impact-i / reflutter Goto Github PK
View Code? Open in Web Editor NEWFlutter Reverse Engineering Framework
License: GNU General Public License v3.0
Flutter Reverse Engineering Framework
License: GNU General Public License v3.0
the crash info:
Termination Description: DYLD, Symbol not found: _FlutterMethodNotImplemented | Referenced from: /private/var/containers/Bundle/Application/368803BE-CAAC-4220-BA25-4534752D6570/Runner.app/Frameworks/audioplayers.framework/audioplayers | Expected in: /private/var/containers/Bundle/Application/368803BE-CAAC-4220-BA25-4534752D6570/Runner.app/Frameworks/Flutter.framework/Flutter | in /private/var/containers/Bundle/Application/368803BE-CAAC-4220-BA25-4534752D6570/Runner.app/Frameworks/audioplayers.framework/audioplayers
i found a libflutter.so delete version information.
the version hash data is 0000000000
i use reflutter xxx.ipa
generate release.RE.ipa
reflutter==0.7.2
SnapshotHash: 1441d6b13b8623fa7fbf61433abebd31
The resulting ipa file: ./release.RE.ipa
Please install the ipa file
after install release.RE.ipa and start app
occur some issue
[VERBOSE-3:dart_vm_initializer.cc(22)] Error while initializing the Dart VM: Snapshot not compatible with the current VM configuration: the snapshot requires 'product no-code_comments no-dwarf_stack_traces_mode lazy_async_stacks no-lazy_dispatchers dedup_instructions no-asserts arm64-sysv no-compressed-pointers null-safety' but the VM has 'product no-code_comments no-dwarf_stack_traces_mode lazy_async_stacks no-lazy_dispatchers dedup_instructions no-asserts arm64-sysv compressed-pointers null-safety'
how do i fix it?
i have an app that is built with Flutter v1, anyway to support that version?
Hello Brother,
Thanks for creating such an awesome tool but I am trying to generate the reflutter APK with one of my flutter applications. Unfortunately, the application showing the below error can you help me to resolve this issue,
This engine is currently not supported. Most likely this flutter application uses the Debug version engine which you need to build manually using Docker at the moment. More details: https://github.com/Impact-I/reFlutter
Thanks,
Keyur
Hi I am using refutter 0.7.2 after the app path crashes on startup, if not using refutter the app still works fine. thank you for your help
link ipa: https://drive.google.com/drive/folders/1oMEKA5pDJU02T4C-x41CL6zpCqy_vKhh
Hello, i'm using the lasted version on linux and windows. But y got the bellow error when y try to intercept the traffic for an apk.
IN:
`reflutter app-release.apk
Choose an option:
[1/2]? 1
Engine SnapshotHash: 1cd6f11bc2398d18197e1822f4b5437b
This engine is currently not supported.
Most likely this flutter application uses the Debug version engine which you need to build manually using Docker at the moment.
More details: https://github.com/Impact-I/reFlutter`
how to get HASH_PATCH=[Snapshot_Hash]
-e COMMIT=[Engine_commit] in lib flutter.so or lib app.so ?
this hash unable to get dump
i start command command line always in HEAD is now at d1b9a6938a [flutter_releases] Flutter stable 2.13.0 Engine Cherrypicks (#33215),why?
How can I get the flutter version of the application
Hi @Impact-I, can you build this engine, SnapshotHash: b6d0a1f034d158b0d37b51d559379697
Thanks
I've run reflutter on my Android apk, aligned and signed the apk. Setup Burp Suite.
Now, I install the signed apk on Android and run it. Basically, nothing happens. But I'm not sure I'm using reflutter correctly.
reflutter
, I provided the IP address of the laptop.On the smartphone, I have no dump.dart
in /data/data/<PACKAGE_NAME>
.
I have no DartVM
in logcat. I do have a few Dart
- I believe those are IP addresses the app contacts.
$ adb logcat | grep -i Dart
05-10 13:14:04.471 16371 16403 E Dart : ref: 148.251.68.92
05-10 13:14:04.681 16371 16403 E Dart : ref: 216.58.209.227
05-10 13:14:04.682 16371 16403 E Dart : ref: 216.58.209.227
05-10 13:19:30.818 16371 16403 E Dart : ref: 148.251.68.92
05-10 13:20:31.004 16371 16403 E Dart : ref: 148.251.68.92
I have nothing relevant for reflutter
tag (same with adb logcat | grep -i reflutter
):
$ adb logcat -e reflutter
--------- beginning of crash
--------- beginning of main
05-10 13:19:05.804 8249 8249 E adbd : service_to_fd: shell,v2,TERM=xterm-256color:export ANDROID_LOG_TAGS="''"; exec logcat '-e' 'reflutter'
--------- beginning of system
05-10 13:36:06.996 8249 8249 E adbd : service_to_fd: shell,v2,TERM=xterm-256color:export ANDROID_LOG_TAGS="''"; exec logcat '-e' 'reflutter'
More info:
e4a09dbf2bb120fe4674e0576617a0dc
)Engine SnapshotHash: eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
This engine is currently not supported.
Most likely this flutter application uses the Debug version engine which you need to build manually using Docker at the moment.
More details: https://github.com/Impact-I/reFlutter
My BMW app
otool -l My\ BMW | grep crypt cryptoff 49152 cryptsize 4096 cryptid 0
Hello reflutter team,
Can you please help me to intercept the traffic of debug mode enable apk using reflutter?
Thanks
[1/2]? 2
This mode is only for dump and offset output, slow application operation is possible (network patch is still left)
Traceback (most recent call last):
File "d:\python3.7.7\lib\urllib\request.py", line 1319, in do_open
encode_chunked=req.has_header('Transfer-encoding'))
File "d:\python3.7.7\lib\http\client.py", line 1252, in request
self._send_request(method, url, body, headers, encode_chunked)
File "d:\python3.7.7\lib\http\client.py", line 1298, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "d:\python3.7.7\lib\http\client.py", line 1247, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "d:\python3.7.7\lib\http\client.py", line 1026, in _send_output
self.send(msg)
File "d:\python3.7.7\lib\http\client.py", line 966, in send
self.connect()
File "d:\python3.7.7\lib\http\client.py", line 1414, in connect
super().connect()
File "d:\python3.7.7\lib\http\client.py", line 938, in connect
(self.host,self.port), self.timeout, self.source_address)
File "d:\python3.7.7\lib\socket.py", line 707, in create_connection
for res in getaddrinfo(host, port, 0, SOCK_STREAM):
File "d:\python3.7.7\lib\socket.py", line 752, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno 11004] getaddrinfo failed
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "d:\python3.7.7\lib\runpy.py", line 193, in run_module_as_main
"main", mod_spec)
File "d:\python3.7.7\lib\runpy.py", line 85, in run_code
exec(code, run_globals)
File "D:\python3.7.7\Scripts\reflutter.exe_main.py", line 7, in
File "d:\python3.7.7\lib\site-packages\src_init.py", line 360, in main
extractZip(sys.argv[1])
File "d:\python3.7.7\lib\site-packages\src_init_.py", line 355, in extractZip
replaceLibFlutter()
File "d:\python3.7.7\lib\site-packages\src_init_.py", line 178, in replaceLibFlutter
checkHash()
File "d:\python3.7.7\lib\site-packages\src_init_.py", line 317, in checkHash
resp = urlopen('https://raw.githubusercontent.com/Impact-I/reFlutter/main/enginehash.csv').read().decode('utf-8')
File "d:\python3.7.7\lib\urllib\request.py", line 222, in urlopen
return opener.open(url, data, timeout)
File "d:\python3.7.7\lib\urllib\request.py", line 525, in open
response = self._open(req, data)
File "d:\python3.7.7\lib\urllib\request.py", line 543, in _open
'_open', req)
File "d:\python3.7.7\lib\urllib\request.py", line 503, in _call_chain
result = func(*args)
File "d:\python3.7.7\lib\urllib\request.py", line 1362, in https_open
context=self._context, check_hostname=self._check_hostname)
File "d:\python3.7.7\lib\urllib\request.py", line 1321, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 11004] getaddrinfo failed>
C:\Users\fyfyfy>reflutter "C:\Users\fyfyfy\Documents\Tencent Files\928584916\FileRecv\MobileFile\jinxun.apk"
Choose an option:
[1/2]? 1
Traceback (most recent call last):
File "d:\python3.7.7\lib\urllib\request.py", line 1319, in do_open
encode_chunked=req.has_header('Transfer-encoding'))
File "d:\python3.7.7\lib\http\client.py", line 1252, in request
self._send_request(method, url, body, headers, encode_chunked)
File "d:\python3.7.7\lib\http\client.py", line 1298, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "d:\python3.7.7\lib\http\client.py", line 1247, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "d:\python3.7.7\lib\http\client.py", line 1026, in _send_output
self.send(msg)
File "d:\python3.7.7\lib\http\client.py", line 966, in send
self.connect()
File "d:\python3.7.7\lib\http\client.py", line 1414, in connect
super().connect()
File "d:\python3.7.7\lib\http\client.py", line 938, in connect
(self.host,self.port), self.timeout, self.source_address)
File "d:\python3.7.7\lib\socket.py", line 707, in create_connection
for res in getaddrinfo(host, port, 0, SOCK_STREAM):
File "d:\python3.7.7\lib\socket.py", line 752, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno 11004] getaddrinfo failed
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "d:\python3.7.7\lib\runpy.py", line 193, in run_module_as_main
"main", mod_spec)
File "d:\python3.7.7\lib\runpy.py", line 85, in run_code
exec(code, run_globals)
File "D:\python3.7.7\Scripts\reflutter.exe_main.py", line 7, in
File "d:\python3.7.7\lib\site-packages\src_init.py", line 360, in main
extractZip(sys.argv[1])
File "d:\python3.7.7\lib\site-packages\src_init_.py", line 355, in extractZip
replaceLibFlutter()
File "d:\python3.7.7\lib\site-packages\src_init_.py", line 178, in replaceLibFlutter
checkHash()
File "d:\python3.7.7\lib\site-packages\src_init_.py", line 317, in checkHash
resp = urlopen('https://raw.githubusercontent.com/Impact-I/reFlutter/main/enginehash.csv').read().decode('utf-8')
File "d:\python3.7.7\lib\urllib\request.py", line 222, in urlopen
return opener.open(url, data, timeout)
File "d:\python3.7.7\lib\urllib\request.py", line 525, in open
response = self._open(req, data)
File "d:\python3.7.7\lib\urllib\request.py", line 543, in _open
'_open', req)
File "d:\python3.7.7\lib\urllib\request.py", line 503, in _call_chain
result = func(*args)
File "d:\python3.7.7\lib\urllib\request.py", line 1362, in https_open
context=self._context, check_hostname=self._check_hostname)
File "d:\python3.7.7\lib\urllib\request.py", line 1321, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 11004] getaddrinfo failed>
Engine SnapshotHash: 71717171717171717171717171717171
Engine SnapshotHash: bbbf0aa5dbd0e225ab6cc1d9081a7837
not found these snapshot hash on flutter-engine.csv file
Once re fluttered, the IPA file cannot be installed and failed with the error message as "... does not contain an application bundle, so it cannot be installed on ..."
I used XReSign to https://github.com/xndrs/XReSign to resign the IPA. It's installed but crashed on start.
SnapshotHash: 1441d6b13b8623fa7fbf61433abebd31
After patching and trying to launch application on Android an error in logcat appears and app crashes:
05-06 12:06:11.841 25282 25282 E AndroidRuntime: java.lang.RuntimeException: Unable to create application com.app.RunApp: java.lang.RuntimeException: java.util.concurrent.ExecutionException: java.lang.UnsatisfiedLinkError: dlopen failed: "/data/app/~~VTHe_C-zRg215VPslCtKfQ==/com.app-RnP-0YbA3rPoKly_jQM9LA==/base.apk!/lib/armeabi-v7a/libflutter.so" .dynamic section header was not found
05-06 12:06:11.841 25282 25282 E AndroidRuntime: at android.app.ActivityThread.handleBindApplication(ActivityThread.java:6717)
...
Hello team @Impact-I ,
After using your reflutter, my IPA is automatically closing after the start. But it does work without using reflutter. What could be the reason behind it?
Thanks for your help in advance.
use reflutter and uber-apk-signer-1.2.1.jar
app will not work. the apk build lost some xmls.
use apktool to depack and replace libflutter, and repack, crash too. and log is below.
https://mumu.nie.netease.com/api/filepicker/APPCrashLog/logcat/2022-04-29/uQHpAvUvn51zgOlj.txt
some days ago, i can use the old version to reflutter the same app(same version). so i think the new reflutter broke something
test apk just two dart file
dunm.dart
only find main.dart
file
where is socket.cc path for flutter engine ?
I followed the instructions from README and use uber-apk-signer to make the apk aligned and signed.
The apk was installed successfully. However, when I tried to open it, it crashed immediately.
So, I wonder why and what should I do to fix it.🤔
I followed the instructions from README and use uber-apk-signer to make the apk aligned and signed.
The apk was installed successfully. However, when I tried to open it, it crashed immediately.
The original apk file can be downloaded at here, and my refluttered version is 0.7.1
Thanks verymuch!!!
The original apk file can be downloaded at here, and my refluttered version is 0.7.1
The device is a simulator:https://mumu.163.com/mac/index.html
I got some error like this..
Module.findBaseAddress('libapp.so') return null
Is it the reason about android simulator?
Some app User proxy will crash,May be need mode 3 just dump offset.
Looking forward to your reply
thanks
Why this does not support anymore x86 binary?
Hi,
Basically running re-flutter I'm getting this error:
Engine SnapshotHash: 1044d5d7857485639caee4798a5dcbb7
This engine is currently not supported.
So I followed the instruction to build the customer build using docker, but 1044d5d7857485639caee4798a5dcbb7 can't be found in both the enginehash.csv or flutter/engine repo
And this same Engine SnapshotHash is mentioned here flutter/flutter#113398.
The application is written in flutter
What's weird with this specific application is that even with using android proxy configuration and proxyDriod (basically iptables to force redirect the traffic to burp) usually breaks any application because of SSL pinning, but that's not the case with this application.
Any help is appreciated.
I have repacked apk and run it on phone,but no dump.dart at /data/data/<PACKAGE_NAME>/
SnapshotHash: 1441d6b13b8623fa7fbf61433abebd31
reflutter app-release.apk
: success generate release.RE.apkjava -jar uber-apk-signer-1.2.1.jar --allowResign -a release.RE.apk
: success generate release.RE-aligned-debugSigned.apkadb install release.RE-aligned-debugSigned.apk
: successrun app
: successadb -d shell "cat /data/data/com.example.chart/dump.dart" > dump.dart
: fail, the dump.dart
not foundWhy there is no dump.dart file, I hope to get an answer, thanks a lot.
2022-05-06 20:12:15.687 25561-25561/? E/LoadedApk: Unable to instantiate appComponentFactory
java.lang.ClassNotFoundException: Didn't find class "androidx.core.app.CoreComponentFactory" on path: DexPathList[[zip file "/data/app/~~gNCysvKMM3GK1goWhUKB1w==/com.senyu.xiaofengling-1Uu7nl-WP96O5uJ4rI1ngQ==/base.apk"],nativeLibraryDirectories=[/data/app/~~gNCysvKMM3GK1goWhUKB1w==/com.senyu.xiaofengling-1Uu7nl-WP96O5uJ4rI1ngQ==/lib/arm, /data/app/~~gNCysvKMM3GK1goWhUKB1w==/com.senyu.xiaofengling-1Uu7nl-WP96O5uJ4rI1ngQ==/base.apk!/lib/armeabi-v7a, /system/lib, /system/system_ext/lib]]
at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:207)
at java.lang.ClassLoader.loadClass(ClassLoader.java:379)
at java.lang.ClassLoader.loadClass(ClassLoader.java:312)
at android.app.LoadedApk.createAppFactory(LoadedApk.java:262)
at android.app.LoadedApk.createOrUpdateClassLoaderLocked(LoadedApk.java:907)
at android.app.LoadedApk.getClassLoader(LoadedApk.java:960)
at android.app.LoadedApk.getResources(LoadedApk.java:1192)
at android.app.ContextImpl.createAppContext(ContextImpl.java:2671)
at android.app.ContextImpl.createAppContext(ContextImpl.java:2663)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:6731)
at android.app.ActivityThread.access$1400(ActivityThread.java:246)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1963)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:236)
at android.app.ActivityThread.main(ActivityThread.java:7904)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:656)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:967)
2022-05-06 20:12:15.709 4722-5478/? D/ActivityUtils: packageNameComponentInfo{com.senyu.xiaofengling/com.example.sd_reward.MainActivity}
2022-05-06 20:12:15.711 25561-25561/? W/yu.xiaofengling: type=1400 audit(0.0:4480): avc: granted { execute } for path="/data/data/com.senyu.xiaofengling/.jiagu/libjiagu.so" dev="sda32" ino=39843 scontext=u:r:untrusted_app:s0:c66,c257,c512,c768 tcontext=u:object_r:app_data_file:s0:c66,c257,c512,c768 tclass=file app=com.senyu.xiaofengling
2022-05-06 20:12:15.724 25561-25561/? I/TetheringManager: registerTetheringEventCallback:com.senyu.xiaofengling
2022-05-06 20:12:15.732 2968-4695/? W/TelephonyPermissions: reportAccessDeniedToReadIdentifiers:com.senyu.xiaofengling:getDeviceId:2
2022-05-06 20:12:15.721 25561-25561/? W/yu.xiaofengling: type=1400 audit(0.0:4481): avc: denied { read } for name="version" dev="proc" ino=4026532120 scontext=u:r:untrusted_app:s0:c66,c257,c512,c768 tcontext=u:object_r:proc_version:s0 tclass=file permissive=0 app=com.senyu.xiaofengling
2022-05-06 20:12:15.740 2968-4695/? W/TelephonyPermissions: reportAccessDeniedToReadIdentifiers:com.senyu.xiaofengling:getDeviceId:2
360jiagu.apk
overall i can intercepts network, but when i hit OTP ( which is after this going to oauth2 ) i got 302 and fail to open apps.
is burp have feature to forward this ? mean between apps and burp skip this step. since i dont need this part.
Hi,
First of all, this is a good project. I really like this.
I reFluttered many iOS and android application with this. But now I'm facing an issue with reFluttering Debug APK (release APK is not working with Genymotion, So that only I'm working with Debug APK). It showing a message like below.
Could you please help me to do the same process with Debug APK as well.
Thanks,
Vinil
ios ipa file, the Flutter is in
My\ BMW.app/Frameworks/Flutter.framework/Flutter
and the version in My\ BMW.app/Frameworks/Flutter.framework/Info.plist
it's 57d3bac3dd5cb5b0e464ab70e7bc8a0d8cf083ab
but reflutter said:
Engine SnapshotHash: d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7
This engine is currently not supported.
When I get dump dart, I don't know what to do next. How can we infer the original logic of the code?
reflutter: command not found
function hookFunc() {
var dumpOffset = 0x0000000000110D70 + 0x0000000000115124 // _kDartIsolateSnapshotInstructions + code offset
var argBufferSize = 150
var address = Module.findBaseAddress('libapp.so') // libapp.so (Android) or App (IOS)
console.log('\n\nbaseAddress: ' + address.toString())
var codeOffset = address.add(dumpOffset)
console.log('codeOffset: ' + codeOffset.toString())
console.log('')
console.log('Wait..... ')
Interceptor.attach(codeOffset, {
onEnter: function(args) {
console.log('')
console.log('--------------------------------------------|')
console.log('\n Hook Function: ' + dumpOffset);
console.log('')
console.log('--------------------------------------------|')
console.log('')
for (var argStep = 0; argStep < 50; argStep++) {
try {
dumpArgs(argStep, args[argStep], argBufferSize);
console.log(args[argStep].toString() + "-------")
} catch (e) {
break;
}
}
},
onLeave: function(retval) {
console.log('RETURN : ' + retval)
dumpArgs(0, retval, 150);
}
});
}
It's not about reflutter. I want to ask how to get parameters. My hook is my own application of "getmd5". I can't get the parameters I pass. Is it my wrong usage?
It's nice to see that you've updated the tool version .
I tried but didn't work very well.
I choose n
I need to capture traffic only (Choose "No" if you also need a dump.dart) [Y/n]? n
but not work
adb -d shell "cat /data/data/com.example.test.flutter_demo/dump.dart" > dump.dart
cat: /data/data/com.example.test.flutter_demo/dump.dart: No such file or directory
Engine SnapshotHash: 3b87b7465a41c49fe95db16b598dc943
This engine is currently not supported.
Most likely this flutter application uses the Debug version engine which you need to build manually using Docker at the moment.
Hello ,I reflutter an iOS ipa,messaged like this,how to recompile this reflutter tool? the script below : https://github.com/Impact-I/ForkForFlutter/blob/main/searchSnapshot.sh. is only for Android?
I see that the readme mentions a dockerfile, but I don't find where the code is.
The dump.dart run out using reflutter is missing a lot of addresses
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.