Il2CppInspector is a powerful, feature-rich tool designed for reverse engineering Unity IL2CPP binaries. It assists reverse engineers, security researchers, and game developers by analyzing IL2CPP executables and generating various outputs like C# stubs, C++ scaffolding, IDA/Ghidra scripts, and metadata JSON files. This enables deeper understanding of game logic, structure, and API usage, even for obfuscated applications.

How It Works

Il2CppInspector parses IL2CPP binaries (PE, ELF, Mach-O, etc.) and associated metadata to reconstruct the application's structure. It identifies types, methods, fields, and API functions, mapping them to their memory addresses. The tool employs differential analysis for deobfuscation and supports various encryption schemes, making it effective against common protection methods. Its modular design allows for plugin-based extensions to handle custom obfuscation techniques.

Quick Start & Requirements

• Install: Clone the repository with git clone --recursive https://github.com/djkaty/Il2CppInspector and build using .NET Core.
• Prerequisites: .NET Core SDK, Visual Studio 2019 (recommended for GUI/DLL injection projects).
• Setup: Building the CLI or GUI involves dotnet publish.
• Docs: Il2CppInspector Plugin Development Wiki, Tutorials and Guides.

Highlighted Details

• Supports a wide range of file formats (ELF, PE, Mach-O, Universal Binary, FSELF) and architectures (ARMv7, ARMv8, x86, x64).
• Capable of defeating various obfuscation techniques, including ROT encryption, Beebyte symbol obfuscation, XOR encryption, and miHoYo-specific obfuscation.
• Offers a comprehensive API for programmatic analysis, available as a NuGet package.
• Includes a Universal IL2CPP Build Utility for generating IL2CPP binaries from C# source code across multiple architectures.

Maintenance & Community

Development is currently suspended due to the author's health and personal circumstances. Users are encouraged to fork the project. The author recommends Cpp2IL as an alternative for IL2CPP to IL conversion.

Licensing & Compatibility

Licensed under AGPLv3. This license may impose copyleft restrictions on derivative works, potentially requiring modifications to be open-sourced if distributed.

Limitations & Caveats

Development is halted, meaning no further official updates or bug fixes are expected. The author will not respond to issues or pull requests. While the tool supports many obfuscation methods, it may not handle all or future techniques.