Giters

vfsfitvnm / frida-il2cpp-bridge

A Frida module to dump, trace or hijack any Il2Cpp application at runtime, without needing the global-metadata.dat file.

Home Page:https://github.com/vfsfitvnm/frida-il2cpp-bridge/wiki

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

il2cpp_field_static_set_value doesn't dereference pointer-like values

bluewave41 opened this issue · comments

commented

This APK was never meant to run on phones so I have a convoluted script setup to even get it working somewhat which makes it a pain to share.

So there's a class

// Assembly-CSharp
class Launcher.Global : System.Object
{
    static System.String PersistentDataPath; // 0x8
    static System.Void .cctor(); // 0x00bf3678
}

I need to change the PersistentDataPath so I've done the following.

assembly.class('Launcher.Global').method('.cctor').implementation = function() {
    this.method('.cctor').invoke();
        if(this.field('PersistentDataPath')) {
            console.log('HERE', this.field('PersistentDataPath').value);
            console.log('HERE', this.field('PersistentDataPath').content);
            this.field('PersistentDataPath').value = Il2Cpp.string('/sdcard/Android/data/com.a.b/files');
            this.field('PersistentDataPath').content = Il2Cpp.string('/sdcard/Android/data/com.a.b/files');
            console.log('HERE', this.field('PersistentDataPath').value);
            console.log('HERE', this.field('PersistentDataPath').content);
        }
}

This prints out

HERE "/sdcard/Android/data/com.a.a/files"
HERE undefined
HERE ""
HERE undefined

I'm using the latest version, 0.8.8. I'm unsure what it's doing here as I've used this same approach in other projects and it worked fine there.

commented

Hey, do yourself a favor and use typescript, you could quickly see the apis.

The line that actually does something is:

this.field<Il2Cpp.String>("PersistentDataPath").value = Il2Cpp.string("/sdcard/Android/data/com.a.b/files")

However, for some reason I cannot recall now (I should investigate), it won't work.

You could do this instead:

this.field<Il2Cpp.String>("PersistentDataPath").value.content = "/sdcard/Android/data/com.a.b/files";

Keep in mind overwriting the content of a string is an unsafe operation (#332)

commented

I confirm it's a bug on my end. Thanks for reporting!

commented

In the meantime, you can do:

Il2Cpp.api.fieldSetStaticValue(this.field<Il2Cpp.String>("PersistentDataPath"), Il2Cpp.string("hello"));
commented

Hey, do yourself a favor and use typescript, you could quickly see the apis.

Haha, I do this is just quick proof of concept thing so I half ass it together. :)