perfare / il2cppdumper Goto Github PK
View Code? Open in Web Editor NEWUnity il2cpp reverse engineer
License: MIT License
Unity il2cpp reverse engineer
License: MIT License
Thanks for you work. I'm using part of you logic for iOS in a similar project of mine, and at the end it seems the method offset are off by 1.
I'm wondering if it has something to do with the "-1" you have here: https://github.com/Perfare/Il2CppDumper/blob/master/Il2CppDumper/Macho.cs#L70.
However, offset I found are 1 bigger, not 1 lower from the correct ones...
ERROR: Unable to process file automatically, try to use manual mode.
在 Il2CppDumper.Program.Main(String[] args)
使用的是已经脱壳的il2cpp编译的某u3d游戏的二进制文件(定语好多啊2333)
链接: http://pan.baidu.com/s/1c2IkPPY 密码: cyyn
请教:DummyDll中的函数体没有解析出来,有办法把函数体也反编译出来吗?
Hi buddy,
The new version you have released is awesome. You were are to show me how to find offset with the last tricky binary but this one ive added is very unique do you have a solution to make your awesome tool work?
and is there another way for me to contact you??
I tried to dump with your software but it force close after 1.Auto 2.Manual although never press 1 or 2!! And i don't see dump.cs be created!!!
I got error when I try to dump CSR2, both Android and iOS version (32-bit).
Older version like v1.0.8 also got some errors in dumping but it dump successful.
Download link: http://www.mediafire.com/file/wnko633gfocvfs9/1.13.2.zip
ERROR: Some errors in dumping
Unable to translate Unicode character \uD800 at index 508 to specified code page
at System.Text.EncoderExceptionFallbackBuffer.Fallback(Char charUnknown, Int32 index)
at System.Text.EncoderFallbackBuffer.InternalFallback(Char ch, Char*& chars)
at System.Text.UTF8Encoding.GetBytes(Char* chars, Int32 charCount, Byte* bytes, Int32 byteCount, EncoderNLS baseEncoder)
at System.Text.EncoderNLS.GetBytes(Char[] chars, Int32 charIndex, Int32 charCount, Byte[] bytes, Int32 byteIndex, Boolean flush)
at System.IO.StreamWriter.Flush(Boolean flushStream, Boolean flushEncoder)
at System.IO.StreamWriter.Write(String value)
at Il2CppDumper.Program.Main(String[] args) i C:\projects\il2cppdumper\Il2CppDumper\Program.cs:linje 359
Press any key to exit...
As you said "It look like Metadata has been encrypted, You should decrypt the data by yourself." But I don't know where to start...
FF FF 00 00 00 00 FF FF FF FF 93 55 00 00 2C 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 C0 00 00 06 86 00 00 00 FF FF 00 00 F8 3F 06 00 5E 0E 00 00 DC 00 00 00 FF FF FF FF 00 00 00 00 FF FF FF FF 94 55 00 00 2C 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00 C1 00 00 06 86 00 00 00 FF FF 00 00 04 40 06 00 5E 0E 00 00 A0 05 00 00 FF FF FF FF 00 00 00 00 FF FF FF FF 95 55 00 00 04 00 00 00 FF FF FF FF FF FF FF FF 00 00
Noticed it when I decrypt iOS Binaries (v16, 23 tested), it either +/- to the original offset.
What I mean by this is let us say,
Original Offset is : 11455
The Decrypted Offset Shows the Instruction to be in : 11456 or 11454
This causes the IDA to not rename the function names when script is loaded because its below or above the instruction.
Here is a v16 binary for you to test:
http://www8.zippyshare.com/v/rrOhfBam/file.html
(fat binary)
I can not dump this data
" metadata file supplied is not valid metadata file " with v24 (
because new global-metadata)
https://drive.google.com/file/d/1WsLbiH55UZv_VS-txJt1llgjUkpK6Dpx/view?usp=sharing
I'm running a vm window 10 on my mac and when I try to dump subway surfer it gives me this error ERROR: il2cpp file is not supported.
at Il2CppDumper.FormGUI.A(Object , DoWorkEventArgs )
please tell me what do I need to do to fix it ASAP
Most games with metadata v22 no longer have unk offsets (R0, and R1) and auto mode does not work on obfuscated games
Can you explain where can i find another offsets?
Unable to process file automatically, try to use manual mode.
http://pan.baidu.com/s/1mixJXfa
Hi just seeing if you can supply a guide for using in manual mode? , the picture supplied does not show clearly how to use. Obviously you need an address as a pointer tried on a few different games with no success . Please and thank you
Here is the files: http://www119.zippyshare.com/v/yBEIMn3e/file.html
Select Mode: 1.Manual 2.Auto 3.Auto(Advanced) 4.Auto(Plus) 5.Auto(Symbol)
Initializing il2cpp file...
Applying relocations...
Searching...
CodeRegistration : 23faa40
MetadataRegistration : 2429d5c
Dumping...
Done !
Create DummyDll...
Value cannot be null.
Parameter name: returnType
at Mono.Cecil.MethodReference..ctor(String name, TypeReference returnType)
at Il2CppDumper.DummyAssemblyCreator..ctor(Metadata metadata, Il2Cpp il2cpp) in C:\projects\il2cppdumper\Il2CppDumper\DummyAssemblyCreator.cs:line 117
at Il2CppDumper.Program.Main(String[] args) in C:\projects\il2cppdumper\Il2CppDumper\Program.cs:line 452
Press any key to exit...
就是突然发现 函数名是看到了,但是偏移和返回类型硬是没看到。求大大指路
public void Update(); // 0xC387EC
Is it possible to add offset comment show in dump.cs to generated dummyDll?
It will be more convenient for static analyze, cause dump.cs is hard to read.
Excuse me, how to localize the global-metadata.dat file inside the string? Or is it extracted after the finished, how to back into the global-metadata.dat file ah?
at Il2CppDumper.Elf.Searchv20() in C:\projects\il2cppdumper\Il2CppDumper\Elf.cs:string 66
at Il2CppDumper.Program.Main(String[] args) in C:\projects\il2cppdumper\Il2CppDumper\Program.cs:string 67
Files: https://drive.google.com/open?id=0Bzd9YzWlU2ffU3JSZGNDbDJQbkU
Hi, I found the attached that cannot be decompiled by all the auto modes.
Archive.zip
I decompiled the latest release version and find mach-o 32bit with metadata v21 and metadata v16 are supported but my package is mash-o 32bit with metadata v20, I tried automode but got error.
请问mac 下 hopper disassembler 有可能支持吗?
I read old issues and read README again, it was my mistake, please delete it. Sorry about this!
How to solve that?
https://i.imgur.com/XAvKvpQ.jpg
Here is the files: http://www119.zippyshare.com/v/GqFS2150/file.html
Select Mode: 1.Manual 2.Auto 3.Auto(Advanced) 4.Auto(Plus) 5.Auto(Symbol)
Initializing il2cpp file...
Applying relocations...
Searching...
CodeRegistration : 18b3a3c
MetadataRegistration : 18c72f4
Dumping...
Done !
Create DummyDll...
Object reference not set to an instance of an object.
at Il2CppDumper.DummyAssemblyCreator.GetTypeReference(MemberReference memberReference, Il2CppType pType) in C:\projects\il2cppdumper\Il2CppDumper\DummyAssemblyCreator.cs:line 223
at Il2CppDumper.DummyAssemblyCreator..ctor(Metadata metadata, Il2Cpp il2cpp) in C:\projects\il2cppdumper\Il2CppDumper\DummyAssemblyCreator.cs:line 97
at Il2CppDumper.Program.Main(String[] args) in C:\projects\il2cppdumper\Il2CppDumper\Program.cs:line 451
Press any key to exit...
Downloaded Il2CppDumper v0.4 @ http://pan.baidu.com/s/1bpKQ5Uv#list/path=%2F
The data I am trying to get a hand with
https://drive.google.com/file/d/0B5w-PkG-Uyi7eVN1ZXJsQWxBNTA/view?usp=sharing
I try to run with these metadata and binary (from iOS)
Metadata file supplied is not a supported version[16]
at Il2CppDumper.Program.Main(String[] args)
But I thought 16 is supported ?
if (version != 16 && version != 20 && version != 21 && version != 22 && version != 23)
| throw new Exception($"ERROR: Metadata file supplied is not a supported version[{version}].");
Can you add x86 binary support for dumping?
Is there a way to decrtpt a ecrypted metadata.dat file?
I have a binary ios with 2 arm7 and arm64 codes. I've done auto dump and the result is dump of arm7. I want to have dump of arm64 then i need to do?
If I'm not mistaken, the current version does not support ARM 64 bits. Are you planning to do it?
I may be able to help if you point me toward the right direction.
Dumping 32-bit works but not 64-bit, I got this error. I tried to dump other iOS il2cpp games but same issue.
I can't do manual mode because i don't know where to find offsets in 64-bit binary
Link to binary file: http://www.mediafire.com/file/um78d8285govpg9/iosbinary.zip
ERROR: Unable to process file automatically, try to use manual mode.
ved Il2CppDumper.Program.Main(String[] args) i C:\projects\il2cppdumper\Il2CppDumper\Program.cs:linje 88
Press any key to exit...
Did you had a look at exporting interfaces?
I tried to dump interface and types implementing interfaces but with no luck so far
加载生成的ida python脚本时报错:
C:\script.py, 1: Function declaration is expected
-测试了一下最新的版本,之前提出的两个问题都已经解决(多谢作者的勤奋).自动Dump和识别不同的版本都没有问题的.
如果可以在代码中集成用IDAPython脚本实现自动修复不能识别的函数就完美了.
附上SO文件:
libil2cpp.zip
global-metadata文件:
global-metadata.zip
Select Platform: 1.32bit 2.64bit
Select Mode: 1.Manual 2.Auto 3.Auto(Advanced)
WARNING: Version 16 can only get CodeRegistration
CodeRegistration : 102d9f800
ERROR: Unable to process file automatically, try to use other mode.
at Il2CppDumper.Program.Main(String[] args) in C:\projects\il2cppdumper\Il2CppDumper\Program.cs:line 94
Press any key to exit...
Tried to decrypt arm64 (mach-o) and it gave me following errors:
Select Mode: 1. Manual 2.Auto
ERROR: Unable to process file automatically, try to use manual mode.
at Il2CppDumper.Program.Main(String[] args) in C:\projects\il2cppdumper\Il2CppDumper\Program.cs:line 39
Press any key to exit...
Binary + MetaData for you to test: http://www8.zippyshare.com/v/uF4e3Aa4/file.html
能否添加metadata版本20支持?
so, i have the latest version, the .20
error code
ERROR: Unable to process file automatically, try to use manual mode.
at Il2CppDumper.Program.Main(String[] args) in C:\projects\il2cppdumper\Il2CppDumper\Program.cs:line 88
Press any key to exit...
im using Auto(Advanced) Mode.
i think, this file is not supported on IL2CppDumper.
please support this file.
(other mode also failed)
Select Mode: 1.Manual 2.Auto 3.Auto(Advanced) 4.Auto(Plus) 5.Auto(Symbol)
Initializing il2cpp file...
ERROR: Unable to get section.
Applying relocations...
Searching...
CodeRegistration : 1c42970
MetadataRegistration : 1c429e4
Dumping...
ERROR: Some errors in dumping
...
ERROR: Some errors in dumping
ERROR: Some errors in dumping
ERROR: Some errors in dumping
Done !
Create DummyDll...
https://mega.nz/#F!nXJBhA6A!0EVslozIgpoV6f0ZPdv5Qw
Windows 10 64bit 1709 (16299.309)
楼主大大方便看下字符串的索引么?因为游戏作者经常会将字符串写在代码中,如果能找到字符串的位置,那游戏就好处理了
Hello Perfare, I could not figure out any way to contact you other than an issue here. I'm looking to get the aes encryption keys they use to decrypt oggs and other assets in Super Mario Run. I noticed its a il2cpp game and tried everything possible to find them but could not.
An example of an encrypted file is here: https://download-cdn-supermariorun.akamaized.net/native/e07e1191b490a31c/3.0.1/raw/RawSound/DeALProject.json
And one of the encrypted OGG: https://download-cdn-supermariorun.akamaized.net/native/e07e1191b490a31c/3.0.1/raw/RawSound/sound/BGM/Athletic_RB_32.ogg
il2cppdumper dumped things like get_OggEncryptionAesKey but I cannot figure out how to actually get the key it refers to?
Not an issue but it would be great if you can write README.md in english so everyone can read without having to translate using online tool.
Using decompiler such as ICSharpCode.Decompiler or dnSpy.Decompiler(replace Mono.Cecil to dnlib) to generate dump.cs from DummyDll.
Tried to dump these: https://drive.google.com/drive/folders/0B9E0BjdgxRlzUlNya1ZhQzFOcW8?usp=sharing
Could not handle to get addresses manually. Tried to find bytes { 0x55, 0x89, 0xE5, 0x53, 0x83, 0xE4, 0xF0, 0x83, 0xEC, 0x20, 0xE8, 0x00, 0x00, 0x00, 0x00, 0x5B }. Can you point me an instruction please?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.