Two exploits?

I think these may still work, can someone test for us and report back to this thread?
Im unable to test
1st Exploit (100% Working): Dual Login With Only Internet Windows

1.) Open up Internet Explorer (or Firefox), and go to www.runescape.com.
2.) Choose High Detail, and select a world to play in. (Remember that world!)
3.) Do not login that character!
4.) Minimize the Internet Window, and open another Internet Window.
5.) Take that one to www.runescape.com also.
6.) Click the on the Play Runescape button.
7.) At the detail screen where you select detail, scroll down to the bottom.
8.) Open the drop down Java Version Window and select "Unsigned Applet Using Default Java".
9.) Select the gray Low Detail button below that Java Version Window.
10.) Choose the same world as your other character.
11.) Log both characters in (Yes, it will let you!).
12.) Congratulations! You just did a Dual Login with only the common Iternet Window.

2nd Exploit (Not Known to Work Very Well): Invincibility For Members (Dual Arena)

1.) You must be a member! Login to a member's world.
2.) Go to the Al Kharid Dual Arena.
3.) Get some type of poisoned weapon first (ddp, dds, dd+, Dragon Spear (s), etc...)
4.) Challenge someone. When you start dualing, immediatily start using your super attack on him with the poisoned weapon.
5.) The open your stats window (The sidebar icon with the different color bars)
6.) Click as fast as you can on the crafting icon.
7.) Keep doing that till you opponent dies from being poisoned.
The trick is that you poisoned him, and when you click the crafting icon, neither of you can attack each other, therefore, you are stationary and he is slowly dieing from poison. This will work on any level opponent. Practice it some before going all out and betting money.
THIS EXPLOIT IS NOT KNOWN TO WORK VERY WELL AT ALL!

3rd Exploit (100% Working): Detect If Moderators Are Present While Autotyping

This exploit is mainly for those who use autotypers in merchanting worlds (i.e. World 1, World 2, etc...)

1.) Start Runescape up like normal (Can be client or regular internet, doesn't matter).
2.) Go to your usual selling or buying world.
3.) Now down where is says Public Chat, Private Chat, Trade/Compete, click the setting below Public Chat, till it shows the setting "Hide".
4.) Start up your autotyper and begin your normal merchanting.
5.) When a moderator, if he's somewhere around your area, begins speaking, it will show up in your chat window
6.) Stop autotyping till he leaves, or find a new spot. Warning avoided.

 

#2 is patched. #1 works but here's a better dual-log exploit: http://sythe.org/showthread.php?t=1375171.

 

Number 1 has worked for 10 years
number 2 never heard of it but I don't stake and
number 3 isn't an exploit at all. It is in the game so people regardless of chat settings can see a mods messages

 

dual-log potentially protect you from staking? like login then start bank stanking.. if you lose close that tab and login with a diff acc and xfer your money from the account you havent staked with onto a mule so potentially duping gold?

 

No. That's just stupid.

Also, I usually just use a VM and then my main computer to dual-log, so that Jagex can see I'm using two different MAC addresses, which could indicate that two different computers potentially owned by different people are just sharing an internet connection and are making trades to each other.

 

I hate to burst your bubble, Trent, but unless Jagex subpoenaes your ISP to disclose the MAC addresses of all the incoming connections from your IP, they would never know. Since such a subpoena would be granted only in a lawsuit, it's safe to say they will never know. All Jagex gets to see about you is your IP, which isn't good for much other than knowing where your router is connected.

Btw this is true for any other website on the planet, unless you grant special permission for them to know more personal information about you. Much less than people think is transmitted through an Internet connection.

 

yeah none of these are exploits or bugs except the 2nd one and it was patched quite a long time ago. the 3rd one is just stupid, you cant detect shit they have to talk to see the crown which is just fact ... you are detecting anything just observing. What kind of dumbass watches his account while autotyping too lol ... kinda defeats the purpose of doing it .

 

I can't see how the mac address relates to this. the ip is determined by your router, not your computer, mac addresses are just what the router uses to distinguish between computers..

 

Jasper can you provide more details on your workings

 

Trent was saying he uses a VM to dual-log without being banned because it "tricks" Jagex into thinking he is running two different computers. You can run 100 accounts on the same computer or on 100 different computers; Jagex would never know the difference because legally all they get to know about you is your IP address. The only party that gets to see your MAC address is your Internet Service Provider, and they are obligated by law to keep those secret.

 

the mac address does not relate in any way shape or form to multilogging, if you run rs from different caches you can run as many as you want on the same computer. IP addresses aren't what limit multilogging.

 

If #2 is still working even to the smallest extent, I'm willing to continually test it until we get it right.

If not then the other two aren't really that massive of exploits.

 

That isn't the point. He is saying that for Jagex to see his Mac Address they would have to see personal information that isn't released publicly.

 

I'm sorry to say this, but you're actually quite wrong. I spoke to a Java programmer to get a bit more details.

The fantastic thing about Java applets and programs is that it allows you to check certain hardware settings or information. This includes MAC addresses. Also, if they had no way of telling your MAC address then they would have no way of knowing if multiple accounts are logged in on the same computer (which they will reject the 2nd account logging in, unless you use the simultaneous log-in bug). That's why it will give you a message saying "Login limit exceeded: too many connections from your address." when you try to log into two accounts on the same computer, but I can log into 10 different accounts on 10 different computers, or even have 4 VMs running each with a different RS account, and still log into another account on my main OS without receiving the error message... all on the same IP.

It's really as simple as this with Java:

byte[] mac = network.getHardwareAddress();

Nothing illegal about it lol

EDIT: I just did a simple google search and found a longer example of how to obtain a user's MAC address if they are using a Java based application or applet:

Code:

def computerID: String = {
  try { // mac address of first network interface
    return java.net.NetworkInterface.getNetworkInterfaces
    .filter(!_.isLoopback)
    .filter(_.getHardwareAddress != null)
    .toList.sortBy(_.getName).head
    .getHardwareAddress.map("%02x".format(_)).mkString(":")
  } catch {
    case _ => return "0" // no mac address available? use default "0"
  }
}

 

Interesting trent, thanks for that info