[go: up one dir, main page]

CN118133271B - A method to prevent game code leakage and private server - Google Patents

A method to prevent game code leakage and private server Download PDF

Info

Publication number
CN118133271B
CN118133271B CN202410546691.9A CN202410546691A CN118133271B CN 118133271 B CN118133271 B CN 118133271B CN 202410546691 A CN202410546691 A CN 202410546691A CN 118133271 B CN118133271 B CN 118133271B
Authority
CN
China
Prior art keywords
server
verification
hash value
sha256
sha256 hash
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410546691.9A
Other languages
Chinese (zh)
Other versions
CN118133271A (en
Inventor
赵高
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Happy Mutual Entertainment Network Technology Co ltd
Original Assignee
Happy Mutual Entertainment Shanghai Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Happy Mutual Entertainment Shanghai Technology Co ltd filed Critical Happy Mutual Entertainment Shanghai Technology Co ltd
Priority to CN202410546691.9A priority Critical patent/CN118133271B/en
Publication of CN118133271A publication Critical patent/CN118133271A/en
Application granted granted Critical
Publication of CN118133271B publication Critical patent/CN118133271B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

本发明属于信息安全技术领域,具体涉及一种防止游戏代码泄露变成私服的防护方法,包括:服务端启动,获取各硬件的字符串内容;服务端对获取的硬件字符串内容进行SHA256的计算处理,得到最终的SHA256哈希值;服务端检查本地/tmp目录下是否存在特定的文件;文件内容与最终计算的SHA256哈希值进行对比;反之,服务端把对硬件字符串内容计算的SHA256哈希值发送到验证端进行验证。本发明通过服务端和验证端的双重验证,可以准确地检测出游戏代码或二进制程序是否发生泄露,以及在发生代码泄露时,可以及时丢弃所有游戏数据,从而有效地防止了私服的运行。

The present invention belongs to the field of information security technology, and specifically relates to a protection method for preventing game code from being leaked and becoming a private server, comprising: the server is started to obtain the string content of each hardware; the server performs SHA256 calculation processing on the obtained hardware string content to obtain the final SHA256 hash value; the server checks whether there is a specific file in the local /tmp directory; the file content is compared with the final calculated SHA256 hash value; conversely, the server sends the SHA256 hash value calculated for the hardware string content to the verification end for verification. The present invention can accurately detect whether the game code or binary program is leaked through double verification of the server and the verification end, and when the code leak occurs, all game data can be discarded in time, thereby effectively preventing the operation of the private server.

Description

一种防止游戏代码泄露变成私服的防护方法A method to prevent game code from being leaked and turned into a private server

技术领域Technical Field

本发明涉及信息安全技术领域,特别涉及一种防止游戏代码泄露变成私服的防护方法。The present invention relates to the field of information security technology, and in particular to a protection method for preventing game codes from being leaked and turned into private servers.

背景技术Background technique

随着互联网技术的发展,研发型公司对源代码日常管理的技术方式也发生巨大的变化,防止源代码泄露已成为网络开发安全的重要一环。在游戏开发运行过程中,可能会发生游戏代码泄露或二进制程序泄露;那么,当发生泄露情况时,再结合发生的所有游戏数据,就可能会诞生私服,这就大大地损害了公司的利益,更严重的是,会影响整个游戏的稳定运行。因此,如何检测是否发生代码泄露以及在发生游戏代码泄露时防止私服的诞生是目前亟待解决的问题。With the development of Internet technology, the technical methods of daily source code management of R&D companies have also undergone tremendous changes. Preventing source code leakage has become an important part of network development security. In the process of game development and operation, game code leakage or binary program leakage may occur; then, when leakage occurs, combined with all the game data that has occurred, private servers may be created, which greatly damages the interests of the company. What's more serious is that it will affect the stable operation of the entire game. Therefore, how to detect whether code leakage has occurred and prevent the creation of private servers when game code leakage occurs is a problem that needs to be solved urgently.

发明内容Summary of the invention

本发明的目的是为了解决背景技术存在的技术问题,为此,提供了一种防止游戏代码泄露变成私服的防护方法。The purpose of the present invention is to solve the technical problems existing in the background technology. To this end, a protection method for preventing game codes from being leaked and becoming private servers is provided.

为了实现上述目的,本发明所采用的技术方案如下:In order to achieve the above object, the technical solution adopted by the present invention is as follows:

一种防止游戏代码泄露变成私服的防护方法,所述方法包括:A method for preventing game code from being leaked and turned into a private server, the method comprising:

服务端启动,获取运行环境下的多个硬件信息,从而获取各硬件相对应的字符串内容;The server starts and obtains multiple hardware information in the running environment, thereby obtaining the string content corresponding to each hardware;

服务端对获取的硬件字符串内容进行SHA256的计算处理,得到最终的SHA256哈希值;The server performs SHA256 calculation on the obtained hardware string content to obtain the final SHA256 hash value;

服务端检查本地/tmp目录下是否存在特定的文件,该文件用于存储先前验证的SHA256哈希值;The server checks whether a specific file exists in the local /tmp directory, which is used to store the previously verified SHA256 hash value;

若文件存在,服务端解密文件内容;If the file exists, the server decrypts the file contents;

若解密成功,服务端将解密后的文件内容与最终计算的SHA256哈希值进行对比;If the decryption is successful, the server compares the decrypted file content with the final calculated SHA256 hash value;

若对比一致,说明环境未被篡改、代码未泄露,服务端继续正常执行;If the comparison is consistent, it means that the environment has not been tampered with, the code has not been leaked, and the server continues to execute normally;

若文件不存在、解密失败或对比不一致,服务端把对硬件字符串内容计算的SHA256哈希值发送到验证端进行验证;If the file does not exist, decryption fails, or the comparison is inconsistent, the server sends the SHA256 hash value calculated for the hardware string content to the verification end for verification;

若验证端验证通过,服务端继续正常执行;If the verification is successful, the server continues to execute normally.

若验证端验证失败,服务端丢弃所有游戏数据。If the verification fails, the server will discard all game data.

以下为本发明进一步限定的技术方案,服务端启动,随机获取运行环境下的CPU、硬盘、网卡、内网IP地址四个硬件信息中的三个,从而获取三个硬件信息相对应的字符串内容。The following is a technical solution further defined by the present invention. When the server is started, three of the four hardware information of CPU, hard disk, network card, and intranet IP address in the operating environment are randomly obtained, thereby obtaining the character string content corresponding to the three hardware information.

以下为本发明进一步限定的技术方案,在对获取的硬件字符串内容进行SHA256的计算处理过程中,包括:The following is a technical solution further defined by the present invention, which includes:

对获取的硬件字符串内容分别计算SHA256哈希值,并将计算出的SHA256哈希值进行字符串拼接;Calculate the SHA256 hash values for the obtained hardware string contents respectively, and concatenate the calculated SHA256 hash values into strings;

对拼接后的字符串内容再计算SHA256哈希值,得到最终的SHA256哈希值。Calculate the SHA256 hash value of the concatenated string content to get the final SHA256 hash value.

以下为本发明进一步限定的技术方案,在服务端解密文件内容的过程中,使用最终计算的SHA256哈希值后32位作为AES密钥解密文件。The following is a technical solution further defined by the present invention. In the process of decrypting the file content on the server side, the last 32 bits of the finally calculated SHA256 hash value are used as the AES key to decrypt the file.

以下为本发明进一步限定的技术方案,当服务端获取的硬件信息不包含内网IP地址时,则服务端重新获取内网IP地址,并将内网IP地址与SHA256哈希值组成IP:SHA256格式发送到验证端进行验证;The following is a technical solution further limited by the present invention. When the hardware information obtained by the server does not include the intranet IP address, the server re-acquires the intranet IP address and sends the intranet IP address and the SHA256 hash value in IP:SHA256 format to the verification end for verification;

当服务端获取的硬件信息包含内网IP地址时,服务端把SHA256哈希值发送到验证端进行验证。When the hardware information obtained by the server contains the intranet IP address, the server sends the SHA256 hash value to the verification end for verification.

以下为本发明进一步限定的技术方案,验证端收到来自服务端的验证请求时,进行3轮校对验证:The following is a technical solution further defined by the present invention. When the verification end receives a verification request from the service end, three rounds of proofreading verification are performed:

第一轮:验证发送请求的服务端远程IP地址是否属于已知的资产IP范围内;若在范围内,则第一轮校对验证通过;First round: Verify whether the remote IP address of the server sending the request is within the known asset IP range; if it is within the range, the first round of verification passes;

第二轮:解密服务端发送过来的数据,解密后,数据内容中的内网IP地址与验证端的数据库中储存的值进行对比,验证是否相对应;若相对应,则第二轮校对验证通过;Second round: Decrypt the data sent by the server. After decryption, compare the intranet IP address in the data content with the value stored in the database of the verification end to verify whether they correspond. If they correspond, the second round of proofreading and verification is passed;

第三轮:解密后数据内容中的CPU ID、硬盘ID或网卡ID的SHA256哈希值分别与验证端的数据库中储存的值进行对比,验证是否一一对应;若完全对应,则第三轮校对验证通过。The third round: The SHA256 hash values of the CPU ID, hard disk ID or network card ID in the decrypted data content are compared with the values stored in the database of the verification end to verify whether they correspond one to one; if they correspond completely, the third round of proofreading and verification is passed.

以下为本发明进一步限定的技术方案,若3轮校对验证全部通过,则表示验证端验证通过,服务端继续正常执行,并同时将SHA256哈希值储存到/tmp目录下特定的文件内;反之,则表示验证端验证失败,服务端不退出,但将所有游戏数据进行丢弃。The following is a technical solution further limited by the present invention. If all three rounds of proofreading and verification are passed, it means that the verification end has passed the verification, the server continues to execute normally, and at the same time stores the SHA256 hash value in a specific file under the /tmp directory; otherwise, it means that the verification end has failed the verification, the server does not exit, but discards all game data.

以下为本发明进一步限定的技术方案,验证端的数据库用于采集服务端环境数据。The following is a technical solution further defined by the present invention, in which the database of the verification end is used to collect the environment data of the server end.

相对于现有技术,本发明具有如下技术效果:Compared with the prior art, the present invention has the following technical effects:

本发明通过服务端和验证端的双重验证,可以准确地检测出游戏代码或二进制程序是否发生泄露,以及在发生代码泄露时,可以及时丢弃所有游戏数据,从而有效地防止了私服的运行;再通过验证端的数据库更新及验证,可以保障授权用户在更新硬件后的正常运行。The present invention can accurately detect whether the game code or binary program is leaked through double verification of the service end and the verification end, and can discard all game data in time when code leakage occurs, thereby effectively preventing the operation of private servers; and then through database update and verification of the verification end, it can ensure the normal operation of authorized users after updating the hardware.

下面结合附图与实施例,对本发明进一步说明。The present invention is further described below in conjunction with the accompanying drawings and embodiments.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings required for use in the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative work.

图1是本发明的方法流程图。FIG. 1 is a flow chart of the method of the present invention.

具体实施方式Detailed ways

为使本发明的上述目的、特征和优点能够更加明显易懂,下面结合附图对本发明的具体实施方式做详细的说明。在下面的描述中阐述了很多具体细节以便于充分理解本发明。但是本发明能够以很多不同于在此描述的其它方式来实施,本领域技术人员可以在不违背本发明内涵的情况下做类似改进,因此本发明不受下面公开的具体实施例的限制。In order to make the above-mentioned objects, features and advantages of the present invention more obvious and easy to understand, the specific embodiments of the present invention are described in detail below in conjunction with the accompanying drawings. In the following description, many specific details are set forth to facilitate a full understanding of the present invention. However, the present invention can be implemented in many other ways different from those described herein, and those skilled in the art can make similar improvements without violating the connotation of the present invention, so the present invention is not limited by the specific embodiments disclosed below.

如图1所示,本实施例提供一种防止游戏代码泄露变成私服的防护方法,为了应对可能发生的代码泄露或二进制程序泄露,确保每一个二进制运行后,进行启动授权,授权通过的服务端将会正常运行并且不影响二进制对应功能,对于授权不通过的,二进制进程不退出,但对所有游戏数据进行丢弃处理,实现了发生泄露情况时真正防止私服的诞生。As shown in Figure 1, this embodiment provides a protection method to prevent game code leakage from becoming a private server. In order to deal with possible code leakage or binary program leakage, it is ensured that after each binary is run, it is started and authorized. The server that passes the authorization will run normally and will not affect the corresponding function of the binary. For those that fail the authorization, the binary process will not exit, but all game data will be discarded, thereby truly preventing the birth of private servers when leakage occurs.

上述方法的实现逻辑包括:The implementation logic of the above method includes:

服务端主要步骤包括:The main steps on the server side include:

a.服务端启动:a. Server startup:

服务端程序启动后,首先进行一个随机时间的等待(5-15分钟),这个等待是为了确保所有的系统资源已经加载完毕,运行环境稳定。After the server program is started, it will first wait for a random period of time (5-15 minutes) to ensure that all system resources have been loaded and the operating environment is stable.

b.获取硬件信息:b. Get hardware information:

当前运行环境稳定后,随机获取硬件信息中的三个,其中,硬件信息包括:CPU、硬盘、网卡(MAC地址)、内网IP地址。需要说明的是,本实施例中硬件信息的数量不局限于以上四种,服务端具有识别特征的硬件信息均在本发明获取硬件信息的范围之内。采用3个数据信息可以大大地减少数据处理量,加快数据处理速率,同时,利用随机数学的随机概率方式保证了获取的数据的有效性。After the current operating environment is stable, three of the hardware information are randomly obtained, where the hardware information includes: CPU, hard disk, network card (MAC address), and intranet IP address. It should be noted that the number of hardware information in this embodiment is not limited to the above four types, and the hardware information with identification characteristics on the server side is within the scope of the hardware information obtained by the present invention. The use of three data information can greatly reduce the amount of data processing and speed up the data processing rate. At the same time, the random probability method of random mathematics is used to ensure the validity of the acquired data.

基于服务端获取的三个硬件信息,从而获取三个硬件信息相对应的字符串内容。Based on the three pieces of hardware information obtained by the server, the string contents corresponding to the three pieces of hardware information are obtained.

c.SHA256计算及合成:c. SHA256 calculation and synthesis:

对获取的硬件字符串内容分别计算SHA256哈希值,并将这三个计算出的SHA256哈希值进行字符串拼接;Calculate the SHA256 hash values for the obtained hardware string contents respectively, and concatenate the three calculated SHA256 hash values into strings;

对拼接后的字符串内容再计算SHA256哈希值,得到最终的SHA256哈希值。Calculate the SHA256 hash value of the concatenated string content to get the final SHA256 hash value.

为了使得本领域技术人员更加清楚的理解,本实施例对SHA256的计算原理作进一步的说明:SHA-256是一种密码哈希函数,用于将任意长度的输入数据映射为固定长度的输出。SHA代表安全哈希算法(Secure Hash Algorithm),256表示输出的位数为256位(32字节)。SHA-256的计算过程基本上是通过对输入数据进行一系列复杂的数学运算来生成一个唯一的、固定长度的输出,即哈希值。这个过程包括了位操作、加法、旋转等步骤,以确保生成的哈希值具有以下特性:固定长度输出、唯一性、抗碰撞性、不可逆性。In order to make the technical personnel in this field understand more clearly, this embodiment further explains the calculation principle of SHA256: SHA-256 is a cryptographic hash function used to map input data of any length to an output of fixed length. SHA stands for Secure Hash Algorithm, and 256 means that the number of bits of the output is 256 bits (32 bytes). The calculation process of SHA-256 is basically to generate a unique, fixed-length output, i.e., a hash value, by performing a series of complex mathematical operations on the input data. This process includes steps such as bit operations, addition, and rotation to ensure that the generated hash value has the following characteristics: fixed-length output, uniqueness, collision resistance, and irreversibility.

d.检查本地文件:d. Check local files:

服务端检查本地/tmp目录下是否存在特定的文件,该文件用于存储先前验证的SHA256哈希值。The server checks whether a specific file exists in the local /tmp directory, which is used to store the previously verified SHA256 hash value.

e.解密文件:e. Decrypted files:

若文件存在,使用最终计算的SHA256哈希值后32位作为AES密钥解密文件。If the file exists, use the last 32 bits of the final calculated SHA256 hash value as the AES key to decrypt the file.

f.对比SHA256:f. Compare with SHA256:

若解密成功,服务端读取解密后的文件内容,并将其与最终计算的SHA256哈希值进行对比。If the decryption is successful, the server reads the decrypted file content and compares it with the final calculated SHA256 hash value.

g.数据对比一致并继续正常执行:g. The data comparison is consistent and continues to execute normally:

若对比一致,说明环境未被篡改、代码未泄露,服务端继续正常执行。需要说明的是,在服务端全部通过步骤d、e、f的SHA256哈希值,说明本地/tmp目录下的特定文件内含有步骤c计算的SHA256哈希值,步骤c计算的SHA256哈希值就无需储存到/tmp/xxx文件内。If the comparison is consistent, it means that the environment has not been tampered with, the code has not been leaked, and the server continues to execute normally. It should be noted that the SHA256 hash values of steps d, e, and f are all passed on the server, indicating that the specific file in the local /tmp directory contains the SHA256 hash value calculated in step c, and the SHA256 hash value calculated in step c does not need to be stored in the /tmp/xxx file.

h.异常情况:h. Abnormal situations:

若文件不存在、解密失败或对比不一致,则服务端把对硬件字符串内容计算的SHA256哈希值发送到验证端进行验证。If the file does not exist, decryption fails, or the comparison is inconsistent, the server sends the SHA256 hash value calculated for the hardware string content to the verification end for verification.

由于步骤b的硬件信息是随机获取的,且验证端必须验证内网IP地址的数据,因此,在这个过程中,分为两种情况:Since the hardware information in step b is obtained randomly, and the verification end must verify the data of the intranet IP address, there are two cases in this process:

1)、当服务端获取的硬件信息不包含内网IP地址时,则服务端重新获取内网IP地址,并将内网IP地址与SHA256哈希值组成IP:SHA256格式发送到验证端进行验证;1) When the hardware information obtained by the server does not contain the intranet IP address, the server re-obtains the intranet IP address and sends the intranet IP address and SHA256 hash value in IP:SHA256 format to the verification end for verification;

2)、当服务端获取的硬件信息包含内网IP地址时,服务端把SHA256哈希值发送到验证端进行验证。2) When the hardware information obtained by the server contains the intranet IP address, the server sends the SHA256 hash value to the verification end for verification.

需要注意的是,在服务端到验证端的通信过程中,需要注意HTTPS证书错误处理:It should be noted that during the communication process from the server to the verification end, attention should be paid to HTTPS certificate error handling:

具体地,如果服务端忽略了HTTPS证书错误,将会使整个验证过程变得不安全,因为这可能导致服务端接收到伪造的验证结果。正确的处理方式是:一旦检测到HTTPS证书错误,服务端应立即停止与验证端的通信,并按照安全策略处理,比如丢弃所有接收到的游戏数据,避免可能的私服问题。Specifically, if the server ignores the HTTPS certificate error, the entire verification process will become unsafe, because it may cause the server to receive a forged verification result. The correct way to deal with it is: once an HTTPS certificate error is detected, the server should immediately stop communicating with the verification end and handle it according to the security policy, such as discarding all received game data to avoid possible private server problems.

基于上述注意事项,进行举例:如开发人员编写的代码没有按照提示进行了忽略HTTPS证书验证,那么将导致验证端被伪造的成功性,如以下C++代码将会导致验证端被伪造:Based on the above precautions, an example is given: if the code written by the developer does not ignore the HTTPS certificate verification as prompted, the verification end will be successfully forged. For example, the following C++ code will cause the verification end to be forged:

C++C++

1 curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); // 忽略证书验证;1 curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); // Ignore certificate verification;

2 curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); // 忽略主机名验证;2 curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); // Ignore hostname verification;

正确的做法时,不能够忽略远程验证端的HTTPS证书错误报错。The correct approach is not to ignore HTTPS certificate errors reported by the remote authentication end.

验证端主要步骤包括:The main steps of the verification end include:

A.数据库的建立:A. Database establishment:

信息安全中心事先对内RO服务端环境数据进行采集,并存入后端数据库。The Information Security Center collects the internal RO server environment data in advance and stores it in the back-end database.

B.数据接收:B. Data reception:

验证端收到RO服务端发送的数据。The verification end receives the data sent by the RO server.

C.验证远程IP地址:C. Verify the remote IP address:

核实发送请求的服务端远程IP地址是否属于合法已知的资产IP范围内。Verify whether the remote IP address of the server sending the request is within the legal and known asset IP range.

D.验证内网IP地址:D. Verify the intranet IP address:

验证服务端发送的内网IP地址是否与数据库中的数据相对应。Verify whether the intranet IP address sent by the server corresponds to the data in the database.

E.验证核心数据:E. Verify core data:

验证服务端发送的核心数据(CPU ID、硬盘ID或网卡ID的SHA256哈希值)是否与数据库中的数据相对应。Verify that the core data (SHA256 hash value of CPU ID, hard disk ID, or network card ID) sent by the server corresponds to the data in the database.

需要说明的是,若服务端发送过来的内网IP地址和核心数据,在发送到验证端之前,使用AES加密算法,采用最终计算的SHA256哈希值后32位作为约定密钥进行加密;则在验证端的过程中,需要对其进行AES解密,一般采用最终计算的SHA256哈希值后32位作为AES密钥解密文件。It should be noted that if the intranet IP address and core data sent by the server are encrypted using the AES encryption algorithm before being sent to the verification end, the last 32 bits of the final calculated SHA256 hash value are used as the agreed key; then during the verification process, AES decryption is required, and the last 32 bits of the final calculated SHA256 hash value are generally used as the AES key to decrypt the file.

若服务端发送过来的内网IP地址和核心数据,在发送到验证端之前,未使用AES加密,则在验证端的过程中,无需解密。If the intranet IP address and core data sent by the server are not encrypted using AES before being sent to the verification end, they do not need to be decrypted during the verification process.

在本实施例中,优选在服务端使用AES加密算法,约定的密钥进行加密后,发送给验证端进行验证服务。In this embodiment, it is preferred that the AES encryption algorithm is used at the server end, and after being encrypted with the agreed key, it is sent to the verification end for verification service.

F.验证通过:F. Verification passed:

若步骤C、D、E全部验证通过,验证端返回ture给服务端。If steps C, D, and E are all verified, the verifier returns true to the server.

服务端在接收验证端数据为True后继续执行游戏数据的处理,并同时将SHA256哈希值写入到/tmp目录下xxx文件,并用AES加密算法,SHA256哈希值后32位作为密钥进行加密存储。After receiving the verification data as True, the server continues to process the game data, and at the same time writes the SHA256 hash value to the xxx file in the /tmp directory, and uses the AES encryption algorithm, with the last 32 bits of the SHA256 hash value as the key for encrypted storage.

G.验证失败:G. Verification failed:

若步骤C、D、E有任一项验证失败,验证端返回false给服务端。If any of steps C, D, or E fails to verify, the verifier returns false to the server.

服务端在接收验证端数据为false后不退出,但将所有游戏数据进行丢弃。The server does not exit after receiving the verification data as false, but discards all game data.

本实施例举出一个未授权且已经发生代码泄露的案例:非授权用户尝试使用泄露的二进制文件启动服务端。由于他们的硬件信息与信息安全中心的数据库记录不符,验证端返回False,服务端进程继续运行,但不处理任何游戏数据(即丢弃所有游戏数据),从而有效地防止了私服的运行。This example shows an unauthorized code leak: an unauthorized user attempts to use a leaked binary file to start the server. Since their hardware information does not match the database record of the information security center, the verification end returns False, and the server process continues to run, but does not process any game data (that is, discards all game data), effectively preventing the operation of private servers.

本实施例再举出一个授权的案例:正规合作服务提供商(授权用户)在升级硬件后忘记了更新信息安全中心的数据库。启动后,由于SHA256哈希值不匹配,服务端无法通过验证。这一情况促使合作服务提供商(授权用户)及时与信息安全中心沟通,更新了数据库,保障了服务的正常运行。这也体现了该防护机制能够有效地控制服务端的运行环境,并防止未经授权的变更。This embodiment gives another authorization case: the regular cooperative service provider (authorized user) forgot to update the database of the information security center after upgrading the hardware. After startup, the server failed to pass the verification due to the mismatch of the SHA256 hash value. This situation prompted the cooperative service provider (authorized user) to communicate with the information security center in a timely manner, update the database, and ensure the normal operation of the service. This also shows that the protection mechanism can effectively control the operating environment of the server and prevent unauthorized changes.

以上所述,仅是本发明的较佳实施例而已,并非对本发明作任何形式上的限制。任何熟悉本领域的技术人员,在不脱离本发明技术方案范围情况下,都可利用上述揭示的方法和技术内容对本发明技术方案做出许多可能的变动和修饰,或修改为等同变化的等效实施例。故凡是未脱离本发明技术方案的内容,依据本发明之形状、构造及原理所作的等效变化,均应涵盖于本发明的保护范围内。The above is only a preferred embodiment of the present invention, and does not limit the present invention in any form. Any technician familiar with the art can make many possible changes and modifications to the technical solution of the present invention by using the above disclosed methods and technical contents without departing from the scope of the technical solution of the present invention, or modify it into an equivalent embodiment of equivalent changes. Therefore, all equivalent changes made according to the shape, structure and principle of the present invention without departing from the content of the technical solution of the present invention should be included in the protection scope of the present invention.

Claims (5)

1.一种防止游戏代码泄露变成私服的防护方法,其特征在于,所述方法包括:1. A method for preventing game code from being leaked and turned into a private server, characterized in that the method comprises: 服务端启动,获取运行环境下的多个硬件信息,从而获取各硬件相对应的字符串内容;The server starts and obtains multiple hardware information in the running environment, thereby obtaining the string content corresponding to each hardware; 服务端对获取的硬件字符串内容进行SHA256的计算处理,得到最终的SHA256哈希值;The server performs SHA256 calculation on the obtained hardware string content to obtain the final SHA256 hash value; 服务端检查本地/tmp目录下是否存在特定的文件,该文件用于存储先前验证的SHA256哈希值;The server checks whether a specific file exists in the local /tmp directory, which is used to store the previously verified SHA256 hash value; 若文件存在,服务端解密文件内容;If the file exists, the server decrypts the file contents; 若解密成功,服务端将解密后的文件内容与最终计算的SHA256哈希值进行对比;If the decryption is successful, the server compares the decrypted file content with the final calculated SHA256 hash value; 若对比一致,说明环境未被篡改、代码未泄露,服务端继续正常执行;If the comparison is consistent, it means that the environment has not been tampered with, the code has not been leaked, and the server continues to execute normally; 若文件不存在、解密失败或对比不一致,服务端把对硬件字符串内容计算的SHA256哈希值发送到验证端进行验证;If the file does not exist, decryption fails, or the comparison is inconsistent, the server sends the SHA256 hash value calculated for the hardware string content to the verification end for verification; 若验证端验证通过,服务端继续正常执行;If the verification is successful, the server continues to execute normally. 若验证端验证失败,服务端丢弃所有游戏数据;If the verification fails, the server discards all game data; 服务端启动,随机获取运行环境下的CPU、硬盘、网卡、内网IP地址四个硬件信息中的三个,从而获取三个硬件信息相对应的字符串内容;The server starts and randomly obtains three of the four hardware information of CPU, hard disk, network card, and intranet IP address in the running environment, thereby obtaining the string content corresponding to the three hardware information; 当服务端获取的硬件信息不包含内网IP地址时,则服务端重新获取内网IP地址,并将内网IP地址与SHA256哈希值组成IP:SHA256格式发送到验证端进行验证;When the hardware information obtained by the server does not contain the intranet IP address, the server re-obtains the intranet IP address and sends the intranet IP address and SHA256 hash value in IP:SHA256 format to the verification end for verification; 当服务端获取的硬件信息包含内网IP地址时,服务端把SHA256哈希值发送到验证端进行验证;When the hardware information obtained by the server contains the intranet IP address, the server sends the SHA256 hash value to the verification end for verification; 验证端收到来自服务端的验证请求时,进行3轮校对验证:When the verification end receives the verification request from the server, it performs three rounds of verification: 第一轮:验证发送请求的服务端远程IP地址是否属于已知的资产IP范围内;若在范围内,则第一轮校对验证通过;First round: Verify whether the remote IP address of the server sending the request is within the known asset IP range; if it is within the range, the first round of verification passes; 第二轮:解密服务端发送过来的数据,解密后,数据内容中的内网IP地址与验证端的数据库中储存的值进行对比,验证是否相对应;若相对应,则第二轮校对验证通过;Second round: Decrypt the data sent by the server. After decryption, compare the intranet IP address in the data content with the value stored in the database of the verification end to verify whether they correspond. If they correspond, the second round of proofreading and verification is passed; 第三轮:解密后数据内容中的CPU ID、硬盘ID或网卡ID的SHA256哈希值分别与验证端的数据库中储存的值进行对比,验证是否一一对应;若完全对应,则第三轮校对验证通过。The third round: The SHA256 hash values of the CPU ID, hard disk ID or network card ID in the decrypted data content are compared with the values stored in the database of the verification end to verify whether they correspond one to one; if they correspond completely, the third round of proofreading and verification is passed. 2.如权利要求1所述的一种防止游戏代码泄露变成私服的防护方法,其特征在于,在对获取的硬件字符串内容进行SHA256的计算处理过程中,包括:2. A method for preventing game code leakage from becoming a private server as claimed in claim 1, characterized in that, in the process of performing SHA256 calculation processing on the obtained hardware string content, it includes: 对获取的硬件字符串内容分别计算SHA256哈希值,并将计算出的SHA256哈希值进行字符串拼接;Calculate the SHA256 hash values for the obtained hardware string contents respectively, and concatenate the calculated SHA256 hash values into strings; 对拼接后的字符串内容再计算SHA256哈希值,得到最终的SHA256哈希值。Calculate the SHA256 hash value of the concatenated string content to get the final SHA256 hash value. 3.如权利要求2所述的一种防止游戏代码泄露变成私服的防护方法,其特征在于,在服务端解密文件内容的过程中,使用最终计算的SHA256哈希值后32位作为AES密钥解密文件。3. A method for preventing game code from being leaked and turned into a private server as described in claim 2, characterized in that in the process of decrypting the file content on the server side, the last 32 bits of the finally calculated SHA256 hash value are used as the AES key to decrypt the file. 4.如权利要求1所述的一种防止游戏代码泄露变成私服的防护方法,其特征在于,若3轮校对验证全部通过,则表示验证端验证通过,服务端继续正常执行,并同时将SHA256哈希值储存到/tmp目录下特定的文件内;反之,则表示验证端验证失败,服务端不退出,但将所有游戏数据进行丢弃。4. A method for preventing game code from being leaked and turned into a private server as described in claim 1, characterized in that if all three rounds of proofreading and verification are passed, it means that the verification end has passed the verification, the server continues to execute normally, and at the same time stores the SHA256 hash value in a specific file in the /tmp directory; otherwise, it means that the verification end has failed the verification, the server does not exit, but discards all game data. 5.如权利要求1所述的一种防止游戏代码泄露变成私服的防护方法,其特征在于,验证端的数据库用于采集服务端环境数据。5. A method for preventing game code from being leaked and turned into a private server as described in claim 1, characterized in that the database of the verification end is used to collect server environment data.
CN202410546691.9A 2024-05-06 2024-05-06 A method to prevent game code leakage and private server Active CN118133271B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410546691.9A CN118133271B (en) 2024-05-06 2024-05-06 A method to prevent game code leakage and private server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410546691.9A CN118133271B (en) 2024-05-06 2024-05-06 A method to prevent game code leakage and private server

Publications (2)

Publication Number Publication Date
CN118133271A CN118133271A (en) 2024-06-04
CN118133271B true CN118133271B (en) 2024-07-12

Family

ID=91246042

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410546691.9A Active CN118133271B (en) 2024-05-06 2024-05-06 A method to prevent game code leakage and private server

Country Status (1)

Country Link
CN (1) CN118133271B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107508682A (en) * 2017-08-16 2017-12-22 努比亚技术有限公司 Browser certificate authentication method and mobile terminal

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105577666A (en) * 2015-12-25 2016-05-11 北京像素软件科技股份有限公司 Method and system for verifying network server
CN114362971B (en) * 2022-03-21 2022-06-21 南京大学 Digital asset right confirming and tracing method based on Hash algorithm
CN116244736A (en) * 2022-12-24 2023-06-09 航天信息股份有限公司 File protection method and system based on environment detection

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107508682A (en) * 2017-08-16 2017-12-22 努比亚技术有限公司 Browser certificate authentication method and mobile terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
私服防御系统的设计与实现;周奕明;《中国优秀硕士论文全文数据库》;20080615;第53-60页 *

Also Published As

Publication number Publication date
CN118133271A (en) 2024-06-04

Similar Documents

Publication Publication Date Title
WO2021012552A1 (en) Login processing method and related device
US8001383B2 (en) Secure serial number
US20030028773A1 (en) Methods, systems and computer program products for secure delegation using public key authentication
WO2018017609A1 (en) Secure asynchronous communications
CN103414699A (en) Authentication method for client certificate, server and client
CN113849797B (en) Method, device, equipment and storage medium for repairing data security hole
CN117857060A (en) Two-dimensional code offline verification method, system and storage medium
CN118157946A (en) Hybrid encryption and decryption method, device, equipment and medium for data integrity verification
CN117892290A (en) Vehicle refreshing method, device, terminal equipment and storage medium
CN120017386A (en) A cloud computing data secure transmission system and method
CN115514492A (en) BIOS firmware verification method, device, server, storage medium and program product
CN114679299A (en) Communication protocol encryption method, device, computer equipment and storage medium
CN118133271B (en) A method to prevent game code leakage and private server
CN118413369A (en) Signature program encryption method and device, signature program decryption method and device
US20240243925A1 (en) Self-signed certificate
CN108376212B (en) Execution code security protection method and device and electronic device
CN114553566B (en) Data encryption method, device, equipment and storage medium
CN116781254A (en) Data encryption method, data decryption method and data decryption device
CN115766192A (en) UKEY-based offline security authentication method, device, equipment and medium
WO2019113629A1 (en) System and methods for generating and authenticating verifiable network traffic
CN114650175B (en) A verification method and device
CN114024702A (en) Information security protection method and computing device
CN115865369B (en) Identity authentication method and device
CN119483965A (en) A lightweight identity authentication method based on the national secret algorithm SM3
JP2002006739A (en) Authentication information generation device and data verification device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20241018

Address after: Room 237J, 668 Shangda Road, Baoshan District, Shanghai, 200444

Patentee after: Shanghai happy mutual Entertainment Network Technology Co.,Ltd.

Country or region after: China

Address before: 201203 5th floor, No.2 Lane 999, Dangui Road, Pudong New Area, Shanghai

Patentee before: Happy mutual Entertainment (Shanghai) Technology Co.,Ltd.

Country or region before: China