How to prevent game key data from being tampered with by the modifier

Preface

Before playing PC single-player game, I believe that the Jinshan Ranger this cheat modifier must not be unfamiliar, the player through the modifier can easily locate, modify the game key variables, such as Boss blood volume, money, the protagonist of the Force and other data, easy to make game. The principle of cheating modifier is very simple, that is, through the numerical search, in memory to find the same value of the variable, determined that it is the target variable, it is modified. Similar cheats also have cheat engine and mobile phone side of the eight-door artifact. This type of cheat modifier in addition to a single game, for some part of the game logic put on the client processing, no server verified online games, the same effective. We all know that plug-in for online games will greatly undermine the game fairness, is tantamount to a devastating blow.

There are many ways to solve this type of cheating:

1, the most thorough method of course, all the game logic is placed on the service side of the judgment, or the service side of the strong check to ensure that the client does not cheat. However, this kind of method is more difficult: the server needs to maintain the same computational logic as the client, which will increase the complexity of the service side, and the client-escalated packets will inevitably become larger.

2, the second method is to do the client anti-memory modification processing. For the key memory data to encrypt storage, although the security is not as high as the former, but can effectively prevent the aforementioned type of cheat modifier, to ensure the security of key data.

Last week our Page Tour project on a new feature, is a more independent game system, on the one weeks less, someone found that the CE modifier can tamper with the level boss blood volume, so as to achieve rapid customs clearance. Like this level of the game, is generally eliminated class game, the game steps and thin, its game logic is generally determined by the client, and then report the game results to the server. and the server-side verification only do the game to start, the game end of the two protocol matching verification, game duration verification (game time is less than a certain length within the Judgment game invalid, prevent the use of plug-in rapid clearance), the key data did not do memory encryption, and did not perform the service-side verification, so that the modifier can follow. After discussion, we decided to use the 2nd method to encrypt the key data in memory.

The principle of using a custom security type sdtint instead of the int type for data storage is simple. Sdtint through the Set/get value method to store/read key data, Set/get method will be encrypted/decrypted operation, so the resident memory of the key data is in the form of ciphertext, can effectively prevent the use of numerical search modified plug. and its encryption/decryption principle is also very simple, set the random generation of a 8-bit key array, so that the plaintext data and the key array to XOR or operation, to obtain ciphertext, so that encryption; Get the ciphertext and key array again to make the XOR and operation, get clear text, so as to achieve decryption. The key code is as follows:

    
function Dodecrypt (Originbytes:array, Keybytes:array): Array    {        return  crypt (originbytes, keybytes);    }         function Doencrypt (Originbytes:array, Keybytes:array): Array    {        return  crypt (originbytes, keybytes);    } 

Private Static functionCrypt (Originbytes:array, Keybytes:array): Array {varBytes:array =NULL; if(Originbytes &&keybytes) {bytes= Memorypool.getarray ();//[];             for(varI:int = 0, N:int = originbytes.length, m:int = keybytes.length; I < n; i++)            {                varByte:uint =Originbytes[i]; varMask:uint = keybytes[i%m]; BYTE^=Mask;            Bytes.push (byte); }        }        returnbytes; }    

After the measurement, the use of sdtint instead of the original int type storage data, can effectively avoid this kind of plug-in search. The version I implemented is AS3, and understanding the principles can easily be rewritten in other languages. Attached to the Githut on the source demo, for those who need to learn.

How to prevent game key data from being tampered with by the modifier