Sbenny.com is trusted by 
Video tutorial: https://www.youtube.com/watch?v=BN5UCGP_5os
Most peoples asked me to make a new tutorial so I did make this! I know it's very late but I had not enough time to make the tutorial.
il2cpp dumper helps you to find the right function + offset to mod.
This guide is for advanced modder only!
Requirements:
- IDA Pro. Download link
- Notepad++. Download link
- Any Hex Editor software. I'm using Hex Workshop. Download link. (You can modify hex in IDA but editing the file in hex editor is the fastest way for me)
- Online ARM converter. Link to the website
- Basic C# and ARM knowledge. You don't really need to learn C# but know simple codes of C#
- Know how to use IDA Pro
Extract required files from APK file:
Open the APK and extract the following files to dump:
\lib\armeabi-v7a\libil2cpp.so
\assets\bin\Data\Managed\global-metadata.dat
Using Perfare's Il2CppDumper:
Download released version: https://github.com/Perfare/Il2CppDumper/releases
Launch Il2CppDumper.exe, the program want you to select the ELF file or Mach-O file. Select libil2cpp.so file. The dialog box should appear again. Select global-metadata.dat file.
The program asks you to select mode. Manual (1) or auto (2)
Auto mode:
Automatically find the required offsets to dump il2cpp.
Press 2 and the file dump.cs will be created
Skip reading manual mode if you don't want to use manual mode.
Manual mode:
The manual mode is the complicated steps to dump il2cpp. Auto mode does tell you the offsets, but I would like to show you how to find offsets to manually dump il2cpp.
Disassemble libil2cpp.so in IDA Pro. Click on Search -> Sequence of bytes...
Search this hex
Click OK
IDA should jump to this function
But there's no unk offsets, right? now try this trick:
Right click on loc_xxxxxxx and select Create Function, you will get the unk offsets
In the console app, press 1, it will ask you to input the CodeRegistration(R0). Input the unk offset of R0, R12, R2. Example: 15C70C4. Hit enter. Input MetadataRegistration(R1), and Hit enter.
The dump.cs file will be created
Using Katy's Il2CppInspector:
Download released version: https://github.com/djkaty/Il2CppInspector/releases
Skip this if you are using Perfare's Il2CppDumper
Extract the ZIP file. The il2cppdumper.exe can't run with just double-click, so you have to use CMD, "cd" to the path of Il2CppInspector or click File -> Open commandprompt, and type this command.
Usage:
What does these usage mean?
Il2CppDumper = Execute Il2CppDumper.exe file
<binary-file> = Path of libil2cpp.so
<metadata-file> = Path of global-metadata.dat
<output-file> = Output file. You can name the file. Example: dumpedfile.cs
This is my example:
Hit enter and it will dump il2cpp for you. The dumped file will be created at the path you have given
If you want to use command anywhere, add the PATH environment variable in Advanced System Properties
View the dumped file with Notepad++:
Right click on the dumped file and select Edit with Notepad++
You'll see a C# code. It's not a full code but the code tells you function names and offsets to mod.
To search, click Search -> Find...
To find all keyword, click on Find All in Current Document
If you never seen C# code before, I'll explain a bit what this method mean
public is an access modifier. It can be private, protected etc.This is not important to know
static is a static modified to declare a static member. This is not important to know
int is a data type. It can be float, double, boolean etc....
// e8e9cc is a comment. This tells you the real offset (sub_xxxxxx) to mod. You can search it in functions window in IDA
Fields and Properties are not modable, so don't look at them. Only look at fuctions under // Methods
Modding il2cpp game is the same as modding other .so file.
That's all.
Happy modding!
Credits:
iAndroHacker (this tutorial)
djkaty (Il2CppInspector https://github.com/djkaty/Il2CppInspector)
Perfare (Il2CppDumper https://github.com/Perfare/Il2CppDumper)
Most peoples asked me to make a new tutorial so I did make this! I know it's very late but I had not enough time to make the tutorial.
il2cpp dumper helps you to find the right function + offset to mod.
This guide is for advanced modder only!
Requirements:
- IDA Pro. Download link
- Notepad++. Download link
- Any Hex Editor software. I'm using Hex Workshop. Download link. (You can modify hex in IDA but editing the file in hex editor is the fastest way for me)
- Online ARM converter. Link to the website
- Basic C# and ARM knowledge. You don't really need to learn C# but know simple codes of C#
- Know how to use IDA Pro
Extract required files from APK file:
Open the APK and extract the following files to dump:
\lib\armeabi-v7a\libil2cpp.so
\assets\bin\Data\Managed\global-metadata.dat
Using Perfare's Il2CppDumper:
Download released version: https://github.com/Perfare/Il2CppDumper/releases
Launch Il2CppDumper.exe, the program want you to select the ELF file or Mach-O file. Select libil2cpp.so file. The dialog box should appear again. Select global-metadata.dat file.
The program asks you to select mode. Manual (1) or auto (2)
Auto mode:
Automatically find the required offsets to dump il2cpp.
Press 2 and the file dump.cs will be created
Skip reading manual mode if you don't want to use manual mode.
Manual mode:
The manual mode is the complicated steps to dump il2cpp. Auto mode does tell you the offsets, but I would like to show you how to find offsets to manually dump il2cpp.
Disassemble libil2cpp.so in IDA Pro. Click on Search -> Sequence of bytes...
Search this hex
Code:
1C 00 9F E5 20 10 9F E5 00 20 8F E0
IDA should jump to this function
But there's no unk offsets, right? now try this trick:
Right click on loc_xxxxxxx and select Create Function, you will get the unk offsets
In the console app, press 1, it will ask you to input the CodeRegistration(R0). Input the unk offset of R0, R12, R2. Example: 15C70C4. Hit enter. Input MetadataRegistration(R1), and Hit enter.
The dump.cs file will be created
Using Katy's Il2CppInspector:
Download released version: https://github.com/djkaty/Il2CppInspector/releases
Skip this if you are using Perfare's Il2CppDumper
Extract the ZIP file. The il2cppdumper.exe can't run with just double-click, so you have to use CMD, "cd" to the path of Il2CppInspector or click File -> Open commandprompt, and type this command.
Usage:
Code:
Il2CppDumper [<binary-file> [<metadata-file> [<output-file>]]]Il2CppDumper = Execute Il2CppDumper.exe file
<binary-file> = Path of libil2cpp.so
<metadata-file> = Path of global-metadata.dat
<output-file> = Output file. You can name the file. Example: dumpedfile.cs
This is my example:
Code:
il2cppdumper "D:\Android apps + data\Craft Royale\libil2cpp.so" "D:\Android apps + data\Craft Royale\global-metadata.dat" "D:\Android apps + data\Craft Royale\dumped.cs"If you want to use command anywhere, add the PATH environment variable in Advanced System Properties
View the dumped file with Notepad++:
Right click on the dumped file and select Edit with Notepad++
You'll see a C# code. It's not a full code but the code tells you function names and offsets to mod.
To search, click Search -> Find...
To find all keyword, click on Find All in Current Document
If you never seen C# code before, I'll explain a bit what this method mean
Code:
public static int get_IsCheater(); // e8e9ccstatic is a static modified to declare a static member. This is not important to know
int is a data type. It can be float, double, boolean etc....
// e8e9cc is a comment. This tells you the real offset (sub_xxxxxx) to mod. You can search it in functions window in IDA
Fields and Properties are not modable, so don't look at them. Only look at fuctions under // Methods
Modding il2cpp game is the same as modding other .so file.
That's all.
Happy modding!
Credits:
iAndroHacker (this tutorial)
djkaty (Il2CppInspector https://github.com/djkaty/Il2CppInspector)
Perfare (Il2CppDumper https://github.com/Perfare/Il2CppDumper)
