Jump to content

17 posts in this topic

Recommended Posts

Hi all. I was wondering what the best way to find and address the AppGuard/LiAPP detection on a certain app. I was using a decompiler on the UnityFramework file and I also tried using DNSpy for the Assembly file. My issue is:

 

1. I can find a Class for “CheatDetector”  in DNSpy using the assembly file that has a method for LIAPP but im not sure how to address it in the Live Offset program. I tried to NOP the offsets of the functions but nada.

2. I can also find instances in the UnityFramework file where it tries to find paths of common jailbroken thing such as Cydia. 

 

I'm not understanding which I should be addressing given that both show points of interest for detecting JB. Any help would be appreciated. 

Updated by marc726
Format and Misspell fixes. 
  • Like 1
Link to comment
https://iosgods.com/topic/166694-liapp-jailbreak-detection-bypass/
Share on other sites

On 12/17/2022 at 11:50 PM, marc726 said:

Hi all. I was wondering what the best way to find and address the AppGuard/LiAPP detection on a certain app. I was using a decompiler on the UnityFramework file and I also tried using DNSpy for the Assembly file. My issue is:

 

1. I can find a Class for “CheatDetector”  in DNSpy using the assembly file that has a method for LIAPP but im not sure how to address it in the Live Offset program. I tried to NOP the offsets of the functions but nada.

2. I can also find instances in the UnityFramework file where it tries to find paths of common jailbroken thing such as Cydia. 

 

I'm not understanding which I should be addressing given that both show points of interest for detecting JB. Any help would be appreciated. 

Have you first tried FlyJb X ? 

If you open the game, and enable FlyJb after its useless since the game will store that you are Jailbreak. 

Steps :

1) Delete the game. 

2) Re install it BUT DON'T OPEN IT

3) Open FlyJb and from there, enable ur app. you can use A-bypass if you want, i use FlyJB but use any good alternatives.

4) Open your game 

 

If that didn't work, you probably need to work with DnSpy...

Afaik you can't NOP a class, try to look functions / methods, maybe bool functions store if you are jailbreak or no. 

You can also search for function names containing "jailbreak", "root". 

 

I think the first method should work tbh, but if not good luck for the second one, it's gonna be a lot of work to test them 

Updated by ꞋꞌꞋꞌꞋꞌꞋꞌ
  • Like 1
10 hours ago, ꞋꞌꞋꞌꞋꞌꞋꞌ said:

Have you first tried FlyJb X ? 

If you open the game, and enable FlyJb after its useless since the game will store that you are Jailbreak. 

Steps :

1) Delete the game. 

2) Re install it BUT DON'T OPEN IT

3) Open FlyJb and from there, enable LIAPP. you can use A-bypass if you want, i use FlyJB but use any good alternatives.

4) Open your game 

 

If that didn't work, you probably need to work with DnSpy...

Afaik you can't NOP a class, try to look functions / methods, maybe bool functions store if you are jailbreak or no. 

You can also search for function names containing "jailbreak", "root". 

 

I think the first method should work tbh, but if not good luck for the second one, it's gonna be a lot of work to test them 

Unfortunately no known public bypass tweaks works at the moment. The only known bypass is on this site but I wanted to try my hand at it. I think I was able to narrow down the function to something called "_fb_is_jailbroken" thanks to Frida. My problem now is looking at the assembly and figuring out what's what, if there are other calls, etc. 

As for DNSpy, I have the feeling that it's not what I'm looking for. DNSpy does show a class "CheatingDetector"  and it does have a function labeled "onDetectedThreatWithLIAPP()" but it doesn't help me outside of that. 

It's quite the headache for someone who doesn't have experience in assembly or reverse engineering 😪

Here's the list from DNSpy in case you were interested:
 

using System;
using Il2CppDummyDll;

// Token: 0x02000A35 RID: 2613
[Token(Token = "0x2000A35")]
public class CheatingDetector : ManagerSingleton<CheatingDetector>
{
	// Token: 0x06004895 RID: 18581 RVA: 0x00002050 File Offset: 0x00000250
	[Token(Token = "0x6004895")]
	[Address(RVA = "0x1D67DFC", Offset = "0x1D67DFC", VA = "0x1D67DFC", Slot = "10")]
	protected override void Awake()
	{
	}

	// Token: 0x06004896 RID: 18582 RVA: 0x00002050 File Offset: 0x00000250
	[Token(Token = "0x6004896")]
	[Address(RVA = "0x1D67E50", Offset = "0x1D67E50", VA = "0x1D67E50")]
	public void onDetectedThreatWithLIAPP()
	{
	}

	// Token: 0x06004897 RID: 18583 RVA: 0x00002050 File Offset: 0x00000250
	[Token(Token = "0x6004897")]
	[Address(RVA = "0x1D67E58", Offset = "0x1D67E58", VA = "0x1D67E58")]
	public void OnCheaterDetected(int DBBABCBBDCBDBCDDBDDBCCB)
	{
	}

	// Token: 0x06004898 RID: 18584 RVA: 0x00010A10 File Offset: 0x0000EC10
	[Token(Token = "0x6004898")]
	[Address(RVA = "0x1D6808C", Offset = "0x1D6808C", VA = "0x1D6808C")]
	public ValueTuple<bool, string> CheckCheat()
	{
		return default(ValueTuple<bool, string>);
	}

	// Token: 0x06004899 RID: 18585 RVA: 0x00002050 File Offset: 0x00000250
	[Token(Token = "0x6004899")]
	[Address(RVA = "0x1D68804", Offset = "0x1D68804", VA = "0x1D68804")]
	public void SaveChatBlockTime(string ACDABDBDABCCACBABDCDCDC, int BBDBBBDCBBDCCABCAACAABC)
	{
	}

	// Token: 0x0600489A RID: 18586 RVA: 0x00010A28 File Offset: 0x0000EC28
	[Token(Token = "0x600489A")]
	[Address(RVA = "0x1D6839C", Offset = "0x1D6839C", VA = "0x1D6839C")]
	public ValueTuple<bool, bool> CheckReport(string ACDABDBDABCCACBABDCDCDC)
	{
		return default(ValueTuple<bool, bool>);
	}

	// Token: 0x0600489B RID: 18587 RVA: 0x00002050 File Offset: 0x00000250
	[Token(Token = "0x600489B")]
	[Address(RVA = "0x1D68970", Offset = "0x1D68970", VA = "0x1D68970")]
	public CheatingDetector()
	{
	}
}

 

Updated by marc726
  • Informative 1
3 hours ago, marc726 said:

Unfortunately no known public bypass tweaks works at the moment. The only known bypass is on this site but I wanted to try my hand at it. I think I was able to narrow down the function to something called "_fb_is_jailbroken" thanks to Frida. My problem now is looking at the assembly and figuring out what's what, if there are other calls, etc. 

As for DNSpy, I have the feeling that it's not what I'm looking for. DNSpy does show a class "CheatingDetector"  and it does have a function labeled "onDetectedThreatWithLIAPP()" but it doesn't help me outside of that. 

It's quite the headache for someone who doesn't have experience in assembly or reverse engineering 😪

Here's the list from DNSpy in case you were interested:
 

using System;
using Il2CppDummyDll;

// Token: 0x02000A35 RID: 2613
[Token(Token = "0x2000A35")]
public class CheatingDetector : ManagerSingleton<CheatingDetector>
{
	// Token: 0x06004895 RID: 18581 RVA: 0x00002050 File Offset: 0x00000250
	[Token(Token = "0x6004895")]
	[Address(RVA = "0x1D67DFC", Offset = "0x1D67DFC", VA = "0x1D67DFC", Slot = "10")]
	protected override void Awake()
	{
	}

	// Token: 0x06004896 RID: 18582 RVA: 0x00002050 File Offset: 0x00000250
	[Token(Token = "0x6004896")]
	[Address(RVA = "0x1D67E50", Offset = "0x1D67E50", VA = "0x1D67E50")]
	public void onDetectedThreatWithLIAPP()
	{
	}

	// Token: 0x06004897 RID: 18583 RVA: 0x00002050 File Offset: 0x00000250
	[Token(Token = "0x6004897")]
	[Address(RVA = "0x1D67E58", Offset = "0x1D67E58", VA = "0x1D67E58")]
	public void OnCheaterDetected(int DBBABCBBDCBDBCDDBDDBCCB)
	{
	}

	// Token: 0x06004898 RID: 18584 RVA: 0x00010A10 File Offset: 0x0000EC10
	[Token(Token = "0x6004898")]
	[Address(RVA = "0x1D6808C", Offset = "0x1D6808C", VA = "0x1D6808C")]
	public ValueTuple<bool, string> CheckCheat()
	{
		return default(ValueTuple<bool, string>);
	}

	// Token: 0x06004899 RID: 18585 RVA: 0x00002050 File Offset: 0x00000250
	[Token(Token = "0x6004899")]
	[Address(RVA = "0x1D68804", Offset = "0x1D68804", VA = "0x1D68804")]
	public void SaveChatBlockTime(string ACDABDBDABCCACBABDCDCDC, int BBDBBBDCBBDCCABCAACAABC)
	{
	}

	// Token: 0x0600489A RID: 18586 RVA: 0x00010A28 File Offset: 0x0000EC28
	[Token(Token = "0x600489A")]
	[Address(RVA = "0x1D6839C", Offset = "0x1D6839C", VA = "0x1D6839C")]
	public ValueTuple<bool, bool> CheckReport(string ACDABDBDABCCACBABDCDCDC)
	{
		return default(ValueTuple<bool, bool>);
	}

	// Token: 0x0600489B RID: 18587 RVA: 0x00002050 File Offset: 0x00000250
	[Token(Token = "0x600489B")]
	[Address(RVA = "0x1D68970", Offset = "0x1D68970", VA = "0x1D68970")]
	public CheatingDetector()
	{
	}
}

 

Mhhh i am not sure that this class is usefull for JB détection...

It seems dealing with "real cheat" but, if it's whatever dealing with JB, i would NOP / RET all of theses meth/functions.

All of them have obfuscated parameters, it's hard to know with what it's dealing. and also, ive search for this class online and it seems to be private, there is no documentation from Unity3D about it...

  • Informative 1
1 hour ago, ꞋꞌꞋꞌꞋꞌꞋꞌ said:

Mhhh i am not sure that this class is usefull for JB détection...

It seems dealing with "real cheat" but, if it's whatever dealing with JB, i would NOP / RET all of theses meth/functions.

All of them have obfuscated parameters, it's hard to know with what it's dealing. and also, ive search for this class online and it seems to be private, there is no documentation from Unity3D about it...

Yea, NOP RET all functions in that class still gets LIAPP called on me. I'm honestly stumped. I'm guessing the check lies in the UnityFramework file somewhere. Frida points to fb_is_jailbroken

 

C:\Users\%%%%\AppData\Local\Programs\Python\Python311\Scripts>frida-trace -U -i "*jail*" -n "Random Dice"
Instrumenting...
fb_is_jailbroken: Loaded handler at "C:\\Users\\%%%%\\AppData\\Local\\Programs\\Python\\Python311\\Scripts\\__handlers__\\UnityFramework\\fb_is_jailbroken.js"
_Z24replaced_jailbreakStatusP11objc_objectP13objc_selectori: Loaded handler at "C:\\Users\\%%%%%\\AppData\\Local\\Programs\\Python\\Python311\\Scripts\\__handlers__\\zzzzzLiberty.dylib\\_Z24replaced_jailbreakStatusP11o_658fd25a.js"
Started tracing 2 functions. Press Ctrl+C to stop.
Process terminated

 

and Ghidra shows 

 

                             **************************************************************
                             *                          FUNCTION                          *
                             **************************************************************
                             bool __cdecl _fb_is_jailbroken(ID param_1, SEL param_2)
             bool              w0:4           <RETURN>
             ID                x0:8           param_1
             SEL               x1:8           param_2
             undefined8        Stack[-0x10]:8 local_10                                XREF[2]:     006adce8(W), 
                                                                                                   006add08(*)  
                             _fb_is_jailbroken                               XREF[2]:     Entry Point(*), 
                                                                                          isJailBrokenDevice:005966fc(T), 
                                                                                          isJailBrokenDevice:005966fc(j)  
        006adce8 fd 7b bf a9     stp        x29,x30,[sp, #local_10]!
        006adcec fd 03 00 91     mov        x29,sp
        006adcf0 68 4d 02 d0     adrp       x8,0x505b000
        006adcf4 08 31 45 f9     ldr        x8,[x8, #0xa60]=>DAT_0505ba60                    = ??
        006adcf8 1f 05 00 b1     cmn        x8,#0x1
        006adcfc a1 00 00 54     b.ne       LAB_006add10
                             LAB_006add00                                    XREF[1]:     006add24(j)  
        006add00 68 4d 02 d0     adrp       x8,0x505b000
        006add04 00 61 69 39     ldrb       param_1,[x8, #0xa58]=>DAT_0505ba58               = ??
        006add08 fd 7b c1 a8     ldp        x29=>local_10,x30,[sp], #0x10
        006add0c c0 03 5f d6     ret
                             LAB_006add10                                    XREF[1]:     006adcfc(j)  
        006add10 60 4d 02 d0     adrp       param_1,0x505b000
        006add14 00 80 29 91     add        param_1=>DAT_0505ba60,param_1,#0xa60             = ??
        006add18 41 20 02 f0     adrp       param_2,0x4ab8000
        006add1c 21 40 02 91     add        param_2=>PTR_LOOP_04ab8090,param_2,#0x90         = 048a0778
        006add20 74 32 e3 94     bl         __stubs::_dispatch_once                          undefined _dispatch_once()
        006add24 f7 ff ff 17     b          LAB_006add00


Decomplier shows 

 

bool _fb_is_jailbroken(ID param_1,SEL param_2)

{
  if (DAT_0505ba60 != -1) {
    __stubs::_dispatch_once(&DAT_0505ba60,&PTR_LOOP_04ab8090);
  }
  return (bool)DAT_0505ba58;
}

 

which represents the entire function. 

  • Informative 1

Mhh it seems to be acting like this :

bool _fb_is_jailbroken(ID param_1,SEL param_2) {
  if (the check has determine that your device is JB) {
    alert("your device is JB");
    return true;
  }
  return false;
}

(my analysis only)

I would return false. As i said, i think the class CheatDetection is useless, i think it uses other thing to determine if jailbreak or not. Have you checked method names containing Jaibreak/root keywords ?

Updated by ꞋꞌꞋꞌꞋꞌꞋꞌ
  • Agree 1
On 12/22/2022 at 6:43 AM, ꞋꞌꞋꞌꞋꞌꞋꞌ said:

Mhh it seems to be acting like this :

bool _fb_is_jailbroken(ID param_1,SEL param_2) {
  if (the check has determine that your device is JB) {
    alert("your device is JB");
    return true;
  }
  return false;
}

(my analysis only)

I would return false. As i said, i think the class CheatDetection is useless, i think it uses other thing to determine if jailbreak or not. Have you checked method names containing Jaibreak/root keywords ?

I'm so sorry I didn't see your reply! 

I tried to change address 006add08 to:

mov x30,#0x0
ret
 

since the complier showed no arguments for the ret function at 006add0c, I assume it returns the register at x30. As told here https://developer.arm.com/documentation/dui0802/a/A64-General-Instructions/RET
I am still met with the LIAPP screen after about 15 seconds. 

I agree with the CheatDetection class and I'm going to eliminate any chance DNSpy can show me the answer. Also the game is Random Dice Defense. 

Updated by marc726
  • Like 1
25 minutes ago, marc726 said:

I'm so sorry I didn't see your reply! 

I tried to change address 006add08 to:

mov x30,#0x0
ret
 

since the complier showed no arguments for the ret function at 006add0c, I assume it returns the register at x30. As told here https://developer.arm.com/documentation/dui0802/a/A64-General-Instructions/RET
I am still met with the LIAPP screen after about 15 seconds. 

I agree with the CheatDetection class and I'm going to eliminate any chance DNSpy can show me the answer. Also the game is Random Dice Defense. 

have you tried to search for the strings that the pop up shows inside iDA string view ?

 

  • Like 1
2 hours ago, ꞋꞌꞋꞌꞋꞌꞋꞌ said:

have you tried to search for the strings that the pop up shows inside iDA string view ?

 

M1qiVoz.jpg

This is the message I get. I search for instances of "JP1" "Appguard" "shut down" "security policy" but no results except irrelevant results for the last two.

  • Like 1
10 hours ago, marc726 said:

/cdn-cgi/mirage/41ff1f68243607f4e9ea12c2548c6d54d43598dd57117816f22e2d670dcc8f0b/1280/https://i.imgur.com/M1qiVoz.jpg

This is the message I get. I search for instances of "JP1" "Appguard" "shut down" "security policy" but no results except irrelevant results for the last two.

mhhh then they encrypted the strings... well i have no idear about what you try atm... :sad:

maybe in this case just navigate to all namespaces and classes trough the .dll using DnSpy, but this takes a lot of time 

Updated by ꞋꞌꞋꞌꞋꞌꞋꞌ
  • Like 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below. For more information, please read our Posting Guidelines.
Reply to this topic... Posting Guidelines

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Our picks

    • Immortal Rising Cheats v2.4.9 +4
      Modded/Hacked App: Immortal Rising By MOBIRIX
      Bundle ID: com.badbeans.DarkIdle
      iTunes Store Link: https://apps.apple.com/us/app/immortal-rising/id1588863558?uo=4


      Hack Features:
      - God Mode
      - One Hit Kill
      - PREMIUM
      - Freeze Currencies*

      *Abuse = Ban


      iOS Hack Download Link: https://iosgods.com/topic/178921-immortal-rising-cheats-v222-4/
      • 163 replies
    • Travel Town - Merge Adventure Cheats v2.12.852 +1
      Modded/Hacked App: Travel Town By Magmatic Games Ltd
      Bundle ID: io.randomco.travel
      iTunes Store Link: https://apps.apple.com/us/app/travel-town/id1521236603?uo=4


      Hack Features:
      - Infinite Currencies


      Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/topic/148953-travel-town-v231-jailed-cheats-1/

      iOS Hack Download Link: https://iosgods.com/topic/148951-travel-town-cheats-all-versions-1/
      • 120 replies
    • BitLife - Life Simulator Cheats v3.17.1 +2
      Modded/Hacked App: BitLife - Life Simulator by Candywriter, LLC
      Bundle ID: com.wtfapps.apollo16
      iTunes Store Link: https://apps.apple.com/us/app/bitlife-life-simulator/id1374403536?uo=4&at=1010lce4


      Hack Features:
      - Infinite Cash
      - Free Bitizen Purchase (Press Cancle) - Work for All Versions


      Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/topic/84167-arm64-bitlife-life-simulator-v1412-jailed-cheats-2/


      Hack Download Link: https://iosgods.com/topic/84223-arm64-bitlife-life-simulator-cheats-all-versions-2/
      • 3,344 replies
    • Otherworld Three Kingdoms Cheats v1.0.22 +4
      Modded/Hacked App: Otherworld Three Kingdoms By SuperPlanet corp.
      Bundle ID: com.superplanet.samworld
      iTunes Store Link: https://apps.apple.com/us/app/otherworld-three-kingdoms/id6496345383?uo=4


      Hack Features:
      - Multiply Attack
      - Multiply Defense
      - Instant Skills


      iOS Hack Download Link: https://iosgods.com/topic/183743-otherworld-three-kingdoms-cheats-v103-3/
      • 97 replies
    • Delusion: Tactical Idle RPG Cheats v2.3.1 +3
      Modded/Hacked App: Delusion: Tactical Idle RPG By SuperPlanet corp.
      Bundle ID: com.superplanet.delusion
      iTunes Store Link: https://apps.apple.com/us/app/delusion-tactical-idle-rpg/id6496342351?uo=4


      Hack Features:
      - Multiply Attack
      - God Mode
      - Freeze Currencies

      NOTE: Do not abuse or buy ViP just for this cheats


      iOS Hack Download Link: https://iosgods.com/topic/183614-delusion-tactical-idle-rpg-cheats-v1027-3/
      • 58 replies
    • The Seven Deadly Sins: Idle Cheats v1.8.1 +4
      Modded/Hacked App: The Seven Deadly Sins: Idle By Netmarble Corporation
      Bundle ID: com.netmarble.nanarise
      iTunes Store Link: https://apps.apple.com/us/app/the-seven-deadly-sins-idle/id6469305531?uo=4


      Hack Features:
      - Multiply Attack
      - Multiply Defense
      - Modify Range


      iOS Hack Download Link: https://iosgods.com/topic/185131-the-seven-deadly-sins-idle-cheats-v101-3/
      • 86 replies
    • Hill Climb Racing 2 v1.64.2 Cheats +3
      Modded/Hacked App: Hill Climb Racing 2 By Fingersoft
      Bundle ID: com.fingersoft.hillclimbracing2
      iTunes Store Link: https://apps.apple.com/us/app/hill-climb-racing-2/id1146465836?uo=4


      Hack Features:
      - Freeze Coins
      - Freeze Gems
      - Freeze Scraps


      Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/topic/108295-hill-climb-racing-2-v1611-jailed-cheats-2/


      iOS Hack Download Link: https://iosgods.com/topic/108298-hill-climb-racing-2-v1612-cheats-3/
      • 2,153 replies
    • Monster Super League By Four Thirty Three v3.8.7 - [ x Player Damage & More ]
      Modded/Hacked App: Monster Super League By Four Thirty Three
      Bundle ID: com.ftt.msleague
      iTunes Store Link: https://itunes.apple.com/us/app/monster-super-league/id1092463295


      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
      - Cydia Substrate (from Cydia).
      - PreferenceLoader (from Cydia).


      Hack Features:
      - x Player Damage - x1 - 100
      - x Player Defense - x1 - 100
      - Inf.Skills

      All features are unlinked and only for you player, you!
      • 1,262 replies
    • MARVEL Puzzle Quest: Hero RPG v317.0.696394 +2 Jailed Cheats [ One-Hit Kill ]
      Modded/Hacked App: MARVEL Puzzle Quest: Hero RPG By D3PA
      Bundle ID: com.d3p.yorkMPQ
      iTunes Store Link: https://apps.apple.com/us/app/marvel-puzzle-quest-hero-rpg/id618349779


      Hack Features:
      - God Mode -> Linked. Wait until it's the enemies turn then enable this feature.
      - One-Hit Kill -> Linked. Wait until it's your turn then enable this feature.


      Jailbreak required hack(s): [Mod Menu Hack] MARVEL Puzzle Quest: Hero RPG v264.0.617994 +2 Cheats [ One-Hit Kill ] - Free Jailbroken Cydia Cheats - iOSGods
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/
      • 91 replies
    • MARVEL Puzzle Quest: Hero RPG v317.0.696394 +2 Cheats [ One-Hit Kill ]
      Modded/Hacked App: MARVEL Puzzle Quest: Hero RPG By D3PA
      Bundle ID: com.d3p.yorkMPQ
      iTunes Store Link: https://apps.apple.com/us/app/marvel-puzzle-quest-hero-rpg/id618349779


      Hack Features:
      - God Mode -> Linked. Wait until it's the enemies turn then enable this feature. This feature will auto update itself once a new version of the app is released!
      - One-Hit Kill -> Linked. Wait until it's your turn then enable this feature. This feature will auto update itself once a new version of the app is released!


      Non-Jailbroken & No Jailbreak required hack(s): [Non-Jailbroken Hack] MARVEL Puzzle Quest: Hero RPG v264.0.617994 +1 Jailed Cheat [ One-Hit Kill ] - Free Non-Jailbroken IPA Cheats - iOSGods
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/
      • 52 replies
    • MeChat v4.29.1 +1 Jailed Cheat [ Unlimited Gems ]
      Modded/Hacked App: MeChat By PlayMe Studio
      Bundle ID: world.playme.mechat
      iTunes Store Link: https://apps.apple.com/us/app/mechat/id1536157979
       

      Hack Features:
      - Unlimited Gems -> Will increase instead of decrease.
      - Unlimited Gems -> Earn some then uninstall this hack. DO NOT SPEND ANY GEMS WHILST THIS FEATURE IS ENABLED! [ VIP ]


      Free Jailbreak required hack(s): [Mod Menu Hack] [Free] MeChat - Love Secrets v3.3.2 +1 Cheat [ Unlimited Gems ] - Free Jailbroken Cydia Cheats - iOSGods
      ViP Jailbreak required hack(s): [Mod Menu Hack] MeChat - Love Secrets v3.3.2 +1 Cheat [ Unlimited Gems ] - ViP Cheats - iOSGods
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs
      • 707 replies
    • Good Pizza, Great Pizza v5.20.0 +2 Jailed Cheats [ Unlimited Currencies ]
      Modded/Hacked App: Good Pizza, Great Pizza By TAPBLAZE, LLC
      Bundle ID: com.tapblaze.pizzabusiness
      iTunes Store Link: https://apps.apple.com/us/app/good-pizza-great-pizza/id911121200?uo=4


      Hack Features:
      - Unlimited Cash
      - Unlimited Diamonds


      Jailbreak required hack(s): [Mod Menu Hack] Good Pizza, Great Pizza v5.5.6 +2 Cheats [ Unlimited Currencies ] - Free Jailbroken Cydia Cheats - iOSGods
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/
      • 211 replies
×
  • Create New...

Important Information

We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines