📜 Disclaimer

The content shared in this channel is strictly for educational and research purposes only. We do not promote, condone, or encourage any form of illegal activity, including but not limited to game hacking, cheating, or exploiting software vulnerabilities.

Our discussions, tutorials, and materials are intended to foster learning about reverse engineering concepts, software security, and ethical research. The knowledge provided here is meant to help individuals understand and improve software security, not to harm or disrupt any application, service, or platform.

Key Points:
1. Educational Intent Only:
All content is created for the sole purpose of educating security researchers and enthusiasts about reverse engineering techniques.
2. No Targeting of Specific Games or Software:
We do not endorse or support activities targeting any specific game, software, or application.
3. No Malicious Use:
Any misuse of the information provided for malicious purposes is strictly prohibited. We take no responsibility for how individuals apply the knowledge gained from this channel.
4. Compliance with Laws:
By accessing this channel, you agree to comply with all applicable laws and regulations related to software use, modification, and security research.
5. No Affiliation:
We are not affiliated with any game developer, publisher, or software company. All trademarks, logos, and intellectual property discussed here belong to their respective owners.
6. Telegram Policy Compliance:
We respect Telegram’s Terms of Service and policies. Any content found to be in violation will be removed immediately.

⚠️ Responsibility:
The channel administrators are not responsible for the actions of members. Each individual is solely responsible for their actions and any consequences thereof.

BUBG 3.7.0 SDK ! 🤍

Zip Pass : @D_V_4


by @D_V_4
shared from: @pubg_dev

BG*MI 3.7

gobject 0x10985C820
gname_func 0x10415D130
gname_data 0x1093D9760
gworld func 0x101B822F4
gworld data 0x10972DBA0
/------------------------------//
//By imgui + Synzo
//shared from @pubg_dev

here c app use it to decrypt string related to : 00132ac0 in Anogs . see all realted str to the offset 00132ac0 and decrypte it .

here 001b327c also the checking of header like __DATA __TEXT to check integrity its will help in crack ban . read it and go deep inside it . also you can edit data section if you fix it with out crash . im not saying only this check , yes there lua and other for sure i have not seen it but sure

if you like to use python script use this :

#to decrypt str of Anogs related to 132ac0 GL 3.7
encrypted = b"7tqz7|at|"
decrypted = bytes([c ^ 0x18 for c in encrypted])
print(decrypted.decode())  
#dev by @saudgl

Pubg Offset 3.8 All Version

SelfOffset offset: 0x2718
MouseOffset offset: 0x468
CameraManagerOffset offset: 0x4d0
AngleOffset offset: 0x4d8
PovOffset offset: 0x1030
StatusOffset offset: 0xfa0
TeamOffset offset: 0x928
NameOffset offset: 0x8f0
RobotOffset offset: 0x9d7
HpOffset offset: 0xdb0
HpMaxOffset offset: 0xdb4
MeshOffset offset: 0x498
HumanOffset offset: 0x1d8
BonesOffset offset: 0x878
isDaed offset: 0xdcc
OpenFireOffset offset: 0x16d0
OpenTheSightOffset offset: 0x1069
WeaponOneOffset offset: 0x2928
ShootModeOffset offset: 0xfd8
WeaponAttrOffset offset: 0x11a0
BulletSpeedOffset offset: 0x4c0
RecoilOffset offset: 0xbf8
GoodsListOffset offset: 0x8a0
CoordOffset offset: 0x1b0

LineOfSightTo offset: 0x788
Yaw offset: 0x868
Roll offset: 0x870
Pitch offset: 0x860

//By EEXKX
//shared from @Bubg_dev

BUBG 3.8.0 SDK ! 🤍

Zip Pass : @D_V_4
by D_V_4
shared from: @pubg_dev

BGMI 3.8

GUObject: 0x109a29ba8
GName Function: 0x104256e0c
GName Data: 0x1095a5b90
GWorld Function: 0x10247042c
GWorld Data: 0x109c3fe60
//shared from @Bubg_dev
By @saudgl

When resign app how they detected ? Also if injected .

1. On-Device (App-Side)
• NSBundle.mainBundle.codesignature vs. stored/original:
• Validate entitlements, team ID, provisioning profile presence, etc.
• Detect MobileProvision:
• Should not exist in App Store builds. Presence = resigned.
• Check DYLD_INSERT_LIBRARIES:
• Should be empty or undefined. Else: possible injection (e.g., Frida).
• Mach-O Segment Inspection:
• Ensure __TEXT, __LINKEDIT not patched (manual or via checksum).
• Jailbreak Paths:
• /bin/bash, /Applications/Cydia.app, /Library/MobileSubstrate/, etc.

⸻

2. Server-Side Fingerprints
• App Binary Hash:
• When app launches, compute a hash (e.g. SHA-256 but PB they use CRC) of the binary and send to server for validation.
• Bundle ID + Team ID:
• Bundle ID spoofing is rare but possible. Team ID is more frequently altered in resigns.
• Device Environment Flags:
• Capture jailbroken status indicators or hooked symbols (e.g., dlopen, ptrace, sysctl tampering).

Injection Detection Checklist (iOS Runtime)


“Scan loaded dylibs, check symbols, detect Frida/Substrate, and validate segment protections.”


1. DYLD & Image Inspection
• DYLD_INSERT_LIBRARIES env var ≠ nil
• Sign of Frida or dylib injection.
• Loop over dyld_image_count() → dyld_get_image_name()
• Flag anything outside system paths: /System/Library/, /usr/lib/
• Examples to detect:
• /Library/MobileSubstrate/
• /usr/lib/frida/
• /var/containers/Bundle/ (non-App Store bundle)
• Compare loaded image names against whitelist or hash known-good list.

2. Symbol Hooking Detection
• Use dladdr() or dlsym() to get symbol addresses:
• Compare runtime address of critical functions (e.g. malloc, objc_msgSend) with expected location.
• Detect symbol redirection:
• Check if objc_msgSend, UIApplicationMain, or mach_vm_write have been hooked (Frida/Substrate).

3. Segment/Page Protections
• Use vm_region() or mprotect() to scan pages:
• Look for writable and executable pages (RWX) → sign of shellcode/injection.
• Check Mach-O segments:
• __TEXT, __LINKEDIT, __DATA should match original protections and sizes.
• Unusual segments or entitlements may indicate injected frameworks.

4. Frida Detection (Known Methods)
• Look for Frida server port (default: 27042, 27043):
• Try connect() to localhost:27042.
• Scan loaded symbols for:
• frida-agent, gum-js-loop, Interceptor, etc.
• Scan memory or loaded images for “Frida” string.

5. Substrate / Tweak Detection
• Check for Substrate dylibs:
• /Library/MobileSubstrate/MobileSubstrate.dylib
• Or scan for known tweak dylibs (.dylib in /Library/ or /var/)
• Use objc_getClassList() to look for suspicious classes:
• Tweak classes often follow patterns like Tweak_, Sub_, Frida_.

6. Jailbreak or Toolkits (as injection enablers)
• Cydia.app path
• apt, dpkg, bash, /etc/apt
• Sandbox escape detection (write to system paths)

⸻

More Advanced Checks
• Syscall Tampering: Verify behavior of ptrace, sysctl, task_for_pid
• Timing Side-Channels: Detect overhead from hooking
• Checksum of key memory pages at runtime

Today I’m gonna explain in a simple way what “heartbeat” means in iOS games, and how it’s used to detect cheating, hacks, or whatever you wanna call it.

—

What’s a heartbeat?

It’s just signals or pings sent between the game and the server constantly, like every second or so. The point is to make sure the connection is still alive and that the player is playing normally, no messing around.

—

How do heartbeats work?

When you first open the game, the server gives you a token (like a special ID for your session). Then, every few seconds, the game sends a message to the server like, “Hey, I’m still here and the token is fine.”

The server checks that token, and if everything’s cool, you can keep playing.

—

So what happens if you stop the heartbeats?

Let’s take Angos as an example:
• The game sends stuff like launch data and other things to the server to be analyzed — like to catch aim bots or whatever.
• If you stop or block these heartbeats (either by adding something, editing, or blocking the request), here’s what happens:
1. The server waits for the heartbeats for a set amount of time.
2. If nothing comes in, it starts getting suspicious, especially if you’re still moving and playing like normal.
3. It alerts the anti-cheat system, which kills your connection by canceling the token.
4. When the game tries to check the token again, it sees it’s invalid and kicks you out.
5. Now if you did some patching and matched the hash, you just bypassed detection — because you replaced the sketchy data with clean legit data.

Except for that last part, you usually get a short ban (like 10 minutes), assuming it’s just a network hiccup. But if it keeps happening, the ban gets worse — could go all the way to a full-on 10-year ban. At that point, the system sees it as straight-up cheating, not just lag.

—

There’s another trick some players try:

Some people go into the game itself and modify it so:
• It blocks incoming heartbeats from the server.
• The game keeps working like normal, and the server doesn’t realize it’s missing the signals.

Some of you might remember people using fishhook and binding it to a button — that method blocks both directions, send and receive.

What happens? You can play fine with no ban… for a while.

But devs got smarter now.

If the game doesn’t get heartbeats for a certain amount of time, it crashes — either freezes or just kicks you out.

Bottom line:

In that case, some folks go in and patch the crash or exit — and yeah, the hack works. But like I said earlier, it depends on how the patch is done and how tough the game’s protection is.

Note:

Some people use offsets or hooks and patch the crash, but still get hit with a crash later during gameplay. That’s either because the patch was wrong, or it worked but they forgot to stop the crash function — like I said before, you need another patch just to kill that crash process.

—

To wrap it up:
• Heartbeats are super important in any online game — it’s how they track what’s going on.
• If you mess with them the right way, you can get some crazy results.
• But anti-cheats these days watch heartbeats super closely, and if stuff gets weird too often, you’re eating a fat 10-year ban.

I only gave launch data as an example.
Same thing applies to device info, player movement, and more.

Tried to break it down as simple as possible, without fancy words. All based on testing and personal digging. If I missed something, my bad.