Now previously we already talked about how to mod il2cpp unity games with DNSPY and HEX Editor, but that has some limitation because you can only MOD a whole method and not the specific instructions in it since we cannot read the whole code inside the method. That is where IDA Pro can be helpful, since you can analyze the whole method and mod very specific instructions to achieve your desired goal.
Many also prefer modding using IDA Pro, since you can have more control over what you want to MOD and how you want it to be modded. However, at the end it comes down to personal preference.
Requirements for this Tutorial:
1) IDA Pro
2) DNSPY – Get it from here
3) HEX Editor (I use 010 editor)
4) Android device or Windows PC with Emulator for testing
5) Basic Knowledge about modding games like how to DUMP il2cpp games, how to edit values in HEX Editor, and how to use DNSPY. Tutorials are available on the site.
6) My Fantasy APK File – Download it from here
Let’s begin
Today, I will show you how to MOD the diamonds in a game called My Fantasy: Choose Romance. Now this game has a method inside CurrencyManager class called SpendDiamonds which is a boolean, normally we would return a TRUE there and that would make our Diamonds not decrease when we spend them. However, what if we want them to increase instead of decrease when we spend them.
That is possible with IDA Pro and I will show you how you can do that.
1) Once you have downloaded the game, extract the files needed for dumping and DUMP the game
2) Now load the Dummy DLL files in DNSPY Spy
3) Load the libil2cpp.so file in IDA PRO
4) Now since we already know what we want to MOD, I will search for the method directly which is SpendDiamonds
6) Once your libil2cpp.so file is completely loaded in IDA Pro, copy the offset from DNSPY of the method then go to IDA Pro and navigate to Jump > Jump to Function or press CTRL + P.
You will get a screen like this, Now Right click and select Quick Filter and Paste the Offset of the method but remove the 0x from the start.
Click on the result, and it will take you to the function that holds the method’s instructions.
7) Now we need to look for a SUBS or SUB instruction, since we are modding a method called SpendDiamonds, then there should be a SUBS or SUB instruction, any method that removes something should have a SUBS or SUB instruction.
From the screenshot above, we can see a SUB Instruction below PUSH {R4-R11,LR} but that was useless since it didn’t fulfil our purpose, one function can have many SUBS or SUB, you just have to find the right one.
8) Let’s scroll down and see if we can find another one.
I found this one, and it is the only other SUB in the whole function, so this might probably be the one we are looking for. Now let’s understand what does this instruction SUB R6, R0, R4 do.
The operation can be interpreted as follows: it takes the value in register R0, subtracts the value in register R4 from it, and then stores the result in register R6. For example, if R0 contains 10 and R4 contains 5, executing SUB R6, R0, R4 would result in R6 holding the value 5 (10 – 5 = 5).
- R0 = is the current amount of Diamonds you have in the game
- R4 = is the cost of the premium choice or Outfit in the game
- R6 = is the new amount of the Diamonds you have after you made the premium choice and diamonds were deducted
Now, if we make the instruction to do the opposite of this, then it would add the value instead of subtracting.
9) To do that, Copy the instruction SUB R6, R0, R4 and go to https://armconverter.com
Which holds the ARM value of 046040E0, if you copy the address of this instruction and paste it in HEX Editor it should take you to it, and you will see it has the same value
What it shows in 010 Editor
As you can see, they are the same.
So now we need to change the SUB R6, R0, R4 to ADD R6, R0, R4
The ARM value changed from 046040E0 to 046080E0
10) Now we need to replace the value with 046080E0 so that the amount is added instead of subtracting.
Copy the new HEX Value and then paste it by pressing CTRL + SHIFT + V
11) Save the HEX File by pressing CTRL + S and Replace the file back in the APK and sign it.
12) Now test the game and every time you spend diamonds, you will earn that amount. So if a choice cost 10 diamonds, then you will earn 10 diamonds upon making a premium choice.
Your TEST, there is another method called SpendTickets in the game, so now you have to MOD that. Do that and let me know in the comments how it went, if you are stuck anywhere then just comment below and I will help you out.
