Unity
Unity is one of the most frequently used game engines in CTF reverse engineering challenges. Flags or credentials often appear in embedded scripts, asset bundles, or metadata resources.
- Managed (Mono):
Assembly-CSharp.dll - IL2CPP games: use
IL2CPP DumperorCpp2IL - Decompile assemblies:
ILSpy,dnSpyEx, orJADX - Extract assets:
AssetRipper,UABE
| Tool | Purpose |
|---|---|
| IL2CPP Dumper | Extracts symbols and metadata from IL2CPP binaries |
| Cpp2IL | Recreates readable C# from compiled C++ code |
| AssetRipper | Extracts Unity assets/resources from projects or builds |
| Unity Assets Bundle Extractor | Legacy asset editor for Unity bundles |
| MelonLoader | Loads plugins for runtime inspection |
| BepInEx | Plugin injector and modding framework |
| UnityExplorer | Runtime object explorer for managed Unity assemblies |
- Mono games are easily decompiled — check
Managed/Assembly-CSharp.dll. - IL2CPP games separate metadata (
global-metadata.dat) and binary logic (GameAssembly.dll). - Extraction tools can reveal text assets or JSON configs containing hints for flag validation.
- Plugin loaders like BepInEx or MelonLoader allow executing your own C# scripts inside the running game.