基本上,在查看MotorStorm排行榜时,我在PS3上进行了WirSharkArkAkes。排行榜以XML格式发送到我的PS3,但只有在我获得授权之后。那么,有人可以告诉我这三个数据包之间发生了什么,以及如何在浏览器中复制它?

从我的PS3到Sony服务器的数据包1

POST /ranking_view/func/get_player_rank HTTP/1.1
Host: ranking-view-a01.u0.np.community.playstation.net
Connection: Keep-Alive
Content-Length: 213
Authorization: Digest username="c7y-ranking01", realm="c7y-ranking", nonce="2SpsV4WABAA=47a2b36030cd94de1190f6b9f05db1bd5584bc2a", uri="/ranking_view/func/get_player_rank", qop="auth", nc="00000001", cnonce="d4eb1eb60ab4efaea1476869d83a6e0b", response="96b55c6e79f84dd41b46eb66bed1c167"
Accept-Encoding: identity
User-Agent: PS3Community-agent/1.0.0 libhttp/1.0.0

<?xml version="1.0" encoding="utf-8"?><ranking platform="ps3" sv="3.15"><titleid>NPWR00012_00</titleid><board>7</board><jid>Panzerborn@a5.gb.np.playstation.net</jid><option message="false" info="false"/></ranking>

数据包2索尼服务器对我的PS3的响应

Date: Fri, 26 Feb 2010 19:06:12 GMT
WWW-Authenticate: Digest realm="c7y-ranking", nonce="a3PFl4WABAA=6d375259676ec79641448a8032a795b8e12ccae4", algorithm=MD5, stale=true, qop="auth"
Content-Length: 401
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

数据包3 ps3对索尼服务器的响应最后包

POST /ranking_view/func/get_player_rank HTTP/1.1
Host: ranking-view-a01.u0.np.community.playstation.net
Connection: Keep-Alive
Authorization: Digest username="c7y-ranking01", realm="c7y-ranking", nonce="a3PFl4WABAA=6d375259676ec79641448a8032a795b8e12ccae4", uri="/ranking_view/func/get_player_rank", qop="auth", nc="00000001", cnonce="58869490a891002d8c56573496274a3a", response="ca3d6f252d4e398b8f751c201a3f8f08"
Accept-Encoding: identity
User-Agent: PS3Community-agent/1.0.0 libhttp/1.0.0

<?xml version="1.0" encoding="utf-8"?><ranking platform="ps3" sv="3.15"><titleid>NPWR00012_00</titleid><board>7</board><jid>Panzerborn@a5.gb.np.playstation.net</jid><option message="false" info="false"/></ranking>

我试图在Firefox和Tamper标头以及PHP卷发中复制它,但我无处可寻。我认为这与不断更改> <请help = =)的nonce,cnonce和响应变量有关

有帮助吗?

解决方案

nonce,cnonce等与 HTTP Digest身份验证, ,这是一种身份验证机制,可以在不发送纯文本密码的情况下实现身份验证。因此,如果您想在PS3游戏中作弊,我想首先必须将该密码从MD5哈希中删除。

它不是被称为http 数据包, ,在第7层上,您通常会说请求/响应或类似。

其他提示

nonce an noncecnonce 看起来像哈希代码。

对骗子的一种可能的防御机制可能是:

def ps3client_send_score():
    score = "bazillion points"
    nonce = md5(score + "something you don't know about")
    send_to_server(score, nonce)

在服务器端:

def get_client_score(score, nonce):
    if md5(score+"something you don't know about")==nonce:
        accept_score(score)
    else:
        reject_score_and_ban_the_fool_if_he_continues_this()

因此,除非您想花数周的时间尝试找到 在您的游戏中深处,算了。

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top