Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How do I extract the Harddrive Serial Number from the client using Macromedia Flash.

Posted on 2008-10-01
10
Medium Priority
?
281 Views
Last Modified: 2013-11-12
We have a game developed in Macromedia Flash using AS 2.0. We are being having problems of people trying to fraud us. We identify the IP or the customer and what we do is to proceed to block them off the game server. The problem is that is very easy to come up with a work arround and come back and try again.
What we are looking is to collect the harddrive serial number and store it on our database running a verification process at the begining of the session
On other downloadable games that we have is not a problem at all using the windows API but we do not know how to do it from flash on a Internet Browser.
Our game is accesed using a Internet Browser, after you login a pop up window will come up with the game it self, so from that point on is our quest to get the HD serial number.
0
Comment
Question by:hlaprade
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 37

Expert Comment

by:CyanBlue
ID: 22620763
No, Flash Player does not have such capability...  That's a big security issue if FP is capable of doing that...

CyanBlue
0
 
LVL 9

Expert Comment

by:asaivan
ID: 22621090
I don't know, but perhaps Adobe AIR has this capability, if so you could port your game to AIR...
0
 
LVL 39

Expert Comment

by:blue-genie
ID: 22625007
I would agree with CB and say hell no.
I doubt there's anything on a browser platform that will allow you to do that. (I could be wrong, I hope not cause that's scary).
I'm sure most basic anti-virus software would also throw a fit at any attempts.

in terms of trying to block ppl. if i'm using my laptop and i find i'm blocked, i'm gonna go use my other machine, if that one doesn't work i'm going to try it at work. My hardrive can be changed and replaced pretty easily, so how will that help?
if maybe you can tell us exactly how you're being "Defrauded" - we can offer alternatives.

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 39

Expert Comment

by:blue-genie
ID: 22625264
me again.
i found this.

http://addressof.com/blog/archive/2004/02/13/386.aspx

i dont' know if that can be configured into some kind of server side script which flash can call and check.
0
 
LVL 2

Author Comment

by:hlaprade
ID: 22625572
blue-genie, thanks, bassically is a matter of try to prevent, not exactly to stop it 100%, that will be awesome, so we have a fraud department that let say they stop 50% of the fraud attempts, (our game is blackjack tournaments) and then we have features that detects fraud automatically (a 40%) and block the player account. So that 10%, there are a lot of things that you can do to take it to 1% and one of those preventing features, is read the harddrive serial, I have that option on my poker, but is a win32 application, the blackjack is a flash web based application. My development team are looking into asaivan approach regarding AIR. I really appreciate everyones help.
0
 
LVL 39

Expert Comment

by:blue-genie
ID: 22631248
where does the fraud comein?
are you handling any of the "logic" in flash - if so there's your problem. flash aint' secure no matter what.
this might be a conflict of interest (since i develop online gaming stuff ) - but here's how we recently handled this - don't know if it will resolve your thing.

we have a login which gets encrypted and put into the database. if the person decompiles the flash file they would be able to see the webservices i'm using and hack those, so what we do is at each login we create a session variable, which gets encrypted and that lasts x amount of time only (The games are time based) - then each time the flash file logs in it checks the session. (i think - this part gets handled by the clever .NET ppl) against a timestamp - if the data is not the same, i.e. the guy grabbed the swf file decompiled it and now wants to run it and access our webservices it doesn't allow it.
i'm not explaining this very well. basically it needs to be handled on the server side, not Flash.
also obviously SSL on the browser side.

blu.
0
 
LVL 2

Author Comment

by:hlaprade
ID: 22636896
There is no logic on the flash, basically we get players with a winning rate that is out of the scale, they may be using sofisticate software and we want to avoid them by identifying patterns on their behavior or why not, the serial on their harddrive, ip etc. That way at least we are able to stop a little bit being hit.
0
 
LVL 39

Expert Comment

by:blue-genie
ID: 22636965
i'm gonna have to leave this for other ppl to comment.
0
 
LVL 37

Accepted Solution

by:
CyanBlue earned 2000 total points
ID: 22641435
You definitely got to go with the client application that can give you such information...  I don't know AIR can do that or not, but general Flash Player is not the tool that you are looking for...

CyanBlue
0
 
LVL 2

Author Closing Comment

by:hlaprade
ID: 31502226
Thank you all, we have a long way then in order to cahnge aout client application then.
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a case study on how our local youth baseball league deployed a new website, including the platform selection, implementation and benefits to the league.
When setting up new project requests for our site, one of the most powerful tools our team has available to use is Axure (http://www.axure.com/). It’s a tool for creating software and web prototypes that can function and interact as if it were the a…
The purpose of this video is to demonstrate how to integrate Mailchimp with Facebook. This will be demonstrated using a Windows 8 PC. Mailchimp and Facebook will be used. Log into your Mailchimp account. : Click on your name. Go to Account Setti…
The purpose of this video is to demonstrate how to set up the permalinks on a WordPress Website. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Go t…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question