Il2cppHook
frida-based libil2cpp.so runtime parsing script
Features
- Parse Unity's method
m/ classc/ fieldf/ instancelfs - parse runtime method argument
b - (Batch) Hook
B/BFfor commonly used functions, modify function return valuesetFunction... - More convenient to find function
findMethodsand call functioncallFunction - object hierarchy
PrintHierarchy/ type hierarchyshowTypeParent - Disassemble
showAsmwith frida and method information - Commonly used Hook package
HookOnPointerClick/HookSetActive/B_Button... - Parse mount script
showComponents alias sHookOnPointerClick/PrintHierarchyWithComponentsis also introduced <--- testing - ...
Install
$ npm install il2cpp-hooker -gthen you can use like this ↓
- frida attch current app
$ fat
- frida spawn app of ${PackageName}
$ fat ${PackageName}- Command line options
$ fat -h
_ _ ______ _ _
| | |(_____ \ | | | |
| | | ____) )____ ____ ____ _____| |__ ___ ___ | | _ _____ ____
| | | / ____// ___) _ \| _ (_____) _ \ / _ \ / _ \| |_/ ) ___ |/ ___)
| | || (____( (___| |_| | |_| | | | | | |_| | |_| | _ (| ____| |
|_|_|\______)____) __/| __/ |_| |_|\___/ \___/|_| \_)_____)_|
|_| |_|
Usage: fat [options] <package-name?>
Options:
-h, --help Print usage information.
-r, --runtime [engine] Specify the JS engine (qjs, v8). Default: v8
-t, --timeout [ms] Specify the time in milliseconds before calling the function.
-f, --functions [name] Specify the functions to call on startup. example: -f getApkInfo();
-l, --log [path] Specify the path to save the log.
-c, --vscode Open project with vscode.
-v, --version Print version information.
Report bugs to:
axhlzy <[email protected]> (https://github.com/axhlzy/Il2CppHookScripts/)
Compile
$ git clone https://github.com/axhlzy/Il2CppHookScripts.git
$ cd Il2cppHook/
OR
$ fat -c <--- After install il2cpp-hooker. It is a more convenient way to construct and use.
$ npm install
$ npm run build & npm run compress
OR
$ npm run watch
$ frida -U -f com.xxx.xxx -l ../_Ufunc.js
OR
$ frida -FU -l ../_Ufunc.js