Il2CppDumper GUI Tool updated to 1.0.8



1.0.8 (2019-03-29)
- Updated Il2CppDumper to 4.2.5-beta, with support of NSO file (Nintendo Switch)
- Can drag and drop DLL (GameAssembly.dll of PC game) and NSO file (Nintendo Switch)

Extract .NET metadata from il2cpp binaries. (types, methods, fields, etc.)

Extraction code is based on Il2CppDumper

Requirements:
- Net Framework 4
- Windows 7 and above

Features:
  • Supports il2cpp binaries in ELF(arm, x86) and Mach-O(32bit, 64bit) format
  • Supports global-metadata version 16 and 19-24
  • Extracts .NET metadata including types, fields, properties, methods and attributes
  • Supports automated IDA script generation
    • name and tag methods
    • store dynamic string literals in comments
o    makefunction to improve ida analysis
  • Generates dummy DLLs that can be viewed in .NET decompilers

GUI Features:
·         Select files
·         Rename files
·         Set output directory.
·         Set mode.
·         Set registration offsets
·         Auto fill up offset registrations after dump
·         Drag and drop support
·         Remember everything except registrations
·         Logs saves on exit. It saves on your documents if tool is located in C drive.
·         Support open APK with Il2CppDumper to start dump automation

Download:
https://usersdownload.com/users/AndnixSH/1770/Il2CppDumper%20GUI

https://app.box.com/s/30ksq8uw787iz72xzdz270dtp9ojohmy

http://www.mediafire.com/folder/x3or31t30o5t1/Il2CppDumper_GUI

https://yadi.sk/d/RkRxnr9avbPeRw

How to use:
This works as same as original Il2CppDumper but with GUI.

For Android: Simply drop APK to start dump automation or extract libil2cpp.so file from ARM or x86 folder (Android). Extract global-metadata.dat from \Data\Managed\Metadata\

For iOS: Open IPA as 7-zip or Winrar and extract binary file that does not have a file extension and open as binary file. Extract global-metadata.dat from \Data\Managed\Metadata\

For PC: Open GameAssembly.dll as binary file and open global-metadata.dat from [Game name]\il2cpp_data\Metadata

Nintendo Switch: Open NSO file as binary file i guess? sorry, I'm not familar with it.

Set your output directory

Rename the files if you want

Select your mode. If manual set, you need to imput offsets you found in the binary file.

Press START when you are ready

Extraction Modes
Manual
The parameters (CodeRegistration and MetadataRegistration) that are passed to il2cpp::vm::MetadataCache::Register()needs to be manually reverse engineered and passed to the program.

Auto
Automatically finds the il2cpp_codegen_register() function by signature matching and read out the first (CodeRegistration) and second (MetadataRegistration) parameter passed to the il2cpp::vm::MetadataCache::Register()method that will be invoked in the registration function. May not work well due to compiler optimizations.

Auto(Advanced)
Matches possible pointers in the data section. Generally works better than Auto mode.
Supports metadata version 20 and later (only CodeRegistration address can be found on metadata version 16).

Auto(Plus) - Recommended
Matches possible pointers in the data section with some guidance from global-metadata. Works better than Auto(Advanced)mode on certain binaries.
Supports metadata version 20 and later (only CodeRegistration address can be found on metadata version 16).

Auto(Symbol)
Uses symbols in the il2cpp binary to locate CodeRegistration and MetadataRegistration.
Only supports certain Android ELF files.

Output files
dump.cs
C# pseudocode. Can be viewed in text editors (syntax highlighting recommended)

script.py
Requires IDA and IDAPython. Can be loaded in IDA via File -> Script file.

DummyDll
DLLs generated by Mono.Cecil which contain the .NET metadata extracted from the binary (no code included). Can be viewed in .NET decompilers.

Configuration
All the configuration options are located in config.json Available options:
  • DumpMethod, DumpField, DumpProperty, DumpAttribute, DumpFieldOffset
    • Whether or not the program should extract these information
  • DummyDll
    • Whether or not the program should generate dummy DLLs
  • ForceIl2CppVersion, ForceVersion
    • If ForceIl2CppVersion is true, the program will use the version number specified in ForceVersion to choose parser for il2cpp binaries (does not affect the choice of metadata parser). This may be useful on some older il2cpp version (e.g. the program may need to use v16 parser on ilcpp v20 (Android) binaries in order to work properly)

Common errors
ERROR: Metadata file supplied is not valid metadata file.
The specified global-metadata.dat is invalid and the program cannot recognize it. Make sure you choose the correct file. Sometimes games may obfuscate this file for content protection purposes and so on. Deobfuscating of such files is beyond the scope of this program, so please DO NOT file an issue regarding to deobfuscating.

ERROR: Can't use this mode to process file, try another mode.
Try other extraction modes.

WARNING: Version 16 can only get CodeRegistration
Use the CodeRegistration information to get the MetadataRegistration, then use the manual mode to process the file.

If all automated extraction modes failed with this error and you are sure that the files you supplied are not corrupted/obfuscated, please file an issue with the logs and sample files.

Credits:
Perfare: https://github.com/Perfare/Il2CppDumper
AndnixSH (GUI)

Kommentarer

Tilføj en kommentar