A runtime il2cpp dumper for Unity games running on the PlayStation4!
Working on any il2cpp version, also the games that give you errors with the classic dumpers.
Ported from: Zygisk-Il2CppDumper
The compiled intermediate language instructions have a bunch of metadata that is required for the games to function.
This data can be dumped and used to generate the equivalent of having debug symbols for the game.
I plan on expanding this project in the future so you can generate the scripts for ida and ghidra on the console itself.
- make_fself_rust
- Official PlayStation4 SDK
- Visual Studio 2019 or newer
Add an environment variable pointing to a folder containing the built make_fself_rust and name it PS4_DEP.
G:
└── PS4
└── dep
└─── self
└── make_fself.exeBuild the solution with visual studio.
I left a post build event for automatic file transfers via FTP. Simply change the PC name or remove the checks if you want to use it for yourself.
Once you have the prx built and fake signed to a sprx, you can use any sprx loader to inject into a Unity game.
The current status is printed to klog and a dump file will be generated in /data/il2cpp.
If the provided signatures do not work for the game you are working on, follow the steps below to add your game:
Search for the string il2cpp_init in ida. It should have exactly one xref.
Follow the xref to the function that uses the string and generate a sig for it.
Example:
55 48 89 E5 53 48 83 EC ?? ?? ?? ?? ?? ?? ?? ?? BF 30 00 00 00
int index_offset;This is the offset between two strings being read in the function.
In this example 0x1FA9F0 - 0x1FA9A8 = 0x48.
int string_end_offset;This is the offset from the function start to the end of the first instruction reading a string.
You can simply take the address of the instruction after the one reading the string and subtract the function start address.
In this example 0x1FA9AF - 0x1FA980 = 0x2F.
int string_function_offset;This is the offset between the instruction after reading the string and the corrosponding function being read as a pointer.
In this example 0x807A3B9A - 0x807A3B78 = 0x22.
If there is no instruction in between, specify 0.
Example:
int string_alloc_size_offset;This is the offset between the instruction after reading a string and the next allocator size instruction.
In this example 0x1FA9DF 0x1FA9AF = 0x30.
int allocation_size = 0x30;This seems to be a constant for any game I have looked at so far and should not need to be updated.