Flash games hack, score is 49700?? How to improve flash games security?

Question

I have 2 flash games (written in as3). Both the highscore value being hacked. The normal range of each game score is not more than 5000 (normal users, will only get 2000 - 3000

Answer 1

As you said depending on what is being done to hack this there are different holes to fix. As you are sending the actual information in your message, and "secret" is contained in the code it becomes a much easier target. Some of the things you could do to improve security

• Use a different hash function, MD5 has known flaws it is possible to create messages with the same signature without knowing the content, SHA1, SHA2 offer higher security, this will prevent an attack through a weakness of MD5

• Make the 'secret' unique to each message, ie. send it from the server for each posting, this will prevent people from reusing the same hash over and over again, and make it harder to look at the code and create the hash

• Hash the result multiple times e.g. value = hash(hash(hash(...,salt),salt),salt) this won't help if people are decompiling your program but it will help if they are just trying to recreate the hash by itself.

• Look for software to protect your SWF against decompilation, i don't do much flash so I don't have any reliable links for that