避免游戏中心排行榜被黑客入侵

发布于 2024-10-31 18:27:30 字数 380 浏览 4 评论 0原文

有没有人找到一种方法来避免游戏中心上的排行榜被黑客攻击或至少使其变得更加复杂?

您可以观看 HackCenter 的视频,这是一款 Cydia 应用程序,可让您在此处提交所需的任何分数:Hack Center

该应用程序不应该在 Cydia Store 上提供,我们都在 AppStore 上的几款游戏中看到过显然是假的分数。与该视频中提交的分数不同,假分数通常高得离谱,这让其他玩家望而却步,因为他们永远无法达到排行榜的榜首。

我一直无法找出黑客是如何完成的(我认为他们与http调用相交,只是用他们想要的任何东西替换score参数?)。

任何见解都值得赞赏。

Has anyone found a way to avoid leaderbaord hacking on Game Center or at least make it more complicated?

You can see a video of HackCenter, a Cydia app that lets you submit any score you want here: Hack Center

Even though that application is not supposed to be available on the Cydia Store we've all seen scores that are obviously fake on several games on the AppStore. Unlike the score submitted on that video, the fake scores are usually ridiculously high and they discourage other players, since they can never reach the top of the leaderboard.

I haven't been able to find out how the hack is accomplished (I presume they intersect the http call and just replace the score parameter with whatever they want?).

Any insight is appreciated.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

剑心龙吟 2024-11-07 18:27:30

问题源于允许用户在设备端生成自己的分数数据。如果所有与分数相关的计算都在服务器端完成,然后发布到记分板(我不知道您的应用程序是如何工作的,所以我不能推荐特定的技术),这将会困难得多。

我认为你能做的最好的事情就是记录有关他们如何获得真正高分的数据,以便你稍后查看。根据您的游戏结构,这可能是不可能的。根据您的游戏结构,它也可能是可伪造的。例如,由于游戏运作的物理原理,某些游戏分数无法在游戏中获得。我认为这是你最好的防御措施。可悲的是,这需要一直监控......

而且,即使你可以验证假分数,有人可能整天不断地伪造假分数,你永远无法跟上它。某人的分数提交机器人最终会获胜。这不是人,你才是。它可以整天发布假分数,你不能整天看着假分数,你不能验证数千个假提交。尝试验证用户端生成的任何内容(例如设备 ID、正在安装的应用程序等)是毫无意义的。它可以被伪造。 IP地址也毫无意义。您的应用程序位于移动平台上,可以从移动公司获得他们想要的全新IP。如果有人因此想要隐藏起来,那么跟踪单个合法的真实用户将非常困难。

也许你也可以在苹果的帮助下进行某种应用程序购买验证。这将使您更容易禁止违规者。他们必须付钱给你来伪造你的排行榜,哈哈。

这只是我的2分钱,希望对你有帮助。

The problem stems from allowing users to generate their own score data device-side. This would be a lot harder if all the score related calculations were done server-side and then posted to the score-board (I don't know how your app works, so I can't recommend a specific technique).

I think the BEST thing you can do is record data about HOW they got the really high score for review later by you. That may be impossible depending on your game's structure. It also might be forge-able depending on your games structure. For example, some game scores are impossible to get in-game just due to the physics on how the game works. This in my opinion is your best defense against it. Sadly, that requires monitoring it all the time....

Also, even if you can verify fake scores, someone could continually forge fake scores all day long and you'll never be able to keep up with it. Someones score submission bot will win in the end. It's not human, you are. It can post fake scores all day, you can't watch for fake ones all day, you can't verify 1000s of fake submissions. Trying to verify anything that is generated user-side (such as device ID, app being installed, etc...) is pointless. It can be forged. IP addresses are meaningless too. Your app is a on a mobile platform that can get a brand new IP all they want from the cell company. Tracking single legit real users is very hard if someone wants to hide from you because of this.

Maybe you can have some kind of app purchase verification with the help of Apple too. That would make it easier for you to ban offenders. They would have to pay you to forge your leaderboard, lol.

That's just my 2 cents, I hope it helps.

記憶穿過時間隧道 2024-11-07 18:27:30

因为他们正在执行 http 拦截,不幸的是你无能为力。我什至发现在 itunes connect 中设置排行榜的最高分数没有效果。

我开发的一款游戏从未将分数序列化到磁盘上——因此不可能在那里进行更改——并将最大分数设置为 30m。然而,在发布后的几个小时内,排行榜就充满了 IntMax 分数。

希望苹果能在 WDC13 中进行一些修复,因为就目前情况而言,全球排行榜毫无用处。

Because they're doing a http intercept, there's unfortunately nothing you can do. I've even found setting the max score for the leaderboard in itunes connect has no effect.

A game I worked on never serilaised the score to disk - so it couldn't have been changed there - and set max score to 30m. Yet the leaderboard was full with IntMax scores within hours of launching.

Hopefully Apple will have some fixes coming in WDC13 because as it stands, the worldwide leaderboards are useless.

久光 2024-11-07 18:27:30

我想您可以尝试检查用户是否安装了该应用程序,然后禁止他们输入高分(如果他们安装了该应用程序)。

我个人只会检查 Cydia:

[[UIApplication sharedApplication] canOpenURL:[NSURL URLWithString:@"cydia://"]]

我不确定 Hack Center 的 url 到底是什么,但是,也许你可以尝试猜测几次。我猜想是“cydia://hack_center”或类似的东西。然后,一旦找到该网址,请将其替换为“cydia://”。

You could try checking if the user has that thing installed I guess and then disable them from entering a high score if it they have the app.

I personally would just check for Cydia:

[[UIApplication sharedApplication] canOpenURL:[NSURL URLWithString:@"cydia://"]]

I am not sure what the url for Hack Center is exactly but, maybe you could try guessing it a couple times. I would guess 'cydia://hack_center' or something like that. And then once you find the url replace it 'cydia://' with it.

生生漫 2024-11-07 18:27:30

有两个高分表:有 cydia 的,没有 :P

Have two hi score tables:those with cydia, those without :P

清旖 2024-11-07 18:27:30

您还可以设置自己的服务器并使用适当的身份验证和加密通道来上传分数,然后将您的服务器中的内容与 GameCenter 中的内容进行比较...您仍然需要清理排行榜,但至少您会知道要做什么修复以及将哪些用户列入黑名单。

You can also set up your own server and use proper authentication and encrypted channels to upload score and then just compare whats in your server vs whats in GameCenter... You still need to clean up the leaderboard, but at least you will know what to remediate and which users to put on blacklist.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文