-
Notifications
You must be signed in to change notification settings - Fork 192
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error: illegal instruction on initialization step. #33
Comments
Hi, thanks for the issue. I installed that game and there is no issue with This is the output of The first line is printed when the app is spawned: as you can see, My guess is this app has some sort of protection against static analysis. while (true) {
try {
Instruction.parse(Il2Cpp.Api._getCorlib);
break;
} catch (e) {
await new Promise(resolve => setTimeout(resolve, 100));
}
} |
So, from code perspective, instead of patching library code in node modules I can put same while-true block before And another offtopic question regarding obfuscation: is it possible that after startup, game deobfuscates il2cpp.so in memory and dump will be statically-analyzable? |
Yes, in this case you can't use const interval = setInterval(() => {
try {
Instruction.parse(Il2Cpp.Api._getCorlib);
clearInterval(interval);
Il2Cpp.perform(main);
} catch (e) {}
}, 100);
function main() {
console.log("Ready!", Il2Cpp.unityVersion);
}
What does "dump" refer to (il2cpp dump - classes, methods- or deobfuscated/decrypted libil2cpp.so dump)? |
Thanks for the code snippet!
libil2cpp.so dump from game process memory which (as I understand) should be decrypted when game fully launches |
Well, technically something along these lines should work: function main() {
console.log("Ready!", Il2Cpp.unityVersion);
const path = `${Il2Cpp.Dumper.defaultDirectoryPath}/libil2cpp.so`;
const file = new File(path, "w");
for (const range of Il2Cpp.module.enumerateRanges("---")) {
file.write(range.base.readByteArray(range.size)!);
}
file.flush();
file.close();
console.log(`File saved to ${path}`);
} Just tested and (kind of?) works on ghidra. I said kind of because I didn't perform a full-analysis and so there could be problems. |
Thanks a lot! |
Currently for third.party.app you'll receive
Error: illegal instruction
when callingwhen spawning app with
frida -U -f third.party.app -l _.js --no-pause --runtime=v8
.After debugging this error, I found that issues is with
Il2Cpp.Api._getCorlib()
call and for Il2Cpp.perform line 83 particularly:frida-il2cpp-bridge/src/il2cpp/base.ts
Lines 81 to 85 in fa32a68
Currently I fixed this with simple and ugly patch right before if statement
Any suggestions what am I doing wrong?
OS: Android 9
Magisk: 23 (23000), App: 23 (23000)
Frida server: 15.1.1-1 (from magisk module). Tried with static binaries from frida/frida (this one exactly) as well
The text was updated successfully, but these errors were encountered: