Welcome to Airport City!

AirportCityGame.com is the Number One place to be when it comes to the hit game Airport City!

Real time chat to other players, trade items together, complete space missions, form & arrange alliances and much much more. It's all here at AirportCityGame.com

Weather May Be Coming

Wackeler

700+ Star Club
Device
  1. Windows PC
Friend Code
20qjmn4y2
Username
Dirk VR F20 SlPi
Wait....wait wait wait wait wait...you're telling me that the wish list allowed players to gift collection items? So if I wanted...lets say...a mistletoe from the last event, I could put that on my wish list and have it sent to me?😯
on facebook there was not yet the new system with collecting/fulfilling 8 tasks per day and then getting a bonus, etc. There you had to complete more collections, fly almost everything and you could also put collection items for a quest in the wish box, the you could then get from others. However, this assumes that the other person already has everything for himself or didn't want to complete the quest completely, etc. But within our group we were usually able to swap in such a way that everyone completed the quest. Not everyone has that much time in the day to play for hours. Only now the system for fulfillment is designed a little differently. Casual players hardly make it Lv. to reach 40. Here, too, it would be helpful to have a wish box....
 

Navigata07

1000+ Star Club
Supernovas/Chanel Royal Air Alliance
Device
  1. Android
Friend Code
04fidhw4
Username
Navigata07
on facebook there was not yet the new system with collecting/fulfilling 8 tasks per day and then getting a bonus, etc. There you had to complete more collections, fly almost everything and you could also put collection items for a quest in the wish box, the you could then get from others. However, this assumes that the other person already has everything for himself or didn't want to complete the quest completely, etc. But within our group we were usually able to swap in such a way that everyone completed the quest. Not everyone has that much time in the day to play for hours. Only now the system for fulfillment is designed a little differently. Casual players hardly make it Lv. to reach 40. Here, too, it would be helpful to have a wish box....
Interesting concept. Guess we will see if it is included.
 

BobbinsPilot

500+ Star Club
VIP Flyer
Device
  1. Windows PC
Friend Code
209mxmo3
Username
BobbinsPilot
So as a games developer myself, using exactly the same toolset as GI (Unity / 3DMax and Poser) - I can quite easily attach there software to the debuggers and my observations are as follows...

1) All the graphics assets stored within the game are in super high resolution and are down sized when using the new UI functionality, apart from some of the older builders which are in a lower resolution - This in effects means they are using hardware acceleration to reduce the size of said graphics - Ideally they should have multiple assets for multiple screen sizes and resolutions to remove the need for hardware interaction and thus stop killing our PC's
2) When the vehicles are driving around, each one of them spawns a full on object in the background with clones of common properties, thus taking up more memory. Again ideally they should have a common object on a mutex with all the common properties and just do a shallow copy of these, thus reducing memory use.
3) THIS IS MY BIGGEST BUG BARE - There is zero protection in place for any variable value stored in the game, so anyone with a small amount of knowledge on how to manipulate memory (both protected and unprotected) can manipulate in game values and thus give themselves and advantage. Again a simple fix is to encrypt in memory values that are pertinent to game play, such as how much time is left on a flight - Its too easy to change this to zero to immediately land a plane and because the only stats sent to the GI servers involve flights sent / completed and destination, there is no genuine way for them to check who has cheated and hasn't.
4) All data sent to the servers is only encrypted using base64. There are a multitide of tools online that will convert from base64 to the true value, which means if you use a simple network interception tool, you can plausibly change data being sent between their servers and your app instance.

I honestly could go on for hours, but i recon i have already sent 20 people asleep just typing this.
 
So as a games developer myself, using exactly the same toolset as GI (Unity / 3DMax and Poser) - I can quite easily attach there software to the debuggers and my observations are as follows...

1) All the graphics assets stored within the game are in super high resolution and are down sized when using the new UI functionality, apart from some of the older builders which are in a lower resolution - This in effects means they are using hardware acceleration to reduce the size of said graphics - Ideally they should have multiple assets for multiple screen sizes and resolutions to remove the need for hardware interaction and thus stop killing our PC's
2) When the vehicles are driving around, each one of them spawns a full on object in the background with clones of common properties, thus taking up more memory. Again ideally they should have a common object on a mutex with all the common properties and just do a shallow copy of these, thus reducing memory use.
3) THIS IS MY BIGGEST BUG BARE - There is zero protection in place for any variable value stored in the game, so anyone with a small amount of knowledge on how to manipulate memory (both protected and unprotected) can manipulate in game values and thus give themselves and advantage. Again a simple fix is to encrypt in memory values that are pertinent to game play, such as how much time is left on a flight - Its too easy to change this to zero to immediately land a plane and because the only stats sent to the GI servers involve flights sent / completed and destination, there is no genuine way for them to check who has cheated and hasn't.
4) All data sent to the servers is only encrypted using base64. There are a multitide of tools online that will convert from base64 to the true value, which means if you use a simple network interception tool, you can plausibly change data being sent between their servers and your app instance.

I honestly could go on for hours, but i recon i have already sent 20 people asleep just typing this.
True (y)
 
So as a games developer myself, using exactly the same toolset as GI (Unity / 3DMax and Poser) - I can quite easily attach there software to the debuggers and my observations are as follows...

1) All the graphics assets stored within the game are in super high resolution and are down sized when using the new UI functionality, apart from some of the older builders which are in a lower resolution - This in effects means they are using hardware acceleration to reduce the size of said graphics - Ideally they should have multiple assets for multiple screen sizes and resolutions to remove the need for hardware interaction and thus stop killing our PC's
2) When the vehicles are driving around, each one of them spawns a full on object in the background with clones of common properties, thus taking up more memory. Again ideally they should have a common object on a mutex with all the common properties and just do a shallow copy of these, thus reducing memory use.
3) THIS IS MY BIGGEST BUG BARE - There is zero protection in place for any variable value stored in the game, so anyone with a small amount of knowledge on how to manipulate memory (both protected and unprotected) can manipulate in game values and thus give themselves and advantage. Again a simple fix is to encrypt in memory values that are pertinent to game play, such as how much time is left on a flight - Its too easy to change this to zero to immediately land a plane and because the only stats sent to the GI servers involve flights sent / completed and destination, there is no genuine way for them to check who has cheated and hasn't.
4) All data sent to the servers is only encrypted using base64. There are a multitide of tools online that will convert from base64 to the true value, which means if you use a simple network interception tool, you can plausibly change data being sent between their servers and your app instance.

I honestly could go on for hours, but i recon i have already sent 20 people asleep just typing this.
Wow, tell everyone on the forum how to get 100000 gold then tell gi to fix it lol, we'll pay you monthly
 

Nayeon

1100+ Star Club
Device
  1. iPad
Friend Code
03i2am107
Username
Nayeon
So as a games developer myself, using exactly the same toolset as GI (Unity / 3DMax and Poser) - I can quite easily attach there software to the debuggers and my observations are as follows...

1) All the graphics assets stored within the game are in super high resolution and are down sized when using the new UI functionality, apart from some of the older builders which are in a lower resolution - This in effects means they are using hardware acceleration to reduce the size of said graphics - Ideally they should have multiple assets for multiple screen sizes and resolutions to remove the need for hardware interaction and thus stop killing our PC's
2) When the vehicles are driving around, each one of them spawns a full on object in the background with clones of common properties, thus taking up more memory. Again ideally they should have a common object on a mutex with all the common properties and just do a shallow copy of these, thus reducing memory use.
3) THIS IS MY BIGGEST BUG BARE - There is zero protection in place for any variable value stored in the game, so anyone with a small amount of knowledge on how to manipulate memory (both protected and unprotected) can manipulate in game values and thus give themselves and advantage. Again a simple fix is to encrypt in memory values that are pertinent to game play, such as how much time is left on a flight - Its too easy to change this to zero to immediately land a plane and because the only stats sent to the GI servers involve flights sent / completed and destination, there is no genuine way for them to check who has cheated and hasn't.
4) All data sent to the servers is only encrypted using base64. There are a multitide of tools online that will convert from base64 to the true value, which means if you use a simple network interception tool, you can plausibly change data being sent between their servers and your app instance.

I honestly could go on for hours, but i recon i have already sent 20 people asleep just typing this.
I think you just got yourself a consulting gig with G! ;-)
 

Navigata07

1000+ Star Club
Supernovas/Chanel Royal Air Alliance
Device
  1. Android
Friend Code
04fidhw4
Username
Navigata07
So as a games developer myself, using exactly the same toolset as GI (Unity / 3DMax and Poser) - I can quite easily attach there software to the debuggers and my observations are as follows...

1) All the graphics assets stored within the game are in super high resolution and are down sized when using the new UI functionality, apart from some of the older builders which are in a lower resolution - This in effects means they are using hardware acceleration to reduce the size of said graphics - Ideally they should have multiple assets for multiple screen sizes and resolutions to remove the need for hardware interaction and thus stop killing our PC's
2) When the vehicles are driving around, each one of them spawns a full on object in the background with clones of common properties, thus taking up more memory. Again ideally they should have a common object on a mutex with all the common properties and just do a shallow copy of these, thus reducing memory use.
3) THIS IS MY BIGGEST BUG BARE - There is zero protection in place for any variable value stored in the game, so anyone with a small amount of knowledge on how to manipulate memory (both protected and unprotected) can manipulate in game values and thus give themselves and advantage. Again a simple fix is to encrypt in memory values that are pertinent to game play, such as how much time is left on a flight - Its too easy to change this to zero to immediately land a plane and because the only stats sent to the GI servers involve flights sent / completed and destination, there is no genuine way for them to check who has cheated and hasn't.
4) All data sent to the servers is only encrypted using base64. There are a multitide of tools online that will convert from base64 to the true value, which means if you use a simple network interception tool, you can plausibly change data being sent between their servers and your app instance.

I honestly could go on for hours, but i recon i have already sent 20 people asleep just typing this.
I dont understand coding to this level, but I still get the point of what you're trying to say.
Bottom Line: There is a more efficient way to construct and encrypt the game to reduce the memory consumption as well as reduce the amount of cheaters.

You really need to share this with GI directly; valuable info.
 

BobbinsPilot

500+ Star Club
VIP Flyer
Device
  1. Windows PC
Friend Code
209mxmo3
Username
BobbinsPilot
I dont understand coding to this level, but I still get the point of what you're trying to say.
Bottom Line: There is a more efficient way to construct and encrypt the game to reduce the memory consumption as well as reduce the amount of cheaters.

You really need to share this with GI directly; valuable info.
GI already been directly in touch with me and have shared my full analysis of their code base and demonstrated a number of very easy to exploit vulnerabilities :)
 
I dont understand coding to this level, but I still get the point of what you're trying to say.
Bottom Line: There is a more efficient way to construct and encrypt the game to reduce the memory consumption as well as reduce the amount of cheaters.

You really need to share this with GI directly; valuable info.
Well, my 2 cents since I've also played with some of this stuff in a former life.

1) This makes sense to me. Store only the highest resolution and downsize as appropriate; is best to downsize versus upsize. Having additional stored assets increases both bloat for storage and potentially complicates the loading process possibly outside of hardware acceleration which practically all devices including mobile now have. If proxies aren't used though this could be a huge savings in both memory and storage.
2) This is a mobile game, not likely a spy tool. Not every mobile device employs TPM so adding enhanced encryption will likely kill the CPU on most devices thus adversely affecting performance. This game is currently enjoyed on a vast array of devices, especially older; plus this would increase complexity to implement needed by GI which if you're even somewhat aware of GI they appear more amateurish.
3) Physical access removes security protection and again GI isn't the NSA. Yes, they could lock it down more but there are other less complex methods they could implement and how many would go to this extent? This is also just a game, not crypto.
4) Perhaps a simple checksum algorithm is needed. At least base64 is employed versus nothing but yes, see # 2\3.

Without symbols loaded you might also not be seeing the full picture when debugger is attached - dunno, haven't tried. 🤔
 
Last edited:

BobbinsPilot

500+ Star Club
VIP Flyer
Device
  1. Windows PC
Friend Code
209mxmo3
Username
BobbinsPilot
Well, my 2 cents since I've also played with some of this stuff in a former life.

1) This makes sense to me. Store only the highest resolution and downsize as appropriate; is best to downsize versus upsize. Having additional stored assets increases both bloat for storage and potentially complicates the loading process possibly outside of hardware acceleration which practically all devices including mobile now have. If proxies aren't used though this could be a huge savings in both memory and storage.
2) This is a mobile game, not likely a spy tool. Not every mobile device employs TPM so adding enhanced encryption will likely kill the CPU on most devices thus adversely affecting performance. This game is currently enjoyed on a vast array of devices, especially older; plus this would increase complexity to implement needed by GI which if you're even somewhat aware of GI they appear more amateurish.
3) Physical access removes security protection and again GI isn't the NSA. Yes, they could lock it down more but there are other less complex methods they could implement and how many would go to this extent? This is also just a game, not crypto.
4) Perhaps a simple checksum algorithm is needed. At least base64 is employed versus nothing but yes, see # 2\3.

Without symbols loaded you might also not be seeing the full picture when debugger is attached - dunno, haven't tried. 🤔
All valid points of which none are really standardized, very much up to the preference of the developer, however i was focusing specifically on the windows version.

On the point of symbols - Obviously really helpful for debugging, but as this is written in C# which itself compiled to IL, all you need is some basic knowledge of the .net eco system and more important can read IL, then you have access to a very rough version of code - Being able to write is ASM and emit is also a bonus :), also being a member of the Ruby on Rails project where we wrote our own IL interpreter has massively helped me here.

Again I am an edge case, I have the skills and capability to do this kind of thing without minimal brain power, but i will always push back on any developer that uses base64 for any form of encryption or obfuscation of data as its an encoding standing that can easily be reversed.
 
All valid points of which none are really standardized, very much up to the preference of the developer, however i was focusing specifically on the windows version.

On the point of symbols - Obviously really helpful for debugging, but as this is written in C# which itself compiled to IL, all you need is some basic knowledge of the .net eco system and more important can read IL, then you have access to a very rough version of code - Being able to write is ASM and emit is also a bonus :), also being a member of the Ruby on Rails project where we wrote our own IL interpreter has massively helped me here.

Again I am an edge case, I have the skills and capability to do this kind of thing without minimal brain power, but i will always push back on any developer that uses base64 for any form of encryption or obfuscation of data as its an encoding standing that can easily be reversed.
🆗 (y)
 
Д

Дима (gift)

All valid points of which none are really standardized, very much up to the preference of the developer, however i was focusing specifically on the windows version.

On the point of symbols - Obviously really helpful for debugging, but as this is written in C# which itself compiled to IL, all you need is some basic knowledge of the .net eco system and more important can read IL, then you have access to a very rough version of code - Being able to write is ASM and emit is also a bonus :), also being a member of the Ruby on Rails project where we wrote our own IL interpreter has massively helped me here.

Again I am an edge case, I have the skills and capability to do this kind of thing without minimal brain power, but i will always push back on any developer that uses base64 for any form of encryption or obfuscation of data as its an encoding standing that can easily be reversed.
Do you can to change data of accounts?
 
Top Bottom