Updated wiki recommendations / questions

[christiancoleman]

Hi there,

I love the project, and I've had a lot of fun tinkering with it. I got frida to work through a prayer and my last miracle via trying to pull it from various other templates that had used it. Eventually I found one that somehow still worked, but I'm thinking (but correct me if I'm wrong) the Wiki installation page could use a bit of love. Are the wiki pages apart of the repo? I never understood that part of github - if they were maintained inside the repo itself or somehow configured externally.

Either way here are some things I think could be updated.

• maybe a quick identification of which platform and / or tools you develop under and thus presume it to work. Nothing in depth, but a note that you're using Debian, python 3.12 64-bit, Node JS 20.9.0 32-bit could be super useful; I think a lot of us noobs are going to be coming from a Windows box, and I don't expect any help in that regard but knowing exactly which versions of what were used could help me maybe narrow down any issues
• is frida-compile not being used anymore? If so, have an updated package.json that uses esbuild? I think I pieced that together through various issues, but the wiki is still showing a package.json that uses frida-compile.
• having some precursor dummy proof commands to enter to get a working "hello il2cpp bridge world"
  For example, in a new project I'm guessing it is something like this:

SEPARATELY/GLOBAL INSTALL:
npm install typescript -g
for Visual Studio Code code completion install https://marketplace.visualstudio.com/items?itemName=TypeScriptTeam.typescript-52

FOLDER/PROJECT SPECIFIC:

• mkdir project0
• cd project0
• npm install frida-il2cpp-bridge
• npm install typescript --save-dev
• npm install --save-exact --save-dev esbuild
• npx tsc --init (generates tsconfig.json which will be replaced for the most part later; alternatively touch tsconfig.json)
• replace tsconfig.json with the following:

{
  "compilerOptions": {
    "target": "esnext",
    "lib": [ "es2022" ],
    "experimentalDecorators": true,
    "module": "esnext",
    "allowJs": false,
    "noEmit": false,
    "esModuleInterop": false,
    "moduleResolution": "node",
    "strict": true,
    "sourceMap": true
  }
}

• replace package.json with the following:

{
  "main": "index.ts",
  "type": "module",
  "scripts": {
    "build": "esbuild src/index.ts --bundle --outfile=output/hook.js"
  },
  "dependencies": {
    "frida-il2cpp-bridge": "^0.9.0"
  },
  "devDependencies": {
    "esbuild": "0.19.5",
    "typescript": "^5.2.2"
  }
}

If I missed anything important let me know and it could be useful to know if specific options are discouraged or outright now supported, like:

• "allowJs": true = Does true break anything?
• "noEmit": false = Does leaving this out break anything?
• "esModuleInterop": false = Is this needed?
• "strict": true = Same question?
• "sourceMap": true = And same question?

Another thing I still need to add is a watch command, and then I haven't verified the JS it compiled actually hooks. Oh! And one last super noob friendly thing could be a loader.py like the following:

import frida
import sys

# Read the JavaScript Frida script from the separate file
with open('hook.js', 'r') as f:
	js_script = f.read()

def on_message(message, data):
	# Callback when `send()` is called in the JavaScript Frida script
	if message['type'] == 'send':
		url = message['payload']
		with open("urls.log", "a") as f:  # Open file in append mode
			f.write(url + "\n")
			print("[+] Logged URL:", url)

# Connect to the device and the target app
device = frida.get_usb_device()
pid = device.spawn(["com.example.theapp"])
session = device.attach(pid)

# Load the script
script = session.create_script(js_script)
script.on('message', on_message)
script.load()

# Resume the app
device.resume(pid)

# Keep the Python script running to continue logging URLs
sys.stdin.read()

With this specific loader I'm not seeing updates as I have a watch command running though so maybe it needs to be tweaked.

Let me know what you think!

[christiancoleman]

I realize I'm blurring the line of teaching them how to use frida and frida-il2cpp-bridge, but just assuming nothing could help a ton for someone and increase engagement IMO.

[christiancoleman]

Ope one last thing. I found some templates in the documentation thread - which now I'm wondering if I should have just posted there - but there were these:

1. https://github.com/ac3ss0r/frida-il2cpp-agent
2. https://github.com/ChuJiani/frida-il2cpp-bridge-template

The second one is the one I finally got to work for me, but it uses a much older version of frida-il2cpp-bridge and the syntax has changed significantly since then. The first one just didn't compile at all for me unfortunately.

Interestingly I hadn't even considered building on the Android device at all until the second project explicitly mentioned it. It kinda opened my eyes to maybe the context that other templates might have been implying. Specifying that kind of thing could be helpful.

[Spiritcow]

Hi, can you share your discord or something? Just have a few questions, if you don't mind

[christiancoleman]

It's just christiancoleman. Keep in mind I'm not an expert on this package at all. I barely keep my head above water.