Flash游戏破解，得分是49700？如何提高Flash游戏的安全性？ [英] Flash games hack, score is 49700?? How to improve flash games security?

问题描述

我有2个Flash游戏（用as3编写）。高分值被黑了。每场比赛的正常范围不超过5000（普通用户，只能得到2000-3000分）。我目前的反黑客攻击方法是：

完成游戏后，flash将使用post参数send：username = mike& score = 2000&hash = md5（secret。用户名。分数）。在php页面，我做了检查，如果hash！= md5（secret。username。score），它会返回错误，并且WONT将数据插入到数据库中。

我相信这个方法是不够的，否则我的Flash游戏不会被黑客入侵。有什么我可以做的，以提高我的Flash游戏的安全性/反黑客？

黑客如何入侵？使用第三方软件，如Cheat Engine，篡改数据（firefox ext），篡改等？

你能列出所有的标准hack方法吗？ （通过知道黑客的方法/问题，手段已经解决了50％的问题，至少我知道问题出在哪里，并做了一定的预警）

好吧，我的头衔是49700，因为两个游戏的高分都是49700（实际上这个分数值插入到我的数据库中的很多，不同的用户认为），所以我相信他们使用相同的方法

谢谢

解决方案

如果分数验证完全在客户端运行，你必须在服务器端至少做一部分，因为它是远程安全的。我看到了2种方法：

• 定期向服务器发送更新分数，在服务器端检查分数没有跳得太太多（在你的游戏中定义）。如果跳跃，则可以安全地假定玩家正在进行黑客攻击。

你发送整个游戏的移动顺序（以及任何随机产生的事件或任何事件）到最后得分的服务器，并确认得分实际上是准确的。这显然不适用于每个游戏，但对于一些游戏，它可以工作。你没有说具体的关于你的游戏的东西，所以我会在这里留下。

I have 2 flash games (written in as3). Both the highscore value being hacked. The normal range of each game score is not more than 5000 (normal users, will only get 2000 - 3000 points). My current method of anti-hacking is:

After finish the game, flash will use post parameters send: username=mike&score=2000&hash=md5(secret . username . score). In php page, I did the check, if the hash != md5(secret . username . score), it will return error, and WONT insert data into database.

I believe this method is not enough, or my flash games would not be hacked. Is there anything I can do to improve my flash games security/anti-hacking??

How do the hackers hack? Using third-party software like, Cheat Engine, Tamper data(firefox ext), tamperIE etc??

Can you list the all the standard hack methods? (by knowing the hack methods/problems, means has solved 50% of the problems, at least I know where the problems are, and do certain pre-caution to that)

Well, my title has "49700" because both games highscore are 49700 (actually alots of this score value inserted into my database, different users thought), so I believe they are using same methods

Thanks

解决方案

It's not really possible to make your score validation secure if it runs entirely on the client side. You have to do at least part of it on the server side for it to be even remotely secure. I see 2 ways of doing this:

• you send periodic score updates to the server and on the server side you check that the score didn't jump "too much" (to be defined in the context of your game). If it "jumped" you can safely assume the player is hacking.

• you send the entire game movement sequence (along with any random spawns or whatever ai events) to the server with the score at the end and verify that the score is actually accurate. This will obviously not work for every game, but for some games it can work. You didn't say anything specific about your game so I'll leave this here.

这篇关于Flash游戏破解，得分是49700？如何提高Flash游戏的安全性？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！