Tutorial Manually dump il2cpp unity 2019.x.x on Android games

AndnixSH

AndnixSH

PMT Elite Modder
Original poster
Staff member
Modding-Team
Jun 27, 2017
4,536
302,527
1,213
Modding World
This is for Unity 2019.x.x on Android games

Input correct unity version you have found in any asset files... Just put 2019.1

When the error occur, do NOT close cmd. Remember the offset of MetadataRegistration

166759


In the GUI version of dumper, it will also write the MetadataRegistration offset for you

166763


Disassemble libil2cpp.so file with IDA Pro and let it finish loading for a while

Press G and jump to address of MetadataRegistration

166760


Press X to view xrefs as follows.

166761


Double-click on the blue selection in the figure to jump.

armeabi-v7a:
The CodeRegistration offset is right below MetadataRegistration

166762


arm64-v8a:
Press space to switch to graph mode and look way above

166775


Can't press space due to red instructions?
Click on the loc_xxxxx and press X to view xrefs as follows.

TDJR8to.png


Double-click on the blue selection in the figure to jump.

Click on the loc_xxxxx and press X to view xrefs again

283LIW9.png


And double-click on the blue selection in the figure to jump.

You will be jumped to sub_xxxxx where you can see the CodeRegistration offset highlighted

8j6XC7M.png


x86:
The CodeRegistration offset is right below MetadataRegistration

166776


Relaunch il2cppdumper and dump manually with the offsets you have found

166764
 
Last edited:
  • Like
  • Love
Reactions: Robzer, Rubasalam, Polar.Bear and 15 others
AndnixSH

AndnixSH

PMT Elite Modder
Original poster
Staff member
Modding-Team
Jun 27, 2017
4,536
302,527
1,213
Modding World
komik said:
i have test it, still same
Click to expand...
It's Encrypted, filled with 0 bytes
For now do some research, dump it from memory and recover it. I will make public tutorial if many games encrypt il2cpp but my method is useless in some games since encrypted bottom blocks can't be recovered by dump

167715
 
Last edited:
  • Like
Reactions: jarumgate
nik2143

nik2143

Jr. PMT Modder
Staff member
Modding-Team
Jun 30, 2018
532
28,401
1,193
Italy
AndnixSH said:
It's Encrypted, filled with 0 bytes
For now do some research, dump it from memory and recover it. I will make public tutorial if many games encrypt il2cpp but my method is useless in some games since encrypted bottom blocks can't be recovered by dump

View attachment 167715
Click to expand...
I hope for a release
 
O

opzon

Platinian
Apr 29, 2018
5
1
3
32
Somewher
Being new to modding I probably shouldn't be here. Regardless, with my game I didn't get blue text stating 'CodeRegistration' but I did follow the guide and this is for armeabi-v7a. Assuming my code registration is after R0, PC, R0 like yours is mine looks like D1CBB0 (not starting with a number) and my 'MetadataRegistration' looks like d533f0 (again, doesn't start with a number and idk if that would matter just seems weird to me).

Picture of the IDA location along with a picture of Il2CppDumper dumping out the registration code and of course I almost forgot the picture of the error when I enter the two.
 

Attachments

AndnixSH

AndnixSH

PMT Elite Modder
Original poster
Staff member
Modding-Team
Jun 27, 2017
4,536
302,527
1,213
Modding World
@opzon Blue text are just my comments. You are doing right, this error just game compatibility issues. Can you tell me what game it is?
 
You must log in or register to reply here.
Top Bottom