Explains how to dump decrypted chart data from Cytus 2.
- Rooted android device (or emulator) capable of running GameGuardian
- IDA Pro 7.0+
- RoslynPad or LinqPad for .csx scripts
- Dump libil2cpp from memory (.so in apk is packed) and open it in IDA Pro. You can use something like GameGuardian for this. Keep in mind that there are 2 memory regions that make up the full binary.
- Run Il2CppDumper on the original .so file to get a python script that fixes symbol names. Modify the methods like this shown below and run in IDA Pro.
def SetString(addr, comm):
global index
name = "StringLiteral_" + str(index);
if (comm.startswith("Rayark.Cytus2.") and "." not in comm[14:]):
name = "Symbol_" + comm[14:]
ret = idc.MakeNameEx(addr, name, SN_NOWARN)
idc.MakeComm(addr, comm)
index += 1
def SetMethod(addr, name):
i = 0
MakeFunction(addr)
ret = idc.MakeNameEx(addr, name, SN_NOWARN)
if ret == 0:
new_name = name + '_' + str(addr)
ret = idc.MakeNameEx(addr, str(new_name), SN_NOWARN)
def MakeFunction(start):
if GetFunctionAttr(start, FUNCATTR_START) == 0xFFFFFFFF:
idc.MakeFunction(start)
else:
pass # idc.SetFunctionEnd(start)
- Edit
IDAPythonFindKey.py
to use your path and run in IDA Pro. - Get the ASSET key from the extracted data using
bsonKeyExtract.csx
and fill in its base64 representation inchartDecrypt.csx
. - Run
chartDecrypt.csx
after filling in the correct path.
Nope, it is not a valid Global-metadata.dat according to IL2CPPInspector