Help/Support Advice on bypassing jailbreak detection in Standoff 2

TrizeMelon · May 22, 2024

The game is Standoff 2, and they recently made even stronger jailbreak detection, so most of the cheat developers gave up on doing cheats for it (or they use different techniques). Before those updates, you could just use either A-Bypass or Fly JB X to bypass the jailbreak detection, but now it no longer works. The game just crashes after you login to your account, whatever you use or do (but you can sit on the login page without crashes). The question is, if I want to bypass it, should I learn some Arm64 assembly and try reverse engineering that? Maybe I can somehow make use of iGG? I just want to hear different opinions on that.

Puddin · May 23, 2024

3 hours ago, TrizeMelon said:

The game is Standoff 2, and they recently made even stronger jailbreak detection, so most of the cheat developers gave up on doing cheats for it (or they use different techniques). Before those updates, you could just use either A-Bypass or Fly JB X to bypass the jailbreak detection, but now it no longer works. The game just crashes after you login to your account, whatever you use or do (but you can sit on the login page without crashes). The question is, if I want to bypass it, should I learn some Arm64 assembly and try reverse engineering that? Maybe I can somehow make use of iGG? I just want to hear different opinions on that.

What version had weak jb detection?

TrizeMelon · May 23, 2024

5 hours ago, Puddin said:

What version had weak jb detection?

The last weak version was 0.24.3 (9 months ago, current 0.28.5), it could be bypassed just using A-Bypass or Fly JB X. A bit of history, developers in 0.26.0, which was released 6 months ago, made the current anticheat system. Few versions before, however, they tried fighting cheat developers using different techniques (encrypting metadata; using frameworks that crash the game if jailbreak is detected). After 0.21.0, they made a detection for fake versions (when you change the info.plist version of the game). I think they just hired a new anti-cheat team at 0.25.0, because throughout those 3 years of iOS cheating I never saw anything like that.

Below is the article of one of the cheat devs in the game. Notice, that article was written when it was 0.25.2, so some information might be outdated (such as the presense of the framework which caused the crash of an application when jailbreak was detected (it got deleted in 0.26.0))

Quote

Check when starting an application

In update 0.25.0 a new framework was added to the game.

This framework is not related to the main framework of the game, and since it was added recently, I have not so completely disassembled it. This part of the anti-cheat runs checks the system for the presence of jailbreak in different ways and as well as the originality of the application, but it all leads to one thing - crashing applications if the framework detects something at the start of the application.

The way around this is quite easy - patch the function that causes the application to crash. If you are interested, you can find this framework in the game files (it has a random name) and load it into IDA to find the function that causes the crash. It is enough to patch this function and that's all.

Check at login

One of the main anti-cheat checks occurs when logging into an account, standoff2 uses a lot of different methods such as checking game files, eitherk hashes, bandle identifier and also jailbreak detectors. All of these checks are recorded in a dictionary:

SystemVersion, Root, Injected, IsFromAppStore, IsDebugged, CydiaUrl, Symlink, WritePermission, JailAppsExists, Mod, InstallMode, Installer, Dylibs, ApplicationVersion, GameBundleID, DeviceCheck

The workaround is quite easy, just find the dictionary generation and find the field that stores the entire dictionary, all can be done without hooks. Then you need to log values from jailbreak device that would understand to find out the values and substitute the whole dictionary. Also in IDA you can understand all dictionary methods in more detail. If you bypass the dictionary, you will not be banned in the lobby.

Checks at the entrance during the gaming match

And so, if you went around the dictionary replacing it and does not ban you in the lobby, then you can rejoice, but not for long. If you notice in the dictionary there is a value Devicecheck, is the size of the Device token that is generated when you enter the account and during the game match. The dimensions of these lines should be the same, and Device token also stores information about the device.

DeviceCheck is a common technology from Apple designed to authenticate devices and exchange data between the server and devices. With it, developers can determine whether the device has been taken into account in any action or used for a specific purpose. For example, this may be useful in preventing fraud or restricting the use of services.

This token allows developers to detect on the server side of the ip.

The only way to get around this detector is if you log the token with the jailbreak device and change your token in the game and indicate the size of the token in the device. Token can be replaced through the field as well without hooks. But if one token is used many times, then it will fly into the detector. Thus, in order to make a safe ip for everyone, you need to collect a lot of tokens from different devices with jailbreak and add them to the database, after which it will help everyone to give out their tokens and for some time to protect themselves from the ban, but even so you will receive a ban since you use a token on two different devices and accounts, just the Standoff2 server and the anti-cheat system as a whole does not work perfectly, does not process all requests and it bans with 'packages'.It may seem that some cheat is really without a ban, but a couple of days is enough and the entire base of tokens flies into the detector, and there is also a line Mod, you can analyze it in detail in IDA, it can also be related to DeviceCheck to some extent. And hashes of libraries can fall into the detector, since some libraries have different hashes on different devices, in fact, Standoff2 has less powerful checks and it’s enough for developers to go out with conspiracy that they will be able to completely finish the anti-cheat.
Any cheat and any ipa will be released through time, the server part of the game is not good enough to process all requests quickly and ban accounts, throw tokens into the detector and so on.

Well, when entering the game match, application_install_mode is checked too, the value of Adhoc is a detector, the original must have a Store. Finding this will also not be difficult according to the data that I have already given you.

It's mainly the whole info he provided about the anticheat. I translated the whole text from Russian and tried to optimize it, but a lot of russian slang words were used and I might missed something, tell me if you didn't understand something.

Updated May 23, 2024 by TrizeMelon