"Anti-WE type"
This type can be said to be the most common. The earliest encryption was to prevent WE from opening the map, and there are many methods
1. Delete the internal map files used by WE but not needed by the game.
For example, war3map.wtg, war3map.w3c, war3map.w3s, war3map.w3r and other files, among which war3map.wtg is the trigger file. The game uses the war3map.j script file when running, and the trigger file is used to display a more intuitive T in WE. The rest of the war3map files are things like lenses that can be defined in the J file, and the game does not need it. , so deleting these files can make WE unable to open the map due to lack of files.
Encryption method: Use tools such as w3mmaster, Wc3MapOptimizer, among which Wc3MapOptimizer is the best tool currently, and it is not so much encryption as It is optimization. In addition to deleting useless files, using this tool can also optimize scripts, speed up map reading, etc. (It is recommended to refer to the instructions written by Lao Lang when using it. The writing is more detailed. The tool now has a Chinese version 4.5. , which integrates most of Lao Lang's instructions, and is recommended for everyone to use - -). On the other hand, you can also manually use the MPQ tool to delete or import an empty file with the same name in WE (the oldest manual encryption method - -), of course The manual method is not recommended because there is no optimization effect, and this encryption is the easiest to crack.
2. Import the wrong file.
This method is also relatively rudimentary Encryption techniques, using the wrong war3map.wtg or creating relevant trigger data in abnormal data environments (such as modifying the blizzard.j file in the MPQ package, adding new functions, etc. - -) also cause WE errors and have no optimization effect. The reason for this is because there are new WEs that can ignore regular missing file errors (such as ENE WE produced by disassembly, etc.). This type of WE can open maps that lack trigger and other files (but due to the lack of files, you still cannot modify and Store the map, this is also the reason why some novice modders find that the map cannot be played at all after modifying the map). After using wrong data, most of these WE will have memory reading errors. (It can be seen that encryption technology is developed by decryption - - )
It is worth mentioning that some methods of modifying basic data files such as war3map.w3u (unit file) are quite different. This method adds redundant error data that is not used in the game. At the same time, the data in it is misaligned with the data in files such as war3map.wts. This method is a cracking method for the popular MPQ tool to export related files for external modification, because many people like to export w3u files and put them into WE modifications separately, and in When the WTS character optimization of Wc3MapOptimizer is not used, you still need to import the WTS file to view the text information. At this time, the redundant data will cause errors, causing the WE to exit with an error - -, I have to say it is very creative, but if you use w3mmaster to modify it, it will It has no effect, and there is no optimization effect, so it is not a practical method.
3. SLK optimization
The biggest advantage of this method is that it can greatly speed up map reading. If the SLK file is properly optimized, the size may also be reduced. It is one of the most useful optimization methods currently. Many excellent maps such as DOTA are optimized in this way.
Principle: Understand the basic map composition Everyone who knows the structure should know that information such as units and skills are stored in files such as w3u and w3a. However, people who do not have a substantial understanding of its structure may not know that in fact, these files store only change information. , and this change is relative to the SLK file in the basic MPQ file of Warcraft. The map will read w3u and other files when reading the map, and if this information is used as the basic information of SLK
It will not take up the reading time, so the optimization is achieved, and the reading speed of SLK is also relatively fast. Therefore, the optimization process is actually to disassemble the w3u and other files and then put them into the SLK file.
SLK is more about optimization. If it comes to encryption, it is because it can prevent external modifiers like w3mmaster. At the same time, people who don’t know the inside story will have no way to start because they can’t find data files such as units. , but now basically everyone knows that SLK files can be directly modified using tools such as EXCEL, so as far as encryption is concerned, it only increases the complexity of modification.
Related tools: Widgetizer (the earliest SLK Tools with reliable performance, but unfortunately they do not support Chinese. If you have English maps, it is better to use this one), U9MapOpt (U9 map optimizer, currently the only optimizer that supports Chinese, but it cannot optimize the size, and there are ads. "BUG"...).
In general, "anti-WE type" is currently the most widely used encryption method, and most of this type is optimization rather than real encryption. At the same time, I recommend The optimization method of SLK Wc3MapOptimizer used.
"Anti-MPQ class"
As mentioned before, using tools such as Wc3MapOptimizer can only be said to be optimization rather than encryption. One of the reasons is that they are mainly Optimize to make the map smaller and read faster. On the other hand, for this kind of anti-WE map, the most common method used by modifiers is to use MPQ tools to modify internal files. For such modifications, it takes a long time. It can be said to be an invincible decryption method, so what can really be said to be encryption is the anti-MPQ class.
1. MPQ header file modification
This modification method has a long history. It wasn't until hackwaly's new encryption method appeared not long ago that it really became popular. To talk about its principle, you need to first understand the structure of the mpq header file
struct TMPQHeader file header structure definition
{
DWORD dwMpqFlag; header file flag, usually 'MPQ'
DWORD dwHeaderSize; header file size
DWORD dwArchiveSize; MPQ package size
USHORT wFormatVersion; version (this did not become useful until WOW Burning Crusade, the value of MPQ2 is 1, and the MPQ1 of Warcraft is 0)
USHORT wBlockSize; Block size, familiar people generally call it BUFFER SIZE p>
DWORD dwHashTablePos; hash table offset position
DWORD dwBlockTablePos; block table offset position
DWORD dwHashTableSize; hash table size
DWORD dwBlockTableSize; block table size
};
I will also introduce the specific meaning in the MPQ explanation, here I will only talk about encryption.
1 .The same kind of encryption also developed with related MPQ tools. The earliest was mpqworkshop of soar (c-a of GA). A weakness of this tool is that it needs to check the value of the header file size (dwHeaderSize) when looking for MPQ, and because The value of MPQ1 is obviously fixed at 32, so when this number is artificially modified to a random number, the tool will think that this is an invalid MPQ file and cannot be opened. Of course, it is easy to crack after understanding the principle. , and current MPQ tools ignore this error. However, it has almost become a habit to modify this value, and although it has no effect, it is still used.
2. Later, w3mmaster and mpqmaster appeared, and they are still soar. works, use
The self-made mpqlib can ignore the dwHeaderSize error (the same goes for sfmpq). For a long time, there was no new development in the encryption of MPQ headers. Until early this year, hackwaly announced his research results. The new killmpqmaster encryption is essentially Modify the block table size to a number larger than the hash table size. Here is a brief explanation of the principle:
In the most popular language, MPQ can be viewed as a book, but it has two directories, hash The table is the first one. When you want to find a page in the book, you need to check the hash table first to get the location of the block table directory, and then find the specific page number from the block table. The MPQ book also has A special feature is that the size of the hash table directory is fixed, which means that the maximum number of pages that can be placed in the book is also fixed (this is why there is an upper limit on the number of files in MPQ), and if our content cannot fill the entire If it is a book, then part of the hash table is empty. The block table is different. It only stores valid pages, so its size is not fixed. The hash table and the block table have a one-to-one correspondence, so the block table does not It may be larger than the hash table.
Let’s talk about the file search principle of MPQMASTER again, and everyone will understand why modifying the size of the block table will cause this type of tool to be unable to read the map. MPQMASTER is mpqlib to be precise. .dll needs to enumerate every file in the MPQ package, while World of Warcraft only needs to find the files it needs. In other words, Warcraft directly searches the directory to find the file when flipping through the book, without having to worry about how big the directory is. When will the directory end? MPQMASTER needs to know this. He needs to know the size of the directory first to know when all the files have been found. mpqlib searches based on the block table, so if the block table size is modified, it is equivalent to It is of course wrong to let him search for files in non-existent directories.
3. Modify the MPQ package size (dwArchiveSize) to 0. This was the first invention I personally invented. The principle is actually the same. The modified block table size is almost the same, but in fact it is still due to the rigor of mpqlib. mpqlib will verify the accuracy of some data when reading the MPQ file structure. Although it is not necessarily useful, it is this check that causes the MPQ packet size to be modified. mpqlib recognizes the map as an incorrect MPQ.
4. Modify the hash table size (dwHashTableSize). This encryption also has something to do with me, but it has not become popular, and it turns out that it is not a safe method. Encryption
After killmpqmaster encryption (the tool is hackwaly's w3xmaster) became popular, the use of mpqmaster was restricted. Of course, there are many manual cracking methods, but relatively speaking, the best ones are winmpq and me. ShadowEditor, sfmpq is because it checks the hash table when looking up the table and is not affected by block table errors. It also does not check the MPQ packet size, so it can open the map encrypted by w3xmaster normally, but it has been adopted since w3xmaster0.006. The technology of modifying the hash table caused it to display error files and was not so easy to use. At the same time, I combined the advantages of sfmpq to make ShadowEditor, which automatically repaired all header file errors. After repair, it can be opened with mpqmaster. As an anti-ShadowEditor The first example of restoration is 55YOU's simple modification of the hash table size encryption. Theoretically, the hash table size will directly affect the table lookup process, so it cannot be modified. However, it did succeed in some special cases, but it is not All the pictures are OK, plus I modified the restoration program immediately, the encryption seems to only appear for a moment - -...
2. Take advantage of the map size limit
The World of Warcraft network has a size limit of 4M. In the early days, when everyone used MPQMASTER to modify the map, due to the poor compression performance of mpqlib, the map would always become larger. Some encryptions took advantage of this.
Vulnerability, if the map is large, simply make the map close to 4M, so any changes will cause the network to be unable to connect. This kind of encryption actually became less useful after winmpq and my ShadowEditor became popular, because SFMPQ. The compression effect of DLL is much better.
It is worth mentioning that recently some maps can be seen using 0byte files to fill the MPQ package. Of course, this is also because the map itself is relatively large. In this case, this method seems to be to use an upgraded encrypted version of the map size, because even if the compression is very good, it may exceed 4M, but it is also very simple to decode, just delete this kind of file - -, so it feels like A very funny method.
3. Script file encryption
Includes three types:
1. The earliest one is to move the script and put the war3map in the root directory. j can still be used under scripts\. When no one knew about it at first, the script could not be found, but now it is well known to everyone. Wc3MapOptimizer will automatically move it there.
2. Dual scripts, one in the root directory and the other in scripts\. Two scripts appear, which is just to confuse newbies. Of course, only one is real. My evaluation of it is that it wastes people and money and takes up space in vain - -.
3. Stand-in script, this has some technical content in theory and is related to my file hiding method that will be discussed later. In principle, it uses the Storm of Warcraft and the MPQ library of general tools. There are differences in the principles of reading files between places. Put two war3map.j files with the same name in the map. One is a fake stand-in file. When reading with the general MPQ tool, only the fake file can be read, while the game will read the real one. , the identification method can be opened with ShadowEditor to find two war3map.j with the same name and different sizes (the different sizes are very important, because w3xmaster also has one that can cause this illusion), this method has the write function for all All MPQ tools are effective, but it is probably not done with some special encryptor. It is probably a bug of a certain MPQ tool. Moreover, this method increases the size of the map and can also be cracked with simple methods, so I just It is said that it is a theoretically technical thing - -.
4. File attribute encryption
This seems to be the most nonsense encryption method. The method is surprisingly simple and not easy. What I noticed was to change the map's attributes to read-only, so that no MPQ tool can write to it. Of course, the restoration method goes without saying, but if you are not careful, you would really think it is some kind of powerful encryption, sweat... ....
5.MPQ hash table, block table encryption
This kind of encryption can be said to be truly technical (compared to Wc3MapOptimizer and other tools) Not technical - -, but those are optimizations...), starting from hackwaly's w3xmaster.
Here are just two examples:
1.w3xmaster0.009: Unknown The main principle of the published map encryptor is to expand the block table to be indeed larger than the hash table, and at the same time disrupt the connection between the hash table and the block table, fill in useless hash gaps, and confusingly copy the hash table items ( This is why ShadowEditor may read two J files. You can also speculate on the principle of stand-in script - -...). I don’t want to go into the detailed principle. You can’t talk about unpublished things. In fact, the main thing is It prevents my ShadowEditor from restoring the map, and it also causes the problem of being unable to re-compress. Although it cannot prevent decompression, it does effectively prevent modifications to the original map.
2. War3map Encrypt: Unannounced encryptor, this is made by me, and I will only briefly explain the principle: I have said before that there is a difference in the image reading principle between war3 and the general mpq tool. This is also a breakthrough in making encryption. Let’s briefly talk about this difference. that is
The processing mechanism when a file with the same name appears in MPQ, because normal MPQ will not have a file with the same name, so the general MPQ tool will not handle this error, but war3 will, so there is the possibility of substitute files and hidden files. , unlike the alias file, my encryption is made by directly modifying the hash table, so I don't need the alias file to hide the file directly. At the same time, I added SFMPQ list reading crash and some anti-mpqlib mechanisms of w3xmaster to the encryption. , so now it can basically prevent all popular MPQ writing tools from modifying or even reading. But since Warcraft can read it, there must be a way to decompress the file. I don’t want to say more about this method. Here Just an explanation of encryption.
Any encryption can be cracked. People who understand the core principles of MPQ should be able to write their own programs to crack it. However, my SE will not write any cracking modules for the time being...
"Script Category"
Starting from this category, it should be said that it is the category of anti-cheating. The premise of this category is that the decompression of script files cannot be prevented, and some plug-in cheats (MH )
1. Disrupt the script and replace variable names.
This is the earliest and the basic method still used today. The representative tool is Wc3MapOptimizer. After using it to optimize the script, The T-related functions put together in the script are scattered and summarized, and comments are deleted, which makes the readability of the script worse. But what really makes the readability worse is to replace the meaningful ones with letters or numbers. function name, which causes a lot of trouble in understanding the script, so when modifying the script, you need a deep understanding of the J file.
2. Add a cheat check function.
There are many such methods, such as checking the player's resource count. As long as it exceeds a reasonable range, it will be judged as cheating. At the same time, you can check whether single-player cheats are used. Another interesting method is to read the wts file in the game. Characters, if the modifier modifies certain characters, such as author information, the picture will be judged as pirated.
3. Single-player games are prohibited.
This type is mostly used in ORPG , to prevent the use of single-player cheats from causing damage to the game balance.
There are several methods. The more useful one is to judge whether the cache can be saved. This is OK for single-player, but not for multiplayer. In addition, it is also possible to judge whether the game can be saved. It can be done, and it can only be done on a single machine.
The single-machine judgment and the cheating check function are combined, and multiple judgment functions are written at the same time, which makes it difficult for the modifier to delete the judgment function, and when it is judged to be cheating Finally, an infinite loop or a large number of units are used to force map errors, which can also prevent modifiers from finding relevant functions through text information.
4. Anti-MH function.
MH is undoubtedly It is the most troublesome thing in the battle map. However, through the research of kook, hackwaly, Zhu Zhu and others, we did find some anti-MH script methods. I have not read their scripts carefully, so the following is just a simple summary. Principle, please correct me if there is something wrong - -:
1. Select invisible units by triggering, and then judge whether there is a deselection event to determine whether to use MH. After turning on MH, it is not A deselection event will appear.
2. By creating lightning effects in the invisible area, the handle will not be returned if MH is not turned on, but it will be if it is turned on.
3. Use models made by hyp that will cause game errors when seen.
"Special Marking Class"
When it comes to special markings, the first thing that comes to mind should be the official small blue logo. , this type uses various algorithms to add unique markings to the map, and the markings can easily identify the genuine map.
1. Official signature.
I don’t know about this. How many people want to crack it, but no one has succeeded yet, and it is estimated that no one will succeed
Principle: SHA-1 digest the map content, and then perform RSA operation on the summary result. Of course Understand
RSA people should know that this operation requires its own private key. The result is a 260-byte signature, which is placed at the end of the map. There is a public key to verify this signature in game.dll. As long as the verification is successful, it will be added. The small blue sign.
It is not difficult to understand why this is impossible to crack if you know the principle. First of all, RSA does not have a cracking theory yet. Secondly, you cannot steal the private key from Blizzard, so This signature is currently the safest method to prevent piracy.
2. GA’s signature.
Since it is impossible for us to get the map signature from the official, then we will change it ourselves, by converting the game The public key in the .dll is modified to customized data that matches our own private key, and we can make our own signature. This is the GA patch, but it is indeed difficult to promote this kind of patch, and the majority of players It’s not like map authors need him...
3. Pirate map deleter.
This thing is not very useful, but it has played some role after all. There are some reasons why it is placed in the label category here.
Principle: Early pirated map deleters, such as 3CORC, judge whether it is genuine based on the size of the map. The disadvantage of this is that every update The deleter list needs to be updated once for each map, which is quite troublesome. The deleter I later made for WOW8 used a digest encryption method similar to signatures. It is difficult to imitate without knowing the principle, and random changes will cause mismatches. In this way, you only need to use the deleter to judge the signature to verify whether it is a genuine image, without the trouble of updating the list. As for the algorithm, you can choose it by yourself, such as MD5, RSA and other famous algorithms...
4.(attributes) file.
This file is the official file to check whether the map file is damaged. It is also a file that all map changers must delete, otherwise the game will prompt a file error.
Principle: This file puts the CRC32 value, file time and other data of each file into (attributes) according to the file order in MPQ, and checks it in the game. MPQ2 should also include MD5 check.
Since this thing is usually deleted, it has no effect, but it can be another way to judge the pirated map deleter, adding a custom verification file (which contains MD5, CRC32, etc. of key files) value), and then automatically search it during the check. Since it is a custom file name, it is not easy to find it directly.
I don’t know if it is.