Prior to the introduction of the way to encrypt the DLL by recompiling Mono, to avoid the unity game is anti-compilation modification cracked, but this way can only prevent some small white players, a little bit of technical players in minutes to crack, the following also describes how the next unity game is cracked.
First of all, for no re-editing of mono encryption, directly find the DLL, the anti-compilation modification code is done, please refer to the article I wrote earlier Unity3d anti-compilation crack game Simple example (using ILDASM to decompile DLL modifications and then recompile the DLL)
Then for the re-editing of mono encryption, you can use Ida to crack, as follows:
Transfer from Http://blog.csdn.net/huutu http://www.thisisgame.com.cn
1, first to download Ida.
Here I take the game of win system as an example.
Encrypted DLLs are not deserialized in. NET Reflector
The following begins with Ida hack
Open Ida, load the game
Select EXE file to load
Then click OK to start loading the game
Transfer from Http://blog.csdn.net/huutu http://www.thisisgame.com.cn
After a few minutes, Ida is finished with the game decompile and will automatically break the breakpoint to the Main function.
Go down with F9, will pop up Exception, no tube, point OK.
At this point in the Modules there is a Mono.dll, our goal is to get the decrypted DLL data in Mono.dll.
Double-click Mono.dll to list Functions in Mono.dll, ctrl+f search for image
Find the cryptographic functions mentioned in the previous article Mono_image_open_from_data_with_name
Transfer from Http://blog.csdn.net/huutu http://www.thisisgame.com.cn
Select the function and press F5 to decompile the function
On the left is the decompile code.
Using the anti-compiled code to compare with mono source code, find the final code to pass the decrypted data, find the DLL data and DLL data length variable V10 V11.
On the left double-click V10 to enter V10 definition, get var_8
Similarly, get v11 = = Arg_4 turn from Http://blog.csdn.net/huutu http://www.thisisgame.com.cn
Go back to Function list, right-mono_image_open_from_data_with_name function, add breakpoint
When a breakpoint is added, the coordinates are marked with red
OK, always F9 down, there will be a variety of Exception in the middle, all yes, go down, until you go to the breakpoint at the set.
After the breakpoint, scroll down on the left to find Arg_4 and var_8 successive code passages.
F2 the breakpoint, and then F9 runs to the breakpoint. transfer from Http://blog.csdn.net/huutu http://www.thisisgame.com.cn
The DLL data length value is stored in the Register ECX!!!
And then go on down.
The DLL data address is stored in the EAX!!!!!
SHIFT+F2 bring up the Script editor, enter the script
Click Run to execute the script, dump out the DLL's data
This will export the decrypted DLL, and the rest is to decompile the DLL as IL code, modify the IL code, recompile il to DLL, re-packaging the apk and so on.
Mono encrypted DLL also useless, with Ida dump memory directly extracted decrypted DLL, anti-compilation hack unity game