Created
August 10, 2022 16:09
-
-
Save psanford/83589228e3369d2f1daa65ee2633094b to your computer and use it in GitHub Desktop.
Speed hack for FTL using frida
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import frida | |
| import sys | |
| import fileinput | |
| session = frida.attach("FTL.amd64") | |
| script = session.create_script(""" | |
| var timeNowPtr = Module.enumerateSymbols('FTL.amd64').filter(function (a) { return a.name == 'time_now'; })[0].address; | |
| var timeNow = new NativeFunction(timeNowPtr, 'double', []); | |
| var baseTime = null; | |
| var baseOffset = 0.0; | |
| var lastTime = null; | |
| var speed = 1.0; | |
| var old_speed = speed; | |
| var count = 0; | |
| var cb = function() { | |
| var realTime = timeNow(); | |
| if (speed != old_speed) { | |
| console.log("speed update", speed, old_speed); | |
| old_speed = speed; | |
| if (realTime < lastTime) { | |
| baseOffset = lastTime - realTime; | |
| console.log("set baseoffset", baseOffset, lastTime, realTime); | |
| } else { | |
| console.log('no base offset change'); | |
| } | |
| } | |
| if (baseTime == null) { | |
| console.log('set basetime', realTime); | |
| baseTime = realTime; | |
| } | |
| var delta = realTime - baseTime; | |
| var updatedTime = (baseOffset + baseTime + (delta * speed)); | |
| if (count % 1000 == 0) { | |
| console.log("real", realTime, updatedTime, count); | |
| } | |
| if (lastTime != null && lastTime > updatedTime) { | |
| console.log("we went backwards", lastTime, updatedTime, baseOffset, baseTime, delta, speed); | |
| } | |
| count++; | |
| lastTime = updatedTime; | |
| return updatedTime; | |
| } | |
| rpc.exports = { | |
| updateSpeed(newspeed) { | |
| console.log("js got update_speed", newspeed); | |
| speed = newspeed; | |
| }, | |
| detach() { | |
| Interceptor.revert(timeNowPtr); | |
| Interceptor.flush(); | |
| } | |
| }; | |
| Interceptor.replace(timeNowPtr, new NativeCallback(cb, 'double', [])); | |
| """) | |
| script.load() | |
| api = script.exports | |
| print("speed:", end="") | |
| sys.stdout.flush() | |
| for line in fileinput.input(): | |
| line = line.rstrip() | |
| speed = 0.5 | |
| if line == "exit" or line == "quit": | |
| api.detach() | |
| break | |
| try: | |
| speed = float(line) | |
| except ValueError: | |
| pass | |
| if speed < 1.0: | |
| print("speed must be >= 1.0") | |
| continue | |
| api.update_speed(speed) | |
| print("speed:", end="") | |
| sys.stdout.flush() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment