How to dump and mod il2cpp games (2016) (Obsolete)

Posted by AndnixSH
THIS METHOD IS OLD. CLICK HERE TO SEE NEW TUTORIAL

 Disclaimer: This tutorial is for modders only, NOT for beginners

In this tutorial, i dump Craft Royale as an example. Let's get started

Before you start, check if the game was build in latest Unity3d and have il2cpp lib and make sure you meet requirements

This method will not work for x86 only apps/games

Requirements:
* Be an advanced modder
* IDA Pro. Download link
* Notepad++. Download link
* il2cpp dumper with interactive CLI. Download link
* Any Hex Editor software. I'm using Hex Workshop. Download link
* Online ARM converter. Link to the website
* Basic C# knowledge

* Basic IDA knowledge

Open the APK with 7-Zip or WinRAR and extract the libil2cpp.so and global-metadata.dat file.
libil2cpp.so is located in "lib\armeabi-v7a" and global-metadata.dat is located in "\assets\bin\Data\Managed\Metadata".


Disassemble the file libil2cpp.so on IDA first

In functions window, press CTRL + F and search il2cpp::vm::MetadataCache::Register

[​IMG]

See the results. Open the function with .plt Segment

[​IMG]

You need to find out which function calls il2cpp::vm::MetadataCache::Register. There is the long name below the function name

[​IMG]

Select it and press X to XREF's it. Click OK
 [​IMG]

Found it. Look at the unk offsets (unknown offsets) #1 and #2 (marked in red). This is what you need to dump the libil2cpp.so and global-metadata.dat. Each games always have same functions but different offsets

[​IMG]

Launch the Il2CppDumper console program. Input the unk offsets #1 and #2

[​IMG]

The program will dump and close and you will get the dump.cs file

[​IMG]

Before you mod, check HEX-view in IDA so see if the binary uses THUMB or ARM.  4 byte is THUMB and 8 byte hex is ARM. This is ARM

[​IMG]

Open the .cs file with Notepad++ because it will automatically highlight the whole code. Press CTRL+F and start searching the useful keywords. Click on "Find All in All Opened Documents" to find results of the keyword you searched. The green text of offsets are from IDA. The other numbers, I don't know

[​IMG]

Open a Hex editor program and open libil2cpp.so file. Search the offset of the function, and click Go, it will find the right offset for you

[​IMG]

[​IMG]

Enjoy modding!

Credits:
Jumboperson (John) https://github.com/Jumboperson/Il2CppDumper
iAndroHacker (Interactive CLI)

Comments

Post a Comment

Popular Posts

VMOS Pro Global CN FREE Custom ROMs | Gapps, ROOT, Xposed | Android 4.4.4, 5.1.1, 7.1.2, 9.0 ROMs | NO VIP

Posted by AndnixSH
Image
VMOS Pro was protected so I wasn’t able to modify/crack APK. Instead, I made a custom ROM as a zip file for VMOS Pro that includes permanent root and Xposed, all done on my Android phone because zipping on Windows or Linux caused corruption on the ROM file. You don’t need to use modded APK at all YOU CANNOT INSTALL ANY OTHER ROMS SUCH AS SAMSUNG, HUAWEI, ETC THAT ARE NOT MADE FOR VMOS. VMOS ROM IMPORTING IS FOR VMOS ROM ONLY. PLEASE DO NOT BE DUMB! FOR EMULATOR USERS: DO NOT TRY TO RUN VMOS IN EMULATORS, ALL VM APPS ARE NEVER SUPPORTED AND WILL SUBJECT TO CRASH. THIS IS ABSOLUTELY DUMB WAY TO DO IT. INSTEAD, INSTALL OTHER EMULATORS LISTED HERE: https://www.andnixsh.com/2018/10/free-android-emulator-collections.html Download VMOS Pro app English and Chinese version has been combined into one APK, so you will get same version if you downloaded from EN or CN website Global (EN) website: https://www.vmos.com/ Chinese website: http://www.vmos.cn/product_center_vmospro.htm Download c
Read more

How to activate VMOS Assistant to run VMOS on Android 12 and above

Posted by AndnixSH
Image
In Android 12 and above, the system restricts the process, the virtual machine runs unstable or cannot continue to run in the background. You need to obtain shell permissions to remove the restriction. Therefore, it is necessary to download VMOS Assistant to assist in obtaining Shell permissions. You only need to activate it once. After activation once, you don’t need to pay attention to the activation status of the assistant. If VMOS Pro runs unstable or cannot continue to run in the background, just activate it again! When you try to use VMOS app without VMOS Assistant on Android 12 and above, you will get a prompt to download it Activation: In this tutorial, I will use my tablet Samsung Galaxy S6 Lite running Android 13 Download and install VMOS assistant from the official website: VMOS小助手 Open the VMOS assistant, and open the first four steps of preparation. Steps translated below 1. Connect your phone to WiFi 2. Unlock the “Developer Options” in the system settings 3. Tur
Read more