![]() ![]() This works, but upon changing the player appearance, this happens: Like before, I’ve tried to become a Shapeshifter by altering the role parameter in SetRole(). Unfortunately the server doesn’t accept kill operations form this spoofed role. This produces an interesting side effect: Since we’re an impostor in our local game, we can directly identify other imposters from the game UI. We can now enter vents and hide and move in there.But our local client thinks we’re an Imposter. Now, the server thinks we’re a regular player.We Become an Impostor by changing the role value in passed in SetRole() for our local player object. ![]() However, we can make our local client think that we’re actually an Imposter: Normally, only two player roles are permitted to enter vents on the game map: Engineers and Impostors. Now we can vote to kick out Bridecosy, GTFO ◉‿◉ Additional Client Side Memory ManipulationĪt this point I thought: What about manipulating client side memory instead of just reading some values? Here are some things I’ve tested. ![]() Upon running the game and injecting the script, the following output is printed: Got PID 28485 We need to add an offset of 0x14 to the beginning of the string object to grab the player name.The name is stored as an UTF-16 wide string.Public class PlayerControl : InnerNetObject // TypeDefIndex: 12310. There already exists a tool called il2cpp-dumper for this exact purpose: Well that sounds interesting, especially the intermediate language aspect, since that often means that it’s possible to decompile the code back the its original form. The IL2CPP backend converts MSIL (Microsoft Intermediate Language) code (for example, C# code in scripts) into C++ code, then uses the C++ code to create a native binary file (for example. IL2CPP provides better support for applications across a wider range of platforms. The IL2CPP (Intermediate Language To C++) scripting backend Instead, and since it’s Unity-based game, the interesting stuff is present in a native library called libil2cpp.so. apk file of the game and extracting it, I’ve found that the actual game logic is not implemented in the Java code. Let’s see how that can be done with Frida. I’ve looked into the game and I thought it would be a great idea to identify the impostors right away and without having to guess. The game is based on the Unity engine and, along with other platforms, it is available for Android devices. The remaining players can use votes to kick out a specific player, while hopefully identifying the impostor correctly. The impostor’s goal is to kill every other player without being identified throughout the game. Do you know the game Among Us ? It’s a multiplayer game where you have to identify impostors in a group of players. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |