On game safety (I)

Original by chen ziang Published in TesterHome Community , Click on Link to the original text Go directly to the original post and communicate with the author online .

Preface

Although there is some overlap between safety and testing , However, there is still a big difference between the focus direction and the technology stack .
After finishing a bowl of food seriously , Write this post about game security .
Of course, the game is in the safe direction , Only the other parts were touched , Here are some small reserves in recent years , But only the kind , Now the renovation is fast , I'm not sure if it's still practical .
Many of the following are based on a good understanding of the game function business .

Client decompile

Game decompilation has many meanings , For example, extracting resources , Code and repackaging . Generally, if the company has no security protection, it will find a third-party company , Or if the company has its own security protection, it will shell the basic protection means and confuse resources , Compile by unofficial means , And there are many kinds of shells , The version is also being updated .
If no shell , The difficulty of being cracked will be greatly reduced , Now some shells have little effect on the game , There is also the monitoring function of the plug-in white list .
This mainly protects against code and resource cracking and secondary packaging risks , To get more information and know how the game is packaged , From the following , You will find out how big this effect is .

Reverse mode

Mainly to prevent reverse analysis , Currently used to attach to the corresponding game process , Learn about the auxiliary tools and IDA Very powerful , As long as you have enough patience, nothing can not be adjusted .
If there are any words , When the breakpoint succeeds, you can suspend the game and exit ,so Whether you can choose to be loaded only by specific processes is uncertain .
Why should we use the reverse mode , Because of the existence of this, it can complete offline game cracking and sniff out some internal connections of the game .

Offline game cracking

Make sure the game doesn't get shelled , You need to know the protocol type , The game data packet consists of a packet header structure and a message body , Generally, packet capturing analysis is performed , Now, guess and spell the bag paragraph by paragraph .

The logical question

Use game design or not real-time synchronization with database and server .
The former, for example, some activities are not designed properly , They were fleeced by the small size and transferred to the large size , It's not the same thing to seal a trumpet , You have to think clearly at the beginning .
For example, the latter should not be combined with the protocol or separated from the network to complete the important link of vulnerability .

Security agreement

It is also a kind of packet testing , This is what the test will do , You can grab the bag and change it , You can also write a framework to test , It mainly improves the stability of the protocol and checks the negligence of the server verification , First of all, we must prevent shelling .
There are two levels and one interaction item with other users , Judging the abnormal boundary and designing a special overflow number according to the game data type to check the packet back .
The second level is after multiple sending , Determine whether the server has an error log that does not affect downtime , If there are enough error logs, the stability of the server can be affected .
There are several combinations of modifying data structures （ It's easy to say , To collect data, it is necessary to precipitate ）
fuzz Abnormal data + Historical problem data ; The boundary of signed and unsigned numbers and the precision of floating point numbers ; The next protocol field remains unchanged , Parameter to exchange data with the previous protocol （ Need to be dynamic ）
Finally, interaction is the most difficult （ This mode has been manually operated , But it's not impossible to develop into the framework after thinking about it ）
Protocol packets completed interactively ,1 Yes n, Send illegal broadcasts and send messages that are legal but should not appear , For others n The impact of users .

Memory modification

It is no longer useful for literal types to be segmented in memory , It mainly verifies whether the client performance and client performance problems will affect the server .
Because sometimes modifying the memory will make the display of money amount become a lot or the stack of backpack items is abnormal , The server does not fully trust the client .
Before moba There are games in the game. After modifying an additional equipment , It can lead to 1 Level can kill 3 Level wild monster .

Hardware variable speed

Accelerate and slow down , As long as it is unfair to others, it will have an impact , This part is usually protected at the planning level , Speed up and run , You can only check that the coordinate transformation speed of the last few times from the user is greater than normal buff A certain multiple of the speed is kicked .

What needs attention in the future

1. First, it seems that this has nothing to do with the game business , But I have to do it , With the emergence of ISO standards, there are 7 Categories: ,50+ The inspection of , about app Package to do a series of scanning inspection tools is basically on the verge of having to send .
Can be extended to develop 7-10 About gadgets , Concatenate with continuous integration in sequencing , The next article will introduce the brief requirements of these gadgets and some ideas .

2. The mixed pressure measurement will cause error messages to appear on the server under normal conditions （ The premise is that in most cases return null refuse ）

3. It is a tool to modify the frequency of contracting when using the normal network to return packets , Interface or tool item

4. Take a modification tool and develop it again , Follow others' version .

5. Pay attention to public opinion , Check if your game is being watched .

Original by chen ziang Published in TesterHome Community , Click on Link to the original text Go directly to the original post and communicate with the author online .

Today's knowledge has been absorbed ！ Want to learn more about dry goods 、 Get to know quality industry leaders and industry elites ？
The 10th China Internet testing and Development Conference · Shenzhen , Get to know >>