- Parse Unity's method
m
/ classc
/ fieldf
/ instancelfs
/lfp
- parse runtime method argument
b
/bt
/ nop functionn
/ detachAll and clean cacheD
- (Batch) Hook
B/BF/BN
for commonly used functions, modify function return valuesetFunctionXXX
,setActive
to set gameobject active - Wrapped "Interceptor.attach" to make it easier to use from the command line
A(ptr,(args)=>{},(ret)=>{})
- More convenient to find function
findMethods
/findClasses
and call functioncallFunction
/findExport
to find exports function showMethodInfo
help us to Simply get the details of an Il2cppMethod*, and getting the details of a game object useshowGameObject
- Object hierarchy
PrintHierarchy
/ type hierarchyshowTypeParent
- Disassemble
showAsm
with frida and method information,seeHexA
means hexdump breakWithStack
More symbol parsing for il2cpp,breakWithArgs
just show args- Commonly used Hook package
HookOnPointerClick
/HookSetActive
/B_Button
/HookPlayerPrefs
soon ... - Parse mount script
showComponents
aliasPrintHierarchyWithComponents
is also introduced !not alway work! - JNI RegisterNatives Hook (impl in JNIHelper, default off [not stable]), using JNIHelper.cacheRegisterNativeItem to get info !testing!
- Using QBDI to simulate the execution of the function, using t(methoinfo) or traceFunction(mPtr) to enable replacement hook !testing!
- 😕 😕 😕
$ npm install il2cpp-hooker -g
then you can use like this 👇
- frida attch current app
$ fat
- frida spawn app of ${PackageName}
$ fat ${PackageName}
- Command line options
$ fat -h
_ _ ______ _ _
| | |(_____ \ | | | |
| | | ____) )____ ____ ____ _____| |__ ___ ___ | | _ _____ ____
| | | / ____// ___) _ \| _ (_____) _ \ / _ \ / _ \| |_/ ) ___ |/ ___)
| | || (____( (___| |_| | |_| | | | | | |_| | |_| | _ (| ____| |
|_|_|\______)____) __/| __/ |_| |_|\___/ \___/|_| \_)_____)_|
|_| |_|
Usage: fat [options] <package-name?>
Options:
-h, --help Print usage information.
-r, --runtime [engine] Specify the JS engine (qjs, v8). Default: v8
-t, --timeout [ms] Specify the time in milliseconds before calling the function.
-f, --functions [name] Specify the functions to call on startup. example: -f getApkInfo();
-l, --log [path] Specify the path to save the log.
-c, --vscode Open project with vscode.
-v, --version Print version information.
Report bugs to:
axhlzy <[email protected]> (https://github.com/axhlzy/Il2CppHookScripts/)
$ git clone https://github.com/axhlzy/Il2CppHookScripts.git
$ cd Il2cppHook/
$ npm install
$ npm run build & npm run compress
OR
$ npm run watch
$ frida -U -f com.xxx.xxx -l ../_Ufunc.js
OR
$ frida -FU -l ../_Ufunc.js
frida --codeshare axhlzy/il2cpphookscripts -U -f ${PackageName}
Requires Scientific Internet Access
Note
The npm package may not be updated in time, so you may consider using fat -c
to open the project and use the github action
Artifacts to replace _Ufunc.js file. 😯
OR
open with vscode and search globalthis.
to find more useage
Buy the author a cup of coffee (^_^)