Jump to content

How to decompile Unity games using il2cpp dumper

Pulse

By Pulse
in iOS

 Share

Recommended Posts

  • Administrator
Pulse Apprentice

Pulse 13

Posted
  • Administrator
Posted

Extract the UnityFramework File

  1. Locate the UnityFramework Binary:

    • Navigate to the app's installation directory on the iOS device (requires jailbreak).
      This is the hidden content, please

       

    • Copy the UnityFramework file (a Mach-O executable) from the app bundle to your computer.

  2. Transfer Other Required Files:

    • Extract global-metadata.dat from:
      This is the hidden content, please

       

Prepare for Il2CppDumper

  • Install Il2CppDumper on your computer (available on GitHub).
  • Ensure you have:
    • The UnityFramework binary.
    • The corresponding global-metadata.dat.

Run Il2CppDumper

  1. Open Il2CppDumper and load the files:
    • Select global-metadata.dat first.
    • Then, select the UnityFramework binary.
  2. The tool will attempt to identify the game's architecture (e.g., ARM64) and process the binary.
  3. If successful, it will generate the following:
    • dump.cs: Decompiled C# scripts.
    • script.json: Metadata mappings for reverse engineering.

Troubleshooting

If the Dump Fails:

  • The UnityFramework binary might be encrypted or stripped.
  • Use a dumped UnityFramework from memory:
    • Run the game on the jailbroken iOS device.
    • Use tools like Frida or r2frida to dump the decrypted binary from memory:
      This is the hidden content, please

       

  • Re-run Il2CppDumper with the decrypted binary.

Missing Symbols:

  • Some Unity games strip symbols for security. In this case, you may need to manually reconstruct the mappings using tools like IDA Pro or Hopper.

Inspect Decompiled Code

  • Open dump.cs in a text editor to explore the C# code.
  • Use script.json alongside debuggers like IDA Pro or Ghidra to correlate native function calls and Unity methods.

Optional: Modify and Repackage

  1. Modify extracted code or assets if needed.
  2. Repackage the IPA with the updated files.
  3. Sign the IPA using a valid certificate and deploy it back to the device.

Useful Tools

  • Il2CppDumper: For dumping and decompiling IL2CPP games.
  • Frida/r2frida: For memory dumping.
  • IDA Pro or Ghidra: For analyzing stripped binaries.
  • ios-deploy or Xcode: For re-signing and deploying IPAs.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...