如何确保客户端反作弊 [英] How to secure client-side anti-cheat
问题描述
首先,
我想表明我知道,从客户端发送的任何信息都不能被信任,因为它可以被欺骗.我对通过模糊来阻止99.9%的潜在欺诈者的安全性方法以及实时检测绕过安全性程序的能力感兴趣.
I want to indicate that I know that any information sent from the client cannot be trusted as it can be spoofed. I am interested in methods of security through obscurity to deter 99.9% of potential cheaters and ability to detect programs that do get around the security in real time.
为此,我有一些想法,包括通过允许客户端根据服务器的请求(通过TCP)进行扫描来验证其正在保护的游戏以及任何潜在的作弊应用的文件和内存校验和,两者检测记忆注入作弊和/或作弊的记忆足迹.因此,旁路黑客将不得不侦听通过SSL发送给它的所有TCP信息,然后通过分解加密/解密功能来了解消息的需求,从而对该消息进行解密.同样,客户端本身可能会自行更改,并允许其根据需要随机添加/删除功能(但由服务器保留),因此作弊者很难学会如何绕过它.这可能毫无意义吗?
Some ideas I had for this included verifying file and memory check-sums of both the game it is securing and also any potential cheat apps by allowing the client-side to scan on request from the server (via TCP), both for detecting memory injection cheats and or a cheats memory footprint. Therefore the bypass hack would have to listen for all TCP information being sent to it on SSL, and then unencrypt the message by disassembling the encryption/decryption function to understand what it wants. Similarly, the client itself may be self changing and allow for it to add/remove features as needed at random (but keep by the server) so that it would be hard for a cheat to learn how to bypass it. This may be pointless?
我只觉得这对于经验丰富的人来说是中等难度的,所以我愿意接受其他可能难以绕过的方法.
I only find this to be moderately difficult for the more experienced, so I am open to other methods that may be hard to bypass.
我只对可能的实现方式感兴趣,而不对如何避免客户端骚动感兴趣,我只是想让它变得非常困难.
I am only interested in possible implementations and not how it's impossible to have a client-side anticheat, I just want to make it really really hard.
添加了minecraft和java标记,该标记适用于Minecraft,我知道社区足够大,有人可能会击败我的系统,但是我希望通过不断的更新和更改,我可以通过独创性和能力击败他们.毅力.
Added minecraft and java tag, and it's for Minecraft, and I know the community is large enough that someone is likely to beat my system, but I hope through the use of constant updates and changes that I can beat them through ingenuity and perseverance.
我发现了这篇文章:如何防止在我们的(多人游戏)游戏中作弊?,我添加他的建议是为了避免重复,因为我在寻找比显而易见的想法更多的想法(而且我不确定他是否不可绕过) >
I found this post: How to prevent cheating in our (multiplayer) games? and I am adding his suggestions so not to duplicate things, as I am looking for more ideas than the obvious (and I am not sure if his aren't bypassable)
1)打开所有其他进程,并挂接其WriteProcessMemory函数,以使它们无法写入游戏的内存中. 过程.如果正确执行此步骤,将阻止90%的作弊行为, 作弊引擎.
1) Open all other processes, and hook their WriteProcessMemory functions so that they can't write to the memory in your game's process. Done right this one step will block 90% of all cheats and cheat engines.
2)做同样的事情,钩住各种鼠标和键盘仿真 功能.这将防止很多瞄准机器人和其他类型的 自动化机器人.
2) Do the same thing, hooking the various mouse and keyboard emulation functions. This will prevent a lot of aimbots and other types of automation bots.
3)挂接到您的VirtualProtectEx/VirtualAllocEx/etc函数中 游戏自己的过程并监控哪些模块正在更改保护 级别或分配新的内存块.你必须要狡猾 这是为了防止当您的计算机占用过多CPU资源时 游戏有很多分配,但是可以做到.
3) Hook into the VirtualProtectEx/VirtualAllocEx/etc functions in your game's own process and monitor which modules are changing protection levels or allocating new memory chunks. You have to be crafty with this in order to prevent it from being too CPU intensive when your game does a lot of allocations, but it can be done.
4)钩入LoadLibrary函数并监视所有DLL. 动态加载,以防止DLL注入.
4) Hook into the LoadLibrary functions and monitor any DLLs that are being loaded dynamically, to prevent DLL injection.
5)在游戏连接上使用一些轻量级的多态编码.
5) Use some lightweight polymorphic encoding on your game connections.
6)使用一些反调试技术来防止调试器 附加到您的流程. Google反调试,您应该 能够找到很多东西.
6) Use some anti-debugging techniques to prevent debuggers from attaching to your processes. Google anti-debugging and you should be able to find lots of stuff.
7)使用自定义的专有PE封隔器以防止有用的拆卸 您的游戏.
7) Use a custom proprietary PE packer to prevent useful disassembly of your game.
8)熟悉处理OpenGL或Direct3D的函数和方法 具有透明度和Alpha混合效果.
8) Hook into your OpenGL or Direct3D functions and methods that deal with transparency and alpha blending.
9)如果使用着色器,请对您的着色器和着色器常数进行校验和 值.
9) If using shaders, checksum your shaders and the shader constant values.
10)对玩家角色使用其他遮挡剔除技术 以防止在视线到达 它们被其他几何图形阻止.它可能会或可能不会帮助您 的性能,但它可以防止许多wallhacks.
10) Use additional occlusion culling techniques on player characters to prevent them from being rendered at all when the line of sight to them is blocked by other geometry. It may or may not help with your performance also, but it will prevent many wallhacks.
推荐答案
如果您希望客户尊重您和游戏,则应该尊重您的客户并意识到您可能会习惯使用游戏客户端计算机存储有价值的信息.
If you want your customer to respect you and the game, you should be respectful of your customer and realize what you see as a game client machine may be used to store valuable information.
允许客户端扫描服务器随机分配的内存的任何部分
allowing the client-side to scan any part of memory given at random by the server
客户端本身可能会自行更改,并允许其根据需要随意添加/删除功能
the client itself may be self changing and allow for it to add/remove features as needed at random
请小心,不要在客户端计算机中打开攻击媒介.读随机分配的任何内存部分"听起来很吓人.您可以通过散列(不小的)内存块并检查一个已知值来减少它.
Just be careful you're not opening an attack vector into the clients machine. Reading "any part of memory given at random" sounds scary. You could make it less so by hashing a (not small) block of memory and checking for a known value.
让服务器发送随机"代码可能会使您的软件看起来像病毒/僵尸网络,成为反病毒/安全工具.这也使客户端对潜在的攻击敞开了大门.
Letting the server send "random" code is probably going to make your software look like a virus/botnet to anti-virus/security tools. It also leaves the client wide open to potential exploit.
1)打开所有其他进程,并挂接其WriteProcessMemory函数
1) Open all other processes, and hook their WriteProcessMemory functions
如果执行此操作,并且注入的代码中有错误,则可能会使客户的整个计算机不稳定.这似乎具有侵略性.您正在运行什么版本的Windows?有什么权限?我非常确定,破解者可以安排从您无权钩挂的进程(例如,在普通用户进程中运行的管理进程)运行他的漏洞利用程序.另外,出于明显的原因,您还需要钩住GetProcAddress.
If you do this, and you have a bug in the injected code, you could destabilize your customer's entire machine. This seems aggressive. And what version of Windows are you running on? With what permissions? I'm pretty sure a cracker could arrange to run his exploit from a process you don't have permission to hook (like an admin process where you're running in a normal user process). Also you'll need to hook GetProcAddress for obvious reasons.
4)钩入LoadLibrary函数并监视动态加载的所有DLL,以防止DLL注入.
4) Hook into the LoadLibrary functions and monitor any DLLs that are being loaded dynamically, to prevent DLL injection.
这并不像听起来那样糟糕,因为您只需要在本地过程中执行此操作即可.
This one's not as bad as it sounds because you only need to do this in the local process.
6)使用一些反调试技术来防止调试器附加到您的进程.
6) Use some anti-debugging techniques to prevent debuggers from attaching to your processes.
(如果有时间的话)确实值得做,但这对于经验丰富的饼干来说只是个减速带.记住,他总是可以在启动时跟踪您的代码,并观察或绕过您的反调试. (这需要时间,但是有些饼干喜欢这个.)
Certainly worth doing (if you have the time), but it's just a speed bump for an experienced cracker. Remember he can always trace your code from startup and observe or bypass your anti-debugging. (It takes time but some crackers enjoy this.)
7)使用自定义的专有PE包装器来防止游戏的有用拆卸.
7) Use a custom proprietary PE packer to prevent useful disassembly of your game.
这是另一种会让反病毒软件引起您注意的软件.
This is another one that's going to get you noticed by Anti-Virus software.
这篇关于如何确保客户端反作弊的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
