MiniKart - kart racing game

[enpu]

 

MiniKart (fka MultiSlix) is a kart racing game, that you play on your browser.

 

You can play the game here http://www.minikart.net

 

MiniKart features real kart tracks:

- Vihti, Finland

- Bemböle, Finland

- Riihimäki, Finland

- Lahti, Finland

- Lonato, Italy

- Jämsä, Finland

- Helsinki, Finland

- Genk, Belgium

- Alahärmä, Finland

 

Other game features:

- Collision

- Skidmarks

- Track records

- Statistics

- AI cars

- Sound effects

- Track editor (coming)

- Local multiplayer (coming)

- Gamepad support (coming)

- Music (coming)

 

Screenshots:

 

 

 

[rich]

I couldn't get past the registration form. I got a login form, made up some random details, came up with a registration form - put some proper details in but there was no button to carry on (and enter didn't submit). The half-obscured register button just went "beep" when I clicked it.

[Quetzacotl]

For me enter worked to submit.

 

Game is ok, but nothing special about it. Add some serious multiplayer!

 

BTW Track records are really easy to cheat on, check my stats http://www.minikart.net/stats.

 

Unfortunately the only true way to block cheats is to move your game logic to server and that is not an easy task.

[enpu]

I couldn't get past the registration form. I got a login form, made up some random details, came up with a registration form - put some proper details in but there was no button to carry on (and enter didn't submit). The half-obscured register button just went "beep" when I clicked it.

 

Did you get any message when you pressed enter?

 

For me enter worked to submit.

 

Game is ok, but nothing special about it. Add some serious multiplayer!

 

BTW Track records are really easy to cheat on, check my stats http://www.minikart.net/stats.

 

Unfortunately the only true way to block cheats is to move your game logic to server and that is not an easy task.

 

Thanks for the feedback!

Realtime multiplayer would be absolutely nice, but my skills are not there yet.

I think ill do local multiplayer and gamepad support first.

 

As for the cheating, i did know the problem and the solution, but as you said, its not an easy task :/

Maybe if someday i got the realtime multiplayer working, i can fix the cheating also.

[Quetzacotl]

I can provide you with temporary solution that works against most "hackers". You are already obfuscatoring code so it won't be hard. Just add in the code in few places variables with some secret values and somewhere in code make algorithm that encode values you post (time and track, btw you don't have to post user_id because it should be in session and this way other users can't spoof other users) and your secret values. Then on server decode it, if secret keys are wrong then you now that someone forged this request manually. 

Finding this algorithm and secret keys is hard with obsfuscated code so forging valid encrypted post won't be easy.

[enpu]

I can provide you with temporary solution that works against most "hackers". You are already obfuscatoring code so it won't be hard. Just add in the code in few places variables with some secret values and somewhere in code make algorithm that encode values you post (time and track, btw you don't have to post user_id because it should be in session and this way other users can't spoof other users) and your secret values. Then on server decode it, if secret keys are wrong then you now that someone forged this request manually. 

Finding this algorithm and secret keys is hard with obsfuscated code so forging valid encrypted post won't be easy.

 

Thanks for the solution!

My code is minified, is that same as obfuscated?

[Quetzacotl]

Yes, obfuscating code is a side effect of minifing code. All your variable/function names are replaced with names that doesn't mean anything for human and code is unreadable so finding anything there is a hell task.

[enpu]

Yes, obfuscating code is a side effect of minifing code. All your variable/function names are replaced with names that doesn't mean anything for human and code is unreadable so finding anything there is a hell task.

 

I still think my code is not obfuscated? It's just minified with jsmin, that removes comments and unnecessary whitespaces from code.

There is no replaced variable/function names, http://www.minikart.net/game.min.js

 

So do you suggest to obfuscate my code? Do you know any free JavaScript obfuscator?

[Quetzacotl]

Hmm, maybe you are using some bad minifier. Normally names are changed to letters like a, b, c.

Check http://yui.github.io/yuicompressor/.

[enpu]

Ok i now got my code obfuscated and added secret encoded key to all requests.

Can you now cheat easily?

[Quetzacotl]

You didn't get what I meant. You have to encrypt all data you send into one value. Now I can see secret code in request so it's useless.

 

curl "http://www.minikart.net/data.php" -H "Origin: http://www.minikart.net" -H "Accept-Encoding: gzip,deflate,sdch" -H "Host: www.minikart.net" -H "Accept-Language: en-US,en;q=0.8" -H "User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31" -H "Content-type: application/x-www-form-urlencoded" -H "Accept: */*" -H "Referer: http://www.minikart.net/" -H "Cookie: PHPSESSID=a3a6e856e7c88e6b0071f41a4362c403; __utma=181803835.1990103659.1366210024.1366373406.1366376395.6; __utmb=181803835.3.10.1366376395; __utmc=181803835; __utmz=181803835.1366376395.6.6.utmcsr=html5gamedevs.com|utmccn=(referral)|utmcmd=referral|utmcct=/topic/370-minikart-kart-racing-game/" -H "Connection: keep-alive" -H "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3" --data "cmd=laptime&table=laps&data=%7B%22user%22%3A%2276%22%2C%22track%22%3A%222%22%2C%22time%22%3A30.40999999999717%7D&secret=953fbb6faa9b9210ab1a3582d72fb72d"

Data here is user=76, track =2, time = 30.40999999999717, secret = 953fbb6faa9b9210ab1a3582d72fb72d

 

I can just edit data and submit it via curl.

 

You need to encrypt your track number and track time into string or bytearray mixed with your secret values.

Try something like this:

encryptPostData: function(track_nr, track_time, secret_value1, secret_value2, callback) {    // create array buffer for 9 bytes, 1 for track number, 4 for track time,     // 2 for secret_value1 and 2 for secret_value2    var buffer = new ArrayBuffer(9);    // check ArrayBuffers view documentation  to understand this    var view_track_nr = new Uint8Array(buffer, 8, 1); // track number will be placed on last byte (9th, index 8)    view_track_nr[0] = track_nr;    var view_secret_1 = new Uint16Array(buffer, 6, 1);    view_secret_1[0] = secret_value1;    var view_secret_2 = new Uint16Array(buffer, 0, 1);    view_secret_2[0] = secret_value2;    var view_track_time = new Uint32Array(buffer, 2, 1);    view_track_time[0] = track_time;     // track time is easier to pass as integer    // when you want to show it then just divide it     // in example time 01:42:123 would be 102213.    // minutes = math.floor(102213 / 60000);    // seconds = math.floor((102213 % 60000) / 1000);    // thousands = (102213 % 60000) % 1000;        // convert array buffer to string    var array_buffer_view = new Uint8Array(buffer);    var blob = new Blob([array_buffer_view]);    var f = new FileReader();    f.onload = function(e) {        callback(e.target.result);    };    f.readAsText(blob);}

 

 

This function will call your callback with encrypted values as string, as first parameter.

Like this:

encryptData(2, 102345, function(encrypted_values) {    // here you can add encrypted_values to POST FORM and send it});

 

 

On server you need to revert operation. First decode string using Blob to arraybuffer. Then get your values using views. Check if secret codes are valid and only if they are add track time to database. 

[eoinmcg]

had a short play on it - has a lot of potential.

 

do you plan to add multiplayer or at least computer controlled cars to race against?

 

the physics seemed a bit off to me; the car comes to a stop too quickly when you stop accelerating.

[-AAG-]

So many good memories came back to me. If you need inspiration:

http://www.virtualnes.com/play/?id=TEN-SS

http://www.virtualnes.com/play/?id=NES-WU

A friend and I put a lot of hours into these games. Lots of fun. Yours is shaping up nicely. Take your time and make it awesome.

[ToonGoggles]

Hey your games look perfect to add into my company's application called "Toon Goggles."  We are the leading children's video streaming application with kids content, and we are just about to launch a games section this June.  We are partnered with many large companies such as SONY, Barnes & Noble, SHARP, Panasonic, and pre-loaded on most children's android tablets.

 

I would like to add your game to our application on a non-exclusive basis to earn money through revenue share based off advertisements we will have.  

 

Please send me an e-mail at:  

 

[email protected]

 

We can discuss more there, including sending over a contract to look at, but I think it would be a perfect fit!

 

The only things I would need to know is if your games are touch screen compatible, and can automatically resize to various devices such as tablets  and smartphones.  Also, we would serve the games on our API, so all you would have to do is send us files that could be opened in a HTMl window.

 

Best,

Jordan