use different techniques to reach a bug/exploit.

There are two main ways to abuse the CS system. The first is using the CS agents themselves. Many bugs are spawned from “social engineering” your way with the CS Agents most usually by making up fabricated and false stories. CS Agents used to be very loose and easy to get to give into a story, but over the years they have tightened up a lot. It is still very possible to use them, but you have to find a good story as well as a loop hole. I will go into this more later. The other way is by abusing the computer detection system. When you send in an appeal or recovery request sometimes it is automatically processed, well how does it know if it should go to an agent or should it be processed? If you can find a way to auto process it then you will be able to abuse the computer system.

Appeal System-
The appeal system is one that is constantly trying to be abused by many players. There have been many theories about the perfect appeal that 100% works or even how saying the word suicide in an appeal gets it unbanned (or banned depending on who that’s coming from ~-^) but that isn’t true.

Here is how the process typically works. (1)Player gets reported for an offense (player gets reported for macroing by detection software if they are doing so etc.), (2) the reported offense is looked over by an active CS Agent. Member’s offenses are looked at more carefully than non-members offenses obviously, and depending on the seriousness of the offense it can be looked at for a long period of time or a short. If it is serious and the current CS agent does not know what to do he will report it to one of the CS Shift Leaders, then to the Unit leader if applicable. (3) Once it is reviewed there are different paths it can take: Give the account an Appeal with Auto Decline on it, Give the account an Appeal with a Review by CS Agent, or Give the account an Appeal with Auto Accept the appeal on it. Those are pretty self explanatory, they make an auto accept option because sometimes the offense isn’t bad enough for any black marks, but they want to give a warning to the account about what they did and show them they are being watched, etc. Many Appeals are auto declined, that is why when there is an appeal that works extremely well, even though it is good it will not work if it doesn’t even get looked at, thus why there is no such thing as a 100% appeal.

Now I haven’t tested personally a lot with appeals but there are many good appeal writers out there. I suggest making appeals that not only show great logic but (1) Do not admit the offense, ever (2) Coming up with an in real life excuse can sometimes prove affective but it must totally justify the action. Last Chance appeals are a little different and because they are more rare I don’t have a whole lot of testing with them nor do I have a ton of knowledge. I do know a few methods which prove effective on getting successful appeals with them but there are also Auto Declines on some (not as often as regular appeals but still plausible) last chance appeals.

Recover an Account System-
This is the most complicated system that Jagex has made. Telling you guys that I can put everything down on this guide that I know about it is not realistic as it gets very in depth. Again I am not going to tell or show you how to abuse the system, just give you information on how it works. When a lost password (or stolen) request is sent in it is processed through a detection system. What the system looks for is how much correct information was on the form. The very first thing it looks for is the IP of the creator of the account, compared to the ip of person who sent the request in. Let’s say the ip’s are the same, the detection system adds 50% to its meter of 50/100. It will then look for past members details, if the past members details are right it will add 30% (if its nonmembers then it keeps it 50/80 obviously). Next it looks for past passwords adding 10% if they are correct, and finishing off with recoveries, adding 10% of they are right. Now I am not totally sure what percent range it has to be in to get auto accepted, I have yet to test it but I would imagine it would be in the 85-90 percent range. If you only know 1 past password out of 3 then it will only give you 1/3 of the percent, it’s not necessarily an all or nothing thing. Just knowing this information can help you abuse the auto accept, there are ways to.

Now let’s say it doesn’t get an Auto Accept. It can do a few different things, either get auto declined because the information was totally off, or if some of the information is right (it is all dependent upon the percent given in the last paragraph), then it can get sent to a CS Agent who will review the data, but also look at things like the ISP you entered, Email, When you changed IPs, and any other comments you leave. You can make up false storys in the comments box, and that along with other information you give could lead you to abusing the system.

Message System (Billing Support)-
The message system is limited in that they only respond to billing reports, anything else you send them will be totally disregarded. I’ve come to learn this is really the hardest way to abuse the CS system because they are very strict with billing now. They do not like giving out free membership and they are trained to not give it out under any circumstance really.

I have learned a few ways to send them messages not about billing errors but about banned accounts as well as other messages, and still get a real response from them. You can do this by relating anything to a billing error. For example: I sent in a message saying my account should be unbanned because it was supposed to be a temp. ban but has remained banned anyways, calling it a glitch in the ban process. Now regularly they would just ignore it because it has nothing to do with billing errors, but I went on to say I had 14 membership days left and it was only supposed to be banned for 7 days, but it has remained banned thus I have lost those days of membership and would like my account unbanned and membership restored. Now I only sent this in to see if they would actually respond to it, not to get my account unbanned, I would be a little more convincing than that. Here was the response:
Quote:
Our records of the X_Muchuchu account show that it was permanently banned on the 29th November 2007. After reviewing your case, I can confirm tthat the ban will not be removed from your account.
Not only did they reply but they actually went into my account information concerning my ban and reviewed the account. I successfully got them to go out of the billing error side and look at the ban status on my account – this is something they are not trained to do but I manipulated them into doing it anyway. This to me was a decent step and find.

Email-
I don’t want to go in depth with this for many reasons, but I will just say that once your IP gets flagged by Jagex, Email is the only way to abuse the system. Email I have found effective because they look at emails a lot more carefully more than anything else believe it or not. Every time I sent an email I have received a reply, it has been very lengthy, but it has also been very personal, not computer generated or copy and pasted. I’ve held conversations with the Agents and talked to them before as well, right now this has been what I’ve been doing.