0

I am trying to build a puzzle game using HTML & JS. This is going to be a standalone HTML page. There isn't going to be a server side for this application.

Obviously, the game has an answer which the application will create at start time. Now, I wish to make this variable completely hidden i.e., not just hidden from user's view but also inaccessible to the user, even if he tries to read the page through Chrome's Developer Tools or such debug tools.

I'm looking for a solution using HTML5, JS ECMAScript 5+ & jQuery.

I remember reading something about Native HTML code (used for HTML File elements) which cannot be rendered/read even through Dev Tools. Is this any help?

Is there any way or strategy to achieve this?

NOTE: I am aware of <input type="hidden">. But that doesn't serve my purpose.

EDIT: As part of the game, the user makes attempts and the application needs to validate the user's input against this somehow-user-hidden answer variable. At this point, I believe there is no solution that's going to be completely airtight in the given constraints. Hence, I'm pursuing this from an academic interest. Does anyone have any other answers ?

Improve this question
4
  • keep it in the server Commented Apr 30, 2016 at 5:38
  • @Redu: My bad! I forgot to add it in the description. My app is going to be a standalone HTML page. No server involved. Commented Apr 30, 2016 at 5:40
  • 1
    I'm not aware of anything that will do this. When it's on the user's computer there will always be a method to read it. It may be possible to prevent developer tools, but you can't possibly stop memory inspectors. Commented Apr 30, 2016 at 5:41
  • 1
    You could place the answers into a JSON file then use Ajax to return true/false in the answer matched. Commented Apr 30, 2016 at 5:51

2 Answers 2

Reset to default
2

Prehash your answer, hard code that into your page.

Then, when they submit their answer, run through whatever hashing pattern you did before hand, and compare the result.

It could theoretically be brute forced, of course.... if you had a few hundred years.

Javascript implementations of:

Edit:

An example would be:

  • Pattern: SHA-1(SHA-1(SHA-1(answer + salt)))
  • Salt: 982qx17wef7ddsbtxaewnsdufs (make something up, load it as an input type='hidden')
  • Result: (load it as an input type='hidden')
  • Request the answer
  • If SHA-1(SHA-1(SHA-1(attempt + salt))) === Result, they got it correct
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Clever! The security is going depend on the length/complexity of the answer though... for instance if the answer is a,b,c or d it would be easy to put those answers through the hashing code in your program and see which one matches.
... not as easy as 'inspect element' in dev tools, though. You can get more obscure about the pattern, though, and then obfuscate and minify your javascript to the point of it being quite difficult. What kind of security are you really aiming for here? Do they win money from you if they get it right?
There is no major incentive for hacking the answer. I was just academically curious if this could be achieved.
How about you overwrite the 'checking the answer' function entirely (maybe just set it to null) after the initial check, so you get one answer attempt per page load? This would make it a ton of work to get exactly where you would be if you had just loaded the page and clicked a different option each load.
1

Your can hash your values using MD5.

https://github.com/blueimp/JavaScript-MD5#client-side

Improve this answer

4 Comments

MD5 is a hash algorithm, which is NOT encryption.
@Ehryk Ok ill change it to SHA
SHA-1 and SHA-256 are also hash algorithms, and NOT encryption. Hashing is one-way, encryption is two-way. stackoverflow.com/questions/4948322/…
@Ehryk Got it. Thanks for the tip.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.