Security Basics mailing list archives
Re: Securing Flash Games.
From: "Tim Clewlow" <tim () clewlow org>
Date: Thu, 11 Dec 2008 06:41:31 +1100 (EST)
Robert Larsen wrote:NixDevs | Feeyo wrote:Hi Guys, I was wondering if there is way to secure Flash games? The problem is that its easy to cheat on Flash games with that cheating tool. Could anyone maybe give me some hints on how I could secure it the best way so that they can not use any flash hacks/cheats ? Thanks in advance, FeeWhat cheating tool are you talking about ? And what type of cheating ?I am talking about http://www.raymond.cc/blog/archives/2007/02/27/how-to-cheat-and-hack-flash-based-games/ I have to find a way to make the flash games on a customer his project more secure and un-cheatable with that engine. I am already using md5 checksums to encrypt the phpsession and send the encrypted xml to the game. But maybe that you guys know a better way? Thanks.
The problem with flash is that the flash code runs on the client computer, this means the code must be present on the client's computer, therefor it is *always* possible to reverse engineer the code. The end result is that if the flash code stores variable values locally, then it is impossible to make it un-cheatable. The only way to guarantee values cannot be modified is to encrypt them, and then send them back to a server to be stored remotely, ie away from the prying eyes of a reverse engineer. Then whenever the code needs one of those remotely stored values, it grabs it from the server (again encrypted) and decrypts it for immediate use, then destroys the value in memory. This is acceptable in situations where the lag associated with net traffic can be lived with, eg for a gambling or banking related flash object, but probably not acceptable for something that requires near immediate response times, ie a flash game. Cheers, Tim. -- The code that never executes at all is the fastest.
Current thread:
- Securing Flash Games. NixDevs | Feeyo (Dec 10)
- Re: Securing Flash Games. Robert Larsen (Dec 10)
- Re: Securing Flash Games. Feeyo|NixDevs (Dec 10)
- Re: Securing Flash Games. Tim Clewlow (Dec 10)
- Message not available
- Fwd: Securing Flash Games. Michal Lovas (Dec 10)
- Re: Securing Flash Games. Razi Shaban (Dec 10)
- Re: Securing Flash Games. NixDevs | Feeyo (Dec 11)
- Re: Securing Flash Games. Maciej Lisiewski (Dec 12)
- Re: Securing Flash Games. Feeyo|NixDevs (Dec 10)
- Re: Securing Flash Games. Robert Larsen (Dec 10)
- Re: Securing Flash Games. Razi Shaban (Dec 10)
- Re: Securing Flash Games. Feeyo|NixDevs (Dec 10)
- <Possible follow-ups>
- Re: Securing Flash Games. Dan Crowley (Dec 10)
- RE: Securing Flash Games. Murda Mcloud (Dec 12)
- RE: Securing Flash Games. Pranav Lal (Dec 16)
- RE: Securing Flash Games. Murda Mcloud (Dec 12)