KernBypass install in IOS
after install the copy of KernBypass
from Terminal in IPhone or through ssh using Mac
**after command (changerootfs & ) you must see last line is like :
if not make new dir
then repeat bash command above (changerootfs & then disown %1 )
NOTE π¨:
install all your tweaks before install Kernbypass caz after it you can not add any tweaks. why ? long answer just do it .
https://www.youtube.com/watch?v=PxJK0421bLo&ab_channel=ThomasJadallah
after install the copy of KernBypass
from Terminal in IPhone or through ssh using Mac
# bash command
# Unofficial (ichitaso) build (iOS 13β14):
su
preparerootfs
changerootfs &
disown %1
# Official (akusio) build (iOS 12β13):
su
changerootfs &
disown %1
**after command (changerootfs & ) you must see last line is like :
start changerootfs
if not make new dir
mkdir -p /var/MobileSoftwareUpdate/mnt1
then repeat bash command above (changerootfs & then disown %1 )
NOTE π¨:
install all your tweaks before install Kernbypass caz after it you can not add any tweaks. why ? long answer just do it .
https://www.youtube.com/watch?v=PxJK0421bLo&ab_channel=ThomasJadallah
YouTube
How to Easily BYPASS JAILBREAK DETECTION on iOS 13 on Unc0ver or Checkra1n
Hey everyone, today we'll discuss two easy ways to bypass jailbreak detection in apps on iOS 13 or 13.5 on the Checra1n or Unc0ver jailbreak. This jailbreak bypass works on most apps, including banking apps, TV apps, food apps, and more.
The first methodβ¦
The first methodβ¦
β€4
VNG 3.9 :
GNameFun: 0x1048f04e0
GNameData: 0x10a0ee830
GWorldFun: 0x102a08940
GWorldData: 0x10a791ae0
LineOfsight: 0x105f195a4
ActorDecr: 0x10607d3fc
GUObject: 0x10a57b6c8
//by @saudgl
//shared from @bubg_dev
β€5
ARMP_PUBGM_(v3.9.0)_IOS_FIX.zip
4.5 MB
by @D_V_4
shaed from @Bubg_dev
VNG 3.9
GUObject 0x10A57B6C8
gname_func 0x1048F04E0
gname_data 0x10A0EE830
gworld func 0x102A08940
gworld data 0x10A791AE0
TW 3.9
GUObject 0x10A860F48
gname_func 0x104B244E0
gname_data 0x10A3D3E40
gworld func 0x102C3C940
gworld data 0x10AA77360
KR 3.9
GUObject 0x10A887048
gname func 0x104B4D444
gname data 0x10A3F9F40
gworld func 0x102C65634
gworld data 0x10AA9D460
GL 3.9
GUObject 0x10A6A4CC8
gname_func 0x1049A3510
gname_data 0x10A217E50
gworld func 0x102ABB970
gworld data 0x10A8BB0E0
by @Doaodmmc
shared from @Bubg_dev
π1
3.9
LineOfSightTo offset : 0x7a0
Yaw : 0x880
Roll: 0x888
Pitch: 0x878
β€2
GL 3.9
GNameFun: 0x1049A3510
GNameData: 0x10A217E50
GWorldFun: 0x1029d1558
GWorldData: 0x10a8bb0e0
LineOfsight: 0x105fcc5d4
GUObject: 0x10a6a4cc8
ActorDecr: 0x10613042c
by @saudgl
shared from @Bubg_dev
//GL 3.9
if([bundleIdentifier isEqualToString:@"com.tenβ¦in"]) { ///UP GL 3.9.0 make sure from bundle name
kUWorld = "0x10681620C";
kGNames = "0x1049A3510";
hookHUD = "0x1087B1958";
kGetHUD = "0x10339B304";
kDrawText = "0x1064A9628";
kDrawLine = "0x1060C8988";
kDrawRectFilled = "0x1060C88F8";
kDrawCircleFilled = "0x1064A9A94";
kEngine = "0x10A8B9EE";
kLineOfSight_1 = "0x1049A3C04";
kLineOfSight_2 = "0x10A8A2250";
kLineOfSight_3 = "0x105F1793C";
kLineOfSight_4 = "0x105F17A4C";
kLineOfSight_5 = "0x105F226CC";
kBonePos = "0x1030FE934";
kProjectWorldLocationToScreen= "0x1060732B0";
//GUObjectArray 0x10A6A4CC8
}
By a group member
Sahred from @bupg_dev
β€3
ActorDecr Addresses For PβG V3.9:
// GL:
ActorDecr: 0x10613042C
// KR:
ActorDecr: 0x1062DA8F4
// VN:
ActorDecr: 0x10607D3FC
// TW:
ActorDecr: 0x1062B13FC
//by @OOOQG
//shared from @Bubg_dev
π€£11β€7π«‘3π2
For jailbreak users if you install Frida, Game will crash , even with the Hide jb tools will be detected
flags Frida detected .
to solve it try hook like :
OR:
Create an anchor file, e.g. /etc/pf.anchors/fridablock with:
"block in quick on lo0 proto tcp from any to any port { 27042, 27043 }"
then Edit /etc/pf.conf and add at the end:
anchor "fridablock"
load anchor "fridablock" from "/etc/pf.anchors/fridablock"
then Reload pf:
pfctl -f /etc/pf.conf
pfctl -e
OR:
use Kernbypass
flags Frida detected .
to solve it try hook like :
static int (*orig_connect)(int, const struct sockaddr*, socklen_t);
// our replacement
static int my_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) {
if (addr->sa_family == AF_INET && addrlen >= sizeof(struct sockaddr_in)) {
const struct sockaddr_in *in4 = (const void*)addr;
uint16_t port = ntohs(in4->sin_port);
if (in4->sin_addr.s_addr == inet_addr("127.0.0.1")
&& (port == 27042 || port == 27043)) {
// pretend there's no server
errno = ECONNREFUSED;
return -1;
}
}
// otherwise, do the real connect
return orig_connect(sockfd, addr, addrlen);
} // then use any hook it using method like dobby or substrate, etc ..
OR:
Create an anchor file, e.g. /etc/pf.anchors/fridablock with:
"block in quick on lo0 proto tcp from any to any port { 27042, 27043 }"
then Edit /etc/pf.conf and add at the end:
anchor "fridablock"
load anchor "fridablock" from "/etc/pf.anchors/fridablock"
then Reload pf:
pfctl -f /etc/pf.conf
pfctl -e
OR:
use Kernbypass
β€2
I dev easy way to hook with dobby in rootfull-jailbreak . look at and read instractions : https://github.com/saudgl/BaseGetter-with-Dobby-iOS-hook
GitHub
GitHub - saudgl/BaseGetter-with-Dobby-iOS-hook: iOS Hook
iOS Hook . Contribute to saudgl/BaseGetter-with-Dobby-iOS-hook development by creating an account on GitHub.
β€2
dumps_all_Frameworks_bubg39_GL.zip
1 MB
π Here the all classes dump for ALL Frameworks . enjoy π₯°, if you ask is all Frameworks important ? yes its!! but not all.
Include: ShadowTr.. and Anogs
Include: ShadowTr.. and Anogs
β€1
HideGL1.dylib
166.5 KB
I dev this tweak based on users requests
"HideGL1" is a tweak designed to conceal jailbreak detection and resolve intentional crashes caused by Games if they detect you using like Frida GamePlayer , GameMaster, GameMasterPlus , GameGemiOS , iGameGuardian .
It complements other jailbreak-hiding tweaks such as Shadow and iHide by covering detection vectors they may miss. Using "HideGL1" alongside these tools can provide comprehensive jailbreak concealment for games. by @saudgl @Bubg_dev
"HideGL1" is a tweak designed to conceal jailbreak detection and resolve intentional crashes caused by Games if they detect you using like Frida GamePlayer , GameMaster, GameMasterPlus , GameGemiOS , iGameGuardian .
It complements other jailbreak-hiding tweaks such as Shadow and iHide by covering detection vectors they may miss. Using "HideGL1" alongside these tools can provide comprehensive jailbreak concealment for games. by @saudgl @Bubg_dev
β€5
use this to run app on xcode like run game in xcode to trace it live debug
if you face domain error : XCode -> File -> Project setting -> Advanced -> legacy
how is work ? rename you IPA file to app.ipa the put on "IPAPatch/Assets/app.ipa" then enjoy
https://github.com/saudgl/IPAPatch-saudgl
if you face domain error : XCode -> File -> Project setting -> Advanced -> legacy
how is work ? rename you IPA file to app.ipa the put on "IPAPatch/Assets/app.ipa" then enjoy
https://github.com/saudgl/IPAPatch-saudgl
GitHub
GitHub - saudgl/IPAPatch-saudgl: Patch iOS Apps, The Easy Way, Without Jailbreak.
Patch iOS Apps, The Easy Way, Without Jailbreak. Contribute to saudgl/IPAPatch-saudgl development by creating an account on GitHub.
PB 4 GL = Global
GName Fun : 0x104ab914c
GName Data : 0x10a3ed0e0
GWorld Fun : 0x102a3a7f8
GWorld Data : 0x10aa91290
GUObject : 0x10a87ac70
LineOfsight : 0x1060e7b8c
ActorDecr: 0x10624b5ac
By @saudgl
@Bubg_dev
π₯1
ActorDecr Addresses For PβG V4:
// GL:
ActorDecr: 0x10624B5AC
// KR:
ActorDecr: 0x1063F5AA4
// TW:
ActorDecr: 0x10619858C
// VN:
ActorDecr: 0x1063CC58C
//by @OOOQG
β€1π1π«‘1