Tutorial How to decrpyt .dll or other files using Termux app (Root and ARM only, 5.0 and up)

AndnixSH

PMT Elite Modder
Original poster
Staff member
Modding-Team
Jun 27, 2017
4,680
296,900
1,213
Modding World
I have found a new way to decrypt .dll and other files using Termux. In this tutorial, I'll show you how to decrypt an encrypted .dll file

Requirements:
- Rooted device or Emulator. ARM or x86.
- A powerful Android device: 1 GB RAM, 4 cores, 1.5 - 2.x GHz. If you have a low-end device, your device may freeze during dumping.
- Available free space of Internal storage or Sdcard: 2 GB
- Requires Android 5.0 and up. Works on Marshmallow 6.0.1. Termux will not work on 4.4.4 and below.
- Termux app. It is avaliable on Play Store
- Modified Winhex for Windows (free version will not work for this purpose).
http://www52.zippyshare.com/v/7Ki4aIMi/file.html

Notes:
There is no need PIE patching. gdb 7.12 natively support Android 5.0 and up

If your device is running Kitkat 4.4.4 and below, please read the old tutorial: How to decrypt an encrypted .dll file

Using Android Emulator?
Termux and GDB fully support x86, but Termux only work on 5.0 and above due to system limitation, so you have to use the following emulator that have Lollipop 5.0 ROM and above

MEmu emulator running Lollipop CR5 (Recommended)
Download Lollipop RC5 ROM: MEmu 2.9.6 & 5.1 Package (31/03/2017) - Google Drive

How to setup Lollipop RC5 ROM: MEmu Android 5.1 RC5 is Released! - MEmu App Player

To transfer files to PC, just copy the file to /Sdcard/Download and the file will appear at C:\Users\<your name>\Downloads\MEmu Download\

You can change the shared folder in MEmu settings.

Remix OS player running Marshmallow
Download: Remix OS Player - The Most Advanced Android Game Emulator for PC.

AMIDuOS running Lollipop (30 day trail)
Download: Run Android on Windows - Fastest Android Emulator

I'm not sure if other emulators support shared folder. Just find it yourself.

Finding the package name of the app:
Find the package name of the app you're going to hack!
This will be required to find the app in the Terminal app we're going to use soon.
It's usually called "com.DEVELOPER_CODE.GAME_CODE".
You can find it going (with your browser) to the Google Play website, looking for the game you have installed on your device and then copying what's next to "id=".

See screenshot:

proxy?url=http%3A%2F%2Fi.imgur.com%2FbMhWiLw.png


Alternatively, you can Install Package Name Viewer 2.0 from play store and you'll find the package name of any app you have installed on your device.

proxy?url=http%3A%2F%2Fi.imgur.com%2FlFDllQU.jpg


If your device is running Cyanogenmod/Lineage OS, you can go to Settings -> Apps and then you'll find the package name of any app you have installed on your device.

dH2dx7q.png


Termux setup and decryption:
Open Termux. It should be very similar to the following one:

proxy?url=http%3A%2F%2Fi.imgur.com%2FEv8iUxd.png


Type the following commands:

Code:
apt update
Update package infomation
apt-get update
downloads the package lists from the repositories and "updates" them to get information on the newest versions of packages and their dependencies.

Code:
apt install gdb tsu
Install both gdb and tsu

gdb is a process debugger
tsu is a root mode for Termux.

Press the home button and launch the game. Let the game fully load.

Open multitask, and go back to Termux

Type the following commands:

Code:
su
Enter Superuser mode
Grant root access to enter superuser mode for your device when asked.

Code:
dumpsys meminfo | grep com*
Show process list

This command will search for all the running processes starting with "com." (the * is a jolly symbol which means any letter/number/symbol). The package name of the game is always at top. Don't forget to write it down

proxy?url=http%3A%2F%2Fi.imgur.com%2FiHsIwkW.png


Code:
exit
Exit Superuser mode

Code:
tsu
Enter root mode for Termux

Code:
gdb -pid <pid>
attach a process with gdb

Example:
Code:
gdb -pid 12345
Hit return to continue when asked.

Do not worry about any warnings like these you may read in the Terminal app:

proxy?url=http%3A%2F%2Fi.imgur.com%2F7d8Qp45.png


Code:
gcore <path>
save core file

Example:
Code:
gcore /sdcard/thegametodump
Type Y when asked

This will take 3-5 minutes. You device may freeze during dumping. Do not touch your device.

Code:
quit
quit gdb
And deattach the process when asked

Or you can exit Termux session from notification

proxy?url=http%3A%2F%2Fi.imgur.com%2F7McpFv5.jpg


Connect your device to your computer and copy your dumped file, if the file does not appear, just create a folder and move the file. This way Windows should be able to see it

Recover decrypted files using WinHex:
Open Winhex.exe

File -> Open... and select a dumped file

Tools -> Disk Tools -> File Recovery by Type

HfbJdcY.png


Click the "+" next to "Programs" (1) and check "Windows exec." (2). Now, select the folder where you want the new file to be generated under "Output Folder" (3).

Ensure "Complere byte-level search" is checked (4) and then click "OK" (5).

7e6W8nE.png


The file recover will now begin and, when it finished you'll get a message like this:

MsPP0tr.png


Now, reach the location where you saved this file and delete all files with the ".com" extension. They're not needed and may only cause confusion.

You can finally close WinHex.

Happy modding!

Credits:
AndnixSH
Fredrik (Termux app)

Who want gdb gcore to work on emulator? do you got "Target does not support core file generation"? please help me force this dev to solve gcore problem for x86 by commenting at https://github.com/termux/termux-packages/issues/942
 
Last edited:

agarzki07

Platinian
Jan 23, 2018
17
0
53
31
what is the meaning of this errors? After i use winhex full version. i got this file log . it says below. please help

02/18/2018, 20:36:05
Windows exec. (exe), header: MZ.[\x00-\x02].[\x00-\x02], default size: 1048576

C:\Users\marlo\Desktop\dumpFILE\MonkeyKing
Scope: 00000000 - 458EAD47
Complete byte-level search


02/18/2018, 20:36:17
60 file headers were found. 0 files were retrieved.
 

henrique99

Rookie
Jun 14, 2017
3
1
13
24
when I run the command gdb -pid <myprocess> I receive this error The program 'gdb' is not installed. Install it by executing: pkg install gdb Nox emulator android 5.1
xJ70K1U.png
 
  • Like
Reactions: zakodai

agarzki07

Platinian
Jan 23, 2018
17
0
53
31
install first the gdb by apt update then
apt install gdb tsu. then follow all instructions here
 

AndnixSH

PMT Elite Modder
Original poster
Staff member
Modding-Team
Jun 27, 2017
4,680
296,900
1,213
Modding World
what i will do to the dll I dump ? so many results founds and with extension of dll
Find the dll by yourself, the biggest file is usally Assembly-Csharp.dll

when I run the command gdb -pid <myprocess> I receive this error The program 'gdb' is not installed. Install it by executing: pkg install gdb Nox emulator android 5.1
xJ70K1U.png
Termux tsu is not working correctly on emulator, please report issue at https://termux.com/community
 

diego vazquez

Rookie
Mar 10, 2018
4
0
3
39
I have found a new way to decrypt .dll and other files using Termux. In this tutorial, I'll show you how to decrypt an encrypted .dll file

Requirements:
- Rooted device or Emulator. ARM or x86.
- A powerful Android device: 1 GB RAM, 4 cores, 1.5 - 2.x GHz. If you have a low-end device, your device may freeze during dumping.
- Available free space of Internal storage or Sdcard: 2 GB
- Requires Android 5.0 and up. Works on Marshmallow 6.0.1. Termux will not work on 4.4.4 and below.
- Termux app. It is avaliable on Play Store
- Modified Winhex for Windows (free version will not work for this purpose).
***Hidden content cannot be quoted.***

Notes:
There is no need PIE patching. gdb 7.12 natively support Android 5.0 and up

If your device is running Kitkat 4.4.4 and below, please read the old tutorial: How to decrypt an encrypted .dll file

Using Android Emulator?
Termux and GDB fully support x86, but Termux only work on 5.0 and above due to system limitation, so you have to use the following emulator that have Lollipop 5.0 ROM and above

MEmu emulator running Lollipop CR5 (Recommended)
Download Lollipop RC5 ROM: ***Hidden content cannot be quoted.***

How to setup Lollipop RC5 ROM: MEmu Android 5.1 RC5 is Released! - MEmu App Player

To transfer files to PC, just copy the file to /Sdcard/Download and the file will appear at C:\Users\<your name>\Downloads\MEmu Download\

You can change the shared folder in MEmu settings.

Remix OS player running Marshmallow
Download: Remix OS Player - The Most Advanced Android Game Emulator for PC.

AMIDuOS running Lollipop (30 day trail)
Download: Run Android on Windows - Fastest Android Emulator

I'm not sure if other emulators support shared folder. Just find it yourself.

Finding the package name of the app:
Find the package name of the app you're going to hack!
This will be required to find the app in the Terminal app we're going to use soon.
It's usually called "com.DEVELOPER_CODE.GAME_CODE".
You can find it going (with your browser) to the Google Play website, looking for the game you have installed on your device and then copying what's next to "id=".

See screenshot:

proxy?url=http%3A%2F%2Fi.imgur.com%2FbMhWiLw.png


Alternatively, you can Install Package Name Viewer 2.0 from play store and you'll find the package name of any app you have installed on your device.

proxy?url=http%3A%2F%2Fi.imgur.com%2FlFDllQU.jpg


If your device is running Cyanogenmod/Lineage OS, you can go to Settings -> Apps and then you'll find the package name of any app you have installed on your device.

dH2dx7q.png


Termux setup and decryption:
Open Termux. It should be very similar to the following one:

proxy?url=http%3A%2F%2Fi.imgur.com%2FEv8iUxd.png


Type the following commands:

Code:
apt update
Update package infomation
apt-get update
downloads the package lists from the repositories and "updates" them to get information on the newest versions of packages and their dependencies.

Code:
apt install gdb tsu
Install both gdb and tsu

gdb is a process debugger
tsu is a root mode for Termux.

Press the home button and launch the game. Let the game fully load.

Open multitask, and go back to Termux

Type the following commands:

Code:
su
Enter Superuser mode
Grant root access to enter superuser mode for your device when asked.

Code:
dumpsys meminfo | grep com*
Show process list

This command will search for all the running processes starting with "com." (the * is a jolly symbol which means any letter/number/symbol). The package name of the game is always at top. Don't forget to write it down

proxy?url=http%3A%2F%2Fi.imgur.com%2FiHsIwkW.png


Code:
exit
Exit Superuser mode

Code:
tsu
Enter root mode for Termux

Code:
gdb -pid <pid>
attach a process with gdb

Example:
Code:
gdb -pid 12345
Hit return to continue when asked.

Do not worry about any warnings like these you may read in the Terminal app:

proxy?url=http%3A%2F%2Fi.imgur.com%2F7d8Qp45.png


Code:
gcore <path>
save core file

Example:
Code:
gcore /sdcard/thegametodump
Type Y when asked

This will take 3-5 minutes. You device may freeze during dumping. Do not touch your device.

Code:
quit
quit gdb
And deattach the process when asked

Or you can exit Termux session from notification

proxy?url=http%3A%2F%2Fi.imgur.com%2F7McpFv5.jpg


Connect your device to your computer and copy your dumped file, if the file does not appear, just create a folder and move the file. This way Windows should be able to see it

Recover decrypted files using WinHex:
Open Winhex.exe

File -> Open... and select a dumped file

Tools -> Disk Tools -> File Recovery by Type

HfbJdcY.png


Click the "+" next to "Programs" (1) and check "Windows exec." (2). Now, select the folder where you want the new file to be generated under "Output Folder" (3).

Ensure "Complere byte-level search" is checked (4) and then click "OK" (5).

7e6W8nE.png


The file recover will now begin and, when it finished you'll get a message like this:

MsPP0tr.png


Now, reach the location where you saved this file and delete all files with the ".com" extension. They're not needed and may only cause confusion.

You can finally close WinHex.

Happy modding!

Credits:
iAndroHacker
Fredrik (Termux app)

Who want gdb gcore to work on emulator? do you got "Target does not support core file generation"? please help me force this dev to solve gcore problem for x86 by commenting at https://github.com/termux/termux-packages/issues/942


hi, I would like you to help me decrypt a .dll file I was tried and I get the following error
first I leave captures of my operating system

Android version
http://img.fenixzone.net/i/u1cI09U.png

Root Only
http://img.fenixzone.net/i/VrZMA9v.png

Termux SuperSu
http://img.fenixzone.net/i/2OMfvKn.png

permission of SuperSu termux
http://img.fenixzone.net/i/j0Cde6o.png

when I enter a termux and write apt update I get an error
http://img.fenixzone.net/i/mi6vlxc.png

I have another doubt, when I write the code SU should not put me first "@root"
http://img.fenixzone.net/i/H6lrxQW.png
 

agarzki07

Platinian
Jan 23, 2018
17
0
53
31
What if i got dll with biggest than csharp dll. I got assembly csharp and plug in dll but the plug in dll has a classes i needed for modding. How to use it to apk for compiling. I got blue screen when i try to rename it as assebly csharp
 

Ducting6

Awesome Active Platinian
Jul 25, 2018
105
2,622
193
26
Spoof
MEmu emulator running Lollipop CR5 still support termux ? And the link is outdated