Android Tutorial Decrpyting an encrypted .dll and other files using Termux app (Root only, 5.0+)

ThePianoGuy · October 30, 2018

I have found a new way to decrypt .dll and other files using Termux. In this tutorial, I'll show you how to decrypt an encrypted .dll file

Requirements:
- Rooted device or Emulator. ARM or x86.
- A powerful Android device: 1 GB RAM, 4 cores, 1.5 - 2.x GHz. If you have a low-end device, your device may freeze during dumping.
- Available free space of Internal storage or Sdcard: 2 GB
- Requires Android 5.0 and up. Works on Marshmallow 6.0.1. Termux will not work on 4.4.4 and below.
- Termux app. It is avaliable on Play Store
- Modified Winhex for Windows (free version will not work for this purpose).

Hidden Content

React or reply to this topic to see the hidden content & download link. 👀

Notes:
There is no need PIE patching. gdb 7.12 natively support Android 5.0 and up

If your device is running Kitkat 4.4.4 and below, please read my old tutorial:

Using Android Emulator?
Sorry, gdb gcore doesn't work with x86.

Finding the package name of the app:
Find the package name of the app you're going to hack!
This will be required to find the app in the Terminal app we're going to use soon.
It's usually called "com.DEVELOPER_CODE.GAME_CODE".
You can find it going (with your browser) to the Google Play website, looking for the game you have installed on your device and then copying what's next to "id=".

See screenshot:

Alternatively, you can Install Package Name Viewer 2.0 from play store and you'll find the package name of any app you have installed on your device.

If your device is running Cyanogenmod/Lineage OS, you can go to Settings -> Apps and then you'll find the package name of any app you have installed on your device.

Termux setup and decryption:
Open Termux. It should be very similar to the following one:

Type the following commands:

apt update

Update package infomation
apt-get update downloads the package lists from the repositories and "updates" them to get information on the newest versions of packages and their dependencies.

apt install gdb tsu

Install both gdb and tsu

gdb is a process debugger
tsu is a root mode for Termux.

Press the home button and launch the game. Let the game fully load.

Open multitask, and go back to Termux

Type the following commands:

su

Enter Superuser mode
Grant root access to enter superuser mode for your device when asked.

dumpsys meminfo | grep com*

Show process list

This command will search for all the running processes starting with "com." (the * is a jolly symbol which means any letter/number/symbol). The package name of the game is always at top. Don't forget to write it down

exit

Exit Superuser mode

tsu

Enter root mode for Termux

gdb -pid <pid>

attach a process with gdb

Example:

gdb -pid 12345

Hit return to continue when asked.

Do not worry about any warnings like these you may read in the Terminal app:

gcore <path>

save core file

Example:

gcore /sdcard/thegametodump

Type Y when asked

This will take 3-5 minutes. You device may freeze during dumping. Do not touch your device.

quit

quit gdb
And deattach the process when asked

Or you can exit Termux session from notification

Connect your device to your computer and copy your dumped file, if the file does not appear, just create a folder and move the file. This way Windows should be able to see it

Recover decrypted files using WinHex:
Open Winhex.exe

File -> Open... and select a dumped file

Tools -> Disk Tools -> File Recovery by Type

Click the "+" next to "Programs" (1) and check "Windows exec." (2). Now, select the folder where you want the new file to be generated under "Output Folder" (3).

Ensure "Complere byte-level search" is checked (4) and then click "OK" (5).

The file recover will now begin and, when it finished you'll get a message like this:

Now, reach the location where you saved this file and delete all files with the ".com" extension. They're not needed and may only cause confusion.

You can finally close WinHex.

Happy modding!

Credits:
AndnixSH
x-ways devs (Winhex program)
Fredrik (Termux app)

Updated October 30, 2018 by AndnixSH

TheArmKing · April 2, 2017

WHat if you use nox ?

ThePianoGuy · April 2, 2017

8 minutes ago, TheArmKing said:

WHat if you use nox ?

Read the guide. You are not blind

Only ask if you tried it or got stuck

TheArmKing · April 2, 2017

1 minute ago, evildog1 said:

Read the guide. You are not blind

Only ask if you tried it or got stuck

3 minutes ago, evildog1 said:

Read the guide. You are not blind

Only ask if you tried it or got stuck

its cuz there is no guide for nox , only memu and all

ThePianoGuy · April 2, 2017

1 minute ago, TheArmKing said:

I'll bring this to you

Using Android Emulator?
Termux and GDB fully support x86, but Termux will not work on Kitkat 4.4.4 and below due to system limitation, so you have to use the following emulator that have Lollipop 5.0 ROM and above

...

TheArmKing · April 2, 2017

Just now, evildog1 said:

I'll bring this to you

Using Android Emulator?
Termux and GDB fully support x86, but Termux will not work on Kitkat 4.4.4 and below due to system limitation, so you have to use the following emulator that have Lollipop 5.0 ROM and above

...

ik

fahadxmb · April 2, 2017

@@evildog1

This is for advanced modders only even above that there is a simple way for modders this one is just complicated.

Amuyea · April 2, 2017

Thanks

Archangel04 · April 3, 2017

17 hours ago, fahadxmb said:

@@evildog1

This is for advanced modders only even above that there is a simple way for modders this one is just complicated.

this doesnt seem that complicated. It is the android equivalent of "cracking/thinning a binary"

Sounds really useful for hacking droid games though.

fahadxmb · April 3, 2017

5 hours ago, Archangel04 said:

this doesnt seem that complicated. It is the android equivalent of "cracking/thinning a binary"

Sounds really useful for hacking droid games though.

First of All it is Not at all like thinning the binary but like decrypting it, and second i meant complicated for beginners but you will know when you try and get erros.