{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 迷人小祖宗 的问题《Flash games hack, score is 49700?? How to improve》','https://www.manongdao.com/q-1336221.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have 2 flash games (written in as3). Both the highscore value being hacked. The normal range of each game score is not more than 5000 (normal users, will only get 2000 - 3000 points). My current method of anti-hacking is:
After finish the game, flash will use post parameters send: username=mike&score=2000&hash=md5(secret . username . score). In php page, I did the check, if the hash != md5(secret . username . score), it will return error, and WONT insert data into database.
I believe this method is not enough, or my flash games would not be hacked. Is there anything I can do to improve my flash games security/anti-hacking??
How do the hackers hack? Using third-party software like, Cheat Engine, Tamper data(firefox ext), tamperIE etc??
Can you list the all the standard hack methods? (by knowing the hack methods/problems, means has solved 50% of the problems, at least I know where the problems are, and do certain pre-caution to that)
Well, my title has "49700" because both games highscore are 49700 (actually alots of this score value inserted into my database, different users thought), so I believe they are using same methods
Thanks
You could to add some sort of RSA (asymmetric) encryption to your Flash apps. You would put the public key in your Flash app, and use the private key on the server side to decrypt the score sent.
This won't necessarily prevent a hacker from hacking your Flash App, but it will make it a bit more of a pain in the butt.
Here is an AS3 library for RSA encryption.
Outside that it'll depend on what server technology you're using (PHP, .Net, or whatever) as to how you implement the RSA on the other side.
It should be noted too that this question has already been answered.
What I was thinking was that since the game appear's to require authentication I would assume that there are calls that require a get user name and other info.
Discussing the matter from another developer thir advice was to use Ajax components. Idk.
Most hackers will find a way to get around most security issues the best way is to prevent them from sending anything back to the server other than what is required for the game to function.
Has anyone used random based on the amount of negative memory available? instead of looking for the specific memory location with those softwares.
Why not send multiple bogus values to mem and derive the outcomes based on open memory locations?
Please don't attack me for this suggestion I am a learner like most others.
You're ultimately trying to delay the time it takes for people to hack your system, or make it not worth their while. You could try adding a salt to the hash for a bit of extra complexity. This could be sent as a value to the flash game (add it as a parameter to the flash object in the HTML) and include that in the hash verification code. You could send some kind of session id or random number so it's always different. You could even generate two hashes by different methods and check them both.
Of course, don't discount the possibility that people have found a way to hack the actual game functionality. Or that they're just really good players...