Re: Securing Flash Games.

["Tim Clewlow" <tim () clewlow org>]

> Robert Larsen wrote:
> > NixDevs | Feeyo wrote:
> > > Hi Guys,
> > >
> > > I was wondering if there is way to secure Flash games?
> > > The problem is that its easy to cheat on Flash games with that
> > > cheating tool.
> > > Could anyone maybe give me some hints on how I could secure it
> > > the best
> > > way so that they can not use any flash hacks/cheats ?
> > >
> > >
> > > Thanks in advance,
> > > Fee
> > What cheating tool are you talking about ?
> > And what type of cheating ?
>
>
> I am talking about
> http://www.raymond.cc/blog/archives/2007/02/27/how-to-cheat-and-hack-flash-based-games/
> I have to find a way to make the flash games on a customer his
> project
> more secure and un-cheatable with that engine. I am already using
> md5
> checksums to encrypt the phpsession and send the encrypted xml to
> the
> game. But maybe that you guys know a better way?
>
>
> Thanks.

The problem with flash is that the flash code runs on the client
computer, this means the code must be present on the client's
computer, therefor it is *always* possible to reverse engineer the
code. The end result is that if the flash code stores variable
values locally, then it is impossible to make it un-cheatable. The
only way to guarantee values cannot be modified is to encrypt them,
and then send them back to a server to be stored remotely, ie away
from the prying eyes of a reverse engineer. Then whenever the code
needs one of those remotely stored values, it grabs it from the
server (again encrypted) and decrypts it for immediate use, then
destroys the value in memory. This is acceptable in situations where
the lag associated with net traffic can be lived with, eg for a
gambling or banking related flash object, but probably not
acceptable for something that requires near immediate response
times, ie a flash game.

Cheers, Tim.

-- 
The code that never executes at all is the fastest.