- Parse Unity's method
m/ classc/ fieldf/ instancelfs/lfp - parse runtime method argument
b/bt/ nop functionn/ detachAll and clean cacheD - (Batch) Hook
B/BF/BNfor commonly used functions, modify function return valuesetFunctionXXX,setActiveto set gameobject active - Wrapped "Interceptor.attach" to make it easier to use from the command line
A(ptr,(args)=>{},(ret)=>{}) - More convenient to find function
findMethods/findClassesand call functioncallFunction/findExportto find exports function showMethodInfohelp us to Simply get the details of an Il2cppMethod*, and getting the details of a game object useshowGameObject- Object hierarchy
PrintHierarchy/ type hierarchyshowTypeParent - Disassemble
showAsmwith frida and method information,seeHexAmeans hexdump breakWithStackMore symbol parsing for il2cpp,breakWithArgsjust show args- Commonly used Hook package
HookOnPointerClick/HookSetActive/B_Button/HookPlayerPrefssoon ... - Parse mount script
showComponentsaliasPrintHierarchyWithComponentsis also introduced !not alway work! - JNI RegisterNatives Hook (impl in JNIHelper, default off [not stable]), using JNIHelper.cacheRegisterNativeItem to get info !testing!
- Using QBDI to simulate the execution of the function, using t(methoinfo) or traceFunction(mPtr) to enable replacement hook !testing!
- 😕 😕 😕
$ npm install il2cpp-hooker -gthen you can use like this 👇
- frida attch current app
$ fat
- frida spawn app of ${PackageName}
$ fat ${PackageName}- Command line options
$ fat -h
_ _ ______ _ _
| | |(_____ \ | | | |
| | | ____) )____ ____ ____ _____| |__ ___ ___ | | _ _____ ____
| | | / ____// ___) _ \| _ (_____) _ \ / _ \ / _ \| |_/ ) ___ |/ ___)
| | || (____( (___| |_| | |_| | | | | | |_| | |_| | _ (| ____| |
|_|_|\______)____) __/| __/ |_| |_|\___/ \___/|_| \_)_____)_|
|_| |_|
Usage: fat [options] <package-name?>
Options:
-h, --help Print usage information.
-r, --runtime [engine] Specify the JS engine (qjs, v8). Default: v8
-t, --timeout [ms] Specify the time in milliseconds before calling the function.
-f, --functions [name] Specify the functions to call on startup. example: -f getApkInfo();
-l, --log [path] Specify the path to save the log.
-c, --vscode Open project with vscode.
-v, --version Print version information.
Report bugs to:
axhlzy <[email protected]> (https://github.com/axhlzy/Il2CppHookScripts/)
$ git clone https://github.com/axhlzy/Il2CppHookScripts.git
$ cd Il2cppHook/
$ npm install
$ npm run build & npm run compress
OR
$ npm run watch
$ frida -U -f com.xxx.xxx -l ../_Ufunc.js
OR
$ frida -FU -l ../_Ufunc.jsfrida --codeshare axhlzy/il2cpphookscripts -U -f ${PackageName}
Requires Scientific Internet Access
Note
The npm package may not be updated in time, so you may consider using fat -c to open the project and use the github action Artifacts to replace _Ufunc.js file. 😯
OR
open with vscode and search globalthis. to find more useage
Support the author | Buy the author a cup of coffee (^_^)
