Solved

How do I extract the Harddrive Serial Number from the client using Macromedia Flash.

Posted on 2008-10-01
10
276 Views
Last Modified: 2013-11-12
We have a game developed in Macromedia Flash using AS 2.0. We are being having problems of people trying to fraud us. We identify the IP or the customer and what we do is to proceed to block them off the game server. The problem is that is very easy to come up with a work arround and come back and try again.
What we are looking is to collect the harddrive serial number and store it on our database running a verification process at the begining of the session
On other downloadable games that we have is not a problem at all using the windows API but we do not know how to do it from flash on a Internet Browser.
Our game is accesed using a Internet Browser, after you login a pop up window will come up with the game it self, so from that point on is our quest to get the HD serial number.
0
Comment
Question by:hlaprade
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 37

Expert Comment

by:CyanBlue
ID: 22620763
No, Flash Player does not have such capability...  That's a big security issue if FP is capable of doing that...

CyanBlue
0
 
LVL 9

Expert Comment

by:asaivan
ID: 22621090
I don't know, but perhaps Adobe AIR has this capability, if so you could port your game to AIR...
0
 
LVL 39

Expert Comment

by:blue-genie
ID: 22625007
I would agree with CB and say hell no.
I doubt there's anything on a browser platform that will allow you to do that. (I could be wrong, I hope not cause that's scary).
I'm sure most basic anti-virus software would also throw a fit at any attempts.

in terms of trying to block ppl. if i'm using my laptop and i find i'm blocked, i'm gonna go use my other machine, if that one doesn't work i'm going to try it at work. My hardrive can be changed and replaced pretty easily, so how will that help?
if maybe you can tell us exactly how you're being "Defrauded" - we can offer alternatives.

0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 39

Expert Comment

by:blue-genie
ID: 22625264
me again.
i found this.

http://addressof.com/blog/archive/2004/02/13/386.aspx

i dont' know if that can be configured into some kind of server side script which flash can call and check.
0
 
LVL 2

Author Comment

by:hlaprade
ID: 22625572
blue-genie, thanks, bassically is a matter of try to prevent, not exactly to stop it 100%, that will be awesome, so we have a fraud department that let say they stop 50% of the fraud attempts, (our game is blackjack tournaments) and then we have features that detects fraud automatically (a 40%) and block the player account. So that 10%, there are a lot of things that you can do to take it to 1% and one of those preventing features, is read the harddrive serial, I have that option on my poker, but is a win32 application, the blackjack is a flash web based application. My development team are looking into asaivan approach regarding AIR. I really appreciate everyones help.
0
 
LVL 39

Expert Comment

by:blue-genie
ID: 22631248
where does the fraud comein?
are you handling any of the "logic" in flash - if so there's your problem. flash aint' secure no matter what.
this might be a conflict of interest (since i develop online gaming stuff ) - but here's how we recently handled this - don't know if it will resolve your thing.

we have a login which gets encrypted and put into the database. if the person decompiles the flash file they would be able to see the webservices i'm using and hack those, so what we do is at each login we create a session variable, which gets encrypted and that lasts x amount of time only (The games are time based) - then each time the flash file logs in it checks the session. (i think - this part gets handled by the clever .NET ppl) against a timestamp - if the data is not the same, i.e. the guy grabbed the swf file decompiled it and now wants to run it and access our webservices it doesn't allow it.
i'm not explaining this very well. basically it needs to be handled on the server side, not Flash.
also obviously SSL on the browser side.

blu.
0
 
LVL 2

Author Comment

by:hlaprade
ID: 22636896
There is no logic on the flash, basically we get players with a winning rate that is out of the scale, they may be using sofisticate software and we want to avoid them by identifying patterns on their behavior or why not, the serial on their harddrive, ip etc. That way at least we are able to stop a little bit being hit.
0
 
LVL 39

Expert Comment

by:blue-genie
ID: 22636965
i'm gonna have to leave this for other ppl to comment.
0
 
LVL 37

Accepted Solution

by:
CyanBlue earned 500 total points
ID: 22641435
You definitely got to go with the client application that can give you such information...  I don't know AIR can do that or not, but general Flash Player is not the tool that you are looking for...

CyanBlue
0
 
LVL 2

Author Closing Comment

by:hlaprade
ID: 31502226
Thank you all, we have a long way then in order to cahnge aout client application then.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article provides a case study on how our local youth baseball league deployed a new website, including the platform selection, implementation and benefits to the league.
This guide will walk you through the essential considerations and tech stack for building scalable websites. Know how to grow your business the smart way!
The purpose of this video is to demonstrate how to update a WordPress Site’s version. WordPress releases new versions of its software frequently and it is important to update frequently in order to keep your site secure, and to get new WordPress…
The purpose of this video is to demonstrate how to set up the permalinks on a WordPress Website. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Go t…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question