Android游戏不断被黑客入侵 [英] Android Game Keeps Getting Hacked

问题描述

所以我们现在已经经历了好几次，我们发布了一个游戏(以便宜的价格)，有人破解了它并把它放在镜子上.我们为所有应用设置了 Google 快讯，因此我们每天都会被告知谁在进行黑客攻击.到目前为止，我们已经按照 Google 的建议实施了许可服务，每次使用唯一设备 ID 启动许可时，我们的盐都是随机生成的.当应用程序第一次启动时，我们运行一次检查服务.然后，我们为键和存储的值生成一个 512 个字符的散列，然后在 SharedPreferences 中进行比较.

So we've been through this several times now, we release a game (for cheap) and someone hacks it and puts it up on a mirror. We setup Google Alerts for all our apps, so we get told daily who's doing the hacking. So far, we have implemented the licensing service as Google has suggested, our salt is randomly made each time the license is initiated with the unique device ID. We run the check service once, when the application is started for the first time. We then generate a 512 character hash for the key and the stored value that is compared against in SharedPreferences from there on out.

现在，我知道检查一次可能是应用程序被阻止的地方.我们的字节码很可能在没有启动检查的行的情况下被查看和重新编译.

Now, I know that checking once is probably where the application is being blocked. Our bytecode has most likely been looked at and recompiled without the line that initiates the check.

从这里开始，我不想混淆我们的代码，因为我之前已经看到它被破坏了.我想要一些更扎实的东西，我也想学习如何正确地做到这一点.在这一点上，我更感兴趣的是学习而不是赚钱，因为只有 2% 的人会寻找破解版.

From here, I don't want to obfuscate our code as I have seen it broken before. I want something a little more solid, and I also want to learn how to do this properly. I am more interested in learning than making money at this point since only 2% of people will ever look for a hacked version.

到目前为止，我自己已经想出了一个随机数生成器，它放置在游戏的几个启动区域中.启动时(例如，50 次中有 1 次)检查许可证.我知道这会使破解变得更加困难，因为破解者必须消除每个案例，编译，消除，编译.但是，这种方法仍然可以破解……那么你们有什么建议?同样，我对这个安全过程非常感兴趣，所以请教育，不要把它变成关于混淆或基于时间戳定期检查的讨论.

So far, on my own, I have come up with a random number generator that is placed in several startup areas of the game. When initiated (say, 1 out of 50 times) the license is checked. I know this would make it harder to hack because the cracker would have to eliminate each case, compile, eliminate, compile. This method however, is still crackable...so what do you guys suggest? Again, I am really interested in this process of security, so please educate, don't turn this into a discussion on obfuscation or checking periodically based on a timestamp.

谢谢

推荐答案

我的想法不是黑客证明，但可能会消除一些对黑客游戏的兴趣.

My idea isnt hacker proof, but might remove some of the interest for hacking the game.

免费增值模式

1) 前 5-10 个关卡免费，这样人们就可以免费学习游戏并获得一些乐趣.更少的人想要破解第一关，游戏将通过免费增值模式传播得更远.

1) Make the first 5-10 levels free so people can learn the game and have some fun without paying. Less will want to hack the first level and the game will spread even further by Freemium model.

共享软件/集群关卡

2) 让部分游戏关卡或逻辑保持在线.例如.当达到 5 级或 10 级或 15 级时，下载游戏的小部件，每次提交游戏的进度日志，并根据可能的值 + 哈希码进行验证.这也许可以自动关闭被黑客入侵的帐户.

2) Let part of the game levels or logic stay online. Eg. when reaching for level 5 or 10 or 15, then download small parts for the game, and every time submit the progress-log from the game and validate this against possible values + hashcodes. This could perhaps make it possible to automatically close down of hacked accounts.

隐身作弊者保护

3) 您也可以只计算您在游戏中放置的小警告标志".不要一开始就检查验证"，不要将这些标志构建到游戏逻辑本身中.不要让它破坏游戏玩法，因为那样没有人会寻找它.然后当用户到达怪物级别的末尾时，检查是否有任何记录的警告标志.这些不会出现在游戏中，因此拥有被黑版本的不知情的用户可能会玩几个小时/几天，然后突然意识到他/她无法完成游戏或进入下一个级别，因为游戏有一个错误".用户不知道的是，这个错误只发生在被黑的客户端上.

3) You could also just count "small warning flags" that you place around in the game. Dont just check for the "validation" in the beginning, no build these flags into the game logic itself. Dont make it break the gameplay, because then noone will look for it. Then when the user reached the end of level monster, check if there were any logged warning flags. These will not show up inside the game, so the unknowing user with a hacked edition could be playing for hours/days and suddently realize that he/she couldnt finish the game or advance to next level, because the game had a "bug". What the user didnt know was that this bug only occures on hacked clients.

结论

比饼干聪明.愚弄他们以为工作已经完成.进行版权保护，并知道更高级的破解者将能够将其删除.但是他们可能不想玩50级来检查破解是否也能一路奏效.

Be smarter than the crackers. Fool them into thinking the job was done. Make a copyprotection and know that the more advanced crackers will be able to remove it. But they probably dont want to play 50 levels to check if the crack also works all the way.

一旦他们意识到这个问题，他们可能也会开始破解它.但是，如果您将游戏分解为关卡包，您仍然可以在每个包下载之间进行验证.因此，一旦您收到被黑的客户端哈希数据，只需执行一个异常并在客户端上使游戏崩溃.哎呀游戏崩溃了.不要告诉它，因为它被黑了.可能会发生程序错误.:-)

Once they realize this problem, they might start to crack it too. But if you break the game up into level-packs, you can still validate between each pack download. So once you receive hacked client hash data, then just execute an exeception and crash the game on the client. Whoops the game crashed. Dont tell its because its hacked. A program error can happend. :-)

同样，它不是黑客证明.但这可能会惹恼他们，让他们继续进行下一场比赛.最后，您还可以定期更新游戏，只有最新版本才能发布记录"等，因此活跃用户必须更新以保持循环.

Again, its not hacker proof. But it might annoy them enough to move on to the next game. Lastly, you could also put out regular updates for the game and only the latest version should be able to "post the records" etc. so the active users would have to update to keep in the loop.

这篇关于Android游戏不断被黑客入侵的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！