🚧 Method 1: Professional and Organized
• Very hard and needs deep analysis of the game’s data and behavior
• You need to understand how the protection system actually works inside
• Takes a long time and requires strong skills in reverse engineering and memory analysis
• Usually needs a full team (analysis, tools, testing, etc.)
• It’s more expensive and needs organized, structured work
• But the results are super accurate and solid — often survive even after game updates
⸻
🚧 Method 2: Random or Trial-and-Error
• Relies on basic or surface-level analysis, like tracking game strings or simple functions
• You just try things directly, without really knowing how the whole system works
• Sometimes it’s based on exploiting a small bug or temporary glitch
• You can do it solo, without needing a team or advanced tools
• Cheap and easy to start
• But results are often temporary — a small update might break everything
• It’s not reliable, and you might waste a lot of time with nothing to show
⸻
Sumup:
Both methods have their place. If you want something strong and long-lasting, go for the professional route - even if it’s harder. But if you’re just testing or learning, the random method is a good start… just don’t expect it to last forever.
• Very hard and needs deep analysis of the game’s data and behavior
• You need to understand how the protection system actually works inside
• Takes a long time and requires strong skills in reverse engineering and memory analysis
• Usually needs a full team (analysis, tools, testing, etc.)
• It’s more expensive and needs organized, structured work
• But the results are super accurate and solid — often survive even after game updates
⸻
🚧 Method 2: Random or Trial-and-Error
• Relies on basic or surface-level analysis, like tracking game strings or simple functions
• You just try things directly, without really knowing how the whole system works
• Sometimes it’s based on exploiting a small bug or temporary glitch
• You can do it solo, without needing a team or advanced tools
• Cheap and easy to start
• But results are often temporary — a small update might break everything
• It’s not reliable, and you might waste a lot of time with nothing to show
⸻
Sumup:
Both methods have their place. If you want something strong and long-lasting, go for the professional route - even if it’s harder. But if you’re just testing or learning, the random method is a good start… just don’t expect it to last forever.
⭕️If you beginner don’t read it.
To start with bypass my own game BubgBattle :
1- bypass cracked version because of iOS resigning.
2- hide your injected framework.
3- hide your objc classes. Or obfuscate it with junk names.
And wen goes in real dylib strip your dylib symbols
4- hide your hook method. (For example : if you using pre-hook method hide new section like __Hook__TEXT etc. if you use other also hide based on what you use.
📟📟📟📟
Generate new empty framework for testing.
Test each step on real game. ( make other friend reports on you for fast results)
If pass for several games move to next step 1 to 4
If you pass it successfully. You almost do it all. Next i will explain the rest.
Use your brain and AI.
If you’re in JB you will f*k all easy.
* The step above not easy for beginners at all. If you’re go learn basics.
* if you are Angos player who play with AnoSDK.. cases that not for you. Yes your method may work but not sold as point above. Why ? Caz its solve issue for its roots
To start with bypass my own game BubgBattle :
1- bypass cracked version because of iOS resigning.
2- hide your injected framework.
3- hide your objc classes. Or obfuscate it with junk names.
And wen goes in real dylib strip your dylib symbols
4- hide your hook method. (For example : if you using pre-hook method hide new section like __Hook__TEXT etc. if you use other also hide based on what you use.
📟📟📟📟
Generate new empty framework for testing.
Test each step on real game. ( make other friend reports on you for fast results)
If pass for several games move to next step 1 to 4
If you pass it successfully. You almost do it all. Next i will explain the rest.
Use your brain and AI.
If you’re in JB you will f*k all easy.
* The step above not easy for beginners at all. If you’re go learn basics.
* if you are Angos player who play with AnoSDK.. cases that not for you. Yes your method may work but not sold as point above. Why ? Caz its solve issue for its roots
❤1
Hey note that :
If you Hooking using fish hook
If you Hooking using fish hook
_dyld_image_count and _dyld_get_image_name to hide your injection , they may still detect you with Kernel level to validate dyld 😂. I haven’t checked that with PG but i have seen it in critical app 💰My experiment 📟
Game Crash with JB ?Why?
JB Type: unc0ver
iOS Version : 13.3
When run game after 10s crash
Start searching…
Found when stopped AnoSDK..info its work good , but later will get 10m ban caz of data not send.
🚧 So we know it’s about player device info such fingerprints or jailbreak..
Later found its ok if you play with clean device with jailbreak .. ‼️
So they not block jailbreak itself but some tweaks not allowed , and sometimes collecting device fingerprints in somehow get crash of it . And sometimes JB will not allowed at all. So no stable rule 😂.
Then tried to clean device from all tweaks and not work ..
someone found the function on Angos that make crash . Then I patched it but in game ban 10y caz of integrity check ..
The solution:
1- Install Kernbypass (with its cmd’s) and activate on target app.
2- install tweak like A-Bypass or Shadow and activate it on target app.
You may face some issues on installing above tweaks.. if you’re interesting: later will shows all installations solutions here.
Game Crash with JB ?Why?
JB Type: unc0ver
iOS Version : 13.3
When run game after 10s crash
Start searching…
Found when stopped AnoSDK..info its work good , but later will get 10m ban caz of data not send.
🚧 So we know it’s about player device info such fingerprints or jailbreak..
Later found its ok if you play with clean device with jailbreak .. ‼️
So they not block jailbreak itself but some tweaks not allowed , and sometimes collecting device fingerprints in somehow get crash of it . And sometimes JB will not allowed at all. So no stable rule 😂.
Then tried to clean device from all tweaks and not work ..
someone found the function on Angos that make crash . Then I patched it but in game ban 10y caz of integrity check ..
The solution:
1- Install Kernbypass (with its cmd’s) and activate on target app.
2- install tweak like A-Bypass or Shadow and activate it on target app.
You may face some issues on installing above tweaks.. if you’re interesting: later will shows all installations solutions here.
❤1👍1
KernBypass install in IOS
after install the copy of KernBypass
from Terminal in IPhone or through ssh using Mac
**after command (changerootfs & ) you must see last line is like :
if not make new dir
then repeat bash command above (changerootfs & then disown %1 )
NOTE 🚨:
install all your tweaks before install Kernbypass caz after it you can not add any tweaks. why ? long answer just do it .
https://www.youtube.com/watch?v=PxJK0421bLo&ab_channel=ThomasJadallah
after install the copy of KernBypass
from Terminal in IPhone or through ssh using Mac
# bash command
# Unofficial (ichitaso) build (iOS 13–14):
su
preparerootfs
changerootfs &
disown %1
# Official (akusio) build (iOS 12–13):
su
changerootfs &
disown %1
**after command (changerootfs & ) you must see last line is like :
start changerootfs
if not make new dir
mkdir -p /var/MobileSoftwareUpdate/mnt1
then repeat bash command above (changerootfs & then disown %1 )
NOTE 🚨:
install all your tweaks before install Kernbypass caz after it you can not add any tweaks. why ? long answer just do it .
https://www.youtube.com/watch?v=PxJK0421bLo&ab_channel=ThomasJadallah
YouTube
How to Easily BYPASS JAILBREAK DETECTION on iOS 13 on Unc0ver or Checkra1n
Hey everyone, today we'll discuss two easy ways to bypass jailbreak detection in apps on iOS 13 or 13.5 on the Checra1n or Unc0ver jailbreak. This jailbreak bypass works on most apps, including banking apps, TV apps, food apps, and more.
The first method…
The first method…
❤4
VNG 3.9 :
GNameFun: 0x1048f04e0
GNameData: 0x10a0ee830
GWorldFun: 0x102a08940
GWorldData: 0x10a791ae0
LineOfsight: 0x105f195a4
ActorDecr: 0x10607d3fc
GUObject: 0x10a57b6c8
//by @saudgl
//shared from @bubg_dev
❤5
ARMP_PUBGM_(v3.9.0)_IOS_FIX.zip
4.5 MB
by @D_V_4
shaed from @Bubg_dev
VNG 3.9
GUObject 0x10A57B6C8
gname_func 0x1048F04E0
gname_data 0x10A0EE830
gworld func 0x102A08940
gworld data 0x10A791AE0
TW 3.9
GUObject 0x10A860F48
gname_func 0x104B244E0
gname_data 0x10A3D3E40
gworld func 0x102C3C940
gworld data 0x10AA77360
KR 3.9
GUObject 0x10A887048
gname func 0x104B4D444
gname data 0x10A3F9F40
gworld func 0x102C65634
gworld data 0x10AA9D460
GL 3.9
GUObject 0x10A6A4CC8
gname_func 0x1049A3510
gname_data 0x10A217E50
gworld func 0x102ABB970
gworld data 0x10A8BB0E0
by @Doaodmmc
shared from @Bubg_dev
👍1
3.9
LineOfSightTo offset : 0x7a0
Yaw : 0x880
Roll: 0x888
Pitch: 0x878
❤2
GL 3.9
GNameFun: 0x1049A3510
GNameData: 0x10A217E50
GWorldFun: 0x1029d1558
GWorldData: 0x10a8bb0e0
LineOfsight: 0x105fcc5d4
GUObject: 0x10a6a4cc8
ActorDecr: 0x10613042c
by @saudgl
shared from @Bubg_dev
//GL 3.9
if([bundleIdentifier isEqualToString:@"com.ten…in"]) { ///UP GL 3.9.0 make sure from bundle name
kUWorld = "0x10681620C";
kGNames = "0x1049A3510";
hookHUD = "0x1087B1958";
kGetHUD = "0x10339B304";
kDrawText = "0x1064A9628";
kDrawLine = "0x1060C8988";
kDrawRectFilled = "0x1060C88F8";
kDrawCircleFilled = "0x1064A9A94";
kEngine = "0x10A8B9EE";
kLineOfSight_1 = "0x1049A3C04";
kLineOfSight_2 = "0x10A8A2250";
kLineOfSight_3 = "0x105F1793C";
kLineOfSight_4 = "0x105F17A4C";
kLineOfSight_5 = "0x105F226CC";
kBonePos = "0x1030FE934";
kProjectWorldLocationToScreen= "0x1060732B0";
//GUObjectArray 0x10A6A4CC8
}
By a group member
Sahred from @bupg_dev
❤3
ActorDecr Addresses For P—G V3.9:
// GL:
ActorDecr: 0x10613042C
// KR:
ActorDecr: 0x1062DA8F4
// VN:
ActorDecr: 0x10607D3FC
// TW:
ActorDecr: 0x1062B13FC
//by @OOOQG
//shared from @Bubg_dev
🤣11❤7🫡3🆒2
For jailbreak users if you install Frida, Game will crash , even with the Hide jb tools will be detected
flags Frida detected .
to solve it try hook like :
OR:
Create an anchor file, e.g. /etc/pf.anchors/fridablock with:
"block in quick on lo0 proto tcp from any to any port { 27042, 27043 }"
then Edit /etc/pf.conf and add at the end:
anchor "fridablock"
load anchor "fridablock" from "/etc/pf.anchors/fridablock"
then Reload pf:
pfctl -f /etc/pf.conf
pfctl -e
OR:
use Kernbypass
flags Frida detected .
to solve it try hook like :
static int (*orig_connect)(int, const struct sockaddr*, socklen_t);
// our replacement
static int my_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) {
if (addr->sa_family == AF_INET && addrlen >= sizeof(struct sockaddr_in)) {
const struct sockaddr_in *in4 = (const void*)addr;
uint16_t port = ntohs(in4->sin_port);
if (in4->sin_addr.s_addr == inet_addr("127.0.0.1")
&& (port == 27042 || port == 27043)) {
// pretend there's no server
errno = ECONNREFUSED;
return -1;
}
}
// otherwise, do the real connect
return orig_connect(sockfd, addr, addrlen);
} // then use any hook it using method like dobby or substrate, etc ..
OR:
Create an anchor file, e.g. /etc/pf.anchors/fridablock with:
"block in quick on lo0 proto tcp from any to any port { 27042, 27043 }"
then Edit /etc/pf.conf and add at the end:
anchor "fridablock"
load anchor "fridablock" from "/etc/pf.anchors/fridablock"
then Reload pf:
pfctl -f /etc/pf.conf
pfctl -e
OR:
use Kernbypass
❤2
I dev easy way to hook with dobby in rootfull-jailbreak . look at and read instractions : https://github.com/saudgl/BaseGetter-with-Dobby-iOS-hook
GitHub
GitHub - saudgl/BaseGetter-with-Dobby-iOS-hook: iOS Hook
iOS Hook . Contribute to saudgl/BaseGetter-with-Dobby-iOS-hook development by creating an account on GitHub.
❤2
dumps_all_Frameworks_bubg39_GL.zip
1 MB
💀 Here the all classes dump for ALL Frameworks . enjoy 🥰, if you ask is all Frameworks important ? yes its!! but not all.
Include: ShadowTr.. and Anogs
Include: ShadowTr.. and Anogs
❤1
HideGL1.dylib
166.5 KB
I dev this tweak based on users requests
"HideGL1" is a tweak designed to conceal jailbreak detection and resolve intentional crashes caused by Games if they detect you using like Frida GamePlayer , GameMaster, GameMasterPlus , GameGemiOS , iGameGuardian .
It complements other jailbreak-hiding tweaks such as Shadow and iHide by covering detection vectors they may miss. Using "HideGL1" alongside these tools can provide comprehensive jailbreak concealment for games. by @saudgl @Bubg_dev
"HideGL1" is a tweak designed to conceal jailbreak detection and resolve intentional crashes caused by Games if they detect you using like Frida GamePlayer , GameMaster, GameMasterPlus , GameGemiOS , iGameGuardian .
It complements other jailbreak-hiding tweaks such as Shadow and iHide by covering detection vectors they may miss. Using "HideGL1" alongside these tools can provide comprehensive jailbreak concealment for games. by @saudgl @Bubg_dev
❤5
use this to run app on xcode like run game in xcode to trace it live debug
if you face domain error : XCode -> File -> Project setting -> Advanced -> legacy
how is work ? rename you IPA file to app.ipa the put on "IPAPatch/Assets/app.ipa" then enjoy
https://github.com/saudgl/IPAPatch-saudgl
if you face domain error : XCode -> File -> Project setting -> Advanced -> legacy
how is work ? rename you IPA file to app.ipa the put on "IPAPatch/Assets/app.ipa" then enjoy
https://github.com/saudgl/IPAPatch-saudgl
GitHub
GitHub - saudgl/IPAPatch-saudgl: Patch iOS Apps, The Easy Way, Without Jailbreak.
Patch iOS Apps, The Easy Way, Without Jailbreak. Contribute to saudgl/IPAPatch-saudgl development by creating an account on GitHub.
PB 4 GL = Global
GName Fun : 0x104ab914c
GName Data : 0x10a3ed0e0
GWorld Fun : 0x102a3a7f8
GWorld Data : 0x10aa91290
GUObject : 0x10a87ac70
LineOfsight : 0x1060e7b8c
ActorDecr: 0x10624b5ac
By @saudgl
@Bubg_dev
🔥1