• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
1

How to protect swf from hackers!!!

Explorer ,
Jan 05, 2012 Jan 05, 2012

Copy link to clipboard

Copied

Hi, I have made many games is it any way that I can protect my swf from flash developers who want hack my game???..

First I was tried way load game swf's into preloader swf and call it by Iframe most flash developers just get only my preloader.swf unable to get game..

but now few did this... now i am searching way that to protect swf from flash dicompilors???

TOPICS
ActionScript

Views

3.8K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Community Expert , Jan 05, 2012 Jan 05, 2012

there is no absolutely sure way to protect your work. 

you can obscure your work and make it impractical to decipher your code but the more you obscure it, the more likely you are to break some of the functionality of your game.

and, there's very little you can do to protect your graphics/art-work.

Votes

Translate

Translate
Community Expert ,
Jan 05, 2012 Jan 05, 2012

Copy link to clipboard

Copied

there is no absolutely sure way to protect your work. 

you can obscure your work and make it impractical to decipher your code but the more you obscure it, the more likely you are to break some of the functionality of your game.

and, there's very little you can do to protect your graphics/art-work.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jan 05, 2012 Jan 05, 2012

Copy link to clipboard

Copied

loosing the graphical work is not an issue, in actionscript i m having php path there i m saving players scores and other one php is giving user informations. if someone hack game then i m afrading that hackers maybe get users informations too...

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jan 05, 2012 Jan 05, 2012

Copy link to clipboard

Copied

there shouldn't be any user info in your swf and users shouldn't be able to see or use your php if you have those files properly secured.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 08, 2012 May 08, 2012

Copy link to clipboard

Copied

Hi kglad,

"there is no absolutely sure way to protect your work" is plausible reasoning only.

Try Flash Antidecompiler and try to crack example of protection at

http://www.bisguard.com/flash.html

http://www.bisguard.com/challenge.html

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jan 12, 2014 Jan 12, 2014

Copy link to clipboard

Copied

Activision can't secure Call of Duty, their billion-dollar pc game released a few months ago.  If a billion-dollar game can't be secured...

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jan 12, 2014 Jan 12, 2014

Copy link to clipboard

Copied

LATEST

That's a good point. Companys spend a lot of money trying to protect their products and hackers still seem to find ways to break through.

I recently released an iOS and Android game using Flash. I looked around the internet for a good free program to protect the source code in my SWF and couldn't find anything so I wrote one. It's still in development and it's "use at your own risk" but it worked for me. If more folks are interested, I'm sure it can be made to work even better.

It's released on github. Check it out and let me know what you think. Just search for "swf obfuscator" and you can find it.I uploaded a windows binary but I recommend you follow the instructions to build it yourself if you want to give it a try.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jan 05, 2012 Jan 05, 2012

Copy link to clipboard

Copied

Flash runs on the 'client side', which makes it vulnerable. There are several ways to hack a Flash game - intercepting and modifying/faking communications with the server (ie, sending fake values to your 'highscores.php' or whatever, say using an app like Fiddler2), decompiling the .swf to see how it communicates with the server (and any encryption or obfuscation it might be using to try and protect communications), or even directly editing the memory being used by the game (ie, using CheatEngine to change your score directly, the speed of the game, etc). It's pretty hard to protect against all these, and usually takes more time and effort than the game is worth.

So the best rule is, expect your game to be hacked. Don't use it as a basis for giving away an expensive prize, for example (or at least, don't let it be obvious that the winner hacked the game or other players will get pissed off), unless all the logic happens on the server side.

But if you still want to try...

Let's say your game consists of three types of processes - Input (from the user), Logic (the app deciding what to do with the input), and Output (the result of the logic). Input and Output have to happen on the client side, or the user won't be able to interact with the game or see the results of their interactions - so these parts can never be fully secured, only validated as acceptable or not. However, the Logic (all or part) could be done on the server, where the user can't see it or modify it. The Flash game takes the user's input (maybe makes sure it's valid), and sends it to the server. The server checks that the input is valid, and if so performs the game logic, and sends the output back to the Flash game. If the input is NOT valid, perhaps silently keep that user (account ID or their IP address, for awhile) from adding to the high score list, or interacting with other players. Or boot them for 5 minutes, or something.

The main problem with this is (depending upon the type of game) lag in communicating with the server, and server load. If every little input/output has to go to the server, be processed, and then be sent back to the user, the game could run very slowly for the player; or if many people are playing at once, the server could crash. So you probably have to find ways to optimise this, and decide what should happen on the server, and what can safely happen on the client side (and be fairly well validated), etc.

Gambling-type and turn-based games are fairly easy to secure this way, though, since lag won't affect gameplay too much and there's not a lot of information going back and forth with the server. Say in a card game, the server tells the flash what cards to display for the user. The user can only choose which card to play - this choice is sent back to the server. The server calculates the results of the play, and the other players' moves, and then tells the flash what new cards/scores to display.

A real-time shooter, on the other hand? Even a game of Pong can be tricky. In those types of games, you could potentially send some data (user's x and y position, current health, ammo, score, framerate, etc) every now and then (maybe obfuscated, checksummed, compressed, via socket, etc) and the server can see if they should be 'possible' and decide whether to keep accepting input from the user, but that gets pretty tricky really quickly, and you'll probably get far more false-positives than catch actual hackers.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines