防止自动化 [英] Protection against automation
问题描述
我们的下一个项目应该是一个基于 MS Windows 的游戏(用 C# 编写,带有一个 winform GUI 和一个集成的 DirectX 显示控件),供想要向最好的玩家赠送奖品的客户使用.这个项目计划运行几年,包括锦标赛、天梯、锦标赛、玩家对玩家动作等等.
One of our next projects is supposed to be a MS Windows based game (written in C#, with a winform GUI and an integrated DirectX display-control) for a customer who wants to give away prizes to the best players. This project is meant to run for a couple of years, with championships, ladders, tournaments, player vs. player-action and so on.
这里的一个主要问题是作弊,因为如果玩家能够——例如——让一个定制的机器人为他玩游戏(更多是在战略决策方面而不是在玩游戏方面),他将受益匪浅几个小时).
One of the main concerns here is cheating, as a player would benefit dramatically if he was able to - for instance - let a custom made bot play the game for him (more in terms of strategy-decisions than in terms of playing many hours).
所以我的问题是:我们有哪些技术可能性来检测机器人活动?我们当然可以跟踪播放的小时数,分析检测异常的策略等等,但就这个问题而言,我更想知道诸如
So my question is: what technical possibilites do we have to detect bot activity? We can of course track the number of hours played, analyze strategies to detect anomalies and so on, but as far as this question is concerned, I would be more interested in knowing details like
- 如何检测其他应用程序是否定期截屏?
- 如何检测另一个应用程序是否扫描了我们的进程内存?
- 确定用户输入(鼠标移动、键盘输入)是否是人工生成的而非自动生成的有哪些好方法?
- 是否可以检测另一个应用程序是否请求有关我们应用程序中控件的信息(控件的位置等)?
- 作弊者可以通过哪些其他方式收集有关当前游戏状态的信息,将这些信息提供给机器人并将确定的操作发送回客户端?
非常感谢您的反馈!
推荐答案
我不久前编写了 d2botnet,这是一个 .net 暗黑破坏神 2 自动化引擎,您可以添加到需要注意的事项列表中的内容格式错误/无效/伪造的数据包.我假设这个游戏将通过 TCP 进行通信.数据包嗅探和伪造通常是游戏(无论如何在线)自动化的第一种方式.我知道暴雪会检测到格式错误的数据包,我试图避免在 d2botnet 中做一些事情.
I wrote d2botnet, a .net diablo 2 automation engine a while back, and something you can add to your list of things to watch out for are malformed /invalid/forged packets. I assume this game will communicate over TCP. Packet sniffing and forging are usually the first way games (online anyways) are automated. I know blizzard would detect malformed packets, somehting i tried to stay away from doing in d2botnet.
因此请确保检测到无效数据包.加密它们.散列它们.做一些事情以确保它们是有效的.如果您考虑一下,如果有人可以确切地知道来回发送的每个数据包的含义,他们甚至不需要运行客户端软件,这将使任何基于进程的检测成为一个有争议的问题.因此,您还可以添加某种基于数据包的质询响应,您的客户必须知道如何响应.
So make sure you detect invalid packets. Encrypt them. Hash them. do somethign to make sure they are valid. If you think about it, if someone can know exactly what every packet means that is sent back and forth they dont even need to run the client software, which then makes any process based detection a moot point. So you can also add in some sort of packet based challenge response that your cleint must know how to respond to.
这篇关于防止自动化的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
