Bubg SDK KR 2.9
credit to @diskmount

Bubg BGM”I 2.8 IOS
GWorldFun : 0x102050A28
GWorldData: 0x108409728
GNameFun: 0x1039D9AF8
GNameData: 0x10804C670
LineOfSightTo: 0x104A07944

Bubg GL 2.9 IOS
GWorldFun : 0x1027FA95C
GWorldData: 0x109186308
GNameFun: 0x10426AE84
GNameData: 0x108DC5DD0
LineOfSightTo: 0x1052A40B8

Bubg TW 2.9 IOS
GWorldFun : 0x102992CF0
GWorldData: 0x10935E308
GNameFun: 0x104403218
GNameData: 0x108F9DAD0
LineOfSightTo: 0x10543C418

Bupg KR 2.9 IOS
GWorldFun : 0x1029949B0
GWorldData: 0x10935E308
GNameFun: 0x104404ED8
GNameData: 0x108F9DAD0
LineOfSightTo: 0x10543E0D8

Bupg VNG 2.9 IOS
GWorldFun : 0x10275E6B0
GWorldData: 0x109078388
GNameFun: 0x1041CEBD8
GNameData: 0x108CB7E50
LineOfSightTo: 0x105207E0C

@pubg_dev


CREDIT @RSDMODS.

Bubg 2.9 Global SDK . enjoy coding
https://github.com/saudgl/Pubg-2.9-IOS-SDK-GL

about windows game cheating methods good start for who works on windows


https://is.muni.cz/th/qe1y3/bk.pdf

Many people ask me how to solve the problem of Arabic names for the player's name are reversed because they start from the right and not from the left, this is a condition to use Objective-C to distinguish and take the appropriate action if they are Arabic letters, and there are many ways to reverse the letters if the condition is achieved and I prefer the way FarsiType

#import <Foundation/Foundation.h>

BOOL hasArabicLetters(NSString *str) {
    NSCharacterSet *arabicCharacterSet = [NSCharacterSet characterSetWithCharactersInString:@"\u0600-\u06FF\u0750-\u077F\u08A0-\u08FF"]; // Arabic letter range

    NSRange range = [str rangeOfCharacterFromSet:arabicCharacterSet options:NSLiteralSearch];

    return (range.location != NSNotFound);
}

NSString *playerName = player.name;

if (hasArabicLetters(playerName)) {
// If it contains Arabic letters

// Take appropriate action

} else {
// If it does not contain Arabic letters

// Take appropriate action
}

Best regards @OOOQG

Shadow 2.9 GL for Objective-C.

I wrote a report about How Pubg anti cheat work in general for all platforms.

And what advantages of using jailbreak device for cheating and what challenges for games developers

target: advance developers


Debugger Detection:
Debugger detection involves identifying whether a debugger is attached to the game process. This can be done by checking for debugger-specific flags or by using system calls to detect the presence of a debugger. For example, in C++, you can use the IsDebuggerPresent function to check for the presence of a debugger.

Signature-Based Detection of Known Cheats:
This method involves scanning the game's memory for known cheat signatures. These signatures are specific patterns or sequences of bytes that are associated with known cheating software. This can be implemented using pattern scanning techniques in C++.

Open Game Process Handles:
Anti-cheat systems may monitor and restrict the opening of game process handles by unauthorized applications. This can be achieved by hooking system calls like OpenProcess and checking for unauthorized access.

Detection of Manually Mapped Modules:
This involves detecting executable pages in memory that are not backed by an image on disk. It can be done by enumerating the loaded modules and checking for discrepancies between the modules in memory and the modules on disk.

Process Handle Creation Blocked:
The anti-cheat system can block the creation of new process handles by unauthorized applications by hooking system calls like CreateProcess.

Overlays Detection:
Detecting overlays involves identifying third-party applications that draw over the game's window. This can be achieved by monitoring the window hierarchy and detecting unauthorized overlays.

Steam Overlay Hooks and Hacks:
This involves detecting any hooks or modifications made by the Steam overlay process to the game process. This can be done by monitoring system calls and memory modifications.

Game Files Integrity Checks:
This method involves verifying the integrity of game files by calculating checksums or hashes of the game files and comparing them against known good values.

TCP Connections to Cheat Sites:
The anti-cheat system can monitor network traffic and block connections to known cheat sites by inspecting TCP packets.

Module Name and Timestamp Blacklist:
This involves maintaining a blacklist of module names and timestamps to detect unauthorized modules loaded into the game process.

Certificate Blacklist:
The anti-cheat system can maintain a blacklist of unauthorized digital certificates to prevent unauthorized code from running.

Driver Blacklist:
This involves maintaining a blacklist of unauthorized drivers to prevent them from interacting with the game process.

Stack Walking / Ret Check:
Stack walking involves inspecting the call stack to detect unauthorized code execution. This can be done using stack walking techniques in C++.

Single Stepping to Detect Code Outside of Usermode Memory Range:
This method involves single-stepping through the game process to detect code execution outside of the user-mode memory range, which could indicate cheating behavior.

Hypervisor Detection:
Hypervisor detection involves identifying whether the game process is running within a virtualized environment. This can be done using system calls and hardware-based checks.

How Anti-Cheat Protects Itself:

Virtualization:
The anti-cheat system can use virtualization techniques to protect itself from being tampered with or bypassed by cheating software.

Streams Shellcode into Memory:
The anti-cheat system may stream its own shellcode into memory at runtime, making it difficult for cheaters to analyze or modify the code.

Integrity Checks on Modules & Shellcode:
The anti-cheat system can perform integrity checks on its own modules and shellcode to detect tampering or modifications.

Encrypted Traffic with Game Server:
The anti-cheat system can encrypt its communication with a backend server to protect sensitive data and prevent tampering.

Encrypted Named Pipe Communication:

Named pipe communication between anti-cheat components can be encrypted to prevent eavesdropping or tampering.

❇️❇️❇️❇️❇️❇️❇️
Regarding iOS Limitations for Game Anti-Cheat Developers and cheaters advantages :

In iOS, jailbroken devices pose a challenge for game anti-cheat developers. Jailbroken devices allow users to gain root access and bypass certain security measures, potentially giving them an advantage in cheating. Anti-cheat developers face limitations in detecting and preventing cheating on jailbroken devices due to the increased control users have over the device's operating system and processes.

Developers may encounter challenges such as:

1. Limited access to low-level system functions: Jailbroken devices may allow users to access low-level system functions that are typically restricted on non-jailbroken devices, making it difficult for anti-cheat systems to enforce security measures effectively.

2. Bypassing security restrictions: Jailbroken devices may allow users to bypass security restrictions imposed by the iOS operating system, making it challenging for anti-cheat systems to prevent cheating behavior effectively.

3. Tampering with game files and memory: Users on jailbroken devices may have increased capabilities to tamper with game files and manipulate memory, making it more difficult for anti-cheat systems to detect and prevent cheating.

4. Evasion of detection techniques: Jailbroken devices may enable users to evade detection techniques used by anti-cheat systems, such as debugger detection, process monitoring, and integrity checks.

5. Limited control over device environment: Anti-cheat developers may have limited control over the device environment on jailbroken devices, which can impact their ability to enforce security measures effectively.

In conclusion, while anti-cheat developers strive to implement robust security measures, jailbroken iOS devices present challenges in detecting and preventing cheating behavior. Developers need to consider these limitations and explore alternative methods to protect fair gameplay on both jailbroken and non-jailbroken devices.

However, Here are some additional details on specific techniques and challenges related to anti-cheat development for iOS games:

1. Code Obfuscation:
Anti-cheat developers can use code obfuscation techniques to make it more difficult for cheaters to reverse-engineer and tamper with the anti-cheat system. This involves transforming the code into a more complex and convoluted form, making it challenging for cheaters to understand and modify.

2. Root Detection:
Detecting whether a device is jailbroken (rooted) is an essential part of anti-cheat measures on iOS. Anti-cheat systems can employ various methods to check for signs of a jailbroken device, such as inspecting system files, checking for the presence of known jailbreak tools, or examining system configurations that are typically modified on jailbroken devices.

3. Memory Integrity Checks:
Implementing memory integrity checks within the game's code can help detect unauthorized modifications to the game's memory, such as altering player stats or manipulating game mechanics. These checks can be challenging to implement effectively on jailbroken devices due to the increased access to memory and system processes.

4. Kernel-Level Protection:
To counteract the elevated privileges granted by jailbreaking, anti-cheat developers may explore techniques to protect their systems at the kernel level. This involves implementing security measures that operate at a lower level of the operating system to prevent unauthorized access and tampering.

5. Dynamic Code Generation Detection:
Some cheating techniques involve dynamically generating code at runtime to manipulate the game's behavior. Anti-cheat systems can employ mechanisms to detect and prevent such dynamic code generation, but this becomes more challenging on jailbroken devices where users have greater freedom to execute custom code.

6. Behavioral Analysis:

Analyzing player behavior and in-game interactions can be an effective method for identifying suspicious activities that may indicate cheating. However, implementing robust behavioral analysis on iOS games, especially on jailbroken devices, requires careful consideration of the limitations imposed by the operating system and user privileges.

7. Collaboration with Apple:
Anti-cheat developers may benefit from collaborating with Apple to leverage platform-specific security features and gain insights into upcoming security enhancements. Engaging with Apple's developer community and security teams can provide valuable guidance on best practices for securing games against cheating on iOS.

Challenges in Jailbreak Detection:
Detecting jailbroken devices presents challenges due to the ever-evolving nature of jailbreak methods and the cat-and-mouse game between jailbreak developers and security measures. Anti-cheat developers must continuously adapt their detection techniques to keep up with new jailbreak releases and evasion tactics employed by users.

In summary, developing effective anti-cheat measures for iOS games, particularly in the context of jailbroken devices, requires a multi-faceted approach that encompasses code protection, system integrity checks, and collaboration with platform providers. By understanding the specific challenges posed by jailbroken environments and leveraging a combination of detection and prevention techniques, anti-cheat developers can work towards maintaining fair gameplay experiences for all players.

writer:
@saudgl
@pubg_dev
https://t.me/pubg_dev

jailbreak detection on ShadowTracker 2.9 global

1- cydia detection yUuAfYntKrDvfFif::LqGalzuUztanpVWC: 0x1011191f4
2- set data is Jalbroken: 0x105be7c64 ( encrypted string)
3- CSDevice::isJailBreak bool : 0x1001626c4
4- CSDevice::isJailbroken bool : 0x100162638 (MobileSubstrate)
----
jailbrek detecion on flutter.qapm framework

1- bool JailbreakDetection::isJailbroken : 0x0000800c
2- FlutterQAPMPlugin::isJailBroken:result :0x00007da4
----
jailbreak alert - Anogs framework : 0x0001cf7c

by @saudgl

Bubg VNG 3.0

GWorldFun :    0x10273B9FC
GWorldData:    0x1091A67B8
GNameFun:      0x104252D04
GNameData:     0x108DF6A30
LineOfSightTo: 0x1052C0228
//credit to @RSDMODS

Bubg VNG 3.0
I think its works for all versions

credit to @dev_hackpubgmios

Bubg VNG 3.0 IOS
GWorldFun : 0x10273B9FC
GWorldData: 0x1091A67B8
GNameFun: 0x104252D04
GNameData: 0x108DF6A30
LineOfSightTo: 0x1052C0228

Pubg KR 3.0 IOS
GWorldFun : 0x102953B7C
GWorldData: 0x109456EB8
GNameFun: 0x10446AE84
GNameData: 0x1090A6EE0
LineOfSightTo: 0x1054D8374

PUBG TW 3.0 IOS
GWorldFun : 0x10296F9BC
GWorldData: 0x10948C638
GNameFun: 0x104486CC4
GNameData: 0x1090DC630
LineOfSightTo: 0x1054F41B4

CREDIT - @RSDMODS

Bubg GL 3.0 IOS
GWorldFun : 0x1027D7C50
GWorldData: 0x1092B4738
GNameFun: 0x1042EEF58
GNameData: 0x108F049B0
LineOfSightTo: 0x10535C47C

CREDIT - @RSDMODS

Pubg sdk 3.0 GL
https://github.com/saudgl/Pubg-3.0-IOS-SDK
By @saudgl

A new threat to the security of your device (TrollStore).

—

The other day, the EntySec developer presented SeaShell Framework with open source. Internet users have already called the project “Malware” for TrollStore.

SeaShell Framework is an iOS post-operation platform that allows you to remotely access, manage and retrieve sensitive information.

All an attacker needs to do is generate an IPA file and start a TCP listener.

The capabilities of SeaShell are very large:

• Camera on

• Launching applications

• Access to contacts and sms

• Access to all files in the system

• etc.

Conclusion: This development and the ease of its installation jeopardize millions of devices from iOS 14.0 to 17.0 (inclusive), especially TrollStore users.

—

How to protect yourself from attack?

1. Unzip the IPA file(s) you are going to install.

2. Check the application(s) for suspicious executable files (H: SeaShell Framework adds an executable file called musssel to its application package).

3. Open Info.plist and find suspicious records (H: SeaShell adds CFBundleBase64Hash to your Info.plist, it contains a pair of hosts <host>:<port> encoded with base64).

4. Check the hash sum of the file(s) to confirm its integrity.

Source: EntySec | GitHub
by @jailbreaked

for who don't know UE
to update your esp
long time ago I developed header I think already comes with most of projects. I set all offsets in one .h file

in front on each offset there are text coped from sdk

all you need copy the text and search for it the sdk file and take its offset

in case there many results I set the structure name beside the text
structure name *if not set that mean its same as previous one or is unique search results

for example:

long mesh = 0x458;//*struct ACharacter : APawn {
    //struct USkeletalMeshComponent* Mesh; // Offset: 0x458 // Size: 0x08
    

the offset located under :
ACharacter : APawn

in line:

USkeletalMeshComponent* Mesh; // Offset: 0x458 // Size: 0x08
  
so its 0x458

If you would to do it your self read
UE4.27

https://docs.unrealengine.com/4.27/en-US/

Function Caller :
Sometimes you need to know who the caller of function when hooking

In Objective-C, you can use the NSLog function to print the caller's address or name. Here's an example of how to do this:

- (void)someMethod {
    NSLog(@"Caller address: %p", __builtin_return_address(0));
}

This will print the address of the calling function. If you want to print the name of the calling function, you can use the __PRETTY_FUNCTION__ macro:

- (void)someMethod {
    NSLog(@"Caller name: %s", __PRETTY_FUNCTION__);
}

In C++, you can use similar techniques to print the caller's address or name:

void someFunction() {
    std::cout << "Caller address: " << __builtin_return_address(0) << std::endl;
}


void someFunction() {
    std::cout << "Caller name: " <<

 PRETTY_FUNCTION 

<< std::endl;
}

Keep in mind that getting the name of the calling function is not always straightforward, and it may not be possible in all cases.

for more examples:
*this not ARM
https://hdevstudy.tistory.com/m/150

Bubg GL 3.0 kill msg
0x1076BD1D0

working and tested