Obfuscation function name

[thienha1]

miHoYo start Obfuscate function name in HI3 that make me spend a lot of time to find out true function, so sad bruh :((

[JMBQ]

yeah, My response is to target by feature code so as not to bother with obfuscation

[thienha1]

yeah, My response is to target by feature code so as not to bother with obfuscation

So how to look & find out that make it work? Using IDA or something?

[JMBQ]

IDA or c/c++ source code

[thienha1]

IDA or c/c++ source code

But it seen il2cpp has been encrypted long time ago, and u still look good for true function? How? IDA take a lot of time to analysis this file....

[JMBQ]

IDA or c/c++ source code

But it seen il2cpp has been encrypted long time ago, and u still look good for true function? How? IDA take a lot of time to analysis this file....

The official will hide the api of il2cpp in 6.9.0, it may not be possible to make dump.cs at that time, IDA is always a reliable partner

[thienha1]

IDA or c/c++ source code

But it seen il2cpp has been encrypted long time ago, and u still look good for true function? How? IDA take a lot of time to analysis this file....

The official will hide the api of il2cpp in 6.9.0, it may not be possible to make dump.cs at that time, IDA is always a reliable partner

Yeah, i tried and got nothing from game This il2cpp API has been hided as u said..

[thienha1]

IDA or c/c++ source code

But it seen il2cpp has been encrypted long time ago, and u still look good for true function? How? IDA take a lot of time to analysis this file....

The official will hide the api of il2cpp in 6.9.0, it may not be possible to make dump.cs at that time, IDA is always a reliable partner

I hope they wont apply in SEA version, otherwise I dunno what to do next....

[thienha1]

What I got in libunity....hmm they change something there!!

[JMBQ]

What I got in libunity....hmm they change something there!!

Yes, this is how unity gets the api, this method is actually inside libil2cpp.so, and it's particularly obscure. When the SEA version is updated, the api will definitely be hidden

[thienha1]

What I got in libunity....hmm they change something there!!

Yes, this is how unity gets the api, this method is actually inside libil2cpp.so, and it's particularly obscure. When the SEA version is updated, the api will definitely be hidden

So sad, do you have solution for 6.9 update in the future?

[JMBQ]

As mentioned in the previous reply, IDA directly searches for the target method. No matter what tricks the official plays, the target method always exists, just find it.

[thienha1]

As mentioned in the previous reply, IDA directly searches for the target method. No matter what tricks the official plays, the target method always exists, just find it.

So how to get begin? I tried your method in https://github.com/JMBQ/dump-games/blob/main/进击的手游01：月圆之夜.md and I dont see this method like this

[JMBQ]

I mean using ida to directly find the sub_xxx where the cheat function is located

[thienha1]

You mean I have to find new offset of cheat function in libil2cpp.so at IDA and without dump? That's ok but it take a lot of time to find out true offset of cheat functions.. This file has more than 70k functions.. Also, we can find out another way to dump file and search text then ez to offset as we want like as your post before: https://github.com/JMBQ/dump-games/tree/main And since your GitHub created, you always search offset of functions like open file in IDA then read each function sub_XXXX?

[JMBQ]

Once you have the previous version of cheat offsets, it doesn't take a lot of time to find the new version of cheat offsets directly in ida, which is determined by proficiency. I understand you want to dump the new version very much, then you can try this solution below, I've packed it into zip format, you can just convert it to English. dump.zip

[thienha1]

I tried this solution and got nothing like this thing: Reality: "Once you have the previous version of cheat offsets", you mean if I have offsets in the old version then I has looking for HEX value in new version and compare to old version to determine new offset position?

[thienha1]

Hope you can find out something that can be dump!!