search

vfsfitvnm / frida-il2cpp-bridge

A Frida module to dump, trace or hijack any Il2Cpp application at runtime, without needing the global-metadata.dat file.
https://github.com/vfsfitvnm/frida-il2cpp-bridge/wiki
MIT License
974 stars 199 forks source link

How to rich Il2Cpp.Class function #257

Closed Chensem closed 1 year ago

Chensem commented 1 year ago

recently , i want to add to add a property about Il2Cpp.Class , about Properties , Property , use il2cpp_class_get_properties export function , but i don't know how to extends . i embed your frida-il2cpp-bridge into frida-server , like frida-java-bridge , once frida-server started , frida-il2cpp-bridge is ready , don't need to be loaded frequently .

i can use frida-il2cpp-bridge api at the frida-console without load script with option -l, so the want to rich Il2Cpp.Class , my snippets like below .

class Il2CppClassExtend extends Il2Cpp.Class {
    fly() {
        console.log(123123);
    }
};

let bird = new Il2CppClassExtend(ptr(0xdeadbeef));
console.log(bird.handle)
bird.fly()

image but fly is not a function ? i am stucking .

vfsfitvnm commented 1 year ago

Here's how you can extend it:

// if you are using typescript
declare global {
    namespace Il2Cpp {
        interface Class {
            fly(): void;
        }
    }
}

Il2Cpp.Class.prototype.fly = function () {
    console.log(123123);
}

// then:
new Il2Cpp.Class(...).fly(); // 123123

However, IL2CPP properties are nothing more than a field (XXXX) with its setter (set_XXXX) and getter (get_XXXX), so there's nothing valuable in them (just saying).

Chensem commented 1 year ago

Oh , the reson why i want to extend Il2Cpp.Property , because i encounter a game that the network protocol using protobuf , then we can see dump.cs like below image

public static void SendPacket(ProtoPacket packet) { } the game use SendPacket to add sequence , encrypt packet , add crc to the packet , and the serialize the packet , then send to server use libc.so send api , so i want to intercept the traffic via intercept the SendPacket function , when i get the ProtoPacket argument , there is a field m_packet which is the real ProtobufPacket , but you can see from the picture , GC_SYNC_NPC_RESOURCESTATE have four fields , but we only want to inspect m_ObjId , m_ResourceState , that is the real argument send to server , so via fields can not get the real fields automatic , so i use properties to get the real fields , the property which has get , set is the real fields .