Can't work on android emulator x86

vfsfitvnm / frida-il2cpp-bridge

A Frida module to dump, trace or hijack any Il2Cpp application at runtime, without needing the global-metadata.dat file.

https://github.com/vfsfitvnm/frida-il2cpp-bridge/wiki

MIT License

918 stars 191 forks source link

Can't work on android emulator x86 #437

Closed ndlm46 closed 7 months ago

ndlm46 commented 8 months ago

I use newest frida (16.1.7) Tried on LDPlayer Android 7 32 bit, LdPlayer Android 9 64 bit, and Mumu Player Android 12 64bit None of them work

It show:

frida -U -f com.monster.pocket.ultimate -l dist/hello.js
/ _  |   Frida 16.1.7 - A world-class dynamic instrumentation toolkit
| (_| |

| Commands: // |_| help -> Displays the help system . . . . object? -> Display information about 'object' . . . . exit/quit -> Exit . . . . . . . . More info at https://frida.re/docs/home/ . . . . . . . . Connected to Android Emulator 5554 (id=emulator-5554) Spawned com.monster.pocket.ultimate. Resuming main thread!
[Android Emulator 5554::com.monster.pocket.ultimate ]-> il2cpp: 10 seconds have passed and libil2cpp.so has not been loaded yet, is the app running?

My app is started and running, but frida cant read libil2cpp.so. I tried use --realm=emulated, but it show:

Failed to attach: process is not using emulation

vfsfitvnm commented 7 months ago

--realm=emulated is not needed if there's no instruction set emulation (i.e. the instruction set of the Android emulator matches the one the game is using).

What happens if you eval:

Process.getModuleByName("libil2cpp.so")

throught the Frida REPL?

ndlm46 commented 7 months ago

Process.getModuleByName("libil2cpp.so")

I tried, it show: Error: unable to find module 'libil2cpp.so'

My game package only has 2 lib folders: arm64-v8a, armeabi-v7a not have x86

maybe it's frida's problem

My file only: Process.getModuleByName("libil2cpp.so")

leonitousconforti commented 7 months ago

I have had a lot of success with the android emulator that comes with android studio. Maybe try that one. I can't find an app with the bundle identifier com.monster.pocket.ultimate on the playstore though, so I won't be able to check if it works with my setup

vfsfitvnm commented 7 months ago

Uhm, there's nothing I can do about it, it looks like a Frida/emulator thing... I've had some success using the Android X86 emulator that comes with ARM translation (ref) in the past :smile:

Crystlia commented 4 months ago

Uhm, there's nothing I can do about it, it looks like a Frida/emulator thing... I've had some success using the Android X86 emulator that comes with ARM translation (ref) in the past 😄

Can I manually specify the base address of libil2cpp.so?