How to dump iOS Il2Cpp games

By

You might remember a long time ago I wrote a tutorial how to dump iOS Il2Cpp games manually, means you have to find the offset by yourself. Today, you don’t have to dump manually anymore, you can dump games easly with a few steps.

Note: I used iOS 14 at the time of writing this tutorial, so it might not be relevant for iOS 15 and above using rootless jailbreak. Don’t ask me to try on iOS 15 or above. I have no plan using latest iOS or buying new iDevices

First, you need decrypted IPA that contains decrypted binary. There are many ways how to obtain it:

a) Decrypted IPA Downloader: decrypt.day, anyipa.me, or others. You don’t even need a jailbroken device, you just download a decrypted IPA straight forward via a web browser

b) iOS Tweaks: CrackerXI+, DumpDecryptor. Jailbroken iOS device is required

Once installed, open it and choose the app you want to install. The decrypted IPA will be stored in /var/mobile/Documents/.

c) Scripts: appdecrypt, frida-ios-dump, frida-ios-hook. PC and a jailbroken iOS device required. Read the instructions how to use it

d) Grab binary and global-metadata.dat manually from jailbroken device (Not recommended because the binary not fully decrypted, dump may fail. It’s semi-decrypted)

  • Use Filza app.

  • Go to /var/containers/Bundle/Application/(App-UDID)/(AppName).app

  • Grab UnityFramework file from “/var/containers/Bundle/Application/(App-UDID)/(AppName).app/Frameworks/UnityFramework.framework/”. If it doesn’t exist, grab the binary file from “/var/containers/Bundle/Application/(App-UDID)/(AppName).app”. Usually the binary filename is usually same as (AppName).app folder.

  • Grab global-metadata.dat binary file from “/var/containers/Bundle/Application/(App-UDID)/(AppName).app/Data/Managed/Metadata/”

Transfering files from iOS to PC:

If you like, you can transfer the file to your PC using SSH. See tutorial how to setup SSH on iOS: How to Setup SSH Server on iPhone or iPad and transfer files from your PC? - Techglimpse
And use any FTP or SSH tool on your PC. I’m using WinSCP

1689781705923.png

Il2Cpp dumper tool

In order to dump il2cpp offsets, you need:

Once you downloaded the tool and obtained the decrypted binary or UnityFramework, we can proceed to dump the game

Il2CppDumper GUI support drag and dropping IPA file straight forward.

If you use original Il2CppDumper, open IPA file using any Zip Utility and extract UnityFramework from “Payload/(AppName).app/Frameworks/UnityFramework.framework/” (or binary file "Payload/(AppName).app/(AppName)), and global-metadata.dat “Payload/(AppName).app/Data/Managed/Metadata/”.

1689781508663.png

Launch Il2CppDumper, select UnityFramework/binary file, then select global-metadata.dat

Once dumped successfully, you will have a dump.cs, DummyDll, and other files.

1689781584212.png

Have fun modding

Popular Posts

[TOOL] Unity Assets Bundle Extractor

By
Image
Unity .assets and AssetBundle editor UABE is an editor for Unity 3.4+/4/5/2017/2018 .assets and AssetBundle files. It can create standalone mod installers from changes to .assets and/or bundles. Type information extracted from Unity is used in order to generate text representations of various asset types. Custom MonoBehaviour types also are supported. There are multiple plugins to convert Unity assets from/to common file formats : The Texture plugin can export and import .png and .tga files and decode&encode most texture formats used by Unity. The TextAsset plugin can export and import .txt files. The AudioClip plugin can export uncompressed .wav files from U5's AudioClip assets using FMOD, .m4a files from WebGL builds and Unity 4 sound files. The Mesh plugin can export .obj and .dae (Collada) files, also supporting rigged SkinnedMeshRenderers. The MovieTexture plugin can export and import .ogv (Ogg Theora) files.
Read more

Il2CppDumper GUI Android App

By
Image
This is @Perfare’s Modified version of il2cppDumper (GUI) for Android Supported Versions Android 5 - Android 13 API Level 21 - API Level 33 Tested Tested in Android 6, 10, 11, 12L physical device Download Download: Releases · Poko-Apps/Il2cppDumpDroidGUI Before Downloading the apk file , you should know this app may have one or multiple bugs maybe your device not compatible for this app Installation While installation process , play protect might warn you . Like this : If so then click ‘Install Anyway’. If installation failed for any reason, uninstall the previous version and try again !! Notes Protected Target’s can’t be dump by this dumper (same as @Perfare’s one) If you find any bug or problem then please kindly report it with proper information, I’ll try my best to resolve it. In low-end devices it take a while to dump . Output files directory is under ‘DumpDroid’ folder App is on active devlopment Often Asked Question Does it supports dumping w
Read more