For jailbreak users if you install Frida, Game will crash , even with the Hide jb tools will be detected
flags Frida detected .
to solve it try hook like :
OR:
Create an anchor file, e.g. /etc/pf.anchors/fridablock with:
"block in quick on lo0 proto tcp from any to any port { 27042, 27043 }"
then Edit /etc/pf.conf and add at the end:
anchor "fridablock"
load anchor "fridablock" from "/etc/pf.anchors/fridablock"
then Reload pf:
pfctl -f /etc/pf.conf
pfctl -e
OR:
use Kernbypass
flags Frida detected .
to solve it try hook like :
static int (*orig_connect)(int, const struct sockaddr*, socklen_t);
// our replacement
static int my_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) {
if (addr->sa_family == AF_INET && addrlen >= sizeof(struct sockaddr_in)) {
const struct sockaddr_in *in4 = (const void*)addr;
uint16_t port = ntohs(in4->sin_port);
if (in4->sin_addr.s_addr == inet_addr("127.0.0.1")
&& (port == 27042 || port == 27043)) {
// pretend there's no server
errno = ECONNREFUSED;
return -1;
}
}
// otherwise, do the real connect
return orig_connect(sockfd, addr, addrlen);
} // then use any hook it using method like dobby or substrate, etc ..
OR:
Create an anchor file, e.g. /etc/pf.anchors/fridablock with:
"block in quick on lo0 proto tcp from any to any port { 27042, 27043 }"
then Edit /etc/pf.conf and add at the end:
anchor "fridablock"
load anchor "fridablock" from "/etc/pf.anchors/fridablock"
then Reload pf:
pfctl -f /etc/pf.conf
pfctl -e
OR:
use Kernbypass
❤2
I dev easy way to hook with dobby in rootfull-jailbreak . look at and read instractions : https://github.com/saudgl/BaseGetter-with-Dobby-iOS-hook
GitHub
GitHub - saudgl/BaseGetter-with-Dobby-iOS-hook: iOS Hook
iOS Hook . Contribute to saudgl/BaseGetter-with-Dobby-iOS-hook development by creating an account on GitHub.
❤2
dumps_all_Frameworks_bubg39_GL.zip
1 MB
💀 Here the all classes dump for ALL Frameworks . enjoy 🥰, if you ask is all Frameworks important ? yes its!! but not all.
Include: ShadowTr.. and Anogs
Include: ShadowTr.. and Anogs
❤1
HideGL1.dylib
166.5 KB
I dev this tweak based on users requests
"HideGL1" is a tweak designed to conceal jailbreak detection and resolve intentional crashes caused by Games if they detect you using like Frida GamePlayer , GameMaster, GameMasterPlus , GameGemiOS , iGameGuardian .
It complements other jailbreak-hiding tweaks such as Shadow and iHide by covering detection vectors they may miss. Using "HideGL1" alongside these tools can provide comprehensive jailbreak concealment for games. by @saudgl @Bubg_dev
"HideGL1" is a tweak designed to conceal jailbreak detection and resolve intentional crashes caused by Games if they detect you using like Frida GamePlayer , GameMaster, GameMasterPlus , GameGemiOS , iGameGuardian .
It complements other jailbreak-hiding tweaks such as Shadow and iHide by covering detection vectors they may miss. Using "HideGL1" alongside these tools can provide comprehensive jailbreak concealment for games. by @saudgl @Bubg_dev
❤5
use this to run app on xcode like run game in xcode to trace it live debug
if you face domain error : XCode -> File -> Project setting -> Advanced -> legacy
how is work ? rename you IPA file to app.ipa the put on "IPAPatch/Assets/app.ipa" then enjoy
https://github.com/saudgl/IPAPatch-saudgl
if you face domain error : XCode -> File -> Project setting -> Advanced -> legacy
how is work ? rename you IPA file to app.ipa the put on "IPAPatch/Assets/app.ipa" then enjoy
https://github.com/saudgl/IPAPatch-saudgl
GitHub
GitHub - saudgl/IPAPatch-saudgl: Patch iOS Apps, The Easy Way, Without Jailbreak.
Patch iOS Apps, The Easy Way, Without Jailbreak. Contribute to saudgl/IPAPatch-saudgl development by creating an account on GitHub.
PB 4 GL = Global
GName Fun : 0x104ab914c
GName Data : 0x10a3ed0e0
GWorld Fun : 0x102a3a7f8
GWorld Data : 0x10aa91290
GUObject : 0x10a87ac70
LineOfsight : 0x1060e7b8c
ActorDecr: 0x10624b5ac
By @saudgl
@Bubg_dev
🔥1
ActorDecr Addresses For P—G V4:
// GL:
ActorDecr: 0x10624B5AC
// KR:
ActorDecr: 0x1063F5AA4
// TW:
ActorDecr: 0x10619858C
// VN:
ActorDecr: 0x1063CC58C
//by @OOOQG
❤1👏1🫡1
Forwarded from GL-DEV2
PB 4.1
0x10A4A4A70 VNG GUObject
0x104A847E0 VNG GName
0x10A7A7370 KR GUObject
0x104cdd26c KR GName
0x10A5DF0F0 GL GUObject
0x104b4449c GL GName
GL-DEV
by @abrhmanm
Forwarded from GL-DEV2
SDK ( internal & external)
https://github.com/saudgl/-Pubg-4.1-IOS-SDK-GL/
https://github.com/saudgl/-Pubg-4.1-IOS-SDK-GL/
GitHub
GitHub - saudgl/-Pubg-4.1-IOS-SDK-GL
Contribute to saudgl/-Pubg-4.1-IOS-SDK-GL development by creating an account on GitHub.
Forwarded from GL-DEV2
PB 4.1.0
// GL
GWorld Fun: 0x102A4A8F8
GWorld Data: 0x10AA91690
// KR
GWorld Fun: 0x102BE48DC
GWorld Data: 0x10AC75D90
// TW:
GWorld Fun: 0x1029878D8
GWorld Data: 0x10A947410
// VN
GWorld Fun: 0x102BBB8D7
GWorld Data: 0x10AC4CC90
// KR:
GName Fun: 0x104C630A0
GName Data: 0x10A5CE5E8
// TW:
GName Fun: 0x104C3A12C
GName Data: 0x10A5A84E8
// VN:
GName Fun: 0x104A0682C
GName Data: 0x10A7C2F58
@Pubg_dev
By @englishdick
❤1
Forwarded from GL-DEV2
Note: for PB 4 , if you direct hook process event for rendering
Will crash caz they detected hook.
For pass temporary for test , run it on lobby . But will get ban later
and same if you hook memcpy . even hook it now useless . Caz they use their own memcpy fun
Will crash caz they detected hook.
For pass temporary for test , run it on lobby . But will get ban later
and same if you hook memcpy . even hook it now useless . Caz they use their own memcpy fun
Forwarded from GL-DEV2
PB 4.1 GL
GName Fun 0x104b4449c
GName Data 0x10a3adf90
GWorld Fun 0x102a28b7c
GWorld data 0x10a7f6540
GUObject 0x10a5df0f0
LineOfsignt 0x1060481cc
ActorArray Decry 0x1061ac278
Proces event 0x104ce6c38
GL-DEV
by @saudgl
Forwarded from GL-DEV2
PB 4.1
HUD Fun 0x103455d98
Engine Data 0x10a7f5340
CanvasMap Data 0x10a42f218
by @saudgl GL-Dev
Forwarded from GL-DEV2
PB 4.1
Yaw: 0x888
Roll: 0x890
Pitch: 0x880
by @saudgl GL-Dev