The Kraken Summer Splash

Project Description

Player 1. Are you ready? Fancy snaring a genuine one-off Kraken Freaky Tiki Summer Splash arcade cab with over 13,000 games, widescreen and unbelievable stereo sound?

A commissioned project for Kraken Rum for a competition to win a branded arcade machine hosted on the "The League of Darkness" site. Has a fully functional leaderboard with secure score transmission to a secured API backend.

Hosted here: "The League of Darkness" site.

*Login Required

Project Features

Phaser 3 JavaScript Web

2D Obstacle Course
Difficulty Scaling
Leaderboard
Bonus Items
Cheat Detection
Secured API
Obfuscation

My Contributions

Gameplay

The game play simulates a branded theme of Flappy Bird with a Kraken Rum twist. The player has to navigate through a series of obstacles aka the krakens tentacles ramping up in difficulty as you progress through the game capped at a certain speed to give players the ability to get a higher score based on skill rather than random number generation. The game also has a series of bonus items that the player can collect to increase their score by risking their lives to get them.

Securing Scores & Retrieving/Sending API Data

As the game was hosted on a public facing website and that there is a high value reward for getting the top scores in this game, I had to ensure that the scores were not manipulated in any way during the competition however due to the nature of public facing websites all scripts are publicly available so I had to use multiple methodologies to slow any perpetrators down before the competition ends.

I did this by using a combination of obfuscation and encryption techniques to ensure that the scores were secure at the time of the competition. One of the techniques that was implemented was done by storing the scores in multiple variables obfuscating the names and functions that check the scores as you pass through each tunnel. I also used a obfuscating tool called "Javascript Obfuscator" to obfuscate the code further by including the whole game script. I also used a encryption technique using AES-128-CBC to encrypt the payload set by Kraken Rum's hosts of the game, this was done by using a encryption key and salt that was provided by the hosts and encrypting the scores then sending the encrypted scores to the API endpoint provided, in the form of a POST request as stated by the API documentation.

As I had no access to the API endpoint all cheat detection was done on the client side, this was done by checking if the add score function was triggered as long as the player is in the collision box and triggered once per collision. If the function was triggered more than once per collision then the player was flagged as a cheater and the score was not sent to the API. Another cheat detection was done by comparing the score value to the string value of the UI score and if they did not match then the player was flagged as a cheater and the score was not sent to the API.