[TUTORIAL] decrypt Assembly-Csharp.dll file for encrypted Unyt3dgames (저장용)

[TUTORIAL] decrypt Assembly-Csharp.dll file for encrypted Unyt3dgames

---

RaGEZONE Recommends

---

• Link for original post

CTRL+C CTRL+V

Hi fans or modders


Today, i'm going to show you how to decrypt native Assembly-Csharp.dll file using gcore dump and winhex. since there is no tutorials, i decided to make my own tutorial so other peoples don't have to spend their time to teach peoples how to decrypt a native DLL file.


Why i can't open the DLL file on Reflector or JustCompile:
When you open a DLL file, you will see this error



The DLL file does not have MZ/PE headers so windows can't open it. DLL files need MZ/PE headers to be able to open the file. The game company used SecNeo to protect their game and erased MZ/PE headers from DLL file


What is MZ/PE headers?
See DOS MZ executeable on wiki
See Portable Executeable on wiki

First, you need:
1. To be an android modder/hacker and CIL and C# knowledge.


2. NET Reflector or JustDecompile software


Rooted Android devices


3. A computer running Windows XP/Vista/7/8/8.1/10


4. Device running Android 4.2.2 and never. previous version might not work. Works with Cyanogenmod 10+, SlimKat/lollipop, PAC... MIUI rom is untested


5. 800 MB of RAM or more. not recommended with 512 MB RAM


6. 300-400 MB free RAM space.


7. Latest verison of SuperSU or Kingroot


8. Latest version of busybox (Current version is 1.23.2-Stericson)


9. Terminal app


10. Any Unity3D games that is encrypted (Darkness Reborn, Crusaders Quest, Heroes, etc...)


11. gcore installed on your device. click here to download


12. Any root explorer app installed on your Android device. I recommended Root File Manager


13. Cracked WinHex
(You can't get the Assembly-Csharp.dll file if you are using the free version of WinHex)


Update your busybox and superuser.
If you are using outdated busybox or superuser, you will need to update it for stabillity. older versions may cause problems. If you are using build-in cyanogenmod superuser, flash SuperSU. build-in superuser is very unstable. Uninstall this abandoned superuser if you have one



For kinguser. It will show a pop-up message about new version of Kinguser software. Press "update" to update it. You can check update manually by open Kinguser app -> Click on gear icon -> Click on Software version and it will update kinguser.

For SuperSU. If there is any update, It will ask you to update SuperSU binary and it will show it on the notification message. Click on it and it will ask you to update SuperSU binary normally or update it via TWRP/CWM. If you choose "normal", it will update it directly without having to reboot a device. if you choose "TWRP/CWM", the device will reboot into custom recovery, flash it and it will reboot your device again

Install BusyBox from playstore. Open the app and grant root access. wait until smart install is fully loaded and you can tap "install". after that, close the app. you can keep the busybox installer or uninstall the busybox installer if you want. The app is just an installer. The busybox binaries are permanently installed on your device.

Install gcore on your device
You need any root explore installed on your device. I recommended Root File Manager


Download gcore to your device. open any root explorer. copy 2 files "gdb" and "gdbserver" and paste it on /system/bin/ (in ROOT memory -> system -> bin) folder

Remember the package name
You need to remember the package name of the game you are looking for so you can find the pid ID of the game in Terminal app


Method #1
go to https://play.google.com/search the game you are looking for and look at the URL for package name. See the screenshot below





Method #2
Install Package Name Viewer app from playstore and find the game you are looking for





Method #3
For Cyanogenmod users. You can go to settings -> apps -> (any apps) and you will see the package name below the title





Decrypt a game on rooted devices
Important: Reboot your phone and close all other running application and make sure you have enough RAM to perform decryption


Make sure you have Terminal app installed on your device. Open Terminal and type

su

hit enter and grant root access.





You will see

root@yourname:/ #

...in terminal.





type

dumpsys meminfo | grep com.*

hit enter and it will show the list of running process. find the package name that you are looking for and look at pid ID. Example Crusaders Quest's package name and pid ID.

118740 kB: com.nhnent.SKQUEST (pid 383 / activities)

Rembemer the pid ID and type

gdb -pid xxxxxx

and hit enter





example

gdb -pid 383

the symbols will be loaded and it will show

(gdb)

...in terminal.


type

gcore /sdcard/anynames

examples

gcore /sdcard/dump
gcore /sdcard/testingmyskill
gcore /sdcard/gcore
gcore /sdcard/samsunggalaxy
gcore /sdcard/darknessreborn

or whatever you want to name the file. hit enter and the terminal will show empty line like this










and wait.... until it says

Saved corefile /sdcard/xxxxxxxx
(gdb)

NOTE: IGNORE THE MEMORY READ FAILED ERRORS. IT DOES NOTHING AT ALL!


after that. you succcessfully decrypted the game. Close the terminal app.


Copy the file to your computer
On your device you will see dumped file on Sdcard/





but a problem is windows can't see the file 





so you need to create a folder "a" on sdcard/, move the big dumped file to "a" folder and the windows can see it.








Now copy the file to your computer



Open Cracked Winhex
Open cracked Winhex on your computer. Click "File" -> "Open"





You will see the this dialog box. Go to the folder where you copied the file and open it





Go to "Tools -> "Disk Tools" -> "File Recovery by Type..."





and you will see this dislog box


Click "+" on programs and check "Windows exec.". Select your output folder and choose the folder you want to output. On drop-down, select "Complere byte-level search" and click OK





After recovering the files. You get this message





Go to the location where you recovered the files and delete all .COM files. You don't need it


Close Winhex


What DLL files are encrypted?
This is important. If you don't check what DLL files are encrypted. You might now be able to save DLL file with Reflexil because of missing / encrypted DLL files. You have to find out which DLL files are encrypted. Not just Assembly-Csharp.dll file. Other files can be encrypted too.


Take out "Managed" folder from the APK file (located at assets/bin/data/Managed) select all DLL files and drag and drop onto Reflector or JustDecompile to see which DLL files are encrypted. Click "No" when it ask you to reopen DLL files.





Crusaders Quest have 4 encrypted DLL files
Assembly-CSharp.dll
Assembly-CSharp-firstpass.dll
Assembly-UnityScript.dll
Assembly-UnityScript-firstpass.dll


Heroes only have 1 encrypted file
Assembly-CSharp.dll


Remember the DLL files you need for modding
Clear all opened DLL files from Reflector or JustDecompile. Go to the location where you recovered the files and drag and drop all DLL files. Click "No" when it ask you to reopen DLL files. ignore the DLL errors


Select the DLL file to show the name of the file and the location





Crusaders Quest:
Assembly-CSharp.dll = 000034.dll
Assembly-CSharp-firstpass.dll = 000030.dll
Assembly-UnityScript.dll = 000028.dll
Assembly-UnityScript-firstpass.dll = 000013.dll


Heroes:
Assembly-CSharp.dll = 000021.dll


Rename all DLL files that was encrypted and place it on extracted "Managed" folder





Let's start modding
Go to "Managed" folder and open Assembly-CSharp.dll file with Reflector or JustDecompile. Enjoy modding!


Questions?
If you have any question to this. Post a comment below and i will try to help you.


Does this tutorial confusing you? or does it make non-sense? i will fix the tutorial for you


Credits
iAndroHackerDK (For the tutorial)

SK H Nam A.K.A SKNAM (helped me with winhex)