import {Buffer} from "buffer";
import "frida-il2cpp-bridge";
console.log("Rebuilded")
function awaitForCondition(callback: any) {
var i = setInterval(function () {
var addr = Module.findBaseAddress('libil2cpp.so');
console.log("Address found:", addr);
if (addr) {
clearInterval(i);
callback(+addr);
}
}, 0);
}
function _attach(base: any, klass: any, mtd: any, get_StackTrace: any) {
const va = mtd.virtualAddress
if (va == 0x0) {
//console.log("Attach fail", mtd.virtualAddress)
return
}
try {
Interceptor.attach(va, {
onEnter: function (args) {
console.log("onenter ", klass.fullName, `mtd:"${mtd}"`);
if (get_StackTrace != null) {
console.log(get_StackTrace.invoke());
}
//console.log("encode password", [>input<]pwd);
}
});
} catch (err) {
console.log(klass.fullname.tostring(), mtd, err)
console.log("error interception rva", mtd, va.sub(base))
}
}
const klassesOfInterests = [
// /*MainCharacterData*/"SH.491471447.sh_cxse1",
// /*some json related stuff*/"SH.491473776.sh_dbdo1",
// /*some json related stuff*/"SH.491473773.sh_dbdl1",
// /*some json related stuff cur character data? */"SH.491471465.sh_cxsw1",
// /*some json related stuff to files/sc.d? */"SH.491471742.sh_cydk1",
// /*diamond related data*/"SH.491471457.sh_cxso1",
// /*some logs to json handling?*///"SH.491475490.sh_ddri1",
// //"SH.491471477.sh_cxth1",
//"UnityEngine.Random",
// "System.Random",
// "RandomGemRewardVisualInfo",
// "PseudoRandom",
// "DefaultRandom",
"CodeStage",
// "SH.Feature.MS.CardProcess",
// "SH.Feature.RL.DiamondProcess"
]
const mtdsToSkip = [".ctor", "CurrentOwned", "get_IsRunning"]
/*
*
* enum of some events related to diamondProcess and game
* SH.491471427.sh_cxrk1
*
* ????
* SH.491471477.sh_cxth1
* assets related stuff?
* SH.491471546.sh_cxvx1
* */
awaitForCondition(function (base: any) {
const il2cpp = ptr(base);
//bind(il2cpp, ObscuredRefsRVAs)
//bind(il2cpp, BayatGamesFns)
Il2Cpp.perform(() => {
const SystemString = Il2Cpp.corlib.class("System.String");
const single = Il2Cpp.corlib.class("System.Single");
const int32 = Il2Cpp.corlib.class("System.Int32");
const get_StackTrace = Il2Cpp.corlib.class("System.Environment").method("get_StackTrace");
const SystemBoolean = Il2Cpp.corlib.class("System.Boolean");
const SystemType = Il2Cpp.corlib.class("System.Type");
const cSharp = Il2Cpp.domain.assembly("Assembly-CSharp");
const cSharpFP = Il2Cpp.domain.assembly("Assembly-CSharp-firstpass");
/*
with SEED=1 we have right top legendary item
this is Range(x,y) return values
inside 1 Range 0,1 System.Single 0.0003153085708618164
inside 1 Range -0.20000000298023224,0 System.Single -0.11122268438339233
inside 1 Range -0.20000000298023224,0 System.Single -0.06576250493526459
inside 1 Range -0.20000000298023224,0 System.Single -0.03238866850733757
*/
let seedValue = 1;
global.setRandomSeed = function (value) {
seedValue = value;
console.log("seed", seedValue)
}
let rrValues = []
const setRandomRange = function (...values) {
rrValues = [];
const rrTmp = [];
values.forEach(v => {
//const sV = Il2Cpp.string(`${v}`);
//rTmp.push(single.tryMethod("Parse", 1).invoke(sV));
rrTmp.push(v)
})
rrValues = rrTmp.reverse().sort()
console.log(rrValues.reverse());
}
global.overloadValues = function (vMin, vMax) {
var x = [];
for (var i = vMin; i <= vMax; i++) {
x.push(i);
}
rrValues = x.reverse();
console.log(rrValues)
}
global.setRandomRange = setRandomRange;
global.fixRandom = function () {
cSharp.image.classes.filter(klass => klass.fullName.includes("SH.Feature.E.RandomEquipmentProcess"))
.forEach(k =>
k.methods.filter(m => m.name.includes("Generate"))
.forEach(m => {
if (m.parameterCount != 2) {
return
}
m.implementation = function (a, b) {
console.log('genrate', k.fullName, m)
console.log(a)
console.log(b)
return this.tryMethod("Generate").invoke(a, b);
}
})
)
/*
* mix SEED with UNITY int32 RANDOM.RANGE gives us neceesarry results
* setRandomSeed(1123120)
* setRandomSeed(1023121)
* overloadValues(20,23)
* */
Il2Cpp
.domain.assembly("UnityEngine.CoreModule")
.image.class("UnityEngine.Random")
.methods.forEach(mtd => {
console.log('inject in ', mtd)
mtd.implementation = function (...args) {
const rva = mtd.relativeVirtualAddress;
if (!!rva && rva.equals(ptr(0x12e8d0c))) {
const a = args[0]
const b = args[1]
//this is item id, but idk what value it need to be?
// if (a === 0 && b === 100) {
if (a === 0 && b === 100) {
const v = rrValues.pop()
if (v !== undefined) {
console.log('overload Range(0,100) with', mtd, a, b, v)
return 0 + v
}
}
const rv = mtd.invoke(a, b);
console.log('range(x,y)', a, b, rv)
// int32 Range(int32, int32)
return rv
}
if (rva.equals(ptr(0x12e8cc0))) {
//float Range
//console.log('floatRange');
return 0.0006;//mtd.invoke(seedValue !== undefined ? seedValue : 1);
}
if (rva.equals(ptr(0x12e8b64))) {
//InitState
console.log('initState');
return mtd.invoke(seedValue !== undefined ? seedValue : 1);
}
const rv = mtd.invoke(...args);
//console.log('invoked', mtd, mtd.relativeVirtualAddress, args, rv)
return rv;
}
})
}
});
})