Decompile il2cpp so Instead, I want to focus on the opposite perspective: how do we reverse engineer compiled IL2CPP binaries? If you need IL2CPP tooling, I recommend my friend and colleague's excellent project Cpp2IL which is a work-in-progress tool to convert IL2CPP binaries directly back into IL code which can be easily viewed in dnSpy etc. so? Armed with this experience, write a small and simple C# app. If targeting . The dummy. It is harder to hack than mono but it is Aug 10, 2023 · IL2CPP Dumper If want more insight into how the public methods are doing what they do, we'll need to decompile. Procyon Decompiler doesn’t have the option to exclude a single class, so I removed it from the JAR file. Some games can detect tampered lib file, detect tampered APK file, and detect hooking. Last writeup, we talk about how to hack unity games compiled on mono. so) inside the APK of Unity with IL2CPP scripting backed? Feb 12, 2020 · Support for all IL2CPP versions from Unity 5. 3. Jul 25, 2023 · First off - of course no obfuscation is foolproof, nonetheless I would like to stop fools from being able to read the source scripts. Apologies for the lengthy post. NET virtual machine, see how loops are generated and more! An opensource mega-tool for modding il2cpp games including deobfuscation, script generation, cloud file sharing, arm hex conversion, and more - HorridModz/Il2cppWorkshop Feb 18, 2021 · Next step is using a Java decompiler. dll or libil2cpp. 2 - Windows 7 and above GUI Features: · Set output directory · Set registration offsets · Drag and drop support · Save settings · Log output in realtime · Support APK and IPA dump automation · Switch between Il2CppDumper and Feb 23, 2021 · Posts about IL2CPP written by DJ KatyThis is a continuation of the Reverse Engineering Adventures: Honkai Impact 3rd mini-series – read part 1 and part 2 first! Recap So far, we have decrypted global-metadata. so in IDA Pro. The mod site here has a question about IL2CPP: Is it possible to deobfuscate Il2Cpp game? - Platinmods. Contribute to Livku2/LivkuDumper development by creating an account on GitHub. Contribute to AndnixSH/Auto-Il2cppDumper development by creating an account on GitHub. Finally tackle your actual target. Dec 1, 2023 · Hello GameGuardian community! Today, I'm excited to share a video tutorial on discovering techniques for Android Unity Game Modding. /il2cpp. IL2CPP is a Unity3d technology for converting C# code to C++ code and from there native compilation for a particular platform. hello everyone, in this tutorial i'm gonna teach you how to dump and mod libil2cpp. Unlike mono, it is harder to decompile games in il2cpp since they are compiled to machine code. I wanted to understand how most of the game works. The Ghidra version I'm using is 9. ps1 -help for usage instructions The Roslyn C# compiler will now only be invoked for the Cpp2IL is currently undergoing a major rewrite. The first step is to unhollow again, but this time using a tool called IL2CPP Dumper which has Ghidra in mind as the final destination. It's similar to normal human languages, you can translate something said in English into Spanish or French or Japanese. Jun 15, 2022 · Run the following commands in your Windows terminal. About Unstripped libunity. Note: expect this entire process to take upwards of an hour. Contribute to AndnixSH/Il2CppDumper-GUI development by creating an account on GitHub. ps1. GitHub Gist: instantly share code, notes, and snippets. so以获取函数体内部逻辑。 Nov 6, 2019 · Introduction Unity games are built using C#, an open language developed by Microsoft and widely used in the game industry. Understanding how to use the IL2CPP dumper is vital. It is always a matter of How to use Il2CppDumper | Unity Il2CPP Game Modding Cyborg Elf 47. This time, we will be hacking unity games compiled in il2cpp. If wanting to extract shaders then Intel GPA or RenderDoc will be of great assistance. If the game is using IL2CPP, then you will need to use Ghidra or similar which requires you know assembly code, and machine code in certain circumstances. In this guide we'll outline the steps required to extract the C# code using Binary Ninja is an interactive decompiler, disassembler, debugger, and binary analysis platform built by reverse engineers, for reverse engineers. dat. Second, copy the required files into the il2cppdumper directory: copy game1\lib\armeabi-v7a\libil2cpp. First, unpack your android package: apktool d game1. NET method signatures, generic method instantiation and Jul 1, 2018 · Extract . Jan 25, 2024 · Hacky Ghidra decompiled Unity IL2CPP to C# script. com - Android & iOS MODs, Mobile Games Sep 14, 2025 · 本文介绍如何使用IL2CppDumper工具逆向Unity游戏中使用IL2CPP方式打包的APK,获取Assembly-CSharp. This project is based on BrianGIG Auto-Il2cppDumper which I continue to maintain it Big thanks to @BryanGIG **This may not work with some games with higher protections. Each section focuses on a discrete workflow, combining explanations, code snippets, and screenshots that demonstrate the expected output. First, download and extract the Latest Release of the tool. Legal notice Dec 27, 2020 · As you work through the text below, I recommend you create an empty Unity project targeting IL2CPP and build it as described in part 1 so that you can look at each referenced function in the source code as you follow along. Aug 26, 2019 · Analyzing il2cpp. NET assemblies, structure definitions, disassembler scripts, and decompiled C# code. NET metadata from il2cpp binaries. Repeat all steps with increasing complexity. dat And if you prefer to mod the game by reading assembly then go ahead and use the free IDA pro offered to you earlier note: all files generated by il2cpp dumper are for reference only, and should not be modified directly. 1 is a minor feature update and maintenance release, containing dozens of bug fixes and small improvements. This repo contains an extension which doesn't really do anything yet. 🤷 IL2CPP Internals: A Tour of Generated Code This is the second blog post in the IL2CPP Internals series. 16f1. Developed with a focus on delivering a high-quality API for automation and a clean and usable GUI, Binary Ninja is in active use by malware analysts, vulnerability researchers, and software This guide will walk through how to decompile/reverse engineer IL2CPP games for modding usage. - ruinworld/Il2cpp-UnityExplorer Nov 13, 2024 · Decrypting IL2CPP Metadata and Assembly « Previous Thread Next Thread » Forum Jump analysis unity static-analysis decompiler reverse-engineering il2cpp il2cpp-metadata Updated 3 weeks ago C# Simple GUI version of Il2CppDumper. dll并查看其内容。此外,还介绍了如何使用IDA逆向libil2cpp. csproj files) including assembly references for your Unity install The most detailed IDA script output available including full . How are certain IL constructs translated to C++? What provides the libil2cpp. Cpp2IL is currently undergoing a major rewrite. Generate an APK and try to de-compile it. So compiling is turning source code, in this case C#, into machine code which is something the computer can understand, this is a massive simplification because C# is actually compiled to an intermediate language but we're keeping things super simple. copy game1\assets\bin\Data Mar 10, 2023 · My personal blog. I'm attempting to decompile a dll that has gone through IL2CPP and I'm having some difficulty just getting the python scripts I generated from IL2CppInspector and Il2CppDumper to run properly. Aug 2, 2025 · Experiment with IL2CPP. This is a continuation of Il2CppInspector, by djkaty which has suspended development, and contains some new features and support for new metadata versions. so) and the metadata file, which is usually found in assets->bin->data->managed->metadata->global-metadata. This guide will walk through how to decompile/reverse engineer IL2CPP games for modding usage. My tool of choice so far is Procyon Decompiler: java -jar procyon-decompiler. For Android: Simply drop APK to start dump automation or extract libil2cpp. Auto mode does tell you the offsets, but I would like to show you how to find offsets to manually dump il2cpp. I opened libil2cpp. so) and the global-metadata. 4. Jan 1, 2021 · Reversing The IL2CPP. IL2CPP convert c# code to C++ and compiler to Assembly. Contribute to imadr/Unity-game-hacking development by creating an account on GitHub. CI builds for developers can be obtained from My Nuget Feed. so files for Oculus Quest (1/2) il2cpp games. exe. But today, it is still not enough. Is Pokemon go decompiled? Can deompiler a apk or ipa using IL2CPP ? Apr 2, 2021 · Hey guys, so as the title says i'm trying to decompile a game in Unity engine thats using IL2CPP. Universal IL2CPP Build Utility: The old binary generator script has been replaced with a significantly revamped build utility for PowerShell - il2cpp. so . Android and iOS games built with Unity ship with enough meta data to restore a significant portion of the original C# code base, including enumerations, class and method names and strings. so files (in this case it's libil2cpp. This includes decompiling the il2cpp library, dumping classes, and editing memory addresses using Game Guardian, IDA Pro, and il2cppdumper for patching memory addre. dat An in-game UI for exploring, debugging and modifying IL2CPP and Mono Unity games. 2. I imagine IL2CPP produces a particular set of C++ code for some C# code, so that seems reversible but C++ to machine code can be very different, which is why it is so impressive that this project works at all. The command-line interface has been simplified, going from a lot of command line options to a concept of output formats and processing layers. The Unity version that was used to make the dll is 2019. Note that there's a focus here on IL2CPP (because most of the games I've made mods for use this) but most of this guide is still relevant for non-IL2CPP mods. However, a lot of these formats and layers are not yet implemented, so We would like to show you a description here but the site won’t allow us. I tried using some How to use: This works as same as original Il2CppDumper but with GUI. There is a signature scheme I want to look at. NET or Mono then ILSpy or DotPeek can be used to translate the IL code back into C# or VB. Apr 19, 2025 · Il2CppDumper takes two primary inputs: the IL2CPP binary (like GameAssembly. May 21, 2017 · in unity they are compiled by il2cpp and you have to load the so files in a disassembler like IDA or Ghidra. 3 to 2020 Generates accurate well-formed C# code with syntactic sugar and language features up to C# 7. I firstly used a web debugging proxy to understand most of the protocol used, and already did two security reports to the support. so file from ARM or x86 folder (Android). jar -o game-procyon game-dex2jar. I only know that Unity games can be shipped in a way that all the game logic gets compiled into an il2cpp. so. so Time to analyze the code logic properly. The thing is i'm not really familiar with c#/c++ (I Jan 16, 2023 · To actually decompile the file, we will use Ghidra, an open-source reverse engineering tool that works on multiple platforms. But like human languages Sep 9, 2021 · -If metadata version is 27 and above, script will save start address on metadata. 3 Generate stub code Visual Studio solutions (with . Manual mode: The manual mode is the complicated steps to dump il2cpp. Also contains an index of which belong to which game. apk”, apktool will extract the contents of the apk in a directory called “game1”. 🤖 Choose a modding framework 📒 Set up repository 🛠️ Reverse engineering 📄 This guide gathers practical examples for working with the Il2CppInspector C++ scaffold and the IL2CPP API when reverse engineering Unity games. so in IDA, ran the generated script. I planned to convert Ghidra's P-code (intermediate representation of machine code) to C# and build a UI for viewing/editing decompiled C# inside Ghidra (similar to the existing C decompiler) but this approach was taking too long so I pivoted to writing a script which sends the code to an LLM to do all the work for me. apk Assuming the android game you are analysing is called “game1. We have observed that the string data is still out of our May 4, 2025 · Decompiling IL2CPP Games with Il2CppDumper and Ghidra This guide will walk through how to decompile/reverse engineer IL2CPP games for modding usage. However, a lot of these formats and layers are not yet implemented, so Unity il2cpp reverse engineer. Have something ready to do on the side while waiting for processing to finish. dat, and identified and resolved the data obfuscation of Il2CppGlobalMetadataHeader and the four obfuscated metadata tables. May 31, 2023 · Il2CppDumper without Magisk/Zygisk, dump il2cpp data at runtime, can bypass protection, encryption and obfuscation. jar This took a while and hanged up for a particular class for me. The tool processes these files and generates several outputs to aid in analysis, including restored . 7. Given that IL2CPP creates native code, it would seem that hackers have little (easy) way to decompile into source. Aug 30, 2016 · Dear All Pokemon Go made with Unity 3D and use IL2CPP. ) Requirements: - Net Framework 4. Do note that this dll doesn't have exclusively C# code in it; there Skip reading manual mode if you don't want to use manual mode. -It now select actual elf libs and show size. Hey! I've been trying to pick apart a rather simple android game made in Unity, but got absolutely stuck after encountering just what I was afraid of - Game logic translated into native code using the il2cpp library. Type . Click on Search -> Sequence of bytes Search this hex Code: Dec 1, 2023 · Discover Techniques for Android Unity Game reverse engineering Decompiling il2cpp Library, Dumping Classes, and Memory Address Editing with Game Guardian, ID Decompiling source code It looks like no major scripting is used there, unlike with, for example, Azur Lane All code is actually written in C# in Unity, and then compiled with IL2CPP into libil2cpp. dat file. so, so no way to extract IL or C# sources Use Il2CppInspector to extract C# types and generate script to use with Ghidra SRE Read this and this Jul 11, 2025 · This guide will walk through how to decompile/reverse engineer IL2CPP games for modding usage. so library, that gets loaded at runtime from the APK. However, Ghidra does not support NSO and IL2CPP binary out of the box, so we need some install something more to help us, namely: Il2CppInspector 2020. dat from \Data\Managed\Metadata\ For iOS: Open IPA as 7-zip or Winrar and extract binary file that does not have a file extension and open as binary file. A runtime il2cpp dumper for android. (types, methods, fields, etc. This is a step-by-step guide to how I write mods today. A guide for hacking unity games. so Library First things first, I don’t understand how this IL2CPP (Intermediate Language to C++) works. This is a mammoth task so please do go and support his work on this amazing project! Happy hacking, Katy. 3 days ago · This guide will walk through how to decompile/reverse engineer IL2CPP games for modding usage. Since my last post I've had time to find better ways to do things. But Pokemon Go is hacked. This branch represents work in progress, and is subject to change. sln and . Internal dumper for Unity3D libil2cpp. Disassemble libil2cpp. Jun 24, 2020 · There are several excellent guides about how IL2CPP generates code such as Unity’s own IL2CPP Internals blog series and Jackson Dunstan’s exquisitely detailed musings, so I’m not going to repeat that work here. In this post, we will investigate the C++ code generated by il2cpp. so files in unity games ,without using a pc, only with your smartphone*DIS Mar 22, 2023 · Is it actually possible to decompile the source code from . And now, I kind of am at a loss as to what tools that could help me deobfuscate it, as the resulting code from the il2cpp process is incredibly hard to read. Il2CppInspectorRedux helps you to reverse engineer IL2CPP applications, providing the most complete analysis currently available. Along the way, we will see how managed types are represented in native code, take a look at runtime checks used to support the . Apply anything you learned so far. Contribute to NamPhuThuy/Unity-Il2CppDumper development by creating an account on GitHub. So I tried decompiling the APK, just to find out it was Jun 5, 2022 · C# decompilers like dnSpy/ILSpy can then be used to read the code in a much more friendly syntax than x86 assembly. The IL2CPP Dumper extracts the metadata and IL2CPP data from the Unity game, making the code human-readable and easier to understand. Starting from the Init function of the UserPrefs class, I found that it constructs a class for encryption and decryption. Mar 29, 2022 · You just need the executable (libil2cpp. 6K subscribers Subscribe Nov 8, 2023 · From a friend I know that the source code can be stolen even if you build with IL2CPP, is there any way to prevent this? Nov 14, 2025 · Decompiling IL2CPP Games with Il2CppDumper and Ghidra This guide will walk through how to decompile/reverse engineer IL2CPP games for modding usage. dll's and the Hello fellow hackers, I am taking a deep look inside an Android Game I love. py with Alt+F7, waited a bit, located the relevant function, and hit F5 to decompile, yielding readable code. Extract global-metadata. jrrvrk jiwtybipx ers lwbbky murjzg uzvtb loah jfo rsvo wdmkcl rouuz xlcz osuak ohqlwi boogj