Web game anti-plug strategy.

At present, the main plug on the market is three modes: 1, button simulation hanging. 2. Press the key to seal the package. 3, completely off.

One: for the key simulation.

1, the general key to the simulation of the assistant is to find the Web page in the window handle, to send the key information or something.

Workaround: Add the "wmode" property to the embed or object tag inserted in Flash and set it to wmode= "transparent" or "opaque".

This will not find the window handle to flash when looking for flash.

2, the key is generally by looking for pictures, text to achieve what needs to be done next.

Corresponding solution: When designing a game, the picture can add some dynamic effect.

3, do the game, try not to make the kind of brain-free flow, especially dialog box, it is best to need the player to click on their own, rather than automatically pop-up dialog box.

4, do the key or some of the master, you can open a lot of games on a computer (will do memory optimization), so hit the gold efficiency is high.

Corresponding solution: Set Flash anti-multiple open. (There are tutorials online, not much to say)

(However, there is not much research on keystrokes.) The above may only be one-sided. ）

Two: The key pack combines.

1, generally for fast or something. This kind of assistance will be bought by a packet of drugs, selling equipment or something.

Corresponding solution: Add the dynamic verification system to the game. and encrypt the packet information.

(such as chopping, although he has 4 bytes of encryption of his own packet, but his encryption is fixed, it is plain to use his own crc16 to encrypt.) You can actually launch his key through XOR, so his encryption is meaningless. The same dragon legend, he used with the chopper is the same encryption system, but he has more than a dynamic verification, compared to chopping to do a key combination of the game will be very troublesome. Because even if you pour out the key, but also involves a dynamic verification system, you randomly contracted, you can let him drop the line. ）

2, for the above-mentioned anti-package method, there is also a countermeasure, is to hijack his contract, the game to deal with the contract, and then sent out.

Coping methods: For this kind of words, good technical precautions are basically not. However, game developers can lower the pile in the envelope. This kind of auxiliary author generally does not study all of his contract, can be in the game in the next dark pile, to determine whether to hijack the contract.

Three, completely off;

The process of offline is usually the first to get the parameters of the game login via HTTP, and then follow the game process to the contract or something.

1, login parameters obtained.

The general author is post,get to get login parameters, where to prevent, you can start with cookies. Ordinary players login to the game, generally in the course of Web page transfer, the number of this cookie is more. The number of such cookies is generally necessary. Like QQ, he is in the login, generally will bring your usual QQ, and this through Post,get will not send these. This is to determine whether it is a legitimate login.

2, the full-off as the name implies, is not to use the client, their own client building using the protocol with inside robes ' interaction. This means that he does not need to load resources at run time. Then the developer can start with the resources. The next dark pile, a resource will record the player's IP, player ID, the server according to him to determine whether the player online. Not the line, still on which side of the contract, as the external treatment. (Follow-up treatment to do their own, directly off the line, tell the external author you have dark piles, do not drop the line, over a 1, 2 days, seal number, haha. ）

3, for the whole off, the author of the most annoying is that the parameter of the algorithm that, the parameter is best to go through a number of calculations, increase the complexity, do not get some fixed value, so for the offline assistant author, he is to do a copy, paste things.

4, in the contract, some important package of information preferably with the player ID, time and a combination of some encryption and so on.

Suitable for all. Page tour of all the auxiliary than the end of the tour, the reason is that page tour can easily get the source code.

So, page tour company should protect the source code this piece to prevent plug.

Source of protection, generally 3 kinds, packers, confusion, scrambling code.

1. Packers

This is the most useless, because the operating mechanism of flash, we must first turn him into a FWS, to load, so generally have the ability, directly through the memory to get the SWF after shelling, like doswf those, are can be done. Do not feel that the memory is released, just not enough level.

2. Confusion

That's a good one. Especially for some parameter name confusion, this is more effective, so that the author even if the package is solved, do not know the meaning of the package, can not guess. But confusing words can still be confused, but looks more troublesome. Unpacking can still be solved, just increase the complexity.

3, scrambling code

This best, generally do offline assistance, although may be a master, but also only on the one hand, for the anti-compilation of Flash, is certainly the help of the tools of ASV, think about what. And if you add a lot of scrambling to the SWF, there's not much impact on the game, but it will just let ASV, Miss. In this way, even if he gets the shelling after the SWF, also can not get the source code, also can not do auxiliary.

Personal opinion. In fact, it's not enough, because I can implement the replacement SWF through the virtual machine, let your official SWF load my swf, so I can control your game. The way to do this is to check each SWF for its length and identify if it is your own SWF.

That's a little bit of insight down there. Master Don't laugh.

Web game anti-plug strategy.