Geek Answers Handbook

Protect SWF + PHP

I have developed several Flash + PHP games, and the game logic is in PHP files. Flash is for animation and user interface only. Now I have a client who is interested in my games, but we have a deal so that he can use the games in just 2 months, and then, if he does not pay the fee, the games will stop working.

I want to protect my games so that he cannot use them forever. I thought that when the game starts, it will send a request to my server, and if my server answers PASS = 123456, then the game will work, otherwise a message will appear with "GAME DISABLED".

Another method would be to move part of the PHP logic to my server, but this could lead to games running slower than expected.

I also tried Kindisoft secureSWF, but their software changes the functionality of some games.

Does anyone have any other ideas on how to protect this?

+4
source share
3 answers

As long as the logic is not on your server, you need to make sure that the flash files are protected as best as possible, and then you can do any checks from the game on your server (as long as the flash file does not crack, it doesn’t matter what kind are you doing).

http://active.tutsplus.com/tutorials/workflow/protect-your-flash-files-from-decompilers-by-using-encryption/

here is a good article on swf protection, but at the end swf still remains open, since the files are not on your server and the logic is in php files, whatever you do, it can still be crazy.

As the saying goes, the best way to control games is to have logic on your server.

0
source

Use public key authentication - authenticate your php server. Make your server-side certificate authority, save the public temporary keys on your server and their private copies on your CA server. Each time a flash game starts, authenticate your server with your CA.
This solution is not very difficult, and for this you can use standard tools. In addition, without breaking the flash application, he will not be able to overcome this check. He also overhears. The biggest possible problem would be for it to use your php API without your flash application.

+3
source

If the client is a little qualified coder (or even an enthusiastic google user), it will not be difficult for him to bypass the initial password test.

The only safe thing (imo) is the php host on the server, which you manage yourself.

0
source

More articles:


All Articles