Jump to content

6 posts in this topic

Recommended Posts

Updated (edited)

 

Intro   

The binaries given is home made, dont expect any good thing in it. Might not work on some games.

Prerequisities

  • Basic-Intermediate knowledge about android modding,
  • Apktool,
  • Injection lib.
  • libs.tar.gz
 

Steps

1. Decompile apk. (self explaination)
2a. (Optional, but recommended) add
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
before </manifest> at AndroidManifest.xml
2b. Find mainactivity,
---
Open AndroidManifest.xml, look for <action android:name="android.intent.action.MAIN"/>
 
<activity android:configChanges="locale|fontScale|keyboard|keyboardHidden|mcc|mnc|navigation|orientation|screenLayout|screenSize|smallestScreenSize|touchscreen|uiMode" android:label="@string/app_name" android:launchMode="singleTop" android:name="net.circleous.domtweaks.StartActivity" android:screenOrientation="landscape">
   <intent-filter>
    <action android:name="android.intent.action.MAIN"/>
    <category android:name="android.intent.category.LAUNCHER"/>
  </intent-filter>
</activity>
if you read that carefully and see on top of it(<action android:name="android.intent.action.MAIN"/>) ->
android.name="net.circleous.domtweaks.StartActivity"
You have to open StartActivity.smali file at smali/net/circleous/domtweaks/
---
3. Now add at onCreate or .method constructor <init>
  
  const-string v0, "monoDump"
     invoke-static {v0}, Ljava/lang/System;->loadLibrary(Ljava/lang/String;)V
4. Extract libs.tar.gz and put armeabi, armeabi-v7a, and x86 folder to lib/ folder.
File tree,
libs
├── armeabi
│   ├── ....
│   ├── libTKHooklib.so
│   └── libmonoDump.so
├── armeabi-v7a
│   ├── ....
│   ├── libTKHooklib.so
│   └── libmonoDump.so
└── x86
    ├── ....
    └── libmonoDump.so
5. Re-build and sign apk.
6. Install and run the game.
7. Dumps is located at /sdcard/<packagename>-<dll>​

 

FAQ:


Q: [Xprivacy] Why this tool needs a access to "/proc"?
A: I'm using /proc/self/cmdline for universal use. Search on google what is /proc/self/cmdline

Q: Why injecting a permission?
A: By default it writes dll to EXTERNAL_STORAGE. Android didnt like unprivileged apps writing filss into it.
 
Known Issues With This Method
 
 
  1. Cant dump decrypted DLL if decryption called inside mono_image_open_from_data_with_name

 

Credit:

Github

Wobm

   

Updated by Infamous-Ash

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
  • Create New...

Important Information

We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines