Tutorial ll2Cpp Dump + Modding

Ner0X · Jun 3, 2020

is there a similar app for Android? an alp that dumps ill2cpp? Android disassembler "export" button doesnt work.
Is there an android app that converts from binary .so to c or something?

the il2cppDumper files contain some .py files. can i somehow port the il2cpp dump feature using those files to the Androis system using Python 3 app?

polluter · Aug 14, 2020

Hello, @DaRealPanDa
I want to ask you something for modding ll2Cpp Dump
I try to mod (game: MaskGun) like in tutorial
In video tutorial Ididn't see RVA - offset -VA what number should i change by HEx editor

Yaskashije · Aug 14, 2020

polluter said:
In video tutorial I didn't see RVA - offset -VA what number should i change by HEx editor
View attachment 245112

You are editing offsets when modding libs.

polluter · Aug 14, 2020

Yaskashije said:
You are editing offsets when modding libs.

Thanks, i have another question some game I search for Hp or damage or attack I didn't find anything
Do you know any shortcuts for finding results?

Yaskashije · Aug 14, 2020

polluter said:
Thanks, i have another question some game I search for Hp or damage or attack I didn't find anything
Do you know any shortcuts for finding results?

You have to figure that out by yourself. Try using other keywords. Every game has their own. If you find nothing, try something else.
There's also chances that stuff you want to search is part of a bigger structure, like instead of get_hp, you have something like BattleData, and you will have to use IDA and some testings on there to know if HP is there and if it can be edited.
Could also happen it's server sided so nothing can be actually found.

Playing the game itself will be kinda important too. If you try to mod something you know nothing about, you won't be able to easily find the useful stuff.

Who knows, modding is a slow process. Tutorials are a bad example, they just show you can mod some game in 15 minutes.
They don't show you can easily spend weeks figuring out what offsets to modify and how to modify them.

Adam3658 · Aug 14, 2020

Well will try

arudi · Aug 16, 2020

what if the games have both assembly csharp and cpp.so?

arudi · Aug 16, 2020

tried to mod game Coin Master, checked in dump.cs found that there are two function

public static bool AreCardsVisible { get; }
public static bool AreCardsUnlocked { get; }

with the offset number I edit libil2cpp and change the hex to 1. but after signed and install cards still locked and not visible.

I have question:
1. Which hex code is correct to modify the data? i still have no knowledge on hex number, just get from google hex code for true variable.
2. how do we know if that fuction is correct one? honestly i don't know whether hex number is incorrect or the function i get is incorrect.

really appreciate your help here

DaRealPanDa · Aug 16, 2020

arudi said:
tried to mod game Coin Master, checked in dump.cs found that there are two function

public static bool AreCardsVisible { get; }
public static bool AreCardsUnlocked { get; }

with the offset number I edit libil2cpp and change the hex to 1. but after signed and install cards still locked and not visible.

I have question:
1. Which hex code is correct to modify the data? i still have no knowledge on hex number, just get from google hex code for true variable.
2. how do we know if that fuction is correct one? honestly i don't know whether hex number is incorrect or the function i get is incorrect.

really appreciate your help here

Coin Master is 100% server-sided and not modable.

theuser09 · Aug 21, 2020

Hello sir, im sorry. i wanna ask, what happen to this? is it protected? what am i missing? thank you

MollyAx · Aug 27, 2020

theuser09 said:
Hello sir, im sorry. i wanna ask, what happen to this? is it protected? what am i missing? thank you
View attachment 246328

Me too.

LimeVanilla · Oct 7, 2020

DaRealPanDa said:
You have to understand the basic assembler instructions and you need a converter like this one:

1. HEX To ARM Converter Online
2. ARM To HEX Converter Online

or you use the one which i use:

Online Assembler and Disassembler

shell-storm.org

Basic Instructions are as example:

ADD <----- ADD a specific value to a Method
MOV <----- It's like change the value from the Method to a specific value
SUB <----- Substract a specific value in a Method
NOP <----- No Operation Operator, means when you use that the value will freeze as example
BX LR <----- Is like "return", so this will end the method
RET <----- Is like "return", so this will end the method but for x86 modding

For armeabi-v7a libraries i'm using the exact same hex code everytime:

Return " 1 " or "True" for bool:

01 00 A0 E3 1E FF 2F E1

as instruction:

MOV R0, #1
BX LR

Return " 0 " or "False" for bool:

00 00 A0 E3 1E FF 2F E1

as instruction:

MOV R0, #0
BX LR

Return a high Value ( only for Int, for a Method with a short data type this one will not work ):

12 07 A0 E3 1E FF 2F E1

as instruction:
MOV R0, #0x480000
BX LR

But from all the Instructions above i'm using only MOV, BX LR and RET. Never used ADD, SUB, NOP, but it depends on your own modding style, on the Method and if it's a libil2cpp.so Game or a libGame.so.

Hi,

Thanks for this one. How can I add a single values for experience points?

I make a test with BX LR at the end of the offset and it going straight to 2+++++++ of my level account every time I get experience point. How to make it to single digit?

Here is the original ARM

.BYTE 0xd9, 0xc9, 0xa9, 0x00
adceq r8, r8, r0, ror r8
adceq r8, r8, r0, ror #16
push {r4, r5, r6, sl, fp, lr}

And I change to this one.

.BYTE 0xd9, 0xc9, 0xa9, 0x00
adceq r8, r8, r0, ror r8
adceq r8, r8, r0, ror #16
bx lr <-- this one..

LEIIKUN · Oct 16, 2020

DaRealPanDa said:
You have to understand the basic assembler instructions and you need a converter like this one:

1. HEX To ARM Converter Online
2. ARM To HEX Converter Online

or you use the one which i use:

Online Assembler and Disassembler

shell-storm.org

Basic Instructions are as example:

ADD <----- ADD a specific value to a Method
MOV <----- It's like change the value from the Method to a specific value
SUB <----- Substract a specific value in a Method
NOP <----- No Operation Operator, means when you use that the value will freeze as example
BX LR <----- Is like "return", so this will end the method
RET <----- Is like "return", so this will end the method but for x86 modding

For armeabi-v7a libraries i'm using the exact same hex code everytime:

Return " 1 " or "True" for bool:

01 00 A0 E3 1E FF 2F E1

as instruction:

MOV R0, #1
BX LR

Return " 0 " or "False" for bool:

00 00 A0 E3 1E FF 2F E1

as instruction:

MOV R0, #0
BX LR

Return a high Value ( only for Int, for a Method with a short data type this one will not work ):

12 07 A0 E3 1E FF 2F E1

as instruction:
MOV R0, #0x480000
BX LR

But from all the Instructions above i'm using only MOV, BX LR and RET. Never used ADD, SUB, NOP, but it depends on your own modding style, on the Method and if it's a libil2cpp.so Game or a libGame.so.

What about a value of 0 like for example get_EnemyDamage and I want it to become just 0? I could just use the 0 or false value right? Thank you!

Yaskashije · Oct 16, 2020

LEIIKUN said:
What about a value of 0 like for example get_EnemyDamage and I want it to become just 0? I could just use the 0 or false value right? Thank you!

I recommend you to test things like this before asking, since testing is an important part in learning how to mod.

In my experience, I found it's better to place the less amount of 0 possible in returns (unless false in a bool, or 0 to HP/cost) just because several games have not implemented a "good" behaviour for stats valued at 0. For example, if Def is a denominator in the damage calculation formula, making it a 0 could perfectly break the game or have unexpected/arbitrary results. Same happens when you make a value so big it becomes 1 or 0.

timmyyy19977 · Apr 28, 2021

Hi king, I am having a question. I have successfully modded a game, but I can't figure out how to change the return value of a float/double type method. I only success in int returns.
Like I want to return a 999.0 float,

44 7A 00 00 = 999.0
HEX: 7A 04 04 E3 1E FF 2F E1

00 00 00 00 = 0.0
00 00 00 E3 1E FF 2F E1

But the return value is always way off. It is shown as something like "1.47xxxxxE-15"
What is wrong here?

LEIIKUN · Apr 28, 2021

timmyyy19977 said:
Hi king, I am having a question. I have successfully modded a game, but I can't figure out how to change the return value of a float/double type method. I only success in int returns.
Like I want to return a 999.0 float,

44 7A 00 00 = 999.0
HEX: 7A 04 04 E3 1E FF 2F E1

00 00 00 00 = 0.0
00 00 00 E3 1E FF 2F E1

But the return value is always way off. It is shown as something like "1.47xxxxxE-15"
What is wrong here?

There are different between int and float/double hex type.

Best ARM Converter

Welcome to the Sbenny.com's Exclusive Best ARM/HEX Converter.Here are its main advantages compared to other arm converters: 1) It's faster and has an in-built machine learning; 2) HEX values are formatted in a better way and support GG format, too; 3) sub_ and loc_ branches are handled without...

forum.sbenny.com

timmyyy19977 · Apr 28, 2021

LEIIKUN said:
There are different between int and float/double hex type.

Best ARM Converter

Welcome to the Sbenny.com's Exclusive Best ARM/HEX Converter.Here are its main advantages compared to other arm converters: 1) It's faster and has an in-built machine learning; 2) HEX values are formatted in a better way and support GG format, too; 3) sub_ and loc_ branches are handled without...

forum.sbenny.com

Thank you. I tried using HEX convertor, and got myself a simple list.

Integers
00 00 A0 E1 1E FF 2F E1 = NOP
00 00 A0 E3 1E FF 2F E1 = False or number 0
01 00 A0 E3 1E FF 2F E1 = True or number 1
02 00 A0 E3 1E FF 2F E1 = number 2
0A 00 A0 E3 1E FF 2F E1 = number 10
0F 00 A0 E3 1E FF 2F E1 = number 15
10 00 A0 E3 1E FF 2F E1 = number 16
11 00 A0 E3 1E FF 2F E1 = number 17
1E 00 A0 E3 1E FF 2F E1 = number 30
32 00 A0 E3 1E FF 2F E1 = number 50
96 00 A0 E3 1E FF 2F E1 = number 150
C8 00 A0 E3 1E FF 2F E1 = number 200
2C 01 00 E3 1E FF 2F E1 = 300 (12C)
E7 03 00 E3 1E FF 2F E1 = 999 (3E7)
DC 0F 00 E3 1E FF 2F E1 = number 4060
DC 0F 0F E3 1E FF 2F E1 = number 65500

float
00 00 00 E3 1E FF 2F E1

3F 00 00 00 = 0.5
00 0F 03 E3 1E FF 2F E1

3F 80 00 00 = 1.0
80 0F 03 E3 1E FF 2F E1

44 7A 00 00 = 999.0
7A 04 04 E3 1E FF 2F E1

The integer returns work like a charm. But float returns are always run, and meanwhile I have no idea what is the format for double returns. Could you please tell me if I have did anything wrong in float returns? And how to return doubles?

Thanks a lot!

Greyscale · Jul 13, 2021

I found another folder inside lib "arm64-v8a" the inside is same like armv7 but the size is different, what should i do with this folder?

DaRealPanDa · Jul 13, 2021

Greyscale said:
I found another folder inside lib "arm64-v8a" the inside is same like armv7 but the size is different, what should i do with this folder?
View attachment 306662

You found that inside the "Lib" and not inside the "armv64".
Use the armv7 and just delete the armv64 inside the apk.

Anle2703 · Aug 22, 2021

i find value by dnSpy, may i ask how to find value to dumb enemy in some game bro? tks!

Tutorial ll2Cpp Dump + Modding

Platinian

Solid & Active Platinian

PMT Elite Modder

Solid & Active Platinian

PMT Elite Modder

Rookie

Platinian

Platinian

Co-Administrator

Platinian

Platinian

Platinian

Retired Staff

PMT Elite Modder

Platinian

Retired Staff

Platinian

Platinian

Co-Administrator

Platinian