Guide Unity Game Hacking Guide & Tutorials

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Rake

Cesspool Admin
Administrator
Jan 21, 2014
11,540
78,998
2,312
Game Name
N/A
Anticheat
N/A
Coding Language
C# Mostly
Unity Game Hacking Guide

TL : DR Version of Guide

Full Guide:

What is Unity?

Unity is a very popular game engine for smaller indie games but there are alot of larger games that are using it as well. It's cross platform, can work on Windows, Linux, Apple and even in a browser. It's free, makes game development very easy and uses a C# scripting engine.

- Unity (game engine) - Wikipedia
- List of Unity games - Wikipedia

Hacking Unity Games is Special
Hacking Unity Games is different than native games. Any game that uses a modern game engine requires a special approach and Unity games are no exception.

In a regular native game you can typically find pointers and offsets and use them easily. The way memory is mapped and the executable is loaded into memory is predictable and follows the same pattern every time, it's just how the PE file format and the Windows loader works. But game engines are large infrastructures that load and run the game logic that the developers of the actual game create. They have their own methods of loading dynamic code and data. Game engines add another layer of abstraction and often utilize alot of inheritance, overloading and polymorphism which makes reversing them more difficult.

First thing you will notice is that it is hard to find pointers that work after you restart the game in Unity games. For that reason pattern scanning and hooking is typically easier. I don't recommend trying to go after multilevel pointers in most Unity games.

Second thing you will see is that Unity games code is located in an Assembly-CSharp.dll module and not in the main EXE. What's good about this is you can easily de-compile and modify this file using dnSpy which is a .NET de-compiler/debugger.

If you're thinking of using the native route of hacking and not using mono injection please view this thread to understand how much work it is. Thanks @Boboo99 for providing a ton of information on reversing this game
https://guidedhacking.com/threads/how-to-hack-secrets-of-grindea.9811

Static Analysis
You can statically analyze the game code using a .NET decompiler. You will see the structures and the functions. Keep in mind all the game engine code won't be in there, it's just the game logic. Not all the functions and structs the game uses will be in the Assembly-CSharp.dll. Sometimes it will include all the names of the structures, variables and functions. Other times the developer will strip these out or obfuscate it. Even with the names stripped, it is easy to reverse engineer functions like this.

IL2CPP Compilation
Some games are using IL2CPP which compiles the game code to C++ then to assembly, which makes decompiling with dnSpy and mono injection impossible. This is more efficient and makes hacking the games more difficult so we are seeing more and more games use it.



Learn more from https://docs.unity3d.com/Manual/IL2CPP-HowItWorks.html

If your game is using IL2CPP skip this tutorial and just use native game hacking methods is probably best. Here is a IL2CPPDumper https://github.com/Perfare/Il2CppDumper

Cheat Engine Mono Dissector
Cheat Engine has basic features to view Unity game data as well. We don't have tutorials for it but here are some from our friends

CheatTheGame Mono Videos

Stephen Chapman Mono Videos

Editing Assembly-CSharp.dll
If the game doesn't have integrity checks, and especially for single player games you can simple modify the Assembly-cSharp.dll using a decompiler and save it. If the game has integrity checks, which most good multiplayer games will, this will not work.

Mono Injection - the best way to hack unity games
Mono injection is a technique of writing your own C# assembly and injecting it into the game engine, you essentially override game functions with your own functions. It has the same effect as hooking a function basically, you run your code and the games original code. It is pretty easy to do.

Here is an excellent mono injection tutorial by @Truth
- Tutorial - How to Hack Unity Games using Mono Injection Tutorial

Download the GuidedHacking Mono Injector from @Truth here:
- Guided Hacking DLL Mono Injector

Other mono injectors:

Harmony
A library for patching, replacing and decorating .NET and Mono methods during runtime - pardeike/Harmony

About
Harmony gives you an elegant and high level way to alter the functionality in applications written in C#. It works great in games and is well established in titles like 7 Days To Die, BattleTech, Besiege, Cities:Skylines, Kerbal Space Program, Oxygen Not Included, Ravenfield, Rimworld, Sheltered, Stardew Valley, Staxel, Subnautica, The Ultimate Nerd Game, Total Miner, Unturned and many more.

It is also used in unit testing WFP controls and in many other areas.

How it works
If you develop in C# and your code is loaded as a module/plugin into a host application, you can use Harmony to alter the functionality of all the available assemblies of that application. Where other patch libraries simply allow you to replace the original method, Harmony goes one step further and gives you:

• A way to keep the original method intact
• Execute your code before and/or after the original method
• Modify the original with IL code processors
• Multiple Harmony patches co-exist and don't conflict with each other
• Works at runtime and does not touch any files

Is your unity hack lagging?
var main = Camera.main;


For reasons unknown to me, this is a very expensive call to make in OnGUI. Call this once in your Start function to cache the camera.
Likewise, anywhere you use Camera.main, use the cached version.

Reason turning away helps is because you get to skip out on one Camera.main "call", but cache and your FPS will increase whether youre looking at people or not (as i imagine you still dont get max FPS when turned around with this method)

Unity game hacking tutorial that has some good tips, by @Erarnitox
- Tutorial - How to Fail Reverse Engineering old Unity Games

Example source code for a hack using mono injection from @SystemX32
- https://guidedhacking.com/threads/unity-engine-scp-secret-laboratories-esp.11647

@Syqao Unity Tutorials
- Tutorial - Unity Game Hacking Tutorial

Extracting Unity Assets such as textures etc...
Additional resources:
 
Last edited:

llt2012

Newbie
Full Member
Apr 23, 2016
12
249
1
I scanned one Address same picture below. But I change value of the Address then value No change.

5738
 

Sheesha

0x1EFF2FE1
Dank Tier Donator
Jul 23, 2018
17
1,058
0
You found the wrong address cuz the value could have been stored in many different dynamic addresses.
Try to search with all value types.
Recommended: watch some cheat engine tutorial series for ex. "How to find problematic values with cheat engine"
 
Last edited:

llt2012

Newbie
Full Member
Apr 23, 2016
12
249
1
You found the wrong address cuz the value could have been stored in many different dynamic addresses.
Try to search with all value types.
Recommended: watch some cheat engine tutorial series for ex. "How to find problematic values with cheat engine"
Thank you so much.
 

Hype

Meme Tier VIP
Mar 16, 2019
412
2,758
9
Thank you so much.
Also, I wanna tell you that some values are only for information usage for a game.
For example, even if you find a health adress and you change it and after back to game you see it didn't change it were back to the previous value, it means that variable is invalid and it is only for information usage for a game, not value that stores health.
 

0xDEC0DE

dead
Dank Tier VIP
Fleep Tier Donator
Dank Tier Donator
Oct 28, 2018
449
18,798
92

Help me please
What does "Loader.Unload" do ? In the video you press Insert but the string is still printed, so your hack does not unload i guess.

Does the Injector support unload / eject (FreeLibrary call) ? To inject the same DLL again it has to be freed first (all threads stopped and refcount decreased) at least for native dlls, dunno with mono.
 

zuduhediga

Full Member
Apr 1, 2019
7
22
0
What does "Loader.Unload" do ? In the video you press Insert but the string is still printed, so your hack does not unload i guess.

Does the Injector support unload / eject (FreeLibrary call) ? To inject the same DLL again it has to be freed first (all threads stopped and refcount decreased) at least for native dlls, dunno with mono.
Mono doesn't have FreeLibrary.Cheat unload supported gamebooster/mono-assembly-injector
 

rec0gn1ze

Full Member
May 25, 2019
8
173
1
So I am trying to make a hack on a unity game. But I have a problem with poor gui performance. I don't know why but when I am use GUI class to write a text on a screen my fps suddenly drops from 150 to about 20. Do you know how to solve it or maybe I should use another way to draw?
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
11,540
78,998
2,312
can you elaborate on how you are drawing?
 

rec0gn1ze

Full Member
May 25, 2019
8
173
1
can you elaborate on how you are drawing?
I am drawing stuff on screen using the defauld GUI class in unity ( Unity - Scripting API: GUI )
Some code from esp:
public void OnGUI()
{
    if (playerESP)
                {
                    GUI.color = Color.green;
                    GUI.Label(ButtonRects.playerEspRect, "Player ESP (Enabled)");
                    Player[] players = FindObjectsOfType<Player>();
                    for (int i = 0; i < players.Length; i++)
                    {
                        Player player = players[i];
                        Vector3 entityPos = player.currentActor.centerTransform.position;
                        Vector3 screenPos = Camera.main.WorldToScreenPoint(entityPos);
                        if (screenPos.z > 1f)
                        {
                            Rect ScreenPos = new Rect(screenPos.x, Screen.height - screenPos.y, 120, 120);
                            GUI.color = player.isNeighbor ? Color.red : Color.white;
                            GUI.Label(ScreenPos, player.isNeighbor ? "Neighbour" : "Kid");
                        }
                    }
                }
}

And this shit is very lagging, with disabled esp this game runs in about 150 fps but with esp fps drops to 30fps and lower.
Снимок экрана (244).png
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
11,540
78,998
2,312
looks cool, but I don't know the cause of your issue.

You could make it a bit more efficient by not making a copy of players and instead just accessing it directly via players

Maybe don't call WorldToScreenPoint() unless they are alive might help too, idk just a few thoughts I had. Might make a small difference at least
 
  • Like
Reactions: rec0gn1ze

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,276
37,938
268
Unity is kinda garbage.
Constantly calling FindObjectsOfType is bad, and all the functions like it. Only call those every once in a while (5-10s), the players themselves wont leave/join that quickly.

Likewise, everytime you call "camera.main" its actually a unity call for GetCamera().GetTransform() which has (surprisingly) led to some insane FPS drops myself when i coded for Rust.

Cache the camera, cache the players, enjoy your FPS

https://guidedhacking.com/threads/unity-game-hacking-guide-tutorials.12579/
 
Last edited by a moderator:
  • Like
Reactions: rec0gn1ze and Hype
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods League of Legends Accounts