Is it possible to create/use third party utils to read the memory of Flash applications targeted for Flash Player 9 and later and thus making it possible to cheat in some Flash games?

cheating ...
tsk tsk tsk

:)

I am not asking this to create a cheat. I am asking this to prevent cheats in the online game that I already have made.

Because if it is possible to create and if it is likely that any one of my players will create that cheat, I already know how I am going to prevent cheats.

Can anyone just tell me if it is possible or not? Has Flash Player been secured enough to prevent such memory-reading cheats?

I don't think anyone here is comfortable enough telling you its not possible. I personally haven't seen it done before, but that doesn't mean someone's not doing it.

I know it has been done with Minesweeper Flags for MSN, written with ActionScript 1.0 targeted for Flash Player 9. But as far as I know both ActionScript 3.0 and Flash Player 9 are much more secure nowadays.

But I guess I will have to implement my next way of cheat-securing just to be sure.

You could change any number of bytes in the flash player's process so it's pretty much unstoppable.

I haven't tried much, but if you get one of those generic trainers that people use on games and try to find the value in the memory it's alot harder then your average game/application, I've only been unsuccessful after trying for 2 minutes and giving up.

If your making any online game/application, you should always do the security server side.

As for dealing with the memory access problem, you can slow down the hackers by adding a random and dud/misleading information. for example..

- Adding an array at the beginning of the class of a random size, to shift around memory offsets.
- Adding extra information to key variables such as hitpoints and gold. (eg. it displays that you have 100 hitpoints, when in reality the memory allocated is different by adding a random number that is generated each time the swf is run.)

Just some suggestions you could try.. perhaps you should look into HOW they hacked into the minesweeper game and then implementing a counter measure against it.

Also i think i read somewhere that the minesweeper game was made with haXe, so it would be compiled as alchemy byte code and may be different (or was it another game?), the memory allocation is probably the same seeing as its just a virtual machine running the bytes, like the JavaVM or whatever.


(Keep in mind i've never done this type of security before, so i wouldn't take anything i say as full-proof.)

EDIT:

As for msn and minesweeper, i think the easiest way to detect the mines would be with a packet sniffer, not a memory editor... Provided that they cheaped out on server side security.