• Sky
  • Mint
  • Azure
  • Indigo
  • Blueberry
  • Blackcurrant
  • Watermelon
  • Strawberry
  • Pomegranate
  • Ruby Red
  • Orange
  • Banana
  • Apple
  • Emerald
  • Teal
  • Chocolate
  • Slate
  • Midnight
  • Maastricht
  • Charcoal
  • Matte Black
Welcome to iOSGods

Register now to gain access to all of our features. Once registered and logged in, you will be able to contribute to this site by submitting your own content or replying to existing content. You'll be able to customize your profile, receive reputation points as a reward for submitting content, while also communicating with other members via your own private inbox, plus much more!

This message will be removed once you have signed in.

Sign in to follow this  
Followers 0
Liderluigi

 Hack
Bullet Force - Vulnerabilities & Exploits - Gold Hack

145 posts in this topic

Hi guys!

This game: Bullet Force, recently appeared on App Store and has become somehow a little bit famous, so I decided to take a look at it in any form to get exploits or vulnerabilities. I always prefer hacking in my own way which is no memory search or debugging at all, but inspecting packets going through server-client. And I found some interesting stuff!

First of all, when you register a new account, the app access the database DIRECTLY to store the new user and some data, which is a very BAD idea indeed. Here is some proof:

bGZUd.png

Therefore, ANYONE can access the database with just some newbie SQL-Injection, modify values, and even steal accounts!
Heres an account email, but I won't show the password:

DWN1b.png
I successfully had access to this account! I could even PLAY with it too!

Proof of randomly chosen account password:

oyjFf.png

Then, I stopped messing around with accounts, I wanted some currency! The same thing I did before, i did it now with MY account. I got some gold, some coins and cases too, BUT I could also add me unlocks, kills deaths, etc.

Proof:

5C7pc.png

Proof on device:

PIC 1: http://i.epvpimg.com/drqdd.png
PIC 2: http://i.epvpimg.com/4U0fh.png

However, Gold hacks gets you instantly banned.

I also noticed "accounts" TABLE on SQL had a variable called "unbanned" (Type: BOOL), therefore, anyone that gets banned can get unbanned so easily by just inserting a "TRUE"! Proof:

RywTg.png

All in all... This game is still in beta, thats why its so simple and bad written. So guys, be careful if you rgister using the same password and email than your own. :)Finally found out how to get gold without ban (08/12/16)

GOLD HACK :update:

PIC 3 (Unlocks): http://i.epvpimg.com/a2add.png
PIC 4 (Multiplayer):http://i.epvpimg.com/L4Fkb.jpg

If you want a free account with tons of gold: https://iosgods.com/topic/41847-huge-giveaway-bullet-force-credits-cases-gold-and-lv80/#entry1359042
If you want Credits and XP: https://iosgods.com/topic/41811-tool-bullet-force-ios-android-credits-and-xp-hack/

Peace!

Edited by Amuyea
37

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   1 member


    • Administrators |
    • Global Moderators  |
    • Moderators  |
    • ViP |
    • Cheaters |
    • Modders  |
    • Novice Cheaters |
    • Rookie Modders |
    • Supporters  |
    • GFX Team  |
    • Senior Members |
    • Members |