blocks|key|681701|text|type|unstyled|depth|inlineStyleRanges|entityRanges|data|681702|是什么阻止了有人将游戏复制到他们的计算机上，并注入函数和模块来作弊？|blockquote|681703|681704|681705|没什么。|681706|681707|有没有什么基本的方法可以通过以某种方式设计你的游戏代码来防止人们做这种事情呢？|681708|681709|681710|不是的。|681711|entityMap^0|0|0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|-4|4|5|6|Q|7|@]|8|@]|9|$]]|$1|A|3|B|4|C|6|R|7|@]|8|@]|9|$]]|$1|D|3|-4|4|5|6|S|7|@]|8|@]|9|$]]|$1|E|3|-4|4|5|6|T|7|@]|8|@]|9|$]]|$1|F|3|G|4|5|6|U|7|@]|8|@]|9|$]]|$1|H|3|-4|4|5|6|V|7|@]|8|@]|9|$]]|$1|I|3|J|4|C|6|W|7|@]|8|@]|9|$]]|$1|K|3|-4|4|5|6|X|7|@]|8|@]|9|$]]|$1|L|3|-4|4|5|6|Y|7|@]|8|@]|9|$]]|$1|M|3|N|4|5|6|Z|7|@]|8|@]|9|$]]|$1|O|3|-4|4|5|6|10|7|@]|8|@]|9|$]]]|P|$]]

<blockquote>
 What is stopping someone from copying
 the game onto their computer, and
 injecting functions and modules to
 cheat?
</blockquote>

Nothing.

<blockquote>
 Is there any fundamental way to
 protect people from doing this sort of
 thing by designing your game code in a
 certain way?
</blockquote>

Nope.

blocks|key|3738112|text|这就是为什么大多数JavaScript游戏严重依赖服务器状态来防止作弊。|type|unstyled|depth|inlineStyleRanges|offset|length|style|BOLD|entityRanges|data|3738113|entityMap^0|P|5|0^^$0|@$1|2|3|4|5|6|7|H|8|@$9|I|A|J|B|C]]|D|@]|E|$]]|$1|F|3|-4|5|6|7|K|8|@]|D|@]|E|$]]]|G|$]]

This is why most JavaScript games rely heavily on a server state, to prevent cheats.

blocks|key|1430480|text|简而言之，不是。但是，您可以使用obfuscate+Javascript来使其变得更加困难。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1430481|对于像分数这样的东西，理论上用户可以在你的处理程序脚本中发布任何分数。在这种情况下，您可以使用会话并通过AJAX定期回发到服务器。|1430482|entityMap|0|LINK|mutability|MUTABLE|url|https://stackoverflow.com/questions/194397/how-can-i-obfuscate-javascript^0|G|K|0|0|0^^$0|@$1|2|3|4|5|6|7|N|8|@]|9|@$A|O|B|P|1|Q]]|C|$]]|$1|D|3|E|5|6|7|R|8|@]|9|@]|C|$]]|$1|F|3|-4|5|6|7|S|8|@]|9|@]|C|$]]]|G|$H|$5|I|J|K|C|$L|M]]]]

In short, no. However, you can <a href="https://stackoverflow.com/questions/194397/how-can-i-obfuscate-javascript">obfuscate Javascript</a> to make it much more difficult.

For things like scores, a user could in theory POST any score to your handler script. In this case you could use a session and regularly post back to the server through AJAX.

blocks|key|683609|text|一些想法|type|unstyled|depth|inlineStyleRanges|entityRanges|data|683610|服务器端：|683611|683612|存储游戏的内部状态服务器端，并检查客户端在server.|unordered-list-item|683613|Autoaim：上发送的输入，创建正常玩家看不见的伪精灵，如果它们被击中太频繁，你就有一个机器人。(不会总是工作，因为机器人可能会更新，以检查invisibility)|offset|length|style|BOLD|683614|check客户端对服务器上的更改的反应时间，检查太多太快的反应。(在做出反应之前，必须接受大量的快速响应，因为人类可能会做出快速反应，并且必须考虑到网络延迟才能捕捉到任何东西)。给玩家一些验证码，普通玩家是看不到的。|683615|683616|客户端：|683617|683618|使用混淆来使其更难与您的代码接口，|683619|检查您所知道的黑客中定义的函数。必须经常修改/更新，因为这类黑客的创建者可以解决这些问题。|683620|游戏设计:减少游戏的重复性，这使得为它编写工具/机器人变得更加困难。|683621|会不时更新客户端以更改其结构的一部分。虽然这不会阻止机器人，但它需要工作来保持它们的运行。要么让它对用户透明，要么用一个新功能来掩饰它。|683622|683623|重要提示:确保您的服务器界面检查用户输入，混淆和客户端检查不会对编写自己的客户端的人有所帮助。|683624|entityMap^0|0|0|0|0|0|7|0|0|0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|16|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|17|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|18|8|@]|9|@]|A|$]]|$1|E|3|F|5|G|7|19|8|@]|9|@]|A|$]]|$1|H|3|I|5|G|7|1A|8|@$J|1B|K|1C|L|M]]|9|@]|A|$]]|$1|N|3|O|5|G|7|1D|8|@]|9|@]|A|$]]|$1|P|3|-4|5|6|7|1E|8|@]|9|@]|A|$]]|$1|Q|3|R|5|6|7|1F|8|@]|9|@]|A|$]]|$1|S|3|-4|5|6|7|1G|8|@]|9|@]|A|$]]|$1|T|3|U|5|G|7|1H|8|@]|9|@]|A|$]]|$1|V|3|W|5|G|7|1I|8|@]|9|@]|A|$]]|$1|X|3|Y|5|G|7|1J|8|@]|9|@]|A|$]]|$1|Z|3|10|5|G|7|1K|8|@]|9|@]|A|$]]|$1|11|3|-4|5|6|7|1L|8|@]|9|@]|A|$]]|$1|12|3|13|5|6|7|1M|8|@]|9|@]|A|$]]|$1|14|3|-4|5|6|7|1N|8|@]|9|@]|A|$]]]|15|$]]

Some thoughts

Server side:

<ul>
<li>Store the games internal state sever side and check the input send by clients on the server.</li>
<li>Autoaim: Create fake sprites which are invisible to normal players, if they get hit too often you have a bot. (will not always work as the bots may be updated to check for invisibility)</li>
<li>check client reaction time to changes on the server, check for too many too fast reactions. (has to accept a large number of fast responses before reacting as a human could react fast and the time has to account for the network delay to catch anything). Give the player some sort of captcha, a regular player would never see it.</li>
</ul>

Client side:

<ul>
<li>use obfuscation to make it harder to interface with your code</li>
<li>check for functions defined in the hacks you know about. Has to be modified/updated often as the creators of such hacks can work around those.</li>
<li>Game design: making your game less repetitive this makes it harder to write tools/bots for it.</li>
<li>update the client to change parts of its structure from time to time. While this will not stop bots it will take work to keep them running. Either make it transparent to the user or disguise it with a new feature.</li>
</ul>

Important: make sure your server interface checks the user input, obfuscation and client side checks wont help against someone writing their own client.

blocks|key|1430534|text|我喜欢这个问题，虽然可能有更好的答案，但这里有一些我突然想到的可能(也可能不)有效的答案：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1430535|1430536|混淆。是的，这是不能保证的，并且有人最终可以得到它，但是每次用一个新的临时令牌来处理sometimes.|unordered-list-item|1430537|Generate+JS是一件痛苦的事情。您可以将运行代码的.js模板化，并插入一个服务器生成的令牌，该令牌根据每个实例而有所不同。令牌可能是临时的，也可能是验证代码真实性的一种方法|1430538|可能有某种方法来确定正在运行的脚本的正确位置-但这可能是伪造的|1430539|1430540|一般来说，这很难，上面的所有建议都可以解决。我想关键是让他们很难作弊，但考虑到即使是安全的在线模式游戏也有作弊者，很难防止JS游戏也受到这种影响。|1430541|entityMap^0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|O|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|P|8|@]|9|@]|A|$]]|$1|C|3|D|5|E|7|Q|8|@]|9|@]|A|$]]|$1|F|3|G|5|E|7|R|8|@]|9|@]|A|$]]|$1|H|3|I|5|E|7|S|8|@]|9|@]|A|$]]|$1|J|3|-4|5|6|7|T|8|@]|9|@]|A|$]]|$1|K|3|L|5|6|7|U|8|@]|9|@]|A|$]]|$1|M|3|-4|5|6|7|V|8|@]|9|@]|A|$]]]|N|$]]

I like the question, and while there are probably better answers, here are a few off the top of my head that may (or may not) work:

<ul>
<li>Obfuscation. Yea, it's not guaranteed and someone can eventually get to it, but it's a pain in the butt to deal with sometimes.</li>
<li>Generate the JS with a new temporary token each time. You may be able to templatize the .js running the code and insert a server generated token that differs per each instance. The token could be temporary and it could be one way to validate the authenticity of the code</li>
<li>There's probably some way to determine the proper location of the script being run - but this could probably be faked</li>
</ul>

In general, its hard, and all of the suggestions above can be worked around. I guess the key is to make it hard for them to cheat, but given that there are cheaters for even secure online mode games, it's going to be hard to prevent JS games from being susceptible to that as well.

blocks|key|1426723|text|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1426724|有没有什么基本的方法可以通过以某种方式设计你的游戏代码来防止人们做这种事情呢？|blockquote|1426725|1426726|1426727|唯一明智的方法是将关键的代码片段保存在您控制的服务器上，并且根本不将其提供给用户的计算机。困难的部分是在保持游戏足够快的情况下使这个方块可玩。|1426728|entityMap^0|0|0|0|0|0^^$0|@$1|2|3|-4|4|5|6|J|7|@]|8|@]|9|$]]|$1|A|3|B|4|C|6|K|7|@]|8|@]|9|$]]|$1|D|3|-4|4|5|6|L|7|@]|8|@]|9|$]]|$1|E|3|-4|4|5|6|M|7|@]|8|@]|9|$]]|$1|F|3|G|4|5|6|N|7|@]|8|@]|9|$]]|$1|H|3|-4|4|5|6|O|7|@]|8|@]|9|$]]]|I|$]]

<blockquote>
 Is there any fundamental way to protect people from doing this sort of thing by designing your game code in a certain way?
</blockquote>

The only sane method is to keep critical pieces of the code on servers you control and never give it to the users' computers at all. The hard part is making this square with keeping the game fast enough to be playable.

blocks|key|3738142|text|你在尝试做不可能的事。我能给你的最好的建议是，如果你计划持久化任何数据，如硬币/货币/黄金，级别，诸如此类的东西，请确保你永远不要信任客户端，并使尽可能多的逻辑服务器端。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3738143|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

You're attempting to do the impossible. The best advice I can give you is that if you are plan on persisting any data like coins/money/gold, levels, whatnot you make sure you never trust the client and make as much logic server sided as a possible.

blocks|key|681971|text|我认为应该以这样的方式编写客户端:动态修改客户端代码，并验证在服务器上创建的代码的使用情况。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|681972|例如，有一个这样的名称空间|681973|window.mynamespace+=+{

++++foo+:+function(){
++++++++//+some+stuff+here
++++},

++++bar+:+function(){
++++++++//+some+more+stuff+here
++++}+
}|code-block|syntax|javascript|681974|它包含您的所有客户端代码，并使您的所有服务器方法都需要一个令牌，该令牌是对代码库的前一次动态评估的结果。通过重新定义方法和更改方法名称来使这变得更加困难。以下是一些示例挑战(只有在挑战是动态创建且不可预测的情况下，这才有意义)。它们都首先包含一个任务，然后包含一个质询，该任务将用于为下一个请求创建授权令牌。(这些是来自ajax调用的响应对象)。基本上，任务将是eval'd，而eval'd挑战的结果将是下一个令牌。|681975|{
++++task:+"mynamespace.baz=mynamespace.foo;mynamespace.foo=undefined;",
++++challenge:+"mynamespace[11].toString().substr(10,22)"
++++++++++++//+get+part+of+a+well-known+functions+source+code
}

{
++++task:+"mynamespace.bar=function(){+/*+new+code+here+*/+}",
++++challenge:+"var+xy=0;mynamespace.each(function(item){xy%2B=item.toString().lastIndexOf(';')});+xy"
++++++++++++//+accumulate+the+last+index+of+a+semicolon+in+all+elements
++++++++++++//+of+the+namespace
}|681976|为了克服这一点并仍然获得有效的授权令牌，客户端必须编写一个完整的javascript模拟层。虽然可以做到这一点，但我会经常尝试以基本的方式更改服务器代码，以使这种技术几乎不可能实现(这样模拟层就不知道要模拟什么了)。|681977|entityMap^0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|Q|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|R|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|S|8|@]|9|@]|A|$G|H]]|$1|I|3|J|5|6|7|T|8|@]|9|@]|A|$]]|$1|K|3|L|5|F|7|U|8|@]|9|@]|A|$G|H]]|$1|M|3|N|5|6|7|V|8|@]|9|@]|A|$]]|$1|O|3|-4|5|6|7|W|8|@]|9|@]|A|$]]]|P|$]]

I think the way to go would be to write the client in a way such that you dynamically alter the client code and verify the use of thusly created code on the server.

E.g. have a namespace like this

<pre><code>window.mynamespace = {

 foo : function(){
 // some stuff here
 },

 bar : function(){
 // some more stuff here
 } 
}
</code></pre>

which contains all your client code and make all your server methods require a token that is the result of a previous dynamic evaluation of the code base. make this harder by redefining methods and changing method names. Here are a few sample challenges (this only makes sense if challenges are created dynamically and not predictable). All contain a task first and then a challenge that will be used to create the authorization token for the next request. (These are response objects from the ajax calls). Basically the task will be eval'd and the result of the eval'd challenge will be the next token.

<pre><code>{
 task: "mynamespace.baz=mynamespace.foo;mynamespace.foo=undefined;",
 challenge: "mynamespace[11].toString().substr(10,22)"
 // get part of a well-known functions source code
}

{
 task: "mynamespace.bar=function(){ /* new code here */ }",
 challenge: "var xy=0;mynamespace.each(function(item){xy+=item.toString().lastIndexOf(';')}); xy"
 // accumulate the last index of a semicolon in all elements
 // of the namespace
}
</code></pre>

To beat that and still get valid authorization tokens, the client would have to write an entire javascript emulation layer. Although that can be done, I would try to make the server code change in fundamental ways very often to make this technique almost impossible (so the emulation layer won't know what to emulate).

blocks|key|3739055|text|例如，他们可以编写一个自动瞄准最近的敌人|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3739056|的函数。|blockquote|3739057|3739058|3739059|你可以这样做，甚至对于大多数处理发生在服务器端的游戏也是如此！您只需要足够快地分析显示即可。|3739060|你甚至可以重新实现游戏AI的一部分，以尝试预测机器人将如何移动。如果你不能访问游戏的源代码，这并不是一件容易的事情，但是如果你记录了大量的游戏时间，你可以应用机器学习技术。|3739061|3739062|有没有什么基本的方法可以通过以某种方式设计你的游戏代码来防止人们做这种事情呢？|3739063|3739064|3739065|不要忘记，你可以改变游戏本身，而不仅仅是它的实现方式。例如，使用随机生成的关卡而不是静态关卡，使用人类玩家而不是机器人，使你的艺术/精灵更加复杂，更多地使用音频，限制光标移动的速度，增加武器的冷却时间，增加隐藏的危险，等等。|3739066|entityMap^0|0|0|0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|T|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|U|8|@]|9|@]|A|$]]|$1|E|3|-4|5|6|7|V|8|@]|9|@]|A|$]]|$1|F|3|-4|5|6|7|W|8|@]|9|@]|A|$]]|$1|G|3|H|5|6|7|X|8|@]|9|@]|A|$]]|$1|I|3|J|5|6|7|Y|8|@]|9|@]|A|$]]|$1|K|3|-4|5|6|7|Z|8|@]|9|@]|A|$]]|$1|L|3|M|5|D|7|10|8|@]|9|@]|A|$]]|$1|N|3|-4|5|6|7|11|8|@]|9|@]|A|$]]|$1|O|3|-4|5|6|7|12|8|@]|9|@]|A|$]]|$1|P|3|Q|5|6|7|13|8|@]|9|@]|A|$]]|$1|R|3|-4|5|6|7|14|8|@]|9|@]|A|$]]]|S|$]]

<blockquote>
 they could write a function that autoaims
 at the nearest enemy sprite for example.
</blockquote>

You can do this even for games were most processing happens server-side! You just need to analyse the display quickly enough.

You can even re-implement parts of the game AI to try to predict how bots will move. Not an easy task if you don't have access to the game's source code but if you log lots of gameplay time, you could apply machine learning techniques.

<blockquote>
 Is there any fundamental way to
 protect people from doing this sort of
 thing by designing your game code in a
 certain way?
</blockquote>

Don't forget that you can change the game itself, not just how it is implemented. For instance, use randomly-generated levels rather than static ones, use human players rather than bots, make your art/sprites more complex, make more use of audio, put a limit on how fast the cursor can be moved, add cooldown times to weapons, add hidden hazards, and so on.

blocks|key|2331467|text|从理论上讲，你是在和黑客玩游戏。你不可能赢得这场比赛，但你让它变得更具挑战性。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2331468|我的建议是尽可能多地使用服务器端逻辑，并尽可能使用Javascript模糊处理。|2331469|Javascript混淆将使理解代码变得极其困难，但更好的是，它将使您可以发布数千个版本的代码，同时保持相同的代码库。|2331470|我曾经使用过一次JScrambler来做这件事。黑客将不得不破解数千个版本的代码，而不是破解一个游戏的代码！:)|offset|length|2331471|entityMap|0|LINK|mutability|MUTABLE|url|https://jscrambler.com/^0|0|0|0|8|A|0|0^^$0|@$1|2|3|4|5|6|7|R|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|S|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|T|8|@]|9|@]|A|$]]|$1|F|3|G|5|6|7|U|8|@]|9|@$H|V|I|W|1|X]]|A|$]]|$1|J|3|-4|5|6|7|Y|8|@]|9|@]|A|$]]]|K|$L|$5|M|N|O|A|$P|Q]]]]

In theory you are playing a game against hackers. You can't win this game but you make it challenging. 

My suggestion would be to use as much server side logic as you can possibly use and use Javascript Obfuscation. 

Javascript obfuscation will make it extremely hard to understand the code, but even better it will make it possible for you to release several thousand versions of your code while maintaining the same code base.

I have used <a href="https://jscrambler.com/" rel="nofollow">JScrambler</a> to do this on one occasion. Instead of having to hack the code of 1 game, hackers will have to hack several thousand versions of the code! :)

blocks|key|683554|text|您可以将代码调用的所有内容都放在闭包中：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|683555|(function()+{
++var+cantSeeMe+=+function()+{
++++//+do+some+game+stuff!
++};

})();|code-block|syntax|javascript|683556|在闭包之外，很难获得“注入黑客”(hacks)的代码(例如，覆盖控制台上的函数)。这不会阻止别人重写你的代码，但是通过打包器传递东西，甚至是closure+compiler都会使你的代码很难阅读/修改……(看看jQuery+min|offset|length|683557|总而言之，任何运行客户端的游戏都是可破解的。|683558|entityMap|0|LINK|mutability|MUTABLE|url|http://code.google.com/closure/compiler/|1|http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js^0|0|0|1Y|G|0|2X|A|1|0|0^^$0|@$1|2|3|4|5|6|7|W|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|X|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|Y|8|@]|9|@$I|Z|J|10|1|11]|$I|12|J|13|1|14]]|A|$]]|$1|K|3|L|5|6|7|15|8|@]|9|@]|A|$]]|$1|M|3|-4|5|6|7|16|8|@]|9|@]|A|$]]]|N|$O|$5|P|Q|R|A|$S|T]]|U|$5|P|Q|R|A|$S|V]]]]

You can put everything the code ever calls inside of a closure:

<pre><code>(function() {
 var cantSeeMe = function() {
 // do some game stuff!
 };

})();
</code></pre>

Outside of the closure, it will be very difficult to get at the code for "injection hacks" (overriding a function on the console for instance). This wont stop someone from rewriting your code, but passing things through a packer, or even <a href="http://code.google.com/closure/compiler/" rel="nofollow noreferrer">closure compiler</a> can make your code pretty hard to read/modify... (take a look at <a href="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" rel="nofollow noreferrer">jQuery min</a>

All in all, ANY game running client side is hackable.

blocks|key|683589|text|travian(http://www.travian.us/)是一个在动态超文本标记语言中运行的大型游戏的一个很好的例子，它有大量的客户端滥用问题。仅仅是在firefox中安装grease猴子就为各种剥削行为打开了一扇相当大的大门。也就是说，它们似乎让游戏在某种程度上保持了功能性，因为大多数漏洞似乎都是围绕着游戏中常见任务的自动化，而不是直接违反游戏的内部域逻辑。请记住，此示例远不是仅使用JS运行的，它在很大程度上依赖于服务器端控件。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|683590|entityMap|0|LINK|mutability|MUTABLE|url|http://www.travian.us/^0|8|M|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@$A|M|B|N|1|O]]|C|$]]|$1|D|3|-4|5|6|7|P|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]]]

travian(<a href="http://www.travian.us/" rel="nofollow noreferrer">http://www.travian.us/</a>) is a good example of a larger scale game that runs in DHTML and it has a ton of issues with client side abuse. Just installing grease monkey in firefox opens a rather large door to all kinds of exploitative behavior. That said, they seem to keep the game somewhat functional since most of the exploits seem to revolve around automation of common in-game tasks and not direct violations of the internal domain logic of the game.
Keep in mind that this example is far from being run with only JS and relies largely on server side controls.

blocks|key|2331017|text|免责声明：这是一个糟糕的方法，可能太费力了。|type|unstyled|depth|inlineStyleRanges|offset|length|style|BOLD|entityRanges|data|2331018|假设您在发送代码之前有一个处理javascript代码的方法。|2331019|首先，每个方法都有一个ident变量，该变量附加到每个函数的结果中(即每个函数都会返回{ident:"special+code",result:"actual+useful+function+result"})。您还有一个testIdent()函数，它将接受要调用的函数名以及提供给它的“测试数据”(如果需要的话)。testIdent()的目的是将从上述函数返回的ident发送到服务器进行验证(其想法是，服务器可以在您认为合适的时候请求测试)。在发送之前，每个函数的标识都应该被随机化，并专门为指定的用户记录。|CODE|2331020|其次，在将代码发送到客户端之前，将函数顺序随机化，并将函数名称以某种随机的形式混淆。这样，黑客就无法在函数x()中查找某个变量ident，因为它将被随机命名。此外，如果每个变量名也是随机混淆的，这将是另一个加分，这只是增加了复杂性和令人头疼的……好吧..。每个人(我告诉过你这是一个糟糕的方法)。|2331021|现在，假设采取了适当的步骤来确保代码始终正确运行，黑客是非常聪明的人，如果他们足够坚定，黑客仍然有办法追踪这些代码。至少有一种方法是搜索关键代码结构，例如具有一定数量元素的switch语句，或具有x数量的语句的for循环等。虽然这些都可以通过在开关中添加虚拟case语句或在整个代码中随机添加几个if(true)位来应对，但对抗黑客将始终是一场持续的(可能是失败的)战斗。|2331022|希望这篇文章能给你一些启发。我不知道有人会如何准确地实现这一点，但这至少是一个想法。|2331023|祝好运!|2331024|entityMap^0|0|4|0|0|17|1P|33|B|4E|B|0|0|2E|6|3L|4|44|8|2Q|1|0|0|0^^$0|@$1|2|3|4|5|6|7|U|8|@$9|V|A|W|B|C]]|D|@]|E|$]]|$1|F|3|G|5|6|7|X|8|@]|D|@]|E|$]]|$1|H|3|I|5|6|7|Y|8|@$9|Z|A|10|B|J]|$9|11|A|12|B|J]|$9|13|A|14|B|J]]|D|@]|E|$]]|$1|K|3|L|5|6|7|15|8|@]|D|@]|E|$]]|$1|M|3|N|5|6|7|16|8|@$9|17|A|18|B|J]|$9|19|A|1A|B|J]|$9|1B|A|1C|B|J]|$9|1D|A|1E|B|C]]|D|@]|E|$]]|$1|O|3|P|5|6|7|1F|8|@]|D|@]|E|$]]|$1|Q|3|R|5|6|7|1G|8|@]|D|@]|E|$]]|$1|S|3|-4|5|6|7|1H|8|@]|D|@]|E|$]]]|T|$]]

Disclaimer: This is a terrible method and probably too much effort than it is worth.

Suppose that you had a method of processing the javascript code before you sent it.

First of all, every method has a ident variable which is attached to the result of every function (i.e. every function would return <code>{ident:"special code",result:"actual useful function result"}</code>). You also have a <code>testIdent()</code> function which would accept the function name to call as well as "test data" to give it (if any is needed). The purpose of <code>testIdent()</code> would be to send the ident returned from said function to the server for verification (the idea being that the server can request a test whenever you deem it appropriate). The ident for every function should be randomized and recorded specially for the specified user before sent.

Second, before the code is sent to the client, the function order is randomized and function names are obfuscated in some random fassion. This way there is no way for a hacker to look for some variable ident in function x() as it will be named randomly. Also, it would be another plus if every variable name is obfuscated randomly as well, just to add yet another step to the complication and headaches of... well... everyone (I told you this is a terrible method).

Now, assuming proper steps are taken to make sure the code will always function correctly, hackers are very cleaver people, and there are still ways for hackers to track this code if they are determined enough. At least one way will be to search for key code structures, such as a <code>switch</code> statement with a certain number of elements, or a for loop with x number of statements, etc. While each of these can be countered, say by adding dummy <code>case</code> statements in the switches or a couple of <code>if(true)</code> bits randomly throughout the code, countering hackers will always be a constant (and possibly a loosing) battle.

Hopefully this can give you some ideas. I don't know how someone would implement this exactly, but it is at least an idea.

Good luck!

Suppose you created an online game in HTML5/JavaScript. All the code would be downloaded into the user's browser, and they would run the game.

How do you stop someone from copying the game onto their computer, and injecting functions and modules to cheat? For example, they could write a function that auto-aims at the nearest enemy sprite for example. 

Is there any fundamental way to protect people from doing this sort of thing by designing your game code in a certain way?

Making a hack proof game in Javascript

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

教程

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云智能顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云AI代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

功能1上新10个字符

功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符。

功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符。

功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符

功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符

功能4上新

文章&问答评论现已支持表情

全新交互，全新视觉，新增快捷键、悬浮工具栏、高亮块等功能并同时优化现有功能，全面提升创作效率和体验

社区富文本编辑器全新改版！诚邀体验～ 

精选全网热门MCP server，让你的AI更好用 🚀

💥开发者 MCP广场重磅上线！

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

聚焦“写作效率、视觉美观与运行性能”三方面进行全面升级，为您提供更高效、稳定的创作环境

社区富文本&Markdown编辑器全新改版上线，欢迎大家体验!

诚挚邀请您参与本次调研，分享您的真实使用感受与建议。您的反馈至关重要，感谢您的支持与参与！

社区新版编辑器体验调研

假设您用HTML5/JavaScript创建了一个在线游戏。所有的代码都会被下载到用户的浏览器中，然后他们就会运行游戏。你如何阻止某人将游戏复制到他们的计算机上，并注入函数和模块来作弊？例如，他们可以编写一个自动瞄准最近的敌人精灵的函数。有没有什么基本的方法可以通过以某种方式设计你的游戏代码来防止人们做这种事情呢？

问用Javascript制作防黑客游戏
EN

回答 13

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问用Javascript制作防黑客游戏EN

回答 13

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问用Javascript制作防黑客游戏
EN