Solved

How do I extract the Harddrive Serial Number from the client using Macromedia Flash.

Posted on 2008-10-01
10
279 Views
Last Modified: 2013-11-12
We have a game developed in Macromedia Flash using AS 2.0. We are being having problems of people trying to fraud us. We identify the IP or the customer and what we do is to proceed to block them off the game server. The problem is that is very easy to come up with a work arround and come back and try again.
What we are looking is to collect the harddrive serial number and store it on our database running a verification process at the begining of the session
On other downloadable games that we have is not a problem at all using the windows API but we do not know how to do it from flash on a Internet Browser.
Our game is accesed using a Internet Browser, after you login a pop up window will come up with the game it self, so from that point on is our quest to get the HD serial number.
0
Comment
Question by:hlaprade
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 37

Expert Comment

by:CyanBlue
ID: 22620763
No, Flash Player does not have such capability...  That's a big security issue if FP is capable of doing that...

CyanBlue
0
 
LVL 9

Expert Comment

by:asaivan
ID: 22621090
I don't know, but perhaps Adobe AIR has this capability, if so you could port your game to AIR...
0
 
LVL 39

Expert Comment

by:blue-genie
ID: 22625007
I would agree with CB and say hell no.
I doubt there's anything on a browser platform that will allow you to do that. (I could be wrong, I hope not cause that's scary).
I'm sure most basic anti-virus software would also throw a fit at any attempts.

in terms of trying to block ppl. if i'm using my laptop and i find i'm blocked, i'm gonna go use my other machine, if that one doesn't work i'm going to try it at work. My hardrive can be changed and replaced pretty easily, so how will that help?
if maybe you can tell us exactly how you're being "Defrauded" - we can offer alternatives.

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 39

Expert Comment

by:blue-genie
ID: 22625264
me again.
i found this.

http://addressof.com/blog/archive/2004/02/13/386.aspx

i dont' know if that can be configured into some kind of server side script which flash can call and check.
0
 
LVL 2

Author Comment

by:hlaprade
ID: 22625572
blue-genie, thanks, bassically is a matter of try to prevent, not exactly to stop it 100%, that will be awesome, so we have a fraud department that let say they stop 50% of the fraud attempts, (our game is blackjack tournaments) and then we have features that detects fraud automatically (a 40%) and block the player account. So that 10%, there are a lot of things that you can do to take it to 1% and one of those preventing features, is read the harddrive serial, I have that option on my poker, but is a win32 application, the blackjack is a flash web based application. My development team are looking into asaivan approach regarding AIR. I really appreciate everyones help.
0
 
LVL 39

Expert Comment

by:blue-genie
ID: 22631248
where does the fraud comein?
are you handling any of the "logic" in flash - if so there's your problem. flash aint' secure no matter what.
this might be a conflict of interest (since i develop online gaming stuff ) - but here's how we recently handled this - don't know if it will resolve your thing.

we have a login which gets encrypted and put into the database. if the person decompiles the flash file they would be able to see the webservices i'm using and hack those, so what we do is at each login we create a session variable, which gets encrypted and that lasts x amount of time only (The games are time based) - then each time the flash file logs in it checks the session. (i think - this part gets handled by the clever .NET ppl) against a timestamp - if the data is not the same, i.e. the guy grabbed the swf file decompiled it and now wants to run it and access our webservices it doesn't allow it.
i'm not explaining this very well. basically it needs to be handled on the server side, not Flash.
also obviously SSL on the browser side.

blu.
0
 
LVL 2

Author Comment

by:hlaprade
ID: 22636896
There is no logic on the flash, basically we get players with a winning rate that is out of the scale, they may be using sofisticate software and we want to avoid them by identifying patterns on their behavior or why not, the serial on their harddrive, ip etc. That way at least we are able to stop a little bit being hit.
0
 
LVL 39

Expert Comment

by:blue-genie
ID: 22636965
i'm gonna have to leave this for other ppl to comment.
0
 
LVL 37

Accepted Solution

by:
CyanBlue earned 500 total points
ID: 22641435
You definitely got to go with the client application that can give you such information...  I don't know AIR can do that or not, but general Flash Player is not the tool that you are looking for...

CyanBlue
0
 
LVL 2

Author Closing Comment

by:hlaprade
ID: 31502226
Thank you all, we have a long way then in order to cahnge aout client application then.
0

Featured Post

WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this short web based tutorial, I wanted to show users how they can still use the powers of FrontPage in conjunction with Expression Web 3.  Even though Microsoft eliminated the use of Web components, we can still use them with FrontPage and edit …
Introduction In this tutorial, I'll explain how to create an animated progress meter in a wireframe prototype developed using Axure RP 7.0 - a leading prototyping tool for designing web sites and software. (For more information about Axure and gett…
The purpose of this video is to demonstrate how to set up basic WordPress SEO. This will be demonstrated using a Windows 8 PC. The plugin used will be WordPress SEO by Yoast. Go to your WordPress login page. This will look like the following: myw…
This Micro Tutorial will teach to how to utilize bit rate in Adobe Flash Media Live Encoder.

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question