How to dump Il2Cpp games

Requirements :
– IDA Pro
– Notepad++
– Any Hex Editor (I’m using HxD)
– Online ARM converter
– Basic C# and ARM knowledge.
– Know how to use IDA Pro
– Il2Cpp dumper (Prefare’s or Katy’s)

Extract required files from APK :
Open the APK and extract the following files to dump :
\lib\armeabi-v7a\libil2cpp.so
\assets\bin\data\Managed\global-metadata.dat

Using Prefare’s Il2CppDumper :
Download released version : https://github.com/Perfare/Il2CppDumper/releases/tag/0.3

Launch Il2CppDumper.exe, the program want you to select the ELF file or Mach-O file . Select
libil2cpp.so file. The dialog box should appear again. Select global-metadata.dat file.

The program asks you to select mode. Manual (1) or auto (2)

Auto mode :
Automatically find the required offsets to dump il2cpp.
Press 2 and the file dump.cs will be created

Manual mode :
The manual mode is the complicated steps to dump il2cpp. Auto mode does tell you the offsets, but I
would like to show you how to find offsets to manually dump il2cpp.

Disassemble libil2cpp.so in IDA Pro. Click on Search -> Sequence of bytes…

Search this hex :
1C 00 9F E5 20 10 9F E5 00 20 8F E0
Click OK

IDA should jump to this function

But there’s no unk offsets, right ? now try this trick :
Right click on loc_xxxxxxx and select Create Function, you will get the unk offsets

In the console app, press 1, i twill ask you to input the CodeRegistration(R0). Input the unk offser of
R0, R12, R2. Example : 15C70C4. Hit enter. Input MetadataRegistration(R1), and Hit enter.

The dump.cs file will be created.

Using Katy’s Il2CppInspector :
Download released version : https://github.com/djkaty/Il2CppInspector/release

Extract the ZIP file. Now move libil2cpp.so and global-metadata.dat to the extracted folder.
Double click on il2cppdumper.exe and the file type.cs will be created.