search

SamboyCoding / Cpp2IL

Work-in-progress tool to reverse unity's IL2CPP toolchain.
MIT License
1.56k stars 178 forks source link

Metadata v31 #297

Closed commonuserlol closed 2 weeks ago

commonuserlol commented 2 weeks ago

Hi, sorry for the wrong place for the issues. I am using your PR for Il2CppInspector for metadata v29. Unfortunately most games use the newer version. So fields placed in wrong order and processing fails. Is there any chance that you will look into?

SamboyCoding commented 2 weeks ago

There is no metadata v31.

commonuserlol commented 2 weeks ago

https://github.com/Perfare/Il2CppDumper/issues/797, tho Il2CppDumper kinda "died"

SamboyCoding commented 2 weeks ago

Custom engine or something. There is not - as of unity 6 - a metadata v31.

commonuserlol commented 2 weeks ago

So metadata is obfuscated? I had that with some games, they all using unity 2022+ with error:

Il2CppInspector Command-Line Edition
Version 2021.1+a165b63b5aecb76c50b7ddb435b9d35bf7a44fe7
(c) 2017-2021 Katy Coe - www.djkaty.com - www.github.com/djkaty

Using plugin: IL2CPP API Discovery
Using plugin: Binary metadata field order deobfuscator
Using plugin: Metadata strings XOR decryptor
Using plugin: Binary file XOR decryptor
Extracting metadata from (archive)/assets/bin/Data/Managed/Metadata/global-metadata.dat
Detected metadata version 29
Extracting binary from lib/arm64-v8a/libil2cpp.so
Processed XXXXXX relocations
Plugin Binary file XOR decryptor: Detecting encryption
Container format: ELF64
Container endianness: Little
Architecture word size: 64-bit
Instruction set: ARM64
Global offset: 0x0000000000000000
Symbol table(s) found with XXX entries
No matches in symbol table
No matches via code heuristics
Required structures acquired from data heuristics
CodeRegistration struct found at 0x000000000XXXXXXX (file offset 0x0XXXXXXX)
MetadataRegistration struct found at 0x000000000XXXXXXX (file offset 0x0XXXXXXX)
The detected Il2CppCodeRegistration / Il2CppMetadataRegistration structs do not pass validation. This may mean that their fields have been re-ordered as a form of obfuscation and Il2CppInspector has not been able to restore the original order automatically. Consider re-ordering the fields in Il2CppBinaryClasses.cs and try again.
Analyze IL2CPP data: 100.20 sec
commonuserlol commented 2 weeks ago

Just tried Cpp2IL, works unlike Il2CppInspector

SamboyCoding commented 2 weeks ago

Detected metadata version 29

from your il2cppinspector log

no idea what dumper is doing or where it's getting 31 from but this is just v29

commonuserlol commented 1 week ago

What about minor versions of v29? Can we get exact version (29.1, 29.2, ...) without unity version like inspector does?

SamboyCoding commented 1 week ago

--verbose will log minor version.

commonuserlol commented 1 week ago

I'm talking about il2cppinspector, else can/will Cpp2IL generate stuff for disassembler like Ghidra or IDA?

YogeLike commented 1 day ago

Custom engine or something. There is not - as of unity 6 - a metadata v31.

I test unity6 and unity 22.3.35f1, it is confused that unity 6 are metadata v29 and unity22.3.35f1 are metadata v31

commonuserlol commented 1 day ago

Cpp2IL now have v31 support