Tutorial How to use Auto-Il2CppDumper to dump protected Il2Cpp games (NO magisk/zygisk)
- Thread starter AndnixSH
- Start date
It has worked very well for me, but I have tried the fake lib method in a game and I have been able to obtain the dump.cs file, but the problem is that the function offsets do not appear in the file, I only get the RVA and VA.Didn't know that. Enjoy
Just use RVA offset. If RVA is incorrect, use a different device to dump with
I'll take a look but I don't think Auto dumper relies on CodeRegistration and MetadataRegistration. It uses Il2Cpp API pointers which is a different method
Please tell me if there are instructions on how to get offsets for CodeRegistration and MetadataRegistration if they are both zero.
There is one, but outdated Manually dump il2cpp unity 2019.x.x on Android games - Platinmods.com - Android & iOS MODs, Mobile Games & Apps. I don't have time to check on newer version
But it's really pointless to find offset if il2cpp is encrypted or stripped out offsets. 0 offset always means it failed to find it due to protections
Just use Auto dumper and get used to use dump.cs only
Thank you for the answers, and in general for all the information, you are super)
Tell me more, maybe there is a script (for example, in python) that will make script.json for ghidra from dump.cs?
As a result, I sketched a script in php, since I understand it better.
Collects the names of classes / structures of methods and offsets from dumps, and saves them in a format suitable for ghidra.py from
github.com
I'll leave the code here in case anyone else needs it.
Collects the names of classes / structures of methods and offsets from dumps, and saves them in a format suitable for ghidra.py from
GitHub - Perfare/Il2CppDumper: Unity il2cpp reverse engineer
Unity il2cpp reverse engineer. Contribute to Perfare/Il2CppDumper development by creating an account on GitHub.
github.com
I'll leave the code here in case anyone else needs it.
PHP:
class DataDump2json {
function parse($body) {
$body=explode("\n",$body);
$methods=[];
$namespace='';
$classname='';
$lastrva='';
$allowGetMethods=false;
$len=count($body);
for($i=0; $i<$len; $i++) {
$line=trim($body[$i]);
if (!$line) continue;
if ($line=='{') {
$allowGetMethods=true;
continue;
}
if ($line=='}') {
$allowGetMethods=false;
$namespace='';
$classname='';
$lastrva='';
continue;
}
if (preg_match("%// Namespace: (.*)%",$line,$m)) {
$namespace=trim($m[1]);
continue;
}
if (preg_match("%(?:internal|public|private|protected)(?:.*)(?:class|struct) (.+?) (?:\:|//) %",$line,$m)) {
$classname=trim($m[1]);
continue;
} else if (preg_match("%(?:internal|public|private|protected)(?:.*)(?:class|struct) (.+?)$%",$line,$m)) {
$classname=trim($m[1]);
continue;
}
/*else if (!preg_match("%(?:internal|public|private|protected)(?:.*)(?:class|struct) (.+?) (?:\:|//) %",$line,$m)&&preg_match("%(?:class|struct)(.+?)(?:\:|//) %",$line,$m)) {
var_dump($line);
continue;
} */
if ($allowGetMethods) {
if (preg_match("%// RVA: (0x[0-9a-fA-F]+) %",$line,$m)) {
$lastrva=trim($m[1]);
continue;
}
if (preg_match("%(?:public|private|protected) (?:.+) (.+)\(%",$line,$m)) {
$lastmethod=trim($m[1]);
if ($classname&&$lastrva) {
$name=($namespace?$namespace.".":"").$classname."$$".$lastmethod;
$methods[]=["Address"=>hexdec($lastrva),"Name"=>$name];
}
//var_dump([$name,$lastrva,hexdec($lastrva)]);
continue;
}
}
//var_dump($line);
//echo $line."\n";
//break;
}
$res=["ScriptMethod"=>$methods];
$json=json_encode($res, JSON_PRETTY_PRINT);
return $json;
}
function doFile($fn='') {
$body=file_get_contents($fn);
if (!$body) return false;
return $this->parse($body);
}
function test() {
$fnin='/home/ich/dump.cs';
$fnout=$fnin.'.json';
$json=$this->doFile($fnin);
if ($json===false) return false;
file_put_contents($fnout,$json);
return true;
}
}
$cls = new DataDump2json();
$cls->test();
Last edited:
That's cool. Don't you need a server to execute php file?As a result, I sketched a script in php, since I understand it better.
Collects the names of classes / structures of methods and offsets from dumps, and saves them in a format suitable for ghidra.py from
GitHub - Perfare/Il2CppDumper: Unity il2cpp reverse engineer
Unity il2cpp reverse engineer. Contribute to Perfare/Il2CppDumper development by creating an account on GitHub.
I'll leave the code here in case anyone else needs it.
There was a request to generate json, but perfare doesn't seems it work on it yet
Script.json for ghidra/ida · Issue #90 · Perfare/Zygisk-Il2CppDumper
Hi. Are you planning to add script.json as a feature for it to be used with ghidra/ida
github.com
And I checked the source of the auto dumper, it does not rely on CodeRegistration and MetadataRegistration, it is pointing to Il2Cpp APIs like il2cpp_field_get_type, il2cpp_class_from_type, il2cpp_class_get_name, etc
Why its not showing the inherited class name in list,arrays,dictionarys etc....
For example in normal dump
Dictionary<EnemyControl,string> AllEnemy;
But in this dump it is like
Dictionary`2 AllEnemy;
How will i know from which class its inheriting the list,arrays or so..???
For example in normal dump
Dictionary<EnemyControl,string> AllEnemy;
But in this dump it is like
Dictionary`2 AllEnemy;
How will i know from which class its inheriting the list,arrays or so..???