Intro to botting Flash games

by Randy Gingeleski

3 minutes to read

Recently I've been enthused with botting Flash games. It's a good software engineering exercise, and can make you some money.

Post featured image

To get this definition out of the way - a ”bot” is a computer program that plays a game for you.


Approaches to game botting

I see three approaches to botting a Flash game.

1 - interpret the screen with computer vision algorithms, then program clicks or keystrokes to happen after that in a loop. This is probably the most “human” method.

2 - read memory values to interpret the game state, then program clicks or keystrokes to happen after that in a loop. A “hybrid” approach between the previous one and the next one.

3 - script the reading and alteration of memory. Here you’re essentially not playing the game at all, just hacking it. Like you could locate the memory value for your score, change it to whatever, and then carry on.

For the sites I’m about to mention, since you’re playing for money, #3 won’t work. There’s a lot of server-side pinning of values. Altering the game in the #3 approach will only affect the client.

Fellow nerds might ask ”can’t I just intercept and modify the traffic with Wireshark or Fiddler?!?“ Try it and see how little information you get from the Flash stream.

Approach #1 is what I’ve had success with thus far. #2 becomes difficult because you’re trying to locate all these values in memory and God knows what they are.

However, I will recommend Nick Cano’s excellent book which applies mostly to approach #3 (sort of #2 also). He signed a copy for me at Defcon 24. Great read on memory manipulation and more.



Image credit - No Starch

Why this is a great programming exercise

You’ve got computer vision algorithms to write for game state interpretation, back-end algos for figuring out what to do in the game, then keystrokes and clicks to script. Maybe your bot’s workable at that point but you run into issues - time for optimization. And how do you know if it’s working? Unit tests. How do you know if it’s slow? Benchmarking.

Game botting just really engages the full breadth of software engineering. Plus the money aspect can incentivize you a bit. 🙂

Where to bot games for money

The obvious answer to this question would be online casinos. You could skirt present online gaming laws (for the U.S.) by choosing Bitcoin casinos and/or using a VPN.

However, casino games have an edge built into them. The best skilled players would still have a hard time making a profit. You can count cards all you want in 8-deck blackjack, it’s not going to matter.

On our topic of Flash games, there are a couple reputable sites where players engage in “casual” games against each other. Each puts up a little money before hand, and the winner makes out. The host website takes a rake off the pot like poker.

Example - Player A pays $0.88, player B pays $0.88 then they play their game. Player A wins and receives $1.30. The host website made $0.46 off the match up.

And here are the sites. - this is affiliated with GSN, the game show TV network. - this is affiliated with King Games, the firm that brought you Candy Crush Saga and some other well-known phone games.

These are where you could potentially profit off of making good Flash game bots.

I’ve read various complaints that these sites will freeze your money if they suspect you of botting. I cannot personally confirm this.





I hope this is enough to get you going for now. Be on the lookout for source code and video from me in the future.