iPhone:如何修复基于更改设备日期的作弊行为?有服务器可以获取时间吗?

发布于 2024-10-11 15:45:57 字数 179 浏览 11 评论 0原文

我有一款 iPhone 游戏,它会随着时间的推移分配游戏内货币,有人发现你可以更改设备上的日期以提前获得奖励。

我发现蓝精灵村也有类似的问题,他们以某种方式检测到了篡改行为。有谁知道他们是怎么做到的?我唯一能想到的是从外部服务器获取时间,这需要设备在线,但我想这总比没有好……有人知道我在哪里可以找到一个只告诉你时间的服务器吗?

I have an iPhone game that dispenses in-game currency over time, and someone discovered that you can change the date on your device to get rewards early.

I found out there was a similar issue in Smurf Village, and they detect the tampering somehow. Does anyone know how they do it? The only thing I can think of is getting the time from an outside server, which would require devices to be online, but it's better than nothing I guess... does anyone know where I can find a server that just tells you the time?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(7

安静 2024-10-18 15:45:57

您可以使用 NTP 服务器来告诉您时间。

直到有人使用代理服务器来找出您尝试连接的 NTP 服务器,然后欺骗 NTP 响应……正如其他人提到的,响应很容易解析,因此很容易伪造。

更好的解决方案是使用 Google App Engine(免费)之类的东西,向您的应用程序发送某种加密响应,该响应将归结为服务器时间。如果客户端时间与该时间偏差太大,应用程序将简单地使用服务器时间进行计算。那么即使他们拦截了请求,他们也不容易发回正确的响应。

但基本上在任何网络游戏中,你必须始终假设客户端在撒谎。防止出现问题的唯一真正方法是让所有内容都通过服务器,因此客户端无法决定它突然变得富有并让任何其他客户端同意它是这样......

You can use an NTP server that tells you the time.

Right until someone uses a proxy server to figure out what NTP server you are trying to connect to, and then spoofs the NTP response... as others have mentioned, the response is easy to parse, and thus easy to forge.

A better solution would be to use something like Google App Engine (free), to send your app some kind of encrypted response that would boil down to the server time. If the client time deviated from that by too much, the app would simply use the server time for calculations. Then even if they intercept the request they will not easily be able to send back the correct response.

But basically in any networked game, you must always assume the client is lying. The only real way to prevent issues is to have everything go through a server, so a client cannot decide it's suddenly rich and have any other client agree it is so...

兮颜 2024-10-18 15:45:57

您只需使用通过互联网提供的时间服务器之一即可。这是非常简单的协议,您将毫无问题地解析回复。

You can simply use one of the time servers, available over internet. That's quite simple protocol, you will parse replies without any problem.

远昼 2024-10-18 15:45:57

您可以使用任何 NTP 服务器(请参阅 http://www.ntp.org/)。

此外,您可以通过存储应用程序运行的最新日期来实现一些简单的验证,并检查该日期是否不会回溯。

You could use any NTP server (see http://www.ntp.org/).

Also, you could implement some simple validation by storing the latest date the app has run, and check that the date never goes back.

懵少女 2024-10-18 15:45:57

如果您绝对无法检查远程 ntp 服务器,一种方法将提供至少一层保护

检查时间和时区 如果您发现时间发生变化,且该变化不是由于时区变化大于 DST 变化,请暂停您的配药钱的

One way that will provide at least a layer of protection if you absolutely cannot check a remote ntp server

Check times and time zone if you ever notice a change in time thats not attributed to a time zone change thats greater than DST changes, pause your dispensing of money

寂寞花火° 2024-10-18 15:45:57

如果在线,您应该检查 NTP 服务器,或者最好是您自己的使用加密协议的时间戳服务器。

离线时,您可以不添加货币,也可以在每次应用程序激活时对货币添加添加时间戳并检查是否作弊(时间戳的非单调变化太大,以允许旅行和时钟漂移)。然后你可以以某种方式贬低任何不义之财:虚拟谷仓着火,游戏中的所有东西突然变得更贵,银行转账费用变得大于转账金额,等等。

If online, you should check an NTP server, or preferably your own time stamp server using an encrypted protocol.

When offline, you can either not add currency, or time-stamp the currency addition and check for cheating (the time stamps vary non-monotonically by too much to allow for travel and clock drift) every time the app is made active. Then you could de-value any ill-gotten gains somehow: virtual barn catches fire, everything in the game suddenly costs more, bank transfer fees become larger than the amount transferred, etc.

与君绝 2024-10-18 15:45:57

iPhone:
打开你的游戏,让它加载并使用所有能量,然后转到:
*设置
*一般的
*日期&时间
关闭自动
向前设置 1 小时(或更多,具体取决于等待时间 IE Energy 在 3 小时内充满,设置向前 3 小时)
重新打开游戏,并不适用于所有游戏

iPhone:
Open your game let it load use all energy then go to:
*Settings
*General
*Date & time
Turn off auto
Set 1 hr forward (or more depending on wait time I.E. Energy full in 3 hours set forward 3 hours)
Reopen game, does not work for every game

一抹微笑 2024-10-18 15:45:57

如果仔细查看 HTTP 请求和响应的标头,您会发现确定从服务器到客户端的时钟偏移所需的时间信息几乎总是可用的。

为了在断开连接的操作中跟踪绝对时间,您可以使用系统 MONOTONIC 时钟,在 iOS 上它是 内核接口的一部分。您还需要从 sysctl 保存启动 UUID 和启动时间,以便捕获系统重新启动。

If you look closely in the headers of your HTTP requests and responses you'll find that the time information you need to determine the clock offset from the Server to the Client is almost always already available.

For tracking absolute time in disconnected operation, you can use the systems MONOTONIC clock, on iOS it's part of the kernel interface. You'll also need to save the boot UUID and boot time from sysctl so you can catch system reboots.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文