diff --git a/README.md b/README.md index 6f5156c..8782219 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,13 @@ # Redirect -Universal script for redirecting all HTTP requests to specified domain. \ No newline at end of file +Universal frida script for old versions of anime games to redirect all HTTP requests to specified domain. +#### Compatibility +All anime games are supported, but only version before introduction of `il2cpp_get_api_table` +- Genshin Impact (< 3.2) +- Honkai: Star Rail (< 1.6) +- Zenless Zone Zero (< 0.2.0) +- Honkai Impact 3rd (< 6.9) + +### How to use +Just put contents of this repository to your game folder.
+You can edit gadget.config to specify the `redirectHost`. \ No newline at end of file diff --git a/gadget.config b/gadget.config new file mode 100644 index 0000000..1db5f4f --- /dev/null +++ b/gadget.config @@ -0,0 +1,9 @@ +{ + "interaction": { + "type": "script", + "path": "universal_redirect.js", + "parameters": { + "redirectHost": "http://127.0.0.1:8888" + } + } +} \ No newline at end of file diff --git a/gadget.dll b/gadget.dll new file mode 100644 index 0000000..9ee9495 Binary files /dev/null and b/gadget.dll differ diff --git a/universal_redirect.js b/universal_redirect.js new file mode 100644 index 0000000..580efe0 --- /dev/null +++ b/universal_redirect.js @@ -0,0 +1,77 @@ +// entry point +function main(stage, parameters) { + if (!parameters.redirectHost) { + console.log("redirectHost parameter not specified!\nEdit your gadget.config and specify redirectHost in \"parameters\" section."); + return; + } + + const SystemDll = Il2cppApiWrap.GetImageByName("System.dll"); + + const SystemUriClass = Il2cppApiWrap.GetClassByName(SystemDll, "System", "Uri"); + const SystemUriCtor = Il2cppApiWrap.GetClassMethodByName(SystemUriClass, ".ctor", 1); + + console.log("Found System.Uri.ctor(System.String) at " + SystemUriCtor.readPointer()); + + Interceptor.attach(SystemUriCtor.readPointer(), { + onEnter(args) { + var requestUrl = args[1].readCSharpString(); + if (requestUrl.startsWith("http://") || requestUrl.startsWith("https://")) { + var prefix = requestUrl.split('/', 3).join('/'); + args[1] = Il2cppApiWrap.AllocateString(requestUrl.replace(prefix, parameters.redirectHost)); + + console.log("redirected: " + args[1].readCSharpString()); + } + } + }); + + console.log("Attached successfully, will redirect all requests to: " + parameters.redirectHost); +} + +const Il2cppApiWrap = { + AllocateString(value) { + const pValue = Memory.allocUtf16String(value); + + return this.CallApiFunction('il2cpp_string_new_utf16', 'pointer', ['pointer', 'int'], [pValue, value.length]); + }, + GetClassMethodByName(il2cppClass, name, argsCount) { + const pName = Memory.allocUtf8String(name); + + return this.CallApiFunction('il2cpp_class_get_method_from_name', 'pointer', ['pointer', 'pointer', 'int'], [il2cppClass, pName, argsCount]); + }, + GetClassByName(il2cppImage, namespace, name) { + const pNamespace = Memory.allocUtf8String(namespace); + const pName = Memory.allocUtf8String(name); + + return this.CallApiFunction('il2cpp_class_from_name', 'pointer', ['pointer', 'pointer', 'pointer'], [il2cppImage, pNamespace, pName]); + }, + GetImageByName(name) { + const domain = this.CallApiFunction('il2cpp_domain_get', 'pointer', [], []); + + const sizeOut = Memory.alloc(8); + const assemblies = this.CallApiFunction('il2cpp_domain_get_assemblies', 'pointer', ['pointer', 'pointer'], [domain, sizeOut]); + + const size = sizeOut.readU64(); + for (var i = 0; i < size; i++) { + const assembly = assemblies.add(i * 8).readPointer(); + const il2cppImage = this.CallApiFunction('il2cpp_assembly_get_image', 'pointer', ['pointer'], [assembly]); + + const imageName = this.CallApiFunction('il2cpp_image_get_name', 'pointer', ['pointer'], [il2cppImage]); + if (imageName.readUtf8String() == name) { + return il2cppImage; + } + } + + return null; + }, + CallApiFunction(name, rettype, argTypes, args) { + const nativeFunction = new NativeFunction(Module.findExportByName(null, name), rettype, argTypes); + return nativeFunction.apply(nativeFunction, args); + } +} + +NativePointer.prototype.readCSharpString = function() { + var length = this.add(16).readInt(); + return this.add(20).readUtf16String(length); +} + +rpc.exports.init = main; \ No newline at end of file diff --git a/version.dll b/version.dll new file mode 100644 index 0000000..8d81904 Binary files /dev/null and b/version.dll differ