IL2CPP Games


New User
Thread Author
As your script kiddie fellow, i enjoy to read infosec and try it out my own environment. I have planned to write a tutorial about binary patching with radare2 on android this weekend. But something big is released, CVE-2016-5195 publicly disclosed. Attacks Linux kernel 2.6.22 and higher where mostly android kernel version at. So, i got a bit distracted, then playing with it and r2 (idea: What is the Dirty COW vulnerability and how does it impact mobile...). Thus, ended up forgot about the plan :p. Anyway, i decided to write about il2cpp a bit.​

>What is il2cpp?
From An introduction to IL2CPP internals – Unity Blog
The technology that we refer to as IL2CPP has two distinct parts.
  • An ahead-of-time (AOT) compiler
  • A runtime library to support the virtual machine
The AOT compiler translates Intermediate Language (IL), the low-level output from .NET compilers, to C++ source code. The runtime library provides services and abstractions like a garbage collector, platform-independent access to threads and files, and implementations of internal calls (native code which modifies managed data structures directly).​
>Any support on this thread?

Main Content
0. The purpose is
"To get a feel of modding il2cpp games. :3"
-GiMPY, 2016
1. git clone/Download the source GitHub - Jumboperson/Il2CppDumper: Better version of
2. Some important note before compiling
line 358
// These two pointers are the first two arguments passed to il2cpp::vm::MetadataCache::Register in the binary.
// Updating them manually should be fairly trivial, just find where il2cpp::vm::MetadataCache::Register is called and use the first two args for code and metadata respectively.
pCodeRegistration = (Il2CppCodeRegistration*)MapVATR(0x14860F8, pLibIl2Cpp);
pMetadataRegistration = (Il2CppMetadataRegistration*)MapVATR(0x14A7F78, pLibIl2Cpp);
The comment is straight forward, i dont have to explain it.
line 381
Well, its obvious that you (may) have to change this.
3. Compile.
4. Run it with `progname.exe > blabla.cs` since the output is directly written to stdout.​

After words
Thanks to Pokemon Go massive development, the modding community isnt going to dead anytime soon(probably).
[0x00000000]> fo
-- This software comes with no brain included. Please use your own.

  • John (JumboPerson) for his awesome Il2cpp dumper
  • Fallschirmjaeger


This work is licensed under a Creative Commons
Attribution 4.0 International License
Top Bottom