How to dump iOS Il2Cpp games

Posted by AndnixSH

You might remember a long time ago I wrote a tutorial how to dump iOS Il2Cpp games manually, means you have to find the offset by yourself. Today, you don’t have to dump manually anymore, you can dump games easly with a few steps.

Note: I used iOS 14 at the time of writing this tutorial, so it might not be relevant for iOS 15 and above using rootless jailbreak. Don’t ask me to try on iOS 15 or above. I have no plan using latest iOS or buying new iDevices

First, you need decrypted IPA that contains decrypted binary. There are many ways how to obtain it:

a) Decrypted IPA Downloader: decrypt.day, anyipa.me, or others. You don’t even need a jailbroken device, you just download a decrypted IPA straight forward via a web browser

b) iOS Tweaks: CrackerXI+, DumpDecryptor. Jailbroken iOS device is required

Once installed, open it and choose the app you want to install. The decrypted IPA will be stored in /var/mobile/Documents/.

c) Scripts: appdecrypt, frida-ios-dump, frida-ios-hook. PC and a jailbroken iOS device required. Read the instructions how to use it

d) Grab binary and global-metadata.dat manually from jailbroken device (Not recommended because the binary not fully decrypted, dump may fail. It’s semi-decrypted)

  • Use Filza app.

  • Go to /var/containers/Bundle/Application/(App-UDID)/(AppName).app

  • Grab UnityFramework file from “/var/containers/Bundle/Application/(App-UDID)/(AppName).app/Frameworks/UnityFramework.framework/”. If it doesn’t exist, grab the binary file from “/var/containers/Bundle/Application/(App-UDID)/(AppName).app”. Usually the binary filename is usually same as (AppName).app folder.

  • Grab global-metadata.dat binary file from “/var/containers/Bundle/Application/(App-UDID)/(AppName).app/Data/Managed/Metadata/”

Transfering files from iOS to PC:

If you like, you can transfer the file to your PC using SSH. See tutorial how to setup SSH on iOS: How to Setup SSH Server on iPhone or iPad and transfer files from your PC? - Techglimpse
And use any FTP or SSH tool on your PC. I’m using WinSCP

1689781705923.png

Il2Cpp dumper tool

In order to dump il2cpp offsets, you need:

Once you downloaded the tool and obtained the decrypted binary or UnityFramework, we can proceed to dump the game

Il2CppDumper GUI support drag and dropping IPA file straight forward.

If you use original Il2CppDumper, open IPA file using any Zip Utility and extract UnityFramework from “Payload/(AppName).app/Frameworks/UnityFramework.framework/” (or binary file "Payload/(AppName).app/(AppName)), and global-metadata.dat “Payload/(AppName).app/Data/Managed/Metadata/”.

1689781508663.png

Launch Il2CppDumper, select UnityFramework/binary file, then select global-metadata.dat

Once dumped successfully, you will have a dump.cs, DummyDll, and other files.

1689781584212.png

Have fun modding

Comments

Post a Comment

Popular Posts

VMOS Pro Global CN FREE Custom ROMs | Gapps, ROOT, Xposed | Android 4.4.4, 5.1.1, 7.1.2, 9.0 ROMs | NO VIP

Posted by AndnixSH
Image
VMOS Pro was protected so I wasn’t able to modify/crack APK. Instead, I made a custom ROM as a zip file for VMOS Pro that includes permanent root and Xposed, all done on my Android phone because zipping on Windows or Linux caused corruption on the ROM file. You don’t need to use modded APK at all YOU CANNOT INSTALL ANY OTHER ROMS SUCH AS SAMSUNG, HUAWEI, ETC THAT ARE NOT MADE FOR VMOS. VMOS ROM IMPORTING IS FOR VMOS ROM ONLY. PLEASE DO NOT BE DUMB! FOR EMULATOR USERS: DO NOT TRY TO RUN VMOS IN EMULATORS, ALL VM APPS ARE NEVER SUPPORTED AND WILL SUBJECT TO CRASH. THIS IS ABSOLUTELY DUMB WAY TO DO IT. INSTEAD, INSTALL OTHER EMULATORS LISTED HERE: https://www.andnixsh.com/2018/10/free-android-emulator-collections.html Download VMOS Pro app English and Chinese version has been combined into one APK, so you will get same version if you downloaded from EN or CN website Global (EN) website: https://www.vmos.com/ Chinese website: http://www.vmos.cn/product_center_vmospro.htm Download c
Read more

How to activate VMOS Assistant to run VMOS on Android 12 and above

Posted by AndnixSH
Image
In Android 12 and above, the system restricts the process, the virtual machine runs unstable or cannot continue to run in the background. You need to obtain shell permissions to remove the restriction. Therefore, it is necessary to download VMOS Assistant to assist in obtaining Shell permissions. You only need to activate it once. After activation once, you don’t need to pay attention to the activation status of the assistant. If VMOS Pro runs unstable or cannot continue to run in the background, just activate it again! When you try to use VMOS app without VMOS Assistant on Android 12 and above, you will get a prompt to download it Activation: In this tutorial, I will use my tablet Samsung Galaxy S6 Lite running Android 13 Download and install VMOS assistant from the official website: VMOS小助手 Open the VMOS assistant, and open the first four steps of preparation. Steps translated below 1. Connect your phone to WiFi 2. Unlock the “Developer Options” in the system settings 3. Tur
Read more