the new kong api -- detection of aob edits
-migrated-
|
Additional Info
|
i have a question about the new kongregate api i ve seen lately
i am wondering if it has something that can actually detect whether or not you use aob edits in your game? i dont know what they edited but i am sure it can catch cheats more easily what do you think? |
|
Additional Info
|
When you change, AoBs, you basically edit the internal loaded memory that the flash file takes up on your computer. It's not detectable by Kongregate directly, though there is a chance that the (noob) hacker messes up the AoB and either a) breaks the program or b) the program is smart and detects the AoB change and reports it to Kongregate. Though I'm not sure if flash can do checksums on its internal memory space..... anyone?
|
|
Additional Info
|
Quote from: "texanpride" i have a question about the new kongregate api i ve seen latelyHow should the API be able to detect it? Besides, how would you come on that idea, did any of the AoBs not work for you? The new API is out a bit longer and I had no problem using any AoB whatsoever. The problem has to be on your side. This post was imported from an account that no longer exists! Previous Name: phreneticus |
|
Additional Info
|
Idiots used the AoBs to get an impossible score and got caught.
Flash .sol locations |
|
Additional Info
|
I may be completely wrong, but I think that it is possible to do something that detects code changes. Maybe some checksum or something. I think I saw something like that on Caesary, but I don't know if that only works for server-sided games
|
|
Additional Info
|
Quote from: "whatever" I may be completely wrong, but I think that it is possible to do something that detects code changes. Maybe some checksum or something. I think I saw something like that on Caesary, but I don't know if that only works for server-sided gamesI only know that a system like this exists for .sol files. Matt for example used it in EBF3. This post was imported from an account that no longer exists! Previous Name: phreneticus |
|
Additional Info
|
Here you go, the answer for all your questions, and it ain't 42.
Haven't read any of it, but I think the title says pretty much: ST7 checksum selfchecking capability |
|
Level: 1
ADR Info
Additional Info
|
The API is just a transport method, nothing more, nothing less. After working with Kong on the security, they stated that they know people are hacking but don't feel the need to do anything about it. They have no way of tracking anything, as you are editing your local memory. The API is just a channel for the game to communicate with Kong's servers, not some anti-hack stuff...
|
|
Additional Info
|
Quote from: "Bazaku" When you change, AoBs, you basically edit the internal loaded memory that the flash file takes up on your computer. It's not detectable by Kongregate directly, though there is a chance that the (noob) hacker messes up the AoB and either a) breaks the program or b) the program is smart and detects the AoB change and reports it to Kongregate. Though I'm not sure if flash can do checksums on its internal memory space..... anyone? By using something simple like tamperdata, you can see the communication with server, and see that the server is mainly just doing stayalive checks with the chat/login server. As far as I can tell, there's no active checks of data, thus any checks would have to be in flash. Certain game makers add a value 2-3 times, if just one of them is changed, it checks against the others, and reports to the server. Also, certain game makers have a check based on how much you could have earned by that point, ie having 2 billion gold when most you could have earned is in the thousands. Kong overall does not fully support games reporting hackers, in the event that some dick wants to program a game to detect your user name, and ban all the people he doesn't like. (its already proven you can import user name) So they take any reports of a user with a grain of salt.... |
|
Additional Info
|
Quote from: "odie" Certain game makers add a value 2-3 times, if just one of them is changed, it checks against the others, and reports to the server. Also, certain game makers have a check based on how much you could have earned by that point, ie having 2 billion gold when most you could have earned is in the thousands.That only works for server-sided games and 99% of Kong games are not server-sided. This post was imported from an account that no longer exists! Previous Name: phreneticus |
|
Additional Info
|
I take it everyone just ignored the link I posted...
Then again, I doubt any game on Kong does that |
|
Level: 1
ADR Info
Additional Info
|
Kong doesn't use that bud. (broken image removed)
|
|
Additional Info
|
I'm not saying Kong itself uses it. Just said that one random developer might use that(though I find that hard to believe)
|
|
Additional Info
|
Quote from: "whatever" I'm not saying Kong itself uses it. Just said that one random developer might use that(though I find that hard to believe) It'd be pretty useless if they do: thats designed for checksumming flash memory cards :-) You could write some flavour of checksum/hash that checks the code regularly and reports an error if it fails, of course, this'd be like berzerker studio's any hacker stuff which is easily disabled by an AoB. |
|
Additional Info
|
Even if you included something like that, the checking code itself is still open to exploitation; That's just the nature of having an open format like Flash/ActionScript.
|
