I felt like dabbling in Flash a bit today so I went ahead and created a little utility to make the in-memory encryption easy. It's written as a pair of AS3 classes. One of them is the TEA implementation from the ASCrypt3 library while the other is the utility itself. This type of system isn't useful if it isn't simple to use so that was the main goal. All methods are implemented as static to avoid needing to instantiate the utility. You can see pretty much every method below:
// Create a handle for the variable
var scoreName:String = "score";
// Set the initial score to 100
MemoryCrypto.setValue(scoreName, 100);
// Increment the score by 100, new value = 200
MemoryCrypto.incrementValue(scoreName, 100);
// Decrement the score by 50, new value = 150
MemoryCrypto.decrementValue(scoreName, 50);
// Multiply the score by 4, new value = 600
MemoryCrypto.multiplyValue(scoreName, 4);
// Divide the score by 2, new value = 300
MemoryCrypto.divideValue(scoreName, 2);
// Get the score
var score:Number = MemoryCrypto.getValue(scoreName);
// Display the score, 300
trace(score);
Pretty simple. Internally it creates an instance of the TEA cipher and a pair of random numbers become the key. This key is then used for all encryption. The variable values are only unencrypted long enough to change and then re-encrypted for storage.
This solution is NOT infallible. A dedicated hacker will be able to actually tear the code apart in memory as opposed to just doing value-based searches but this will make it an order of magnitude harder then otherwise. It will stop many of the script-kiddies dead in their tracks.
The code is available here and free for any use. Have fun!
9 comments:
Great post Mike! I think that we'll definately have a use for this.
Great Mike. Will play with this
We came up with a simpler solution that does pretty much the same thing.
All you're trying to do is hide the value in memory. So why not just add a random number to it when storing it? When you want the value back, just subtract the random number from it. Refreshing that random number every so many steps makes the value impossible to track.
Hi,
First of all,thanks for this great post! We encrypt the score variable then if we want to send this to php file how can we decrypt the score variable in php?
For example I scored 100 points and it became 300 after encryption. When I post it to php like www.domain.com/test.php?score=300; how it will be 100 in database? Did I miss a point?
I have two entries that will interest you and answer your question:
http://mikegrundvig.blogspot.com/2007/05/preventing-high-score-board-hacks.html
http://mikegrundvig.blogspot.com/2007/05/ensuring-data-integrity-between-client.html
These posts answered my questions. Thanks a lot!
Now do you worried about that in the game do not had enough cabal online alz to play the game, now you can not worried, my friend told me a website, in here you can buy a lot cabal alz and only spend a little money, do not hesitate, it was really, in here we had much cabal gold, we can sure that you will get the cabal money, quick to come here to buy cabal alz.
I like play online game, I also buy dofus kamas and kamas, the cheap kamas is very cheap, and use the dofus gold can buy many things, I like dofus kamas, thanks, it is very good.
Now do you worried about that in the game do not had enough aion kina to play the game, now you can not worried, my friend told me a website, in here you can buy a lot aion online kina and only spend a little money, do not hesitate, it was really, in here we had much aion gold, we can sure that you will get the cheap aion kina, quick to come here to buy aion kina.
Now do you worried about that in the game do not had enough aion kina to play the game, now you can not worried, my friend told me a website, in here you can buy a lot aion online kina and only spend a little money, do not hesitate, it was really, in here we had much aion gold, we can sure that you will get the cheap aion kina, quick to come here to buy aion kina.
I like play online game, I also buy Aion gold and Aion gold, the Aion china gold is very cheap, and use the Aion China kina can buy many things, I like Aion chinese gold, thanks, it is very good.
Post a Comment