Hi,

I am a Flash novice and am intending to get a Flash professional to develop an application which is a trivia game that will ask questions and allow users to pick the correct answers.

The time from when a user starts a particular game to the time that they finish the game needs to be recorded by the Flash player.

As I will be giving prizes to the winners of the competition - I need the application to be extremely accurate in the time recording process on the clients computer by counting down the number of milliseconds that each user takes to complete a a game.

The potential issues that I am aware of regarding developing an accurate timer:
a. Software applications and game speed adjusters designed to slow down/quicken Flash applications
b. Speed and RAM of different computers might produce inconsistencies

Is it possible to develop a timer in Flash that is:
i) very accurate (to millisecond level)
ii) hack proof - ie: not able to be manipulated by software or other hacking tricks
iii) will run consistently on different types of computers with different hardware configurations

* I do not want to use the server's time because if a user has a slow connection or the server is slow this will not produce accurate results.

Your thoughts and advice will be much appreciated!!

Hi,

I am a Flash novice and am intending to get a Flash professional to develop an application which is a trivia game that will ask questions and allow users to pick the correct answers.

The time from when a user starts a particular game to the time that they finish the game needs to be recorded by the Flash player.

As I will be giving prizes to the winners of the competition - I need the application to be extremely accurate in the time recording process on the clients computer by counting down the number of milliseconds that each user takes to complete a a game.

The potential issues that I am aware of regarding developing an accurate timer:
a. Software applications and game speed adjusters designed to slow down/quicken Flash applications
b. Speed and RAM of different computers might produce inconsistencies

Is it possible to develop a timer in Flash that is:
i) very accurate (to millisecond level)
ii) hack proof - ie: not able to be manipulated by software or other hacking tricks
iii) will run consistently on different types of computers with different hardware configurations

* I do not want to use the server's time because if a user has a slow connection or the server is slow this will not produce accurate results.

Your thoughts and advice will be much appreciated!!
Well you can use getTimer function or Timer class to achieve that. Using Date class also works, but is dependant on the client time.

getTimer gives you the number of ms the flash movie has played. So if you get the start time and end time you can figure out how to get the time period...

About the hacking part - well that's more server time problem, coming down to preventing modified clients to connect to your database.

You have two options - use client time, which can be manipulated ("hacked") by changing the local time, or use a server time, which will have a slight lag. There really aren't any other options. :-/

You have two options - use client time, which can be manipulated ("hacked") by changing the local time, or use a server time, which will have a slight lag. There really aren't any other options. :-/

Well I do not think you can manipulate getTimer or Timer by changing local time. Actually pretty sure you can't unless you hack the AVM. Anyway I'd rather worry for hack connections to the server than someone hacking the avm. Anyway it wont be as easy as changing local time.

I dont know is it possible ( at least easy to implement ) injecting internal variables of flash player you can use getTimer.. But it is also hackable because you send results to server and someone can easily manipulate client-server connection.

You can design a little intelligent protocol to avoiding packet injections.. (Signature or encryption... ) Also you need to protect your actionscript code..

I dont know is it possible ( at least easy to implement ) injecting internal variables of flash player you can use getTimer.. But it is also hackable because you send results to server and someone can easily manipulate client-server connection.

You can design a little intelligent protocol to avoiding packet injections.. (Signature or encryption... ) Also you need to protect your actionscript code..

Well even if you use server time, you still have to send notification to the server to stop countingtime, so that's hackable too. You cannot override getTimer, and as long as the variable which holds the time is private it should not be accessible for manipulation.

Well even if you use server time, you still have to send notification to the server to stop countingtime, so that's hackable too. You cannot override getTimer, and as long as the variable which holds the time is private it should not be accessible for manipulation.
Right but if you hold state in server with two way connection it should be possible.

Thanks for all your responses...my main concern is that users will be able to slow down GetTimer() function timer so that they can manipulate the time - by loading their RAM etc...
Is there a way to protect GetTimer from manipulation?

Thanks for all your responses...my main concern is that users will be able to slow down GetTimer() function timer so that they can manipulate the time - by loading their RAM etc...
Is there a way to protect GetTimer from manipulation?

Well it sems like the getTimer is pretty accurate, timer count seems to have priority over most things in Flash Player. So if somone manages to slow down their computer so much that getTimer starts counting slowly Flash Player will probably be totally unusable. Anyway, if for some reason the clock on the computer runs slow, you will have false reading. Getting the computer clock to run slow however in most cases will have to do with fiddling with hardware or somethinglike that. Even if your computer is frozen beacuse of 100% CPU load or something similar, the clock is ticking. I don't know exactly how the AVM gets it's time but since it's virtual machine it should not depend on the machine it's running on.
In fact if you slow down the player, you can lose time instead of gaining...