Descrypt global metadata Second Method - IroniaTheMaster/Descrypt-global-metadata.dat GitHub Wiki

Well, you couldn't find the global-metadata.dat in the first method?

So I will give you a brief introduction of the necessary program this time.

IDA Pro

This method I will use this article on this page: velog.io

โš  also in this method we will use FRIDA โš  (my device have root)

If libil2cpp.so is encrypted, you will have to find it yourself in memory and dump it. I will post this soon

First step: open IDA Pro and then libil2cpp.so (you can open the file in IDA Pro with default settings)

(wait for the file to load for a few minutes)

  • After waiting a few minutes, between 10 minutes and 15 mins (depends on your computer), you press SHIFT + F12 and press CTRL + F, search "global-metadata.dat"

image

  • Click on the result obtained

image

Will open a pop up, and then click on that obtained result.

image

It will decompile and then you will get this

โš If a message appears saying that it was not possible, probably your IDA Pro does not have the decompile function in the version you are using, or you downloaded a version that does not have this decompilation toolโš 

image

you will only need this sub_value

Frida Code

This part is pretty cool. you will use the script that is here link. Just install, or create a .js file and paste the code there.

I will open Visual Code to run the script, but you can do it by cmd

image

In 0xValue paste that value we found, the sub_. In my case it is sub_852C34

image

Run the script with "frida -Uf com.game -l .\script.js"

image

After executing the script, it will give the offset where the global-metadata.dat is allocated

You can dump this file via Game Guardian

image

You can use this command to see the hex of the file

**console.log(hexdump(ptr(0x)))**

  • See that the first bytes are **af 1b b1 fa 18**

Game Guardian

Follow the steps

image

image

In the input box enter the console value without the "0x"

image

Just save.

In case any error occurs when making the dump, whatever it may be, just take the values โ€‹โ€‹of the byte that was shown in the command above, search in a hexadecimal editor, and then delete everything upwards, just like the first tutorial.

Obs: When I made this tutorial, the game I made it in was the same as the previous one, but it updated and ended up removing protection from global-metadata.dat, so it kind of was in vain ๐Ÿ˜ญ๐Ÿ˜‚