impact-i / reflutter Goto Github PK

Some app User proxy will crash,May be need mode 3 just dump offset.
Looking forward to your reply
thanks

Engine SnapshotHash: eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee

This engine is currently not supported.
Most likely this flutter application uses the Debug version engine which you need to build manually using Docker at the moment.
More details: https://github.com/Impact-I/reFlutter

My BMW app

otool -l My\ BMW | grep crypt cryptoff 49152 cryptsize 4096 cryptid 0

How can I get the flutter version of the application

Hello team @Impact-I ,
After using your reflutter, my IPA is automatically closing after the start. But it does work without using reflutter. What could be the reason behind it?

Thanks for your help in advance.

I followed the instructions from README and use uber-apk-signer to make the apk aligned and signed.

The apk was installed successfully. However, when I tried to open it, it crashed immediately.

So, I wonder why and what should I do to fix it.🤔

function hookFunc() {

var dumpOffset = 0x0000000000110D70	 + 0x0000000000115124 // _kDartIsolateSnapshotInstructions + code offset

var argBufferSize = 150

var address = Module.findBaseAddress('libapp.so') // libapp.so (Android) or App (IOS) 
console.log('\n\nbaseAddress: ' + address.toString())

var codeOffset = address.add(dumpOffset)
console.log('codeOffset: ' + codeOffset.toString())
console.log('')
console.log('Wait..... ')

Interceptor.attach(codeOffset, {
    onEnter: function(args) {

        console.log('')
        console.log('--------------------------------------------|')
        console.log('\n    Hook Function: ' + dumpOffset);
        console.log('')
        console.log('--------------------------------------------|')
        console.log('')

        for (var argStep = 0; argStep < 50; argStep++) {
            try {
                dumpArgs(argStep, args[argStep], argBufferSize);
				console.log(args[argStep].toString() + "-------")
            } catch (e) {

                break;
            }

        }

    },
    onLeave: function(retval) {
        console.log('RETURN : ' + retval)
        dumpArgs(0, retval, 150);
    }
});

}

It's not about reflutter. I want to ask how to get parameters. My hook is my own application of "getmd5". I can't get the parameters I pass. Is it my wrong usage?

Hi,

First of all, this is a good project. I really like this.
I reFluttered many iOS and android application with this. But now I'm facing an issue with reFluttering Debug APK (release APK is not working with Genymotion, So that only I'm working with Debug APK). It showing a message like below.

Could you please help me to do the same process with Debug APK as well.

Thanks,
Vinil

Hello Brother,

Thanks for creating such an awesome tool but I am trying to generate the reflutter APK with one of my flutter applications. Unfortunately, the application showing the below error can you help me to resolve this issue,

This engine is currently not supported. Most likely this flutter application uses the Debug version engine which you need to build manually using Docker at the moment. More details: https://github.com/Impact-I/reFlutter

Click Here to View Image

Thanks,
Keyur

Hello ,I reflutter an iOS ipa,messaged like this,how to recompile this reflutter tool? the script below : https://github.com/Impact-I/ForkForFlutter/blob/main/searchSnapshot.sh. is only for Android?

I followed the instructions from README and use uber-apk-signer to make the apk aligned and signed.

The apk was installed successfully. However, when I tried to open it, it crashed immediately.

The original apk file can be downloaded at here, and my refluttered version is 0.7.1

Thanks verymuch!!!

Hello, i'm using the lasted version on linux and windows. But y got the bellow error when y try to intercept the traffic for an apk.

IN:
`reflutter app-release.apk

Choose an option:

1. Traffic monitoring and interception
2. Display absolute code offset for functions

[1/2]? 1

Engine SnapshotHash: 1cd6f11bc2398d18197e1822f4b5437b

This engine is currently not supported.
Most likely this flutter application uses the Debug version engine which you need to build manually using Docker at the moment.
More details: https://github.com/Impact-I/reFlutter`

When I get dump dart, I don't know what to do next. How can we infer the original logic of the code?

ios ipa file, the Flutter is in
My\ BMW.app/Frameworks/Flutter.framework/Flutter
and the version in My\ BMW.app/Frameworks/Flutter.framework/Info.plist
it's 57d3bac3dd5cb5b0e464ab70e7bc8a0d8cf083ab

but reflutter said:

Engine SnapshotHash: d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7d7
This engine is currently not supported.

the crash info:

Termination Description: DYLD, Symbol not found: _FlutterMethodNotImplemented | Referenced from: /private/var/containers/Bundle/Application/368803BE-CAAC-4220-BA25-4534752D6570/Runner.app/Frameworks/audioplayers.framework/audioplayers | Expected in: /private/var/containers/Bundle/Application/368803BE-CAAC-4220-BA25-4534752D6570/Runner.app/Frameworks/Flutter.framework/Flutter | in /private/var/containers/Bundle/Application/368803BE-CAAC-4220-BA25-4534752D6570/Runner.app/Frameworks/audioplayers.framework/audioplayers

i use reflutter xxx.ipa generate release.RE.ipa

reflutter==0.7.2

SnapshotHash: 1441d6b13b8623fa7fbf61433abebd31
The resulting ipa file: ./release.RE.ipa
Please install the ipa file

after install release.RE.ipa and start app
occur some issue

[VERBOSE-3:dart_vm_initializer.cc(22)] Error while initializing the Dart VM: Snapshot not compatible with the current VM configuration: the snapshot requires 'product no-code_comments no-dwarf_stack_traces_mode lazy_async_stacks no-lazy_dispatchers dedup_instructions no-asserts arm64-sysv no-compressed-pointers null-safety' but the VM has 'product no-code_comments no-dwarf_stack_traces_mode lazy_async_stacks no-lazy_dispatchers dedup_instructions no-asserts arm64-sysv compressed-pointers null-safety'

how do i fix it?

this hash unable to get dump

Hi I am using refutter 0.7.2 after the app path crashes on startup, if not using refutter the app still works fine. thank you for your help
link ipa: https://drive.google.com/drive/folders/1oMEKA5pDJU02T4C-x41CL6zpCqy_vKhh

1. use reflutter and uber-apk-signer-1.2.1.jar
   app will not work. the apk build lost some xmls.

2. use apktool to depack and replace libflutter, and repack, crash too. and log is below.
   https://mumu.nie.netease.com/api/filepicker/APPCrashLog/logcat/2022-04-29/uQHpAvUvn51zgOlj.txt

some days ago, i can use the old version to reflutter the same app(same version). so i think the new reflutter broke something

where is socket.cc path for flutter engine ?

Hello reflutter team,
Can you please help me to intercept the traffic of debug mode enable apk using reflutter?

Thanks

Hi @Impact-I, can you build this engine, SnapshotHash: b6d0a1f034d158b0d37b51d559379697

Thanks

Engine SnapshotHash: 3b87b7465a41c49fe95db16b598dc943

This engine is currently not supported.
Most likely this flutter application uses the Debug version engine which you need to build manually using Docker at the moment.

2022-05-06 20:12:15.687 25561-25561/? E/LoadedApk: Unable to instantiate appComponentFactory
java.lang.ClassNotFoundException: Didn't find class "androidx.core.app.CoreComponentFactory" on path: DexPathList[[zip file "/data/app/~~gNCysvKMM3GK1goWhUKB1w==/com.senyu.xiaofengling-1Uu7nl-WP96O5uJ4rI1ngQ==/base.apk"],nativeLibraryDirectories=[/data/app/~~gNCysvKMM3GK1goWhUKB1w==/com.senyu.xiaofengling-1Uu7nl-WP96O5uJ4rI1ngQ==/lib/arm, /data/app/~~gNCysvKMM3GK1goWhUKB1w==/com.senyu.xiaofengling-1Uu7nl-WP96O5uJ4rI1ngQ==/base.apk!/lib/armeabi-v7a, /system/lib, /system/system_ext/lib]]
at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:207)
at java.lang.ClassLoader.loadClass(ClassLoader.java:379)
at java.lang.ClassLoader.loadClass(ClassLoader.java:312)
at android.app.LoadedApk.createAppFactory(LoadedApk.java:262)
at android.app.LoadedApk.createOrUpdateClassLoaderLocked(LoadedApk.java:907)
at android.app.LoadedApk.getClassLoader(LoadedApk.java:960)
at android.app.LoadedApk.getResources(LoadedApk.java:1192)
at android.app.ContextImpl.createAppContext(ContextImpl.java:2671)
at android.app.ContextImpl.createAppContext(ContextImpl.java:2663)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:6731)
at android.app.ActivityThread.access$1400(ActivityThread.java:246)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1963)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:236)
at android.app.ActivityThread.main(ActivityThread.java:7904)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:656)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:967)
2022-05-06 20:12:15.709 4722-5478/? D/ActivityUtils: packageNameComponentInfo{com.senyu.xiaofengling/com.example.sd_reward.MainActivity}
2022-05-06 20:12:15.711 25561-25561/? W/yu.xiaofengling: type=1400 audit(0.0:4480): avc: granted { execute } for path="/data/data/com.senyu.xiaofengling/.jiagu/libjiagu.so" dev="sda32" ino=39843 scontext=u:r:untrusted_app:s0:c66,c257,c512,c768 tcontext=u:object_r:app_data_file:s0:c66,c257,c512,c768 tclass=file app=com.senyu.xiaofengling
2022-05-06 20:12:15.724 25561-25561/? I/TetheringManager: registerTetheringEventCallback:com.senyu.xiaofengling
2022-05-06 20:12:15.732 2968-4695/? W/TelephonyPermissions: reportAccessDeniedToReadIdentifiers:com.senyu.xiaofengling:getDeviceId:2
2022-05-06 20:12:15.721 25561-25561/? W/yu.xiaofengling: type=1400 audit(0.0:4481): avc: denied { read } for name="version" dev="proc" ino=4026532120 scontext=u:r:untrusted_app:s0:c66,c257,c512,c768 tcontext=u:object_r:proc_version:s0 tclass=file permissive=0 app=com.senyu.xiaofengling
2022-05-06 20:12:15.740 2968-4695/? W/TelephonyPermissions: reportAccessDeniedToReadIdentifiers:com.senyu.xiaofengling:getDeviceId:2

360jiagu.apk

how to get HASH_PATCH=[Snapshot_Hash]
-e COMMIT=[Engine_commit] in lib flutter.so or lib app.so ?

It's nice to see that you've updated the tool version .

I tried but didn't work very well.

I choose n

I need to capture traffic only (Choose "No" if you also need a dump.dart) [Y/n]? n

but not work

adb -d shell "cat /data/data/com.example.test.flutter_demo/dump.dart" > dump.dart
cat: /data/data/com.example.test.flutter_demo/dump.dart: No such file or directory

The original apk file can be downloaded at here, and my refluttered version is 0.7.1
The device is a simulator:https://mumu.163.com/mac/index.html
I got some error like this..

Module.findBaseAddress('libapp.so') return null
Is it the reason about android simulator?

Engine SnapshotHash: 71717171717171717171717171717171
Engine SnapshotHash: bbbf0aa5dbd0e225ab6cc1d9081a7837

not found these snapshot hash on flutter-engine.csv file

Why this does not support anymore x86 binary?

HTTP2 format error.

After patching and trying to launch application on Android an error in logcat appears and app crashes:

05-06 12:06:11.841 25282 25282 E AndroidRuntime: java.lang.RuntimeException: Unable to create application com.app.RunApp: java.lang.RuntimeException: java.util.concurrent.ExecutionException: java.lang.UnsatisfiedLinkError: dlopen failed: "/data/app/~~VTHe_C-zRg215VPslCtKfQ==/com.app-RnP-0YbA3rPoKly_jQM9LA==/base.apk!/lib/armeabi-v7a/libflutter.so" .dynamic section header was not found
05-06 12:06:11.841 25282 25282 E AndroidRuntime: 	at android.app.ActivityThread.handleBindApplication(ActivityThread.java:6717)
...

• reflutter app-release.apk : success generate release.RE.apk
• java -jar uber-apk-signer-1.2.1.jar --allowResign -a release.RE.apk : success generate release.RE-aligned-debugSigned.apk
• adb install release.RE-aligned-debugSigned.apk : success
• run app : success
• adb -d shell "cat /data/data/com.example.chart/dump.dart" > dump.dart : fail, the dump.dart not found

Why there is no dump.dart file, I hope to get an answer, thanks a lot.

I see that the readme mentions a dockerfile, but I don't find where the code is.

The dump.dart run out using reflutter is missing a lot of addresses

i have an app that is built with Flutter v1, anyway to support that version?

[1/2]? 2

This mode is only for dump and offset output, slow application operation is possible (network patch is still left)
Traceback (most recent call last):
File "d:\python3.7.7\lib\urllib\request.py", line 1319, in do_open
encode_chunked=req.has_header('Transfer-encoding'))
File "d:\python3.7.7\lib\http\client.py", line 1252, in request
self._send_request(method, url, body, headers, encode_chunked)
File "d:\python3.7.7\lib\http\client.py", line 1298, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "d:\python3.7.7\lib\http\client.py", line 1247, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "d:\python3.7.7\lib\http\client.py", line 1026, in _send_output
self.send(msg)
File "d:\python3.7.7\lib\http\client.py", line 966, in send
self.connect()
File "d:\python3.7.7\lib\http\client.py", line 1414, in connect
super().connect()
File "d:\python3.7.7\lib\http\client.py", line 938, in connect
(self.host,self.port), self.timeout, self.source_address)
File "d:\python3.7.7\lib\socket.py", line 707, in create_connection
for res in getaddrinfo(host, port, 0, SOCK_STREAM):
File "d:\python3.7.7\lib\socket.py", line 752, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno 11004] getaddrinfo failed

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "d:\python3.7.7\lib\runpy.py", line 193, in run_module_as_main
"main", mod_spec)
File "d:\python3.7.7\lib\runpy.py", line 85, in run_code
exec(code, run_globals)
File "D:\python3.7.7\Scripts\reflutter.exe_main.py", line 7, in
File "d:\python3.7.7\lib\site-packages\src_init.py", line 360, in main
extractZip(sys.argv[1])
File "d:\python3.7.7\lib\site-packages\src_init_.py", line 355, in extractZip
replaceLibFlutter()
File "d:\python3.7.7\lib\site-packages\src_init_.py", line 178, in replaceLibFlutter
checkHash()
File "d:\python3.7.7\lib\site-packages\src_init_.py", line 317, in checkHash
resp = urlopen('https://raw.githubusercontent.com/Impact-I/reFlutter/main/enginehash.csv').read().decode('utf-8')
File "d:\python3.7.7\lib\urllib\request.py", line 222, in urlopen
return opener.open(url, data, timeout)
File "d:\python3.7.7\lib\urllib\request.py", line 525, in open
response = self._open(req, data)
File "d:\python3.7.7\lib\urllib\request.py", line 543, in _open
'_open', req)
File "d:\python3.7.7\lib\urllib\request.py", line 503, in _call_chain
result = func(*args)
File "d:\python3.7.7\lib\urllib\request.py", line 1362, in https_open
context=self._context, check_hostname=self._check_hostname)
File "d:\python3.7.7\lib\urllib\request.py", line 1321, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 11004] getaddrinfo failed>

C:\Users\fyfyfy>reflutter "C:\Users\fyfyfy\Documents\Tencent Files\928584916\FileRecv\MobileFile\jinxun.apk"

Choose an option:

1. Traffic monitoring and interception
2. Display absolute code offset for functions

[1/2]? 1
Traceback (most recent call last):
File "d:\python3.7.7\lib\urllib\request.py", line 1319, in do_open
encode_chunked=req.has_header('Transfer-encoding'))
File "d:\python3.7.7\lib\http\client.py", line 1252, in request
self._send_request(method, url, body, headers, encode_chunked)
File "d:\python3.7.7\lib\http\client.py", line 1298, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "d:\python3.7.7\lib\http\client.py", line 1247, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "d:\python3.7.7\lib\http\client.py", line 1026, in _send_output
self.send(msg)
File "d:\python3.7.7\lib\http\client.py", line 966, in send
self.connect()
File "d:\python3.7.7\lib\http\client.py", line 1414, in connect
super().connect()
File "d:\python3.7.7\lib\http\client.py", line 938, in connect
(self.host,self.port), self.timeout, self.source_address)
File "d:\python3.7.7\lib\socket.py", line 707, in create_connection
for res in getaddrinfo(host, port, 0, SOCK_STREAM):
File "d:\python3.7.7\lib\socket.py", line 752, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno 11004] getaddrinfo failed

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "d:\python3.7.7\lib\runpy.py", line 193, in run_module_as_main
"main", mod_spec)
File "d:\python3.7.7\lib\runpy.py", line 85, in run_code
exec(code, run_globals)
File "D:\python3.7.7\Scripts\reflutter.exe_main.py", line 7, in
File "d:\python3.7.7\lib\site-packages\src_init.py", line 360, in main
extractZip(sys.argv[1])
File "d:\python3.7.7\lib\site-packages\src_init_.py", line 355, in extractZip
replaceLibFlutter()
File "d:\python3.7.7\lib\site-packages\src_init_.py", line 178, in replaceLibFlutter
checkHash()
File "d:\python3.7.7\lib\site-packages\src_init_.py", line 317, in checkHash
resp = urlopen('https://raw.githubusercontent.com/Impact-I/reFlutter/main/enginehash.csv').read().decode('utf-8')
File "d:\python3.7.7\lib\urllib\request.py", line 222, in urlopen
return opener.open(url, data, timeout)
File "d:\python3.7.7\lib\urllib\request.py", line 525, in open
response = self._open(req, data)
File "d:\python3.7.7\lib\urllib\request.py", line 543, in _open
'_open', req)
File "d:\python3.7.7\lib\urllib\request.py", line 503, in _call_chain
result = func(*args)
File "d:\python3.7.7\lib\urllib\request.py", line 1362, in https_open
context=self._context, check_hostname=self._check_hostname)
File "d:\python3.7.7\lib\urllib\request.py", line 1321, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 11004] getaddrinfo failed>

Hi,

Basically running re-flutter I'm getting this error:

Engine SnapshotHash: 1044d5d7857485639caee4798a5dcbb7
This engine is currently not supported.

So I followed the instruction to build the customer build using docker, but 1044d5d7857485639caee4798a5dcbb7 can't be found in both the enginehash.csv or flutter/engine repo
And this same Engine SnapshotHash is mentioned here flutter/flutter#113398.

The application is written in flutter

What's weird with this specific application is that even with using android proxy configuration and proxyDriod (basically iptables to force redirect the traffic to burp) usually breaks any application because of SSL pinning, but that's not the case with this application.

Any help is appreciated.

I've run reflutter on my Android apk, aligned and signed the apk. Setup Burp Suite.
Now, I install the signed apk on Android and run it. Basically, nothing happens. But I'm not sure I'm using reflutter correctly.

• Am I meant to see anything special in Burp Suite? I don't. I did configure proxy 8083 and invisible mode. Anything else?
• Am I meant to configure something on the Android smartphone?
• My smartphone is connected to the same wifi as the laptop running the Burp Suite. The smartphone can ping the laptop. When I ran reflutter, I provided the IP address of the laptop.

On the smartphone, I have no dump.dart in /data/data/<PACKAGE_NAME>.
I have no DartVM in logcat. I do have a few Dart - I believe those are IP addresses the app contacts.

$ adb logcat | grep -i Dart
05-10 13:14:04.471 16371 16403 E Dart    : ref: 148.251.68.92
05-10 13:14:04.681 16371 16403 E Dart    : ref: 216.58.209.227
05-10 13:14:04.682 16371 16403 E Dart    : ref: 216.58.209.227
05-10 13:19:30.818 16371 16403 E Dart    : ref: 148.251.68.92
05-10 13:20:31.004 16371 16403 E Dart    : ref: 148.251.68.92

I have nothing relevant for reflutter tag (same with adb logcat | grep -i reflutter):

$ adb logcat -e reflutter
--------- beginning of crash
--------- beginning of main
05-10 13:19:05.804  8249  8249 E adbd    : service_to_fd: shell,v2,TERM=xterm-256color:export ANDROID_LOG_TAGS="''"; exec logcat '-e' 'reflutter'
--------- beginning of system
05-10 13:36:06.996  8249  8249 E adbd    : service_to_fd: shell,v2,TERM=xterm-256color:export ANDROID_LOG_TAGS="''"; exec logcat '-e' 'reflutter'

More info:

• My app is using Flutter 2.13 (e4a09dbf2bb120fe4674e0576617a0dc)
• I've installed Reflutter from sources (0.7.0)
• I'm on Linux

抓到包为啥都是127.0.0.1 开头的，如何解决？

i start command command line always in HEAD is now at d1b9a6938a [flutter_releases] Flutter stable 2.13.0 Engine Cherrypicks (#33215)，why？

i found a libflutter.so delete version information.
the version hash data is 0000000000

reflutter: command not found

I wrote a demo,but no output print

I have repacked apk and run it on phone,but no dump.dart at /data/data/<PACKAGE_NAME>/

SnapshotHash: 1441d6b13b8623fa7fbf61433abebd31

overall i can intercepts network, but when i hit OTP ( which is after this going to oauth2 ) i got 302 and fail to open apps.

is burp have feature to forward this ? mean between apps and burp skip this step. since i dont need this part.

test apk just two dart file

dunm.dart only find main.dart file

Once re fluttered, the IPA file cannot be installed and failed with the error message as "... does not contain an application bundle, so it cannot be installed on ..."

I used XReSign to https://github.com/xndrs/XReSign to resign the IPA. It's installed but crashed on start.
SnapshotHash: 1441d6b13b8623fa7fbf61433abebd31