Sedikit Info Seputar
[Tutorial] How to decrypt an encrypted .dll file with GDB gcore (Unity 3D games)
Terbaru 2017
- Hay gaes kali ini team Best Games Download For Android , kali ini akan membahas artikel dengan judul [Tutorial] How to decrypt an encrypted .dll file with GDB gcore (Unity 3D games), kami selaku Team Best Games Download For Android telah mempersiapkan artikel ini untuk sobat sobat yang menyukai Best Games Download For Android . semoga isi postingan tentang
Artikel android,
Artikel debugging,
Artikel Decrypt,
Artikel Encrypted games,
Artikel GDB,
Artikel Tutorials,
Artikel Unity3D, yang saya posting kali ini dapat dipahami dengan mudah serta memberi manfa'at bagi kalian semua, walaupun tidak sempurna setidaknya artikel kami memberi sedikit informasi kepada kalian semua. ok langsung simak aja sob
Judul:
Berbagi Info Seputar
[Tutorial] How to decrypt an encrypted .dll file with GDB gcore (Unity 3D games)
Terbaru
link: [Tutorial] How to decrypt an encrypted .dll file with GDB gcore (Unity 3D games)
Berbagi [Tutorial] How to decrypt an encrypted .dll file with GDB gcore (Unity 3D games) Terbaru dan Terlengkap 2017
Hello dear community,
I will show you how to decrypt and encrypted .dll file (when trying to MOD Unity based Android games) using Gcore dump and WinHex.
Before we start, how to check if a .dll file is encrypted?
Easy. When you open a .dll file into Reflector and you get:
"Assembly-CSharp (this could change, depending on the name of the file), File is not a portable executable. DOS header does not contain 'MZ' signature."
it means you have got an encrypted DLL!
See image:
It means the DLL file does not have a valid MZ/PE header so you can't open/modify it. DLL files require MZ/PE headers in order to view its content and, to prevent hacking, some game developers protect their game erasing these MZ/PE headers from some dll files.
Now let's start with the requirements!
Now let's start with the requirements!
First of all, you need:
1. To have some Android Hacking experiences (otherwise you will not understand a single word of this Topic)
2. A rooted Android device
3. .NET Reflector or JustDecompile installed on your computer (if you've got hacking experience, you should already have this tool)
4. A computer running at least Windows XP
5. A Rooted Android device (Works with BlueStacks) running Android 4.2.2 and newer versions. Previous version might not work.
Works with Bluestacks. Custom roms with Android 4.2.2+ based are supported
6. At least 1 GB of RAM on your Device. A minimum of 300-400 MB free RAM space is required
7. Latest verison of SuperSU or other Superuser apps
Update your BusyBox and Superuser.
If you are using outdated version of BusyBox, SuperSU or other Superuser apps, you will need to update because older versions may cause problems. If you are using built-in cyanogenmod SuperUser, beware it's very unstable. Uninstall this and this abandoned superuser if you have one and install the popular Superuser apps, SuperSU, Kingroot, Kingoroot, iRoot, etc...
1. To have some Android Hacking experiences (otherwise you will not understand a single word of this Topic)
2. A rooted Android device
3. .NET Reflector or JustDecompile installed on your computer (if you've got hacking experience, you should already have this tool)
4. A computer running at least Windows XP
5. A Rooted Android device (Works with BlueStacks) running Android 4.2.2 and newer versions. Previous version might not work.
Works with Bluestacks. Custom roms with Android 4.2.2+ based are supported
6. At least 1 GB of RAM on your Device. A minimum of 300-400 MB free RAM space is required
7. Latest verison of SuperSU or other Superuser apps
8. BusyBox for Android. Get it from HERE
9. Terminal app for Android. You can download it from HERE
10. gcore installed on your device. Download it from: HERE
11. Any file explorer app installed on your Android device. I'd recommended X-plore
12. Cracked version of WinHex (free version will not work for this purpose). Download it from HERE
9. Terminal app for Android. You can download it from HERE
10. gcore installed on your device. Download it from: HERE
11. Any file explorer app installed on your Android device. I'd recommended X-plore
12. Cracked version of WinHex (free version will not work for this purpose). Download it from HERE
If you are using outdated version of BusyBox, SuperSU or other Superuser apps, you will need to update because older versions may cause problems. If you are using built-in cyanogenmod SuperUser, beware it's very unstable. Uninstall this and this abandoned superuser if you have one and install the popular Superuser apps, SuperSU, Kingroot, Kingoroot, iRoot, etc...
Most Superuser have an update check option in the settings, some of them don't. Simply open a setting and request an update, or manually update the app from the website.
![[IMG]](https://i.imgur.com/55NjVLk.jpg)
Install BusyBox from the given link.
Open the app and grant Root permissions. Smart Install will slowly load and, when completely loaded, tap "Install". The BusyBox binaries will be now permanently installed on your device. You can close the app or even uninstall it. BusyBox is just the installer. See screen below if you need help.
![[IMG]](https://i.imgur.com/PtsKJ2l.png)
![[IMG]](https://i.imgur.com/VWiprRv.png)
Install gcore on your device
1) Download gcore to your device (using the link given at the top of this Topic)
2) Open your Root Explorer app
3) Copy the 2 files "gdb" and "gdbserver" included into the zip file
4) Paste them to /system/bin/ (in your INTERNAL ROOT memory -> system -> bin) Folder (of course you will need to grant root permissions to see that folder).
5) If asked, overwrite files.
2) Open your Root Explorer app
3) Copy the 2 files "gdb" and "gdbserver" included into the zip file
4) Paste them to /system/bin/ (in your INTERNAL ROOT memory -> system -> bin) Folder (of course you will need to grant root permissions to see that folder).
5) If asked, overwrite files.
Find the package name of the app you're going to hack!
This will be required to find the app in the Terminal app we're going to use soon.
It's usually called "com.DEVELOPER_CODE.GAME_CODE".
Method #1
You can find it going (with your browser) to the Google Play website http://download-apk-android-cracked.blogspot.co.id/2016/10/download.html###, looking for the game you have installed on your device and then copying what's next to "id=".
See screenshot:
![[IMG]](https://i.imgur.com/oMPbxeI.jpg)
This will be required to find the app in the Terminal app we're going to use soon.
It's usually called "com.DEVELOPER_CODE.GAME_CODE".
Method #1
You can find it going (with your browser) to the Google Play website http://download-apk-android-cracked.blogspot.co.id/2016/10/download.html###, looking for the game you have installed on your device and then copying what's next to "id=".
See screenshot:
![[IMG]](https://i.imgur.com/VEKB0Zp.png)
Method #3
For Cyanogenmod ROMs, you can go to "Settings" -> "Apps" and then you'll find the package name of any app you have installed on your device.
For Cyanogenmod ROMs, you can go to "Settings" -> "Apps" and then you'll find the package name of any app you have installed on your device.
![[IMG]](https://i.imgur.com/dH2dx7q.png)
Dump the game from the RAM memory using Terminal app
First, reboot your phone
Install Terminal app (with the link above). Then launch and minimize the game with the decrypted .dll (otherwise you could not see it in the following step.)
Launch the Terminal and type:
First, reboot your phone
Install Terminal app (with the link above). Then launch and minimize the game with the decrypted .dll (otherwise you could not see it in the following step.)
Launch the Terminal and type:
su
Now hit Enter and grant Root Permissions for the Terminal app.
![[IMG]](https://i.imgur.com/YwQuPVl.png)
Your username will now start with "root@". This confirms you have now Root Permissions on the Terminal.
root@yourname:/ #
![[IMG]](https://i.imgur.com/fIzHnqp.png)
Now, type:
dumpsys meminfo | grep com.*
to show all the processes
or
or
dumpsys meminfo | grep com.*
This command will search for all the running processes starting with "com." (the * is a jolly symbol which means any letter/number/symbol)
or
or
dumpsys meminfo | grep th.*
Hit enter and you'll see a list of the running process of your device.
You will find the package name of the game with the encrypted dll too!
Using the game Crusaders Quest's as an example, you should see something like this:
You will find the package name of the game with the encrypted dll too!
Using the game Crusaders Quest's as an example, you should see something like this:
118740 kB: com.nhnent.SKQUEST (pid 383 / activities)
![[IMG]](https://i.imgur.com/2f4kK8y.png)
If you have some problems searching for PID or if an app close after a few seconds and you dont have enough time to type in the code
You can use an APP called ProcessView , you can find it on Google Play Store
GooglePlay LINK: http://download-apk-android-cracked.blogspot.co.id/2016/10/download.html###store/apps/details?id=jp.vviki.android.SysLoadLogger
Take note of the number next to "pid" (PID stands for "Process ID" and changes everytime a process starts). In my example, I'll take note of the number "383".
Now, using the PID you just noted, type:
You can use an APP called ProcessView , you can find it on Google Play Store
GooglePlay LINK: http://download-apk-android-cracked.blogspot.co.id/2016/10/download.html###store/apps/details?id=jp.vviki.android.SysLoadLogger
Take note of the number next to "pid" (PID stands for "Process ID" and changes everytime a process starts). In my example, I'll take note of the number "383".
Now, using the PID you just noted, type:
gdb -pid xxxxxx
(replacing "xxxxxx" with the PID number)
In my example, I'll use my Crusader Quest's PID (383).
In my example, I'll use my Crusader Quest's PID (383).
Now hit Enter.
You'll wait few seconds and the Terminal will show
You'll wait few seconds and the Terminal will show
(gdb)
in the Terminal app.
HAVE "ptrace: Operation not permitted" ERROR? PLEASE SEE THE TUTORIAL ABOUT BYPASSING THE "ptrace: Operation not permitted" ERROR
We're almost done with Terminal. Now we do need to save the dumped file from the RAM storage we will use to get the decrypted dll into our /sdcard/ path. So, choose how to call this file (I will call it "nameoffile" as an example).
So, let's type:
If you got "can' execute: permission denied" error, put this in Terminal
chmod 777 /system/bin/gdb && chmod 777 /system/bin/gdbserver
HAVE "ptrace: Operation not permitted" ERROR? PLEASE SEE THE TUTORIAL ABOUT BYPASSING THE "ptrace: Operation not permitted" ERROR
We're almost done with Terminal. Now we do need to save the dumped file from the RAM storage we will use to get the decrypted dll into our /sdcard/ path. So, choose how to call this file (I will call it "nameoffile" as an example).
So, let's type:
gcore /sdcard/anynames
(replacing "nameoffile" with the name you decided to give to this file). See pic:
Hit enter and the Terminal will show empty line.. it's generating a very big dumped file so wait patiently until it completes this process. The file could be up to 1GB of size!!!
At the end of this process, you'll see:
Saved corefile /sdcard/xxxxxxxx
(gdb)
Of course, instead of "nameoffile" you will see the name of the file you chosen before.
Do not worry about any warnings like these you may read in the Terminal app:
![[IMG]](https://i.imgur.com/qu0dUi6.jpg)
Do not worry about any warnings like these you may read in the Terminal app:
after that, you succcessfully decrypted the game. Close the Terminal app.
They do not interfere in ANY way with the decryption of the .dll files.
Are you tired? Well, I've got a good new for you. You just decrypted the dll (well, every dll also if not encrypted will be "decrypted"! You're almost done. You just need few more steps and you'll be able to HACK your game! You can (finally) close the Terminal App!
They do not interfere in ANY way with the decryption of the .dll files.
Are you tired? Well, I've got a good new for you. You just decrypted the dll (well, every dll also if not encrypted will be "decrypted"! You're almost done. You just need few more steps and you'll be able to HACK your game! You can (finally) close the Terminal App!
Moving the file to your PC!
If you browse with your mobile to the path "/sdcard/", you will see the new big file but, since Windows can't see dump files, to move it to your PC you have two chances.
1) Enable USB Debugging (better in my opinion)
This way you'll see dump files from your PC. Go to Settings -> About Phone and tap on "Build Number" 7 times. You will unlock the "hidden" developer menu.
If you browse with your mobile to the path "/sdcard/", you will see the new big file but, since Windows can't see dump files, to move it to your PC you have two chances.
1) Enable USB Debugging (better in my opinion)
This way you'll see dump files from your PC. Go to Settings -> About Phone and tap on "Build Number" 7 times. You will unlock the "hidden" developer menu.
![[IMG]](https://i.imgur.com/21XDniJ.jpg)
Now go will see "Developer Options" inside "Settings" of your device. Tap on it and check "USB Debugging".
![[IMG]](https://i.imgur.com/KyVpF3A.jpg)
OR
2) Moving this file to a folder
Create a folder on your /sdcard/ path and move this dumped file to the newly created folder. This way Windows should be able to see it.
So, if you chosen 1) or 2), now connect your device to your PC, go to the /sdcard/ directory and move the file (if you followed 1st option) or the folder (if you followed 2nd option)
Now copy the file to your computer
Open the cracked WinHex (extract the downloaded .zip file and double-click on the "WinHex.exe" file. See pic:
![[IMG]](https://i.imgur.com/vwiY6Sl.jpg)
Now take a look at the top of WinHex window and click "File" -> "Open" (see pic).
You will see the a dialog box similar to the following:
So, go to the folder where you copied the big file and click "Open".
Now, go to "Tools -> "Disk Tools" -> "File Recovery by Type..." (top of WinHex), like the following screenshot:
Now, go to "Tools -> "Disk Tools" -> "File Recovery by Type..." (top of WinHex), like the following screenshot:
and a smaller window will pop-up. It should be very similar to the following one:
Click the "+" next to "Programs" (1) and check "Windows exec." (2). Now, select the folder where you want the new file to be generated under "Output Folder" (3).
Ensure "Complere byte-level search" is checked (4) and then click "OK" (5).
The file recover will now begin and, when it finished you'll get a message like this:
Ensure "Complere byte-level search" is checked (4) and then click "OK" (5).
The file recover will now begin and, when it finished you'll get a message like this:
Now, reach the location where you saved this file and delete all files with the ".com" extension. They're not needed and may only cause confusion.
You can finally close WinHex.
You can finally close WinHex.
Find the right dll
Now you do have a list of .dll files but... which one is encrypted? They have got weird names...
This step is important. You need to check which DLL is encrypted. Also, not just Assembly-Csharp.dll file can be encrypted. Other files can be encrypted too.
So, take out "Managed" folder from the APK file you want to MOD (it's located at /assets/bin/data/Managed/), select all the .dll files inside that folder and drag and drop them into the Reflector window like you usually do when you try to hack a Unity3D game. To see which DLL files are encrypted, click "No" when it ask you to reopen DLL files.
Now you do have a list of .dll files but... which one is encrypted? They have got weird names...
This step is important. You need to check which DLL is encrypted. Also, not just Assembly-Csharp.dll file can be encrypted. Other files can be encrypted too.
So, take out "Managed" folder from the APK file you want to MOD (it's located at /assets/bin/data/Managed/), select all the .dll files inside that folder and drag and drop them into the Reflector window like you usually do when you try to hack a Unity3D game. To see which DLL files are encrypted, click "No" when it ask you to reopen DLL files.
For example, Crusaders Quest has got 4 encrypted .dlls:
Code (Text):
Assembly-CSharp.dll
Assembly-CSharp-firstpass.dll
Assembly-UnityScript.dll
Assembly-UnityScript-firstpass.dll
Assembly-CSharp-firstpass.dll
Assembly-UnityScript.dll
Assembly-UnityScript-firstpass.dll
Now, clear all opened DLL files from Reflector, go to the location where you recovered the files (with WinHex) and drag and drop all the .dll files. Click "No" if it does ask you to reopen DLL files in Reflector and ignore any dll error.
So, select a .dll file to show the name of the file and its location
So, select a .dll file to show the name of the file and its location
So, rename all the .dll files that was encrypted and place them inside the extracted "Managed" folder. This way you'll replace original encrypted files with new decrypted ones.
Let's start modding!
Go to the "Managed" folder and move the newly decrypted .dll files inside Reflector or JustDecompile and enjoy modding the way you know!
if you do need help, please reply below!
Go to the "Managed" folder and move the newly decrypted .dll files inside Reflector or JustDecompile and enjoy modding the way you know!
if you do need help, please reply below!
Credits
Itulah sedikit Artikel [Tutorial] How to decrypt an encrypted .dll file with GDB gcore (Unity 3D games) terbaru dari kami
Semoga artikel [Tutorial] How to decrypt an encrypted .dll file with GDB gcore (Unity 3D games) yang saya posting kali ini, bisa memberi informasi untuk anda semua yang menyukai Best Games Download For Android . jangan lupa baca juga artikel-artikel lain dari kami.
Terima kasih Anda baru saja membaca [Tutorial] How to decrypt an encrypted .dll file with GDB gcore (Unity 3D games)
