Frida module to dump, manipulate and hijack any IL2CPP application at runtime with a high level of abstraction.
import "frida-il2cpp-bridge";
async function main() {
await Il2Cpp.initialize();
const domain = await Il2Cpp.Domain.get();
const TestAssembly = domain.assemblies["Test.Assembly"].image;
TestAssembly.classes.TestClass.methods.testMethod.intercept({
onLeave(returnValue) {
const testObject = returnValue.value as Il2Cpp.Object;
testObject.fields.testField.value = 100;
testObject.methods.newTestMethod.invoke(false, Il2Cpp.String.from("testString"));
}
});
TestAssembly.classes.NewTestClass.trace();
}
main().catch(error => console.log(error.stack));It should support Unity versions from 5.3.0 to 2020.2.0. I couldn't test them
all, please file a bug in case something doesn't work as expected. Thanks to Il2CppInspector
for providing the headers.
- Linux (not tested)
- Android
- Windows (missing test device and early instrumentation knowledge)
- iOS (missing test device and early instrumentation knowledge)
npm install --save-dev frida-il2cpp-bridgeYou may need to include "moduleResolution": "node" in your tsconfig.json.
- 0.1.0 Initial release.
Read the docs.