It can be fixed by adding #include at the top of the header file. On my case, the header file doesnt work by default, since custom data types like int32_t are not recognized. Like i said earlier, we can include the il2cpp.h header file to our hack. Now lets make a real hack from the data that we collected. This suggests that the Enem圜ontroller has a health component. In the start function of Enem圜ontroller Class, it get the Health component of the object and pass it to the m_health field. So if we call the Kill function on the Health field of the enemyobject, we should be able to kill that enemy object. While reversing the Enem圜ontroller class, i found out that it has a health field called m_Health which i assume handles the Health of the Enemy Object So this function do as what it sounds like, it will kill the object. It will also invoke the OnDamaged function stored in the OnDamaged Field. It takes a Health object as an argument, and it will set the CurrentHealth_k_BackingField field of the Health Object to 0.0 which i assume is the current Health of the object. While looking through the functions, i found one interesting function called $$Kill . When done right, you should now have detailed data types and functions in your ghidra. In there, select the script.json file generated by il2cppdumper. Click on the script tab, add the directory of il2cppdumper to your script directories and run the ghidra_with_struct script. Next, we need to run a script given to us by il2cppdumper called ghidra_with_struct.py . Then, import the il2cpp_ghidra.h by going to File>Parse C Code and add the il2cpp_ghidra.h . To start reverse engineering, open up ghidra and load the original gameassembly.dll in to it. Run the python script on the same directory of the header file and it will make a new header file called il2cpp_ghidra.h,which we can then use to ghidra. The script is called il2cpp_header_to_ghidra.py. But, fortunately for us, il2cppdumper provided us a script, to make this header file compatible with ghidra. We can also include these header files to ghidra to add its datatypes to ghidra. One of those files is il2cpp.h, we can include this header file when making our own hacks to aid us. To start, download il2cppdumper and dump the game’s GameAssembly.dll file. This is what allows hackers to easily reverse engineer these games. When unity games are compiled to il2cpp, its metadata are stored in \il2cpp_data\Metadata . For this writeup, we will be using again a demo game i made. It is harder to hack than mono but it is still fairly simple. Unlike mono, it is harder to decompile games in il2cpp since they are compiled to machine code. IL2CPP is a Unit圓d technology for converting C# code to C++ code and from there native compilation for a particular platform. ![]() This time, we will be hacking unity games compiled in il2cpp. Last writeup, we talk about how to hack unity games compiled on mono.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |