How to decrypt an encrypted .dll file

Sbenny.com is trusted by 1,312,927 happy users since 2014.
Register

Sbenny

A crazy scientist
Staff member
Admin
SB Mod Squad ⭐
✔ Approved Releaser
Active User
Hello dear community,

With this big, big, BIG Tutorial, I will show you how to decrypt and encrypted .dll file (when trying to MOD Unity based Android games) using Gcore dump and WinHex. I am not the original author of this method (original author: iAndroHacker), however, I rewrote this tutorial to make steps easier and to clarify any doubts you can reply with a post. Yeah, it might look very long but I can ensure you it's easy to understand how to encrypt dlls and, once you do this for two or three times, you'll be able to decrypt a dll in less than 10 minutes!

Before we start, how to check if a .dll file is encrypted?

Easy. When you open a .dll file into Reflector and you get:

"Assembly-CSharp (this could change, depending on the name of the file), File is not a portable executable. DOS header does not contain 'MZ' signature."

it means you have got an encrypted DLL!

It means the DLL file does not have a valid MZ/PE header so you can't open/modify it. DLL files require MZ/PE headers in order to view its content and, to prevent hacking, some game developers protect their game erasing these MZ/PE headers from some dll files.

Now let's start with the requirements!

First of all, you need:

1. To have some Android Hacking experiences (otherwise you will not understand a single word of this Topic)

2. NET Reflector already installed (if you've got hacking experience, you should already have this tool)

3. A computer running at least Windows XP (Win8 or Win10 recommended)

4. A Rooted Android device (it doesn't work with BlueStacks / MEmu) running Android 4.2.2 and newer versions. Previous version might not work.

5. At least 800 MB of RAM on your Device.

6. A minimum of 300-400 MB of free RAM space on your Android Device.

7. Latest verison of SuperSU (or Kingroot). You can get SuperSU from:

HERE

8. BusyBox for Android. Get it from:

HERE

9. Terminal app for Android. You can download it from:

HERE

10. Any Unity3D games that is encrypted installed on your device (Darkness Reborn, Crusaders Quest, Heroes, Guardian Hunter SuperBrawlRPG and so on...)

11. gcore installed on your device. Download it from:

HERE

12. Root Explorer app installed on your Android device. You can get it from our Apps Area.

13. Cracked version of WinHex (free version will not work for this purpose). Download it from:

HERE


If you are using outdated version of BusyBox or SuperSU, you will need to update because older versions may cause problems. If you are using built-in cyanogenmod SuperUser, beware it's very unstable. Uninstall this abandoned superuser if you have one and install the provided SuperSU instead.


For Kingroot users, when a new version is available, it should show a pop-up message about new version. If you do see that message, press "update". You can check update manually by opening Kinguser app ->
-> Click on Software version and it will update Kinguser, if there's a new version.

For SuperSU users. If there is any update, It will ask you to update SuperSU binary and it will show it on the notification message. Click on it and it will ask you to update SuperSU binary normally or update it via TWRP/CWM. If you choose "normal", it will update it directly without having to reboot a device. if you choose "TWRP/CWM", the device will reboot into the recovery mode where it will be required to flash the .zip file automatically and, after the installation, your device will be rebooted. See screen below:


You're finally ready to decrypt your dll!

STEP 1
Install BusyBox from the given link.

Open the app and grant Root permissions. Smart Install will slowly load and, when completely loaded, tap "Install". The BusyBox binaries will be now permanently installed on your device. You can close the app or even uninstall it. BusyBox is just the installer. See screen below if you need help.



STEP 2
Install gcore on your device.

How?
1) Download gcore to your device (using the link given at the top of this Topic)
2) Open your Root Explorer app
3) Copy the 2 files "gdb" and "gdbserver" included into the zip file
4) Paste them to /system/bin/ (in your INTERNAL ROOT memory -> system -> bin) Folder (of course you will need to grant root permissions to see that folder).
5) If asked, overwrite files.



STEP 3
Find the package name of the app you're going to hack!

This will be required to find the app in the Terminal app we're going to use soon.
It's usually called "com.DEVELOPER_CODE.GAME_CODE".
You can find it going (with your browser) to the Google Play website, looking for the game you have installed on your device and then copying what's next to "id=".
See screenshot:



Alternatively, you can go to "Settings" -> "Apps" and then you'll find the package name of any app you have installed on your device.




STEP 4
Install Terminal app (with the link above). Then launch and close the game with the decrypted .dll (otherwise you could not see it in the following step.)

STEP 5
Launch the Terminal and type:

Code:
su
Now hit Enter and grant Root Permissions for the Terminal app.



Your username will now start with "root@". This confirms you have now Root Permissions on the Terminal.

Now, type:

Code:
dumpsys meminfo | grep com.*
This command will search for all the running processes starting with "com." (the * is a jolly symbol which means any letter/number/symbol)

Hit enter and you'll see a list of the running process of your device.
You will find the package name of the game with the encrypted dll too!

Using the game Crusaders Quest's as an example, you should see something like this:



Take note of the number next to "pid" (PID stands for "Process ID" and changes everytime a process starts). In my example, I'll take note of the number "383".

Now, using the PID you just noted, type:

Code:
gdb -pid xxx
(replacing "xxx" with the PID number)

In my example, I'll use my Crusader Quest's PID (383).



Now hit Enter.

You'll wait few seconds and the Terminal will show:

Code:
(gdb)
in the Terminal app.

We're almost done with Terminal. Now we do need to save the file we will use to get the decrypted dll into our /sdcard/ path. So, choose how to call this file (I will call it "nameoffile" as an example).

So, let's type:

Code:
gcore /sdcard/nameoffile
(replacing "nameoffile" with the name you decided to give to this file).

Hit enter and the Terminal will show empty line.. it's generating a very big file so wait patiently until it completes this process. The file could be up to 1GB of size!!!

At the end of this process, you'll see:



Of course, instead of "nameoffile" you will see the name of the file you chosen before.

Do not worry about any warnings like these you may read in the Terminal app:



They do not interfere in ANY way with the decryption of the .dll files.

Are you tired? Well, I've got a good new for you ;) You just decrypted the dll (well, every dll also if not encrypted will be "decrypted" :lol: )! You're almost done :) You just need few more steps and you'll be able to HACK your game! You can (finally) close the Terminal App!


STEP 6
Moving the file to your PC!

If you browse with your mobile to the path "/sdcard/", you will see the new big file but, since Windows can't see dump files, to move it to your PC you have two chances.

1) Enable USB Debugging (better in my opinion)

This way you'll see dump files from your PC. Go to Settings -> About Phone and tap on "Build Number" 7 times. You will unlock the "hidden" developer menu.



Now go will see "Developer Options" inside "Settings" of your device. Tap on it and check "USB Debugging".


OR


2) Moving this file to a folder

Create a folder on your /sdcard/ path and move this dumped file to the newly created folder. This way Windows should be able to see it.


So, if you chosen 1) or 2), now connect your device to your PC, go to the /sdcard/ directory and move the file (if you followed 1st option) or the folder (if you followed 2nd option).




STEP 7
Using WinHex

Open the cracked WinHex (extract the downloaded .zip file and double-click on the "WinHex.exe" file. See pic:



Now take a look at the top of WinHex window and click "File" -> "Open" (see pic).



You will see the a dialog box similar to the following:



So, go to the folder where you copied the big file and click "Open".

Now, go to "Tools -> "Disk Tools" -> "File Recovery by Type..." (top of WinHex), like the following screenshot:



and a smaller window will pop-up. It should be very similar to the following one:



Click the "+" next to "Programs" (1) and check "Windows exec." (2). Now, select the folder where you want the new file to be generated under "Output Folder" (3).
Ensure "Complere byte-level search" is checked (4) and then click "OK" (5).

The file recover will now begin and, when it finished you'll get a message like this:



Now, reach the location where you saved this file and delete all files with the ".com" extension. They're not needed and may only cause confusion.

You can finally close WinHex.

STEP 8
Find the right dll

Now you do have a list of .dll files but... which one is encrypted? They have got weird names...
This step is important. You need to check which DLL is encrypted. Also, not just Assembly-Csharp.dll file can be encrypted. Other files can be encrypted too.

So, take out "Managed" folder from the APK file you want to MOD (it's located at /assets/bin/data/Managed/), select all the .dll files inside that folder and drag and drop them into the Reflector window like you usually do when you try to hack a Unity3D game. To see which DLL files are encrypted, click "No" when it ask you to reopen DLL files.



For example, Crusaders Quest has got 4 encrypted .dlls:

Code:
Assembly-CSharp.dll
Assembly-CSharp-firstpass.dll
Assembly-UnityScript.dll
Assembly-UnityScript-firstpass.dll

Now, clear all opened DLL files from Reflector, go to the location where you recovered the files (with WinHex) and drag and drop all the .dll files. Click "No" if it does ask you to reopen DLL files in Reflector and ignore any dll error.

So, select a .dll file to show the name of the file and its location



For example, for Crusaders Quest we have got:

Code:
Assembly-CSharp.dll = 000034.dll
Assembly-CSharp-firstpass.dll = 000030.dll
Assembly-UnityScript.dll = 000028.dll
Assembly-UnityScript-firstpass.dll = 000013.dll
So, rename all the .dll files that was encrypted and place them inside the extracted "Managed" folder. This way you'll replace original encrypted files with new decrypted ones.


Step 9
You did it!!! :D
Let's start modding!
Go to the "Managed" folder and move the newly decrypted .dll files inside Reflector and enjoy modding the way you know!


This topic was taken from an external source but almost completely rewritten by me. I hope you guys find this useful and, if you do need help, please reply below!
Good luck with your hacks :headbang:
 

Lucifer

☠ Dark Lord ☠
Member for 8 years
Re: Tutorial How to decrypt an encrypted .dll file

Wow Great tutorial Luca, i was actually about to ask this to you xD
Thanks a Bunch <3 <3
 

Sbenny

A crazy scientist
Staff member
Admin
SB Mod Squad ⭐
✔ Approved Releaser
Active User
Re: Tutorial How to decrypt an encrypted .dll file

:D It might look long and complicated but I can ensure you it's not so long (screenshots take most space) and it's quite easy to understand!
 

Lucifer

☠ Dark Lord ☠
Member for 8 years
Re: Tutorial How to decrypt an encrypted .dll file

Yeah i know i just taught i never understand this , as u said i read the whole things its really is quite easy to understand (y) <3
 

yukyik

Apprentice Lv2️⃣
Member for 8 years
Re: Tutorial How to decrypt an encrypted .dll file

It's a new knownledge for me. Thk sir.
 

x740552

Lurker Lv0️⃣
VIP Member
Member for 8 years
Re: Tutorial How to decrypt an encrypted .dll file

I success to dccrypt the dll,but when I mod it and pack back to apk, game always got close. :-(
 

Sbenny

A crazy scientist
Staff member
Admin
SB Mod Squad ⭐
✔ Approved Releaser
Active User
Re: Tutorial How to decrypt an encrypted .dll file

It could mean you modded wrong values
 

AndnixSH

Savage Lv6️⃣
SB Mod Squad ⭐
Member for 8 years
that's my tutorial. you didn't gave credit to me
 

Sbenny

A crazy scientist
Staff member
Admin
SB Mod Squad ⭐
✔ Approved Releaser
Active User
Re: Tutorial How to decrypt an encrypted .dll file

I think you didn't read the topic bro, one of the first lines says: "I am not the original author of this method (original author: iAndroHacker)"
 

AndnixSH

Savage Lv6️⃣
SB Mod Squad ⭐
Member for 8 years
Re: Tutorial How to decrypt an encrypted .dll file

Sbenny said:
I think you didn't read the topic bro, one of the first lines says: "I am not the original author of this method (original author: iAndroHacker)"
oh ok. i always check at the bottom of the thread to see if the credit is given. most peoples put credits at the bottom of the thread

Do you mind if i copy your grammar to my tutorial?
 

Sbenny

A crazy scientist
Staff member
Admin
SB Mod Squad ⭐
✔ Approved Releaser
Active User
Re: Tutorial How to decrypt an encrypted .dll file

No problem :) you can put credits for the grammar to me if you want.
However there are lots of tutorials by you on the net I would like to share here, would you like to do it? So I don't need to give credits to you because you will make the topic instead of me :)
 

AndnixSH

Savage Lv6️⃣
SB Mod Squad ⭐
Member for 8 years
GDB does work with Bluestacks but not with Droid4X.
 

NEMESIS

Novice Lv1️⃣
Member for 8 years
Thank you.. i like this tutorial. simple. easy to read. but still need to test to understand complitelly :arrow:
 

jampopoy

Novice Lv1️⃣
Member for 7 years
getting error that gdb file is only read only file. currently using bluestack rooted. dont know else what to do.
 

NEMESIS

Novice Lv1️⃣
Member for 8 years
jampopoy said:
getting error that gdb file is only read only file. currently using bluestack rooted. dont know else what to do.
did u remember when u move 2 file from inside zip folder ?
it is *gdb* and *gdbserver*
if u have *root explorer* app, use it and find those too file. push and hold *gdb* file until a new window pop up then chose *permission*. make sure *owner*, *group* and *others* is in checked state for *read*, *write* and *executable*. if not, check them all
do that for *gdbserver* too
now try to redo using terminal for that game again.
 

jampopoy

Novice Lv1️⃣
Member for 7 years
yes thanks.im on the process of searching values now to mod my apk. however its hard than i thought cant seem to find the values i needed lol
 

NEMESIS

Novice Lv1️⃣
Member for 8 years
jampopoy said:
yes thanks.im on the process of searching values now to mod my apk. however its hard than i thought cant seem to find the values i needed lol
try to look from that game tutorial, if there they have god mode in tutorial then actually the god mode is really exist somewhere. well when u find it, try to make it always active.
tutorial game is a big help to finding the clue.
good luck :dance:
 
Top