How to dump iOS Il2Cpp games

Posted by AndnixSH

You might remember a long time ago I wrote a tutorial how to dump iOS Il2Cpp games manually, means you have to find the offset by yourself. Today, you don’t have to dump manually anymore, you can dump games easly with a few steps.

Note: I’m using iOS 14, so this tutorial might not be relevant for iOS 15 and above using rootless jailbreak

First, you need decrypted IPA that contains decrypted binary. There are many ways how to obtain it:
a) Decrypted IPA Downloader: decrypt.day, anyipa.me, or others. You don’t even need a jailbroken device, you just download a decrypted IPA straight forward via a web browser

b) iOS Tweaks: CrackerXI+, DumpDecryptor. Jailbroken iOS device is required

Once installed, open it and choose the app you want to install. The decrypted IPA will be stored in /var/mobile/Documents/.

c) Scripts: appdecrypt, frida-ios-dump, frida-ios-hook. PC and a jailbroken iOS device required. Read the instructions how to use it

d) Grab binary and global-metadata.dat manually from jailbroken device

  • Use Filza app.
  • Go to /var/containers/Bundle/Application/(App-UDID)/(AppName).app
  • Grab UnityFramework file from “/var/containers/Bundle/Application/(App-UDID)/(AppName).app/Frameworks/UnityFramework.framework/”. If it doesn’t exist, grab the binary file from “/var/containers/Bundle/Application/(App-UDID)/(AppName).app”. Usually the binary filename is usually same as (AppName).app folder.
  • Grab global-metadata.dat binary file from “/var/containers/Bundle/Application/(App-UDID)/(AppName).app/Data/Managed/Metadata/”

Keep in mind, the binary installed on the device might not be fully decrypted and may cause errors when dumping.

Transfering files from iOS to PC:
If you like, you can transfer the file to your PC using SSH. See tutorial how to setup SSH on iOS: How to Setup SSH Server on iPhone or iPad and transfer files from your PC? - Techglimpse
And use any FTP or SSH tool on your PC. I’m using WinSCP

1689781705923.png

Il2Cpp dumper tool

In order to dump il2cpp offsets, you need:

Once you downloaded the tool and obtained the decrypted IPA, binary or UnityFramework, we can proceed to dump the game

Reminder: If you attempt to dump encrypted binary/IPA, you will get an error "ERROR: This Mach-O executable is encrypted and cannot be processed.

Il2CppDumper GUI support drag and dropping IPA file straight forward.

If you use original Il2CppDumper, open IPA file using any Zip Utility and extract UnityFramework from “Payload/(AppName).app/Frameworks/UnityFramework.framework/” (or binary file "Payload/(AppName).app/(AppName)), and global-metadata.dat “Payload/(AppName).app/Data/Managed/Metadata/”.

1689781508663.png

Launch Il2CppDumper, select UnityFramework/binary file, then select global-metadata.dat

Once dumped successfully, you will have a dump.cs, DummyDll, and other files.

1689781584212.png

Have fun modding

Comments

Post a Comment

Popular Posts

VMOS Pro Global CN FREE Custom ROMs | Gapps, ROOT, Xposed | Android 4.4.4, 5.1.1, 7.1.2, 9.0 ROMs | NO VIP

Posted by AndnixSH
Image
VMOS Pro was protected so I wasn’t able to modify/crack APK. Instead, I made a custom ROM as a zip file for VMOS Pro that includes permanent root and Xposed, all done on my Android phone because zipping on Windows or Linux caused corruption on the ROM file. You don’t need to use modded APK at all YOU CANNOT INSTALL ANY OTHER ROMS SUCH AS SAMSUNG, HUAWEI, ETC THAT ARE NOT MADE FOR VMOS. VMOS ROM IMPORTING IS FOR VMOS ROM ONLY. PLEASE DO NOT BE DUMB! FOR EMULATOR USERS: DO NOT TRY TO RUN VMOS IN EMULATORS, ALL VM APPS ARE NEVER SUPPORTED AND WILL SUBJECT TO CRASH. THIS IS ABSOLUTELY DUMB WAY TO DO IT. INSTEAD, INSTALL OTHER EMULATORS LISTED HERE: https://www.andnixsh.com/2018/10/free-android-emulator-collections.html Tested on VMOS Pro 2.9.7 on Android 11 Download VMOS Pro app English and Chinese version has been combined into one APK, so you will get same version if you downloaded from EN or CN website Global (EN) website: https://www.vmos.com/ Chinese website: http://www.vmos.c
Read more

[TOOL] Unity Assets Bundle Extractor

Posted by AndnixSH
Image
Unity .assets and AssetBundle editor UABE is an editor for Unity 3.4+/4/5/2017/2018 .assets and AssetBundle files. It can create standalone mod installers from changes to .assets and/or bundles. Type information extracted from Unity is used in order to generate text representations of various asset types. Custom MonoBehaviour types also are supported. There are multiple plugins to convert Unity assets from/to common file formats : The Texture plugin can export and import .png and .tga files and decode&encode most texture formats used by Unity. The TextAsset plugin can export and import .txt files. The AudioClip plugin can export uncompressed .wav files from U5's AudioClip assets using FMOD, .m4a files from WebGL builds and Unity 4 sound files. The Mesh plugin can export .obj and .dae (Collada) files, also supporting rigged SkinnedMeshRenderers. The MovieTexture plugin can export and import .ogv (Ogg Theora) files.
Read more