[Archived] How to fix Invalid RVA Address error and workaround
As we
already knew, after v1.9.0 , all the library files has been encrypted and we no
longer be able to change easily using .NET Reflector
Tool that we need:
- CFF Explorer.
- HxD or Hex Workshop
- .NET Reflector with Reflexil.
Step by step:
1 - Extract/decompile the APK file using Apktool or open APK with Winrar, go to /assets/bin/data/ and extract the Managed folder. Go the location of the Assembly-CSharp.dll and open it with CFF Explorer.
2 - Go the ".NET Directory" section, you will see something like this.
3 - Take a look at that "MetaData RVA". If you open this file in .NET Reflector, it will show you some error like this.
4 - Now, change that MetaData RVA from E9AAC908 to 001AF31C (i will tell the reason later).
Save it and re-open.
![[IMG]](https://i.imgur.com/hzksSfT.png)
5 - Now go "MetaData Header" section, at "Signature", change the Value to 424A5342 (this is string "BSJB" on hex)
6 - Go to the "MetaData Streams" , plus 4 units on each offset. You will have something like this.
![[IMG]](https://i.imgur.com/XG5aeWs.png)
7 - Save it. Now open it again with .NET Reflector and see the miracle. But do not feel happy yet, now the real hell come if you want to mod.
8 - If you try to open any function inside Assembly-CSharp.dll via .NET Reflector, it will give you some error like this pic and doesn't show any OP Code or so.
![[IMG]](https://i.imgur.com/cN47MAn.png)
9 - So what do we do now?
This time, i will use method "setTimeAcceleration" as example. You can do same for another .
Choose it , take a look at Reflexil windows, go to Attribute tab and check the RVA field.
![[IMG]](https://i.imgur.com/4Xgrs7g.png)
10 - Back to CFF Explorer, go to "Section Headers [x]" and see 2 values at "Virtual Address" and "Raw Address" column on ".text" row.
![[IMG]](https://i.imgur.com/cqkiHkK.png)
11 - The common formula is: Physical Address = RVA - Virtual Address + Raw Address + [X]
In this case, Physical Address for that function is C8DC0 - 2000 + 200 + C = C6FCC
C8DC0 = 822720 in hex
( For the number [X] , i cannot fully explain it, because it can have many value . For example, when i search for method "getBaseATK" , the number [X] must be 1 so it can fit Physical address that we need to change, but for method "setTimeAcceleration", [X] = 12 = C in hex, this number i got after many times calculation, hope someone can explain this. )
12 - Go back to .NET Reflector, still in Reflexil windows, go to Instruction tab, you will notice that: the Op code somehow still familliar as the previous version.
As for "setTimeAcceleration" function, we need to change the OP Code at the 2 following part.
![[IMG]](https://i.imgur.com/1qkkMAF.png)
Look at that offset. Now, we need to re-calculate the address that we need to change.
C6FCC + 6D = C7039
![[IMG]](https://i.imgur.com/W7rHrTH.png)
Voila~
In case you need, here is the speed change function.
1x - 22 00 00 80 3f
2x - 22 00 00 00 40
3x - 22 00 00 40 40
4x - 22 00 00 80 40
5x - 22 00 00 a0 40
10x - 22 00 00 20 41
Good luck.
P/s: This isn't the only way to mod , as it's not perfect, so hope
anyone give us better solution
Update 21 april 2018: This tutorial was written by sami8j but i could not find the original link to this tutorial so i will mark this as archived
Tool that we need:
- CFF Explorer.
- HxD or Hex Workshop
- .NET Reflector with Reflexil.
Step by step:
1 - Extract/decompile the APK file using Apktool or open APK with Winrar, go to /assets/bin/data/ and extract the Managed folder. Go the location of the Assembly-CSharp.dll and open it with CFF Explorer.
2 - Go the ".NET Directory" section, you will see something like this.
3 - Take a look at that "MetaData RVA". If you open this file in .NET Reflector, it will show you some error like this.
4 - Now, change that MetaData RVA from E9AAC908 to 001AF31C (i will tell the reason later).
Save it and re-open.
5 - Now go "MetaData Header" section, at "Signature", change the Value to 424A5342 (this is string "BSJB" on hex)
6 - Go to the "MetaData Streams" , plus 4 units on each offset. You will have something like this.
7 - Save it. Now open it again with .NET Reflector and see the miracle. But do not feel happy yet, now the real hell come if you want to mod.
8 - If you try to open any function inside Assembly-CSharp.dll via .NET Reflector, it will give you some error like this pic and doesn't show any OP Code or so.
9 - So what do we do now?
This time, i will use method "setTimeAcceleration" as example. You can do same for another .
Choose it , take a look at Reflexil windows, go to Attribute tab and check the RVA field.
10 - Back to CFF Explorer, go to "Section Headers [x]" and see 2 values at "Virtual Address" and "Raw Address" column on ".text" row.
11 - The common formula is: Physical Address = RVA - Virtual Address + Raw Address + [X]
In this case, Physical Address for that function is C8DC0 - 2000 + 200 + C = C6FCC
C8DC0 = 822720 in hex
( For the number [X] , i cannot fully explain it, because it can have many value . For example, when i search for method "getBaseATK" , the number [X] must be 1 so it can fit Physical address that we need to change, but for method "setTimeAcceleration", [X] = 12 = C in hex, this number i got after many times calculation, hope someone can explain this. )
12 - Go back to .NET Reflector, still in Reflexil windows, go to Instruction tab, you will notice that: the Op code somehow still familliar as the previous version.
As for "setTimeAcceleration" function, we need to change the OP Code at the 2 following part.
Look at that offset. Now, we need to re-calculate the address that we need to change.
C6FCC + 6D = C7039
Voila~
In case you need, here is the speed change function.
1x - 22 00 00 80 3f
2x - 22 00 00 00 40
3x - 22 00 00 40 40
4x - 22 00 00 80 40
5x - 22 00 00 a0 40
10x - 22 00 00 20 41
Good luck.
P/s: This isn't the only way to mod , as it's not perfect, so hope
anyone give us better solutionUpdate 21 april 2018: This tutorial was written by sami8j but i could not find the original link to this tutorial so i will mark this as archived
Comments
Post a Comment