search

vfsfitvnm / frida-il2cpp-bridge

A Frida module to dump, trace or hijack any Il2Cpp application at runtime, without needing the global-metadata.dat file.
https://github.com/vfsfitvnm/frida-il2cpp-bridge/wiki
MIT License
1.03k stars 202 forks source link

Hooking a method will cause Unity Coroutine broken down #209

Closed RimuruChan closed 2 years ago

RimuruChan commented 2 years ago 
Error encountered while handling request [/gacha/tenAdvancedGacha]
System.NullReferenceException: A null value was found where an object instance was required.
  at SomeAnimeGame.Gacha.GachaController.Play (PlayMode playMode, .Input[] input, System.Action`1 endCb) [0x00000] in <filename unknown>:0

  at SomeAnimeGame.UI.UIMisc.StartMultipleGacha (UnityEngine.GameObject overrideDisableTarget, PlayMode playMode, .Input[] input, System.Action`1 callback) [0x00000] in <filename unknown>:0
  at SomeAnimeGame.UI.Recruit.RecruitPage.ShowTenGachaEffect (SomeAnimeGame.GachaResult[] gachaResultList, Boolean isAdvanced, Boolean isSkippable) [0x00000] in <filename unknown>:0
  at SomeAnimeGame.UI.Recruit.RecruitSlideState._OnGetCharacters (SomeAnimeGame.GachaResult[] gachaResultList, Boolean isAdvanced, Boolean isSkippable) [0x00000] in <filename unknown>:0
  at SomeAnimeGame.UI.Recruit.RecruitSlideState._OnTenAdvGachaSuc (SomeAnimeGame.TenAdvancedGachaResponse response) [0x00000] in <filename unknown>:0
  at SomeAnimeGame.UI.Recruit.RecruitSlideState.<_SendTenGachaReq>m__9 (SomeAnimeGame.TenAdvancedGachaResponse response) [0x00000] in <filename unknown>:0
  at System.Action`1[T].Invoke (.T obj) [0x00000] in <filename unknown>:0
  at System.Action.Invoke () [0x00000] in <filename unknown>:0
  at SomeAnimeGame.UI.UIFloatMask.UpdateStates () [0x00000] in <filename unknown>:0  at SomeAnimeGame.UI.UIFloatMask._HideCallback () [0x00000] in <filename unknown>:0
  at SomeAnimeGame.UI.UIFloatMask+<_TriggerHide>c__Iterator1.MoveNext () [0x00000] in <filename unknown>:0
  at UnityEngine.SetupCoroutine.InvokeMoveNext (IEnumerator enumerator, IntPtr returnValueAddress) [0x00000] in <filename unknown>:0 
import { log } from "./logger";

export function bypassBesthttp() {
    const AssemblyCSharp = Il2Cpp.Domain.assembly('Assembly-CSharp');
    const Networker = AssemblyCSharp.image.class("SomeAnimeGame.Network.Certificate.CertificateHandlerFactory")
    const sub = Networker.nestedClasses.find(c => c.name.endsWith("BouncyCastleCertVerifyer")) as Il2Cpp.Class;
    const VerifyCertificate = sub.method("IsValid");
    VerifyCertificate.implementation = function (
        this: Il2Cpp.Object | Il2Cpp.Class,
        url: Il2Cpp.String,
        cert: Il2Cpp.Object,
    ) {
        return true
    }
}
RimuruChan commented 2 years ago

Other hooks are working, but this one causes some exceptions in Unity. Does anyone have any ideas?