How to decrypt .dll and other files using Termux app (Root and ARM only, 5.0 and up)
I have found a new way to decrypt
.dll and other files using Termux. In this tutorial, I'll show you how to
decrypt an encrypted .dll file
Requirements:
- Rooted device or Emulator. ARM or x86.
- A powerful Android device: 1 GB
RAM, 4 cores, 1.5 - 2.x GHz. If you have a low-end device, your device may
freeze during dumping.
- Available free space of Internal storage
or Sdcard: 2 GB
- Requires Android 5.0 and up. Works
on Marshmallow 6.0.1. Termux will not work on 4.4.4 and below.
- Package Name Viewer 2.0 or use play.google.com to see the package name in the URL. This is not required for
Cyanogenmod/Lineage OS users
Notes:
There is no need PIE patching. gdb
7.12 natively support Android 5.0 and up
If your device is running Kitkat
4.4.4 and below, please read my old tutorial: http://www.iandrohacker.net/2015/11/tutorial-how-to-decrypt-encrypted-dll.html
Does
it work on Emulator?
Yes, Termux and GDB are working, but
it does not support dumping a memory, return an error "Target does not
support core file generation"
Please try this method
instead: https://www.alphagamers.net/threads/decrpyting-an-encrypted-dll-using-gameguardian-root-only-android-4-0-5-0-6-0-7-0.271525/
![[IMG]](https://i.imgur.com/cZPTbQi.png)
Finding the package name of the app:
Find the package name of the app
you're going to hack!
This will be required to find the
app in the Terminal app we're going to use soon.
It's usually called
"com.DEVELOPER_CODE.GAME_CODE".
You can find it going (with your
browser) to the Google Play website, looking for the game you have installed on
your device and then copying what's next to "id=".
See screenshot:
Alternatively, you can Install Package
Name Viewer 2.0 from play store and you'll find the package name of any app you
have installed on your device.
If your device is running
Cyanogenmod/Lineage OS, you can go to Settings
-> Apps and then you'll find the
package name of any app you have installed on your device.
![[IMG]](https://i.imgur.com/dH2dx7q.png)
Termux setup and decryption:
Open Termux. It should be very
similar to the following one:
Type the following commands:
Tip: apt-get or apt doesn't matter. apt-get's
most commonly used commands are available in apt
apt update
Update package infomation
apt-get update
downloads the package lists from the repositories and "updates" them
to get information on the newest versions of packages and their dependencies.
apt install gdb
tsu
Install both gdb and tsu
gdb is a process debugger
tsu is a root mode for Termux.
Press the home button and launch the
game. Let the game fully load.
Open multitask, and go back to
Termux
Type the following commands:
su
Superuser mode
And grant root access to enter
superuser mode for your device.
dumpsys meminfo
| grep com*
Show process list
This command will search for all the
running processes starting with "com." (the * is a jolly symbol which
means any letter/number/symbol). The package name of the game is always at top.
Don't forget to note it
exit
Exit Superuser mode
tsu
Root mode for Termux
gdb -pid
<pid>
attach a process with gdb
Example:
gdb -pid 12345
Hit return to continue when asked.
Do not worry about any warnings like
these you may read in the Terminal app:
gcore <path>
save core file
Example:
gcore
/sdcard/thegametodump
Type Y when asked
This will take 3-5 minutes. You
device may freeze during dumping. Do not touch your device.
quit
quit gdb
And deattach the process when asked
Or you can exit Termux session from
notification
Connect your device to your computer
and copy your dumped file, if the file does not appear, just create a folder
and move the file. This way Windows should be able to see it
Recover decrypted files using WinHex
Open Winhex.exe
File -> Open... and select a
dumped file
Tools -> Disk Tools -> File
Recovery by Type

Click the "+" next to
"Programs" (1) and check "Windows exec." (2). Now, select
the folder where you want the new file to be generated under "Output
Folder" (3).
Ensure "Complere byte-level
search" is checked (4) and then click "OK" (5).

The file recover will
now begin and, when it finished you'll get a message like this:

Now, reach the
location where you saved this file and delete all files with the
".com" extension. They're not needed and may only cause confusion.
You can finally close
WinHex.
Happy modding!
Credits:
iAndroHacker
Fredrik (Termux
app)
Comments
Post a Comment