Search for the function il2cpp::vm::MetadataCache::Initialize .
It generates a dump.cs file (containing class/method definitions), script.json (for auto-reversing in Ghidra/IDA), and Dummy DLLs. Modifying Strings (StringLiteral Patcher) Finding loaders for obfuscated global-metadata.dat files
The file is completely encrypted using standard algorithms (like AES-CBC or AES-GCM) or proprietary algorithms.
: Community-made repositories, such as those on GitHub , often contain specific C++ or Python scripts tailored for popular games like Mobile Legends . Legal and Ethical Considerations decrypt globalmetadatadat
Run the game. The script will scan the memory maps for the signature magic bytes of a valid Unity metadata file (historically 0xAF1BBACF ).
To understand why this file matters, it helps to understand how Unity handles code compilation across different devices:
Decrypting GlobalMetadataDat requires a combination of technical skills, knowledge of encryption algorithms, and, sometimes, specialized tools. Here are some general steps to help you get started: : Community-made repositories, such as those on GitHub
is another effective tool for rooted Android devices that bypasses integrity checks to dump the file. Static Analysis (Manual) :
Look for the function il2cpp::vm::MetadataCache::Initialize() . This is the native Unity function responsible for loading the metadata file into the engine. Step 3: Trace the Decryption Logic
Since the decryption key is located within the game's executable ( GameAssembly.dll or libil2cpp.so ), the most effective method is to allow the game to decrypt it in memory, then dump it. Method 1: Using Frida for Dynamic Analysis (Recommended) To understand why this file matters, it helps
When the file is encrypted, it appears as gibberish (e.g., all zeroes, or random data) when opened in a hex editor.
, are designed for specific high-profile games (like those from HoYoverse) that use unique, proprietary encryption formats. Why go through the trouble? Once you have a decrypted global-metadata.dat , you can use Il2CppDumper
The script streams the memory block out into a new, clean binary file. This dumped file is fully decrypted and ready for analysis. Method 2: Static Analysis and Key Extraction
When prompted, select your executable file ( libil2cpp.so or GameAssembly.dll ). Next, select your decrypted global-metadata.dat file.