Descrypt global metadata Second Method
So I will give you a brief introduction of the necessary program this time.
This method I will use this article on this page: velog.io
⚠ also in this method we will use FRIDA ⚠ (my device have root)
If libil2cpp.so is encrypted, you will have to find it yourself in memory and dump it. I will post this soon
First step: open IDA Pro and then libil2cpp.so (you can open the file in IDA Pro with default settings)
(wait for the file to load for a few minutes)
- After waiting a few minutes, between 10 minutes and 15 mins (depends on your computer), you press SHIFT + F12 and press CTRL + F, search "global-metadata.dat"
- Click on the result obtained
Will open a pop up, and then click on that obtained result.
It will decompile and then you will get this
⚠If a message appears saying that it was not possible, probably your IDA Pro does not have the decompile function in the version you are using, or you downloaded a version that does not have this decompilation tool⚠
you will only need this sub_value
This part is pretty cool. you will use the script that is here link. Just install, or create a .js file and paste the code there.
I will open Visual Code to run the script, but you can do it by cmd
Run the script with "frida -Uf com.game -l .\script.js"
You can dump this file via Game Guardian
**console.log(hexdump(ptr(0x)))**
- See that the first bytes are
**af 1b b1 fa 18**
Follow the steps
Just save.
In case any error occurs when making the dump, whatever it may be, just take the values of the byte that was shown in the command above, search in a hexadecimal editor, and then delete everything upwards, just like the first tutorial.
Obs: When I made this tutorial, the game I made it in was the same as the previous one, but it updated and ended up removing protection from global-metadata.dat, so it kind of was in vain 😭😂