安卓游戏不断遭到黑客攻击 [英] Android Game Keeps Getting Hacked
问题描述
因此,我们已经经历了几次了,现在,我们发布游戏(便宜),有人黑客它,并把它挂在一面镜子。我们安装谷歌快讯为我们所有的应用程序,所以我们每天都得到告诉谁做的黑客。到目前为止,我们已经实施了授权服务如谷歌曾建议,我们的盐牌照开始与唯一的设备ID,每次随机进行。我们运行检查服务一次,当应用程序启动的第一次。然后,我们生成一个512字符的哈希的关键,而相比较于共享preferences从那里出来的储值。
So we've been through this several times now, we release a game (for cheap) and someone hacks it and puts it up on a mirror. We setup Google Alerts for all our apps, so we get told daily who's doing the hacking. So far, we have implemented the licensing service as Google has suggested, our salt is randomly made each time the license is initiated with the unique device ID. We run the check service once, when the application is started for the first time. We then generate a 512 character hash for the key and the stored value that is compared against in SharedPreferences from there on out.
现在,我知道,一旦检查大概是其中应用程序被阻止。我们字节code最有可能一直看着,并没有重新编译发起的检查线路。
Now, I know that checking once is probably where the application is being blocked. Our bytecode has most likely been looked at and recompiled without the line that initiates the check.
在这里,我并不想混淆我们的code,因为我已经看到它之前打破。我想要的东西多一点坚实的,我也想学习如何正确地做到这一点。我比,因为只有2%的人会不断寻找被攻击的版本,赚钱在这一点上更热衷于学习。
From here, I don't want to obfuscate our code as I have seen it broken before. I want something a little more solid, and I also want to learn how to do this properly. I am more interested in learning than making money at this point since only 2% of people will ever look for a hacked version.
到目前为止,在我自己的,我想出了那个被放置在游戏中的一些启动区一个随机数发生器。当启动(比如1出50次)检出许可证。我知道这将使其更难破解,因为裂解装置必须消除各种情况下,编译,消除编译。这种方法但是,仍然被破解......所以你们怎么认为?同样,我在安全的过程很感兴趣,所以请教育,不要把它变成一个讨论混淆或基于时间戳定期检查。
So far, on my own, I have come up with a random number generator that is placed in several startup areas of the game. When initiated (say, 1 out of 50 times) the license is checked. I know this would make it harder to hack because the cracker would have to eliminate each case, compile, eliminate, compile. This method however, is still crackable...so what do you guys suggest? Again, I am really interested in this process of security, so please educate, don't turn this into a discussion on obfuscation or checking periodically based on a timestamp.
感谢
推荐答案
我的想法心不是黑客证明,但可能会删除一些兴趣黑客游戏。
My idea isnt hacker proof, but might remove some of the interest for hacking the game.
免费增值模式
1)使第一5-10级别分类,使人们可以了解游戏,并有一些乐趣而无需支付。更不会想破解的第一级和比赛用免费增值模式将小号$ P $垫更进一步。
1) Make the first 5-10 levels free so people can learn the game and have some fun without paying. Less will want to hack the first level and the game will spread even further by Freemium model.
共享软件/集群levelpacks
2)让游戏水平或逻辑的一部分保持在线。例如。达到5级或10或15的时候,然后下载一小部分进行游戏,每一次从游戏提交进度日志和验证这种对抗可能的值+散codeS。这或许可以使人们有可能自动关闭被攻击的账户下来。
2) Let part of the game levels or logic stay online. Eg. when reaching for level 5 or 10 or 15, then download small parts for the game, and every time submit the progress-log from the game and validate this against possible values + hashcodes. This could perhaps make it possible to automatically close down of hacked accounts.
隐形作弊保护
3)您也可以仅仅指望你在游戏周围发生的小的警告标志。不要只是为您在一开始的验证,没有建立这些标志融入游戏逻辑本身。不要让它打破了游戏,因为那样的话没有人会寻找它。 然后,当用户达到级别的怪物结束后,检查是否有任何记录的警告标志。在游戏中,这些都不会显示出来,所以用一个破解版不知情的用户可以玩几个小时/天,suddently意识到他/她不可能完成比赛或进到一个新的水平,因为游戏有一个错误。哪些用户不知道的是,这个错误只occures砍死的客户。
3) You could also just count "small warning flags" that you place around in the game. Dont just check for the "validation" in the beginning, no build these flags into the game logic itself. Dont make it break the gameplay, because then noone will look for it. Then when the user reached the end of level monster, check if there were any logged warning flags. These will not show up inside the game, so the unknowing user with a hacked edition could be playing for hours/days and suddently realize that he/she couldnt finish the game or advance to next level, because the game had a "bug". What the user didnt know was that this bug only occures on hacked clients.
结论
比饼干更聪明。傻瓜他们以为作业已经完成。做一个copyprotection,知道了更先进的饼干就可以将其删除。但他们可能不希望打50的水平,以检查是否裂缝也适用所有的方式。
Be smarter than the crackers. Fool them into thinking the job was done. Make a copyprotection and know that the more advanced crackers will be able to remove it. But they probably dont want to play 50 levels to check if the crack also works all the way.
一旦他们意识到这个问题,他们可能会开始破解它。但是,如果你打破了将比赛拖入级包,你仍然可以每包下载的验证。所以一旦你收到黑客攻击客户端的散列数据,然后只执行exeception和游戏崩溃的客户端。哎呦游戏坠毁。不要告诉它,因为它的攻击。程序错误可以happend。 : - )
Once they realize this problem, they might start to crack it too. But if you break the game up into level-packs, you can still validate between each pack download. So once you receive hacked client hash data, then just execute an exeception and crash the game on the client. Whoops the game crashed. Dont tell its because its hacked. A program error can happend. :-)
此外,它不是黑客的证明。但是,它可能会惹恼他们足够的移动到下一场比赛。最后,你还可以把定期更新游戏,只有最新的版本应该可以发布记录等这样的活跃用户必须更新以保持循环。
Again, its not hacker proof. But it might annoy them enough to move on to the next game. Lastly, you could also put out regular updates for the game and only the latest version should be able to "post the records" etc. so the active users would have to update to keep in the loop.
这篇关于安卓游戏不断遭到黑客攻击的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
