explaingit

perfare/il2cppdumper

8,935C#Audience · developerComplexity · 3/5Setup · moderate

TLDR

A reverse engineering tool that recovers class names, method names, and type info from compiled Unity il2cpp game binaries, producing stub DLLs and scripts for IDA Pro, Ghidra, and Binary Ninja.

Mindmap

mindmap
  root((Il2CppDumper))
    What it does
      Unity game analysis
      Recover method names
      Reverse engineering
    Outputs
      Stub DLLs
      IDA Pro scripts
      Ghidra scripts
    Supported Platforms
      Android and iOS
      PC
      Nintendo Switch
    Use Cases
      Game modding
      Security research
      Compatibility work
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Recover method and class names from a Unity il2cpp Android or iOS game binary to analyze its code structure.

USE CASE 2

Generate IDA Pro or Ghidra scripts from a Unity game binary to map function names back to the disassembly.

USE CASE 3

Create stub DLLs from a Unity il2cpp game to browse its type definitions in a .NET decompiler like ILSpy.

Tech stack

C#.NETIDA ProGhidraBinary Ninja

Getting it running

Difficulty · moderate Time to first run · 30min

Requires extracting two specific files from a Unity il2cpp game build, games with extra binary protections need the separate Zygisk companion tool on a rooted Android device.

In plain English

Il2CppDumper is a reverse engineering tool for Unity games. Unity is a game engine used to build games for mobile, PC, and consoles. When Unity compiles a game using a mode called il2cpp, it converts the game code into native machine instructions to make the game run faster. The downside is that it becomes much harder to read or analyze the original code structure. Il2CppDumper reads the compiled game files and recovers the class names, method names, field names, and type information that were lost during that conversion. The tool takes two input files from a Unity il2cpp game: the compiled binary (the executable or library file) and a file called global-metadata.dat which stores the game's type information. From these it produces a folder of stub DLL files that contain no actual runnable code but do contain all the class and method definitions in a form that standard .NET decompiler tools can browse. It also produces scripts for professional reverse engineering tools like IDA Pro, Ghidra, and Binary Ninja, which help analysts map the recovered function names back onto the compiled code. The tool supports a wide range of binary formats across different platforms, including Android, iOS, PC, and Nintendo Switch, and covers Unity versions from 5.3 through 2022.2. A separate companion project called Zygisk-Il2CppDumper handles cases where a game applies extra protections to its binary by extracting it live from device memory on a rooted Android phone. Il2CppDumper is primarily used by game modders, security researchers, and developers doing compatibility work. Using it to cheat in online games or violate a game's terms of service is a separate matter from the tool itself.

Copy-paste prompts

Prompt 1
I have a Unity il2cpp Android APK. Walk me through how to extract the global-metadata.dat and libil2cpp.so files and run Il2CppDumper on them.
Prompt 2
How do I load the IDA Pro script generated by Il2CppDumper to apply recovered method names to a disassembled Unity game binary?
Prompt 3
What output files does Il2CppDumper produce, and how do I open them in Ghidra to browse recovered class and method names?
Prompt 4
The Unity game I'm analyzing has extra protections on the binary. How does Zygisk-Il2CppDumper help, and when should I use it instead of the regular tool?
Open on GitHub → Explain another repo

← perfare on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.