Unity Mono Game Hacking
WARNING: In this article, I will not cover anti-cheat bypass or anything related to that. Education purpose only
Table of Contents
What is Mono ?
Mono is an open source implementation of .NET framework which allows developpers to create cross-platform applications targeting Linux, Android, Windows, MacOS…
Explore using CE
In this part, I’ll show you how to exploit Mono game using Cheat Engine. I assume you already know how CE works. So, when you load the game process you just have to click on the Mono tab and select Activate mono features. Then, click on Dissect mono in order to go through Assembly-CSharp dll.
As an example, let’s take a look at “PlayerMovement” class. In fields tab, you can see many instances of class.
By finding the address of the structure, you will be able to gain access to the part of the memory concerned and modify it as you wish.
So, you can go from this (health address) :
To this :
Write a basic internal in CSharp
In this part, we are going to take a closer look to the game files. If you know a little bit about Unity game structure you might notice that game datas are stored in GameName_Data folder. Now you can go through the folders and you will find the Managed folder where there is Assembly-CSharp.dll. You can now disassemble it using dnSpy or dotPeek or whatever you want.
Thanks to these tools you will be able to see game classes or even understand how the game works !
Now in order to make a basic game exploitation script, you will need to use an IDE (I used Visual Studio and I personnaly recommend it). Let’s import all UnityEngine dlls of the game in our project. Once you did this, you can create a Loader.cs file which is useful to initialize our exploit.
using UnityEngine;
namespace Whatever
{
public class Loader
{
public static void Init()
{
Loader.Load = new GameObject();
Loader.Load.AddComponent<Main>();
GameObject.DontDestroyOnLoad(Loader.Load);
}
public static void Unload()
{
_Unload();
}
private static void _Unload()
{
GameObject.Destroy(Load);
}
private static GameObject Load;
}
}
This small program is pretty simple to understand, it defines a class named “Loader” then 3 static methods.
Init()
contains a new GameObject that we assign a “Main” component.Unload()
calls_Unload()
function that will destroy the GameObject created inInit()
function.
Now this is the fun part, create a new .cs file where we’ll write our main script.
using UnityEngine;
namespace Whatever
{
class Main : MonoBehaviour
{
public void OnGUI()
{
GUI.Box(new Rect(0f, 0f, 100f, 40f), "");
GUI.Label(new Rect(0f, 0f, 100f, 30f), "Injected");
}
private void Start()
{
}
public void Update()
{
if (Input.GetKeyDown(KeyCode.Delete))
{
Loader.Unload();
}
}
}
}
Here is again the basic script you can easily find on the web which contains 3 methods.
- The
Start()
method is called once when the program is injected. - The
OnGUI()
method is in charge of GUI. - The
Update()
method is called every frame.
Now, you have to build the dll and inject it using SharpMonoInjector with this command :
.\smi.exe inject -p "NameOfTheProcess" -a "whatever.dll" -n Whatever -c Loader -m Init
As you can see, our cheat has been injected into the game !
Conclusion :
I hope useful and you enjoyed this little article about game hacking and, if you want i make a second part / having issues with anything, let me know !
Discord : onii#0121