Fallschirmjäger
New User
- 3
- 10/19/16
- 6
Thread Author
As your script kiddie fellow, i enjoy to read infosec and try it out my own environment. I have planned to write a tutorial about binary patching with radare2 on android this weekend. But something big is released, CVE-2016-5195 publicly disclosed. Attacks Linux kernel 2.6.22 and higher where mostly android kernel version at. So, i got a bit distracted, then playing with it and r2 (idea: What is the Dirty COW vulnerability and how does it impact mobile...). Thus, ended up forgot about the plan
. Anyway, i decided to write about il2cpp a bit.
Introduction
>What is il2cpp?
From An introduction to IL2CPP internals – Unity Blog
The technology that we refer to as IL2CPP has two distinct parts.
>Any support on this thread?The technology that we refer to as IL2CPP has two distinct parts.
- An ahead-of-time (AOT) compiler
- A runtime library to support the virtual machine
No.
Main Content
0. The purpose is
2. Some important note before compiling
The comment is straight forward, i dont have to explain it.
Well, its obvious that you (may) have to change this.
3. Compile.
4. Run it with `progname.exe > blabla.cs` since the output is directly written to stdout.
1. git clone/Download the source GitHub - Jumboperson/Il2CppDumper: Better version of https://github.com/Jumboperson/PokemonGoDumper"To get a feel of modding il2cpp games. :3"
-GiMPY, 2016
2. Some important note before compiling
Code:
line 358
// These two pointers are the first two arguments passed to il2cpp::vm::MetadataCache::Register in the libil2cpp.so binary.
// Updating them manually should be fairly trivial, just find where il2cpp::vm::MetadataCache::Register is called and use the first two args for code and metadata respectively.
pCodeRegistration = (Il2CppCodeRegistration*)MapVATR(0x14860F8, pLibIl2Cpp);
pMetadataRegistration = (Il2CppMetadataRegistration*)MapVATR(0x14A7F78, pLibIl2Cpp);
Code:
line 381
LoadMetadata("C:\\Projects\\Android\\PokeGo\\0.35.0\\assets\\bin\\Data\\Managed\\Metadata\\global-metadata.dat");
3. Compile.
4. Run it with `progname.exe > blabla.cs` since the output is directly written to stdout.
After words
Thanks to Pokemon Go massive development, the modding community isnt going to dead anytime soon(probably).
Quote
Quote
Code:
[0x00000000]> fo
-- This software comes with no brain included. Please use your own.
Credits
- John (JumboPerson) for his awesome Il2cpp dumper
- Fallschirmjaeger