January 3rd, 2007
I spotted this post (via Digg) this morning. It’s a guide to hacking high-score boards in Flash games and he knows what he’s talking about. He uses Flasm to disassemble and find information in a SWF file. All the more reason to make sure the methods you use for this kind of thing are carefully hidden.
I heard a great idea from someone named Dan on Flashcoders. Send fake variables alongside real ones when a score is submitted. It could get even better if you make them interrelated and sensitive to hacking – something involving bitwise math perhaps? You could also include checksums of course. There was also my idea to “record” user input (mouse movements, key presses, etc), encode it, and send that to a server. Then simply add in the ability to playback these recordings when you want to make sure they’re legit. It’s pretty tricky though, and could have lots of problems, for starters you wouldn’t be able to change your code without breaking old recordings and you can’t use Math.random().
While I don’t like this guy, it’s not as if these methods aren’t known already. Why did people have to digg it though? It’s cheating. What’s the point? I suppose Flash coders just have to get smarter when it comes to this kind of thing.