I'd like to know if I have downloaded (loaded to my computer) any big flash game like Evony or so where does it do the counting? I mean in the flash files which I have dowloaded to my computer, will there be the counting functions where it counts everything like attacking, defensing, etc.
The above is just an example, it could be any big flash game. The question remains the same. Where does these games do the counting part. It is in those flash files or it is somewhere else on their server which I can't see?
That depends of the game and the developers that make them. As rule of thumb for network games is that everything that needs to be stored or process in any way, like counting - is to do it on the server. The Flash player is considered insecure, because it can be easily hacked, so every action in the game that is significant needs to be executed on server, because they are harder to hack.
Again, this really depends on the choices of the developers, how they will structure the game. So you can't really know unless they tell you or you hack the flash code and see it for yourself.
Related
I am working on an AS3 application. I need to store some data locally (on user's machine). I used Shared Object concept. Now in chrome, the default flash player (pepper flash) stores the shared object in a different folder. So if a user changes from the default flash player to externally installed flash player and vice versa (by disabling/enabling flash player from plugins) there will be loss of data. Let me simplify. External flash player stores shared object at 'A' and pepper flash at 'B'. If I switch the flash players, i will miss the data at 'A'/'B'. How can I solve this problem? Is there a way to retrieve the data? Please help me.
Because the Flash plugin itself controls where shared objects are stored and you cannot (as far as I am aware) change that location nor determine what that location is, there is nothing you can do about this one, unfortunately. You will have to deal with the lost data. It will happen eventually anyway, because I believe shared objects are cleared when you clear temporary browser data (or at least they should be, anyway).
On the bright side, the average user does not know you can switch between plugins nor do they know how. The vast majority of Chrome users, even those with a more technical background, will be using the terrible Pepper Flash plugin, so your scenario should be a rarity.
There is a way around it, however. You could set up a remote server and store the shared object there. That way it is not stored locally and you decide where it is actually stored. I personally can't think of a situation where this would be preferable to having a couple users lose their data, but it might fix things for you.
I need my Flash client to communicate with a server securely (through binary sockets). For this, I was thinking of embedding a pre-shared key inside the AS3 code and exchanging XORed data through a custom protocol.
I am told that SWF decompilers do a good job at making all embedded code clearly apparent and readable. Does this mean that I can't really hide my key?
If this method is impractical, what other options are there? I have tried as3crypto, only to find that it's full of shortcomings and lacks serious documentation.
You cannot hide your key at all - SWF is totally untrusted, can be easily decompiled. It's pretty difficult to deal with security with SWF's because they run on the client and are not trusted.
It might depend specifically on what you are trying to accomplish with secure communication. For instance, if you are trying to secure a high-score system that is pretty much impossible because the game runs on the client (the SWF) and they can manipulate it to spit out any score they want to the server. Here is a good read on this: What is the best way to stop people hacking the PHP-based highscore table of a Flash game
If you can use the SWF only as a front-end UI and all logic takes place on the back-end, then you can secure your application (using the above highscore example, if the game was not an AS3 game but actually ran on the server itself, it would be a lot easier to secure, because the backend is trusted and cannot be modified or viewed by a user), but if the logic takes place on the SWF then you are pretty much out of luck.
I'm working on a little networked flash game. I have my own server built in C/Linux and I connect to the server via a flash socket. I'm debating whether to put the heavy load of game logic on the client or on the server. The main concern is someone hacking the code and ruining the game for others.
Even if I put as much logic on the server as I can, if someone can hack the code and figure out my messages that are sent to the server it seems impossible to stop all intrusions.
How should I handle this and how worried should I be about AS3 hackers?
I gave a talk on a conference 2 years ago about protecting flash games. Check out the slides.
Yes, it is pretty easy to decompile a swf and modify it as desired. The risk is fairly low, but if there is some large possible monetary reward, then yes I would be careful.
So, my advice is:
Don't put high risk logic on the client
But do put high cost algorithms on the client.
Edit: I would like to add one more point. If the server is relying on the client to it some state of the game, you can also proxy, inspect, and then modify the requests with a tool like Charles. Someone can use this tool to setup breakpoints on requests, and then modify the results before forwarding them to the server. It is even easier than decompiling and modifying a swf.
The lesson is, you should never rely on having an honest client.
Flash code is incredibly easy to hack. I may be wrong, but I think that when you decompile a swf, it's a full decompile - it gives you the original names of the variables and everything. It's also fairly easy to use tools like Cheat Engine to modify memory while the game is running. Unless you intentionally obfuscate your code and your data structures, I'd recommend putting most computation on the server.
I've created a simple game where 2 players make a simultaneous choice in each round, and the winner of the round is determined by a set of rules specific to the game. Sort of like how Rock Paper Scissors works.
I'd like to be able to offer this game online where 2 players can find and play against each other. There would be some central server to arbitrate the game, and then each player would interact with the game using some game client of his choice that we would provide (i.e. web-based, mobile-based, Flash, etc).
Obviously, a player could also play against a computer opponent that we could provide. I'd also like to have the capability to allow programmers to submit computer programs that they've written to act as players and play against other programs in some sort of tournament.
I realize that the specifics of my game would certainly need to be written from scratch, but it seems that all of the work that the servers would have to do to communicate with the clients and maintain the state of the game has probably been done many times before. This is probably the bulk of the work.
Does anyone have any ideas for how this could be done quickly and easily? Are there servers available with some sort of standard interface to drop new games into? Is there some sort of open source game server? How would you go about doing this?
Seeing as the clients only communicate with the game server occasionally (as opposed to continuously), a web framework should be able to serve as your "basic game server". While web frameworks may be made for providing "web pages", they can certainly be (ab)used to serve as request handlers.
This certainly doesn't force you to make the game a browser game; standalone game clients can be made easily, and they can communicate with your game server using basic http. I also heard this thing called Ajax is pretty nifty for such things.
Not only will you find a lot of ready-made http-based servers, as an added bonus, there is a lot more documentation on how to work with Web 2.0®©™ than "game servers". You just need to know that you want a web framework that lets you easily manage sessions and receive/respond to requests and a client library that does likewise.
As an added aside, "maintaining the state of the game", as you put it, falls 100% within the domain of the actual game logic. But many web frameworks come with good database support, and will surely be useful for this kind of thing.
I'm writing a game to be run locally, on the user's computer. NOT over the internet.
I want to have a file that will hold the usernames and avatar indices (they're in an array).
I want to know if there's a way to write to files through Flash with AS3. I'm using CS4.
I'd also like to know if you can delete files through Flash, though that's just optional.
Thanks in advance for any help you can give.
If you want to make a game that runs locally on someone's computer, you should make it in Adobe AIR. AIR apps can read and write files, and do all sorts of useful things like show updates in the taskbar, etc. Whereas a simple SWF that you download and run locally can't do anything useful that it couldn't already do in the browser - it can't write or delete local files, for a start. (It can read local files, but only if you disable it from accessing the network.) Moreover, the standalone Flash player is not generally disseminated, so unless the user is a Flash developer they're just going to view your SWF in a browser anyway (unless you plan to publish projectors, which I also wouldn't recommend).
With all that said, however, even if you do your game as local flash content, you can still store information by using SharedObjects. They work the same way offline as online. You can't write the data out as a separate file, but you can store it between sessions easily enough.
if i understand what you are trying to do then why dont you use Adobe AIR? this is flash for the desktop