Skip to content

detail running instructions #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

detail running instructions #1

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 45 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# AutoVR
Everything in ts needs to be compiled. index.out.js is the compiled ts code and is the only ts depeendency that run.py needs. To compile, run the compile.sh script in the ts folder to produce the index.out.js file.
Everything in ts needs to be compiled. index.out.js is the compiled ts code and is the only ts dependency that run.py needs. To compile, run the compile.sh script in the ts folder to produce the index.out.js file.


Usage: python3 run.py \<device name\> \<host package\> \<script.json\>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's remove this run.py command entirely just so we don't confuse users. run.py was originally suppose to also include support for running one package at a time. autovr.py now achieves this.

Expand All @@ -10,3 +10,47 @@ host package = the apk package name on the device.

script.json = run Il2CppDumper on the disassembled apk and get the script.json file as this path.


## Details

First ensure Frida server is running on the device. More details can be found [here](https://frida.re/docs/android/).

Build the AutoVR codebase. In the `ts/` directory, run:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: "Build the AutoVR injected Frida codebase." or something similar.


```
npm install
```

A slight unintended side effect is that this command generates Frida code that fails to compile. You will most likely
need to fix this before the next step.

Change all occurrences of `??=` to `=`. To find said occurences, just run `grep -R "??="` and only replace the occurences in the `index.out.js` file.

Then we should be able to compile without issue using:

```
./compile.sh
```

This should complete building the AutoVR codebase. Next we need to generate the `script.json` file.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: "AutoVR injected Frida codebase." or something similar.


To start, dissassemble the apk of the target package. You can find the list of packages and apk locations on the device using `pm list packages -f`. Use [apktool](https://apktool.org/) on the apk file:

```
apktool d <apk path>.apk
```

We then need to run [Il2CppDumper](https://github.com/Perfare/Il2CppDumper) on the dissassembled apk. This can be done using:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not entirely necessary, but a side not that not all Unity games will be compiled using IL2CPP. Maybe we should add something in the main header saying AutoVR can only run on IL2CPP compiled Unity games.


```
Il2CppDumper <unpacked apk path>/lib/arm64-v8a/libil2cpp.so <unpacked apk path>/assets/bin/Data/Managed/Metadata/global-metadata.dat output_dir/
```

We now have all of the files present to run the AutoVR analysis.

```
python3 autovr.py --device <device name> --package <package name> --script-file output_dir/script.json --rooted is_rooted
```

In this case the package name is the name found in the command `pm list packages`, and the device name is the name of the device found in the command `adb devices`.
For example, your package name might look like "com.AGVR.ArtGateVR" and your device name might look something like "1WMHH816NU0432".