Solved

How do I extract the Harddrive Serial Number from the client using Macromedia Flash.

Posted on 2008-10-01
10
272 Views
Last Modified: 2013-11-12
We have a game developed in Macromedia Flash using AS 2.0. We are being having problems of people trying to fraud us. We identify the IP or the customer and what we do is to proceed to block them off the game server. The problem is that is very easy to come up with a work arround and come back and try again.
What we are looking is to collect the harddrive serial number and store it on our database running a verification process at the begining of the session
On other downloadable games that we have is not a problem at all using the windows API but we do not know how to do it from flash on a Internet Browser.
Our game is accesed using a Internet Browser, after you login a pop up window will come up with the game it self, so from that point on is our quest to get the HD serial number.
0
Comment
Question by:hlaprade
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 37

Expert Comment

by:CyanBlue
ID: 22620763
No, Flash Player does not have such capability...  That's a big security issue if FP is capable of doing that...

CyanBlue
0
 
LVL 9

Expert Comment

by:asaivan
ID: 22621090
I don't know, but perhaps Adobe AIR has this capability, if so you could port your game to AIR...
0
 
LVL 39

Expert Comment

by:blue-genie
ID: 22625007
I would agree with CB and say hell no.
I doubt there's anything on a browser platform that will allow you to do that. (I could be wrong, I hope not cause that's scary).
I'm sure most basic anti-virus software would also throw a fit at any attempts.

in terms of trying to block ppl. if i'm using my laptop and i find i'm blocked, i'm gonna go use my other machine, if that one doesn't work i'm going to try it at work. My hardrive can be changed and replaced pretty easily, so how will that help?
if maybe you can tell us exactly how you're being "Defrauded" - we can offer alternatives.

0
 
LVL 39

Expert Comment

by:blue-genie
ID: 22625264
me again.
i found this.

http://addressof.com/blog/archive/2004/02/13/386.aspx

i dont' know if that can be configured into some kind of server side script which flash can call and check.
0
 
LVL 2

Author Comment

by:hlaprade
ID: 22625572
blue-genie, thanks, bassically is a matter of try to prevent, not exactly to stop it 100%, that will be awesome, so we have a fraud department that let say they stop 50% of the fraud attempts, (our game is blackjack tournaments) and then we have features that detects fraud automatically (a 40%) and block the player account. So that 10%, there are a lot of things that you can do to take it to 1% and one of those preventing features, is read the harddrive serial, I have that option on my poker, but is a win32 application, the blackjack is a flash web based application. My development team are looking into asaivan approach regarding AIR. I really appreciate everyones help.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 39

Expert Comment

by:blue-genie
ID: 22631248
where does the fraud comein?
are you handling any of the "logic" in flash - if so there's your problem. flash aint' secure no matter what.
this might be a conflict of interest (since i develop online gaming stuff ) - but here's how we recently handled this - don't know if it will resolve your thing.

we have a login which gets encrypted and put into the database. if the person decompiles the flash file they would be able to see the webservices i'm using and hack those, so what we do is at each login we create a session variable, which gets encrypted and that lasts x amount of time only (The games are time based) - then each time the flash file logs in it checks the session. (i think - this part gets handled by the clever .NET ppl) against a timestamp - if the data is not the same, i.e. the guy grabbed the swf file decompiled it and now wants to run it and access our webservices it doesn't allow it.
i'm not explaining this very well. basically it needs to be handled on the server side, not Flash.
also obviously SSL on the browser side.

blu.
0
 
LVL 2

Author Comment

by:hlaprade
ID: 22636896
There is no logic on the flash, basically we get players with a winning rate that is out of the scale, they may be using sofisticate software and we want to avoid them by identifying patterns on their behavior or why not, the serial on their harddrive, ip etc. That way at least we are able to stop a little bit being hit.
0
 
LVL 39

Expert Comment

by:blue-genie
ID: 22636965
i'm gonna have to leave this for other ppl to comment.
0
 
LVL 37

Accepted Solution

by:
CyanBlue earned 500 total points
ID: 22641435
You definitely got to go with the client application that can give you such information...  I don't know AIR can do that or not, but general Flash Player is not the tool that you are looking for...

CyanBlue
0
 
LVL 2

Author Closing Comment

by:hlaprade
ID: 31502226
Thank you all, we have a long way then in order to cahnge aout client application then.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Introduction This article is primarily concerned with ActionScript 3 and generally specific to AVM2.  Most suggestions would apply to ActionScript 2 as well, and I've noted those tips that differ between AS2 and AS3. With the advent of ActionS…
I come across a lot of question about how to access things in the document class from a movieclip, or accessing something from a movieclip in the document class. It took me a while to figure this out but once I did it makes life so much easier. …
The purpose of this video is to demonstrate how to set up basic WordPress SEO. This will be demonstrated using a Windows 8 PC. The plugin used will be WordPress SEO by Yoast. Go to your WordPress login page. This will look like the following: myw…
The goal of the tutorial is to teach the user how to select which audio input to use. Once you have an audio input plugged into the laptop or computer, you will go into the audio input settings and choose which audio input you want to use.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now