📖 Tutorial How to hack Unity Android Games when there's no Assembly-Csharp.dll (libil2cpp.so method)

[Sbenny]

It's written in the tutorial:

TRUE (or 1)
01 00 A0 E3 1E FF 2F E1

FALSE (or 0)
00 00 A0 E3 1E FF 2F E1

Post automatically merged: Sep 26, 2019

Hy,

Can I ask the return value for both boolean true and false?
Also, is it matter the return value if I am editing public vs private vs static function?

Thanks

No difference public private or static. They're different ways each function interacts with other functions.

 

[chu121su12]

I thought the return values are different for int and bool.

Many thanks!

 

[Jason4444]

Thx bro. On the point. Was searching for such a tut.

 

[Baenchen]

So I can pick up with all of the steps I think. (Except that the folder, after I used "ll2CppDumer" doesn't call "Manage", it calls "DummyDll", but I think that doesn't matter).
I just have problems to find the right function like in step 8 or 8a. At "The Basics: Hacking (Mod) Android Games with Net Reflector" I had the same issue.
In step 5) you know what you're looking for and there is just one result of "Coins" but I looked up "Hearts" in my app and there are way more results. Here:

Spoiler: Picture

So its under the dll: Assembly-CSharp. And there it is in the dump.cs:

Spoiler: Picture 2

And now I just looked for "hearts" again and there is an Offset number I used:

Spoiler: Picture 3

So I found the Offset when I opend libil2cpp.so in HxD and changed it to FF 04 E0 E3 1E FF 2F E1 (and just 8 Bytes like you wrote down):

Spoiler: Picture 4

Saved it and put it back in the APK. But It didn't work and I think something it has to do with the Offset number. I think it's a wrong one I choose, but I didnt get how to find the right friction of there are so many results for my example: "hearts".
When I wanted to install the App it said INTALL_PARSE_FAILED_NO_CERTIFICATES.

So I need help. Thanks for the nice Tutorial ist really good how you explain everything!

PS.: Or do I just have edit a different Offset number till I got the right one?

 

[Sbenny]

So I can pick up with all of the steps I think. (Except that the folder, after I used "ll2CppDumer" doesn't call "Manage", it calls "DummyDll", but I think that doesn't matter).
I just have problems to find the right function like in step 8 or 8a. At "The Basics: Hacking (Mod) Android Games with Net Reflector" I had the same issue.
In step 5) you know what you're looking for and there is just one result of "Coins" but I looked up "Hearts" in my app and there are way more results. Here:

Spoiler: Picture

View attachment 39898

So its under the dll: Assembly-CSharp. And there it is in the dump.cs:

Spoiler: Picture 2

View attachment 39899

And now I just looked for "hearts" again and there is an Offset number I used:

Spoiler: Picture 3

View attachment 39900

So I found the Offset when I opend libil2cpp.so in HxD and changed it to FF 04 E0 E3 1E FF 2F E1 (and just 8 Bytes like you wrote down):

Spoiler: Picture 4

View attachment 39901

Saved it and put it back in the APK. But It didn't work and I think something it has to do with the Offset number. I think it's a wrong one I choose, but I didnt get how to find the right friction of there are so many results for my example: "hearts".
When I wanted to install the App it said INTALL_PARSE_FAILED_NO_CERTIFICATES.

So I need help. Thanks for the nice Tutorial ist really good how you explain everything!

PS.: Or do I just have edit a different Offset number till I got the right one?

You didn't edit an Int32. The way you modified the function will never work as that's a Void and not an Int32, so you can't just return a number. Also, "SetContent" doesn't look like a good function at all, at least not for what you're trying to do. You searched for "Hearts" but ended up editing a function inside "ClientDialogController" which is something related to game UI (dialogs) and not to game data.

 

[Baenchen]

You didn't edit an Int32. The way you modified the function will never work as that's a Void and not an Int32, so you can't just return a number. Also, "SetContent" doesn't look like a good function at all, at least not for what you're trying to do. You searched for "Hearts" but ended up editing a function inside "ClientDialogController" which is something related to game UI (dialogs) and not to game data.

Okay, thank you for texting back! I know I don't know how to do it.
I tried it with "SetContent" yes but the screenshot is just to show all the results I got.
I tired with some of the results. But I just don't know what is the right function. That's my problem.
I tried it with NET Reflector on Subway Surfers too but ended up looking for the correct function again, what I didn't find.

BTW I think that I can't change the number of "hearts" in my game, I just can unlock premium choices without using the hearts.
But I think that's a differnt way to MOD an APK right?

 

[Zancrow]

Hey sbenny,
I followed your tutorial but I can't get Il2CppDumper to dump. I've tried all methods and got the right unity version.
It looks like the metadata has been encrypted. Do you know how to decrypt/bypass it?

The game I am trying to MOD is called Ulala Adventure.

Let me know if you know how or what/where I can learn it.

Thanks

 

[nguyenphuong]

Hi,
Thank for Tutorial
but i try to dump by Ill2cppdumper newest version but cant dump
The error :
" Index was outside the bounds of the array.
ERROR: Can't use this mode to process file, try another mode.
at Il2CppDumper.FormGUI.A(Object , DoWorkEventArgs ) "

 

[Sbenny]

Hi,
Thank for Tutorial
but i try to dump by Ill2cppdumper newest version but cant dump
The error :
" Index was outside the bounds of the array.
ERROR: Can't use this mode to process file, try another mode.
at Il2CppDumper.FormGUI.A(Object , DoWorkEventArgs ) "

As the error says, you should try another mode (if you pressed 2, try with 3, 4 or 5). Also, it might happen if the unity version you input isn't correct or if the game has set an additional protection to prevent dump.

 

[nguyenphuong]

As the error says, you should try another mode (if you pressed 2, try with 3, 4 or 5). Also, it might happen if the unity version you input isn't correct or if the game has set an additional protection to prevent dump.

Thank for reply , i tried all mode but error . Do you have any way to remove Protect?

 

[Sbenny]

It depends on the protection set, however this requires an advanced knowledge. Try to dump the apk file and see if you're able to do it by yourself. If not, it's a good moment to start studying

 

[nguyenphuong]

thank you ! do you have key word to learn, i will try hard

 

[Nacht]

Games are getting harder and harder to mod than before with il2cpp. Tell me if you're gonna drop a TUT on how to mod without il2cpp and only global-meta :/ the older version of one of my game used to have C# dll and then moved to il2cpp and then no library, nothing to mod beside obscured files .

 

[richardson]

nice tutorial. tranks.. super..

 

[Sbenny]

Games are getting harder and harder to mod than before with il2cpp. Tell me if you're gonna drop a TUT on how to mod without il2cpp and only global-meta :/ the older version of one of my game used to have C# dll and then moved to il2cpp and then no library, nothing to mod beside obscured files .

There's always libil2cpp.so if the game is built with the newer version of Unity. What could be missing is global-metadata.dat, but the lib is never missing.

 

[Sha67]

Thanks for the TUT, after you've said "the lib is never missing", i thought there was a problem with the decompiler, but the fact is there's no lib folder at all, btw it's an online game.

 

[Nacht]

I think some game stop creating .so files and use other ways to create a library file

 

[nkodder]

how to bypass protect dump

 

[Oppa Madara]

So this is all done with Android Phone? not from Laptop?

Ah, that can be done from Laptop. Waaay far more convenient.

 

[Kostya555]

А что делать, как сделать дамп cpp если нет файла в апк с игрой global-metadata.dat ?