How to secure Flash Games from Cheat Engine?

Question

Other questions didn't really have an answer. I'm making a singleplayer game that saves to a leaderboard, and I can't have the scores be 999999999999999999999999 from Cheat Engine. How do I secure my AS3 Flash Game so that Cheat Engine does nothing?

possible duplicate of [How to secure scorelist in flash game](http://stackoverflow.com/questions/12298904/how-to-secure-scorelist-in-flash-game) — Mgetz, Aug 05 '13 at 16:26

score 1 · Answer 1 · answered Aug 05 '13 at 23:22

1

You can't. It's unavoidable. Abandon all hope. Your game is client-side and can be tampered with. The score is sent from the client which can be intercepted and changed before it is sent to the server. Anything you do to try encode the score will fail because your SWF can be decompiled and the algorithm reverse-engineered. Even if you put yourself through hell to obfuscate your SWF and the logic used to encode a decode a score, you will not prevail. All you can do is make it not worthwhile to cheat by maximising the difficulty of sending faux scores; make the criteria of a valid score strict and hard to determine e.g. a multiple of a given number minus x.

answered Aug 05 '13 at 23:22

Marty

39,033
19
93
162

"Your game is client-side and can be tampered with." Can I make it server side? – Nathan Ellis Aug 06 '13 at 00:46
@NathanEllis You can certainly try, but with Flash that is going be *very* slow. You would have to program the game in your choice of server-side language and then use Flash to render its state and send input to the server. – Marty Aug 06 '13 at 00:50
@NathanEllis Well, you will be in another hell of problems if your game will be server-side. Maintaining uptime, connection load, interactions, disconnects/reconnects, backups, network protocol interceptions (if a game is server side, the assumption is that client ALWAYS lies, so all checks should also be done server side), and a lot more. And if all this is to preserve a highscore list - it's like shooting pigeons with nuclear-loaded ICBMs. – Vesper Aug 06 '13 at 03:51

score 0 · Answer 2 · answered Feb 23 '17 at 20:03

There are ways to make it very difficult, although as others have mentioned, it will never be completely secure.

Neopets, a popular site with flash games, combats this problem by sending extra information to the server. For example, in a game you might send to the server:

Time to complete level
Number of enemies killed
Number of items collected
Score

Then on the server, check if the values make sense. If they did not kill enough enemies, reject their score. If they completed the level too quickly, reject their score.

Pvria Ansari · Answer 3 · 2018-09-01T12:12:01.220

0

Bind your data to something dynamically changing like time. Because cheat engine does not have such option to trace time in data. Additionally if the trainer is programmed so professionally you can combine this method and other distraction methods together like multiplying the number into another dynamic data.

edited Sep 01 '18 at 12:12

answered Sep 01 '18 at 12:03

Pvria Ansari

406
4
20

How to secure Flash Games from Cheat Engine?

3 Answers3