Here is some other informations for flash games , use it = it s your responsability:
To understand how the game sends the score to the server , many technics are possible , First we gonna try to use Ethereal , a program that allows you to see what comes & out of the computer , and a decompiler of flash files : Flare.
Start the game , and , just before the score is sended to the server , we active the capture with Ethereal (capture , & start). After the score is showed , go back to Ethereal to stop the capture , & analyse what he found.
They will be a lot of packets to ignore. To follow only what interests us , we will find a line corresponding to the line of the site that we are interested in , then select Follow TCP Stream. we ll get this :
POST/games/scores.php HTTP/1.15(...)
Referer:http//xxxx/games/thegame.php
Content-type:application/x-www-form-urlencoded
Content-length:26
level=2&score=100&name=ABC
We can already see how it works. Level , score & name are sended to the scores.php page. We ll now see how to discover the thing , but with another way of doing it:
the flash programs are executed ad-hoc plug in of the navigator. Like the Java program , they work with a virtual machine. So it s easy to obtain a visible code , with the help of flash decompilers. There are a lot of them , some are free. We are going to use Flare , that allows you to decompile from the ActionScript code from an existing file with all the flash versions , until version 8. It s also possible to decompose the flash file with Flasm. The decomposed code is easier than ActionScript but more difficult to understand . The difference with Flare that requires to have an ActionScript decompiler. Flasm can recompile by himself the code.
First , we have to find the .swf file For this , once the page is loaded , we have to record the web page on the disk. In the downloaded files , we have to find the correct game .swf . After having installed Flare , we decompile the .swf (right click + option/decompile) , we obtain a .flr file; it s a text file , it contains the ActionScript code used by the game. we have now to find the routine that sends the score. For this , we research "http" "php" or "html" because the game has to communicate with the server to send the score. Bingo! a research with "php" brings us to this routine:
button 121 {
on (release) {
formData = new LoadWars();
formData.nom = _
root.actions2.name;
formData.score = _
global.score;
formData.level = _
global.level;
formData.send('scores.php','_parent','POST'),
As seen with Ethereal , it s with this "POST" type that the score is made.
Now that we understood how how works the recording mecanism of the score , we are gonna write an "html" page that allows us to write our own score. Only a few lines are enough if you respect the limitation of the site.
formname= "testflash"
METHOD= "post" ACTION= "
http://xxxx/games/scores.php"
p score : input
type= "text" name= "score"
size = "6" maxlenght= "6" /p
p name (3 letters):
input type= "text"
name = "name" size= "3"
maxlenght= "3" /p
p level : input
type= "text" name = "level"
size= "6" maxlenght= "6" /p
BUTTON name= "submit"
value= "submit"
type= "submit" Send/BUTTON
:form
We just have to copy this code in a "html" page to write infos in the page.
The first line contains two important elements : METHOD= "post" that indicates wich sending type to use and ACTION= that sends all the informations (score , name , level) to the recording page of the scores.
In a flash game , this recording method is as basic as possible , without no securisation
Thanks to Alexis.H , once you will be in the page , it will seems much more easier than it looks. if more people interested , i will post more about doing it with more advanced protections , this is just for basic flash games