-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathindex.html
More file actions
480 lines (447 loc) · 30.7 KB
/
Copy pathindex.html
File metadata and controls
480 lines (447 loc) · 30.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>VRChat IL2CPP Reverse Engineering</title>
<meta name="description" content="June 5 IL2CPP deobfuscation coverage for VRChat's GameAssembly.dll: 90.7% semantic naming across 88,400 classes, 528,135 methods, and 2,870 fields.">
<style>
:root {
--bg: #030712; --bg2: #0a0f1e; --bg3: #111827;
--card: #0d1117; --card-hover: #161b22; --border: #1e293b;
--blue: #3b82f6; --purple: #8b5cf6; --cyan: #06b6d4;
--green: #10b981; --amber: #f59e0b; --red: #ef4444;
--emerald: #34d399; --indigo: #6366f1;
--text: #e2e8f0; --dim: #64748b; --bright: #f8fafc;
--glow-blue: rgba(59,130,246,0.15); --glow-purple: rgba(139,92,246,0.12);
}
*{margin:0;padding:0;box-sizing:border-box}
body{font-family:'Inter','SF Pro Display',-apple-system,system-ui,sans-serif;background:var(--bg);color:var(--text);line-height:1.6;overflow-x:hidden}
::selection{background:rgba(59,130,246,0.3)}
a{color:var(--blue);text-decoration:none}
a:hover{text-decoration:underline}
/* Grid */
.container{max-width:1280px;margin:0 auto;padding:0 24px}
.grid{display:grid;gap:16px}
.g2{grid-template-columns:repeat(2,1fr)}
.g3{grid-template-columns:repeat(3,1fr)}
.g4{grid-template-columns:repeat(4,1fr)}
@media(max-width:900px){.g2,.g3,.g4{grid-template-columns:1fr}}
@media(min-width:901px) and (max-width:1100px){.g3,.g4{grid-template-columns:repeat(2,1fr)}}
/* Hero */
.hero{position:relative;padding:80px 24px 56px;text-align:center;overflow:hidden}
.hero::before{content:'';position:absolute;inset:0;background:radial-gradient(ellipse at 50% 0%,rgba(59,130,246,0.08) 0%,transparent 60%),radial-gradient(ellipse at 30% 50%,rgba(139,92,246,0.06) 0%,transparent 50%),radial-gradient(ellipse at 70% 60%,rgba(6,182,212,0.05) 0%,transparent 40%);pointer-events:none}
.hero-badge{display:inline-flex;align-items:center;gap:8px;padding:6px 16px;background:rgba(16,185,129,0.1);border:1px solid rgba(16,185,129,0.3);border-radius:100px;font-size:13px;color:var(--green);font-weight:500;margin-bottom:20px;animation:pulse 3s ease-in-out infinite}
@keyframes pulse{0%,100%{box-shadow:0 0 0 0 rgba(16,185,129,0.2)}50%{box-shadow:0 0 20px 4px rgba(16,185,129,0.15)}}
.hero h1{font-size:clamp(28px,5vw,48px);font-weight:700;color:var(--bright);letter-spacing:-0.02em;margin-bottom:8px}
.hero h1 span{background:linear-gradient(135deg,var(--blue),var(--purple),var(--cyan));-webkit-background-clip:text;-webkit-text-fill-color:transparent;background-clip:text}
.hero-sub{font-size:clamp(15px,2vw,18px);color:var(--dim);max-width:640px;margin:0 auto 32px}
/* Stats Row */
.stats-row{display:flex;justify-content:center;gap:48px;flex-wrap:wrap;margin-bottom:32px}
.stat-item{text-align:center}
.stat-num{font-size:clamp(28px,4vw,42px);font-weight:700;font-variant-numeric:tabular-nums;letter-spacing:-0.02em}
.stat-label{font-size:13px;color:var(--dim);text-transform:uppercase;letter-spacing:0.05em;margin-top:2px}
.c-blue{color:var(--blue)}.c-purple{color:var(--purple)}.c-cyan{color:var(--cyan)}.c-green{color:var(--green)}.c-amber{color:var(--amber)}
/* Version tag */
.version{display:inline-flex;align-items:center;gap:6px;padding:4px 12px;background:var(--bg3);border:1px solid var(--border);border-radius:6px;font-size:12px;color:var(--dim);font-family:'JetBrains Mono','Fira Code',monospace}
.version .dot{width:6px;height:6px;border-radius:50%;background:var(--green)}
/* Tabs */
.tabs{display:flex;gap:4px;padding:12px 24px;background:var(--bg2);border-bottom:1px solid var(--border);position:sticky;top:0;z-index:100;backdrop-filter:blur(12px);-webkit-backdrop-filter:blur(12px)}
.tab{padding:8px 20px;border-radius:8px;font-size:14px;font-weight:500;color:var(--dim);cursor:pointer;transition:all 0.2s;border:1px solid transparent}
.tab:hover{color:var(--text);background:var(--bg3)}
.tab.active{color:var(--bright);background:var(--card);border-color:var(--border)}
.section{display:none;padding:32px 0}
.section.active{display:block}
/* Cards */
.card{background:var(--card);border:1px solid var(--border);border-radius:12px;padding:24px;transition:border-color 0.2s}
.card:hover{border-color:rgba(59,130,246,0.3)}
.card h3{font-size:16px;font-weight:600;color:var(--bright);margin-bottom:16px;display:flex;align-items:center;gap:8px}
.card-icon{width:20px;height:20px;border-radius:6px;display:flex;align-items:center;justify-content:center;font-size:11px}
/* Progress */
.progress{height:8px;background:var(--bg3);border-radius:4px;overflow:hidden;margin:8px 0}
.progress-bar{height:100%;border-radius:4px;transition:width 1.5s cubic-bezier(0.4,0,0.2,1)}
.pb-green{background:linear-gradient(90deg,var(--green),var(--emerald))}
.pb-blue{background:linear-gradient(90deg,var(--blue),var(--cyan))}
.pb-purple{background:linear-gradient(90deg,var(--purple),var(--indigo))}
.pb-amber{background:linear-gradient(90deg,var(--amber),#fbbf24)}
/* Stat rows in cards */
.s-row{display:flex;justify-content:space-between;align-items:center;padding:6px 0;font-size:14px}
.s-row+.s-row{border-top:1px solid rgba(255,255,255,0.04)}
.s-val{font-weight:600;font-variant-numeric:tabular-nums}
/* Strategy table */
table{width:100%;border-collapse:collapse;font-size:14px}
th{text-align:left;padding:10px 12px;color:var(--dim);font-weight:500;border-bottom:1px solid var(--border);font-size:13px;text-transform:uppercase;letter-spacing:0.03em}
td{padding:10px 12px;border-bottom:1px solid rgba(255,255,255,0.04)}
tr:hover td{background:rgba(255,255,255,0.02)}
/* System cards */
.sys-card{background:var(--card);border:1px solid var(--border);border-radius:12px;padding:20px;position:relative;overflow:hidden}
.sys-card::before{content:'';position:absolute;top:0;left:0;right:0;height:3px;border-radius:12px 12px 0 0}
.sys-card.s-red::before{background:linear-gradient(90deg,var(--red),#f87171)}
.sys-card.s-blue::before{background:linear-gradient(90deg,var(--blue),var(--cyan))}
.sys-card.s-purple::before{background:linear-gradient(90deg,var(--purple),var(--indigo))}
.sys-card.s-green::before{background:linear-gradient(90deg,var(--green),var(--emerald))}
.sys-card.s-amber::before{background:linear-gradient(90deg,var(--amber),#fbbf24)}
.sys-card.s-cyan::before{background:linear-gradient(90deg,var(--cyan),#22d3ee)}
.sys-card h4{font-size:15px;font-weight:600;color:var(--bright);margin-bottom:8px}
.sys-card p{font-size:13px;color:var(--dim);line-height:1.5}
.sys-tag{display:inline-block;padding:2px 8px;border-radius:4px;font-size:11px;font-weight:600;margin-right:4px}
/* Pipeline flow */
.pipeline{display:flex;flex-direction:column;gap:2px}
.pipe-step{display:flex;align-items:stretch;gap:0}
.pipe-num{width:36px;min-height:48px;display:flex;align-items:center;justify-content:center;font-size:13px;font-weight:700;color:var(--bright);background:var(--blue);border-radius:8px 0 0 8px;position:relative}
.pipe-num::after{content:'';position:absolute;bottom:-2px;left:50%;width:2px;height:2px;background:var(--blue)}
.pipe-body{flex:1;padding:12px 16px;background:var(--bg3);border:1px solid var(--border);border-left:none;border-radius:0 8px 8px 0}
.pipe-body strong{color:var(--bright);font-size:14px}
.pipe-body span{color:var(--dim);font-size:13px}
/* Donut chart */
.donut-wrap{display:flex;align-items:center;gap:24px}
.donut{width:120px;height:120px;position:relative}
.donut svg{width:100%;height:100%;transform:rotate(-90deg)}
.donut-center{position:absolute;inset:0;display:flex;align-items:center;justify-content:center;flex-direction:column}
.donut-pct{font-size:24px;font-weight:700;color:var(--bright)}
.donut-label{font-size:11px;color:var(--dim)}
.legend{display:flex;flex-direction:column;gap:6px;font-size:13px}
.legend-item{display:flex;align-items:center;gap:8px}
.legend-dot{width:10px;height:10px;border-radius:3px;flex-shrink:0}
/* Footer */
.footer{padding:32px 24px;border-top:1px solid var(--border);text-align:center;color:var(--dim);font-size:13px}
.footer a{color:var(--blue)}
/* Animations */
@keyframes fadeIn{from{opacity:0;transform:translateY(12px)}to{opacity:1;transform:translateY(0)}}
.card,.sys-card{animation:fadeIn 0.5s ease-out both}
</style>
</head>
<body>
<!-- ═══════ HERO ═══════ -->
<div class="hero">
<div class="hero-badge"><span class="dot" style="width:6px;height:6px;border-radius:50%;background:var(--green)"></span> 90.7% Semantic Coverage</div>
<h1>VRChat <span>IL2CPP</span> Reverse Engineering</h1>
<p class="hero-sub">Deep deobfuscation of VRChat's GameAssembly.dll — 478,923 named methods across the June 5 build. Beebyte ÌÍÎÏ obfuscation defeated via RVA propagation, Codex batch analysis, sibling-context inference, Hex-Rays pseudocode, and 7 community data sources.</p>
<div class="stats-row">
<div class="stat-item"><div class="stat-num c-blue" data-count="88400">0</div><div class="stat-label">Classes</div></div>
<div class="stat-item"><div class="stat-num c-purple" data-count="528135">0</div><div class="stat-label">Methods</div></div>
<div class="stat-item"><div class="stat-num c-cyan" data-count="2870">0</div><div class="stat-label">Fields</div></div>
<div class="stat-item"><div class="stat-num c-green">90.7%</div><div class="stat-label">Semantic</div></div>
</div>
<div class="version"><span class="dot"></span> June 5 build · Unity 2022.3.x · IL2CPP v29.1 · 88,400 classes</div>
</div>
<!-- ═══════ TABS ═══════ -->
<div class="tabs container">
<div class="tab active" data-tab="overview">Overview</div>
<div class="tab" data-tab="naming">Naming Quality</div>
<div class="tab" data-tab="pipeline">Pipeline</div>
<div class="tab" data-tab="systems">Systems</div>
<div class="tab" data-tab="tools">Tools & IDA</div>
</div>
<!-- ═══════ OVERVIEW ═══════ -->
<div id="overview" class="section active">
<div class="container">
<div class="grid g3" style="margin-bottom:16px">
<!-- Classes -->
<div class="card">
<h3><span class="card-icon" style="background:rgba(59,130,246,0.15);color:var(--blue)">C</span> Classes</h3>
<div style="font-size:28px;font-weight:700;color:var(--blue)">88,400</div>
<div class="progress"><div class="progress-bar pb-blue" data-width="94.9"></div></div>
<div class="s-row"><span>Semantic</span><span class="s-val">83,873 (94.9%)</span></div>
<div class="s-row"><span>Renamed obfuscated</span><span class="s-val">11,503</span></div>
<div class="s-row"><span>Semantic renamed</span><span class="s-val" style="color:var(--green)">7,813 (67.9%)</span></div>
<div class="s-row"><span>Fallback renamed</span><span class="s-val">3,690 (32.1%)</span></div>
<div class="s-row"><span>Namespaces</span><span class="s-val">724</span></div>
</div>
<!-- Methods -->
<div class="card">
<h3><span class="card-icon" style="background:rgba(139,92,246,0.15);color:var(--purple)">M</span> Methods</h3>
<div style="font-size:28px;font-weight:700;color:var(--purple)">528,135</div>
<div class="progress"><div class="progress-bar pb-purple" data-width="90.7"></div></div>
<div class="s-row"><span>Named methods</span><span class="s-val" style="color:var(--green)">478,923 (90.7%)</span></div>
<div class="s-row"><span>Hash remaining</span><span class="s-val" style="color:var(--amber)">49,212 (9.3%)</span></div>
<div class="s-row"><span>cross_version entries</span><span class="s-val" style="color:var(--cyan)">39,623</span></div>
<div class="s-row"><span>RVA propagation</span><span class="s-val">+15,527</span></div>
<div class="s-row"><span>Sibling-context</span><span class="s-val">+13,565</span></div>
</div>
<!-- Fields -->
<div class="card">
<h3><span class="card-icon" style="background:rgba(6,182,212,0.15);color:var(--cyan)">F</span> Fields</h3>
<div style="font-size:28px;font-weight:700;color:var(--cyan)">2,870</div>
<div class="progress"><div class="progress-bar pb-green" data-width="94.5"></div></div>
<div class="s-row"><span>Total fields</span><span class="s-val">2,870</span></div>
<div class="s-row"><span>Semantic</span><span class="s-val" style="color:var(--green)">2,712 (94.5%)</span></div>
<div class="s-row"><span>Renamed fields</span><span class="s-val">158</span></div>
<div class="s-row"><span>Fallback/renamed</span><span class="s-val">158 (5.5%)</span></div>
</div>
</div>
<!-- Coverage Donut -->
<div class="card">
<h3>Overall Naming Quality</h3>
<div style="display:flex;gap:32px;flex-wrap:wrap;justify-content:center">
<div class="donut-wrap">
<div class="donut">
<svg viewBox="0 0 120 120">
<defs><linearGradient id="gSem"><stop offset="0%" stop-color="var(--green)"/><stop offset="100%" stop-color="var(--cyan)"/></linearGradient></defs>
<circle cx="60" cy="60" r="50" fill="none" stroke="var(--bg3)" stroke-width="12"/>
<circle cx="60" cy="60" r="50" fill="none" stroke="url(#gSem)" stroke-width="12" stroke-dasharray="314.16" stroke-dashoffset="29.22" stroke-linecap="round"/>
</svg>
<div class="donut-center"><span class="donut-pct">90.7%</span><span class="donut-label">Semantic</span></div>
</div>
<div class="legend">
<div class="legend-item"><div class="legend-dot" style="background:var(--green)"></div>Named methods: 478,923</div>
<div class="legend-item"><div class="legend-dot" style="background:var(--amber)"></div>Hash remaining: 49,212</div>
<div class="legend-item"><div class="legend-dot" style="background:var(--dim)"></div>Total methods: 528,135</div>
</div>
</div>
<div style="flex:1;min-width:280px">
<p style="color:var(--dim);font-size:14px;margin-bottom:12px">90.7% of 528,135 methods have been named via RVA propagation (15.5K), Codex mega-batch analysis (2.8K), sibling-context inference (13.5K), Hex-Rays pseudocode, and 7 community sources. The remaining 9.3% use stable hash fallback identifiers (m_XXX).</p>
<div style="padding:12px;background:rgba(16,185,129,0.06);border:1px solid rgba(16,185,129,0.15);border-radius:8px;font-size:13px;color:var(--green)">
<strong>Zero raw obfuscated class names remain.</strong> 11,503 obfuscated classes renamed (7,813 semantic + 3,690 fallback). 39,623 cross-version method name entries. Quality audit complete: 122 batches applied, ~13.8K low-confidence predictions removed (precision over raw coverage).
</div>
</div>
</div>
</div>
</div>
</div>
<!-- ═══════ NAMING QUALITY ═══════ -->
<div id="naming" class="section">
<div class="container">
<div class="grid g2" style="margin-bottom:16px">
<!-- Field Naming Summary -->
<div class="card">
<h3>Field Naming Summary</h3>
<p style="color:var(--dim);font-size:13px;margin-bottom:16px">June 5 field coverage from the current pipeline summary and final dump.</p>
<table>
<tr><th>Metric</th><th>Count</th><th>Coverage</th></tr>
<tr><td style="color:var(--green)">Semantic fields</td><td>2,712</td><td>94.5% of all fields</td></tr>
<tr><td style="color:var(--amber)">Renamed/fallback fields</td><td>158</td><td>5.5% of all fields</td></tr>
<tr><td>Total fields</td><td>2,870</td><td>June 5 dump</td></tr>
</table>
<div style="margin-top:12px">
<div class="progress" style="height:12px"><div class="progress-bar pb-green" data-width="94.5" style="border-radius:4px 0 0 4px"></div></div>
<div style="display:flex;justify-content:space-between;font-size:12px;color:var(--dim);margin-top:4px">
<span>94.5% semantic</span><span>5.5% renamed/fallback</span>
</div>
</div>
</div>
<!-- Method Naming Summary -->
<div class="card">
<h3>Method Naming Summary</h3>
<p style="color:var(--dim);font-size:13px;margin-bottom:16px">June 5 method coverage from the current pipeline summary and final dump.</p>
<table>
<tr><th>Metric</th><th>Count</th><th>Coverage</th></tr>
<tr><td style="color:var(--green)">Named methods</td><td>478,923</td><td>90.7% of all methods</td></tr>
<tr><td style="color:var(--amber)">Hash remaining (m_XXX)</td><td>49,212</td><td>9.3% of all methods</td></tr>
<tr><td>Total methods</td><td>528,135</td><td>June 5 dump</td></tr>
</table>
<div style="margin-top:12px">
<div class="progress" style="height:12px"><div class="progress-bar pb-purple" data-width="90.7" style="border-radius:4px 0 0 4px"></div></div>
<div style="display:flex;justify-content:space-between;font-size:12px;color:var(--dim);margin-top:4px">
<span>90.7% named</span><span>9.3% hash remaining</span>
</div>
</div>
</div>
</div>
<!-- Type Inference Details -->
<div class="card">
<h3>Runtime Type Inference Engine</h3>
<div class="grid g3">
<div>
<div style="font-size:13px;color:var(--dim);margin-bottom:8px">Data Source</div>
<div style="font-size:14px"><strong>92,552</strong> field types from Frida runtime extraction</div>
<div style="font-size:13px;color:var(--dim)">Attached to offline VRChat via <code>extract_field_types_v2.py</code></div>
</div>
<div>
<div style="font-size:13px;color:var(--dim);margin-bottom:8px">Type Maps</div>
<div style="font-size:14px"><strong>160+</strong> known type → name mappings</div>
<div style="font-size:13px;color:var(--dim)">Unity, VRChat, Photon, System, Collections</div>
</div>
<div>
<div style="font-size:13px;color:var(--dim);margin-bottom:8px">Recovery</div>
<div style="font-size:14px"><strong>40+</strong> substring patterns for garbled types</div>
<div style="font-size:13px;color:var(--dim)">Partial type recovery from corrupted metadata</div>
</div>
</div>
</div>
<!-- Remaining Limitation -->
<div class="card" style="border-color:rgba(245,158,11,0.3)">
<h3 style="color:var(--amber)">Remaining Limitation: No Method Bodies</h3>
<p style="color:var(--dim);font-size:14px">This is a <strong>structural dump</strong> — signatures, types, and RVA addresses only. Actual method logic lives as machine code in GameAssembly.dll (206.8 MB). 10,670 functions have been decompiled via Hex-Rays, yielding 11,190 LLM-predicted names. Load the IDA rename script (133K+ entries) into IDA Pro for full analysis, or use Ghidra.</p>
</div>
</div>
</div>
<!-- ═══════ PIPELINE ═══════ -->
<div id="pipeline" class="section">
<div class="container">
<div class="card" style="margin-bottom:16px">
<h3>Deobfuscation Pipeline</h3>
<p style="color:var(--dim);font-size:14px;margin-bottom:20px">Multi-strategy pipeline: vocabulary merge → 11-phase deobfuscation → RVA propagation (v2 + cascade) → sibling-context LLM inference → Hex-Rays pseudocode analysis → output generation. 39,623 cross-version entries from 11+ data sources.</p>
<div class="pipeline">
<div class="pipe-step"><div class="pipe-num">0</div><div class="pipe-body"><strong>Vocabulary Merge</strong><br><span>7,926 names from 7 sources → unified_vocabulary.json</span></div></div>
<div class="pipe-step"><div class="pipe-num">1</div><div class="pipe-body"><strong>Compiler Artifacts</strong><br><span>686 async state machines + delegates classified</span></div></div>
<div class="pipe-step"><div class="pipe-num">2</div><div class="pipe-body"><strong>Semantic Analysis</strong><br><span>661 classes named by method signature patterns</span></div></div>
<div class="pipe-step"><div class="pipe-num">3</div><div class="pipe-body"><strong>Unity Components</strong><br><span>893 MonoBehaviour/ScriptableObject subclasses identified</span></div></div>
<div class="pipe-step"><div class="pipe-num">4</div><div class="pipe-body"><strong>Inheritance Chain</strong><br><span>570 classes named via parent → child propagation</span></div></div>
<div class="pipe-step"><div class="pipe-num">5</div><div class="pipe-body"><strong>Cross-Reference</strong><br><span>593 by shared methods, sibling analysis, community maps</span></div></div>
<div class="pipe-step"><div class="pipe-num">6</div><div class="pipe-body"><strong>Fallback Hashing</strong><br><span>3,690 renamed classes use stable fallback names</span></div></div>
<div class="pipe-step"><div class="pipe-num" style="background:var(--green)">7</div><div class="pipe-body"><strong>Smart Field & Method Renaming</strong><br><span>158 fields + 49,212 methods — 4 field strategies + VA propagation + context-aware inference</span></div></div>
</div>
</div>
<div class="grid g2">
<div class="card">
<h3>Data Sources</h3>
<div class="s-row"><span>precise_dump.json</span><span class="s-val">40 MB</span></div>
<div class="s-row"><span>field_types.json (Frida)</span><span class="s-val">11 MB</span></div>
<div class="s-row"><span>unified_vocabulary.json</span><span class="s-val">806 KB</span></div>
<div class="s-row"><span>GameAssembly.dll</span><span class="s-val">206.8 MB</span></div>
<div class="s-row"><span>Community repos</span><span class="s-val">36 external</span></div>
</div>
<div class="card">
<h3>Output Files</h3>
<div class="s-row"><span>deobfuscated_dump.json</span><span class="s-val">36.4 MB</span></div>
<div class="s-row"><span>deobfuscated_dump.cs</span><span class="s-val">18.3 MB</span></div>
<div class="s-row"><span>Source tree (output/src/)</span><span class="s-val">1,126 files</span></div>
<div class="s-row"><span>ida_apply_names.py</span><span class="s-val">133K+ renames</span></div>
<div class="s-row"><span>name_mapping.json</span><span class="s-val">8.9 MB</span></div>
</div>
</div>
</div>
</div>
<!-- ═══════ SYSTEMS ═══════ -->
<div id="systems" class="section">
<div class="container">
<div style="margin-bottom:20px"><h2 style="font-size:22px;color:var(--bright)">Deep Systems Analysis</h2><p style="color:var(--dim);font-size:14px">Runtime-verified analysis of VRChat's core subsystems via Frida instrumentation.</p></div>
<div class="grid g2">
<div class="sys-card s-red">
<h4>VRC_Secondary — Anti-Tamper</h4>
<div><span class="sys-tag" style="background:rgba(239,68,68,0.15);color:var(--red)">499 methods</span><span class="sys-tag" style="background:rgba(239,68,68,0.15);color:var(--red)">75 fields</span></div>
<p style="margin-top:8px">Per-frame Update + LateUpdate monitoring with three-tier sibling redundancy verification. Primary anti-cheat system — detects IL2CPP struct modifications, memory patches, and hook tampering.</p>
</div>
<div class="sys-card s-blue">
<h4>PlayerNet — Network Serialization</h4>
<div><span class="sys-tag" style="background:rgba(59,130,246,0.15);color:var(--blue)">FlatBuffer 8/32</span><span class="sys-tag" style="background:rgba(59,130,246,0.15);color:var(--blue)">PoseEvent</span></div>
<p style="margin-top:8px">Dual-precision FlatBuffer serialization. PoseEvent encodes full body pose: head/body/hip transforms + hand gestures + finger curl values + eye tracking. Interpolation/extrapolation for smooth networked movement.</p>
</div>
<div class="sys-card s-purple">
<h4>Photon Message Pump</h4>
<div><span class="sys-tag" style="background:rgba(139,92,246,0.15);color:var(--purple)">1,420/s</span><span class="sys-tag" style="background:rgba(139,92,246,0.15);color:var(--purple)">Highest frequency</span></div>
<p style="margin-top:8px">Network tick at 1,420 calls/sec — polls Photon transport buffer for incoming RPCs, events, and state updates. Heartbeat at 200/s keeps connection alive.</p>
</div>
<div class="sys-card s-green">
<h4>Udon VM — Sandbox</h4>
<div><span class="sys-tag" style="background:rgba(16,185,129,0.15);color:var(--green)">UdonHeap</span><span class="sys-tag" style="background:rgba(16,185,129,0.15);color:var(--green)">Whitelist/Blacklist</span></div>
<p style="margin-top:8px">Factory-pattern virtual machine. UdonHeap bounds-checked memory with whitelist/blacklist + signature verification sandbox. Executes world creator scripts in isolation.</p>
</div>
<div class="sys-card s-amber">
<h4>PhysBone — Avatar Physics</h4>
<div><span class="sys-tag" style="background:rgba(245,158,11,0.15);color:var(--amber)">31 per-frame</span><span class="sys-tag" style="background:rgba(245,158,11,0.15);color:var(--amber)">Dependency graph</span></div>
<p style="margin-top:8px">31 methods execute every frame per avatar. Dependency graph rebuilt each frame for bone chain simulation — hair, clothing, ears, tails. Major performance cost for crowded instances.</p>
</div>
<div class="sys-card s-cyan">
<h4>Global Namespace — Async Engine</h4>
<div><span class="sys-tag" style="background:rgba(6,182,212,0.15);color:var(--cyan)">13,908 classes</span><span class="sys-tag" style="background:rgba(6,182,212,0.15);color:var(--cyan)">1,012 state machines</span></div>
<p style="margin-top:8px">Largest namespace. 928 async state machines are network-related (API calls, asset downloads, world loading). 930 hookable MoveNext RVAs identified for runtime analysis.</p>
</div>
</div>
<!-- Runtime Probe -->
<div class="card" style="margin-top:16px">
<h3>Runtime Probe Results (90s, 155 hooks)</h3>
<table>
<tr><th>Method</th><th>Calls/sec</th><th>Function</th></tr>
<tr><td><code>PhotonConnectionHandler.m_FC8</code></td><td style="color:var(--red);font-weight:600">1,420/s</td><td>Photon network tick (message pump)</td></tr>
<tr><td><code>*.m_ACA</code></td><td style="color:var(--amber);font-weight:600">410/s</td><td>Async task dispatcher</td></tr>
<tr><td><code>*.m_DEE</code></td><td style="color:var(--cyan)">200/s</td><td>Heartbeat / keep-alive</td></tr>
<tr><td colspan="3" style="color:var(--dim);font-style:italic">Offline mode: 6/155 hooks fired (room/udon/network/impostor all silent)</td></tr>
</table>
</div>
</div>
</div>
<!-- ═══════ TOOLS & IDA ═══════ -->
<div id="tools" class="section">
<div class="container">
<div class="grid g2" style="margin-bottom:16px">
<div class="card">
<h3>Pipeline Tools</h3>
<div class="s-row"><span><code>run_full_pipeline.py</code></span><span class="s-val">Orchestrator (5 stages)</span></div>
<div class="s-row"><span><code>deobfuscate.py</code></span><span class="s-val">8-phase + smart rename</span></div>
<div class="s-row"><span><code>extract_field_types_v2.py</code></span><span class="s-val">Frida field type extraction</span></div>
<div class="s-row"><span><code>build_va_propagation_v2.py</code></span><span class="s-val">+7,252 methods via call graph</span></div>
<div class="s-row"><span><code>ida_hexrays_export.py</code></span><span class="s-val">10,670 functions decompiled</span></div>
<div class="s-row"><span><code>generate_source_tree.py</code></span><span class="s-val">1,126 organized .cs files</span></div>
<div class="s-row"><span><code>extract_precise_dump.py</code></span><span class="s-val">IL2CPP struct scanner</span></div>
<div class="s-row"><span><code>deep_probe.py/js</code></span><span class="s-val">Runtime hook framework</span></div>
</div>
<div class="card">
<h3>IDA Pro Integration</h3>
<div style="padding:12px;background:var(--bg3);border-radius:8px;font-family:'JetBrains Mono','Fira Code',monospace;font-size:13px;color:var(--dim);margin-bottom:12px">
<div style="color:var(--green)"># Apply 133K+ deobfuscated names to IDA</div>
<div>File → Script File → ida_apply_names.py</div>
</div>
<div class="s-row"><span>Function renames</span><span class="s-val" style="color:var(--green)">133K+</span></div>
<div class="s-row"><span>Hex-Rays decompiled</span><span class="s-val" style="color:var(--cyan)">10,670</span></div>
<div class="s-row"><span>LLM predictions applied</span><span class="s-val" style="color:var(--purple)">39,623</span></div>
<div class="s-row"><span>IDA database</span><span class="s-val">2.7 GB (.i64)</span></div>
<div class="s-row"><span>Compatible</span><span class="s-val">IDA 9.x</span></div>
</div>
</div>
<div class="card">
<h3>Obfuscation Details — Beebyte</h3>
<div class="grid g2" style="gap:16px">
<div>
<div style="font-size:14px;font-weight:600;color:var(--bright);margin-bottom:8px">Character Set</div>
<p style="font-size:13px;color:var(--dim)">Names encoded as 23-character strings using U+00CC (Ì), U+00CD (Í), U+00CE (Î), U+00CF (Ï). Regex: <code>^[\u00CC-\u00CF]{3,}$</code></p>
</div>
<div>
<div style="font-size:14px;font-weight:600;color:var(--bright);margin-bottom:8px">IL2CPP Modifications</div>
<p style="font-size:13px;color:var(--dim)">Struct layout altered: FieldInfo at +0xA0 (not +0x88), field_count at +0x124 (not +0x122). 264 IL2CPP exports renamed, only 3 left unobfuscated.</p>
</div>
</div>
</div>
</div>
</div>
<!-- ═══════ FOOTER ═══════ -->
<div class="footer">
<div style="margin-bottom:8px">
<a href="https://github.com/dwgx/vrchat-il2cpp-re" target="_blank">GitHub Repository</a> ·
<span>88,400 classes</span> ·
<span>528,135 methods</span> ·
<span>2,870 fields</span> ·
<span style="color:var(--green)">90.7% semantic</span>
</div>
<div>Built with Python, Frida, IDA Pro · Last updated June 7, 2026</div>
</div>
<script>
// Tab switching
document.querySelectorAll('.tab').forEach(t => {
t.addEventListener('click', () => {
document.querySelectorAll('.tab').forEach(x => x.classList.remove('active'));
document.querySelectorAll('.section').forEach(x => x.classList.remove('active'));
t.classList.add('active');
document.getElementById(t.dataset.tab).classList.add('active');
});
});
// Animated counters
const observer = new IntersectionObserver(entries => {
entries.forEach(e => {
if (!e.isIntersecting) return;
e.target.querySelectorAll('[data-count]').forEach(el => {
const target = parseInt(el.dataset.count);
const duration = 1500;
const start = performance.now();
const tick = now => {
const p = Math.min((now - start) / duration, 1);
const ease = 1 - Math.pow(1 - p, 3);
el.textContent = Math.floor(target * ease).toLocaleString();
if (p < 1) requestAnimationFrame(tick);
};
requestAnimationFrame(tick);
});
// Animate progress bars
e.target.querySelectorAll('[data-width]').forEach(bar => {
setTimeout(() => { bar.style.width = bar.dataset.width + '%'; }, 200);
});
observer.unobserve(e.target);
});
}, { threshold: 0.1 });
document.querySelectorAll('.hero, .section').forEach(s => observer.observe(s));
// Init progress bars at 0
document.querySelectorAll('[data-width]').forEach(bar => { bar.style.width = '0%'; });
</script>
</body>
</html>