How to use il2cpp.h, script.json & stringliteral.json files from Il2CppDumper

Posted by AndnixSH

When you dump il2cpp games using Il2CppDumper, you will get the following files:

- il2cpp.h: Structure information header file
- script.json: For ida.py/ida_py3.py and ghidra.py
- stringliteral.json: Contains all stringLiteral information

The scripts are in the same folder of the Il2CppDumper executeable, if you extracted all. Otherwise, you can get them from Il2CppDumper releases. We only need following scripts for Android games

ida.py and ida_py3.py: Script for IDA to read script.json file
ida_with_struct.py and ida_with_struct_py3.py: Script for IDA to read script.json file and il2cpp.h file to apply structure information. It helps IDA load faster
ghidra.py: Script for Ghidra to read script.json file
ghidra_with_struct.py: Script for Ghidra to read script.json file and il2cpp.h file to apply structure information. It helps Gridra load faster

IDA Pro

The first thing to do is to make sure you have Python installed. You need Python 2 if using IDA 7.3 or below, and Python 3 if using IDA 7.4 or above (Correct me if i’m wrong)

Open IDA and load the il2cpp binary file straight forward

While the binary is loading, you can click File -> Script file… and load the .py script already. Navigate to the il2cppdumper directory and open one of the py files for your IDA version

1608928484162.png

ida.py or ida_py3.py: Script for IDA to read json file
ida_with_struct.py or ida_with_struct_py3.py: Script for IDA to read json file and read il2cpp.h file and apply structure information. It helps IDA load things faster

1608928514260.png

Note: If the .py files are not shown, check the dropdown like the screenshot above. If it only shows Script files (*.idc), means python hasn’t been installed correctly or enviorment path as not been set. Please make sure you have installed Python Correctly. It must show *Script files (*.idc, py)

Wait for the script to load. If you got bad declaration warning, just click OK. You can check “Don’t display this message again” if the warning is shown again

1608928524909.png

After that, you have now function names to search

1608928546515.png

Do not load stringliteral.json manually, it is automatically loaded

Ghidra

Python 3 needs to be installed on the system in order to use Python scripting in Ghidra.

Open Ghidra and load the il2cpp binary file straight forward

While the binary is loading, click the green Play button to open the Script Manager

1608928560356.png

Click List icon to open Bundle Manager

1608928565643.png

Click plus button to open file selection dialog

1608929074597.png

Navigate to the Il2CppDumper location that contains ghidra.py file, select the Il2CppDumper folder or other desired location and click OK

1608929085848.png

Your directory will be added to Bundle Manager.

1608929112688.png

Now close it

Search ghidra.py, select it on the list and click Play

1608929099457.png

The script will run and ask you to select script.json, select it and click Open. The type is not filtered but notice the title that it says script.json

1608929125414.png

Wait for it to load…

1608929133979.png

After that, you have now function names

1608929139011.png

Using ghidra_with_struct.py
If you want to use ghidra_with_struct.py, you first need to convert il2cpp.h to ghidra using il2cpp_header_to_ghidra.py. This script is broken, so download my modified script and replace it in the il2cppdumper location you have just selected https://github.com/AndnixSH/Il2CppDumper-GUI-1/raw/patch-1/Il2CppDumper/il2cpp_header_to_ghidra.py

Open Script Manager (The green Play button), and run select il2cpp_header_to_ghidra.py

Image 2023 05 23 18 40 31.png

Choose il2cpp.h file

Image 2023 05 23 18 50 32.png

If successful, the file il2cpp_ghidra.h will be generated

Image 2023 05 23 20 33 01.png

Open Script Manager again, and run select ghidra_with_struct.py

Image 2023 05 23 20 04 38.png

Select script.json file

Image 2023 05 23 20 21 13.png

Since it doesn’t ask for il2cpp.h or il2cpp_ghidra.h, unlike in IDA script, i’m not certain if it detects il2cpp_ghidra.h or not. I’m not familar with Ghidra so I can’t really tell. Feel free to comment if you have any infomation about it

Comments

Post a Comment

Popular Posts

VMOS Pro Global CN FREE Custom ROMs | Gapps, ROOT, Xposed | Android 4.4.4, 5.1.1, 7.1.2, 9.0 ROMs | NO VIP

Posted by AndnixSH
Image
VMOS Pro was protected so I wasn’t able to modify/crack APK. Instead, I made a custom ROM as a zip file for VMOS Pro that includes permanent root and Xposed, all done on my Android phone because zipping on Windows or Linux caused corruption on the ROM file. You don’t need to use modded APK at all YOU CANNOT INSTALL ANY OTHER ROMS SUCH AS SAMSUNG, HUAWEI, ETC THAT ARE NOT MADE FOR VMOS. VMOS ROM IMPORTING IS FOR VMOS ROM ONLY. PLEASE DO NOT BE DUMB! FOR EMULATOR USERS: DO NOT TRY TO RUN VMOS IN EMULATORS, ALL VM APPS ARE NEVER SUPPORTED AND WILL SUBJECT TO CRASH. THIS IS ABSOLUTELY DUMB WAY TO DO IT. INSTEAD, INSTALL OTHER EMULATORS LISTED HERE: https://www.andnixsh.com/2018/10/free-android-emulator-collections.html Download VMOS Pro app English and Chinese version has been combined into one APK, so you will get same version if you downloaded from EN or CN website Global (EN) website: https://www.vmos.com/ Chinese website: http://www.vmos.cn/product_center_vmospro.htm Download c
Read more

How to activate VMOS Assistant to run VMOS on Android 12 and above

Posted by AndnixSH
Image
In Android 12 and above, the system restricts the process, the virtual machine runs unstable or cannot continue to run in the background. You need to obtain shell permissions to remove the restriction. Therefore, it is necessary to download VMOS Assistant to assist in obtaining Shell permissions. You only need to activate it once. After activation once, you don’t need to pay attention to the activation status of the assistant. If VMOS Pro runs unstable or cannot continue to run in the background, just activate it again! When you try to use VMOS app without VMOS Assistant on Android 12 and above, you will get a prompt to download it Activation: In this tutorial, I will use my tablet Samsung Galaxy S6 Lite running Android 13 Download and install VMOS assistant from the official website: VMOS小助手 Open the VMOS assistant, and open the first four steps of preparation. Steps translated below 1. Connect your phone to WiFi 2. Unlock the “Developer Options” in the system settings 3. Tur
Read more