Dump standoff 2 with help xor keys

[JojoLands1337]

how to find xor keys to decrypt metadata in standoff? please help, what programs are needed for and this and what needs to be done. i need deciphered metadata, not dump.cs!!! if there is a script, then throw it off (Something like this: a script that finds the xor keys and downloads the file with them to the phone)

[MC874]

19 hours ago, JojoLands1337 said:

how to find xor keys to decrypt metadata in standoff? please help, what programs are needed for and this and what needs to be done. i need deciphered metadata, not dump.cs!!! if there is a script, then throw it off (Something like this: a script that finds the xor keys and downloads the file with them to the phone)

Hi! there's no such script that automate to find xor key on each version. In fact; it was finded manually. I do think it's more easier to Dump the Metadatata instead of de-obfuscate/de-crypt; it goes separate ways. If you still insist on how to find the key; do note that:

*I don't know what the current Metadata works, but it was possible back in the days.
*Obfuscated Metadata can't be de-obfuscated without dumping it from the game or metadata loader.

# Encrypted

• 1) In the case that Metadata is encrypted; you need to take the LibUnity or GameLib into a disassembler such as IDA Pro and Ghidra. If you're going to use Android; there's similar tools but i don't know if it's able to do the full job as you're doing on Windows PC. Here's the Android similar-like app: ADA
• 2) For IDA; wait the disassembler process to be done fully, indicated as Blue-bar on the top. Don't forget to set the dissasembly into Arm/Little-Endian since you're targeting Android Game. Now finds any function that involve il2cpp, it might renamed by the game Developer so you can just find it through the string.
• 2.1) Alternative to #2, click Shift+F12 to open String window. There, you need to find anything related to Metadata, something like "metadata". Open it one by one and also find it through the XRef until you stumbled upon the inner-function that responsible to load Metadata.
• 3) Some games does include predefined key inside the loaders, you can just simply copies that and try decrypt-it with the keys.
• 3.1) Some games also obfuscate the key-strings; so you need to see it using Pseudo-code plugin. There will be some connected function that defines the string, indicated as the string length is defined and co-existed with bytes supplement. Just take the encrypted key-string and add it with the bytes-supplement; it will unxored the key-string. It does not decrypt the Metadata.
• 4) There's also a tool that focused on Reversing the UnityLib and you can get the Xor key with ease, check: Il2CppInspector. Although it's now halted, so i don't know if it's going to work with the latest game.

# Obfuscated
As i said earlier, you can't de-obfuscate the Metadata, instead you need to dump it manually. There's many ways to do it but i'll only mention couples.

• 1) If you did found the Metadata loader, make some hooks into that function until it drops de-obfuscated Metadata. This require additional task, as you need to make a hook wrapper manually. Exhausting.
• 2) You can dump it using GameGuardian script: Metadata 1 | Metadata 3
• 3) You can try to de-obfuscate it using Il2CppInspector
• 4) You can dump it using Il2CppDumper
• 5) For detailed explanation, visit this post: How to De-Crypt the Metadata from StandOff 2

I'm trying to stick on the topic, so you need to check other post for dumping Metadata. To get Metadata without dumping it; requires Huge task and Reverse engineering, as it's also have many work-arounds to get this. If you're using 3rd-party tools such as il2CppDumper & il2CppInspector, reads the documentation accordingly.