
由网友(泪过无痕。)分享简介:这就是我想做的事:当玩家赢得游戏(闪光灯/动作codeD),它们被赋予了个性化的密钥,他们可以换取奖品发邮件给我。那么我就可以使用专用算法验证我的结束键。Here's what I want to do: when a player wins a game (coded in flash/actionscript),...


Here's what I want to do: when a player wins a game (coded in flash/actionscript), they are given a personalized secret key, which they can email to me in exchange for a prize. I can then validate the key on my end using a private algorithm.


I need to design it so that it is practically impossible for hackers to generate a valid prize key without winning the game. Is this even possible?


I assume that any SWF file is basically vulnerable to decompilation, but I don't know exactly how vulnerable they are. Perhaps any algorithm for generating a valid key will be accessible to hackers?

我在我的处置在ActionScript 3中的所有方法,以及一个PHP / MySQL服务器,而我控制那里的比赛将被托管的服务器。

I have at my disposal all the methods in actionscript 3, as well as a PHP/MySQL server, and I control the server where the game will be hosted.



First off, don't give the user a "secret" code to validate.

在页面上提供给客户营造一个秘密code。大概一个base64连接codeD GUID会的工作。记录GUID,生成时,在数据库中的浏览器指纹。

When delivering the page to the client create a "secret" code. Probably a base64 encoded GUID would work. Record the guid, when it was generated, and the browser fingerprint in your database.


Once the game is over have the action script get their details for prize delivery. Post this back to your server along with the code. Again record the date time of completion and the browser fingerprint.


To validate, check the amount of time that passed between guid generation. Also look at the browser fingerprint.


Cheaters will stand out in three ways. First, the date/time delta will be extremely short. You should know how long it normally takes to play. Second, you might see a host of posts to your page with invalid codes. Third, the browser fingerprint might even tell you who was using automated tools.

更新 我只是想指出的几件事情,你会想包括。首先,@aaz有大约询问玩家关于游戏在他们填写的赢家信息点问题,一个伟大的想法。这应该是一些元素是随机的。也许不只是颜色因人谁是色盲的数量;但肯定是可以控制和交付动作脚本之前记录的服务器端。至少是张贴结果时,这将需要人为干预的某一水平。

UPDATE I just wanted to point out a couple things you will want to include. First, @aaz had a great idea about asking the player a question about the game at the point they are filling out the winner information. This should be some element that is randomized. Probably not color simply due to the number of people who are color blind; but certainly something you can control and record server side prior to delivering the action script. At the very least this would require some level of human intervention when posting results.


Second, @John Lewis had a good idea about recording their in game actions and submitting those. Perhaps any click coordinates could be saved and immediately sent back to the server and saved with a date/time stamp. You could compare those coordinates across multiple games to look for patterns. Intelligent analysis will be important.


