The amount of code does not nessecarily indicate the complexity of the features/security, neither does the feature list or appearance of the menu. How02's cheat features probably have far less code than the security mechanism surrounding them. You can have a cheat with a simple box esp with 50k lines of code that has nothing to do with the box esp and it doesnt make the product simpler. The cheat features itself are the easiest part of creating a cheat for pubg, i can do that and have done it before and i am not even a half decent programmer. The real difficulty is reversing the anticheat methods, not using any public code and in how02's case with the supervisor you move out of simple cheat programs into windows kernel stuff that you can spend years on in order to get a basic understanding of whats going on. And even if you understand whats going on, you still need to be able to write code thats efficient, works on different version of windows etc. etc.
menu, features, keybinds all this kinda stuff is just the 5-10% on the surface and the cheat itself is as stated before up and running, all features are working and keeping them working isnt a problem. The real work is getting around all the AC-measures in a way that holds up to indepth analysis by AC engineers and doesn't require a rework every month, while keeping performance high, crashes low and maintenance to a minimum. And battleye does not stay within traditional limits of ac's, they dont give a fuck. The ac isn't even well coded or thought through, some methods they have implemented before to detect certain cheats are kind of mind boggling. A product that is publicly available to anyone the way BSS is, needs tremandous amounts of prevention to not get owned by some whacky detection that can lead to false positives and no sane mind would(should) use.