- Game Name
- N/A
- Anticheat
- N/A
- Coding Language
- C# Mostly
Unity Game Hacking Guide
TL : DR Version of Guide
Full Guide:
What is Unity?
Unity is a very popular game engine for smaller indie games but there are alot of larger games that are using it as well. It's cross platform, can work on Windows, Linux, Apple and even in a browser. It's free, makes game development very easy and uses a C# scripting engine.
- Unity (game engine) - Wikipedia
- List of Unity games - Wikipedia
Hacking Unity Games is Special
Hacking Unity Games is different than native games. Any game that uses a modern game engine requires a special approach and Unity games are no exception.
In a regular native game you can typically find pointers and offsets and use them easily. The way memory is mapped and the executable is loaded into memory is predictable and follows the same pattern every time, it's just how the PE file format and the Windows loader works. But game engines are large infrastructures that load and run the game logic that the developers of the actual game create. They have their own methods of loading dynamic code and data. Game engines add another layer of abstraction and often utilize alot of inheritance, overloading and polymorphism which makes reversing them more difficult.
First thing you will notice is that it is hard to find pointers that work after you restart the game in Unity games. For that reason pattern scanning and hooking is typically easier. I don't recommend trying to go after multilevel pointers in most Unity games.
Second thing you will see is that Unity games code is located in an Assembly-CSharp.dll module and not in the main EXE. What's good about this is you can easily de-compile and modify this file using dnSpy which is a .NET de-compiler/debugger.
If you're thinking of using the native route of hacking and not using mono injection please view this thread to understand how much work it is. Thanks @Boboo99 for providing a ton of information on reversing this game
https://guidedhacking.com/threads/how-to-hack-secrets-of-grindea.9811
Static Analysis
You can statically analyze the game code using a .NET decompiler. You will see the structures and the functions. Keep in mind all the game engine code won't be in there, it's just the game logic. Not all the functions and structs the game uses will be in the Assembly-CSharp.dll. Sometimes it will include all the names of the structures, variables and functions. Other times the developer will strip these out or obfuscate it. Even with the names stripped, it is easy to reverse engineer functions like this.
IL2CPP Compilation
Some games are using IL2CPP which compiles the game code to C++ then to assembly, which makes decompiling with dnSpy and mono injection impossible. This is more efficient and makes hacking the games more difficult so we are seeing more and more games use it.
Learn more from https://docs.unity3d.com/Manual/IL2CPP-HowItWorks.html
If your game is using IL2CPP skip this tutorial and just use native game hacking methods is probably best. Here is a IL2CPPDumper https://github.com/Perfare/Il2CppDumper
Cheat Engine Mono Dissector
Cheat Engine has basic features to view Unity game data as well. We don't have tutorials for it but here are some from our friends
CheatTheGame Mono Videos
Stephen Chapman Mono Videos
Editing Assembly-CSharp.dll
If the game doesn't have integrity checks, and especially for single player games you can simple modify the Assembly-cSharp.dll using a decompiler and save it. If the game has integrity checks, which most good multiplayer games will, this will not work.
Mono Injection - the best way to hack unity games
Mono injection is a technique of writing your own C# assembly and injecting it into the game engine, you essentially override game functions with your own functions. It has the same effect as hooking a function basically, you run your code and the games original code. It is pretty easy to do.
Here is an excellent mono injection tutorial by @Truth
- Tutorial - How to Hack Unity Games using Mono Injection Tutorial
Download the GuidedHacking Mono Injector from @Truth here:
- Guided Hacking DLL Mono Injector
Other mono injectors:
Harmony
A library for patching, replacing and decorating .NET and Mono methods during runtime - pardeike/Harmony
About
Harmony gives you an elegant and high level way to alter the functionality in applications written in C#. It works great in games and is well established in titles like 7 Days To Die, BattleTech, Besiege, Cities:Skylines, Kerbal Space Program, Oxygen Not Included, Ravenfield, Rimworld, Sheltered, Stardew Valley, Staxel, Subnautica, The Ultimate Nerd Game, Total Miner, Unturned and many more.
It is also used in unit testing WFP controls and in many other areas.
How it works
If you develop in C# and your code is loaded as a module/plugin into a host application, you can use Harmony to alter the functionality of all the available assemblies of that application. Where other patch libraries simply allow you to replace the original method, Harmony goes one step further and gives you:
• A way to keep the original method intact
• Execute your code before and/or after the original method
• Modify the original with IL code processors
• Multiple Harmony patches co-exist and don't conflict with each other
• Works at runtime and does not touch any files
Is your unity hack lagging?
Unity game hacking tutorial that has some good tips, by @Erarnitox
- Tutorial - How to Fail Reverse Engineering old Unity Games
Example source code for a hack using mono injection from @SystemX32
- https://guidedhacking.com/threads/unity-engine-scp-secret-laboratories-esp.11647
@Syqao Unity Tutorials
- Tutorial - Unity Game Hacking Tutorial
Extracting Unity Assets such as textures etc...
Additional resources:
TL : DR Version of Guide
- Best method to hack Unity is to code in C# and use mono injection
- Multilevel pointers are shit in Unity, use hooking/pattern scanning instead
- Game logic is usually inside Assembly-CSharp.dll, decompile/edit it with dnSpy
- Cheat Engine has a mono dissector you can use
- Some games use IL2CPP compilation which makes dnSpy and mono injection more difficult
- How to Hack Unity Games using Mono Injection Tutorial - Guided Hacking
- Guided Hacking DLL Mono-Injector
Full Guide:
What is Unity?
Unity is a very popular game engine for smaller indie games but there are alot of larger games that are using it as well. It's cross platform, can work on Windows, Linux, Apple and even in a browser. It's free, makes game development very easy and uses a C# scripting engine.
- Unity (game engine) - Wikipedia
- List of Unity games - Wikipedia
Hacking Unity Games is Special
Hacking Unity Games is different than native games. Any game that uses a modern game engine requires a special approach and Unity games are no exception.
In a regular native game you can typically find pointers and offsets and use them easily. The way memory is mapped and the executable is loaded into memory is predictable and follows the same pattern every time, it's just how the PE file format and the Windows loader works. But game engines are large infrastructures that load and run the game logic that the developers of the actual game create. They have their own methods of loading dynamic code and data. Game engines add another layer of abstraction and often utilize alot of inheritance, overloading and polymorphism which makes reversing them more difficult.
First thing you will notice is that it is hard to find pointers that work after you restart the game in Unity games. For that reason pattern scanning and hooking is typically easier. I don't recommend trying to go after multilevel pointers in most Unity games.
Second thing you will see is that Unity games code is located in an Assembly-CSharp.dll module and not in the main EXE. What's good about this is you can easily de-compile and modify this file using dnSpy which is a .NET de-compiler/debugger.
If you're thinking of using the native route of hacking and not using mono injection please view this thread to understand how much work it is. Thanks @Boboo99 for providing a ton of information on reversing this game
https://guidedhacking.com/threads/how-to-hack-secrets-of-grindea.9811
Static Analysis
You can statically analyze the game code using a .NET decompiler. You will see the structures and the functions. Keep in mind all the game engine code won't be in there, it's just the game logic. Not all the functions and structs the game uses will be in the Assembly-CSharp.dll. Sometimes it will include all the names of the structures, variables and functions. Other times the developer will strip these out or obfuscate it. Even with the names stripped, it is easy to reverse engineer functions like this.
IL2CPP Compilation
Some games are using IL2CPP which compiles the game code to C++ then to assembly, which makes decompiling with dnSpy and mono injection impossible. This is more efficient and makes hacking the games more difficult so we are seeing more and more games use it.
Learn more from https://docs.unity3d.com/Manual/IL2CPP-HowItWorks.html
If your game is using IL2CPP skip this tutorial and just use native game hacking methods is probably best. Here is a IL2CPPDumper https://github.com/Perfare/Il2CppDumper
Cheat Engine Mono Dissector
Cheat Engine has basic features to view Unity game data as well. We don't have tutorials for it but here are some from our friends
CheatTheGame Mono Videos
Stephen Chapman Mono Videos
Editing Assembly-CSharp.dll
If the game doesn't have integrity checks, and especially for single player games you can simple modify the Assembly-cSharp.dll using a decompiler and save it. If the game has integrity checks, which most good multiplayer games will, this will not work.
Mono Injection - the best way to hack unity games
Mono injection is a technique of writing your own C# assembly and injecting it into the game engine, you essentially override game functions with your own functions. It has the same effect as hooking a function basically, you run your code and the games original code. It is pretty easy to do.
Here is an excellent mono injection tutorial by @Truth
- Tutorial - How to Hack Unity Games using Mono Injection Tutorial
Download the GuidedHacking Mono Injector from @Truth here:
- Guided Hacking DLL Mono Injector
Other mono injectors:
Harmony
A library for patching, replacing and decorating .NET and Mono methods during runtime - pardeike/Harmony
About
Harmony gives you an elegant and high level way to alter the functionality in applications written in C#. It works great in games and is well established in titles like 7 Days To Die, BattleTech, Besiege, Cities:Skylines, Kerbal Space Program, Oxygen Not Included, Ravenfield, Rimworld, Sheltered, Stardew Valley, Staxel, Subnautica, The Ultimate Nerd Game, Total Miner, Unturned and many more.
It is also used in unit testing WFP controls and in many other areas.
How it works
If you develop in C# and your code is loaded as a module/plugin into a host application, you can use Harmony to alter the functionality of all the available assemblies of that application. Where other patch libraries simply allow you to replace the original method, Harmony goes one step further and gives you:
• A way to keep the original method intact
• Execute your code before and/or after the original method
• Modify the original with IL code processors
• Multiple Harmony patches co-exist and don't conflict with each other
• Works at runtime and does not touch any files
Is your unity hack lagging?
Unity game hacking tutorial that has some good tips, by @Erarnitox
- Tutorial - How to Fail Reverse Engineering old Unity Games
Example source code for a hack using mono injection from @SystemX32
- https://guidedhacking.com/threads/unity-engine-scp-secret-laboratories-esp.11647
@Syqao Unity Tutorials
- Tutorial - Unity Game Hacking Tutorial
Extracting Unity Assets such as textures etc...
Additional resources:
Last edited:
