Method 1 : AssetStudio extraction (only for ab package and .assets, .boundle and .unity3d unencrypted)
1. When we get a game installation package, we will first wonder how to open it. Download bandzip Bandizip · Free zip, 7z, unzip, unrar Archiver · Fast and easy , this is a very convenient decompression tool. After installation, right-click the apk-compressed file preview to open the apk package. Of course, you can also directly right-click to decompress, anyway (x)
2. The unity file generally puts the ab package (.AssetBundle) in the directory under the assets folder. If not, click on the folder under the directory to see if there is any. Now that we have the ab package, we can start the extraction.
3. Download AssetStudio GitHub - Perfare/AssetStudio: AssetStudio is a tool for exploring, extracting and exporting assets and assetbundles. After decompression, double-click to open AssetStudioGUI.exe, file-Load folder to open assets (or if you are too lazy to find the whole package, throw it in, If you have enough memory), click on the list after the loading is complete, and you can see the decompressed resources. If not, it is encrypted, sad. If you want to extract the model, select the file and export fbx in Export-Export All Assets. Generally speaking, it has bones and weights, and can be directly loaded into blender or other 3D software for editing. Extract other resources just fine. . . Explore by myself, I can't remember how to guide it for a while. not difficult.
Method 2: DisUnity extraction, still can not decrypt
1. [Old usage, I don’t know if it can be used now, it’s just for record. If you really need it, please refer to the usage on github. ] (requires java8 environment) Find UnityEngine.dll under the game package \assets\bin\Data\Managed, cmd in the DisUnity GitHub - ata4/disunity at v0.4.0 folder (enter cmd in the file path bar), where the extract package is located.
(Gone)
Here are some usages, from the github homepage. Don't use 5.0, 5.0 doesn't have extract function.
Usage
disunity <command> <file>
Note: depending on the platform, you may need to run disunity.bat (Windows) or disunity.sh (Linux/MacOS). In case the launch script fails, try java -jar disunity.jar.
Available commands
| Command | Purpose |
|---|---|
| dump | Converts binary object data to human-readable plain text, similar to the binary2text tool shipped with the Unity editor. |
| dump-struct | Like dump, but just for the structure information. |
| extract | Extracts asset objects to regular files (.txt, .wav, .tga, etc.). See SUPPORT.md for a list of supported asset types. |
| extract-raw | Extracts raw serialized object data. Could be useful for manual extraction if extract doesn't support the wanted asset type. |
| extract-txt | Like dump, but writes the output to text files instead of the console. |
| extract-struct | Like extract-txt, but just for the structure information. |
| learn | Learns the structure information from the submitted files and stores any new structs in the database file structdb.dat. The database is required to deserialize standalone asset files, which usually don't contain any structure information. |
| info | Outputs various information about assets and asset bundle files. |
| info-stats | Outputs class usage statistics for asset files. |
| bundle-extract | Extracts all packed files from asset bundles. |
| bundle-inject | Injects files previously extracted with the bundle-extract back into the asset bundle. |
| bundle-list | Lists all files contained in asset bundles. |
| split | Attempts to split an asset file into multiple smaller asset files. |
| list | Lists all asset objects in a tabular form. |
Extract all supported assets from a bundle file:
disunity extract Web.unity3d
Extract all packed files from two bundle files:
disunity bundle-extract episode1.unity3d episode2.unity3d
Extract textures from the asset file sharedassets0.assets:
disunity extract -f texture2d sharedassets0.assets
Dump web player configuration from the file named Web.unity3d:
disunity dump -f playersettings Web.unity3d
Show information about all asset files in the directory "assets":
disunity info assets\*.assetAdvanced version - after encryption / dll extraction method
If the ab package cannot be solved, then switch to dll.
Method 1: If the dll is not encrypted, directly dump the dll file
Find Assembly-CSharp.dll, usually in assets\bin\Data\Managed or bin\Data\Managed, drop .net to view the source code, try to search http, the found URL may be able to download resources.
How to determine whether it is encrypted? If the suffix is changed to data, and when trying to open it with .net, it will display
"Assembly-CSharp (this could change, depending on the name of the file), File is not a portable executable. DOS header does not contain 'MZ' signature."
Method 2: Use decrypt to extract memory on the Android virtual machine. You may try it with an older version, but I failed. The problem is that the decrypt version is too old. Not recommended.
Tutorial How to decrypt an encrypted .dll file with GDB gcore (Root only) - Platinmods.com - Android & iOS MODs, Mobile Games & Apps I don't have much experience.
Method 3: It is generally used after dll encryption becomes dat. Use GameGuardian GameGuardian - Official Downloads - GameGuardian with Android virtual machine to extract dll in memory
1. Continue to use dll, simple Unity 3D game encryption dll file extraction_psych1's blog-CSDN blog_How to extract 3d game files
Then use get_dll_from_dumped_bin.exe https://wwen.lanzout.com/i5Jz00kckfzi
password: futj to convert to dll, return to method 1 and continue.
Decryption and extraction of branch-libil2cpp.so and global-metadata.dat
Unencrypted:
Use Il2CppDumper GitHub - Perfare/Il2CppDumper: Unity il2cpp reverse engineer , first load so and then load dat, then enter the unity version number used by the package, select Auto (Plus) mode, and unpack it. I recommend everyone to watch this teacher's tutorial, it is very detailed and considerate.
Remember a unity game analysis | Mario
(Error reporting is encryption, don’t think about it, just read the next method obediently.)
Encrypted:
The description of Il2CppDumper is written. If there is encryption, Il2CppDumper cannot be used. You need to use another tool of the author, Zygisk-Il2CppDumper GitHub - Perfare/Zygisk-Il2CppDumper: Using Zygisk to dump il2cpp data at runtime with Magisk GitHub - topjohnwu/Magisk: The Magic Mask for Androa
use together. The tutorial is as follows. How to use Zygisk-Il2CppDumper to dump Il2Cpp games (Magisk 24 and up) - Platinmods.com - Android & iOS MODs, Mobile Games & Apps
First of all, you need a rooted phone, but I don’t have one (eye shifting), so a virtual machine is the best choice, but I don’t understand the root of vmos... so I still pray that it’s not encrypted, and I’m currently researching another One method, research success will be updated.
Other methods that I don't understand but seem to work
Decryption of global-metadata.dat of u3d for mobile games - CodeAntenna ( decryption of global-metadata.dat )
[Share] global-metadata.dat, libil2cpp.so decryption repair-Android Security-Kanxue Forum-Security Community|Security Recruitment|bbs.pediy.com (the method being studied, the most promising at present)
Tool recommendation
010 Editor - Binary Template Information (UnityMetadata.bt, I don’t know where it came from, but it should be useful anyway, um.)
SweetScape Software Inc - Download 010 Editor (010 Editor, a better hex/binary editor.)
.NET Reflector 8.0 Download - Reflector.exe (.Net editor, edit source code)
MT Manager (I will die if I leave MT, too strong.)
https://developer.android.com/studio (Android Studio, Android development tools.)
Windows Terminal Installation | Microsoft Learn (Terminal, arguably the most important tool for dumps.)
final words
This article is only for communication and learning. Please don’t extract game resources to do things that violate the law and discipline. Any behavior of the learners has nothing to do with the author. Please don’t arrest me. catch me).
[Copied a few sentences from someone else's readme] Please do not use these things for 18 banned works, extreme religious propaganda, bloody horror novels, personal attacks, etc. Do not use for commercial purposes. All adverse consequences caused by the use of this model by others will not be borne by the model author and the platform, please hold full responsibility to the user.
All referenced articles and tools are addressed, thanks to all developers!