Cheat Engine protection for Flash or other games which runs mainly on the browser side

[a_bertrand]

If you develop a game which runs heavily on the browser side for example with Flash, Java or Silverlight, you risk to have some smart pants which use the well known "Cheat Engine". Cheat engine is a small but yet powerful little application which let you scan the memory of a running program. So let's say at some point you have 1000 gold, then a bit later 900, you can scan first for 1000, then change the value and ask for a rescan, and Cheat Engine will then show all the addresses which match your searches. So far it wouldn't be an issue, but Cheat engine allows to change values on the fly, that means somebody could then (once he/she found the correct address) change the value and put more or less whatever he/she want.

If your game runs via PHP and doesn't do much on the browser side, then you don't risk anything. On the other side, if you use a flash, javascript, or any other client side soft, then you risk that your variables will be touched. If you double check later on if a given action is possible, then it is again not an issue, but sometimes it is nearly impossible to do so. So how could you prevent such situation?

Well, I developed a small Silverlight application which use a self defined class called "CheckedDouble". This class contains not only the double value which is what interest us, but as well an "hidden" second value which will contain a copy of the value... with a little twist. This allows to store the same value but doesn't show it to tools like "Cheat Engine". Also this class offers a little tool which allows to check if somebody cheated or not. The smartest way to use this info is to contact the server back and flag this user as cheater and don't show the info directly to the user, such that you can delete his/her account without showing how you did it.

Full sources can be found here:

http://base.nowhere-else.org/temp/AntiCheatTest.zip