Tutorial Unity Cracking Unity Games - Ultimate Guide for dummies

[Uncle Eugene]

Unity Cracking Tutorial​

This guide will teach you how to look inside a code of a Unity game and how to modify it to achieve whatever goal you have
I will explain everything as if I'm teaching the very beginner, so expect oversimplification of heavy tech stuff if you're experienced
I'll try to tell you only the things you need and drop everything that is not required to create a crack

You will learn how to:

• Remove paywalls
• Create cheats
• Add new functionality to the game
• Analyze how the game works
• Check if the game is free of malware

However this tutorial will be focused on removing paywalls from an example porn game, but with the skills you'll learn you will be able to do whatever you want
There will be a Unity Game attached to every level of difficulty. You're meant to follow along, download game for each level and crack it with me

You can preamtively download the archive with all the example games: [PIXELDRAIN LINK will be ready later]

Prerequisites:

• You have to know very basics of programming or be willing to learn it elsewhere, this tutorial won't cover it, we will do basic programming in C#

That's it! Feel free to try even if you can't code, starting levels do not require any skills basically, but further it goes more skills are required. It will also help if you know anything about Unity development, but it's completely ok if you don't

Preparations​

Step 0 - Installing tools

Game Link:

You must be registered to see the links

DnSpy Link:

You must be registered to see the links

To start we will need a game itself and some tools. Our first and most important tool will be

You must be registered to see the links

, it allows us to "look inside" .dll files that contain C# code. Read and Modify them. So download everything we need and proceed...

Step 1 - Figuring out the game engine
Before even starting a game there are some quick steps we should do that will help us understand the game better and know how to approach it.
The first and very obvious step is to make sure our game was made with Unity, let's look at file structure:


We have

• %GameName%.exe
• %GameName%_Data
• UnityCrashHandler
• UnityPlayer

Basic Unity game file structure, I'm sure you feel that this step is too obvious, so let's skip all the useless stuff I can write about that and proceed to the next step

Step 2 - Figuring out scripting backend
Now comes less obvious but very important step
You see, Unity offers two scripting backends to choose from: Mono and il2cpp.
To put it simply:
mono option compiles the game into those .dlls we can freely read and modify, so it will be easy for us
il2cpp option compiles game into assembly code. We can still modify il2cpp game, but it's the topic for later chapters

Let's open %GameName%_Data folder


Two options here:

• If there is Managed folder - it is mono
• If there is il2cpp_data folder - it is il2cpp

Conveniently for us author compiled this game with mono scripting backend, who would've thought (Like I didn't make this game myself), so we can proceed

Level 0 - First Crack​

Game Link:

You must be registered to see the links

It is finally time to run the game and see what it has to offer



Oh no! Look at that bitch, she wants our money to activate NSFW content, what a shame, $60/month! There is no way we're paying that for a game we already downloaded to our PC with all the content hidden inside

Let's not waste any more time and crack our first game.
Open %GameName%_Data/Managed folder, that is where all the .dlls with game code are located



There are bunch of dlls here, each of them contains different code that is used in the game, to make things simplier think of them as "modules" or "folders" for a code. For example UnityEngine.UI.dll is a part of Unity Engine that contains code for UI elements.

The one we're interested in is Assembly-CSharp.dll, that is where Unity puts the developer's code that is not part of Unity itself. By default. There could be exceptions if developer creates his own assemblies, but let's not focus on that for now

Let's open DnSpy



Not much to see right now, let's drag our Assembly-CSharp.dll onto Assembly Explorer window or open it via File menu



You can click on the assembly to open namespaces and classes it contains. DnSpy will also load other assemblies from the same folder that are being referenced by the code inside of our Assembly-CSharp, just ignore them and focus on Assembly-CSharp

We don't have a ton of code here because it's a small example game, however in real game you may find a lot of stuff inside, so be a good student and just imagine there are lots of classes with too much code to handle

There should be some kind of Patreon check inside the game, having experience with porn games I designed "levels" from the most common and easy to the rarest and more difficult examples of Patreon validations you can find in a wild

So lets do the most easy thing I always start with: open the search window (Ctrl+Shift+K or magnifying lens icon near start button) and search for the word patreon



Make sure the option "Search For:" is set to "All of the Above" or you may miss something

Would you look at that! We found a field called _isPatreonVersion inside GameManager class
looks like the very thing we need, double click it to navigate to it's location



Here we go. Basic static bool that seems to determine if the version we're running is patreon version or not
You can right click on it and hit "Analyse" to see where it is used. Check "Read By" section



You may navigate to the method this _isPatreonVersion field is referenced at and see how exactly it is used. We can skip this part since it's pretty obvious this is what we need. Not to mention I'm running out of available attachments on F95

So lets make it so our bool is set to true instead of false (it is false by default in C#)
For that we right click on this field or somewhere near it and choose "Edit Class (C#)..."
Make it so this bool is set to true like so:


We just add = true;

Then click "Compile"



We're done! Now we need to save recompiled dll back to where we took it from.
Click "File -> Save All..."



You can overwrite original dll or copy it beforehand in case you messed something up.
But we don't do that, we're pros, so destroy it is
Click "OK"

Lets run our game again and see if it made any effect



Voila!
Cool, we cracked our first game, lets go!
I've blurred the good parts on purpose so you would have more motivation to follow along and crack the game by yourself, though it's only a simple AI image made for educational purposes

And that's pretty much it for the very basics. Trust me, this is enough to crack at least 25% of the Unity games on F95

We've learned how to:

• Differentiate between mono and il2cpp scripting backends
• Use DnSpy to read source code of mono Unity game
• Modify default values for fields in assembly

Share you thoughts and progress in this thread I'm always happy to answer questions and read feedback

 

[Uncle Eugene]

Level 1 - Unity Basics​

Game Link:

You must be registered to see the links

You know the basics already, so just do it again



We have the Managed folder, so it is mono, nice, we can do our thing

Run the game to see what it's about



Her again, but on a different side of the screen, that's new. Lets proceed with the crack

Open Assembly-CSharp.dll in DnSpy

Search for the word patreon once again



We have a hit! Same class, a little bit different name, I didn't change much for this level, LAZY ME! HOW COULD I?

Spoiler: What if Patreon word search didn't work out?

You don't have permission to view the spoiler content. Log in or register now.

So I guess we just do what we've learnt in Level 0 then
Right click on public bool IsPatreon and choose "Edit Class (C#)..."



Make it so our bool equals to true by default
and click "Compile"



Oops... Seems like we have an error. 'Object' is an ambiguous reference between 'UnityEngine.Object' and 'object'
This is common error when recompiling Unity classes in DnSpy. Developers often use class from Unity called Object and its name matches the same class from default System namespace and DnSpy sometimes loses track of which one exactly it meant to be

Double click on the error, it will show you the line where it occured:
return Object.FindFirstObjectByType<GameManager>();

here. 99.5% of the time developers refer to UnityEngine.Object, so lets fix our line. It should be
return UnityEngine.Object.FindFirstObjectByType<GameManager>();

Try to "Compile" again



Seems like we're done, so "File -> Save All -> OK" to save our modified dll

Lets run our game again and see if we've succeeded



And... We're not... What happened?

Well, obviously I wouldn't give you the second example if it was exactly the same as first one, so let me explain:



Take a look at the class definition: public class GameManager: MonoBehaviour
Notice how it is inherited from MonoBehaviour class (: MonoBehaviour shows that)

Simplified explaination would be that it means this class is used by developer in Unity as Component
On the screenshot I've shown you two examples of fields:
public bool _name_
[SerializeField] private bool _name_

In first case we have public field
in second case we have private (but can be whatever) field with [SerializeField] attribute on top of it

If one of these is put into Component - Unity will initialize it's value to what developer has set in the inspector
this is how it looks for him:



So the developer has this little nice checkbox that defines the value of this variable and it will be set later, so changing default value to true does nothing since Unity overrides it afterwards. (So does changing it in constructor, if you know what this means)

What can we do about that? - Actually, it's pretty easy. We just need to set the value to what we need after Unity finishes doing it's serialization stuff

Conveniently for us, there is void Start() method inside this class.
void Start() method is a special method in Unity that will be called once after this component initializes, just what we need!

Spoiler: Some other "magic" built-in methods in Unity that do stuff

You don't have permission to view the spoiler content. Log in or register now.

Lets right click on the method Start() and choose "Edit Method"



Inside, we will just set isPatreon = true;



And compile



That's it, lets save our finished dll and replace the one from the Managed folder with it

And check what the game thinks about it now



Victory once again!

We've learned:

• About "magic" methods in Unity that do something
• About Unity inspector where developer can choose what value that variable will be initialized with
• How to edit methods in DnSpy
• How to fix common compilation errors in DnSpy

Spoiler: What if there is no "Start"/"Awake" method in the class

You don't have permission to view the spoiler content. Log in or register now.

Spoiler: What if modifying method didn't work

You don't have permission to view the spoiler content. Log in or register now.

Share you thoughts and progress in this thread I'm always happy to answer questions and read feedback

 

[Uncle Eugene]

Level 2 - Password? No, thanks
​

Game Link:

You must be registered to see the links

No time to waste, lets open up the game and see whats new



OMG! Eugene actually spent time to do the menu? No way...

The menu! Something new on the table
Check out what happens if we click the "Patreon Key" button



What we're doing today is a bit different, but very likely to be found in a real Unity porn game - The password input

I'm sure you've seen some games that require you to input some kind of a password to get something in return, like cheats, gallery, exclusive features etc.
Here's one of them

Our goal is to crack the game so we can somehow input the correct key

See you in DnSpy



Yeah... So, I took some time to actually add extra classes so you'd get better idea of what it looks like
Let's search for our favourite word patreon



Absolutely no matches this time, damn
What do we do now? - We need to find a code that is connected to some kind of password/key input or validation
Maybe let's try searching for a word key



Too many matches inside System libraries. "Key" is a common word
You see that dropdown on a top right saying "All Files"?
Select Assembly-CSharp in Assembly Explorer window on your left and then set this dropdown to Selected Files



That's better. We've found a few classes named KeyWindow and KeyButton
Sounds promising. Lets double click on anything from KeyWindow class and see whats inside



A lot of stuff in this class to fit into one screenshot, but I can tell you already that this class is what we were looking for. It controls the Patreon Key Input window.

Can you find the line where validation happens? Try to look through the code yourself. If you have any experience with programming I'm sure it will be trivial for you

Do you remember that if the class is inherited from MonoBehaviour then Start is a magic method that will be called from Unity? Good.
So inside this Start developer subscribes OnSubmit method on _submitButton click event. Given the name I'm sure that this button is what we press after inputting the code in game

So we look inside OnSubmit and see that it takes text from Input Field, trims it, checks that it is not null and passes it to PasswordHasher.VerifyPassword
And depending on what VerifyPassword returns it does stuff

Cool, so we found where it happens, now it's time to decide what do we do with it
But first lets navigate to PasswordHasher.VerifyPassword and see what it does
Click on VerifyPassword to do that



Uff, some encryption going on, you see that?
Well, unlucky. Seems like developer cared about his password "security" and verifies it by comparing it to hashed encrypted strings. Scary stuff, totally uncrackable

I deliberately made it this way because that is very common in games I crack. I love it and I find it extremely funny.
When I see stuff like this I imagine a picture looking something like that:



Sorry for messy AI image

A proud developer looking at a huge gate with tons of locks on it made with unbreakable steel, he passionately tries to secure his goods behind it and sure they're safe
BUT THERE IS NO FUCKING WALL AROUND. Not even a tiny fence. That makes me laugh hard

It happens a lot with different validations, even including networking validations when developer pays for a server, hosts a validation on it so nobody can hack it nor see how validation happens and sends data on the server to validate.
But remember - no walls...

Thats fun and all, but how we proceed with the crack?

I'd leave that up to you, you already know everything you need to reach our goal
Unfortunately, we really can't figure out the original password because game only contains it's hash and random salt, encryption algorithm developers are smarter then the ones who generally use them
But we can do a lot of other things. Remember - work smart, not hard

One good idea would be making it so password verification always returns true for any password!
Lets do this. Right click on VerifyPassword method and choose "Edit Method (C#)..."



Delete all this crap inside and just return true;
Click "Compile"

Done. Now we "File -> Save All... -> OK" to save our recompiled dll
Open the game to check what we've done



And try to submit any key

Every key is valid now! Encryption didn't help this time around didn't it? Nice!

But there is still more we could've done. Now people would need to enter a code in the game to get what they wanted. This is ok, it works, but you know... Two extra clicks for lazy ass users!? Do you have any compassion?
Can you make it so user won't even have to enter the code? You can surely figure this out

There are a lot of ways to achieve the same result
So always remember: while some people say "We don't look for easy ways" - I answer "Well, maybe you should. They're fucking easy"
Do not overcomplicate things and they won't be complicated
Go for a route of least resistance

 

[Uncle Eugene]

Level 3 - "Crack stopped working! Please, update"

Unfinished. Writing in progress. Sorry I'm saving it here before its complete​

BepInEx Link:

You must be registered to see the links

Visual Studio Link:

You must be registered to see the links

You know everything you need to know to crack pretty much all the games compiled with mono

But you probably have guessed that when developer updates his game he, most likely, will update the code as well. So Assembly-CSharp.dll won't be the same and you would need to patch it once again. And again. And again. After each update.

Maintaining the crack takes too much time, especially if you do a lot of them for different games, so how can we get rid of this burden?
That's where we change our approach a little bit a lot
With the right tools we can keep the original dll unmodified while still applying the changes we need

This right tool is

You must be registered to see the links

is an open source modding framework for Unity games. Created for making mods for popular (and not so popular) games.
Technically it is a hook that injects your dll into Unity process and provides you with some tools to make your life as a modder easier

Preparations​

In this level we will be writing

You must be registered to see the links

plugin and for that we need an IDE where we'll create our stuff
I do suggest using

You must be registered to see the links

for that purpose. But if you're a programmer already and have everything preinstalled for .NET development (including an editor such as VS Code, Rider or VS itself) you can use it instead. Every screenshot and instruction will be for VS tho

You must be registered to see the links

Spoiler: What to Install in Visual Studio

You don't have permission to view the spoiler content. Log in or register now.

 

[Uncle Eugene]

Reserved for next chapters

 

[varie55526]

w

 

[Uncle Eugene]

Level 2 is out now.
Level 3 will be a transition between mono and il2cpp
And Level 4 will finally be about cracking il2cpp builds

This will conclude the main line for the tutorial and I will consider it done

After that I might throw in some extra "side quests" like a tiny projects with a goal to achieve by patching the game. Not necessarily paywall removal, just so you see and get some practice with different Unity specific stuff

 

[PhanTanTrung]

I can't believe I get free education on porno site