How to reverse engineer any Android game using Unity in 3 steps

LEVEL: ADVANCED

Unity is a cross-platform game development engine developed by Unity Technologies. It is widely used for creating both 2D and 3D games and applications. Unity allows developers to build applications for various platforms, including mobile devices, consoles, desktops, and augmented reality/virtual reality (AR/VR) devices.

Unity uses an intermediate language (IL) that gets compiled into C#, so at the end for your reverse engineering purposes, you are decompiling C# code.

For more info:

https://blog.unity.com/engine-platform/an-introduction-to-ilcpp-internals

Let’s start with the fun:

Step 1: Get the tool: Il2cppdumper

Download https://github.com/Perfare/Il2CppDumper (Unity il2cpp reverse engineer)


Give a try to my 💰 Smart Contract Security Analysis Platform: SecurityDegen! On-chain scans and security patterns search.


Step 2: Grab the APK needed files: libil2cpp.so & global-metadata.dat

Run the following commands in your Windows terminal.

First, unpack your android package:

apktool d game1.apk

Assuming the android game you are analysing is called “game1.apk”, apktool will extract the contents of the apk in a directory called “game1”.

Second, copy the required files into the il2cppdumper directory:

copy game1\lib\armeabi-v7a\libil2cpp.so .

copy game1\assets\bin\Data\Managed\Metadata\global-metadata.dat .

Third, decompile!

Il2cppDumper.exe libil2cpp.so global-metadata.dat game1_re\

Step 3: Show the code with DnSpy

Now open game1_re\DummyDll\Assembly-CSharp.dll with DnSpy.

Bonus track

Also you can use the following Frida wrapper to save time: https://github.com/vfsfitvnm/frida-il2cpp-bridge

You might be also read:

Learn Pentesting like a Pro
✅ The Ultimate Cheat Sheet for Android and iOS hacking: Part II (Dynamic Analysis)
In this post you will learn how to use different tools and frameworks to audit the security of running Apps in Android and Apple smartphones. Android emulators Genymotion Genymotion Cloud: Cloud-based Android emulators running on SaaS or as virtual images on AWS, GCP or Alibaba Cloud (PaaS…
Read more

Thanks for reading Learn Pentesting like a Pro! Subscribe for free to receive new posts.


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *