il2cpp frida MCP Server
IL2CPP Frida MCP Server
A Model Context Protocol (MCP) based IL2CPP reverse engineering tool that enables AI assistants (like Claude, Kiro) to directly analyze and manipulate Unity IL2CPP applications.
Features
- 🔌 Frida Integration - Support for USB, remote, and local device connections
- 📦 IL2CPP Analysis - List images, classes, methods with fuzzy search support
- 🔍 Disassembly - Method disassembly based on Frida Instruction API
- 🧠 GC Heap Analysis - Find runtime object instances
- 📤 Import/Export - Find module import and export functions
- 🛠️ JS Execution - Execute arbitrary JavaScript code to manipulate Frida API
Project Structure
.
├── mcp_server.py # Entry point
├── mcp_server/ # MCP Server module
│ ├── __init__.py
│ ├── server.py # MCP Server core
│ ├── state.py # Frida state management
│ ├── tools.py # MCP tool definitions
│ ├── transport.py # Transport layer (stdio/sse/http)
│ ├── cli.py # Command line interface
│ ├── agent_loader.py # Agent loader
│ └── handlers/ # Tool handlers
│ ├── __init__.py
│ ├── frida_handlers.py
│ └── il2cpp_handlers.py
├── agent/ # Frida Agent (TypeScript)
│ ├── index.ts # Agent entry point
│ ├── core/ # Core modules
│ │ ├── il2cpp-helper.ts
│ │ ├── method-utils.ts
│ │ └── class-finder.ts
│ └── services/ # Service modules
│ ├── image-service.ts
│ ├── class-service.ts
│ ├── method-service.ts
│ ├── disasm-service.ts
│ ├── module-service.ts
│ ├── gc-service.ts
│ └── exec-service.ts
├── _agent.js # Compiled Agent
├── package.json
├── tsconfig.json
└── requirements.txt
Installation
Option 1: pip install (Recommended)
# Install from source
pip install .
# Or install in development mode
pip install -e .
Option 2: Manual dependency installation
pip install -r requirements.txt
Compile Frida Agent
npm install
npm run build
Usage
Start MCP Server
# If installed via pip
il2cpp-frida-mcp # Interactive selection
il2cpp-frida-mcp --stdio # stdio mode
il2cpp-frida-mcp --sse # SSE mode
il2cpp-frida-mcp --http # HTTP mode
# Or run script directly
python mcp_server.py --stdio
# Custom host and port
il2cpp-frida-mcp --sse --host 0.0.0.0 --port 9000
Configure MCP Client
Claude Desktop / Kiro
Add to your MCP configuration file:
{
"mcpServers": {
"il2cpp-frida": {
"command": "il2cpp-frida-mcp",
"args": ["--stdio"]
}
}
}
Or run using Python module:
{
"mcpServers": {
"il2cpp-frida": {
"command": "python",
"args": ["-m", "mcp_server", "--stdio"]
}
}
}
MCP Tools
Frida Basic Tools
| Tool | Description |
|------|-------------|
| frida_list_devices | List all available Frida devices |
| frida_connect | Connect to device and target process |
| frida_disconnect | Disconnect Frida connection |
| frida_resume | Resume suspended process |
| frida_list_processes | List processes on device |
IL2CPP Analysis Tools
| Tool | Description |
|------|-------------|
| il2cpp_list_images | List all IL2CPP images |
| il2cpp_list_classes | List all classes in specified image |
| il2cpp_list_methods | List all methods in specified class |
| il2cpp_show_method | Show method details |
| il2cpp_find_classes | Find classes (fuzzy match supported) |
| il2cpp_find_methods | Find methods (fuzzy match supported) |
| il2cpp_show_asm | Disassemble method |
| il2cpp_find_export | Find export functions |
| il2cpp_find_import | Find import functions |
| il2cpp_exec_js | Execute arbitrary JavaScript code |
| il2cpp_gc_choose | Find instances of specified class in heap |
| il2cpp_gc_info | Get GC heap information |
Examples
1. Connect to Device
Use frida_connect to connect to the frontmost app on USB device
2. Analyze IL2CPP
List all images, then find classes containing "Player"
3. View Method Details
List all methods of PlayerController class, then view Update method details
Development
Compile Agent
npm run build # Single build
npm run watch # Watch mode
Dependencies
- Python 3.10+
- Node.js 16+
- Frida 17+
- frida-il2cpp-bridge
Acknowledgements
- frida-il2cpp-bridge - IL2CPP runtime bridge
- Il2CppHookScripts - Reference implementation
License
MIT