to have clear idea :
* direct hook in ios non jailbroken is NOT possible at all like what ask for .
* if you like something work but not powerful as direct hook use H5GG which is pre patch like adding BL instruction like jump then control it with H5GG , and you need to hide your libs that use for it to avoid ban.
* if you are in jailbroken device you can do whatever you like. use MUHook or Hookzz , cydia substrate etc
* dobby on non jailbroken device can be only for function with symbol like (swizzling) : its good for obj-c function , but most antiban method target c and cpp so that not helpful.
there a way to hook but may not work for all function by hooking function table by using write to memory.
For hide any lib you going to use . make sure use( .a )libs to be included to your project
caz anything else will be detected
caz pubg will load all loaded frameworks and compare it with original if different will get ban ,
* direct hook in ios non jailbroken is NOT possible at all like what ask for .
* if you like something work but not powerful as direct hook use H5GG which is pre patch like adding BL instruction like jump then control it with H5GG , and you need to hide your libs that use for it to avoid ban.
* if you are in jailbroken device you can do whatever you like. use MUHook or Hookzz , cydia substrate etc
* dobby on non jailbroken device can be only for function with symbol like (swizzling) : its good for obj-c function , but most antiban method target c and cpp so that not helpful.
there a way to hook but may not work for all function by hooking function table by using write to memory.
For hide any lib you going to use . make sure use( .a )libs to be included to your project
caz anything else will be detected
caz pubg will load all loaded frameworks and compare it with original if different will get ban ,
❤3👍1
To avoid ban for who use external hack basic instruction:
1- hide you hack dylib .
2- when you resign pubg the (.text) size on assembly will change from original where its start and end
so must be hooked and return original start and end.
**big issue: each iphone type have its own .text size end and start so each device type must hooked 💀 or make all devices same version
3- hide drawing when screenshot taken caz they pubg take screenshot and send to server to analysis it.
this will work without aimbot or anything else .
if have aimbot or any must hook shooting behavior data collection, and each function must have its own patch.
for who internal same as before but must bypass screenshot and hud hook detection .
1- hide you hack dylib .
2- when you resign pubg the (.text) size on assembly will change from original where its start and end
so must be hooked and return original start and end.
**big issue: each iphone type have its own .text size end and start so each device type must hooked 💀 or make all devices same version
3- hide drawing when screenshot taken caz they pubg take screenshot and send to server to analysis it.
this will work without aimbot or anything else .
if have aimbot or any must hook shooting behavior data collection, and each function must have its own patch.
for who internal same as before but must bypass screenshot and hud hook detection .
❤1😨1
For antiban : i found game not use just take the ios crc hash , but use their own mthod . when i patch it still caught , i found checksumOfCRC32 function which do the job 0x1000c0be8 , and also lua script do the same!, !what a headach.
❤2
here the class which handle all hash with all its address :
to use it like: IMP=0x00000001000c0be8
use only 1000c0be8
to use it like: IMP=0x00000001000c0be8
use only 1000c0be8
@interface GNLCommonTools : NSObject
{
}
+ (int)_checksumOfCRC32:(id)arg1; // IMP=0x00000001000c0be8
+ (unsigned long long)_baseDecode:(const char *)arg1 srcLen:(unsigned long long)arg2 destBytes:(char *)arg3 destLen:(unsigned long long)arg4 charset:(const char *)arg5 requirePadding:(_Bool)arg6; // IMP=0x00000001000c0a08
+ (id)_baseDecode:(const void *)arg1 length:(unsigned long long)arg2 charset:(const char *)arg3 requirePadding:(_Bool)arg4; // IMP=0x00000001000c092c
+ (unsigned long long)_baseEncode:(const char *)arg1 srcLen:(unsigned long long)arg2 destBytes:(char *)arg3 destLen:(unsigned long long)arg4 charset:(const char *)arg5 padded:(_Bool)arg6; // IMP=0x00000001000c07f4
+ (id)_baseEncode:(const void *)arg1 length:(unsigned long long)arg2 charset:(const char *)arg3 padded:(_Bool)arg4; // IMP=0x00000001000c0718
+ (_Bool)_isGzippedData:(id)arg1; // IMP=0x00000001000c06a0
+ (id)gzipDecompress:(id)arg1; // IMP=0x00000001000c0520
+ (id)gzipCompress:(id)arg1; // IMP=0x00000001000c03ac
+ (id)gzipTailer:(id)arg1; // IMP=0x00000001000c031c
+ (id)gzipHeader; // IMP=0x00000001000c02a4
+ (id)AESDecryptWithKey:(id)arg1 dataLength:(long long)arg2 data:(id)arg3; // IMP=0x00000001000c00d8
+ (id)AESEncryptWithKey:(id)arg1 data:(id)arg2; // IMP=0x00000001000bff34
+ (id)createGUID; // IMP=0x00000001000bfed0
+ (id)sha1:(id)arg1; // IMP=0x00000001000bfda4
+ (id)md5:(id)arg1; // IMP=0x00000001000bfca8
+ (id)base64DecodeData:(id)arg1; // IMP=0x00000001000bfc3c
+ (id)base64EncodeData:(id)arg1; // IMP=0x00000001000bfbd0
+ (id)ungzippedData:(id)arg1; // IMP=0x00000001000bfa50
+ (id)gzippedData:(id)arg1; // IMP=0x00000001000bf8e8
+ (id)urlDecode:(id)arg1 count:(long long)arg2; // IMP=0x00000001000bf7d0
+ (id)urlEncode:(id)arg1 count:(long long)arg2; // IMP=0x00000001000bf650
@end
👍1
Pubg34Gl_Objc_classes.mm
4.4 MB
Here all Obj-c Classes for Shaodw 3.4 GL with address for each
GL-DEV
anogs_34GL_Classes.mm
from here find the :
you can swizzlie by fishook or dobby to bypass the screenshot to avoid screenshot ban
caz all screenshot goes to server side to analysis by AI if there are any not normal overlay draws .
here for swizzlie it , just use it to let you know when screenshot going to be taken then hide your draws then return orginal function . after taht do draw your staff 💀
@interface ScreenShot : NSObject
{
}
- (void)takeScreenShotEx:(id)arg1; // IMP=0x00000000001b2aa8
- (void *)getBufFromImage:(id)arg1; // IMP=0x00000000001b2658
- (id)screenshotOfView:(id)arg1; // IMP=0x00000000001b24f4
- (id)getAppWindowsForScreen:(id)arg1; // IMP=0x00000000001b21f8
@end
you can swizzlie by fishook or dobby to bypass the screenshot to avoid screenshot ban
caz all screenshot goes to server side to analysis by AI if there are any not normal overlay draws .
here for swizzlie it , just use it to let you know when screenshot going to be taken then hide your draws then return orginal function . after taht do draw your staff 💀
GL-DEV
from here find the : @interface ScreenShot : NSObject { } - (void)takeScreenShotEx:(id)arg1; // IMP=0x00000000001b2aa8 - (void *)getBufFromImage:(id)arg1; // IMP=0x00000000001b2658 - (id)screenshotOfView:(id)arg1; // IMP=0x00000000001b24f4 - (id)getApp…
Edited :
and then go to game sdk of shadow but NOT the file above ! :
here you can name it Lua script helper to take screenshot ..
its take screenshot by Lua script then send it to server. to handle it its can NOT be swizzled like above one caz its not objc , so you have to do it with function table using read and right, and be careful here about integrity you (may) cough and get ban, not caz of write on function table method but for integrity check
i thing they do integrity check by read x function table pointer value and compare it with what they have as original pointer
and then go to game sdk of shadow but NOT the file above ! :
// Object Name: Class Client.ScreenshotMaker
// Size: 0x28 // Inherited bytes: 0x28
struct UScreenshotMaker : UObject {
here you can name it Lua script helper to take screenshot ..
its take screenshot by Lua script then send it to server. to handle it its can NOT be swizzled like above one caz its not objc , so you have to do it with function table using read and right, and be careful here about integrity you (may) cough and get ban, not caz of write on function table method but for integrity check
i thing they do integrity check by read x function table pointer value and compare it with what they have as original pointer
❤3
Pubg GL 3.5:
GWorld Fun: 0x1027dbb98
GWorld Data: 0x109c87fb0
GName Fun: 0x104526804
GName Data:0x1098248a0
lineOfSight: 0x1058f35b4
GUobject: 0x109aca290
HUD : 0x103107430
GEngine: 0x109c86db0
CanvasMap: 0x1099016a0
//by @saudgl
//@pubg_dev
❤4🤯3😍3👍1
GName Fun: 0x1046bec8c
GUObject : 0x109ca1910
Pubg KR 3.5
GName Fun: 0x1046e74a4
GUObject : 0x109cc7a10
@Bubg_dev
@saudgl
❤4