- Gender
- Male
- Device
- Xiaomi Mi 9T - Android 9, Honor Magic5 Lite - Android 13
- Country
- Sbennytopia
I was helping a friend of mine about modding unity games without Assembly-Csharp.dll (or other dlls) files, so after typing this simple tutorial, I decided to share it with you all, in the hope it helps new modders to climb the ladder of success.
The first thing to do is to make sure this is the right method to follow. Well, if you previously modded your apk by editing the Assembly-Csharp.dll file and now, in the newest update you go to Assets/Bin/Data/Managed/ and SURPRISE! there are no dll files anymore, then you're definitely need to keep reading this tutorial.
The reason you don't find dlls anymore is because Unity recently added an option to export games using the il2cpp method, which unlike dlls, exports all the game codes into a file called "libil2cpp.so". It won't be as easy as modding dll files, but with a bit of practice, you'll find out you could even be faster using this new method than modding normal dlls, as soon as you know what to look for.
This tutorial would ideally require you to have a bit of shared library modding knowledge (modding .so files) as this method isn't too far from editing a normal lib game, but helps somehow since it provides the exact position and the names of the functions you need to edit, unlike most lib games.
Difficulty: Medium
Required Time: 30 minutes the first time, then 5 minutes or so
Required Skills: Medium modding knowledge + optional ARM language knowledge
1) The first thing to do is to grab the last version of the Il2cpp dumper: Perfare/Il2CppDumper and unzip it
2) Now, from the APK file you need to extract the files:
assets/bin/Data/Managed/Metadata/global-metadata.dat
lib/armeabi-v7a/libil2cpp.so (I suggest to keep an additional copy of this file)
It's advised to extract them in the same folder of the il2cpp dumper.
3) If there's a lib/x86 folder, you can delete it from the apk file (unless you know x86 opcodes, and anyways you'll need to make double work, while most devices can read apk files even without the x86 version, so you could avoid this unnecessary step)
4) Now, execute the "Il2CppDumper.exe" file and it'll ask you to select two files. The first you need to select is the libil2cpp.so file you previously moved from the apk file, and the second one is the global-metadata.dat.
5) if you're using the last version of it, SKIP STEP 5 and 6 and move to step 7.
7) The script will now generate a file named dump.cs and a folder called "Managed", if it doesn't, you'll probably have to refer to step 5 and try again, or the game is probably protected against dumping.
8) The dump.cs is a simple txt file (open it with Notepad++) with a list of functions followed by an offset like: public int get_accuracy //0x123456. You can find your function by searching for its name if you know it already, otherwise refer to step 8a
where:
public int indicates this is an Int32 function (other common function types are bool = Boolean, float = Single, and Void);
get_accuracy is the name of the function (identical to the function name you have in the old dll version of the game);
0x123456 which, simplified, is just: 123456, is the offset (the position of that funcion in the libil2cpp.so file);
8a) the Managed folder contains the usual .dll files, but with empty functions, it's useful only to find the function if you don't know yet how it's called. If you want to proceed with this alternative method to find a function then, simply drag all the dlls in NET Reflector (or DnSpy) and find the function you need to edit, then move into the dump.cs file and search for the same function to find the offsets as shown in the step 8.
9) Open "Hxd" if you don't have it, download it from here.
10) Drag the libil2cpp.so file in the Hxd window, press Ctrl+G to open the Search Offset window, and paste the offset from the function you found (in this example, 123456) and press enter
11) If the function you're modified is an INT32 and you simply want to return a very high value, do the following: select the first 8 bytes from the Hxd window starting from the point it took you after pressing Enter (a byte is a sequence of 2 letters/numbers, such as 4F, or 4C and so on), and, once selected, paste the following bytes in place of them: FF 04 E0 E3 1E FF 2F E1 (make sure you're replacing only 8 bytes with these other 8 bytes).
What's it?
FF 04 E0 E3 = MOV R0, 0xFFFFFF = ldc.i4 -> 16777215
1E FF 2F E1 = BX LR = ret
so you're returning a very very high value.
If you want to return just 1 (true) you can write:
01 00 A0 E3 = MOV R0, 1 = ldc.i4.1
1E FF 2F E1 = BX LR = ret
and if you want to return 0 (false) you can write:
00 00 A0 E3 = MOV R0, 0 = ldc.i4.0
1E FF 2F E1 = BX LR = ret
This guide isn't about ARM opcodes, anyways the codes above are the HEX equivalent of ARM values, which are used in the libil2cpp.so file and many other lib files you'll edit in your modding life
A good way to test ARM opcodes is to use our exclusive BEST ARM CONVERTER but I'll not cover this aspect in this tutorial as it'd end up being too long otherwise. Maybe in the future I'll write a more extensive tutorial focusing on ARM opcodes or IDA general hacking.
It's important to always make sure you're not adding (or deleting) bytes from a .so file, so ALWAYS replace 4, 8, 16 etc bytes with 4, 8, 16 bytes respectively, or the lib itself will break. The reason is behind the structure of shared libraries, which defines the start and the end of functions in its headers, and adding or removing bytes, would cause all functions to start/end at different positions, which would break the entire library.
Now, after doing your changes just save by pressing Ctrl+S or by clicking on the Floppy Disk icon at the top of Hxd and drag back the modified libil2cpp.so file into the apk file.
You'll notice Hxd will also create a libil2cpp.so.bak file, which is the file you had before saving it (which isn't exactly a backup of the original file, but just a step before you saved it). It's still handy, altough I prefer starting from scratch when things get too complicated (such as editing 10+ functions) as it's faster and easier, that's why I suggested to take a copy of the libil2cpp.so file at the top of this simple guide.
Now, as always, to see if it worked, just resign the apk file (unless you're rooted/patched) and install it.
If you previously modded this game when it was using the older version of Unity (Assembly-Csharp.dll), it'll be a lot easier for you, because you'll know which functions to look for, and how to edit them.
It's also important to specify that, unlike dll editing, this approach is simple only when you're completely replacing a function (such as when you return true, false, a high value or simply null it by adding only ret). If you instead did an advanced mod, editing lines at the middle/end of the function, you'll most likely fail at it, unless you have a good understanding of a good piece of software called IDA (which would be required in this case as you'll have to examine the whole function).
Hope it helps. For any suggestions or questions, feel free to ask me below and I'll be happy to assist you
The first thing to do is to make sure this is the right method to follow. Well, if you previously modded your apk by editing the Assembly-Csharp.dll file and now, in the newest update you go to Assets/Bin/Data/Managed/ and SURPRISE! there are no dll files anymore, then you're definitely need to keep reading this tutorial.
The reason you don't find dlls anymore is because Unity recently added an option to export games using the il2cpp method, which unlike dlls, exports all the game codes into a file called "libil2cpp.so". It won't be as easy as modding dll files, but with a bit of practice, you'll find out you could even be faster using this new method than modding normal dlls, as soon as you know what to look for.
This tutorial would ideally require you to have a bit of shared library modding knowledge (modding .so files) as this method isn't too far from editing a normal lib game, but helps somehow since it provides the exact position and the names of the functions you need to edit, unlike most lib games.
Difficulty: Medium
Required Time: 30 minutes the first time, then 5 minutes or so
Required Skills: Medium modding knowledge + optional ARM language knowledge
1) The first thing to do is to grab the last version of the Il2cpp dumper: Perfare/Il2CppDumper and unzip it
2) Now, from the APK file you need to extract the files:
assets/bin/Data/Managed/Metadata/global-metadata.dat
lib/armeabi-v7a/libil2cpp.so (I suggest to keep an additional copy of this file)
It's advised to extract them in the same folder of the il2cpp dumper.
3) If there's a lib/x86 folder, you can delete it from the apk file (unless you know x86 opcodes, and anyways you'll need to make double work, while most devices can read apk files even without the x86 version, so you could avoid this unnecessary step)
4) Now, execute the "Il2CppDumper.exe" file and it'll ask you to select two files. The first you need to select is the libil2cpp.so file you previously moved from the apk file, and the second one is the global-metadata.dat.
5) if you're using the last version of it, SKIP STEP 5 and 6 and move to step 7.
Then, it might ask you about the Unity version (depending on the il2cpp dumper version you downloaded), you can try by typing 1 first and if it gives an error, you can repeat the process and type 2 instead (as far as I know, there's no fast and simple way for a modder to know the Unity version used to build the game, but if I'm wrong, please let me know and I'll update this step).
6) It'll ask you to select the dump method, by offering you a range to select from 1 (Manual) to 5 (Symbol), I usually select 4.
6) It'll ask you to select the dump method, by offering you a range to select from 1 (Manual) to 5 (Symbol), I usually select 4.
7) The script will now generate a file named dump.cs and a folder called "Managed", if it doesn't, you'll probably have to refer to step 5 and try again, or the game is probably protected against dumping.
8) The dump.cs is a simple txt file (open it with Notepad++) with a list of functions followed by an offset like: public int get_accuracy //0x123456. You can find your function by searching for its name if you know it already, otherwise refer to step 8a
where:
public int indicates this is an Int32 function (other common function types are bool = Boolean, float = Single, and Void);
get_accuracy is the name of the function (identical to the function name you have in the old dll version of the game);
0x123456 which, simplified, is just: 123456, is the offset (the position of that funcion in the libil2cpp.so file);
8a) the Managed folder contains the usual .dll files, but with empty functions, it's useful only to find the function if you don't know yet how it's called. If you want to proceed with this alternative method to find a function then, simply drag all the dlls in NET Reflector (or DnSpy) and find the function you need to edit, then move into the dump.cs file and search for the same function to find the offsets as shown in the step 8.
9) Open "Hxd" if you don't have it, download it from here.
10) Drag the libil2cpp.so file in the Hxd window, press Ctrl+G to open the Search Offset window, and paste the offset from the function you found (in this example, 123456) and press enter
11) If the function you're modified is an INT32 and you simply want to return a very high value, do the following: select the first 8 bytes from the Hxd window starting from the point it took you after pressing Enter (a byte is a sequence of 2 letters/numbers, such as 4F, or 4C and so on), and, once selected, paste the following bytes in place of them: FF 04 E0 E3 1E FF 2F E1 (make sure you're replacing only 8 bytes with these other 8 bytes).
What's it?
FF 04 E0 E3 = MOV R0, 0xFFFFFF = ldc.i4 -> 16777215
1E FF 2F E1 = BX LR = ret
so you're returning a very very high value.
If you want to return just 1 (true) you can write:
01 00 A0 E3 = MOV R0, 1 = ldc.i4.1
1E FF 2F E1 = BX LR = ret
and if you want to return 0 (false) you can write:
00 00 A0 E3 = MOV R0, 0 = ldc.i4.0
1E FF 2F E1 = BX LR = ret
This guide isn't about ARM opcodes, anyways the codes above are the HEX equivalent of ARM values, which are used in the libil2cpp.so file and many other lib files you'll edit in your modding life
A good way to test ARM opcodes is to use our exclusive BEST ARM CONVERTER but I'll not cover this aspect in this tutorial as it'd end up being too long otherwise. Maybe in the future I'll write a more extensive tutorial focusing on ARM opcodes or IDA general hacking.
It's important to always make sure you're not adding (or deleting) bytes from a .so file, so ALWAYS replace 4, 8, 16 etc bytes with 4, 8, 16 bytes respectively, or the lib itself will break. The reason is behind the structure of shared libraries, which defines the start and the end of functions in its headers, and adding or removing bytes, would cause all functions to start/end at different positions, which would break the entire library.
Now, after doing your changes just save by pressing Ctrl+S or by clicking on the Floppy Disk icon at the top of Hxd and drag back the modified libil2cpp.so file into the apk file.
You'll notice Hxd will also create a libil2cpp.so.bak file, which is the file you had before saving it (which isn't exactly a backup of the original file, but just a step before you saved it). It's still handy, altough I prefer starting from scratch when things get too complicated (such as editing 10+ functions) as it's faster and easier, that's why I suggested to take a copy of the libil2cpp.so file at the top of this simple guide.
Now, as always, to see if it worked, just resign the apk file (unless you're rooted/patched) and install it.
If you previously modded this game when it was using the older version of Unity (Assembly-Csharp.dll), it'll be a lot easier for you, because you'll know which functions to look for, and how to edit them.
It's also important to specify that, unlike dll editing, this approach is simple only when you're completely replacing a function (such as when you return true, false, a high value or simply null it by adding only ret). If you instead did an advanced mod, editing lines at the middle/end of the function, you'll most likely fail at it, unless you have a good understanding of a good piece of software called IDA (which would be required in this case as you'll have to examine the whole function).
Hope it helps. For any suggestions or questions, feel free to ask me below and I'll be happy to assist you
Last edited: