阻止人们入侵 Flash 游戏的基于 PHP 的高分表的最佳方法是什么? [英] What is the best way to stop people hacking the PHP-based highscore table of a Flash game
问题描述
我说的是一个没有分数上限的动作游戏,也没有办法通过重放动作等来验证服务器上的分数.
I'm talking about an action game with no upper score limit and no way to verify the score on the server by replaying moves etc.
我真正需要的是 Flash/PHP 中可能的最强加密,以及一种防止人们通过我的 Flash 文件以外的方式调用 PHP 页面的方法.过去我尝试过一些简单的方法,例如多次调用单个分数并完成校验和/斐波那契数列等,还使用 Amayeta SWF Encrypt 混淆 SWF,但最终它们都被黑了.
What I really need is the strongest encryption possible in Flash/PHP, and a way to prevent people calling the PHP page other than through my Flash file. I have tried some simple methods in the past of making multiple calls for a single score and completing a checksum / fibonacci sequence etc, and also obfuscating the SWF with Amayeta SWF Encrypt, but they were all hacked eventually.
感谢 StackOverflow 的回复,我现在从 Adobe 找到了更多信息 - http://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps_12.html 和 https://github.com/mikechambers/as3corelib - 我想我可以用它来加密.不确定这会让我绕过 CheatEngine.
Thanks to StackOverflow responses I have now found some more info from Adobe - http://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps_12.html and https://github.com/mikechambers/as3corelib - which I think I can use for the encryption. Not sure this will get me around CheatEngine though.
我需要知道 AS2 和 AS3 的最佳解决方案(如果它们不同).
I need to know the best solutions for both AS2 and AS3, if they are different.
主要问题似乎是 TamperData 和 LiveHTTP 标头之类的东西,但我知道还有更高级的黑客工具 - 比如 CheatEngine(感谢 Mark Webster)
The main problems seem to be things like TamperData and LiveHTTP headers, but I understand there are more advanced hacking tools as well - like CheatEngine (thanks Mark Webster)
推荐答案
这是网络游戏和竞赛的经典问题.您的 Flash 代码与用户一起决定游戏的分数.但是用户不受信任,Flash 代码在用户的计算机上运行.你是索尔.您无法阻止攻击者伪造高分:
This is a classic problem with Internet games and contests. Your Flash code works with users to decide a score for a game. But users aren't trusted, and the Flash code runs on the user's computer. You're SOL. There is nothing you can do to prevent an attacker from forging high scores:
Flash 比您想象的更容易进行逆向工程,因为字节码有详细记录并描述了一种高级语言 (Actionscript) --- 当您发布 Flash 游戏时,您正在发布您的源代码,无论您是否知道.
Flash is even easier to reverse engineer than you might think it is, since the bytecodes are well documented and describe a high-level language (Actionscript) --- when you publish a Flash game, you're publishing your source code, whether you know it or not.
攻击者控制 Flash 解释器的运行时内存,因此任何知道如何使用可编程调试器的人都可以随时更改任何变量(包括当前分数),或更改程序本身.
Attackers control the runtime memory of the Flash interpreter, so that anyone who knows how to use a programmable debugger can alter any variable (including the current score) at any time, or alter the program itself.
对您系统的最简单可能的攻击是通过代理运行游戏的 HTTP 流量,捕捉高分存档,并以更高的分数重播.
The simplest possible attack against your system is to run the HTTP traffic for the game through a proxy, catch the high-score save, and replay it with a higher score.
您可以尝试通过将每个高分存档绑定到游戏的单个实例来阻止这种攻击,例如通过在游戏启动时向客户端发送加密令牌,可能如下所示:
You can try to block this attack by binding each high score save to a single instance of the game, for instance by sending an encrypted token to the client at game startup, which might look like:
hex-encoding( AES(secret-key-stored-only-on-server, timestamp, user-id, random-number))
(您也可以使用会话 cookie 达到相同的效果).
(You could also use a session cookie to the same effect).
游戏代码将此令牌回显到服务器并保存高分.但是攻击者仍然可以再次启动游戏,获取令牌,然后立即将该令牌粘贴到重播的高分存档中.
The game code echoes this token back to the server with the high-score save. But an attacker can still just launch the game again, get a token, and then immediately paste that token into a replayed high-score save.
接下来,您不仅要提供令牌或会话 cookie,还要提供高分加密会话密钥.这将是一个 128 位 AES 密钥,它本身使用硬编码到 Flash 游戏中的密钥进行加密:
So next you feed not only a token or session cookie, but also a high-score-encrypting session key. This will be a 128 bit AES key, itself encrypted with a key hardcoded into the Flash game:
hex-encoding( AES(key-hardcoded-in-flash-game, random-128-bit-key))
现在在游戏发布高分之前,它会解密高分加密会话密钥,它可以这样做,因为您将高分加密会话密钥解密密钥硬编码到 Flash 二进制文件中.您使用此解密密钥以及高分的 SHA1 哈希值对高分进行加密:
Now before the game posts the high score, it decrypts the high-score-encrypting-session key, which it can do because you hardcoded the high-score-encrypting-session-key-decrypting-key into the Flash binary. You encrypt the high score with this decrypted key, along with the SHA1 hash of the high score:
hex-encoding( AES(random-128-bit-key-from-above, high-score, SHA1(high-score)))
服务器上的 PHP 代码检查令牌以确保请求来自有效的游戏实例,然后解密加密的高分,检查以确保高分与高分的 SHA1 匹配(如果您跳过这一步,解密只会产生随机的,可能非常高,高分).
The PHP code on the server checks the token to make sure the request came from a valid game instance, then decrypts the encrypted high score, checking to make sure the high-score matches the SHA1 of the high-score (if you skip this step, decryption will simply produce random, likely very high, high scores).
所以现在攻击者反编译你的 Flash 代码并快速找到 AES 代码,它像拇指一样突出,尽管即使没有它也会在 15 分钟内通过内存搜索和跟踪器找到(我知道我这个游戏的分数是 666,所以让我们在内存中找到 666,然后捕捉任何触及该值的操作——哦,看,高分加密代码!").有了会话密钥,攻击者甚至不必运行 Flash 代码;她获取了一个游戏启动令牌和一个会话密钥,并且可以发回任意的高分.
So now the attacker decompiles your Flash code and quickly finds the AES code, which sticks out like a sore thumb, although even if it didn't it'd be tracked down in 15 minutes with a memory search and a tracer ("I know my score for this game is 666, so let's find 666 in memory, then catch any operation that touches that value --- oh look, the high score encryption code!"). With the session key, the attacker doesn't even have to run the Flash code; she grabs a game launch token and a session key and can send back an arbitrary high score.
您现在正处于大多数开发人员放弃的地步 --- 给或花几个月的时间与攻击者搞砸:
You're now at the point where most developers just give up --- give or take a couple months of messing with attackers by:
使用 XOR 操作对 AES 密钥进行加扰
Scrambling the AES keys with XOR operations
用计算密钥的函数替换密钥字节数组
Replacing key byte arrays with functions that calculate the key
在整个二进制文件中散布伪造的密钥加密和高分帖子.
Scattering fake key encryptions and high score postings throughout the binary.
这主要是在浪费时间.不用说,SSL 也不会帮助您;当两个 SSL 端点之一是邪恶的时,SSL 无法保护您.
This is all mostly a waste of time. It goes without saying, SSL isn't going to help you either; SSL can't protect you when one of the two SSL endpoints is evil.
以下是一些实际上可以减少高分欺诈的方法:
Here are some things that can actually reduce high score fraud:
需要登录才能玩游戏,让登录生成会话 cookie,并且不允许在同一会话中启动多个未完成的游戏,或同一用户的多个并发会话.
Require a login to play the game, have the login produce a session cookie, and don't allow multiple outstanding game launches on the same session, or multiple concurrent sessions for the same user.
拒绝持续时间少于有史以来最短的真实游戏的游戏会话的高分(对于更复杂的方法,尝试隔离"持续时间低于平均游戏持续时间少于 2 个标准差的游戏会话的高分).确保您在服务器端跟踪游戏持续时间.
Reject high scores from game sessions that last less than the shortest real games ever played (for a more sophisticated approach, try "quarantining" high scores for game sessions that last less than 2 standard deviations below the mean game duration). Make sure you're tracking game durations serverside.
拒绝或隔离只玩过一两次游戏的登录的高分,这样攻击者就必须为他们创建的每个登录生成一个看起来合理的纸上记录".
Reject or quarantine high scores from logins that have only played the game once or twice, so that attackers have to produce a "paper trail" of reasonable looking game play for each login they create.
心跳"在游戏过程中得分,以便您的服务器在一场游戏的整个生命周期内看到得分的增长.拒绝不遵循合理分数曲线的高分(例如,从 0 跳到 999999).
"Heartbeat" scores during game play, so that your server sees the score growth over the lifetime of one game play. Reject high scores that don't follow reasonable score curves (for instance, jumping from 0 to 999999).
游戏过程中的快照"游戏状态(例如,弹药量、关卡中的位置等),您可以稍后与记录的临时分数进行核对.您甚至不需要有一种方法来检测这些数据中的异常情况;你只需要收集它,然后如果事情看起来很可疑,你可以回去分析它.
"Snapshot" game state during game play (for instance, amount of ammunition, position in the level, etc), which you can later reconcile against recorded interim scores. You don't even have to have a way to detect anomalies in this data to start with; you just have to collect it, and then you can go back and analyze it if things look fishy.
禁用任何未通过安全检查(例如,提交未通过验证的加密高分)的用户的帐户.
Disable the account of any user who fails one of your security checks (for instance, by ever submitting an encrypted high score that fails validation).
请记住,您只是在此处阻止高分欺诈.没有什么可以阻止如果.如果您的游戏中有钱,那么有人会打败您想出的任何系统.目标不是阻止这次攻击;这是为了让进攻变得更加昂贵,而不仅仅是真正擅长游戏并击败它.
Remember though that you're only deterring high score fraud here. There's nothing you can do to prevent if. If there's money on the line in your game, someone is going to defeat any system you come up with. The objective isn't to stop this attack; it's to make the attack more expensive than just getting really good at the game and beating it.
这篇关于阻止人们入侵 Flash 游戏的基于 PHP 的高分表的最佳方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
