Comments on: Failed – Safe high score list for Flash games with SWFEncrypt – not safe http://shang-liang.com/blog/safe-high-score-list-for-flash-games-with-swfencrypt/ Life in a Flash Sat, 10 Jul 2010 16:14:13 +0000 hourly 1 http://wordpress.org/?v=3.0 By: solution man http://shang-liang.com/blog/safe-high-score-list-for-flash-games-with-swfencrypt/comment-page-1/#comment-866 solution man Sun, 13 Sep 2009 18:34:04 +0000 http://shang-liang.com/blog/uncategorized/safe-high-score-list-for-flash-games-with-swfencrypt/#comment-866 Ye, I found that too. What about this: So you load encryptor_secure.swf in your game.swf And what if you deny access to encryptor_secure.swf? Then nobody can't see how they are encrypted. Tell me what you think ;) Ye, I found that too.

What about this:

So you load encryptor_secure.swf in your game.swf

And what if you deny access to encryptor_secure.swf? Then nobody can’t see how they are encrypted.

Tell me what you think ;)

]]> By: 5566 http://shang-liang.com/blog/safe-high-score-list-for-flash-games-with-swfencrypt/comment-page-1/#comment-865 5566 Sun, 13 Sep 2009 05:56:53 +0000 http://shang-liang.com/blog/uncategorized/safe-high-score-list-for-flash-games-with-swfencrypt/#comment-865 @solution man, when u load the numbers from php, it's very easy to get the info what you are loading. @solution man, when u load the numbers from php, it’s very easy to get the info what you are loading.

]]> By: solution man http://shang-liang.com/blog/safe-high-score-list-for-flash-games-with-swfencrypt/comment-page-1/#comment-864 solution man Sat, 12 Sep 2009 21:08:58 +0000 http://shang-liang.com/blog/uncategorized/safe-high-score-list-for-flash-games-with-swfencrypt/#comment-864 Maybe you could do this: Load from php file to the encryptor_secure.swf and there will be $n1=1987; $n2=7; $n3=15; $n4=3; only seeable at the php file, and flash only loads them. Then nobody can't know how they are encrypted? Hope this works ;) Maybe you could do this:

Load from php file to the encryptor_secure.swf and there will be
$n1=1987;
$n2=7;
$n3=15;
$n4=3;

only seeable at the php file, and flash only loads them. Then nobody can’t know how they are encrypted?

Hope this works ;)

]]> By: mike http://shang-liang.com/blog/safe-high-score-list-for-flash-games-with-swfencrypt/comment-page-1/#comment-202 mike Fri, 21 Dec 2007 16:28:00 +0000 http://shang-liang.com/blog/uncategorized/safe-high-score-list-for-flash-games-with-swfencrypt/#comment-202 it allways says High score rejected and Im not trying to cheat. it allways says High score rejected and Im not trying to cheat.

]]> By: Burak KALAYCI http://shang-liang.com/blog/safe-high-score-list-for-flash-games-with-swfencrypt/comment-page-1/#comment-48 Burak KALAYCI Tue, 14 Aug 2007 08:31:20 +0000 http://shang-liang.com/blog/uncategorized/safe-high-score-list-for-flash-games-with-swfencrypt/#comment-48 Hi, I can’t believe I’ve missed your post- I’ve just ran into it. We do bypass SWFEncrypt with ASV, only after 3 months. (ASV 5.25 bypassed SWFEncrypt 4.0-4.02, ASV 4.28 bypasses 4.03-4.04). I hope you are at least keeping ASV. All the best, Burak Hi,

I can’t believe I’ve missed your post- I’ve just ran into it.

We do bypass SWFEncrypt with ASV, only after 3 months. (ASV 5.25 bypassed SWFEncrypt 4.0-4.02, ASV 4.28 bypasses 4.03-4.04).

I hope you are at least keeping ASV.

All the best,
Burak

]]> By: saravana http://shang-liang.com/blog/safe-high-score-list-for-flash-games-with-swfencrypt/comment-page-1/#comment-39 saravana Thu, 31 May 2007 05:12:50 +0000 http://shang-liang.com/blog/uncategorized/safe-high-score-list-for-flash-games-with-swfencrypt/#comment-39 hi, i saw in ur code very nice, but i want full secured score posting from flash to php (i don't want display the HTTP in validation, score, player and etc ) plz help me. saravana hi,
i saw in ur code very nice, but i want full secured score posting from flash to php (i don’t want display the HTTP in validation, score, player and etc ) plz help me.

saravana

]]> By: 5566 http://shang-liang.com/blog/safe-high-score-list-for-flash-games-with-swfencrypt/comment-page-1/#comment-38 5566 Fri, 25 May 2007 02:43:44 +0000 http://shang-liang.com/blog/uncategorized/safe-high-score-list-for-flash-games-with-swfencrypt/#comment-38 I feel socket can be a good way. xml socket plus https! Sigh, looks like there's no easy way out. Stupid me... I feel socket can be a good way. xml socket plus https! Sigh, looks like there’s no easy way out. Stupid me…

]]> By: guycalledseven http://shang-liang.com/blog/safe-high-score-list-for-flash-games-with-swfencrypt/comment-page-1/#comment-37 guycalledseven Thu, 24 May 2007 15:48:07 +0000 http://shang-liang.com/blog/uncategorized/safe-high-score-list-for-flash-games-with-swfencrypt/#comment-37 Ups, I forgot to mention xml socket servers. You can have score logic in the server part of the game so it never come to client in swf. Ups, I forgot to mention xml socket servers. You can have score logic in the server part of the game so it never come to client in swf.

]]> By: guycalledseven http://shang-liang.com/blog/safe-high-score-list-for-flash-games-with-swfencrypt/comment-page-1/#comment-36 guycalledseven Thu, 24 May 2007 15:43:44 +0000 http://shang-liang.com/blog/uncategorized/safe-high-score-list-for-flash-games-with-swfencrypt/#comment-36 I don't want to break your balls (I've sent you an email), but swf is open format. SWF encryptors can't do much about it, except write code that is harder to read (obfuscate it like hell). The only solution I've found so far for secure highscores is sending them trough https + remoting + encryption + multi fake calls to confuse the faker. With tools like ServiceCapture or Charles you can sniff practically anything. So actually... I haven't found good solution yet. :) I don’t want to break your balls (I’ve sent you an email), but swf is open format. SWF encryptors can’t do much about it, except write code that is harder to read (obfuscate it like hell).

The only solution I’ve found so far for secure highscores is sending them trough https + remoting + encryption + multi fake calls to confuse the faker. With tools like ServiceCapture or Charles you can sniff practically anything.

So actually… I haven’t found good solution yet. :)

]]>