Skip to content

onerdna/sf-2.x-guide

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

Reversing 2.X (IDA)

Unlike versions before 2.0.0, the game was written using Marmalade SDK — an old, discontinued cross-platform engine that uses C++ as its primary language. Starting from this version, developers made numerous changes to prevent effortless reversing, such as applying obfuscation and encryption to asset files.

This guide will help you obtain the "source code" in the form of assembly code using IDA, a proprietary software tool for disassembling binaries. For this guide, you can use the free version of IDA, but keep in mind that you may miss out on some features.

Game Structure Overview

Starting with 2.0.0, the game is written in Unity Engine with an IL2CPP backend. This means that no JIT-compiled IL (processed C#) code is executed inside a Mono Runtime — the code is converted to C++ and then compiled into machine code.

This approach eliminates the need for JIT compilation, improving performance and compatibility. However, since we only end up with a stripped C++ binary, there’s very little information about what’s happening in the code. Fortunately, the IL2CPP backend includes this information in the metadata file (global-metadata.dat), so the decompiled assembly can be given more context using specific tools.

C# scripts (.cs files) -> C# Compiler (csc) -> .NET IL Assemblies (.dll) -> IL2CPP (IL -> C++ Conversion) -> C++ Source Code -> C++ Compiled (clang) -> IL2CPP Binary (libil2cpp.so)

Knowledge Required

  • Basic computer skills

  • Basic knowledge of IDA

  • Familiarity with arm64-v8a/armeabi-v7a assembly instructions

  • Basic understanding of CPU and memory

  • Recommended: Knowledge of C

Tools Needed

  • IDA
  • Il2CppDumper by Perfare (Open Source)
  • Any program capable of extracting ZIP files (e.g., 7-Zip)

Extracting libil2cpp.so & global-metadata.dat

  • Rename the game’s file extension from .apk to .zip and extract it using an archive viewer.

  • The compiled game code is inside the libil2cpp.so file located in the /lib/[architecture]/ directory.

  • IL2CPP produces code for multiple architectures (armeabi-v7a and arm64-v8a) — choose one to work with.

  • The global-metadata.dat file lies in /assets/bin/Data/Managed/Metadata/.

Using Il2CppDumper

Run this command to generate files recognizable by IDA:

Il2CppDumper.exe <path to libil2cpp.so> <path to global-metadata.dat> <output directory>

Using IDA

  1. Open libil2cpp.so in IDA.
  2. In the toolbar, hover over File → click Script File....
  3. Select this script file
  4. Next, select the script.json and il2cpp.h files generated by Il2CppDumper.
  5. Let the analysis run — it will name most symbols and add C# strings.

From this point on, it’s up to you to analyze the functions manually.

About

Modding guide for 2.x

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors