Hack Bullet Force - Vulnerabilities & Exploits - Gold Hack

[Liderluigi 2.9k iPad Air 2 8.4]

Hi guys!

This game: Bullet Force, recently appeared on App Store and has become somehow a little bit famous, so I decided to take a look at it in any form to get exploits or vulnerabilities. I always prefer hacking in my own way which is no memory search or debugging at all, but inspecting packets going through server-client. And I found some interesting stuff!

First of all, when you register a new account, the app access the database DIRECTLY to store the new user and some data, which is a very BAD idea indeed. Here is some proof:



Therefore, ANYONE can access the database with just some newbie SQL-Injection, modify values, and even steal accounts!
Heres an account email, but I won't show the password:


I successfully had access to this account! I could even PLAY with it too!

Proof of randomly chosen account password:



Then, I stopped messing around with accounts, I wanted some currency! The same thing I did before, i did it now with MY account. I got some gold, some coins and cases too, BUT I could also add me unlocks, kills deaths, etc.

Proof:



Proof on device:

PIC 1: http://i.epvpimg.com/drqdd.png
PIC 2: http://i.epvpimg.com/4U0fh.png

However, Gold hacks gets you instantly banned.

I also noticed "accounts" TABLE on SQL had a variable called "unbanned" (Type: BOOL), therefore, anyone that gets banned can get unbanned so easily by just inserting a "TRUE"! Proof:



All in all... This game is still in beta, thats why its so simple and bad written. So guys, be careful if you rgister using the same password and email than your own. Finally found out how to get gold without ban (08/12/16)

GOLD HACK

PIC 3 (Unlocks): http://i.epvpimg.com/a2add.png
PIC 4 (Multiplayer):http://i.epvpimg.com/L4Fkb.jpg

If you want a free account with tons of gold: https://iosgods.com/topic/41847-huge-giveaway-bullet-force-credits-cases-gold-and-lv80/#entry1359042
If you want Credits and XP: https://iosgods.com/topic/41811-tool-bullet-force-ios-android-credits-and-xp-hack/

Peace!

Updated January 22, 2017 by Amuyea

[WolfDesigns 2.2k iPhone 5s 9.1]

Want me to alarm them?

[NitroxicDemon 3.2k 8.1.2]

lmfao

[Patricktph 36.5k 10.2.1]

hmm..

[Liderluigi 2.9k iPad Air 2 8.4]

Want me to alarm them?

 

If you can, yeah lol

[Diversityy 32.1k iPhone 7 Plus 10.2]

hmu

[DZ Hicham 1.9k iPhone Xs Max 13.5.1]

u got banned!

[jakob197925 19 9 9.0.2]

Figures

Updated December 7, 2016 by jakob197925

[QQRK 1.1k 8.0.2]

I have no clue how to hack it.....

[NICK0127 0 8]

thx