Securing a Flash game’s variables using flash_proxy

If you make Flash games, and you have a high score table, or some sort of community achievement system, you may want to make sure that people can’t cheat the system and put up fake scores or achievement reports.

For a Flash game, though, this can be difficult – there are easy to find tools, such as Cheat Engine, that can peek into the variables of your Flash game and their current values, and then change them to something more to the player’s liking.  A player does this by searching for a value that they can visibly see in the game, and finding any memory location that matches that value – and then searching again when the value changes, until the possible locations are narrowed to one.

Information about your game can be protected by keeping it on a server separate from the client game – however, since most Flash sites are portals in which individual designers submit their own games, and since they often submit their games to several different portals, security needs to handled at the client level instead.

One other possible way of protecting your variables is by obfuscating them – disguising them as some other value, or breaking up their value across several different variables and having the game recompose them when needed.

A handy method of doing this is taking advantage of a lesser-used feature of Actionscript known as the flash proxy.  A Proxy is a data type that’s a cousin to the basic Object – but it has additional abilities that let you define what happens when properties of the Proxy object are accessed or set.

This isn’t the same as setting getter or setter functions for an object property.  If you wanted to use getters/setters, you’d need to write a pair of functions for each property you wanted to obscure. A Proxy object lets you define what happens when any property is accessed or changed.

Here’s an example object that can be used to disguise numeric properties in a game. If someone wanted to poke around your game for variables to change, they couldn’t do a search based on the visible numbers; also, the functions are written so that the exact formula for disguising the variable’s value changes from game to game.

Notice the use of the keyword flash_proxy. This lets the compiler know that this special feature of Actionscript is being used.

package
{
    import flash.utils.flash_proxy;
    import flash.utils.Proxy;

    public dynamic class Obfuscated extends Proxy
    {

        private var _multiples:Object = { };
        private var _additives:Object = { };
        private var _subtractives:Object = { };

        private var _values:Object = { };

        public function Obfuscated()
        {
        }

        flash_proxy override function hasProperty(name:*):Boolean
        {
            return _hasProperty(name);
        }

        private function _hasProperty(name:*):Boolean
        {
            var propfound:Boolean = false;
            for (var n:String in _multiples)
            {
                if (n == name)
                {
                    propfound = true;
                    break;
                }
            }
            return propfound;
        }

        flash_proxy override function setProperty(name:*,value:*):void
        {
            if (((value is int) == false)&&((value is Number) == false)	)
                return;

            if (_hasProperty(name) == false)
            {
                _multiples[name] = (Math.random() < 0.5) ? 2 : 3;
                _additives[name] = (Math.floor(Math.random() * 100));
                _subtractives[name] = (Math.floor(Math.random() * 100000));
            }

            _values[name] = value * _multiples[name] + _additives[name] - _subtractives[name];

        }

        flash_proxy override function getProperty(name:*):*
        {
            if (_hasProperty(name) == false)
                return 0;
            else
            {
                var fn:* = _values[name];
                fn += _subtractives[name];
                fn -= _additives[name];
                fn /= _multiples[name];
                return fn;
            }
        }

    }

}

By creating an Obfuscated object and assigning properties to it, you can safely store and retrieve game information while keeping their internal values disguised.

Note that there are other pitfalls in securing game variables; for instance, if you have the game increase the player’s score by 100 every time a target is hit in a shooting game, a cheater might not be able to find the “score” variable, but might be able to track down the constant value 100 and change that instead. In that case, it would be a good idea to store the constants in a disguised way as well, and also take care how they are initialized:

function multiply(a:int,b:int):int
{ return a*b; }

var obfus = new Obfuscated();
obfus.amt100 = multiply(5,20);
Advertisements

One thought on “Securing a Flash game’s variables using flash_proxy

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s