MyPVM Plugin Exposed/Violations

Link the current Sythe account: MyPvM
Which violation you are reporting the user for: Services that mention only Runelite Plugins and mention nothing about the use of a Third Party Client (Ethans API Injected Runelite), Claims that their custom plugin does not "Interact with the game, but only Runelite" when it clearly does.
Why you think they're violating Sythe rules:
After some extensive research, it was found that MyPvM services "Security Bot" is nothing more than a RLPL Sideloaded plugin which has the possibility to trigger 3pc/Macro Minor/Major and Bot Busting Moderate/Major bans. We have seen this previously with the SkillBox wipe where users who were just on the Runelite based client which was injected was wiped. MyPvM is using RLPL Sideloaded "Security Bot" to manage their Workers to login, enter bank pin, force log out, watch for trades, etc. Many of these tasks do require game interaction to work. While they may claim to have no bans, we may not know the entirety of the truth, but in doing so, they also place considerable risk upon customers if one day Jagex decides to target Runelite Injection as well.

Proof from a Group Chat:
imgur.com

Misc: To sideload runelite, you need to either have your own injection api or use the main one which is available: Ethans API or use Openrs Fork which as we see here:
Looking for a custom OpenOSRS/Runelite Plugin
The user MyPvM was looking to purchase and did so.


This is not a post to take down competition, but more to bring light on falsifying information/bad business practices for workers and customers who do not know better.

 

Who the fuck is Ethan

 

imgur.com
User wished to stay anonymous. But after digging deeper, it may seem that MyPvM is not even using Runelite but the Jagex Unapproved OpenOSRS client fork. Thus the claim that "Who the fuck is Ethan" may seem to fit.

If user is using OpenOSRS, Ethan's API is not neccessary but this poses an even greater thread as they are not even using the official Runelite client.

How the respected and well esteemed Sythe Moderators play this out (either as a simple False Advertisement Violation to something more severe) will truly showcase on whose side Sythe stands on. There has been a clamor among the community with the past rulings recently overwriting TOS and such and I believe this is a unique case as MyPvM is not a small provider and has affected hundreds of customers without their knowing.

 

Upon further research, we were able to attain their exact setup as well as their files and guide of their setup. Upon peeking into their code, they are confirmed using an injected version of Runelite or OpenOSRS.

<removed>

- Plugin -
<removed>
ng
- Injector -
<removed>
OR
<removed>

 

You took 40 minutes to look at obfuscated code and arrived at that conclusion? Then proceeded to leak files meant for our workers? myturtles

Also, this report is such a shit show that we're still not sure what it is you expect us to respond to. MyPvM might do this - actually they do that - never mind they do this, what the fuck are you smoking lmao

No1 ever got banned using our plugin, you have a few Sythe Mods that can vouch for this.

 

It ain't me gang probs Keith playing a blame game. But ey, since you added me in, I will put my 2 cents in.

File 1 - Fully deobfuscated, took 3 minutes. Clearly injecting and sideloading. It is a confirmed 3PC.

File 2 - Better encrypted, contains the API Endpoints for their Login Database. Cba doing more but if this is meant for workers, it is possible someone who has time can wireshark/burp the endpoints and get the tokens and spoof requests to pull logins from the database. The security you claim it had is honestly mid at best. I am not even a decent reverser and I could get a fair amount in there.

This is something Titanite mentioned and I looked into (database access).

Also FYI, most of these leaks weren't even by me except the initial screenshots that went into the said private group.

2nd ones someone forwarded me, 3rd one I got from sythe.
imgur.com

 

1. We use setUsername and setPassword functions available on the RuneLite client. They are approved macros and help enable community plugins such as 1password.

- <runelite/runelite-api/src/main/java/net/runelite/api/Client.java at f654e1ccbaa6cff23e50c32fde876aea9e15a00f · runelite/runelite
- <https://runelite.net/plugin-hub/show/onepassword-plugin>

2. We use an iteration of RuneLite's official BankPlugin. The official version maps numbers on your keyboard to bank pin numbers (eg. 0 to 0, 1 to 1, etc...). We just map everything to the correct bank pin, so the worker can click random numbers (eg. 0-9 to 6).

- <runelite/runelite-client/src/main/java/net/runelite/client/plugins/bank/BankPlugin.java at f654e1ccbaa6cff23e50c32fde876aea9e15a00f · runelite/runelite

 

Hi Pikachu,

I'm their dev. To start off, I'd like to apologies for the whole "edited" and "report" thing - we do want to make little noise on our implementation as possible.

That being said, aside from the clause that which we've quoted above, we don't have any other statements of relevance. Since Jagex announced their ban on 3rd party clients:
- We immediately stepped away from traditional methods and begun development of an in-house solution.
- During the development stage, we stopped using plugins altogether; the amount of effort that we try to take to ensure customer satisfaction and protection should not be overlooked.
- Once we've tested the solution on our own accounts and were confident in the solution, clients were made aware of this transition in a public announcement. We unfortunately cannot show this announcement due to the recent server nukes.

Since this announcement, we've continued to operate under the assumption that clients were aware of the implied risks, thus being covered under our notice of risks statement, the same one we've given you above. Furthermore, we've happily accommodated any clients who wanted to opt out of this service. As proof of our success, to this date, we've had no issues with any of our clients on this topic.

Going forward, we will be more specific with these implied risks that you've mentioned and make the necessary edits to our TOS. Furthermore, if you have any additional changes that you'd like to see, we can discuss those as well. We hope you can use our track record in making your final decision.

 

The math ain't mathing? Working on a in house solution? June 24, 2022. 1.5 years and no solution? Excuses? Take it on the chin. You have shady practices and stop squirming and worming out of this. You aren't some small random provider. You are one of the largest on the scene. Your announcement is not on Sythe nor your website or discord or TOS. Why not repost it? Was it there even in the first place?

Edit: Your risk statement enclosed a minor ban may happen. For what?
"Appeal as compromised" Do you garuntee ban reversal? Are you a Jmod? Like you look so sketchy but you "implied" the risks while knowingly hiding the factual information for years and to thousand+ customers. Giga rat moves. FYI, legit players who get banned can't even successfully appeal, what makes you think your customers can. Sounds and smells like some fresh shit. Wonder if the sythe mods can sniff past it too.

Third Party Clients Update

 

Can you clarify what you mean by no solution and shady practices? I don't understand your rebuttal.

 

3pc ban = June 24/2022
1.5 years
No solution?
"BEGUN DEVELOPMENT OF AN IN HOUSE SOLUTION"

Lack of info on website, tos, sythe, discord

Like damn, I know liars forget their lies but that's the fastest I have ever seen. Gold fish ahhh attention span

 

Not sure if you read the whole post or just that sentence out of context. Just so we're clear and on the same page, both our security plugin and steroid were developed by me. The solution we have now is the result of the work we did a long time back. If your calculations are correct, it also shows that we are 1.5 years effective.

On the topic of TOS, I've worked with the founders for a long time now. I understand their frustration when they have a strong TOS, but it gets overridden. If they have a weak TOS, they could be punished. It's a difficult game to win, and we're trying to advocate that these standards be made more clear. Ironically, this very thread is a prime example of people whom we've never worked with before having problems with the way we write things.

On the topic of the recent scam report, it seems like everyone thinks we wanted to pocket the money. For some reason, this overshadowed the fact that we offered multiple times to donate to sum to the community repayment pool. We were arguing the fact that the money shouldn't be returned as user was clearly guilty - not that we should keep it.

Anyways, that's all from me for now. These are just my opinions as their dev. We are way off topic now and mods don't like spam -- I agree.

 

So are you denying the allegations that you are side loading, using steroid, or any form of runelite customization which is not approved by jagex? Cut the fluff out shitter, we all want straight answers.

Goat of ring around the rosie, Avoider much?, wormhole simulator on sythe? Just take it on the chin mate. Tryna act like you a whole ass corporate company when you out here providing RS services and doing scummy shit.

As Keith said: "Time to get Expos'd", Don't forget his 3rd cousin is Sir Pugger. We will get him on the case!
https://i.imgur.com/LttCZI3.png

 

Hi all, just wanted to highlight more things to consider:

• "which is not approved by jagex" is hardly an argument. Let's also not forget that we're on the black market.
• While Jagex are the ones issuing the 3pc bans, to my knowledge, their data point is RuneLite itself. During the initial OpenOSRS wave, there was an ongoing theory in the community that RuneLite introduced a switch. OpenOSRS, being a fork of RuneLite, failed to catch this during the initial game update. This then became a cat and mouse game between the developers of OpenOSRS and RuneLite. Hopefully someone can correct me if I'm wrong here.
• Steroid is not OpenOSRS and does not do what OpenOSRS did.
• I don't know what other clients do, but I'm pretty sure I've seen ex-OpenOSRS developers move away onto their own methods. Some worked, some didn't. We haven't had issues with ours.
• While we do use an unofficial plugin - the plugin follows all the rules of vanilla RuneLite without any additional API modifications. There are several posts above linking to Jagex's original 3PC post - let's review them. MyPvM uses RuneLite (technically). None of what we do violate any of the forbidden features they've listed either. We don't interact with the game in any way that they've forbid. This should've been proved in our initial edited response.

Let me know if you'd like me to try and explain this further.

Also, if we need to further this discussion, can we also talk about myturtles's eligibility to continue posting on this thread? We originally dragged him in to prevent our workers internal files from getting leaked but throughout this thread, it has become evident that:

• To our knowledge, we don't work with him and he has never been our customer. Quite frankly, we didn't even know he existed until a couple days ago.
• He doesn't seem to be able to read or write proper English. He has either failed his elementary English classes, using translate, or straight up trying to gaslight. Everything that we've posted somehow gets twisted - having to re-explain everything is time-consuming and not what we want to do.
• He has his own service discord. Unless I'm wrong, from what I can see, we have about as many active workers as he does active members. MyPvM tries to abide by Sythe's terms, but we're not aware that you guys hired a new lawyer to talk TOS and risk assessment with us without the qualifications to do so.
• He tried "exposing" our worker's onboarding files, but was only able to conclude the fact that we sideload and have authentication. The most basic developer would be able to arrive at that conclusion as it's basic fundamentals. He clearly also lacks technical expertise, so how is he able to advocate against the effectiveness of our methods?
• His posts on this thread are 30% actual questions and concerns, 70% being a keyboard warrior. While this is the internet, a scam report is hardly ever the place to be seeking attention.

 

@Pikachu
Tldr:
They are using Steroid, a non Runelite client and have just admitted to it. They are using a non official RL plugin and just admitted to it. Neither of are highlighted in any info present.

Service provider talks: I sell botted accounts majority of which are for botting. I have botted services. I don't advertise on Sythe. Simple lol. My hand done services aren't even released nor are they advertised on Sythe too.

FYI: Not going to respond unless necessary got shit IRL to do for a while, peace out. Sythe mods handling this, just drop me a DM on discord if needed. Ty.

 

I love how we're going backwards here.

 

Yes, that's the goal since you are a master in the art of fluff.

 

To sum it up @Pikachu;

• We use Runelite
• This post has gone too far. We should be within our rights to keep certain aspects of our process confidential. Significant money and time were invested in developing this plugin - many have been quoted over $10k for a similar process. We have a incredible and proven track record, and we should not be obligated in sharing every detail. Our process works. Our clients are happy. Our workers are paid. I could understand concerns if clients were facing bans frequently, but I never expected envy to be the factor behind this report.
  
• We have always tried to be transparent about having our own plugin and its safety, which remains at 100% so far. This can be seen on the following image, where we say "using our plugin" and "chance to receive a minor ban". Not to mention that the plugin is just an extra layer of security.
  
  
  
• Given the interest this has sparked, we have decided to update our Terms of Service with the following complementary additions;

~Dário