First, watch this…
My mind wonders what then can be done to stop someone from decompiling anything and getting the necessary info to do what Mr. Hoffman did. Since Flash is a pretty well known format (and even if it wasn’t), the program suffers from the problem that Bob, Carol, and Eve are all the same person. So how could we stop BCE from taking from Alice more than Alice wants to give?
What does the game need to award the prizes? It’ll need your identifying information and prize levels, and it will need to transport this information to the server. All of which can be intercepted and retransmitted later to win great prizes! The only thing I can think of to combat this is to generate a unique key set for the prizes for each game that’s run and keep that those keys until they are used.
Prize Table
- 1,1 Cheeseburger
- 2,1 Hotdog
- 3,1 Cheeseburger and Coke
- 4,1 Hotdog and Coke
Prize Unique Key Maps
- GameInstanceID,PrizeID,PresentedID
- 5,1,t
- 10,2,a
- 30.3,4
- 1,4,z
So now, when the game is served it’s given a GameInstanceID and it’s loaded with the PresentedID’s for the prizes. Once the game is complete, it flags that game/prize as claimed and doesn’t allow that mapping to award a prize again.
This makes me want to get back to work on my chess game.
