About 20 years worth of time spent removing the obfuscation.
Printable View
About 20 years worth of time spent removing the obfuscation.
There is no realistic way to "get rid of the obfuscation". It is generally a one-way process. Basically, once obfuscated you can't undo it. They can still decompile but the source will be so mangled that it's an incredible amount of work to straighten it all out again.
Would be this an efficient anticheating method?
Logged User +
Time session +
Encrypted/Splitted vars (score)+
AS2/AS3 Obfuscated +
AMFPHP communication
What about AMFPHP to pass score and other data as binaries?
I´m developing some game with these methods, but need some extra opinion.
For my games i generally do three things:-
1) Domain+Session checking -- To make sure it is my game
2) Source obfuscation -- to make it a little harder on the hacker
3) Honeypots+checksum -- Honeypots means the fake value that looks obviously the right one! Most of the time, games are hacked by "script kiddies" and not actual hackers, so a honeypot is all the takes to send them offtrack.
bluemagica -- would you like to explain how you do the session checking in flash? Do you send the session id from php to flash, then get flash to send it back to php when it comes to submitting the score???
Quick question guys....
Can all this scoreboard hacking be prevented just by using an SSL page??
No need for any obfuscation, encryption, etc -- by just have a secure certificate on your site?
Cheers.
Well... i understand you can use SSL for data transfer security. This can help you at communication between Flash and the server. As you can read at: here, AMFPHP it´s not really the most secure option (but i think can difficult hacks).
By the way... if you can use SSL you can resolve one problem, but you can still being victim of decompilers. Remember: solution it´s not only communication... need be secure from origin (flash game) to destiny (database).
So just to check...Quote:
Originally Posted by peteco
Using SSL -- Hackers could still decompile the game, see how it works, make changes, make it give out 10000's of points etc.
BUT
unless they can put it back on your server, the SSL is only between your flash game on the server, and the PHP Page.
I dont mind anyone downloading decompiling and seeing how somthing works, if at the end of the day, they cannot put it back on the server and get the secure connection between the SSL page and the swf on the SSL server.
Cheers guys!
They can also use memory hacks while the game is running. ie there a programs that could just find the score in the computers memory and change that directly. Suddenly their score becomes 9999999.
Has anything changed from over a year ago?
Does flash now not encrypt memory to stop hacking???
Is there any components to make it easier to secure a php scoreboard and flash.
I'm getting an SSL for my latest website to stop all the scoreboard hacking (hopefully). People can look at my scorce code all they like if they cannot submit the score after that ;)
I use MochiAds anyway but they also offer 2 ways to build more secure Flash games: first they offer version control with encryption which helps against decompilers. And their API has MochiDigits (http://www.mochiads.com/support/dev_docs#MochiDigits) which is designed to encrypt variables in memory.
tonypa - thanks for your reply!
That mochidigits looks great.
I will be looking into using it when i get home tonight ;)
I know i've asked this already but..
SSL + mochidigits + secureSWF (or free alternative) + GOOD PHP code == Unhackable scoreboard???
I really want to make a site where i can offer prizes for top scores, but it just seems so hard to make anything secure :(
There are ways to broke mochi encryption already.
Nothing is 100% secure
But that system is pretty good