Ok, I'm an idiot. I spent about an hour attempting to decrypt the actual packet sent to the server, and it appeared that the decimal keys I was using was wrong. I wrote a little bruteforce module and was able to decrypt small portions of it at a time. I concluded, therefore, that the keys I was using was wrong, but I grabbed them straight from the SWF.

Upon closer inspection, I noticed that there was a block of code to overwrite the URL to the include file. I was using the include file that's hard coded in to the SWF. It turns out that, on the game page there is the URL to the proper file:

Code:
swf.addVariable('include_movie', 'games%2Fgaming_system%2Fnp6_include_v16.swf');
I grabbed the proper keys and, what do you know - it worked. The score was successfully sent and Neopoints added to my account:

Code:
eof=0&np=5,201&success=1&errcode=0&plays=1&sk=2d628cc3bc86bb49ce80&sh=ce3ba5694d224c9c4b82&call_external_function=score_callback&call_external_params=args%3D%5B%7B%22fn%22%3A%22setnp%22%2C%22args%22%3A%225%2C201%22%7D%5D
I'm going to tidy up my source and release it.