tags:

views:

134

answers:

4
+3  Q: 

Flash game hacking

I usually organise tournaments on my site (flash based) and this time I have added a tournament in which users have to complete a jigsaw puzzle and the one who completes it in the least time wins some prize. As the jigsaw puzzle always produces random location, it is difficult for them to hack. They can't even directly download the game as it can't be downloaded using flash saver etc. But I want to know if they can make a program which completes the jigsaw puzzle automatically.

Please tell me. Even time can't be hacked as I use time also tick on my server side so I match the time submitted by the game and the time stored in my server.

A: 

Yes, it can be hacked. First off, don't trust your protection from 'flash saver' too much. A determined adversary will be able to retrieve the code - after all, the code is on the user's computer, it cant run otherwise.

Second, 'random location' doesn't necessarily mean much. If there's any kind of unique ID on the pieces, or if the randomization is done on the client side, it's easy to put them into their rightful places. You have to at a minimum randomize the shapes of the cuts. And even then, it wouldn't be too hard to write a fast solver, given the original image.

Oh, and this all assumes your server's doing more verification than just being told when the user's done. You need to ensure that they actually did solve the image - but I'm far from convinced that this is an AI-hard problem; it seems that even if your flash code was uncrackable, if the set of images is small, it would be simple enough to figure out the proper orientation and position of each piece.

bdonlan  2010-10-06 13:58:01
It can be hacked, and there is a solution.
Rook  2010-10-06 18:57:48
A: 

So how does the flash app tell the server that the puzzle has been solved? Using TamperData an attacker can intercept/modify/replay this request, even if it is over HTTPS. If you try and embed a secret it can be obtained by decompiling the flash app or even debugging flash while your app is running and finding the secret in memory.

Normally I would say what you are trying to do is impossible. But lets have fun with this meta security puzzle. Its a jigsaw puzzle right? So that means there is only 1 solution to this puzzle. So you can use some crypto to solve this problem the solution is very similar to a Message Authentication Code, but this is a bit different.

When the puzzle starts the flash app will request the puzzle pieces. Assign a random number to each puzzle piece along with a random location which is transmitted to the flash side. When it is solved you concatenate each number based on where the pieces are in the puzzle. So on the flash side always concatenate the numbers from left to right and then down. When the flash client gets the puzzle the numbers will be out of order, the only way they will be in the correct order is if the puzzle has been solved. When its solved then take a hash of the concatenated numbers. Ideally you should use sha256, although md5 would work because the attacker doesn't know the hash value so collisions don't come into play

The server knows when the puzzle started because the flash side requested the numbers corresponding to the puzzle pieces. The server knows when the puzzle completed because flash side transmitted the solution hash. The server knows what the solution hash is ahead of time because it assigns the numbers. This is a lot like a mac but the difference is that the secret is the order in which the puzzle pieces are in.

Rook  2010-10-06 18:57:11
Using crypto doesn't solve anything. You can send a hash, or equivalently, you could send a list of which pieces go where. But that doesn't fix the fact that this probably is a fairly easy image processing problem, and a determined hacker could always simply write a program to figure out what pieces go where. And if the same images are used each time (ie, the cuts don't vary), it gets even easier.
bdonlan  2010-10-07 11:42:17
@bdonlan An important part of security is: "Does the end justify the means". Why scrap an entire project because there is an attack that no one will ever use? Yes some jerk can write a image recognition program, does he get more out of it than he puts in? Does he get a shell? Or does he get 10 points in some lame game? Write an exploit for this, tell me who gives a damn. Write an exploit that makes it in the news, talk about it at defcon then tell me who cares.
Rook  2010-10-07 17:43:03
@rook feel strongly about it?
Will  2010-10-11 12:45:30
@Will I always feel strongly about it, when it comes to my passion.
Rook  2010-10-11 18:06:15
A: 

Sorry comment option was not there actually i have used xml file to describe the location of puzzle(each). and for time it is hidden and using tampered daya he can only see random no. which is u can say like s.no of mysql. Its like verify time and gametime each with different strings so my question is if some can use my xm file to detect the location of puzzle and create an application to fit each piece of puzzle in right place in just a clikc

aman  2010-10-07 10:07:05
What do you mean by "random no"? Anyway, the attacker could just keep a copy of the solved puzzle image, then see which pieces fit where with a program much quicker than a human could solve it...
bdonlan  2010-10-07 11:40:47
By the way, it would be very helpful to see specifically what kind of data is being sent to/from the client - without that, a lot of this is only speculation.
bdonlan  2010-10-07 12:32:41
Commenting wasn't an option because you'd created two accounts. I've merged them together now, so you should be able to comment (you can always comment on your own questions and answers to your own questions.) Please move this to whichever answer it was intended for. Thanks, and welcome!
Bill the Lizard  2010-10-10 00:07:52
A: 

imho the only way to avoid cheats in client-server games is making client side just a GUI and confirm every user action on server. if so ideal client-side app shouldn't even know how to answer a user (until server sends something like 'play animation 5 in direction 7 on tile 21-17')

www0z0k  2010-10-20 22:26:21

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security