private static bool Init(byte[] il2cppBytes, byte[] metadataBytes, out Metadata metadata, out Il2Cpp il2Cpp)
{
var sanity = BitConverter.ToUInt32(metadataBytes, 0);
if (sanity != 0xFAB11BAF)
{
throw new InvalidDataException("ERROR: Metadata file supplied is not valid metadata file.");
}
Console.WriteLine("Initializing metadata...");
metadata = new Metadata(new MemoryStream(metadataBytes));
Console.WriteLine($"Metadata Version: {metadata.Version}");
//判断il2cpp的magic
var il2cppMagic = BitConverter.ToUInt32(il2cppBytes, 0);
var isElf = false;
var isPE = false;
var is64bit = false;
var isNSO = false;
var isRaw = false;
var baseAddr = 0UL;
switch (il2cppMagic)
{
default:
//throw new NotSupportedException("ERROR: il2cpp file not supported.");
Console.Write("Failed to recognize the format of il2cpp, processing it as raw memory file!");
isRaw = true;
Console.Write("Enter base address (in hex, like 23c000): ");
baseAddr = Convert.ToUInt64(Console.ReadLine(), 16);
Console.WriteLine("Select the bit width:");
Console.WriteLine("1.32bit 2.64bit");
var k = Console.ReadKey();
var choice = int.Parse(k.KeyChar.ToString()) - 1;
if (choice > 2 || choice < 0)
{
throw new InvalidDataException("ERROR: wrong bit width choice");
}
is64bit = choice == 1;
break;
case 0x304F534E:
isNSO = true;
is64bit = true;
break;
case 0x905A4D: //PE
isPE = true;
break;
case 0x464c457f: //ELF
isElf = true;
if (il2cppBytes[4] == 2) //ELF64
{
is64bit = true;
}
break;
case 0xCAFEBABE: //FAT Mach-O
case 0xBEBAFECA:
var machofat = new MachoFat(new MemoryStream(il2cppBytes));
Console.Write("Select Platform: ");
for (var i = 0; i < machofat.fats.Length; i++)
{
var fat = machofat.fats[i];
Console.Write(fat.magic == 0xFEEDFACF ? $"{i + 1}.64bit " : $"{i + 1}.32bit ");
}
Console.WriteLine();
var key = Console.ReadKey(true);
var index = int.Parse(key.KeyChar.ToString()) - 1;
var magic = machofat.fats[index % 2].magic;
il2cppBytes = machofat.GetMacho(index % 2);
if (magic == 0xFEEDFACF)
{
goto case 0xFEEDFACF;
}
else
{
goto case 0xFEEDFACE;
}
case 0xFEEDFACF: // 64bit Mach-O
is64bit = true;
break;
case 0xFEEDFACE: // 32bit Mach-O
break;
}
var version = config.ForceIl2CppVersion ? config.ForceVersion : metadata.Version;
Console.WriteLine("Initializing il2cpp file...");
var il2CppMemory = new MemoryStream(il2cppBytes);
if (isRaw)
{
il2Cpp = new Raw(il2CppMemory, baseAddr, is64bit, version, metadata.maxMetadataUsages);
}
else if (isNSO)
{
var nso = new NSO(il2CppMemory, version, metadata.maxMetadataUsages);
il2Cpp = nso.UnCompress();
}
else if (isPE)
{
il2Cpp = new PE(il2CppMemory, version, metadata.maxMetadataUsages);
}
else if (isElf)
{
if (is64bit)
{
il2Cpp = new Elf64(il2CppMemory, version, metadata.maxMetadataUsages);
}
else
{
il2Cpp = new Elf(il2CppMemory, version, metadata.maxMetadataUsages);
}
}
else if (is64bit)
{
il2Cpp = new Macho64(il2CppMemory, version, metadata.maxMetadataUsages);
}
else
{
il2Cpp = new Macho(il2CppMemory, version, metadata.maxMetadataUsages);
}
Console.WriteLine($"Il2Cpp Version: {il2Cpp.Version}");
Console.WriteLine("Searching...");
try
{
var flag = il2Cpp.PlusSearch(metadata.methodDefs.Count(x => x.methodIndex >= 0), metadata.typeDefs.Length);
if (!flag)
{
flag = il2Cpp.Search();
}
if (!flag)
{
flag = il2Cpp.SymbolSearch();
}
if (!flag)
{
Console.WriteLine("ERROR: Can't use auto mode to process file, try manual mode.");
Console.Write("Input CodeRegistration: ");
var codeRegistration = Convert.ToUInt64(Console.ReadLine(), 16);
Console.Write("Input MetadataRegistration: ");
var metadataRegistration = Convert.ToUInt64(Console.ReadLine(), 16);
il2Cpp.Init(codeRegistration, metadataRegistration);
return(true);
}
}
catch (Exception e)
{
Console.WriteLine(e);
Console.WriteLine("ERROR: An error occurred while processing.");
return(false);
}
return(true);
}
private static bool Init(byte[] il2cppBytes, byte[] metadataBytes, string stringVersion, int mode, out Metadata metadata, out Il2Cpp il2Cpp)
{
var sanity = BitConverter.ToUInt32(metadataBytes, 0);
if (sanity != 0xFAB11BAF)
{
throw new InvalidDataException("ERROR: Metadata file supplied is not valid metadata file.");
}
float fixedVersion;
var metadataVersion = BitConverter.ToInt32(metadataBytes, 4);
if (metadataVersion == 24)
{
if (stringVersion == null)
{
Console.WriteLine("Input Unity version: ");
stringVersion = Console.ReadLine();
}
try
{
var versionSplit = Array.ConvertAll(Regex.Replace(stringVersion, @"\D", ".").Split(new[] { "." }, StringSplitOptions.RemoveEmptyEntries), int.Parse);
var unityVersion = new Version(versionSplit[0], versionSplit[1]);
if (unityVersion >= Unity20201)
{
fixedVersion = 24.3f;
}
else if (unityVersion >= Unity20191)
{
fixedVersion = 24.2f;
}
else if (unityVersion >= Unity20183)
{
fixedVersion = 24.1f;
}
else
{
fixedVersion = metadataVersion;
}
}
catch
{
throw new InvalidDataException("You must enter the correct Unity version number");
}
}
else
{
fixedVersion = metadataVersion;
}
Console.WriteLine("Initializing metadata...");
metadata = new Metadata(new MemoryStream(metadataBytes), fixedVersion);
//判断il2cpp的magic
var il2cppMagic = BitConverter.ToUInt32(il2cppBytes, 0);
var isElf = false;
var isPE = false;
var is64bit = false;
var isNSO = false;
switch (il2cppMagic)
{
default:
throw new NotSupportedException("ERROR: il2cpp file not supported.");
case 0x304F534E:
isNSO = true;
is64bit = true;
break;
case 0x905A4D: //PE
isPE = true;
break;
case 0x464c457f: //ELF
isElf = true;
if (il2cppBytes[4] == 2) //ELF64
{
is64bit = true;
}
break;
case 0xCAFEBABE: //FAT Mach-O
case 0xBEBAFECA:
var machofat = new MachoFat(new MemoryStream(il2cppBytes));
Console.Write("Select Platform: ");
for (var i = 0; i < machofat.fats.Length; i++)
{
var fat = machofat.fats[i];
Console.Write(fat.magic == 0xFEEDFACF ? $"{i + 1}.64bit " : $"{i + 1}.32bit ");
}
Console.WriteLine();
var key = Console.ReadKey(true);
var index = int.Parse(key.KeyChar.ToString()) - 1;
var magic = machofat.fats[index % 2].magic;
il2cppBytes = machofat.GetMacho(index % 2);
if (magic == 0xFEEDFACF)
{
goto case 0xFEEDFACF;
}
else
{
goto case 0xFEEDFACE;
}
case 0xFEEDFACF: // 64bit Mach-O
is64bit = true;
break;
case 0xFEEDFACE: // 32bit Mach-O
break;
}
var version = config.ForceIl2CppVersion ? config.ForceVersion : metadata.Version;
Console.WriteLine("Initializing il2cpp file...");
var il2CppMemory = new MemoryStream(il2cppBytes);
if (isNSO)
{
var nso = new NSO(il2CppMemory, version, metadata.maxMetadataUsages);
il2Cpp = nso.UnCompress();
}
else if (isPE)
{
il2Cpp = new PE(il2CppMemory, version, metadata.maxMetadataUsages);
}
else if (isElf)
{
if (is64bit)
{
il2Cpp = new Elf64(il2CppMemory, version, metadata.maxMetadataUsages);
}
else
{
il2Cpp = new Elf(il2CppMemory, version, metadata.maxMetadataUsages);
}
}
else if (is64bit)
{
il2Cpp = new Macho64(il2CppMemory, version, metadata.maxMetadataUsages);
}
else
{
il2Cpp = new Macho(il2CppMemory, version, metadata.maxMetadataUsages);
}
if (mode == 0)
{
Console.WriteLine("Select Mode: 1.Manual 2.Auto");
var modeKey = Console.ReadKey(true);
mode = int.Parse(modeKey.KeyChar.ToString());
}
try
{
if (mode == 1)
{
Console.Write("Input CodeRegistration: ");
var codeRegistration = Convert.ToUInt64(Console.ReadLine(), 16);
Console.Write("Input MetadataRegistration: ");
var metadataRegistration = Convert.ToUInt64(Console.ReadLine(), 16);
il2Cpp.Init(codeRegistration, metadataRegistration);
return(true);
}
else if (mode == 2)
{
Console.WriteLine("Searching...");
var flag = il2Cpp.PlusSearch(metadata.methodDefs.Count(x => x.methodIndex >= 0), metadata.typeDefs.Length);
if (!flag)
{
flag = il2Cpp.Search();
}
if (!flag)
{
flag = il2Cpp.SymbolSearch();
}
if (!flag)
{
Console.WriteLine("ERROR: Can't use auto mode to process file, try manual mode.");
return(false);
}
}
else
{
Console.WriteLine("ERROR: You have to choose a mode.");
return(false);
}
}
catch (Exception e)
{
Console.WriteLine(e);
Console.WriteLine("ERROR: An error occurred while processing.");
return(false);
}
return(true);
}
private static bool Init(string il2cppPath, string metadataPath, out Metadata metadata, out Il2Cpp il2Cpp)
{
Console.WriteLine("Initializing metadata...");
var metadataBytes = File.ReadAllBytes(metadataPath);
metadata = new Metadata(new MemoryStream(metadataBytes));
Console.WriteLine($"Metadata Version: {metadata.Version}");
Console.WriteLine("Initializing il2cpp file...");
var il2cppBytes = File.ReadAllBytes(il2cppPath);
var il2cppMagic = BitConverter.ToUInt32(il2cppBytes, 0);
var il2CppMemory = new MemoryStream(il2cppBytes);
switch (il2cppMagic)
{
default:
throw new NotSupportedException("ERROR: il2cpp file not supported.");
case 0x6D736100:
var web = new WebAssembly(il2CppMemory);
il2Cpp = web.CreateMemory();
break;
case 0x304F534E:
var nso = new NSO(il2CppMemory);
il2Cpp = nso.UnCompress();
break;
case 0x905A4D: //PE
il2Cpp = new PE(il2CppMemory);
break;
case 0x464c457f: //ELF
if (il2cppBytes[4] == 2) //ELF64
{
il2Cpp = new Elf64(il2CppMemory);
}
else
{
il2Cpp = new Elf(il2CppMemory);
}
break;
case 0xCAFEBABE: //FAT Mach-O
case 0xBEBAFECA:
var machofat = new MachoFat(new MemoryStream(il2cppBytes));
Console.Write("Select Platform: ");
for (var i = 0; i < machofat.fats.Length; i++)
{
var fat = machofat.fats[i];
Console.Write(fat.magic == 0xFEEDFACF ? $"{i + 1}.64bit " : $"{i + 1}.32bit ");
}
Console.WriteLine();
var key = Console.ReadKey(true);
var index = int.Parse(key.KeyChar.ToString()) - 1;
var magic = machofat.fats[index % 2].magic;
il2cppBytes = machofat.GetMacho(index % 2);
il2CppMemory = new MemoryStream(il2cppBytes);
if (magic == 0xFEEDFACF)
{
goto case 0xFEEDFACF;
}
else
{
goto case 0xFEEDFACE;
}
case 0xFEEDFACF: // 64bit Mach-O
il2Cpp = new Macho64(il2CppMemory);
break;
case 0xFEEDFACE: // 32bit Mach-O
il2Cpp = new Macho(il2CppMemory);
break;
}
var version = config.ForceIl2CppVersion ? config.ForceVersion : metadata.Version;
il2Cpp.SetProperties(version, metadata.maxMetadataUsages);
Console.WriteLine($"Il2Cpp Version: {il2Cpp.Version}");
if (il2Cpp.Version >= 27 && il2Cpp is ElfBase elf && elf.IsDumped)
{
Console.WriteLine("Input global-metadata.dat dump address:");
metadata.Address = Convert.ToUInt64(Console.ReadLine(), 16);
}
Console.WriteLine("Searching...");
try
{
var flag = il2Cpp.PlusSearch(metadata.methodDefs.Count(x => x.methodIndex >= 0), metadata.typeDefs.Length, metadata.imageDefs.Length);
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
if (!flag && il2Cpp is PE)
{
Console.WriteLine("Use custom PE loader");
il2Cpp = PELoader.Load(il2cppPath);
il2Cpp.SetProperties(version, metadata.maxMetadataUsages);
flag = il2Cpp.PlusSearch(metadata.methodDefs.Count(x => x.methodIndex >= 0), metadata.typeDefs.Length, metadata.imageDefs.Length);
}
}
if (!flag)
{
flag = il2Cpp.Search();
}
if (!flag)
{
flag = il2Cpp.SymbolSearch();
}
if (!flag)
{
Console.WriteLine("ERROR: Can't use auto mode to process file, try manual mode.");
Console.Write("Input CodeRegistration: ");
var codeRegistration = Convert.ToUInt64(Console.ReadLine(), 16);
Console.Write("Input MetadataRegistration: ");
var metadataRegistration = Convert.ToUInt64(Console.ReadLine(), 16);
il2Cpp.Init(codeRegistration, metadataRegistration);
return(true);
}
}
catch (Exception e)
{
Console.WriteLine(e);
Console.WriteLine("ERROR: An error occurred while processing.");
return(false);
}
return(true);
}
private static void Init(byte[] il2cppBytes, byte[] metadataBytes)
{
var sanity = BitConverter.ToUInt32(metadataBytes, 0);
if (sanity != 0xFAB11BAF)
{
throw new Exception("ERROR: Metadata file supplied is not valid metadata file.");
}
float fixedMetadataVersion;
var metadataVersion = BitConverter.ToInt32(metadataBytes, 4);
if (metadataVersion == 24)
{
Console.WriteLine("Input Unity version (Just enter the first two numbers eg. *.*, ****.*): ");
var str = Console.ReadLine();
try
{
var strs = Array.ConvertAll(str.Split('.'), int.Parse);
var unityVersion = new Version(strs[0], strs[1]);
if (unityVersion >= Unity20191)
{
fixedMetadataVersion = 24.2f;
}
else if (unityVersion >= Unity20183)
{
fixedMetadataVersion = 24.1f;
}
else
{
fixedMetadataVersion = metadataVersion;
}
}
catch
{
throw new Exception("You must enter the correct Unity version number");
}
}
else
{
fixedMetadataVersion = metadataVersion;
}
Console.WriteLine("Initializing metadata...");
metadata = new Metadata(new MemoryStream(metadataBytes), fixedMetadataVersion);
//判断il2cpp的magic
var il2cppMagic = BitConverter.ToUInt32(il2cppBytes, 0);
var isElf = false;
var isPE = false;
var is64bit = false;
var isNSO = false;
switch (il2cppMagic)
{
default:
throw new Exception("ERROR: il2cpp file not supported.");
case 0x304F534E:
isNSO = true;
is64bit = true;
break;
case 0x905A4D: //PE
isPE = true;
break;
case 0x464c457f: //ELF
isElf = true;
if (il2cppBytes[4] == 2) //ELF64
{
is64bit = true;
}
break;
case 0xCAFEBABE: //FAT Mach-O
case 0xBEBAFECA:
var machofat = new MachoFat(new MemoryStream(il2cppBytes));
Console.Write("Select Platform: ");
for (var i = 0; i < machofat.fats.Length; i++)
{
var fat = machofat.fats[i];
Console.Write(fat.magic == 0xFEEDFACF ? $"{i + 1}.64bit " : $"{i + 1}.32bit ");
}
Console.WriteLine();
var key = Console.ReadKey(true);
var index = int.Parse(key.KeyChar.ToString()) - 1;
var magic = machofat.fats[index % 2].magic;
il2cppBytes = machofat.GetMacho(index % 2);
if (magic == 0xFEEDFACF)
{
goto case 0xFEEDFACF;
}
else
{
goto case 0xFEEDFACE;
}
case 0xFEEDFACF: // 64bit Mach-O
is64bit = true;
break;
case 0xFEEDFACE: // 32bit Mach-O
break;
}
Console.WriteLine("Select Mode: 1.Manual 2.Auto 3.Auto(Plus) 4.Auto(Symbol)");
var modeKey = Console.ReadKey(true);
var version = config.ForceIl2CppVersion ? config.ForceVersion : metadata.version;
Console.WriteLine("Initializing il2cpp file...");
if (isNSO)
{
var nso = new NSO(new MemoryStream(il2cppBytes), version, metadata.maxMetadataUsages);
il2cpp = nso.UnCompress();
}
else if (isPE)
{
il2cpp = new PE(new MemoryStream(il2cppBytes), version, metadata.maxMetadataUsages);
}
else if (isElf)
{
if (is64bit)
{
il2cpp = new Elf64(new MemoryStream(il2cppBytes), version, metadata.maxMetadataUsages);
}
else
{
il2cpp = new Elf(new MemoryStream(il2cppBytes), version, metadata.maxMetadataUsages);
}
}
else if (is64bit)
{
il2cpp = new Macho64(new MemoryStream(il2cppBytes), version, metadata.maxMetadataUsages);
}
else
{
il2cpp = new Macho(new MemoryStream(il2cppBytes), version, metadata.maxMetadataUsages);
}
if (modeKey.KeyChar != '1')
{
Console.WriteLine("Searching...");
}
try
{
bool flag;
switch (modeKey.KeyChar)
{
case '1': //Manual
Console.Write("Input CodeRegistration: ");
var codeRegistration = Convert.ToUInt64(Console.ReadLine(), 16);
Console.Write("Input MetadataRegistration: ");
var metadataRegistration = Convert.ToUInt64(Console.ReadLine(), 16);
il2cpp.Init(codeRegistration, metadataRegistration);
flag = true;
break;
case '2': //Auto
flag = il2cpp.Search();
break;
case '3': //Auto(Plus)
flag = il2cpp.PlusSearch(metadata.methodDefs.Count(x => x.methodIndex >= 0), metadata.typeDefs.Length);
break;
case '4': //Auto(Symbol)
flag = il2cpp.SymbolSearch();
break;
default:
return;
}
if (!flag)
{
throw new Exception();
}
}
catch
{
throw new Exception("ERROR: Can't use this mode to process file, try another mode.");
}
}
private static bool Init(string il2cppPath, string metadataPath, string nameTranslationPath, out Metadata metadata, out Il2Cpp il2Cpp)
{
Console.WriteLine("Initializing metadata...");
var metadataBytes = File.ReadAllBytes(metadataPath);
var stringDecryptionInfo = MetadataDecryption.DecryptMetadata(metadataBytes);
metadata = new Metadata(new MemoryStream(metadataBytes), stringDecryptionInfo, nameTranslationPath);
Console.WriteLine($"Metadata Version: {metadata.Version}");
Console.WriteLine("Initializing il2cpp file...");
var il2cppBytes = File.ReadAllBytes(il2cppPath);
var il2cppMagic = BitConverter.ToUInt32(il2cppBytes, 0);
var il2CppMemory = new MemoryStream(il2cppBytes);
switch (il2cppMagic)
{
default:
throw new NotSupportedException("ERROR: il2cpp file not supported.");
case 0x6D736100:
var web = new WebAssembly(il2CppMemory);
il2Cpp = web.CreateMemory();
break;
case 0x304F534E:
var nso = new NSO(il2CppMemory);
il2Cpp = nso.UnCompress();
break;
case 0x905A4D: //PE
il2Cpp = new PE(il2CppMemory);
break;
case 0x464c457f: //ELF
if (il2cppBytes[4] == 2) //ELF64
{
il2Cpp = new Elf64(il2CppMemory);
}
else
{
il2Cpp = new Elf(il2CppMemory);
}
break;
case 0xCAFEBABE: //FAT Mach-O
case 0xBEBAFECA:
var machofat = new MachoFat(new MemoryStream(il2cppBytes));
Console.Write("Select Platform: ");
for (var i = 0; i < machofat.fats.Length; i++)
{
var fat = machofat.fats[i];
Console.Write(fat.magic == 0xFEEDFACF ? $"{i + 1}.64bit " : $"{i + 1}.32bit ");
}
Console.WriteLine();
var key = Console.ReadKey(true);
var index = int.Parse(key.KeyChar.ToString()) - 1;
var magic = machofat.fats[index % 2].magic;
il2cppBytes = machofat.GetMacho(index % 2);
il2CppMemory = new MemoryStream(il2cppBytes);
if (magic == 0xFEEDFACF)
{
goto case 0xFEEDFACF;
}
else
{
goto case 0xFEEDFACE;
}
case 0xFEEDFACF: // 64bit Mach-O
il2Cpp = new Macho64(il2CppMemory);
break;
case 0xFEEDFACE: // 32bit Mach-O
il2Cpp = new Macho(il2CppMemory);
break;
}
var version = config.ForceIl2CppVersion ? config.ForceVersion : metadata.Version;
il2Cpp.SetProperties(version, metadata.maxMetadataUsages);
Console.WriteLine($"Il2Cpp Version: {il2Cpp.Version}");
if (il2Cpp.Version >= 27 && il2Cpp is ElfBase elf && elf.IsDumped)
{
Console.WriteLine("Input global-metadata.dat dump address:");
metadata.Address = Convert.ToUInt64(Console.ReadLine(), 16);
}
Console.WriteLine("Searching...");
try
{
//var flag = il2Cpp.PlusSearch(metadata.methodDefs.Count(x => x.methodIndex >= 0), metadata.typeDefs.Length);
var flag = false;
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
if (!flag && il2Cpp is PE)
{
Console.WriteLine("Use custom PE loader");
il2Cpp = PELoader.Load(il2cppPath);
il2Cpp.SetProperties(version, metadata.maxMetadataUsages);
//flag = il2Cpp.PlusSearch(metadata.methodDefs.Count(x => x.methodIndex >= 0), metadata.typeDefs.Length);
}
}
/*if (!flag)
* {
* flag = il2Cpp.Search();
* }
* if (!flag)
* {
* flag = il2Cpp.SymbolSearch();
* }*/
if (true)
{
/*Console.WriteLine("ERROR: Can't use auto mode to process file, try manual mode.");
* Console.Write("Input CodeRegistration: ");
* var codeRegistration = Convert.ToUInt64(Console.ReadLine(), 16);
* Console.Write("Input MetadataRegistration: ");
* var metadataRegistration = Convert.ToUInt64(Console.ReadLine(), 16);*/
ProcessModuleCollection pms = Process.GetCurrentProcess().Modules;
ulong baseaddr = 0;
ProcessModule targetModule = null;
foreach (ProcessModule pm in pms)
{
if (pm.ModuleName == "UserAssembly.dll")
{
baseaddr = (ulong)pm.BaseAddress;
targetModule = pm;
break;
}
}
Console.WriteLine("baseadr: 0x" + baseaddr.ToString("x2"));
ulong codeRegistration = 0;
ulong metadataRegistration = 0;
// custom search
// searching .text for the following pattern:
// lea r8, [rip+0x????????]
// lea rdx, [rip+0x????????]
// lea rcx, [rip+0x????????]
// jmp [rip+0x????????]
// or...
// 4c 8d 05 ?? ?? ?? ??
// 48 8d 15 ?? ?? ?? ??
// 48 8d 0d ?? ?? ?? ??
// e9
// 22 bytes long
// .text is always the first section
var text_start = ((PE)il2Cpp).Sections[0].VirtualAddress + baseaddr;
var text_end = text_start + ((PE)il2Cpp).Sections[0].VirtualSize;
// functions are always aligned to 16 bytes
const int patternLength = 22;
byte[] d = new byte[patternLength];
for (ulong ptr = text_start; ptr < text_end - patternLength; ptr += 0x10)
{
Marshal.Copy((IntPtr)ptr, d, 0, patternLength);
if (
d[0] == 0x4C && d[1] == 0x8D && d[2] == 0x05 &&
d[7] == 0x48 && d[8] == 0x8D && d[9] == 0x15 &&
d[14] == 0x48 && d[15] == 0x8D && d[16] == 0x0D &&
d[21] == 0xE9
)
{
codeRegistration = ptr + 21 + BitConverter.ToUInt32(d, 14 + 3);
metadataRegistration = ptr + 14 + BitConverter.ToUInt32(d, 7 + 3);
Console.WriteLine($"Found the offsets! codeRegistration: 0x{(codeRegistration - baseaddr).ToString("X2")}, metadataRegistration: 0x{(metadataRegistration - baseaddr).ToString("X2")}");
break;
}
}
if (codeRegistration == 0 && metadataRegistration == 0)
{
Console.WriteLine("Failed to find CodeRegistration and MetadataRegistration, go yell at Khang");
return(false);
}
il2Cpp.Init(codeRegistration, metadataRegistration);
return(true);
}
}
catch (Exception e)
{
Console.WriteLine(e);
Console.WriteLine("ERROR: An error occurred while processing.");
return(false);
}
return(true);
}
private bool Init(string il2cppPath, string metadataPath, out Metadata metadata, out Il2Cpp il2Cpp)
{
string Mach_O = "2";
Invoke(new Action(delegate()
{
if (!use64bitMach_O)
{
Mach_O = "1";
}
}));
this.Log("Read config...");
if (File.Exists(realPath + "config.json"))
{
config = JsonConvert.DeserializeObject <Config>(File.ReadAllText(Application.StartupPath + Path.DirectorySeparatorChar + @"config.json"));
}
else
{
config = new Config();
Log("config.json file does not exist. Using defaults", Color.Yellow);
}
this.Log("Initializing metadata...");
var metadataBytes = File.ReadAllBytes(metadataPath);
metadata = new Metadata(new MemoryStream(metadataBytes));
this.Log($"Metadata Version: {metadata.Version}");
this.Log("Initializing il2cpp file...");
var il2cppBytes = File.ReadAllBytes(il2cppPath);
var il2cppMagic = BitConverter.ToUInt32(il2cppBytes, 0);
var il2CppMemory = new MemoryStream(il2cppBytes);
switch (il2cppMagic)
{
default:
throw new NotSupportedException("ERROR: il2cpp file not supported.");
case 0x6D736100:
var web = new WebAssembly(il2CppMemory);
il2Cpp = web.CreateMemory();
break;
case 0x304F534E:
var nso = new NSO(il2CppMemory);
il2Cpp = nso.UnCompress();
break;
case 0x905A4D: //PE
il2Cpp = new PE(il2CppMemory);
break;
case 0x464c457f: //ELF
if (il2cppBytes[4] == 2) //ELF64
{
il2Cpp = new Elf64(il2CppMemory);
}
else
{
il2Cpp = new Elf(il2CppMemory);
}
break;
case 0xCAFEBABE: //FAT Mach-O
case 0xBEBAFECA:
var machofat = new MachoFat(new MemoryStream(il2cppBytes));
for (var i = 0; i < machofat.fats.Length; i++)
{
var fat = machofat.fats[i];
//Console.Write(fat.magic == 0xFEEDFACF ? $"{i + 1}.64bit " : $"{i + 1}.32bit ");
}
var index = int.Parse(Mach_O) - 1;
var magic = machofat.fats[index % 2].magic;
il2cppBytes = machofat.GetMacho(index % 2);
il2CppMemory = new MemoryStream(il2cppBytes);
if (magic == 0xFEEDFACF)
{
goto case 0xFEEDFACF;
}
else
{
goto case 0xFEEDFACE;
}
case 0xFEEDFACF: // 64bit Mach-O
il2Cpp = new Macho64(il2CppMemory);
break;
case 0xFEEDFACE: // 32bit Mach-O
il2Cpp = new Macho(il2CppMemory);
break;
}
var version = config.ForceIl2CppVersion ? config.ForceVersion : metadata.Version;
il2Cpp.SetProperties(version, metadata.maxMetadataUsages);
this.Log($"Il2Cpp Version: {il2Cpp.Version}");
if (il2Cpp.Version >= 27 && il2Cpp is ElfBase elf && elf.IsDumped)
{
FormDump form = new FormDump();
form.dumpNoteLbl.Text = "Input global-metadata.dat dump address:";
form.Message = 0;
if (form.ShowDialog() == DialogResult.OK)
{
metadata.Address = Convert.ToUInt64(form.ReturnedText, 16);
this.Log("Inputted address: " + metadata.Address.ToString("X"));
}
}
this.Log("Searching...");
try
{
var flag = il2Cpp.PlusSearch(metadata.methodDefs.Count(x => x.methodIndex >= 0), metadata.typeDefs.Length, metadata.imageDefs.Length);
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
if (!flag && il2Cpp is PE)
{
this.Log("Use custom PE loader");
il2Cpp = PELoader.Load(il2cppPath);
il2Cpp.SetProperties(version, metadata.maxMetadataUsages);
flag = il2Cpp.PlusSearch(metadata.methodDefs.Count(x => x.methodIndex >= 0), metadata.typeDefs.Length, metadata.imageDefs.Length);
}
}
if (!flag)
{
flag = il2Cpp.Search();
}
if (!flag)
{
flag = il2Cpp.SymbolSearch();
}
if (!flag)
{
Log("ERROR: Can't use auto mode to process file, input offset pointers to try manual mode.", Color.Yellow);
var codeRegistration = Convert.ToUInt64(CodeRegistrationTxtBox.Text, 16);
var metadataRegistration = Convert.ToUInt64(metadataRegistrationTxtBox.Text, 16);
il2Cpp.Init(codeRegistration, metadataRegistration);
return(true);
}
}
catch (Exception ex)
{
Log("An error occurred while processing.", Color.Orange);
Log(ex.ToString(), Color.Orange);
return(false);
}
return(true);
}
private static bool Init(byte[] il2cppBytes, byte[] metadataBytes, string stringVersion, int mode, out Metadata metadata, out Il2Cpp il2Cpp, string[] args)
{
var sanity = BitConverter.ToUInt32(metadataBytes, 0);
if (sanity != 0xFAB11BAF)
{
throw new Exception("ERROR: Metadata file supplied is not valid metadata file.");
}
float fixedMetadataVersion;
var metadataVersion = BitConverter.ToInt32(metadataBytes, 4);
if (metadataVersion == 24)
{
if (stringVersion == null)
{
Console.WriteLine("Input Unity version: ");
stringVersion = Console.ReadLine();
}
try
{
var versionSplit = Array.ConvertAll(Regex.Replace(stringVersion, @"\D", ".").Split(new[] { "." }, StringSplitOptions.RemoveEmptyEntries), int.Parse);
var unityVersion = new Version(versionSplit[0], versionSplit[1]);
if (unityVersion >= Unity20191)
{
fixedMetadataVersion = 24.2f;
}
else if (unityVersion >= Unity20183)
{
fixedMetadataVersion = 24.1f;
}
else
{
fixedMetadataVersion = metadataVersion;
}
}
catch
{
throw new Exception("You must enter the correct Unity version number");
}
}
else
{
fixedMetadataVersion = metadataVersion;
}
Console.WriteLine("Initializing metadata...");
#if DEBUG_0
int sw = 0;
#elif DEBUG_1
int sw = 1;
#elif DEBUG_2
int sw = 2;
#elif DEBUG_3
int sw = 3;
#endif
switch (sw)
{
case 1:
metadata = new Metadata(new MemoryStream(metadataBytes), fixedMetadataVersion, "lobbylist.php?format=json-signed-unix&version=2&minimal=1", "serverlist/lobbylist.php?format=json-signed-unix&version=2&minimal=1" /*"serverlist?format=json-signed-unix&version=2&minimal=1"/*"serverlist/lobbylist.php"/*"serverlist?format=json-signed-unix&version=2&minimal=1"*/, "global-metadata2.dat");
break;
case 2:
metadata = new Metadata(new MemoryStream(metadataBytes), fixedMetadataVersion,
"https://api.scpslgame.com/",
"https://api.southwoodstudios.com/",
"global-metadata3.dat");
break;
case 3:
metadata = new Metadata(new MemoryStream(metadataBytes), fixedMetadataVersion,
"-----BEGIN PUBLIC KEY-----\r\nMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAmxZRMP03JfPEP/qt7n34Ryi74CDe\r\nRZy4er5dQynKaQ3vl1F4VRsSGN+jBrZPcX3GB2u0OTXNUA8hcIDRhVb+GgYAcDmY\r\n+7utHYAZBK3APSxGn46p1+IAChsgl9r93bQz7AJVxxWHYKEA78jMVz6qKHlqKc6a\r\nkUswVSYosQGvw/Agzb0=\r\n-----END PUBLIC KEY-----",
"-----BEGIN PUBLIC KEY-----\r\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqCycYK8K5jJlNoQPqIpADxUrWwTR\r\nudWDIbw/VSJzKb7NMeeQfKsvq1Wd8A+7bzx21pVGS3UYrgJfC3bS5rtsMA==\r\n-----END PUBLIC KEY-----",
"global-metadata4.dat");
break;
default:
metadata = new Metadata(new MemoryStream(metadataBytes), fixedMetadataVersion, ".scpslgame.com/", ".southwoodstudios.com/", "global-metadata.dat");
//metadata = new Metadata(new MemoryStream(metadataBytes), fixedMetadataVersion, "https://test.scpslgame.com/", "https://test.scpslgame.com/", "global-metadata.dat");
break;
}
//判断il2cpp的magic
var il2cppMagic = BitConverter.ToUInt32(il2cppBytes, 0);
var isElf = false;
var isPE = false;
var is64bit = false;
var isNSO = false;
switch (il2cppMagic)
{
default:
throw new Exception("ERROR: il2cpp file not supported.");
case 0x304F534E:
isNSO = true;
is64bit = true;
break;
case 0x905A4D: //PE
isPE = true;
break;
case 0x464c457f: //ELF
isElf = true;
if (il2cppBytes[4] == 2) //ELF64
{
is64bit = true;
}
break;
case 0xCAFEBABE: //FAT Mach-O
case 0xBEBAFECA:
var machofat = new MachoFat(new MemoryStream(il2cppBytes));
Console.Write("Select Platform: ");
for (var i = 0; i < machofat.fats.Length; i++)
{
var fat = machofat.fats[i];
Console.Write(fat.magic == 0xFEEDFACF ? $"{i + 1}.64bit " : $"{i + 1}.32bit ");
}
Console.WriteLine();
var key = Console.ReadKey(true);
var index = int.Parse(key.KeyChar.ToString()) - 1;
var magic = machofat.fats[index % 2].magic;
il2cppBytes = machofat.GetMacho(index % 2);
if (magic == 0xFEEDFACF)
{
goto case 0xFEEDFACF;
}
else
{
goto case 0xFEEDFACE;
}
case 0xFEEDFACF: // 64bit Mach-O
is64bit = true;
break;
case 0xFEEDFACE: // 32bit Mach-O
break;
}
var version = config.ForceIl2CppVersion ? config.ForceVersion : metadata.version;
Console.WriteLine("Initializing il2cpp file...");
if (isNSO)
{
var nso = new NSO(new MemoryStream(il2cppBytes), version, metadata.maxMetadataUsages);
il2Cpp = nso.UnCompress();
}
else if (isPE)
{
il2Cpp = new PE(new MemoryStream(il2cppBytes), version, metadata.maxMetadataUsages);
}
else if (isElf)
{
if (is64bit)
{
il2Cpp = new Elf64(new MemoryStream(il2cppBytes), version, metadata.maxMetadataUsages);
}
else
{
il2Cpp = new Elf(new MemoryStream(il2cppBytes), version, metadata.maxMetadataUsages);
}
}
else if (is64bit)
{
il2Cpp = new Macho64(new MemoryStream(il2cppBytes), version, metadata.maxMetadataUsages);
}
else
{
il2Cpp = new Macho(new MemoryStream(il2cppBytes), version, metadata.maxMetadataUsages);
}
if (mode == 0)
{
Console.WriteLine("Select Mode: 1.Manual 2.Auto 3.Auto(Plus) 4.Auto(Symbol)");
var modeKey = Console.ReadKey(true);
mode = int.Parse(modeKey.KeyChar.ToString());
}
if (mode != 1)
{
Console.WriteLine("Searching...");
}
try
{
bool flag;
switch (mode)
{
case 1: //Manual
Console.Write("Input CodeRegistration: ");
var codeRegistration = Convert.ToUInt64(Console.ReadLine(), 16);
Console.Write("Input MetadataRegistration: ");
var metadataRegistration = Convert.ToUInt64(Console.ReadLine(), 16);
il2Cpp.Init(codeRegistration, metadataRegistration);
flag = true;
break;
case 2: //Auto
flag = il2Cpp.Search();
break;
case 3: //Auto(Plus)
flag = il2Cpp.PlusSearch(metadata.methodDefs.Count(x => x.methodIndex >= 0), metadata.typeDefs.Length);
break;
case 4: //Auto(Symbol)
flag = il2Cpp.SymbolSearch();
break;
default:
Console.WriteLine("ERROR: You have to choose a mode.");
return(false);
}
if (!flag)
{
throw new Exception();
}
}
catch
{
throw new Exception("ERROR: Can't use this mode to process file, try another mode.");
}
return(true);
}