enpu Posted April 17, 2013 Share Posted April 17, 2013 MiniKart (fka MultiSlix) is a kart racing game, that you play on your browser. You can play the game here http://www.minikart.net MiniKart features real kart tracks:- Vihti, Finland- Bemböle, Finland- Riihimäki, Finland- Lahti, Finland- Lonato, Italy- Jämsä, Finland- Helsinki, Finland- Genk, Belgium- Alahärmä, Finland Other game features:- Collision- Skidmarks- Track records- Statistics- AI cars- Sound effects- Track editor (coming)- Local multiplayer (coming)- Gamepad support (coming)- Music (coming) Screenshots: Quote Link to comment Share on other sites More sharing options...
rich Posted April 17, 2013 Share Posted April 17, 2013 I couldn't get past the registration form. I got a login form, made up some random details, came up with a registration form - put some proper details in but there was no button to carry on (and enter didn't submit). The half-obscured register button just went "beep" when I clicked it. Quote Link to comment Share on other sites More sharing options...
Quetzacotl Posted April 17, 2013 Share Posted April 17, 2013 For me enter worked to submit. Game is ok, but nothing special about it. Add some serious multiplayer! BTW Track records are really easy to cheat on, check my stats http://www.minikart.net/stats. Unfortunately the only true way to block cheats is to move your game logic to server and that is not an easy task. Quote Link to comment Share on other sites More sharing options...
enpu Posted April 18, 2013 Author Share Posted April 18, 2013 I couldn't get past the registration form. I got a login form, made up some random details, came up with a registration form - put some proper details in but there was no button to carry on (and enter didn't submit). The half-obscured register button just went "beep" when I clicked it. Did you get any message when you pressed enter? For me enter worked to submit. Game is ok, but nothing special about it. Add some serious multiplayer! BTW Track records are really easy to cheat on, check my stats http://www.minikart.net/stats. Unfortunately the only true way to block cheats is to move your game logic to server and that is not an easy task. Thanks for the feedback!Realtime multiplayer would be absolutely nice, but my skills are not there yet.I think ill do local multiplayer and gamepad support first. As for the cheating, i did know the problem and the solution, but as you said, its not an easy task :/Maybe if someday i got the realtime multiplayer working, i can fix the cheating also. Quote Link to comment Share on other sites More sharing options...
Quetzacotl Posted April 18, 2013 Share Posted April 18, 2013 I can provide you with temporary solution that works against most "hackers". You are already obfuscatoring code so it won't be hard. Just add in the code in few places variables with some secret values and somewhere in code make algorithm that encode values you post (time and track, btw you don't have to post user_id because it should be in session and this way other users can't spoof other users) and your secret values. Then on server decode it, if secret keys are wrong then you now that someone forged this request manually. Finding this algorithm and secret keys is hard with obsfuscated code so forging valid encrypted post won't be easy. Chris 1 Quote Link to comment Share on other sites More sharing options...
enpu Posted April 18, 2013 Author Share Posted April 18, 2013 I can provide you with temporary solution that works against most "hackers". You are already obfuscatoring code so it won't be hard. Just add in the code in few places variables with some secret values and somewhere in code make algorithm that encode values you post (time and track, btw you don't have to post user_id because it should be in session and this way other users can't spoof other users) and your secret values. Then on server decode it, if secret keys are wrong then you now that someone forged this request manually. Finding this algorithm and secret keys is hard with obsfuscated code so forging valid encrypted post won't be easy. Thanks for the solution!My code is minified, is that same as obfuscated? Quote Link to comment Share on other sites More sharing options...
Quetzacotl Posted April 18, 2013 Share Posted April 18, 2013 Yes, obfuscating code is a side effect of minifing code. All your variable/function names are replaced with names that doesn't mean anything for human and code is unreadable so finding anything there is a hell task. Quote Link to comment Share on other sites More sharing options...
enpu Posted April 18, 2013 Author Share Posted April 18, 2013 Yes, obfuscating code is a side effect of minifing code. All your variable/function names are replaced with names that doesn't mean anything for human and code is unreadable so finding anything there is a hell task. I still think my code is not obfuscated? It's just minified with jsmin, that removes comments and unnecessary whitespaces from code.There is no replaced variable/function names, http://www.minikart.net/game.min.js So do you suggest to obfuscate my code? Do you know any free JavaScript obfuscator? Quote Link to comment Share on other sites More sharing options...
Quetzacotl Posted April 18, 2013 Share Posted April 18, 2013 Hmm, maybe you are using some bad minifier. Normally names are changed to letters like a, b, c.Check http://yui.github.io/yuicompressor/. Quote Link to comment Share on other sites More sharing options...
enpu Posted April 19, 2013 Author Share Posted April 19, 2013 Ok i now got my code obfuscated and added secret encoded key to all requests.Can you now cheat easily? Quote Link to comment Share on other sites More sharing options...
Quetzacotl Posted April 19, 2013 Share Posted April 19, 2013 You didn't get what I meant. You have to encrypt all data you send into one value. Now I can see secret code in request so it's useless. curl "http://www.minikart.net/data.php" -H "Origin: http://www.minikart.net" -H "Accept-Encoding: gzip,deflate,sdch" -H "Host: www.minikart.net" -H "Accept-Language: en-US,en;q=0.8" -H "User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31" -H "Content-type: application/x-www-form-urlencoded" -H "Accept: */*" -H "Referer: http://www.minikart.net/" -H "Cookie: PHPSESSID=a3a6e856e7c88e6b0071f41a4362c403; __utma=181803835.1990103659.1366210024.1366373406.1366376395.6; __utmb=181803835.3.10.1366376395; __utmc=181803835; __utmz=181803835.1366376395.6.6.utmcsr=html5gamedevs.com|utmccn=(referral)|utmcmd=referral|utmcct=/topic/370-minikart-kart-racing-game/" -H "Connection: keep-alive" -H "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3" --data "cmd=laptime&table=laps&data=%7B%22user%22%3A%2276%22%2C%22track%22%3A%222%22%2C%22time%22%3A30.40999999999717%7D&secret=953fbb6faa9b9210ab1a3582d72fb72d"Data here is user=76, track =2, time = 30.40999999999717, secret = 953fbb6faa9b9210ab1a3582d72fb72d I can just edit data and submit it via curl. You need to encrypt your track number and track time into string or bytearray mixed with your secret values.Try something like this:encryptPostData: function(track_nr, track_time, secret_value1, secret_value2, callback) { // create array buffer for 9 bytes, 1 for track number, 4 for track time, // 2 for secret_value1 and 2 for secret_value2 var buffer = new ArrayBuffer(9); // check ArrayBuffers view documentation to understand this var view_track_nr = new Uint8Array(buffer, 8, 1); // track number will be placed on last byte (9th, index 8) view_track_nr[0] = track_nr; var view_secret_1 = new Uint16Array(buffer, 6, 1); view_secret_1[0] = secret_value1; var view_secret_2 = new Uint16Array(buffer, 0, 1); view_secret_2[0] = secret_value2; var view_track_time = new Uint32Array(buffer, 2, 1); view_track_time[0] = track_time; // track time is easier to pass as integer // when you want to show it then just divide it // in example time 01:42:123 would be 102213. // minutes = math.floor(102213 / 60000); // seconds = math.floor((102213 % 60000) / 1000); // thousands = (102213 % 60000) % 1000; // convert array buffer to string var array_buffer_view = new Uint8Array(buffer); var blob = new Blob([array_buffer_view]); var f = new FileReader(); f.onload = function(e) { callback(e.target.result); }; f.readAsText(blob);} This function will call your callback with encrypted values as string, as first parameter.Like this:encryptData(2, 102345, function(encrypted_values) { // here you can add encrypted_values to POST FORM and send it}); On server you need to revert operation. First decode string using Blob to arraybuffer. Then get your values using views. Check if secret codes are valid and only if they are add track time to database. Quote Link to comment Share on other sites More sharing options...
eoinmcg Posted April 24, 2013 Share Posted April 24, 2013 had a short play on it - has a lot of potential. do you plan to add multiplayer or at least computer controlled cars to race against? the physics seemed a bit off to me; the car comes to a stop too quickly when you stop accelerating. Quote Link to comment Share on other sites More sharing options...
-AAG- Posted April 27, 2013 Share Posted April 27, 2013 So many good memories came back to me. If you need inspiration:http://www.virtualnes.com/play/?id=TEN-SShttp://www.virtualnes.com/play/?id=NES-WUA friend and I put a lot of hours into these games. Lots of fun. Yours is shaping up nicely. Take your time and make it awesome. Quote Link to comment Share on other sites More sharing options...
ToonGoggles Posted May 15, 2013 Share Posted May 15, 2013 Hey your games look perfect to add into my company's application called "Toon Goggles." We are the leading children's video streaming application with kids content, and we are just about to launch a games section this June. We are partnered with many large companies such as SONY, Barnes & Noble, SHARP, Panasonic, and pre-loaded on most children's android tablets. I would like to add your game to our application on a non-exclusive basis to earn money through revenue share based off advertisements we will have. Please send me an e-mail at: [email protected] We can discuss more there, including sending over a contract to look at, but I think it would be a perfect fit! The only things I would need to know is if your games are touch screen compatible, and can automatically resize to various devices such as tablets and smartphones. Also, we would serve the games on our API, so all you would have to do is send us files that could be opened in a HTMl window. Best,Jordan Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.