What is the best way to stop people hacking the PHP-based highscore table of a Flash game

I’m talking about an action game with no upper score limit and no way to verify the score on the server by replaying moves etc.

What I really need is the strongest encryption possible in Flash/PHP, and a way to prevent people calling the PHP page other than through my Flash file. I have tried some simple methods in the past of making multiple calls for a single score and completing a checksum / fibonacci sequence etc, and also obfuscating the SWF with Amayeta SWF Encrypt, but they were all hacked eventually.

Thanks to StackOverflow responses I have now found some more info from Adobe – http://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps_12.html and https://github.com/mikechambers/as3corelib – which I think I can use for the encryption. Not sure this will get me around CheatEngine though.

I need to know the best solutions for both AS2 and AS3, if they are different.

The main problems seem to be things like TamperData and LiveHTTP headers, but I understand there are more advanced hacking tools as well – like CheatEngine (thanks Mark Webster)

18 Answers
18

Leave a Comment