Whenever your highscore system is based on the fact that the Flash application sends unencrpyted/unsigned highscore data via the network, that can be intercepted and manipulated/replayed. The answer follows from that: encrypt (decently!) or cryptographically sign highscore data. This, at least, makes it harder for people to crack your highscore system because they'll need to extract the secret key from your SWF file. Many people will probably give up right there. On the other hand, all it takes is a singly person to extract the key and post it somewhere.

真正的解决方案包括在Flash应用程序和高分数据库之间进行更多的通信，以便后者能够验证给定的分数是否真实。这可能很复杂，这取决于你的游戏类型。

The way that a new popular arcade mod does it is that it sends data from the flash to php, back to flash (or reloads it), then back to php. This allows you to do anything you want to compare the data as well bypass post data/decryption hacks and the like. One way that it does this is by assigning 2 randomized values from php into the flash (which you cannot grab or see even if running a realtime flash data grabber), using a mathematical formula to add the score with the random values then checking it using the same formula to reverse it to see if the score matches it when it finally goes to the php at the end. These random values are never visible as well as it also times the transaction taking place and if it's any more than a couple seconds then it also flags it as cheating because it assumes you have stopped the send to try to figure out the randomized values or run the numbers through some type of cipher to return possible random values to compare with the score value.

如果你问我，这似乎是一个很好的解决方案，有人认为使用这种方法有什么问题吗?或者可能的解决方法?

你说的是所谓的“客户信任”问题。因为客户端(在这种现金中，运行在浏览器中的SWF)正在做它设计要做的事情。保存高分。

问题是，你想要确保“保存分数”请求来自你的flash电影，而不是任意的HTTP请求。一种可能的解决方案是在请求时(使用flasm)将服务器生成的令牌编码到SWF中，该令牌必须随请求一起保存高分。一旦服务器保存了该分数，令牌就过期了，不能再用于请求。

这样做的缺点是，用户每次加载flash电影只能提交一个高分——你不得不强迫他们刷新/重新加载SWF，然后他们才能再次播放新的分数。

我喜欢tpqf所说的，但是当作弊被发现时，与其禁用一个帐户，不如实施一个蜜罐，这样每当他们登录时，他们都会看到他们被黑客攻击的分数，并且永远不会怀疑他们已经被标记为喷子。谷歌为“phpBB MOD Troll”，你会看到一个巧妙的方法。

你可能问错了问题。你似乎专注于人们通过游戏获得高分的方法，但阻止特定的方法也仅此而已。我没有TamperData的经验，所以我不能说。

你应该问的问题是:“我如何验证提交的分数是有效和真实的?”具体方法取决于游戏。对于非常简单的益智游戏，你可能会发送分数以及特定的开始状态和导致结束状态的移动顺序，然后在服务器端使用相同的移动重新运行游戏。确认陈述的分数与计算的分数相同，只有在两者匹配时才接受分数。

这是网络游戏和竞赛的一个经典问题。你的Flash代码与用户一起决定游戏的得分。但是用户不受信任，Flash代码运行在用户的计算机上。你是SOL，你无法阻止攻击者伪造高分:

Flash甚至比你想象的更容易进行反向工程，因为字节码有良好的文档记录，并描述了一种高级语言(Actionscript)——当你发布一款Flash游戏时，你就是在发布你的源代码，不管你是否知道。 攻击者控制Flash解释器的运行时内存，因此任何知道如何使用可编程调试器的人都可以在任何时候改变任何变量(包括当前分数)，或者改变程序本身。

对系统最简单的攻击是通过代理运行游戏的HTTP流量，捕获高分保存，然后以更高的分数重放。

你可以尝试通过将每个高分保存绑定到游戏的单个实例来阻止这种攻击，例如在游戏启动时向客户端发送加密令牌，如下所示:

hex-encoding( AES(secret-key-stored-only-on-server, timestamp, user-id, random-number))

(您也可以使用会话cookie来达到同样的效果)。

游戏代码将这个令牌用高分保存回服务器。但攻击者仍然可以再次启动游戏，获得令牌，然后立即将该令牌粘贴到重放的高分保存文件中。

因此，接下来不仅要提供一个令牌或会话cookie，还要提供一个高分加密会话密钥。这将是一个128位AES密钥，它本身是用硬编码到Flash游戏中的密钥加密的:

hex-encoding( AES(key-hardcoded-in-flash-game, random-128-bit-key))

现在，在游戏发布高分之前，它会解密高分加密会话密钥，这是因为你将高分加密会话密钥硬编码到Flash二进制文件中。你用这个解密的密钥加密高分，以及高分的SHA1哈希值:

hex-encoding( AES(random-128-bit-key-from-above, high-score, SHA1(high-score)))

服务器上的PHP代码检查令牌，以确保请求来自一个有效的游戏实例，然后解密加密的高分，检查以确保高分与高分的SHA1匹配(如果跳过这一步，解密只会产生随机的，可能非常高的高分)。

So now the attacker decompiles your Flash code and quickly finds the AES code, which sticks out like a sore thumb, although even if it didn't it'd be tracked down in 15 minutes with a memory search and a tracer ("I know my score for this game is 666, so let's find 666 in memory, then catch any operation that touches that value --- oh look, the high score encryption code!"). With the session key, the attacker doesn't even have to run the Flash code; she grabs a game launch token and a session key and can send back an arbitrary high score.

你现在已经到了大多数开发者放弃的时候了——在与攻击者纠缠了几个月之后:

用异或操作打乱AES键 用计算键的函数替换键字节数组 在二进制文件中散布假密钥加密和高分帖子。

这基本上是在浪费时间。不用说，SSL也帮不了你;当两个SSL端点中的一个是邪恶的时，SSL无法保护您。

以下是一些能够有效减少高分作弊的方法:

Require a login to play the game, have the login produce a session cookie, and don't allow multiple outstanding game launches on the same session, or multiple concurrent sessions for the same user. Reject high scores from game sessions that last less than the shortest real games ever played (for a more sophisticated approach, try "quarantining" high scores for game sessions that last less than 2 standard deviations below the mean game duration). Make sure you're tracking game durations serverside. Reject or quarantine high scores from logins that have only played the game once or twice, so that attackers have to produce a "paper trail" of reasonable looking game play for each login they create. "Heartbeat" scores during game play, so that your server sees the score growth over the lifetime of one game play. Reject high scores that don't follow reasonable score curves (for instance, jumping from 0 to 999999). "Snapshot" game state during game play (for instance, amount of ammunition, position in the level, etc), which you can later reconcile against recorded interim scores. You don't even have to have a way to detect anomalies in this data to start with; you just have to collect it, and then you can go back and analyze it if things look fishy. Disable the account of any user who fails one of your security checks (for instance, by ever submitting an encrypted high score that fails validation).

记住，你只是在阻止高分欺诈。你无法阻止它的发生。如果你的游戏中存在金钱风险，那么总有人会打败你所想出的任何系统。我们的目标不是阻止这次袭击;这是为了让攻击变得更加昂贵，而不仅仅是精通游戏并击败它。