search

djkaty / Il2CppInspector

Powerful automated tool for reverse engineering Unity IL2CPP binaries
http://www.djkaty.com
GNU Affero General Public License v3.0
2.62k stars 430 forks source link

2019.4.21f1 unsupported #148

Open AndnixSH opened 3 years ago

AndnixSH commented 3 years ago

It seems that all games that are upgraded to 2019.4.21f1 can't be dumped. There is no protection, I checked in metadata.dat file. Even crappy games like rip off among us Stickman 3D also can't be dumped

Files: il2cpp files.zip

Games: https://play.google.com/store/apps/details?id=zombie.survival.dead.shooting

https://play.google.com/store/apps/details?id=com.towerdefense.toywar2&hl=en_US

https://play.google.com/store/apps/details?id=com.os.falcon.yogame.stickfighter

Il2CppInspector Command-Line Edition
Version 2021.1
(c) 2017-2021 Katy Coe - www.djkaty.com - www.github.com/djkaty

Using plugin: IL2CPP API Discovery
Using plugin: Binary metadata field order deobfuscator
Using plugin: Metadata strings XOR decryptor
Using plugin: Binary file XOR decryptor
Detected metadata version 24,4
Processed 294930 relocations
Plugin Binary file XOR decryptor: Detecting encryption
Container format: ELF
Container endianness: Little
Architecture word size: 32-bit
Instruction set: ARM
Global offset: 0x0000000000000000
Symbol table(s) found with 2602 entries
No matches in symbol table
Required structures acquired from code heuristics. Initialization function: 0x000000000026E844
CodeRegistration struct found at 0x00000000017958B8 (file offset 0x017948B8)
MetadataRegistration struct found at 0x0000000001795E88 (file offset 0x01794E88)
The detected Il2CppCodeRegistration / Il2CppMetadataRegistration structs do not pass validation. This may mean that their fields have been re-ordered as a form of obfuscation and Il2CppInspector has not been able to restore the original order automatically. Consider re-ordering the fields in Il2CppBinaryClasses.cs and try again.
Analyze IL2CPP data: 1,85 sec
djkaty commented 3 years ago

Okay, good spot, I did add support up to 2019.4.22 recently but I actually missed something, just went back over the files and noticed my mistake. Triaging as high priority bug.

djkaty commented 3 years ago

Noting this bug also applies to 2020.2.4+

AndnixSH commented 3 years ago

Hmm, works fine on my own il2cpp project 2020.2.5f1 and 2020.3.0f1

I can reproduce this issue as well on my project compiled with 2019.4.21f1

test.zip

vans163 commented 3 years ago

getting the same thing, good ol il2cppdumper works just fine.

djkaty commented 3 years ago

As stated at the top of the repo homepage I'm on hiatus until May. If I have the opportunity to fix it before then I will, otherwise feel free to use Il2CppDumper if it meets your needs :)

AndnixSH commented 3 years ago

You can also use my Il2CppDumper GUI version till then :) https://platinmods.com/threads/il2cppdumper-gui-tool.7511/

vans163 commented 3 years ago

As stated at the top of the repo homepage I'm on hiatus until May. If I have the opportunity to fix it before then I will, otherwise feel free to use Il2CppDumper if it meets your needs :)

Yea ignore us douchbags :), no rush at all. 2019.4.22f is the unity ver I tried to decompile btw. PS enjoyed the il2cpp protobuf writeup, but using binaryninja HLIL makes for even quicker way to dump the tag indexes, and can be scripted right from C#.

esauvisky commented 3 years ago

I gave it a good shot at fixing this but had no luck at all, should it be a trivial task?

il2cppdumper is not a workaround for this scenario because I'm interested in the output of a plugin, not in dumping il2cpp itself. Any suggestions for dealing with this would be appreciated, be it by fixing this if it's not too hard and @djkaty can give some guidance (I even make PRs!) or by some workaround temporarily until the end of the hiatus, like using metadata dumped by il2cppdumper as an input for Il2CppInspector somehow or similar 🤷‍♂️

AndnixSH commented 3 years ago

Maybe this changes helps? https://github.com/Perfare/Il2CppDumper/commit/c09d464b01a8f4ee838bd2d7c6276d114adddbdf

djkaty commented 3 years ago

I'm working on it now

djkaty commented 3 years ago

I have posted a partial fix. This will not work in all circumstances (neither will Il2CppDumper from what I see) but should suffice for now. Please could you guys report back how you get on and post any examples here that don't work. Thanks!

guidra-rev commented 3 years ago

@djkaty Thank you, I can confirm the fix is working.

ventouris commented 3 years ago

I have an app I try to use with Unity 2019.4.25. When I dump the types.cs file from the GUI, it works and the proto classes are there. When I try to do it from NuGet package, I get the same error 

System.NotSupportedException: 'The detected Il2CppCodeRegistration / Il2CppMetadataRegistration structs do not pass validation. This may mean that their fields have been re-ordered as a form of obfuscation and Il2CppInspector has not been able to restore the original order automatically. Consider re-ordering the fields in Il2CppBinaryClasses.cs and try again.'
OsOmE1 commented 3 years ago

These issues were fixed after the latest release was posted. So the latest release/NuGet package don't have these changes. If you want to use the latest changes clone and build from source.

ventouris commented 3 years ago

Thank you a lot for your time. I have already built it locally (that's why I know it works with GUI instead). Is there any way to "force" the NuGet use the version I built locally or I need to wait for a new NuGet release?

OsOmE1 commented 3 years ago

Please use google next time before commenting. But you want to remove your existing NuGet package, build from source and add a project reference.