Help! Unity games unlock/Uncap framerates Discussion

I want to unlock FPS of a game named laya's horizon. I have dumped it's protected il2cpp file and attached the results. What would you guys do next ? Edit application.targetframerate ? Some other parameters ? At what RVA will you use the hex editor.
 

Attachments

Yes, you can hex patch get_targetFrameRate.
If the game is for pc, then you would also need disable vsync (set QualitySettings.VSyncCount to 0). But this game is a mobile game, right? Then you don't need to worry about vsync.

So yes, just editing application.targetframerate should work👍
 
Yes, you can hex patch get_targetFrameRate.
If the game is for pc, then you would also need disable vsync (set QualitySettings.VSyncCount to 0). But this game is a mobile game, right? Then you don't need to worry about vsync.

So yes, just editing application.targetframerate should work👍
Well, there are three references in dump file for that function. And only one has a rva value with it. It is, application target framerate set(int 32)().

I don't know hex editing or arm8 hex code editing. Do you have any idea how to actually edit the value.
 
There is that get method I mentioned in your dump, use it's rva:

1730394148162.png

There are many tutorials here like this one for hex patching
ll2Cpp Dump + Modding
But basically, first you need a hex code which you replace the original code with:
1730395423337.png

This should do: E0 7C 80 D2 C0 03 5F D6, code for int number 999.
You can make your own in armconverter.com by replacing the 999 with another number.

Then open libil2cpp.so in a hex editor, ctrl+g and paste the part after 0x of that rva: 194ae80 and enter.
You are now in the address of the rva. Then copy that hex code and press ctrl+b to replace original code.
Then save and build your apk with the edited libil2cpp.so
 
There is that get method I mentioned in your dump, use it's rva:

View attachment 678417
There are many tutorials here like this one for hex patching
ll2Cpp Dump + Modding
But basically, first you need a hex code which you replace the original code with:
View attachment 678420
This should do: E0 7C 80 D2 C0 03 5F D6, code for int number 999.
You can make your own in armconverter.com by replacing the 999 with another number.

Then open libil2cpp.so in a hex editor, ctrl+g and paste the part after 0x of that rva: 194ae80 and enter.
You are now in the address of the rva. Then copy that hex code and press ctrl+b to replace original code.
Then save and build your apk with the edited libil2cpp.so
I took the hex value you gave and put it in the address. I then copied this file to my rooted android, in the game lib's folder and game crashes. Any idea why ? Should the game crash if i just replace lib ? Do i need to compile it ?
 
There is that get method I mentioned in your dump, use it's rva:

View attachment 678417
There are many tutorials here like this one for hex patching
ll2Cpp Dump + Modding
But basically, first you need a hex code which you replace the original code with:
View attachment 678420
This should do: E0 7C 80 D2 C0 03 5F D6, code for int number 999.
You can make your own in armconverter.com by replacing the 999 with another number.

Then open libil2cpp.so in a hex editor, ctrl+g and paste the part after 0x of that rva: 194ae80 and enter.
You are now in the address of the rva. Then copy that hex code and press ctrl+b to replace original code.
Then save and build your apk with the edited libil2cpp.so
I suspected some corruption so I started the project again. This time the game didn't crash when I replaced the hex edited file. But the FPS didn't unlock either.
 
Hmm ok. I'm not too familiar with armv8a hex codes so I might've made a mistake.
This one is definitely correct:
80 0C 80 D2 C0 03 5F D6 (100 value int). If it works, we can search for a larger value.
If it doesn't, then there's something else wrong.

Should the game crash if i just replace lib ? Do i need to compile it ?
Also, replacing in the lib folder is ok
 
Thanks, checked if the generated offsets were ok, seems good.
My last idea would be using a nop code: 1F 20 03 D5 C0 03 5F D6 on Start() and Update() (maybe all functions in SetTargetFramerate to be sure).
That would hopefully make the script not work, and then editing application.targetframerate would work.
 
Thanks, checked if the generated offsets were ok, seems good.
My last idea would be using a nop code: 1F 20 03 D5 C0 03 5F D6 on Start() and Update() (maybe all functions in SetTargetFramerate to be sure).
That would hopefully make the script not work, and then editing application.targetframerate would work.
I don't have the understanding (yet) to patch the file in the way you explained. If you want, you can download this game from this website itself for better inspection, as one modder has released it after removing netflix susbcription requirements. This task turned out to be more complicated than I initally thought.
 
I don't have the understanding (yet) to patch the file in the way you explained. If you want, you can download this game from this website itself for better inspection, as one modder has released it after removing netflix susbcription requirements. This task turned out to be more complicated than I initally thought.
It's exactly the same as before. You get the RVA of the function just like with that int before and then patch it with that nop code with ctrl+b.
But I can try for myself too sure👍
 
Here's the libil2cpp: https://file.io/CX179vmXMUHY (uncapped/999 fps)
Just needed to mod the GetDesiredFPS() and get_DesiredFrameRate(). Maybe I gave you the wrong hex codes

it's for v.1.7.673, if you don't have that version I can share the whole app
Hey man ! THANKS FOR YOUR HELP. I Don't need any further patch. I was able to use the Hex codes you earlier gave and mod my il2cpp file myself with these two fucntions and framerate unlocked. I guess the key was to do them both at same time. Again, thanks for your help.
 
Back
Top Bottom