search

lico-n / ZygiskFrida

Injects frida gadget using zygisk to bypass anti-tamper checks.
MIT License
473 stars 85 forks source link

Possible to add ajent.js or any js? #13

Closed TouMobSiab closed 1 year ago

TouMobSiab commented 1 year ago

So Frida-Il2cpp-Bridge on github exists, so is there any way to inject the libgadget.so and the ajent.js?

lico-n commented 1 year ago

Not sure if I get exactly what you want here. Please add more details if I missed the point here.

I also have used the frida-il2cpp-bridge in the past but not often but if I recall correctly it only helps you compile a frida script file that includes definitions to make it easy to instrument unity games.

In the default configuration the frida gadget is started in listen mode and you can just interactively connect to it and execute that script as with any other way to inject frida.

You can also do it in a non-interactive and persistent way. For this you can reference the Gadget Doc

In this case just place a gadget config file at /data/local/tmp/re.zyg.fri/libgadget.config.so containing the following.

{
  "interaction": {
    "type": "script",
    "path": "/data/local/tmp/re.zyg.fri/your-script.js"
  }
}

Place your script at the specified path. Then instead of listening for connecting clients, it will execute the script every startup.

TouMobSiab commented 1 year ago

Not sure if I get exactly what you want here. Please add more details if I missed the point here.

I also have used the frida-il2cpp-bridge in the past but not often but if I recall correctly it only helps you compile a frida script file that includes definitions to make it easy to instrument unity games.

In the default configuration the frida gadget is started in listen mode and you can just interactively connect to it and execute that script as with any other way to inject frida.

You can also do it in a non-interactive and persistent way. For this you can reference the Gadget Doc

In this case just place a gadget config file at /data/local/tmp/re.zyg.fri/libgadget.config.so containing the following.

{
  "interaction": {
    "type": "script",
    "path": "/data/local/tmp/re.zyg.fri/your-script.js"
  }
}

Place your script at the specified path. Then instead of listening for connecting clients, it will execute the script every startup.

Something similar to like that. It'd be an easier way for the game to not be detected with any reverse-engineering. But yes, what I am trying to do is that I am using frida-il2cpp-bridge to modify a game. It creates a .js output I believe when you build it. So I am trying to inject the .js with the libgadget (If you have any other methods, please so tell me.) in the game.

I mean, it is nice to have injected libs, but since I don't have any templates for a native lib mods, so I figured if I could use the .js tp inject the game with your source,

lico-n commented 1 year ago

If you want to mod a game, then doing it the persistant way I mentioned is the way to go. You can either follow the instructions on how to get a script running persistently from my original response.

If this is a mod you intend to share and the instructions are too hard for the general user of your mod. You can also fork this repo and adjust the build process a little.

See for example this patch on how to do so:

gamemod.patch

Clone the repo, put the patch into the repo and apply it git apply gamemod.patch for a minimal example.

Replace the content of script.js with the js output of the frida-il2cpp-bridge and then build your own game mod magisk module by ./gradlew :module:assembleRelease. Built module in out directory.

You will still need to add a prefilled config.json too but just follow the example to see how to add additional files.

Then users of the mod would only have to install the magisk module.

Please be aware that this should be more of a last resort for modding purposes. Personally I find it pretty invasive and wouldn‘t install modules that are not open source due to how powerful modules are. Also please create mods responsibly.