Ever since I built the original Flash API tools, people have been reporting people that have hacked their scores to ridiculous levels, or hacked some kind of stat variable to unlock a medal, etc etc.

We put a lot of effort into keeping communication between your games and the API gateway fairly secure using all sorts of encryption and seeding techniques, but at the end of the day, if a game has no internal security measures, our API can't do anything about these "hackers".

To be fair, none of these cheaters are actually hackers, they are typically just dumb kids who have learned about a program called CheatEngine (or something similar). This simple cheating app allows any user to manipulate memory resident values, such as scores or in-game statistics.

Most users use cheat engine to check for values that change. If they know the exact value of the change, its even easier, but not necessary. Here's some examples:

A user starts a game with a score of zero. They tell CheatEngine to search for all memory values that equal zero. This search yeilds a large list of possible memory addresses, so they can't easily cheat yet.

The user kills an enemy and now has a score of 100 points. Now they tell CheatEngine to search within the last list of memory addresses for a value of 100. Cheat Engine narrows down all the possible addresses and comes up with a smaller list.

The user keeps repeating this search until they have narrowed the value down, then they can change it to whatever they want.

Using a similar search they can look for values that have changed (up or down) to figure out where you store things like hit points and get themselves unlimited health in any game.

So how do you combat these cheats? Well, there is no real 100% cheat proof solution, but if you understand how these cheat engines work, you can do a few things to detect when something fishy is going on.

One of the first things you should do is use getter/setter functions for sensitive variables rather than setting them directly. If you use OOP classes, you can make your score/health.etc variables private and use a getter/setter function to alias them. If you still code on timelines in AS2, you can just make a setScore(value) and getScore(value) function on _root or something to that effect.

In these functions you can apply some creativity to keep track of how much each value has changed since the last time those functions were called. Here's a small example using crude AS2 (I didn't test any of this, but you should get the idea):

// this is the variable we will store our current score in
score = 0;

// this is the variable we will use to store a value used to verify our score
verify_score = 0;

// This is a random number we will use to create our verify_score value.
// Using a random number will make it harder to figure out our scoring algorithm.
random_seed = Math.random() * 5;

// this is the function we use to set add points to our score
function updateScore(points) {
if (!cheatDetected()) {
score += points;
// this will generate a number that's almost impossible for a person to change correctly.
verify_score = Math.sqrt(Math.round(score/random_seed));
}
}

// this is used to detect whether the score was changed manually
function cheatDetected() {

// these will both be zero if no score has been added
if (score === 0 && verify_score === 0) return false;

// using the same foruma from the updateScore function we can check to see if our current score calculates
// to the same value it did when it was set using the above function.
return (verify_score != Math.sqrt(Math.round(score/random_seed)));
}

// This is used to either get the score, or return zero if the user cheated. Use this when posting high scores.
function getScore() {
if (cheatDetected()) {
return 0;
}
return score;
}

You can use a variety of methods like MD5 hashes, or something more custom to create your verification values, just make sure it's not something you can easily calculate without having access to the source code. using random seed values will make it even harder since every time they play the formula will change.

Keep in mind these formulas do use extra CPU, so you wouldn't want them running on every frame or interval on a high-load game, but for stuff like scores and health, this is a nice technique.

I strongly recommend getting a copy of CheatEngine and trying to cheat your won games.

.
/* */

I just took an amazing dump! It must have weighed nearly 3 lbs and was about 18 inches long. I named it Luis because of it's light mocha color and it's slight scent of re-fried beans.

...and I'm already regretting this decision.

Programming-wise, the 2 services aren't all that different. DirectTV has way more sports options, which I don't really give a shit about, but it's lacking G4TV now... so I am missing out on all those Ninja Warrior and Cops reruns...

The biggest issue I have with DirectTV is that after all these years their receivers are still way behind what everyone else is doing.

The program guide browsing ins sluggish as hell and the dvr doesn't have a one-click auto-tune option, which SHOULD be present on ANY modern receiver.

Dish Network's DVR used a single receiver with RF remotes to connect 2 tvs. When you did this with your DVR receiver that meant your second tv had full dvr functionality. You could pause/rewind live tv on both the tvs that used it etc...

Direct TV's pitch to counter what Dish does is that they give you your HD DVR for your main TV and a second HD receiver that can connect to your DVR from any room. What they don't tell you is this second receiver does not have any basic dvr funtionality built in at all. The only options you have are to tell the DVR to record a single show or to play back something you have already recorded.

And the playback is like using windows media center. It streams the video, has to buffer, and the skip features for skipping commercials and such are slower than shit.

At least I get that low "new customer" rate and all the equipment was free, but after my 2 year contract is up, I'm pretty sure I'll be going back to Dish Network.

</rant>

It's that time of year again, you can wake up and shower with your Irish Spring, eat a bowl of Lucky Charms, pick up an ice cold Shamrock Shake at McDonalds and have a few pints of green beer.

Whatever your tradition is, be sure to tune in on RadioGrounds this Thursday at around 2:00 PM EST (NG Time) for my annual St Patrick's day extravaganza. I'll likely be simulcasting via stickam again, and this year I have a nice surprise for everyone. The debut of my latest audio collaboration featuring Merlin and Hania.

Our masterpiece took nearly 5 days to complete and features 100% live instruments and mind-blowing vocal performances.

You better tune in!

- Mike -: the philly flash user group is having a meeting here tonight
- Mike -: so i'm busy washing all the dicks off the chalkboard walls
- PsychoGoldfish -: HAHAHAHAHAHA

Super gold fish to the rescue

There are a lot of strangers down there at my door. They came to my door because they were angry with me. I want to talk to the airplane driver in the driveway because I want him to go away. Then I thought about what to say to the airplane driver. It was that I had another word to the world and the airplane driver. I said airplane driver go away please. He was trying to kill me but I got away I went to my house and I fed my fish some food and I took a nap.

After a busy weekend, I was finally able to go through the portal and see what other people posted for the Ben Spurgin Tribute day. I must say I was pretty disappointed to see only 2 fans stepped up, and they weren't seasoned flash artists by any means:

Stick Slayer X (Tribute) by IstvanOrosi.
Ben Spurgin, 1977-2009 by tehtimmy4080.

EDIT: I'll try keeping track of late tributes here
Stick Slayer Heaven by Hulalaoo

I know a couple of artists started some pretty ambitious tributes and simply didn't get them done in time, but even that group of people is dissapointingly small.

Still, I must say I am glad I was able to hobble together something to pay my respects on what would have been Ben's 33rd birthday. But even I almost didn't have anything to submit.

Originally a small group of users were going to do a single collaboration telling a seamless story featuring all of Ben's characters. My section was going to feature Pee man fighting a poo monster that was actually a robot filled with stick men, wich would have segwayed into a stick slayer scene.

Unfortunately, the collab wasn't organized as well as it could have been and never got off the ground. Almost a year later we decided to just set a date to submit individual tributes so we could all work independantly, and I reworked my plans to have my tribute be 100% based on the pee man movies, changing the stick men in the robot to the giant goldfish from Pee Man III, while the poop monster was always inspired by Pee Man II.

Again, the nemesis known as time reared it's ugly head and we all got busy working on the redesign, so my tribute movie got pushed back until last week.

On Monday I was planning to just take some time and do it, but I was going to have to really dumb things down to pull it off. Then Tom mentioned he was also wishing he had actually had more time to do a tribute, so we decided then and there to tag team a game using my story concept as the basis. We started in on Nov 2nd and pretty much worked non stop until the game was submitted on Nov 5th.

For a game drawn, animated and coded from scratch in 3 days, I am very happy with how it came out, and I really want to thank Tom for being there to make sure at least SOMEONE gave Ben a fitting tribute.

And now, I have a lot of redesign work to catch up on... and also NG Chat....

So I finally got Mod Nation Racers out of my system, when Halo Reach had to go and improve on the Forge mode. So much for spare time...

Behold: The Colossis (spelled intentionally with an 'i'... Halo kids don't know any better)

http://www.newgrounds.com/audio/listen /320992

As promised, I have posted "Newgrounds Chat" on the site today.

CosmicDeath and FBIPollux owe me a beer now.