How To Unlink Unity Functions (IL2CPP)

independentTurtle

independentTurtle

New User
1
07/24/20
1
Thread Author
Well modding Android Games is fun and I wanted to completely kill a function so I did some research.

Imagine we have a Character Class, this class has an Update function, and this class also has a function something like this private void Die();
Yeah I know, it's not that crazy but I'm trying to keep it simple for the sake of this tutorial 😅.

Let's say we wanna hook the update function
C++: 
//This is a function pointer to the function private void Die
void (*function_ptr)(void* classPtr) =  (void (*)(void*))getAddressFromOffset("gamelib.so", 0x12345678);

void(*old_UpdateData)(void *classPtr);
void UpdateData(void *classPtr) {
      function_ptr(classPtr);
}

But without any check, that would everything and everyone right? Even us. So what we want to achieve is to unlink this function thus keeping us alive.
Let's suppose we found a BOOL that checks if it's you: private bool myCharKey; // 0x24

now for the funsies let's say it's not in the same class, it's in the " CharacterAttributes " class.
So we try to find an instance to this class. Lucky! Our Character class has a field for CharacterAttributes!
private CharData chardata; // 0x24
So we will use this instance to get the field in CharacterAttributes and check if is our character.

That would pretty much look like this, in case you were wondering :D
C++: 
void (*function_ptr)(void* classPtr) =  (void (*)(void*))getAddressFromOffset("gamelib.so", 0x12345678);
void(*old_UpdateData)(void *classPtr);
void UpdateData(void *classPtr) {
    void *chardata= *(void**)((uint64_t)classPtr+ 0x20);
    if(chardata){
        bool myCharKey= *(bool*)((uint64_t)chardata+ 0x24);
        if(!myCharKey){
            function_ptr(classPtr);
        }
    }
}

So know you successfully unlinked and everybody dies except you! 😁

Easy as that, hope it helped.
 
I was wondering if, this may help to access banned account in a game? For example if there is a function that checks if account is banned or not and if banned, preventing you from accessing it. May trying to kill the function solve the issue?
 
Nosgard said:
I was wondering if, this may help to access banned account in a game? For example if there is a function that checks if account is banned or not and if banned, preventing you from accessing it. May trying to kill the function solve the issue?
Click to expand...
mostly the data that is shown if the account is banned is stored on db with an column having a value for the type of the account (account rights) and on most online game this might be pretty impossible to workaround.
If the server doesn't get your account type when requesting a login to the gameserver pretty much throws an error or game crashes.
 
You must log in or register to reply here.
Back
Top Bottom