frida script to find imposter (amongus 2020.9.9 arm64-v8a)

index.ts

import { log } from "./logger";
import { AssertionError } from "assert";

const libil2cpp = Process.getModuleByName("libil2cpp.so");
const libil2cppb = libil2cpp.base;
const playerinfo_serialize = libil2cppb.add(0x6c2e30);
const playerinfo_deserialize = libil2cppb.add(0x6c316c);

console.log("Starting script..");
function readString(pointr:NativePointer){
    let length = pointr.add(16).readInt()
    const stringBytes = pointr.add(20).readByteArray(length*2)
    if(stringBytes instanceof ArrayBuffer){
        const view = new Uint16Array(stringBytes)
        return String.fromCharCode.apply(null,[...view])
    }
    return "Cant read"

}
function processPlayerInfo(rawPlayer: NativePointer) {
    const buffer = rawPlayer.readByteArray(0x41);
    const playername_ptr = rawPlayer.add(0x18).readPointer()
    const playername = readString(playername_ptr)

    if (buffer instanceof ArrayBuffer) {
        const playerInfoView = new DataView(buffer);
        const player = {
            PlayerId: playerInfoView.getInt8(0x10),
            PlayerName: playername, //0x18
            ColorId: playerInfoView.getInt32(0x20, true),
            HatId: playerInfoView.getInt16(0x24, true),
            PetId: playerInfoView.getInt16(0x28, true),
            SkinId: `0x${playerInfoView.getInt16(0x2c, true).toString(16)}`,
            Disconnected: `0x${playerInfoView.getInt32(0x30, true).toString(16)}`,
            Tasks: playerInfoView.getInt32(0x38, true),
            IsImpostor: playerInfoView.getInt8(0x40),
        };
        console.log("[+] Player Serialize");
        console.log(JSON.stringify(player,null,"-- "))
    }
}

Interceptor.attach(playerinfo_serialize, {
    onEnter: function (args) {
        const rawPlayer = args[0];
        processPlayerInfo(rawPlayer);
        // console.log(
        //     hexdump(rawPlayer.add(0x20), {
        //         offset: 0,
        //         length: 0x50,
        //         header: true,
        //         ansi: true,
        //     })
        // );
    },
    onLeave: retval => {},
});

Interceptor.attach(playerinfo_deserialize, {
    onEnter: function (args) {
       //save playerInfo pointer
       this.pInfo = args[0];

    },
    onLeave: function (retval) {
        if(this.pInfo instanceof NativePointer){
            //playerInfo deserialized into pInfo
            processPlayerInfo(this.pInfo);
        }
     },

});

This is because when you start the app libil2cpp is not loaded. You should start the game then load frida script

Frida version 15.2.2
frida-server-15.0.7-android-x86_64

Happens to me when I run this command
Frida version 15.2.2
frida -U -f br.com.brainweb.name -l jsInjection.js --no-pause
____
/ _ | Frida 15.2.2 - A world-class dynamic instrumentation toolkit
| (| |
> _ | Commands:
// |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
. . . .
. . . . Connected to Android Emulator 5554 (id=emulator-5554)
Failed to load script: script(line 1): SyntaxError: unexpected character

Thank you for using Frida!

My script jsInjection.js
java.perform( function () {
console.log(' ');
console.log(' Silva Silva');

});