Cocos2d-x Study Notes 19: record storage 3: Archive validation using digest algorithms

 Introduction

I mentioned in cocos2d-x study note 16: record storage 1: CCUserDefault all kinds of defects of CCUserDefalut archiving, one of which is plaintext storage, players can directly modify the archive.

This article describes how to use the Digest algorithm for archive verification.

Preparations

Abstract: There are many algorithms and their content is public. Therefore, there are many existing algorithm libraries on the network, the most famous of which is Crypto ++. This Library supports a large number of symmetric encryption, asymmetric encryption, and digest algorithms. However, this library is too large. We just use a simple Digest algorithm, so we don't need this first.

I have selected SHA1, and the library is downloaded from this address:

Http://tamale.net/

After opening it, we found it very concise, with only two source code sha1.cpp, sha1.h), and one is the test code testsha1.cpp ).

Create a new project named TestSha and import the source code.

Then in order to facilitate debugging, we need printf, the method to open printf in the cocos2d-x is as follows:

 

Add the following code at the beginning of the proxy function bool AppDelegate: applicationDidFinishLaunching:

 
 

  
  
_tsetlocale(LC_ALL,_T(""));  
  
  
::AllocConsole();  
  
  
::freopen("conout$","w",stdout);  
 
 

Don't forget to add the header file # include <tchar. h>

Then you can use printf.

 

How to Use SHA1 for archive Verification

We use the following code to write a storage record.

 
 

  
  
# Define TEXT1 "test string"
  
  
# Define KEY "goldlion"
  
  
SHA1 * sha1;
  
  
Unsigned char * digest;
  
  

  
  
CCUserDefault * save = CCUserDefault: sharedUserDefault ();
  
  
Save-> setStringForKey ("string_value", TEXT1 );
  
  
Sha1 = new SHA1;
  
  
Sha1-> addBytes (TEXT1, strlen (TEXT1); // input data
  
  
Sha1-> addBytes (KEY, strlen (KEY); // input data
  
  
Digest = sha1-> getDigest (); // get the verification code
  
  
SHA1: hexPrinter (digest, 20); // print the hexadecimal verification code to the console.
  
  
Printf ("\ n ");
  
  
Delete sha1;
  
  
Free (digest );
 
 

The execution result is as follows:

 

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131228/1A15260I-0.png "/> 650) this. width = 650; "style =" cursor: default; "alt =" "src =" file: // C: /Users/goldlion/AppData/Local/Temp/enhtmlclip/Image.png "/>
Now we write a read Validation

 
 

  
  
# Define TEXT1 "test string"
  
  
# Define KEY "goldlion"
  
  
SHA1 * sha1;
  
  
Unsigned char * digest;
  
  
 
  
  
CCUserDefault * save = CCUserDefault: sharedUserDefault ();
  
  
Std: string str = save-> getStringForKey ("string_value ");
  
  
Sha1 = new SHA1;
  
  
Sha1-> addBytes (str. c_str (), str. length (); // input data
  
  
Sha1-> addBytes (KEY, strlen (KEY); // input data
  
  
Digest = sha1-> getDigest (); // get the verification code
  
  
SHA1: hexPrinter (digest, 20); // print the hexadecimal verification code to the console.
  
  
Printf ("\ n ");
  
  
Delete sha1;
  
  
Free (digest );
 
 

The execution result is as follows: 650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131228/1A152H03-1.png "/>
We can see that the verification is correct.
Cracking Test
Now, manually modify the archive file UserDefault. xml and change the value of string_value to test string crack.

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131228/1A1523B5-2.png "/>

The running result is as follows: 650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131228/1A152H05-3.png "/> 650) this. width = 650; "style =" cursor: default; "alt =" "src =" file: // C: /Users/goldlion/AppData/Local/Temp/enhtmlclip/Image(2).png "/>
The verification fails. The Player modified the archive.
Ideas
1. The Digest algorithm extracts the verification code from the original text and performs verification when reading the archive. If the original text is modified and the verification code changes, the verification fails. 2. because the digest algorithms are public, we will enter one more key when entering the data to be verified. This key is hidden in the encoding, unless the player has a superb reverse engineering technology that can reverse code and find the key, we can adjust the Key algorithm and confuse the data sample in advance. This encryption strength is sufficient to cope with the development of general standalone games. Online Game archiving is on the server side and requires transmission verification. Therefore, we do not consider local archiving encryption.
Actual use
The above is only the Demo code. In actual use, we also need to note: 1. for convenience, only strings are used in the demo. For bool, int, and other types, you can encapsulate functions for verification, which is more convenient. 2. In the compiled verification code, add a switch-enable or disable verification at any time. In this way, the tester can modify the archive directly to facilitate the test. Hahaha, this is how to convert the disadvantages of plaintext archiving into the advantages of thinking during development. 3. In actual use, the verification code is to be written into the archive. when reading the archive, the verification code is read by the way for verification.
References

《Cocos2d-x to realize printf output result, convenient debugging"

This article is from the "Old G hut" blog, please be sure to keep this source http://4137613.blog.51cto.com/4127613/876587