worawit / blutter Goto Github PK

Flutter Mobile Application Reverse Engineering Tool

License: MIT License

Python 6.83% CMake 1.81% C++ 89.72% JavaScript 1.64%

blutter's Introduction

B(l)utter

Flutter Mobile Application Reverse Engineering Tool by Compiling Dart AOT Runtime

Currently the application supports only Android libapp.so (arm64 only). Also the application is currently work only against recent Dart versions.

For high priority missing features, see TODO

Environment Setup

This application uses C++20 Formatting library. It requires very recent C++ compiler such as g++>=13, Clang>=16.

I recommend using Linux OS (only tested on Deiban sid/trixie) because it is easy to setup.

Debian Unstable (gcc 13)

Install build tools and depenencies

apt install python3-pyelftools python3-requests git cmake ninja-build \
    build-essential pkg-config libicu-dev libcapstone-dev

Windows

Install git and python 3
Install latest Visual Studio with "Desktop development with C++" and "C++ CMake tools"
Install required libraries (libcapstone and libicu4c)

python scripts\init_env_win.py

Start "x64 Native Tools Command Prompt"

macOS Ventura and Sonoma (clang 16)

Install XCode
Install clang 16 and required tools

brew install llvm@16 cmake ninja pkg-config icu4c capstone
pip3 install pyelftools requests

Usage

Extract "lib" directory from apk file

python3 blutter.py path/to/app/lib/arm64-v8a out_dir

The blutter.py will automatically detect the Dart version from the flutter engine and call executable of blutter to get the information from libapp.so.

If the blutter executable for required Dart version does not exists, the script will automatically checkout Dart source code and compiling it.

Update

You can use git pull to update and run blutter.py with --rebuild option to force rebuild the executable

python3 blutter.py path/to/app/lib/arm64-v8a out_dir --rebuild

Output files

asm/* libapp assemblies with symbols
blutter_frida.js the frida script template for the target application
objs.txt complete (nested) dump of Object from Object Pool
pp.txt all Dart objects in Object Pool

Directories

bin contains blutter executables for each Dart version in "blutter_dartvm<ver>_<os>_<arch>" format
blutter contains source code. need building against Dart VM library
build contains building projects which can be deleted after finishing the build process
dartsdk contains checkout of Dart Runtime which can be deleted after finishing the build process
external contains 3rd party libraries for Windows only
packages contains the static libraries of Dart Runtime
scripts contains python scripts for getting/building Dart

Generating Visual Studio Solution for Development

I use Visual Studio to delevlop Blutter on Windows. --vs-sln options can be used to generate a Visual Studio solution.

python blutter.py path\to\lib\arm64-v8a build\vs --vs-sln

TODO

More code analysis
- Function arguments and return type
- Some psuedo code for code pattern
Generate better Frida script
- More internal classes
- Object modification
Obfuscated app (still missing many functions)
Reading iOS binary
Input as apk or ipa

blutter's People

Contributors

Stargazers

Watchers

Forkers

uni7corn ckandroidproject imzpy crackercat df13954 npc2000 northshad0w ta01st mengxipeng1122 jyotidwi 2018383414 newbielinuxer vaginessa 00xsaydoo sludvix edx-sayed-salman yzctzl coderjingluo iulove 85909474 affilares nicaicaii youth007 tyzam vicoerv 5l1v3r1 m3ez baddychen smallgirl flyingwr heckerstone 9540611855 geary0124 tangsan99999 sanqudui8ban junge-y 271285136 nitanmarcel kxl2005 liu12151407 dujun31 ldzspace neiltong luyu344 fushiqingyun 2659170494 aixiao0621 struce2 as3ng jackchanma samael-z luopeixiong h1d3r shzhbook zyf1118 rajivraj mahdibagheri71 wangxuxiang bzxxxxxx binz120 ineedaspo1 kelvinwang000 sec-fork infiniteyd ayush5harma bluepeople1 nikusharoot kul2o15 stprasst yixi cyb3rhex th3-r3p4ck3r sulab999 speamtalk ashoksoni yumu908 dedshit lovedolove-forked-projects lianquke tianxun666 rmashadi warber0x losenineai yb1994917 kuustudio ghost-xx mu-sec alright21 0xcybershinigami huchundong makheo cryptax yixinbc shadowxiaomo guanfoxyier lk26 tdohex cjlovefree 592767809 hohohoho123

blutter's Issues

Dart 2.10.5,Unable to run successfully

环境:
environment:

ql@ql-None:~/桌面/blutter$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-linux-gnu/13/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none:amdgcn-amdhsa
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 13.2.0-4ubuntu3' --with-bugurl=file:///usr/share/doc/gcc-13/README.Bugs --enable-languages=c,ada,c++,go,d,fortran,objc,obj-c++,m2 --prefix=/usr --with-gcc-major-version-only --program-suffix=-13 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/libexec --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib --enable-libphobos-checking=release --with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch --disable-werror --enable-cet --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none=/build/gcc-13-XYspKM/gcc-13-13.2.0/debian/tmp-nvptx/usr,amdgcn-amdhsa=/build/gcc-13-XYspKM/gcc-13-13.2.0/debian/tmp-gcn/usr --enable-offload-defaulted --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu --with-build-config=bootstrap-lto-lean --enable-link-serialization=2
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 13.2.0 (Ubuntu 13.2.0-4ubuntu3)

出错的命令:
Command in error:

Dart version: 2.10.5, Snapshot: 8ee4ef7a67df9845fba331734198a953, Target: android arm64

....

[256/256] Linking CXX static library libdartvm2.10.5_android_arm64.a
-- Install configuration: "Release"

...

-- Build files have been written to: /home/ql/桌面/blutter/build/blutter_dartvm2.10.5_android_arm64
[2/22] Building CXX object CMakeFiles/...android_arm64.dir/src/DartLoader.cpp.o
FAILED: CMakeFiles/blutter_dartvm2.10.5_android_arm64.dir/src/DartLoader.cpp.o 
/usr/bin/c++ -DDART_COMPRESSED_POINTERS -DDART_PRECOMPILED_RUNTIME -DDART_TARGET_OS_ANDROID -DDART_TARGET_OS_WINDOWS_UWP -DEXCLUDE_CFE_AND_KERNEL_PLATFORM -DFRIDA_TEMPLATE_DIR=\"/home/ql/桌面/blutter/scripts\" -DHAS_SHARED_CLASS_TABLE -DHAS_TYPE_REF -DNDEBUG -DPRODUCT -DTARGET_ARCH_ARM64 -DU_USING_ICU_NAMESPACE=0 -D_HAS_EXCEPTIONS=0 -I/usr/include/capstone -isystem /home/ql/桌面/blutter/packages/include/dartvm2.10.5 -O3 -DNDEBUG -std=c++20 -O3 -fno-rtti -fvisibility=hidden -fvisibility-inlines-hidden -fno-omit-frame-pointer -Winvalid-pch -include /home/ql/桌面/blutter/build/blutter_dartvm2.10.5_android_arm64/CMakeFiles/blutter_dartvm2.10.5_android_arm64.dir/cmake_pch.hxx -MD -MT CMakeFiles/blutter_dartvm2.10.5_android_arm64.dir/src/DartLoader.cpp.o -MF CMakeFiles/blutter_dartvm2.10.5_android_arm64.dir/src/DartLoader.cpp.o.d -o CMakeFiles/blutter_dartvm2.10.5_android_arm64.dir/src/DartLoader.cpp.o -c '/home/ql/桌面/blutter/blutter/src/DartLoader.cpp'

...

FAILED: CMakeFiles/blutter_dartvm2.10.5_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o 
/usr/bin/c++ -DDART_COMPRESSED_POINTERS -DDART_PRECOMPILED_RUNTIME -DDART_TARGET_OS_ANDROID -DDART_TARGET_OS_WINDOWS_UWP -DEXCLUDE_CFE_AND_KERNEL_PLATFORM -DFRIDA_TEMPLATE_DIR=\"/home/ql/桌面/blutter/scripts\" -DHAS_SHARED_CLASS_TABLE -DHAS_TYPE_REF -DNDEBUG -DPRODUCT -DTARGET_ARCH_ARM64 -DU_USING_ICU_NAMESPACE=0 -D_HAS_EXCEPTIONS=0 -I/usr/include/capstone -isystem /home/ql/桌面/blutter/packages/include/dartvm2.10.5 -O3 -DNDEBUG -std=c++20 -O3 -fno-rtti -fvisibility=hidden -fvisibility-inlines-hidden -fno-omit-frame-pointer -Winvalid-pch -include /home/ql/桌面/blutter/build/blutter_dartvm2.10.5_android_arm64/CMakeFiles/blutter_dartvm2.10.5_android_arm64.dir/cmake_pch.hxx -MD -MT CMakeFiles/blutter_dartvm2.10.5_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o -MF CMakeFiles/blutter_dartvm2.10.5_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o.d -o CMakeFiles/blutter_dartvm2.10.5_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o -c '/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp'
In file included from /home/ql/桌面/blutter/blutter/src/Disassembler.h:5,
                 from /home/ql/桌面/blutter/blutter/src/CodeAnalyzer.h:2,
                 from /home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:2:
/home/ql/桌面/blutter/blutter/src/Disassembler_arm64.h:84:59: error: ‘HEAP_BITS’ is not a member of ‘dart’
   84 | constexpr arm64_reg CSREG_DART_HEAP = ToCapstoneReg(dart::HEAP_BITS);
      |                                                           ^~~~~~~~~
/home/ql/桌面/blutter/blutter/src/Disassembler_arm64.h:88:71: error: ‘dart::AllocateObjectABI’ has not been declared
   88 | constexpr arm64_reg CSREG_ALLOCATE_OBJ_TYPEARGS = ToCapstoneReg(dart::AllocateObjectABI::kTypeArgumentsReg);
      |                                                                       ^~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/Disassembler_arm64.h:89:75: error: ‘dart::AllocateClosureABI’ has not been declared
   89 | constexpr arm64_reg CSREG_ALLOCATE_CLOSURE_FUNCTION = ToCapstoneReg(dart::AllocateClosureABI::kFunctionReg);
      |                                                                           ^~~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/Disassembler_arm64.h:90:74: error: ‘dart::AllocateClosureABI’ has not been declared
   90 | constexpr arm64_reg CSREG_ALLOCATE_CLOSURE_CONTEXT = ToCapstoneReg(dart::AllocateClosureABI::kContextReg);
      |                                                                          ^~~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/Disassembler_arm64.h:91:74: error: ‘dart::AllocateClosureABI’ has not been declared
   91 | constexpr arm64_reg CSREG_ALLOCATE_CLOSURE_SCRATCH = ToCapstoneReg(dart::AllocateClosureABI::kScratchReg);
      |                                                                          ^~~~~~~~~~~~~~~~~~
In file included from /home/ql/桌面/blutter/blutter/src/DartField.h:3,
                 from /home/ql/桌面/blutter/blutter/src/DartClass.h:3,
                 from /home/ql/桌面/blutter/blutter/src/VarValue.h:2,
                 from /home/ql/桌面/blutter/blutter/src/il.h:3,
                 from /home/ql/桌面/blutter/blutter/src/CodeAnalyzer.h:3:
/home/ql/桌面/blutter/blutter/src/DartTypes.h:218:37: error: ‘dart::FunctionTypePtr’ has not been declared
  218 |         DartFunctionType* FindOrAdd(dart::FunctionTypePtr fnTypePtr);
      |                                     ^~~~
/home/ql/桌面/blutter/blutter/src/VarValue.h: In member function ‘int VarArray::ElementSize()’:
/home/ql/桌面/blutter/blutter/src/VarValue.h:164:30: error: ‘kCompressedWordSize’ is not a member of ‘dart’
  164 |                 return dart::kCompressedWordSize;
      |                              ^~~~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/VarValue.h: In member function ‘int VarGrowableArray::ElementSize()’:
/home/ql/桌面/blutter/blutter/src/VarValue.h:186:30: error: ‘kCompressedWordSize’ is not a member of ‘dart’
  186 |                 return dart::kCompressedWordSize;
      |                              ^~~~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/VarValue.h: In constructor ‘VarFunctionType::VarFunctionType(const DartFunctionType&)’:
/home/ql/桌面/blutter/blutter/src/VarValue.h:246:83: error: ‘kFunctionTypeCid’ is not a member of ‘dart’; did you mean ‘kFunctionCid’?
  246 |         explicit VarFunctionType(const DartFunctionType& fnType) : VarValue(dart::kFunctionTypeCid, true), fnType(fnType) {}
      |                                                                                   ^~~~~~~~~~~~~~~~
      |                                                                                   kFunctionCid
/home/ql/桌面/blutter/blutter/src/VarValue.h: In constructor ‘VarSentinel::VarSentinel()’:
/home/ql/桌面/blutter/blutter/src/VarValue.h:261:49: error: ‘kSentinelCid’ is not a member of ‘dart’
  261 |         explicit VarSentinel() : VarValue(dart::kSentinelCid, false) {}
      |                                                 ^~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp: In function ‘VarValue* getPoolObject(DartApp&, intptr_t, A64::Register)’:
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:69:67: error: ‘class dart::ClassPtr’ has no member named ‘untag’
   69 |                         auto dartCls = app.GetClass(field.Owner().untag()->id());
      |                                                                   ^~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:76:68: error: ‘const class dart::Array’ has no member named ‘ptr’
   76 |                         return new VarArray(dart::Array::Cast(obj).ptr());
      |                                                                    ^~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:80:28: error: ‘kConstMapCid’ is not a member of ‘dart’; did you mean ‘kContextCid’?
   80 |                 case dart::kConstMapCid:
      |                            ^~~~~~~~~~~~
      |                            kContextCid
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:82:28: error: ‘kConstSetCid’ is not a member of ‘dart’; did you mean ‘kContextCid’?
   82 |                 case dart::kConstSetCid:
      |                            ^~~~~~~~~~~~
      |                            kContextCid
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:92:28: error: ‘kTypeParametersCid’ is not a member of ‘dart’; did you mean ‘kTypeParameterCid’?
   92 |                 case dart::kTypeParametersCid:
      |                            ^~~~~~~~~~~~~~~~~~
      |                            kTypeParameterCid
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:95:91: error: ‘const class dart::Type’ has no member named ‘ptr’
   95 |                         return new VarType(*app.TypeDb()->FindOrAdd(dart::Type::Cast(obj).ptr()));
      |                                                                                           ^~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:101:109: error: ‘const class dart::TypeParameter’ has no member named ‘ptr’
  101 |                         return new VarTypeParameter(*app.TypeDb()->FindOrAdd(dart::TypeParameter::Cast(obj).ptr()));
      |                                                                                                             ^~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:102:28: error: ‘kFunctionTypeCid’ is not a member of ‘dart’; did you mean ‘kFunctionCid’?
  102 |                 case dart::kFunctionTypeCid:
      |                            ^~~~~~~~~~~~~~~~
      |                            kFunctionCid
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:103:83: error: ‘dart::FunctionType’ has not been declared
  103 |                         return new VarFunctionType(*app.TypeDb()->FindOrAdd(dart::FunctionType::Cast(obj).ptr()));
      |                                                                                   ^~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:105:108: error: ‘const class dart::TypeArguments’ has no member named ‘ptr’
  105 |                         return new VarTypeArgument(*app.TypeDb()->FindOrAdd(dart::TypeArguments::Cast(obj).ptr()));
      |                                                                                                            ^~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:107:28: error: ‘kSentinelCid’ is not a member of ‘dart’
  107 |                 case dart::kSentinelCid:
      |                            ^~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp: In member function ‘ILResult FunctionAnalyzer::processLoadFieldTableInstr(AsmInstruction)’:
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1186:137: error: ‘kSentinelCid’ is not a member of ‘dart’
 1186 |                         if (objPoolInstr.insCnt == 0 || objPoolInstr.dstReg != A64::TMP_REG || objPoolInstr.item.ValueTypeId() != dart::kSentinelCid) {
      |                                                                                                                                         ^~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1218:83: error: ‘InitLateStaticFieldStub’ is not a member of ‘DartStub’
 1218 |                                                 INSN_ASSERT(stubKind == DartStub::InitLateStaticFieldStub || stubKind == DartStub::InitLateFinalStaticFieldStub);
      |                                                                                   ^~~~~~~~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:20:15: note: in definition of macro ‘INSN_ASSERT’
   20 |         if (!(cond)) throw InsnException(#cond, insn.ptr()); \
      |               ^~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1218:132: error: ‘InitLateFinalStaticFieldStub’ is not a member of ‘DartStub’
 1218 |                                                 INSN_ASSERT(stubKind == DartStub::InitLateStaticFieldStub || stubKind == DartStub::InitLateFinalStaticFieldStub);
      |                                                                                                                                    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:20:15: note: in definition of macro ‘INSN_ASSERT’
   20 |         if (!(cond)) throw InsnException(#cond, insn.ptr()); \
      |               ^~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1251:108: error: ‘LateInitializationErrorABI’ is not a member of ‘dart’
 1251 |                                 if (objPoolInstr.insCnt > 0 && objPoolInstr.dstReg == A64::Register{ dart::LateInitializationErrorABI::kFieldReg } && objPoolInstr.item.ValueTypeId() == dart::kFieldCid) {
      |                                                                                                            ^~~~~~~~~~~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1251:108: error: no matching function for call to ‘A64::Register::Register(<brace-enclosed initializer list>)’
/home/ql/桌面/blutter/blutter/src/Disassembler_arm64.h:230:19: note: candidate: ‘constexpr A64::Register::Register(arm64_reg)’
  230 |         constexpr Register(arm64_reg r) {
      |                   ^~~~~~~~
/home/ql/桌面/blutter/blutter/src/Disassembler_arm64.h:230:19: note:   conversion of argument 1 would be ill-formed:
/home/ql/桌面/blutter/blutter/src/Disassembler_arm64.h:206:19: note: candidate: ‘constexpr A64::Register::Register(dart::Register)’
  206 |         constexpr Register(dart::Register r) {
      |                   ^~~~~~~~
/home/ql/桌面/blutter/blutter/src/Disassembler_arm64.h:206:19: note:   conversion of argument 1 would be ill-formed:
/home/ql/桌面/blutter/blutter/src/Disassembler_arm64.h:204:19: note: candidate: ‘constexpr A64::Register::Register(Value)’
  204 |         constexpr Register(Value reg) : reg(reg) {}
      |                   ^~~~~~~~
/home/ql/桌面/blutter/blutter/src/Disassembler_arm64.h:204:19: note:   conversion of argument 1 would be ill-formed:
/home/ql/桌面/blutter/blutter/src/Disassembler_arm64.h:203:19: note: candidate: ‘constexpr A64::Register::Register()’
  203 |         constexpr Register() : reg(kNoRegister) {}
      |                   ^~~~~~~~
/home/ql/桌面/blutter/blutter/src/Disassembler_arm64.h:203:19: note:   candidate expects 0 arguments, 1 provided
/home/ql/桌面/blutter/blutter/src/Disassembler_arm64.h:106:24: note: candidate: ‘constexpr A64::Register::Register(const A64::Register&)’
  106 | class alignas(int32_t) Register {
      |                        ^~~~~~~~
/home/ql/桌面/blutter/blutter/src/Disassembler_arm64.h:106:24: note:   conversion of argument 1 would be ill-formed:
/home/ql/桌面/blutter/blutter/src/Disassembler_arm64.h:106:24: note: candidate: ‘constexpr A64::Register::Register(A64::Register&&)’
/home/ql/桌面/blutter/blutter/src/Disassembler_arm64.h:106:24: note:   conversion of argument 1 would be ill-formed:
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1251:100: error: expected primary-expression before ‘{’ token
 1251 |                                 if (objPoolInstr.insCnt > 0 && objPoolInstr.dstReg == A64::Register{ dart::LateInitializationErrorABI::kFieldReg } && objPoolInstr.item.ValueTypeId() == dart::kFieldCid) {
      |                                                                                                    ^
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1251:100: error: expected ‘)’ before ‘{’ token
 1251 |                                 if (objPoolInstr.insCnt > 0 && objPoolInstr.dstReg == A64::Register{ dart::LateInitializationErrorABI::kFieldReg } && objPoolInstr.item.ValueTypeId() == dart::kFieldCid) {
      |                                    ~                                                               ^
      |                                                                                                    )
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1259:77: error: ‘LateInitializationErrorSharedWithoutFPURegsStub’ is not a member of ‘DartStub’
 1259 |                                         INSN_ASSERT(stub->kind == DartStub::LateInitializationErrorSharedWithoutFPURegsStub || stub->kind == DartStub::LateInitializationErrorSharedWithFPURegsStub);
      |                                                                             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:20:15: note: in definition of macro ‘INSN_ASSERT’
   20 |         if (!(cond)) throw InsnException(#cond, insn.ptr()); \
      |               ^~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1259:152: error: ‘LateInitializationErrorSharedWithFPURegsStub’ is not a member of ‘DartStub’
 1259 |                                         INSN_ASSERT(stub->kind == DartStub::LateInitializationErrorSharedWithoutFPURegsStub || stub->kind == DartStub::LateInitializationErrorSharedWithFPURegsStub);
      |                                                                                                                                                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:20:15: note: in definition of macro ‘INSN_ASSERT’
   20 |         if (!(cond)) throw InsnException(#cond, insn.ptr()); \
      |               ^~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp: In member function ‘ILResult FunctionAnalyzer::processGdtCallInstr(AsmInstruction)’:
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1326:56: error: ‘dart::DispatchTableNullErrorABI’ has not been declared
 1326 |                 insn.ops[1].reg == ToCapstoneReg(dart::DispatchTableNullErrorABI::kClassIdReg))
      |                                                        ^~~~~~~~~~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp: In member function ‘ILResult FunctionAnalyzer::processBranchIfSmiInstr(AsmInstruction)’:
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1482:85: error: ‘kCompressedWordSize’ is not a member of ‘dart’
 1482 |         if (insn.id() == ARM64_INS_TBZ && insn.ops[1].imm == dart::kSmiTag && dart::kCompressedWordSize == GetCsRegSize(insn.ops[0].reg)) {
      |                                                                                     ^~~~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp: In member function ‘ILResult FunctionAnalyzer::processLoadClassIdInstr(AsmInstruction)’:
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1492:80: error: ‘dart::UntaggedObject’ has not been declared
 1492 |         if (insn.id() == ARM64_INS_LDUR && insn.ops[1].mem.disp == -1 && dart::UntaggedObject::kClassIdTagPos == 12) {
      |                                                                                ^~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1504:54: error: ‘dart::UntaggedObject’ has not been declared
 1504 |                 INSN_ASSERT(insn.ops[2].imm == dart::UntaggedObject::kClassIdTagPos);
      |                                                      ^~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:20:15: note: in definition of macro ‘INSN_ASSERT’
   20 |         if (!(cond)) throw InsnException(#cond, insn.ptr()); \
      |               ^~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1505:54: error: ‘dart::UntaggedObject’ has not been declared
 1505 |                 INSN_ASSERT(insn.ops[3].imm == dart::UntaggedObject::kClassIdTagSize);
      |                                                      ^~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:20:15: note: in definition of macro ‘INSN_ASSERT’
   20 |         if (!(cond)) throw InsnException(#cond, insn.ptr()); \
      |               ^~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1508:85: error: ‘dart::UntaggedObject’ has not been declared
 1508 |         else if (insn.id() == ARM64_INS_LDURH && insn.ops[1].mem.disp == 1 && dart::UntaggedObject::kClassIdTagPos == 16) {
      |                                                                                     ^~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp: In member function ‘ILResult FunctionAnalyzer::processLoadStore(AsmInstruction)’:
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1921:132: error: ‘kCompressedWordSize’ is not a member of ‘dart’
 1921 |                                 const auto arr_idx = (insn.ops[2].imm + dart::kHeapObjectTag - dart::Array::data_offset()) / dart::kCompressedWordSize;
      |                                                                                                                                    ^~~~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1929:75: error: ‘kCompressedWordSizeLog2’ is not a member of ‘dart’
 1929 |                                         (insn.ops[2].shift.value == dart::kCompressedWordSizeLog2 ||
      |                                                                           ^~~~~~~~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:20:15: note: in definition of macro ‘INSN_ASSERT’
   20 |         if (!(cond)) throw InsnException(#cond, insn.ptr()); \
      |               ^~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1930:83: error: ‘kCompressedWordSizeLog2’ is not a member of ‘dart’
 1930 |                                                 (insn.ops[2].shift.value == dart::kCompressedWordSizeLog2 - 1 || insn.ops[2].ext == ARM64_EXT_SXTW)));
      |                                                                                   ^~~~~~~~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:20:15: note: in definition of macro ‘INSN_ASSERT’
   20 |         if (!(cond)) throw InsnException(#cond, insn.ptr()); \
      |               ^~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1942:122: error: ‘kCompressedWordSize’ is not a member of ‘dart’
 1942 |                         INSN_ASSERT(A64::Register{ insn.ops[0].reg } == valReg && GetCsRegSize(insn.ops[0].reg) == dart::kCompressedWordSize);
      |                                                                                                                          ^~~~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:20:15: note: in definition of macro ‘INSN_ASSERT’
   20 |         if (!(cond)) throw InsnException(#cond, insn.ptr()); \
      |               ^~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1951:47: error: ‘kCompressedWordSize’ is not a member of ‘dart’
 1951 |                         ArrayOp arrayOp(dart::kCompressedWordSize, false, ArrayOp::List);
      |                                               ^~~~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:1995:50: error: ‘dart::UntaggedTypedData’ has not been declared
 1995 |                         bool isTypedData = dart::UntaggedTypedData::payload_offset() - dart::kHeapObjectTag == arr_data_offset;
      |                                                  ^~~~~~~~~~~~~~~~~
/home/ql/桌面/blutter/blutter/src/CodeAnalyzer_arm64.cpp:2046:113: error: ‘dart::UntaggedTypedData’ has not been declared
 2046 |                                 const auto idx = VarStorage::NewSmallImm((offset + dart::kHeapObjectTag - dart::UntaggedTypedData::payload_offset()) / arrayOp.size);
      |                                                                                                                 ^~~~~~~~~~~~~~~~~
ninja: build stopped: subcommand failed.
Traceback (most recent call last):
  File "/home/ql/桌面/blutter/blutter.py", line 138, in <module>
    main(args.indir, args.outdir, args.rebuild, args.vs_sln)
  File "/home/ql/桌面/blutter/blutter.py", line 120, in main
    cmake_blutter(blutter_name, dartlib_name, macros)
  File "/home/ql/桌面/blutter/blutter.py", line 76, in cmake_blutter
    subprocess.run([NINJA_CMD], cwd=builddir, check=True)
  File "/usr/lib/python3.11/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['ninja']' returned non-zero exit status 1.

我在win,kali,ubuntu均报该问题
I have this problem at win,kali,ubuntu.

CMake cannot find the Capstone disassembler library

when i run blutter i got this error massage , any solutions?

Wrong with module ELFFile

python version:3.8.0 or 3.11
当我尝试pip install ELFFile的时候，提示SSL错误，于是我手动下载了elffile-0.0.5的包自行安装，但是又出现了distribute-0.6.14.tar.gz这个包的错误，于是我将distribute-0.6.14.tar.gz也手动下载到本地安装，最终出现了版本不兼容的错误，想询问一下建议的python环境，以及对于ELFFile这个模块，是否可以尝试使用ELFAnalyzer模块（虽然我并不清楚这两个模块的使用方法，看上去ELFFile(file)这个方法解析出来的对象比较清晰完整，方便取出）

Very powerful!!!!

I don't know why there is a problem with your latest version getFieldNames, but I am using your first version later. It can run successfully. It is really great to be able to do this step. Then I want to ask, since there is already an arm instruction in the dart file, why not just decompile the arm instruction?Or the arm command and pseudocode can be displayed

Precompiled release binaries request

Hello @worawit , please add a binary release pipeline, I've spent hours trying to get the project to run on my machine.

got this on a debian based machine

-- Build files have been written to: /home/research/Downloads/blutter/build/blutter_dartvm3.0.3_android_arm64
[1/22] Building CXX object CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/cmake_pch.hxx.gch
FAILED: CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/cmake_pch.hxx.gch 
/usr/bin/c++ -DDART_COMPRESSED_POINTERS -DDART_PRECOMPILED_RUNTIME -DDART_TARGET_OS_ANDROID -DDART_TARGET_OS_WINDOWS_UWP -DEXCLUDE_CFE_AND_KERNEL_PLATFORM -DFRIDA_TEMPLATE_DIR=\"/home/research/Downloads/blutter/scripts\" -DHAS_TYPE_REF -DNDEBUG -DPRODUCT -DTARGET_ARCH_ARM64 -DU_USING_ICU_NAMESPACE=0 -D_HAS_EXCEPTIONS=0 -I/usr/include/capstone -isystem /home/research/Downloads/blutter/packages/include/dartvm3.0.3 -O3 -DNDEBUG -std=c++2a -O3 -fno-rtti -fvisibility=hidden -fvisibility-inlines-hidden -fno-omit-frame-pointer -Winvalid-pch -x c++-header -include /home/research/Downloads/blutter/build/blutter_dartvm3.0.3_android_arm64/CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/cmake_pch.hxx -MD -MT CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/cmake_pch.hxx.gch -MF CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/cmake_pch.hxx.gch.d -o CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/cmake_pch.hxx.gch -c /home/research/Downloads/blutter/build/blutter_dartvm3.0.3_android_arm64/CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/cmake_pch.hxx.cxx
In file included from /home/research/Downloads/blutter/build/blutter_dartvm3.0.3_android_arm64/CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/cmake_pch.hxx:5,
                 from <command-line>:
/home/research/Downloads/blutter/blutter/src/pch.h:12:10: fatal error: format: No such file or directory
   12 | #include <format>
      |          ^~~~~~~~
compilation terminated.
ninja: build stopped: subcommand failed.
Traceback (most recent call last):
  File "/home/research/Downloads/blutter/blutter.py", line 138, in <module>
    main(args.indir, args.outdir, args.rebuild, args.vs_sln)
  File "/home/research/Downloads/blutter/blutter.py", line 120, in main
    cmake_blutter(blutter_name, dartlib_name, macros)
  File "/home/research/Downloads/blutter/blutter.py", line 76, in cmake_blutter
    subprocess.run([NINJA_CMD], cwd=builddir, check=True)
  File "/usr/lib/python3.9/subprocess.py", line 528, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['ninja']' returned non-zero exit status 1.

and this on sonoma 14.1

-- Build files have been written to: /Users/research/Public/blutter/build/blutter_dartvm3.0.3_android_arm64
[6/10] Building CXX object CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o
FAILED: CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o
/opt/homebrew/opt/llvm@15/bin/clang++ -DDART_COMPRESSED_POINTERS -DDART_PRECOMPILED_RUNTIME -DDART_TARGET_OS_ANDROID -DDART_TARGET_OS_WINDOWS_UWP -DEXCLUDE_CFE_AND_KERNEL_PLATFORM -DFRIDA_TEMPLATE_DIR=\"/Users/chalie/Public/blutter/scripts\" -DHAS_TYPE_REF -DNDEBUG -DPRODUCT -DTARGET_ARCH_ARM64 -DU_USING_ICU_NAMESPACE=0 -D_HAS_EXCEPTIONS=0 -I/opt/homebrew/Cellar/capstone/5.0.1/include/capstone -isystem /Users/research/Public/blutter/packages/include/dartvm3.0.3 -O3 -DNDEBUG -std=c++20 -arch arm64 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX14.0.sdk -fexperimental-library -O3 -fno-rtti -fvisibility=hidden -fvisibility-inlines-hidden -fno-omit-frame-pointer -Winvalid-pch -Xarch_arm64 -include/Users/research/Public/blutter/build/blutter_dartvm3.0.3_android_arm64/CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/cmake_pch_arm64.hxx -MD -MT CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o -MF CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o.d -o CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o -c /Users/chalie/Public/blutter/blutter/src/CodeAnalyzer_arm64.cpp
/Users/chalie/Public/blutter/blutter/src/CodeAnalyzer_arm64.cpp:5:10: fatal error: 'source_location' file not found
#include <source_location>
         ^~~~~~~~~~~~~~~~~
1 error generated.
[9/10] Building CXX object CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/src/main.cpp.o
ninja: build stopped: subcommand failed.
Traceback (most recent call last):
  File "/Users/research/Public/blutter/blutter.py", line 138, in <module>
    main(args.indir, args.outdir, args.rebuild, args.vs_sln)
  File "/Users/research/Public/blutter/blutter.py", line 120, in main
    cmake_blutter(blutter_name, dartlib_name, macros)
  File "/Users/chalie/Public/blutter/blutter.py", line 76, in cmake_blutter
    subprocess.run([NINJA_CMD], cwd=builddir, check=True)
  File "/Users/research/.pyenv/versions/3.11.0/lib/python3.11/subprocess.py", line 569, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['ninja']' returned non-zero exit status 1.

Ask for advice humbly

How did the authors know about Dart's Object Pool structure?
Is there any relevant information I can look at? Because I am very curious about this part of the technology

Awesome project! Do you have any plans to support 32-bit?

exception: Current Mac OS X version 13.0 is lower than minimum supported version 13.6

my os version is 13.6.4
After the compilation is successful, the following prompt will appear:
exception: Current Mac OS X version 13.0 is lower than minimum supported version 13.6

Support for AArch32 architecture

If there are any plans to support the AArch32 architecture? Because some applications only provide libraries for AArch32. It would be great to know if there are any ongoing or future efforts to include AArch32 support.

Thanks so much for your hard work on this project! This is the best project for flutter re I have seen until now!

AssertionError

I encountered the following issues while using it, and I hope to receive your answers. Thank you

C:\Users\admin\Desktop\blutter-main>python blutter.py C:\Users\admin\Desktop\2 C:\Users\admin\Desktop\2
Traceback (most recent call last):
  File "blutter.py", line 168, in <module>
    main(args.indir, args.outdir, args.rebuild, args.vs_sln, args.no_analysis)
  File "blutter.py", line 100, in main
    dart_version, snapshot_hash, flags, arch, os_name = extract_dart_info(libapp_file, libflutter_file)
  File "C:\Users\admin\Desktop\blutter-main\extract_dart_info.py", line 110, in extract_dart_info
    engine_ids, dart_version, arch, os_name = extract_libflutter_info(libflutter_file)
  File "C:\Users\admin\Desktop\blutter-main\extract_dart_info.py", line 44, in extract_libflutter_info
    assert len(sha_hashes) == 2
AssertionError

Error on DartFunction.cpp.o , dart 3.3.0-237.0.dev

FAILED: CMakeFiles/blutter_dartvm3.3.0-237.0.dev_android_arm64.dir/src/DartFunction.cpp.o
/usr/local/bin/g++ -DDART_COMPRESSED_POINTERS -DDART_PRECOMPILED_RUNTIME -DDART_TARGET_OS_ANDROID -DDART_TARGET_OS_WINDOWS_UWP -DEXCLUDE_CFE_AND_KERNEL_PLATFORM -DFRIDA_TEMPLATE_DIR=\"/mnt/c/Users/mrago/Documents/frida/blutter-git--ubuntu/blutter/scripts\" -DHAS_RECORD_TYPE -DNDEBUG -DPRODUCT -DTARGET_ARCH_ARM64 -DU_USING_ICU_NAMESPACE=0 -D_HAS_EXCEPTIONS=0 -I/usr/include/capstone -isystem /mnt/c/Users/mrago/Documents/frida/blutter-git--ubuntu/blutter/packages/include/dartvm3.3.0-237.0.dev -O3 -DNDEBUG -std=c++20 -O3 -fno-rtti -fvisibility=hidden -fvisibility-inlines-hidden -fno-omit-frame-pointer -Winvalid-pch -include /mnt/c/Users/mrago/Documents/frida/blutter-git--ubuntu/blutter/build/blutter_dartvm3.3.0-237.0.dev_android_arm64/CMakeFiles/blutter_dartvm3.3.0-237.0.dev_android_arm64.dir/cmake_pch.hxx -MD -MT CMakeFiles/blutter_dartvm3.3.0-237.0.dev_android_arm64.dir/src/DartFunction.cpp.o -MF CMakeFiles/blutter_dartvm3.3.0-237.0.dev_android_arm64.dir/src/DartFunction.cpp.o.d -o CMakeFiles/blutter_dartvm3.3.0-237.0.dev_android_arm64.dir/src/DartFunction.cpp.o -c /mnt/c/Users/mrago/Documents/frida/blutter-git--ubuntu/blutter/blutter/src/DartFunction.cpp
/mnt/c/Users/mrago/Documents/frida/blutter-git--ubuntu/blutter/blutter/src/DartFunction.cpp: In constructor ‘DartFunction::DartFunction(DartClass&, dart::FunctionPtr)’:
/mnt/c/Users/mrago/Documents/frida/blutter-git--ubuntu/blutter/blutter/src/DartFunction.cpp:27:23: error: ‘const class dart::Function’ has no member named ‘IsFfiTrampoline’; did you mean ‘IsFfiTrampolineData’?
   27 |         is_ffi = func.IsFfiTrampoline();
      |                       ^~~~~~~~~~~~~~~
      |                       IsFfiTrampolineData
[21/22] Building CXX object CMakeFiles/blutter_dartvm3.3.0-237.0.dev_android_arm64.dir/src/DartApp.cpp.o
ninja: build stopped: subcommand failed.

https://www.mediafire.com/file/fbiqicpbn4rqjnz/arm64-v8a.zip/file

DartDumper.cpp: 600: error: Unhandle internal class

` python3 blutter.py "/mnt/c/Users/mrago/Downloads/uav292/lib/arm64-v8a" outuav2921 --rebuild

Dart version: 3.0.5, Snapshot: 90b56a561f70cd55e972cb49b79b3d8b, Target: android arm64
-- Configuring done (15.6s)
-- Generating done (0.4s)
-- Build files have been written to: /mnt/c/Users/mrago/Documents/frida/blutter-main/build/blutter_dartvm3.0.5_android_arm64
[22/22] Linking CXX executable blutter_dartvm3.0.5_android_arm64
-- Install configuration: "Release"
-- Installing: /mnt/c/Users/mrago/Documents/frida/blutter-main/blutter/../bin/blutter_dartvm3.0.5_android_arm64
libapp is loaded at 0x7fd0bf1eb000
Dart heap at 0x7fcf00000000
Analyzing the application
Dumping Object Pool
/mnt/c/Users/mrago/Documents/frida/blutter-main/blutter/src/DartDumper.cpp: 600: error: Unhandle internal class
`

fatal error: 'source_location' file not found

On mac os arm64
-- Build files have been written to: /Users/user/Downloads/blutter-main/build/blutter_dartvm2.19.6_android_arm64
[1/4] Building CXX object CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o
FAILED: CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o
/opt/homebrew/opt/llvm@15/bin/clang++ -DDART_COMPRESSED_POINTERS -DDART_PRECOMPILED_RUNTIME -DDART_TARGET_OS_ANDROID -DDART_TARGET_OS_WINDOWS_UWP -DEXCLUDE_CFE_AND_KERNEL_PLATFORM -DFRIDA_TEMPLATE_DIR="/Users/user/Downloads/blutter-main/scripts" -DHAS_TYPE_REF -DNDEBUG -DPRODUCT -DTARGET_ARCH_ARM64 -DU_USING_ICU_NAMESPACE=0 -D_HAS_EXCEPTIONS=0 -I/opt/homebrew/Cellar/capstone/5.0.1/include/capstone -isystem /Users/user/Downloads/blutter-main/packages/include/dartvm2.19.6 -O3 -DNDEBUG -std=c++20 -arch arm64 -isysroot /Library/Developer/CommandLineTools/SDKs/MacOSX14.2.sdk -fexperimental-library -O3 -fno-rtti -fvisibility=hidden -fvisibility-inlines-hidden -fno-omit-frame-pointer -Winvalid-pch -Xarch_arm64 -include/Users/user/Downloads/blutter-main/build/blutter_dartvm2.19.6_android_arm64/CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/cmake_pch_arm64.hxx -MD -MT CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o -MF CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o.d -o CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o -c /Users/user/Downloads/blutter-main/blutter/src/CodeAnalyzer_arm64.cpp
/Users/user/Downloads/blutter-main/blutter/src/CodeAnalyzer_arm64.cpp:5:10: fatal error: 'source_location' file not found
#include <source_location>
^~~~~~~~~~~~~~~~~
1 error generated.
[3/4] Building CXX object CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/src/main.cpp.o
ninja: build stopped: subcommand failed.
Traceback (most recent call last):
File "/Users/user/Downloads/blutter-main/blutter.py", line 168, in
main(args.indir, args.outdir, args.rebuild, args.vs_sln, args.no_analysis)
File "/Users/user/Downloads/blutter-main/blutter.py", line 149, in main
cmake_blutter(blutter_name, dartlib_name, name_suffix, macros)
File "/Users/user/Downloads/blutter-main/blutter.py", line 92, in cmake_blutter
subprocess.run([NINJA_CMD], cwd=builddir, check=True)
File "/opt/homebrew/Cellar/[email protected]/3.11.7_1/Frameworks/Python.framework/Versions/3.11/lib/python3.11/subprocess.py", line 571, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['ninja']' returned non-zero exit status 1.
user@MBP-User blutter-main % g++ --version
Apple clang version 15.0.0 (clang-1500.1.0.2.5)
Target: arm64-apple-darwin23.2.0

On linux the same
-- Build files have been written to: /home/www/android/blutter/build/blutter_dartvm2.19.6_android_arm64
[1/17] Building CXX object CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o
FAILED: CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o
/usr/bin/c++ -DDART_COMPRESSED_POINTERS -DDART_PRECOMPILED_RUNTIME -DDART_TARGET_OS_ANDROID -DDART_TARGET_OS_WINDOWS_UWP -DEXCLUDE_CFE_AND_KERNEL_PLATFORM -DFRIDA_TEMPLATE_DIR="/home/www/android/blutter/scripts" -DHAS_TYPE_REF -DNDEBUG -DPRODUCT -DTARGET_ARCH_ARM64 -DU_USING_ICU_NAMESPACE=0 -D_HAS_EXCEPTIONS=0 -I/usr/include/capstone -isystem /home/www/android/blutter/packages/include/dartvm2.19.6 -O3 -DNDEBUG -std=c++2a -O3 -fno-rtti -fvisibility=hidden -fvisibility-inlines-hidden -fno-omit-frame-pointer -Winvalid-pch -include /home/www/android/blutter/build/blutter_dartvm2.19.6_android_arm64/CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/cmake_pch.hxx -MD -MT CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o -MF CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o.d -o CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o -c /home/www/android/blutter/blutter/src/CodeAnalyzer_arm64.cpp
/home/www/android/blutter/blutter/src/CodeAnalyzer_arm64.cpp:5:10: fatal error: source_location: No such file or directory
5 | #include <source_location>
| ^~~~~~~~~~~~~~~~~
compilation terminated.
[3/17] Building CXX object CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/src/DartDumper.cpp.o
ninja: build stopped: subcommand failed.
Traceback (most recent call last):
File "/home/www/android/blutter/blutter.py", line 168, in
main(args.indir, args.outdir, args.rebuild, args.vs_sln, args.no_analysis)
File "/home/www/android/blutter/blutter.py", line 149, in main
cmake_blutter(blutter_name, dartlib_name, name_suffix, macros)
File "/home/www/android/blutter/blutter.py", line 92, in cmake_blutter
subprocess.run([NINJA_CMD], cwd=builddir, check=True)
File "/usr/lib/python3.9/subprocess.py", line 528, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['ninja']' returned non-zero exit status 1.

www@vps2452:~/android/blutter$ g++ --version
g++ (Debian 10.2.1-6) 10.2.1 20210110

AttributeError: 'NoneType' object has no attribute 'get_symbol_by_name'

https://drive.google.com/file/d/1dOKkEERFIsHPlKL8xpf5183ojLutkDMl/view?usp=drive_link

Traceback (most recent call last):
  File "D:\Android\blutter\blutter\blutter.py", line 138, in <module>
    main(args.indir, args.outdir, args.rebuild, args.vs_sln)
  File "D:\Android\blutter\blutter\blutter.py", line 84, in main
    dart_version, snapshot_hash, arch, os_name = extract_dart_info(libapp_file, libflutter_file)
  File "D:\Android\blutter\blutter\extract_dart_info.py", line 104, in extract_dart_info
    snapshot_hash = extract_snapshot_hash(libapp_file)
  File "D:\Android\blutter\blutter\extract_dart_info.py", line 20, in extract_snapshot_hash
    sym = dynsym.get_symbol_by_name('_kDartVmSnapshotData')[0]
AttributeError: 'NoneType' object has no attribute 'get_symbol_by_name'

MacOS empty output folder created

The script finishes without any errors and creates the output folder without any files in it.

dart::RecordType has no member named "GetFieldNames"

FAILED: CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/src/DartTypes.cpp.o
/usr/bin/c++ -DDART_COMPRESSED_POINTERS -DDART_PRECOMPILED_RUNTIME -DDART_TARGET_OS_ANDROID -DDART_TARGET_OS_WINDOWS_UWP -DEXCLUDE_CFE_AND_KERNEL_PLATFORM -DFRIDA_TEMPLATE_DIR="/home/x1a0/Reserve/blutter/scripts" -DHAS_RECORD_TYPE -DHAS_TYPE_REF -DNDEBUG -DPRODUCT -DTARGET_ARCH_ARM64 -DU_USING_ICU_NAMESPACE=0 -D_HAS_EXCEPTIONS=0 -I/usr/include/capstone -isystem /home/x1a0/Reserve/blutter/packages/include/dartvm2.19.6 -O3 -DNDEBUG -std=c++20 -O3 -fno-rtti -fvisibility=hidden -fvisibility-inlines-hidden -fno-omit-frame-pointer -Winvalid-pch -include /home/x1a0/Reserve/blutter/build/blutter_dartvm2.19.6_android_arm64/CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/cmake_pch.hxx -MD -MT CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/src/DartTypes.cpp.o -MF CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/src/DartTypes.cpp.o.d -o CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/src/DartTypes.cpp.o -c /home/x1a0/Reserve/blutter/blutter/src/DartTypes.cpp
/home/x1a0/Reserve/blutter/blutter/src/DartTypes.cpp: In member function ‘DartRecordType* DartTypeDb::FindOrAdd(dart::RecordTypePtr)’:
/home/x1a0/Reserve/blutter/blutter/src/DartTypes.cpp:201:72: error: ‘const class dart::RecordType’ has no member named ‘GetFieldNames’; did you mean ‘SetFieldNameAt’?
201 | const auto& field_names = dart::Array::Handle(zone, recordType.GetFieldNames(thread));
| ^~~~~~~~~~~~~
| SetFieldNameAt
[14/22] Building CXX object CMakeFiles/blutter_dartvm2.19.6_android_arm64.dir/src/Disassembler.cpp.o
ninja: build stopped: subcommand failed.

returned non-zero exit status 1

why?

cmd log

Command '['cmake', '-GNinja', '-B', 'D:\\project\\blutter\\build\\dartvm3.0.5_android_arm64', '-DTARGET_OS=android', '-DTARGET_ARCH=arm64', '-DCOMPRESSED_PTRS=1', '-DCMAKE_BUILD_TYPE=Release', '--log-level=NOTICE']' returned non-zero exit status 1.
  File "D:\project\blutter\dartvm_fetch_build.py", line 110, in cmake_dart
    subprocess.run([CMAKE_CMD, '-GNinja', '-B', builddir, f'-DTARGET_OS={os_name}', f'-DTARGET_ARCH={arch}',
  File "D:\project\blutter\dartvm_fetch_build.py", line 120, in fetch_and_build
    cmake_dart(ver, arch, os_name, has_compressed_ptrs, outdir)
  File "D:\project\blutter\blutter.py", line 169, in main
    fetch_and_build(
  File "D:\project\blutter\blutter.py", line 250, in <module>
    main(input, outdir, rebuild, vs_sln, no_analysis)
subprocess.CalledProcessError: Command '['cmake', '-GNinja', '-B', 'D:\\project\\blutter\\build\\dartvm3.0.5_android_arm64', '-DTARGET_OS=android', '-DTARGET_ARCH=arm64', '-DCOMPRESSED_PTRS=1', '-DCMAKE_BUILD_TYPE=Release', '--log-level=NOTICE']' returned non-zero exit status 1.

kClassIdTagPos and kClassIdTagSize has different value before v2.19.0

when trying analysis this arm64-v8a.zip, blutter crash without any error message.

i found it is due to ClassIdTag haven't proper decoding, lead app.GetClass(cid) get null:

blutter/blutter/src/CodeAnalyzer_arm64.cpp

Line 2532 in 73d2047

const uint32_t cid = (tag >> 12) & 0xfffff;

kClassIdTagPos and kClassIdTagSize has different value before dart sdk v2.19.0:
dart-lang/sdk@9182d5e#diff-e2d3fa264174761dfda0d15a527f72dc24d301a490f98832709f2caec5fdb5fe

I will submit a pull request try to fix this, thanks a lot.

error: expected: insn.id() == ARM64_INS_BL, on Dart 3.1.3

Same issue as https://github.com/worawit/blutter/issues/11, but this time on dart 3.1.3.

Dart version: 3.1.3, Snapshot: 7dbbeeb8ef7b91338640dca3927636de, Target: android arm64
libapp is loaded at 0x7f100c3b8000
Dart heap at 0x7f0f00000000
Analyzing the application
Analysis error at line 1140 ILResult FunctionAnalyzer::processLoadInt32FromBoxOrSmiInstr(AsmInstruction): insn.id() == ARM64_INS_LDUR
0xe6f578: ldr x30, [x21, x30, lsl #3]
0xe6f57c: blr x30
0xe6f580: sbfx x1, x0, #1, #0x1f
0xe6f584: tbz w0, #0, #0xe6f590

0xe6f588: nop
0xe6f58c: ldur x1, [x0, #7]
Analysis error at line 1140 ILResult FunctionAnalyzer::processLoadInt32FromBoxOrSmiInstr(AsmInstruction): insn.id() == ARM64_INS_LDUR
0xe6f5cc: ldr x30, [x21, x30, lsl #3]
0xe6f5d0: blr x30
0xe6f5d4: sbfx x1, x0, #1, #0x1f
0xe6f5d8: tbz w0, #0, #0xe6f5e4
0xe6f5dc: nop
0xe6f5e0: ldur x1, [x0, #7]

lib:
https://www.mediafire.com/file/p2myxj33cfhcmho/arm64-v8a.zip/file

returned non-zero exit status 1

D:\project\blutter>python -V
Python 3.11.4

D:\project\blutter>python scripts\init_env_win.py
Downloading ICU library from https://github.com/unicode-org/icu/releases/download/release-73-2/icu4c-73_2-Win64-MSVC2019.zip
Extracting ICU library
Downloading Capstone from https://github.com/capstone-engine/capstone/releases/download/4.0.2/capstone-4.0.2-win64.zip
Extracting Capstone library
Copying dlls to bin directory
Done

D:\project\blutter>python blutter.py
Dart version: 3.0.5, Snapshot: 90b56a561f70cd55e972cb49b79b3d8b, Target: android arm64
flags: product no-code_comments no-dwarf_stack_traces_mode no-lazy_dispatchers dedup_instructions no-asserts arm64 android compressed-pointers null-safety
CMake Error at C:/Program Files/CMake/share/cmake-3.29/Modules/FindPackageHandleStandardArgs.cmake:230 (message):
  Failed to find all ICU components (missing: ICU_INCLUDE_DIR ICU_LIBRARY
  _ICU_REQUIRED_LIBS_FOUND)
Call Stack (most recent call first):
  C:/Program Files/CMake/share/cmake-3.29/Modules/FindPackageHandleStandardArgs.cmake:600 (_FPHSA_FAILURE_MESSAGE)
  C:/Program Files/CMake/share/cmake-3.29/Modules/FindICU.cmake:334 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
  CMakeLists.txt:20 (find_package)


-- Configuring incomplete, errors occurred!
Traceback (most recent call last):
  File "D:\project\blutter\blutter.py", line 250, in <module>
    main(input, outdir, rebuild, vs_sln, no_analysis)
  File "D:\project\blutter\blutter.py", line 169, in main
    fetch_and_build(
  File "D:\project\blutter\dartvm_fetch_build.py", line 120, in fetch_and_build
    cmake_dart(ver, arch, os_name, has_compressed_ptrs, outdir)
  File "D:\project\blutter\dartvm_fetch_build.py", line 110, in cmake_dart
    subprocess.run([CMAKE_CMD, '-GNinja', '-B', builddir, f'-DTARGET_OS={os_name}', f'-DTARGET_ARCH={arch}',
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "D:\develop\miniconda\Lib\subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['cmake', '-GNinja', '-B', 'D:\\project\\blutter\\build\\dartvm3.0.5_android_arm64', '-DTARGET_OS=android', '-DTARGET_ARCH=arm64', '-DCOMPRESSED_PTRS=1', '-DCMAKE_BUILD_TYPE=Release', '--log-level=NOTICE']' returned non-zero exit status 1.

Dart V2.14.2 是否支持啊？

支持的Dart版本是多少啊？Dart V2.14.2是不是不行啊，报这个错：

Dart version: 2.14.2, Snapshot: a2eb9c8f76afc3bc3df585126eefc79c, Target: android arm64

In file included from /Users/wangsheng/workspace/dingtalk/blutter/build/blutter_dartvm2.14.2_android_arm64/CMakeFiles/blutter_dartvm2.14.2_android_arm64.dir/cmake_pch_arm64.hxx:5:
/Users/wangsheng/workspace/dingtalk/blutter/blutter/src/pch.h:43:19: error: unknown type name 'ImmutableLinkedHashMap'; did you mean 'UntaggedLinkedHashMap'?
using ConstMap = ImmutableLinkedHashMap;
^
/Users/wangsheng/workspace/dingtalk/blutter/packages/include/dartvm2.14.2/vm/raw_object.h:2997:7: note: 'UntaggedLinkedHashMap' declared here
class UntaggedLinkedHashMap : public UntaggedLinkedHashBase {
^
In file included from :1:
In file included from /Users/wangsheng/workspace/dingtalk/blutter/build/blutter_dartvm2.14.2_android_arm64/CMakeFiles/blutter_dartvm2.14.2_android_arm64.dir/cmake_pch_arm64.hxx:5:
/Users/wangsheng/workspace/dingtalk/blutter/blutter/src/pch.h:45:19: error: unknown type name 'ImmutableLinkedHashSet'; did you mean 'UntaggedLinkedHashSet'?
using ConstSet = ImmutableLinkedHashSet;
^
/Users/wangsheng/workspace/dingtalk/blutter/packages/include/dartvm2.14.2/vm/raw_object.h:3001:7: note: 'UntaggedLinkedHashSet' declared here
class UntaggedLinkedHashSet : public UntaggedLinkedHashBase {
^
In file included from :1:
In file included from /Users/wangsheng/workspace/dingtalk/blutter/build/blutter_dartvm2.14.2_android_arm64/CMakeFiles/blutter_dartvm2.14.2_android_arm64.dir/cmake_pch_arm64.hxx:5:
/Users/wangsheng/workspace/dingtalk/blutter/blutter/src/pch.h:49:18: error: use of undeclared identifier 'kImmutableLinkedHashMapCid'
kConstMapCid = kImmutableLinkedHashMapCid,
^
/Users/wangsheng/workspace/dingtalk/blutter/blutter/src/pch.h:51:18: error: use of undeclared identifier 'kImmutableLinkedHashSetCid'
kConstSetCid = kImmutableLinkedHashSetCid,
^
4 errors generated.

[Feature Request] radare2 support

Edit: see #17. Realized that's it's better to also have things output to json than hard coding support for a tool inside the program.

Radare is a terminal based reverse engineering framework similar to ghidra or IDA, would be possible to have it so all the unknown/not exported methods from radare to be added?

One thing I've noticed when decompiling an application is that all the offsets are the same, so would probably just be a case of using r2pipe to rename all the functions. (Check afn command)

And of course, there are also other edge cases where the strings don't return any usage reference in the disassembled code, but at least to have the functions names would be nice

Missing files

Traceback (most recent call last):
File "D:\PyCharm2022.2.3\blutter\scripts\dartvm_create_srclist.py", line 72, in
srcs = get_default_src_files(os.path.join(BASEDIR, 'lib', lib+'_sources.gni'))
File "D:\PyCharm2022.2.3\blutter\scripts\dartvm_create_srclist.py", line 27, in get_default_src_files
objs = extract_sources(gni_file)
File "D:\PyCharm2022.2.3\blutter\scripts\dartvm_create_srclist.py", line 9, in extract_sources
with open(gni_file, 'r') as f:
FileNotFoundError: [Errno 2] No such file or directory: '.\lib\async_sources.gni'
Traceback (most recent call last):
File "blutter.py", line 140, in
main(args.indir, args.outdir, args.rebuild, args.vs_sln)
File "blutter.py", line 102, in main
fetch_and_build(dart_version, arch, os_name)
File "D:\PyCharm2022.2.3\blutter\dartvm_fetch_build.py", line 75, in fetch_and_build
cmake_dart(ver, arch, os_name, outdir)
File "D:\PyCharm2022.2.3\blutter\dartvm_fetch_build.py", line 60, in cmake_dart
subprocess.run([sys.executable, CREATE_SRCLIST_FILE, target_dir], check=True)
File "D:\Python38\lib\subprocess.py", line 512, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['D:\Python38\python.exe', 'D:\PyCharm2022.2.3\blutter\scripts\dartvm_create_srclist.py', 'D:\PyCharm2022.2.3\blutter\dartsdk\v3.0.5']' returned non-zero exit status 1.

/root/blutter/blutter/src/pch.h:12:10: fatal error: format: No such file or directory

Testing on termux

root@localhost:~/blutter# python3 blutter.py lib/ out1
Dart version: 3.0.3, Snapshot: 90b56a561f70cd55e972cb49b79b3d8b, Target: android arm64 -- Configuring done -- Generating done -- Build files have been written to: /root/blutter/build/blutter_dartvm3.0.3_android_arm64 [1/22] Building CXX object CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/cmake_pch.hxx.gch FAILED: CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/cmake_pch.hxx.gch /bin/c++ -DDART_COMPRESSED_POINTERS -DDART_PRECOMPILED_RUNTIME -DDART_TARGET_OS_ANDROID -DDART_TARGET_OS_WINDOWS_UWP -DEXCLUDE_CFE_AND_KERNEL_PLATFORM -DFRIDA_TEMPLATE_DIR="/root/blutter/scripts" -DHAS_TYPE_REF -DNDEBUG -DPRODUCT -DTARGET_ARCH_ARM64 -DU_USING_ICU_NAMESPACE=0 -D_HAS_EXCEPTIONS=0 -I/usr/include/capstone -isystem /root/blutter/packages/include/dartvm3.0.3 -O3 -DNDEBUG -O3 -fno-rtti -fvisibility=hidden -fvisibility-inlines-hidden -fno-omit-frame-pointer -std=c++20 -Winvalid-pch -x c++-header -include /root/blutter/build/blutter_dartvm3.0.3_android_arm64/CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/cmake_pch.hxx -MD -MT CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/cmake_pch.hxx.gch -MF CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/cmake_pch.hxx.gch.d -o CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/cmake_pch.hxx.gch -c /root/blutter/build/blutter_dartvm3.0.3_android_arm64/CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/cmake_pch.hxx.cxx
In file included from /root/blutter/build/blutter_dartvm3.0.3_android_arm64/CMakeFiles/blutter_dartvm3.0.3_android_arm64.dir/cmake_pch.hxx:5,
from :
/root/blutter/blutter/src/pch.h:12:10: fatal error: format: No such file or directory
12 | #include
| ^~~~~~~~
compilation terminated.
ninja: build stopped: subcommand failed.
Traceback (most recent call last):
File "/root/blutter/blutter.py", line 138, in
main(args.indir, args.outdir, args.rebuild, args.vs_sln)
File "/root/blutter/blutter.py", line 120, in main
cmake_blutter(blutter_name, dartlib_name, macros)
File "/root/blutter/blutter.py", line 76, in cmake_blutter
subprocess.run([NINJA_CMD], cwd=builddir, check=True)
File "/usr/lib/python3.10/subprocess.py", line 526, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['ninja']' returned non-zero exit status 1.

运行出错

Dart version: 2.10.5, Snapshot: 8ee4ef7a67df9845fba331734198a953, Target: android arm64
flags: product no-dwarf_stack_traces_mode no-causal_async_stacks lazy_async_stacks no-lazy_dispatchers use_bare_instructions dedup_instructions no-"asserts" arm64-sysv no-null-safety
Dart version <2.15, force "no-analysis" option
-- Configuring done (0.1s)
-- Generating done (0.0s)
-- Build files have been written to: C:/Qt/blutter/build/blutter_dartvm2.10.5_android_arm64_no-compressed-ptrs_no-analysis
[1/22] Building CXX object CMakeFiles\blutter_dartvm2.10.5...arm64_no-compressed-ptrs_no-analysis.dir\cmake_pch.cxx.obj
FAILED: CMakeFiles/blutter_dartvm2.10.5_android_arm64_no-compressed-ptrs_no-analysis.dir/cmake_pch.cxx.obj
C:\PROGRA~~1\MIB055~~1\2022\COMMUN~~1\VC\Tools\MSVC\1438~~1.331\bin\Hostx64\x64\cl.exe /nologo /TP -DDART_PRECOMPILED_RUNTIME -DDART_TARGET_OS_ANDROID -DDART_TARGET_OS_WINDOWS_UWP -DEXCLUDE_CFE_AND_KERNEL_PLATFORM -DFRIDA_TEMPLATE_DIR="C:/Qt/blutter/scripts" -DHAS_SHARED_CLASS_TABLE -DHAS_TYPE_REF -DNDEBUG -DNO_CODE_ANALYSIS -DNO_INIT_LATE_STATIC_FIELD -DNO_LAST_INTERNAL_ONLY_CID -DOLD_MAP_NO_IMMUTABLE -DOLD_MAP_SET_NAME -DPRODUCT -DTARGET_ARCH_ARM64 -DU_USING_ICU_NAMESPACE=0 -D_HAS_EXCEPTIONS=0 -external:IC:\Qt\blutter\packages\include\dartvm2.10.5 -external:IC:\Qt\blutter\blutter..\external\capstone\include\capstone -external:W0 /DWIN32 /D_WINDOWS /EHsc /O2 /Ob2 /DNDEBUG -std:c++20 -MD /Oy /GR- /sdl- /Oi /GL /Gy /Zc:wchar_t /Zc:inline /YcC:/Qt/blutter/build/blutter_dartvm2.10.5_android_arm64_no-compressed-ptrs_no-analysis/CMakeFiles/blutter_dartvm2.10.5_android_arm64_no-compressed-ptrs_no-analysis.dir/cmake_pch.hxx /FpC:/Qt/blutter/build/blutter_dartvm2.10.5_android_arm64_no-compressed-ptrs_no-analysis/CMakeFiles/blutter_dartvm2.10.5_android_arm64_no-compressed-ptrs_no-analysis.dir/./cmake_pch.cxx.pch /FIC:/Qt/blutter/build/blutter_dartvm2.10.5_android_arm64_no-compressed-ptrs_no-analysis/CMakeFiles/blutter_dartvm2.10.5_android_arm64_no-compressed-ptrs_no-analysis.dir/cmake_pch.hxx /showIncludes /FoCMakeFiles\blutter_dartvm2.10.5_android_arm64_no-compressed-ptrs_no-analysis.dir\cmake_pch.cxx.obj /FdCMakeFiles\blutter_dartvm2.10.5_android_arm64_no-compressed-ptrs_no-analysis.dir\ /FS -c C:\Qt\blutter\build\blutter_dartvm2.10.5_android_arm64_no-compressed-ptrs_no-analysis\CMakeFiles\blutter_dartvm2.10.5_android_arm64_no-compressed-ptrs_no-analysis.dir\cmake_pch.cxx
C:/Qt/blutter/blutter/src/pch.h(43): error C2061: 语法错误: 标识符“LinkedHashSet”
C:/Qt/blutter/blutter/src/pch.h(46): error C2061: 语法错误: 标识符“LinkedHashSet”
C:/Qt/blutter/blutter/src/pch.h(54): error C2065: “kLinkedHashSetCid”: 未声明的标识符
C:/Qt/blutter/blutter/src/pch.h(57): error C2065: “kLinkedHashSetCid”: 未声明的标识符
ninja: build stopped: subcommand failed.
Traceback (most recent call last):
File "blutter.py", line 168, in
main(args.indir, args.outdir, args.rebuild, args.vs_sln, args.no_analysis)
File "blutter.py", line 149, in main
cmake_blutter(blutter_name, dartlib_name, name_suffix, macros)
File "blutter.py", line 92, in cmake_blutter
subprocess.run([NINJA_CMD], cwd=builddir, check=True)
File "C:\Program Files\python\lib\subprocess.py", line 512, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['ninja']' returned non-zero exit status 1.

What is this mistake

环境配置

有没有Windows环境下的配置教程

About getting https or http request data

When using blutter's frida script to hook http behavior, it seems that only the url and cookie can be obtained, and the post data packet cannot be obtained

是版本太低的原因嘛这个报错124: error: expected: dartCls->Id()

C:\Users\Administrator\Desktop\blutter-main>python blutter.py ./app ./output
Dart version: 2.17.5, Snapshot: 1441d6b13b8623fa7fbf61433abebd31, Target: android arm64
libapp is loaded at 0x236e1a40000
Dart heap at 0x23700000000
Analyzing the application
C:\Users\Administrator\Desktop\blutter-main\blutter\src\CodeAnalyzer_arm64.cpp: 124: error: expected: dartCls->Id() >= dart::kNumPredefinedCids

can not find file

Dart version: 3.0.2, Snapshot: aa64af18e7d086041ac127cc4bc50c5e, Target: android arm64
flags: product no-code_comments dwarf_stack_traces_mode no-lazy_dispatchers dedup_instructions no-asserts arm64 android compressed-pointers null-safety
Traceback (most recent call last):
File ".\blutter.py", line 168, in
main(args.indir, args.outdir, args.rebuild, args.vs_sln, args.no_analysis)
File ".\blutter.py", line 130, in main
fetch_and_build(dart_version, arch, os_name, has_compressed_ptrs, snapshot_hash)
File "E:\Git\blutter\dartvm_fetch_build.py", line 118, in fetch_and_build
outdir = checkout_dart(ver, snapshot_hash)
File "E:\Git\blutter\dartvm_fetch_build.py", line 49, in checkout_dart
subprocess.run([GIT_CMD, '-c', 'advice.detachedHead=false', 'clone', '-b', ver, '--depth', '1', '--filter=blob:none', '--sparse', '--progress', DART_GIT_URL, clonedir], check=True)
File "E:\python\lib\subprocess.py", line 489, in run
with Popen(*popenargs, **kwargs) as process:
File "E:\python\lib\subprocess.py", line 854, in init
self._execute_child(args, executable, preexec_fn, close_fds,
File "E:\python\lib\subprocess.py", line 1307, in _execute_child
hp, ht, pid, tid = _winapi.CreateProcess(executable, args,
FileNotFoundError: [WinError 2] 系统找不到指定的文件。

Can't run this tool

CodeAnalyzer_arm64.cpp: 117: error:

CodeAnalyzer_arm64.cpp: 117: error: expected: dartCls->Id() >= dart::kNumPredefinedCids

https://www.mediafire.com/file/apavkidxob9g8zx/arm64-v8a.zip/file

MacOS tool is not working

Hi, I have installed all the required dependencies mentioned in the readme file. However, when I run the tool, it shows an error that I am unable to debug. I need some help with this.

error :

blutter.py /Users/pavel/Documents/blutter/lib/arm64-v8a build\vs --vs-sln
Dart version: 3.1.5, Snapshot: 85db978ceb98b8ae97a75e17b3bdc693, Target: android arm64
flags: product no-code_comments dwarf_stack_traces_mode no-lazy_dispatchers dedup_instructions no-asserts arm64 android compressed-pointers null-safety
CMake Error at /opt/homebrew/Cellar/cmake/3.28.3/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:230 (message):
Failed to find all ICU components (missing: ICU_LIBRARY
_ICU_REQUIRED_LIBS_FOUND) (found version "72.1")
Call Stack (most recent call first):
/opt/homebrew/Cellar/cmake/3.28.3/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:600 (_FPHSA_FAILURE_MESSAGE)
/opt/homebrew/Cellar/cmake/3.28.3/share/cmake/Modules/FindICU.cmake:333 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
CMakeLists.txt:20 (find_package)

-- Configuring incomplete, errors occurred!
Traceback (most recent call last):
File "/Users/pavel/Documents/blutter/blutter.py", line 168, in
main(args.indir, args.outdir, args.rebuild, args.vs_sln, args.no_analysis)
File "/Users/pavel/Documents/blutter/blutter.py", line 130, in main
fetch_and_build(dart_version, arch, os_name, has_compressed_ptrs, snapshot_hash)
File "/Users/pavel/Documents/blutter/dartvm_fetch_build.py", line 120, in fetch_and_build
cmake_dart(ver, arch, os_name, has_compressed_ptrs, outdir)
File "/Users/pavel/Documents/blutter/dartvm_fetch_build.py", line 110, in cmake_dart
subprocess.run([CMAKE_CMD, '-GNinja', '-B', builddir, f'-DTARGET_OS={os_name}', f'-DTARGET_ARCH={arch}',
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/pavel/anaconda3/lib/python3.11/subprocess.py", line 571, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['cmake', '-GNinja', '-B', '/Users/pavel/Documents/blutter/build/dartvm3.1.5_android_arm64', '-DTARGET_OS=android', '-DTARGET_ARCH=arm64', '-DCOMPRESSED_PTRS=1', '-DCMAKE_BUILD_TYPE=Release', '--log-level=NOTICE']' returned non-zero exit status 1.

Get exception with `TestType is not Type`

any help?

IDA decompiled code is incorrect

When using IDA to decompile into c code, it seems that because it is written in dart, a function is decompiled to incorrect code in many places。Do you have a way to get ida to decompile the correct c code from the dart stack?
https://www.guardsquare.com/blog/obstacles-in-dart-decompilation-and-the-impact-on-flutter-app-security

new problem

(pytest38) PS C:\Users\1232\Desktop\blutter> python blutter.py arm64-v8a ./output
Dart version: 3.1.0, Snapshot: 7dbbeeb8ef7b91338640dca3927636de, Target: android arm64
flags: product no-code_comments no-dwarf_stack_traces_mode no-lazy_dispatchers dedup_instructions no-asserts arm64 android compressed-pointers null-safety
Cloning into 'C:\Users\1232\Desktop\blutter\dartsdk\v3.1.0'...
remote: Enumerating objects: 2487, done.
remote: Counting objects: 100% (2487/2487), done.
remote: Compressing objects: 100% (2040/2040), done.
remote: Total 2487 (delta 76), reused 1430 (delta 49), pack-reused 0
Receiving objects: 100% (2487/2487), 1.49 MiB | 3.16 MiB/s, done.
Resolving deltas: 100% (76/76), done.
remote: Enumerating objects: 24, done.
remote: Counting objects: 100% (24/24), done.
remote: Compressing objects: 100% (23/23), done.
remote: Total 24 (delta 0), reused 8 (delta 0), pack-reused 0
Receiving objects: 100% (24/24), 130.09 KiB | 594.00 KiB/s, done.
Updating files: 100% (24/24), done.
remote: Enumerating objects: 3590, done.
remote: Counting objects: 100% (3590/3590), done.
remote: Compressing objects: 100% (2578/2578), done.
remote: Total 3590 (delta 1176), reused 1924 (delta 968), pack-reused 0
Receiving objects: 100% (3590/3590), 8.21 MiB | 5.20 MiB/s, done.
Resolving deltas: 100% (1176/1176), done.
Updating files: 100% (4070/4070), done.
Traceback (most recent call last):
File "blutter.py", line 168, in
main(args.indir, args.outdir, args.rebuild, args.vs_sln, args.no_analysis)
File "blutter.py", line 130, in main
fetch_and_build(dart_version, arch, os_name, has_compressed_ptrs, snapshot_hash)
File "C:\Users\1232\Desktop\blutter\dartvm_fetch_build.py", line 120, in fetch_and_build
cmake_dart(ver, arch, os_name, has_compressed_ptrs, outdir)
File "C:\Users\1232\Desktop\blutter\dartvm_fetch_build.py", line 110, in cmake_dart
subprocess.run([CMAKE_CMD, '-GNinja', '-B', builddir, f'-DTARGET_OS={os_name}', f'-DTARGET_ARCH={arch}',
File "E:\anaconda\envs\pytest38\lib\subprocess.py", line 493, in run
with Popen(*popenargs, **kwargs) as process:
File "E:\anaconda\envs\pytest38\lib\subprocess.py", line 858, in init
self._execute_child(args, executable, preexec_fn, close_fds,
File "E:\anaconda\envs\pytest38\lib\subprocess.py", line 1311, in _execute_child
hp, ht, pid, tid = _winapi.CreateProcess(executable, args,
FileNotFoundError: [WinError 2] 系统找不到指定的文件。

rename error

when run the python script "addNames.py" on IDA, some error log below
4B764C: can't rename byte as 'get$get_rx$src$rx_types$rx_types_::RxNumExt.>4b764c' because it contains a bad character '>'.
7D1B64: can't rename byte as 'gg$global_service$g_webrtc_proxy_server::_extension#0.toDCPacket_7d1b64' because it contains a bad character '#'.

illegal rename, can it be fixed?

How to use blutter_frida.js

Is it possible to log arguments of flutter methods using blutter_frida.js

FAILED: CMakeFiles/dartvm3.2.0_android_arm64.dir/runtime/vm/regexp_parser.cc.o

This is my error. Could you please help me see what the reason is? Thank you

Dart version: 3.2.0, Snapshot: f71c76320d35b65f1164dbaa6d95fe09, Target: android arm64
-- Found the following ICU libraries:
-- uc (required)
-- Release
-- Configuring done
-- Generating done
-- Build files have been written to: /root/blutter/build/dartvm3.2.0_android_arm64
[2/196] Building CXX object CMakeFiles/dartvm3.2.0_android_arm64.dir/runtime/vm/regexp_parser.cc.o
FAILED: CMakeFiles/dartvm3.2.0_android_arm64.dir/runtime/vm/regexp_parser.cc.o
/usr/bin/c++ -DDART_COMPRESSED_POINTERS -DDART_PRECOMPILED_RUNTIME -DDART_TARGET_OS_ANDROID -DDART_TARGET_OS_WINDOWS_UWP -DEXCLUDE_CFE_AND_KERNEL_PLATFORM -DNDEBUG -DPRODUCT -DTARGET_ARCH_ARM64 -DU_USING_ICU_NAMESPACE=0 -D_HAS_EXCEPTIONS=0 -I/root/blutter/dartsdk/v3.2.0/runtime -O3 -DNDEBUG -fPIC -fvisibility=hidden -fvisibility-inlines-hidden -O3 -fno-ident -fdata-sections -ffunction-sections -fno-omit-frame-pointer -fno-rtti -fno-exceptions -std=gnu++1z -MD -MT CMakeFiles/dartvm3.2.0_android_arm64.dir/runtime/vm/regexp_parser.cc.o -MF CMakeFiles/dartvm3.2.0_android_arm64.dir/runtime/vm/regexp_parser.cc.o.d -o CMakeFiles/dartvm3.2.0_android_arm64.dir/runtime/vm/regexp_parser.cc.o -c /root/blutter/dartsdk/v3.2.0/runtime/vm/regexp_parser.cc
/root/blutter/dartsdk/v3.2.0/runtime/vm/regexp_parser.cc: In function ‘bool dart::{anonymous}::IsSupportedBinaryProperty(UProperty)’:
/root/blutter/dartsdk/v3.2.0/runtime/vm/regexp_parser.cc:1592:10: error: ‘UCHAR_EXTENDED_PICTOGRAPHIC’ was not declared in this scope
1592 | case UCHAR_EXTENDED_PICTOGRAPHIC:
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
[4/196] Building CXX object CMakeFiles/dartvm3.2.0_android_arm64.dir/runtime/vm/json_writer.cc.o
ninja: build stopped: subcommand failed.
Traceback (most recent call last):
File "blutter.py", line 138, in
main(args.indir, args.outdir, args.rebuild, args.vs_sln)
File "blutter.py", line 101, in main
fetch_and_build(dart_version, arch, os_name)
File "/root/blutter/dartvm_fetch_build.py", line 110, in fetch_and_build
cmake_dart(ver, arch, os_name, outdir)
File "/root/blutter/dartvm_fetch_build.py", line 105, in cmake_dart
subprocess.run([NINJA_CMD], cwd=builddir, check=True)
File "/usr/lib/python3.7/subprocess.py", line 512, in run
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['ninja']' returned non-zero exit status 1.

Lost parts?

Hi, It works very well with blutter, but sometimes I find that information has been lost. For example in this code fragment (dart 3.1.3). As you can see in blutter, the conditional part does not appear (in bold) or perhaps it becomes very complicated to follow. (in the pp file, there is no result for showlock either)

Original

class LockedFeature extends StatelessWidget {
  const LockedFeature(
      {required this.child, this.actionAfter, this.showLock = false, Key? key})
      : super(key: key);
  final Widget child;
  final Function? actionAfter;
  final bool showLock;

  override
  Widget build(BuildContext context) {
    Widget child = IgnorePointer(child: this.child);
    **if (showLock)
      child = Stack(
        alignment: Alignment.center,
        children: [
          IgnorePointer(child: this.child),
          Icon(appStateSettings["outlinedIcons"]
              ? Icons.lock_outlined
              : Icons.lock_rounded),
        ],
      );**
    return Tappable(
      onTap: () async {
        bool result = await premiumPopupPushRoute(context);
        if (actionAfter != null && result == true) actionAfter!();
      },
      borderRadius: 20,
      color: Colors.transparent,
      child: child,
    );
  }
}

Blutter

class LockedFeature extends StatelessWidget {

  _ build(/* No info */) {
    // ** addr: 0xa97b08, size: 0xbc
    // 0xa97b08: EnterFrame
    //     0xa97b08: stp             fp, lr, [SP, #-0x10]!
    //     0xa97b0c: mov             fp, SP
    // 0xa97b10: AllocStack(0x40)
    //     0xa97b10: sub             SP, SP, #0x40
    // 0xa97b14: CheckStackOverflow
    //     0xa97b14: ldr             x16, [THR, #0x38]  ; THR::stack_limit
    //     0xa97b18: cmp             SP, x16
    //     0xa97b1c: b.ls            #0xa97bbc
    // 0xa97b20: r1 = 2
    //     0xa97b20: movz            x1, #0x2
    // 0xa97b24: r0 = AllocateContext()
    //     0xa97b24: bl              #0xd60fcc  ; AllocateContextStub
    // 0xa97b28: mov             x1, x0
    // 0xa97b2c: ldr             x0, [fp, #0x18]
    // 0xa97b30: stur            x1, [fp, #-0x10]
    // 0xa97b34: StoreField: r1->field_f = r0
    //     0xa97b34: stur            w0, [x1, #0xf]
    // 0xa97b38: ldr             x2, [fp, #0x10]
    // 0xa97b3c: StoreField: r1->field_13 = r2
    //     0xa97b3c: stur            w2, [x1, #0x13]
    // 0xa97b40: LoadField: r2 = r0->field_b
    //     0xa97b40: ldur            w2, [x0, #0xb]
    // 0xa97b44: DecompressPointer r2
    //     0xa97b44: add             x2, x2, HEAP, lsl #32
    // 0xa97b48: stur            x2, [fp, #-8]
    // 0xa97b4c: r0 = IgnorePointer()
    //     0xa97b4c: bl              #0x7fab60  ; AllocateIgnorePointerStub -> IgnorePointer (size=0x18)
    // 0xa97b50: mov             x1, x0
    // 0xa97b54: r0 = true
    //     0xa97b54: add             x0, NULL, #0x20  ; true
    // 0xa97b58: stur            x1, [fp, #-0x18]
    // 0xa97b5c: StoreField: r1->field_f = r0
    //     0xa97b5c: stur            w0, [x1, #0xf]
    // 0xa97b60: ldur            x0, [fp, #-8]
    // 0xa97b64: StoreField: r1->field_b = r0
    //     0xa97b64: stur            w0, [x1, #0xb]
    // 0xa97b68: r0 = Tappable()
    //     0xa97b68: bl              #0x7fab24  ; AllocateTappableStub -> Tappable (size=0x34)
    // 0xa97b6c: ldur            x2, [fp, #-0x10]
    // 0xa97b70: r1 = Function '<anonymous closure>':.
    //     0xa97b70: add             x1, PP, #0x4e, lsl #12  ; [pp+0x4e418] AnonymousClosure: (0xa97bc4), in [package:budget/pages/premiumPage.dart] LockedFeature::build (0xa97b08)
    //     0xa97b74: ldr             x1, [x1, #0x418]
    // 0xa97b78: stur            x0, [fp, #-8]
    // 0xa97b7c: r0 = AllocateClosure()
    //     0xa97b7c: bl              #0xd610e4  ; AllocateClosureStub
    // 0xa97b80: ldur            x16, [fp, #-8]
    // 0xa97b84: ldur            lr, [fp, #-0x18]
    // 0xa97b88: stp             lr, x16, [SP, #0x18]
    // 0xa97b8c: r16 = 20.000000
    //     0xa97b8c: add             x16, PP, #0x19, lsl #12  ; [pp+0x19de0] 20
    //     0xa97b90: ldr             x16, [x16, #0xde0]
    // 0xa97b94: stp             x16, x0, [SP, #8]
    // 0xa97b98: r16 = Instance_Color
    //     0xa97b98: ldr             x16, [PP, #0x7950]  ; [pp+0x7950] Obj!Color@d456c1
    // 0xa97b9c: str             x16, [SP]
    // 0xa97ba0: r4 = const [0, 0x5, 0x5, 0x2, borderRadius, 0x3, color, 0x4, onTap, 0x2, null]
    //     0xa97ba0: add             x4, PP, #0x2e, lsl #12  ; [pp+0x2e6f0] List(11) [0, 0x5, 0x5, 0x2, "borderRadius", 0x3, "color", 0x4, "onTap", 0x2, Null]
    //     0xa97ba4: ldr             x4, [x4, #0x6f0]
    // 0xa97ba8: r0 = Tappable()
    //     0xa97ba8: bl              #0x7fa748  ; [package:budget/widgets/tappable.dart] Tappable::Tappable
    // 0xa97bac: ldur            x0, [fp, #-8]
    // 0xa97bb0: LeaveFrame
    //     0xa97bb0: mov             SP, fp
    //     0xa97bb4: ldp             fp, lr, [SP], #0x10
    // 0xa97bb8: ret
    //     0xa97bb8: ret             
    // 0xa97bbc: r0 = StackOverflowSharedWithoutFPURegs()
    //     0xa97bbc: bl              #0xd61f60  ; StackOverflowSharedWithoutFPURegsStub
    // 0xa97bc0: b               #0xa97b20
  }
  [closure] Future<void> <anonymous closure>(dynamic) async {
    // ** addr: 0xa97bc4, size: 0xa8
    // 0xa97bc4: EnterFrame
    //     0xa97bc4: stp             fp, lr, [SP, #-0x10]!
    //     0xa97bc8: mov             fp, SP
    // 0xa97bcc: AllocStack(0x20)
    //     0xa97bcc: sub             SP, SP, #0x20
    // 0xa97bd0: SetupParameters(LockedFeature this /* r1 */)
    //     0xa97bd0: stur            NULL, [fp, #-8]
    //     0xa97bd4: movz            x0, #0
    //     0xa97bd8: add             x1, fp, w0, sxtw #2
    //     0xa97bdc: ldr             x1, [x1, #0x10]
    //     0xa97be0: ldur            w2, [x1, #0x17]
    //     0xa97be4: add             x2, x2, HEAP, lsl #32
    //     0xa97be8: stur            x2, [fp, #-0x10]
    // 0xa97bec: CheckStackOverflow
    //     0xa97bec: ldr             x16, [THR, #0x38]  ; THR::stack_limit
    //     0xa97bf0: cmp             SP, x16
    //     0xa97bf4: b.ls            #0xa97c64
    // 0xa97bf8: InitAsync() -> Future<void?>
    //     0xa97bf8: ldr             x0, [PP, #0x78]  ; [pp+0x78] TypeArguments: <void?>
    //     0xa97bfc: bl              #0x573038
    // 0xa97c00: ldur            x0, [fp, #-0x10]
    // 0xa97c04: LoadField: r1 = r0->field_13
    //     0xa97c04: ldur            w1, [x0, #0x13]
    // 0xa97c08: DecompressPointer r1
    //     0xa97c08: add             x1, x1, HEAP, lsl #32
    // 0xa97c0c: str             x1, [SP]
    // 0xa97c10: r0 = premiumPopupPushRoute()
    //     0xa97c10: bl              #0x90f4cc  ; [package:budget/pages/premiumPage.dart] ::premiumPopupPushRoute
    // 0xa97c14: mov             x1, x0
    // 0xa97c18: stur            x1, [fp, #-0x18]
    // 0xa97c1c: r0 = Await()
    //     0xa97c1c: bl              #0x572cf0  ; AwaitStub
    // 0xa97c20: r16 = true
    //     0xa97c20: add             x16, NULL, #0x20  ; true
    // 0xa97c24: cmp             w0, w16
    // 0xa97c28: b.ne            #0xa97c5c
    // 0xa97c2c: ldur            x0, [fp, #-0x10]
    // 0xa97c30: LoadField: r1 = r0->field_f
    //     0xa97c30: ldur            w1, [x0, #0xf]
    // 0xa97c34: DecompressPointer r1
    //     0xa97c34: add             x1, x1, HEAP, lsl #32
    // 0xa97c38: LoadField: r0 = r1->field_f
    //     0xa97c38: ldur            w0, [x1, #0xf]
    // 0xa97c3c: DecompressPointer r0
    //     0xa97c3c: add             x0, x0, HEAP, lsl #32
    // 0xa97c40: str             x0, [SP]
    // 0xa97c44: r4 = 0
    //     0xa97c44: movz            x4, #0
    // 0xa97c48: ldr             x0, [SP]
    // 0xa97c4c: r16 = UnlinkedCall_0x5489f8
    //     0xa97c4c: add             x16, PP, #0x4e, lsl #12  ; [pp+0x4e420] UnlinkedCall: 0x5489f8 - SwitchableCallMissStub
    //     0xa97c50: add             x16, x16, #0x420
    // 0xa97c54: ldp             x5, lr, [x16]
    // 0xa97c58: blr             lr
    // 0xa97c5c: r0 = Null
    //     0xa97c5c: mov             x0, NULL
    // 0xa97c60: r0 = ReturnAsyncNotFuture()
    //     0xa97c60: b               #0x57300c  ; ReturnAsyncNotFutureStub
    // 0xa97c64: r0 = StackOverflowSharedWithoutFPURegs()
    //     0xa97c64: bl              #0xd61f60  ; StackOverflowSharedWithoutFPURegsStub
    // 0xa97c68: b               #0xa97bf8
  }
}

Implementation principle of blutter?

I'm curious about the implementation principle of blutter.

Are there any fatal flaws?
Will it be impossible to reverse because of the Flutter version?
Every time Flutter launches a new version, does it need to be re-developed and followed up? There used to be a dart reverse engineering tool, but later developers stopped maintaining it and could only stay at a certain version of reverse engineering.

Very much looking forward to your answer.

error: "double-conversion.h" not found

root@debian:~/blutter# python3 blutter.py /home/pch/demo-apk/lib/arm64-v8a /home/pch/demo-re
Dart version: 3.3.0-174.3.beta, Snapshot: 8b43434a6666a4f8eb2de8ecf8be4f82, Target: android arm64
flags: product no-code_comments no-dwarf_stack_traces_mode no-lazy_dispatchers dedup_instructions no-tsan no-asserts arm64 android compressed-pointers null-safety
Cloning into '/root/blutter/dartsdk/v3.3.0-174.3.beta'...
remote: Enumerating objects: 2362, done.
remote: Counting objects: 100% (2362/2362), done.
remote: Compressing objects: 100% (1908/1908), done.
remote: Total 2362 (delta 52), reused 1334 (delta 46), pack-reused 0
Receiving objects: 100% (2362/2362), 1.33 MiB | 9.29 MiB/s, done.
Resolving deltas: 100% (52/52), done.
remote: Enumerating objects: 24, done.
remote: Counting objects: 100% (24/24), done.
remote: Compressing objects: 100% (23/23), done.
remote: Total 24 (delta 0), reused 6 (delta 0), pack-reused 0
Receiving objects: 100% (24/24), 135.43 KiB | 741.00 KiB/s, done.
Updating files: 100% (24/24), done.
remote: Enumerating objects: 2835, done.
remote: Counting objects: 100% (2835/2835), done.
remote: Compressing objects: 100% (2368/2368), done.
remote: Total 2835 (delta 545), reused 1174 (delta 427), pack-reused 0
Receiving objects: 100% (2835/2835), 8.40 MiB | 7.68 MiB/s, done.
Resolving deltas: 100% (545/545), done.
Updating files: 100% (3199/3199), done.
-- Configuring done (0.5s)
-- Generating done (0.0s)
-- Build files have been written to: /root/blutter/build/dartvm3.3.0-174.3.beta_android_arm64
[36/255] Building CXX object CMakeFiles/dartvm3.3.0-174.3.beta_android_arm64.dir/runtime/vm/double_conversion.cc.o
FAILED: CMakeFiles/dartvm3.3.0-174.3.beta_android_arm64.dir/runtime/vm/double_conversion.cc.o
/usr/bin/c++ -DDART_COMPRESSED_POINTERS -DDART_PRECOMPILED_RUNTIME -DDART_TARGET_OS_ANDROID -DDART_TARGET_OS_WINDOWS_UWP -DEXCLUDE_CFE_AND_KERNEL_PLATFORM -DNDEBUG -DPRODUCT -DTARGET_ARCH_ARM64 -DU_USING_ICU_NAMESPACE=0 -D_HAS_EXCEPTIONS=0 -I/root/blutter/dartsdk/v3.3.0-174.3.beta/runtime -O3 -DNDEBUG -std=gnu++17 -fPIC -fvisibility=hidden -fvisibility-inlines-hidden -O3 -fno-ident -fdata-sections -ffunction-sections -fno-omit-frame-pointer -fno-rtti -fno-exceptions -MD -MT CMakeFiles/dartvm3.3.0-174.3.beta_android_arm64.dir/runtime/vm/double_conversion.cc.o -MF CMakeFiles/dartvm3.3.0-174.3.beta_android_arm64.dir/runtime/vm/double_conversion.cc.o.d -o CMakeFiles/dartvm3.3.0-174.3.beta_android_arm64.dir/runtime/vm/double_conversion.cc.o -c /root/blutter/dartsdk/v3.3.0-174.3.beta/runtime/vm/double_conversion.cc
/root/blutter/dartsdk/v3.3.0-174.3.beta/runtime/vm/double_conversion.cc:7:10: fatal error: ../../third_party/double-conversion/src/double-conversion.h: No such file or directory
    7 | #include "../../third_party/double-conversion/src/double-conversion.h"
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
[53/255] Building CXX object CMakeFiles/dartvm3.3.0-174.3.beta_android_arm64.dir/runtime/vm/app_snapshot.cc.o
ninja: build stopped: subcommand failed.
Traceback (most recent call last):
  File "/root/blutter/blutter.py", line 168, in <module>
    main(args.indir, args.outdir, args.rebuild, args.vs_sln, args.no_analysis)
  File "/root/blutter/blutter.py", line 130, in main
    fetch_and_build(dart_version, arch, os_name, has_compressed_ptrs, snapshot_hash)
  File "/root/blutter/dartvm_fetch_build.py", line 119, in fetch_and_build
    cmake_dart(ver, arch, os_name, has_compressed_ptrs, outdir)
  File "/root/blutter/dartvm_fetch_build.py", line 114, in cmake_dart
    subprocess.run([NINJA_CMD], cwd=builddir, check=True)
  File "/usr/lib/python3.11/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['ninja']' returned non-zero exit status 1.

On Debian Linux debian 6.5.0-5-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.5.13-1 (2023-11-29) x86_64 GNU/Linux
gcc version 13.2.0 (Debian 13.2.0-10)

question : does this tool support x86 ?

I tried running it on a x86_64 lib folder but I got this error :
AssertionError: Unsupport architecture: EM_X86_64

make_version.py exception 'str' object has no attribute 'decode'

大佬，这个该如何解决
Boss, how can we solve this

Build errors

Dart version: 2.18.4, Snapshot: b0e899ec5a90e4661501f0b69e9dd70f, Target: android arm64
flags: product no-code_comments no-dwarf_stack_traces_mode no-lazy_dispatchers dedup_instructions no-asserts arm64-sysv compressed-pointers no-null-safety
-- Configuring done (0.0s)
-- Generating done (0.0s)
-- Build files have been written to: /home/manjaro/Pictures/pojieFramework/blutter/build/blutter_dartvm2.18.4_android_arm64
[1/2] Building CXX object CMakeFiles/blutter_dartvm2.18.4_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o
FAILED: CMakeFiles/blutter_dartvm2.18.4_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o
/usr/bin/c++ -DDART_COMPRESSED_POINTERS -DDART_PRECOMPILED_RUNTIME -DDART_TARGET_OS_ANDROID -DDART_TARGET_OS_WINDOWS_UWP -DEXCLUDE_CFE_AND_KERNEL_PLATFORM -DFRIDA_TEMPLATE_DIR="/home/manjaro/Pictures/pojieFramework/blutter/scripts" -DHAS_SHARED_CLASS_TABLE -DHAS_TYPE_REF -DNDEBUG -DOLD_MAP_SET_NAME -DPRODUCT -DTARGET_ARCH_ARM64 -DU_USING_ICU_NAMESPACE=0 -D_HAS_EXCEPTIONS=0 -I/usr/include/capstone -isystem /home/manjaro/Pictures/pojieFramework/blutter/packages/include/dartvm2.18.4 -O3 -DNDEBUG -std=c++20 -O3 -fno-rtti -fvisibility=hidden -fvisibility-inlines-hidden -fno-omit-frame-pointer -Winvalid-pch -include /home/manjaro/Pictures/pojieFramework/blutter/build/blutter_dartvm2.18.4_android_arm64/CMakeFiles/blutter_dartvm2.18.4_android_arm64.dir/cmake_pch.hxx -MD -MT CMakeFiles/blutter_dartvm2.18.4_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o -MF CMakeFiles/blutter_dartvm2.18.4_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o.d -o CMakeFiles/blutter_dartvm2.18.4_android_arm64.dir/src/CodeAnalyzer_arm64.cpp.o -c /home/manjaro/Pictures/pojieFramework/blutter/blutter/src/CodeAnalyzer_arm64.cpp
/home/manjaro/Pictures/pojieFramework/blutter/blutter/src/CodeAnalyzer_arm64.cpp: In member function ‘std::unique_ptr FunctionAnalyzer::processCallLeafRuntime(AsmIterator&)’:
/home/manjaro/Pictures/pojieFramework/blutter/blutter/src/CodeAnalyzer_arm64.cpp:578:173: 错误：‘PropagateError_entry_point_offset’不是‘dart::Thread’的成员
578 | (insn.id() == ARM64_INS_LDR && GetThreadLeafFunction(insn.ops(1).mem.disp) && insn.ops(1).mem.base != CSREG_DART_PP && insn.ops(1).mem.disp > dart::Thread::PropagateError_entry_point_offset()))
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ninja: build stopped: subcommand failed.
Traceback (most recent call last):
File "/home/manjaro/Pictures/pojieFramework/blutter/blutter.py", line 168, in
main(args.indir, args.outdir, args.rebuild, args.vs_sln, args.no_analysis)
File "/home/manjaro/Pictures/pojieFramework/blutter/blutter.py", line 149, in main
cmake_blutter(blutter_name, dartlib_name, name_suffix, macros)
File "/home/manjaro/Pictures/pojieFramework/blutter/blutter.py", line 92, in cmake_blutter
subprocess.run([NINJA_CMD], cwd=builddir, check=True)
File "/usr/lib/python3.11/subprocess.py", line 571, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['ninja']' returned non-zero exit status 1.

error: expected: insn.id() == ARM64_INS_BL

I am getting following error

Dart version: 3.1.0, Snapshot: 7dbbeeb8ef7b91338640dca3927636de, Target: android arm64
libapp is loaded at 0x1cb1b260000
Dart heap at 0x1cc00000000
Analyzing the application
at ....\src\CodeAnalyzer_arm64.cpp: 984: error: expected: insn.id() == ARM64_INS_BL

I am using Windows

also tried on debian trixie, same error

How can I fix that?

error on DartDumper.cpp.o

Tried on flutter version 2 & 3

Ubuntu clang version 15.0.7
gcc (Ubuntu 12.3.0-1ubuntu1~22.04) 12.3.0

Distributor ID: Ubuntu
Description: Ubuntu 23.04
Release: 23.04
Codename: lunar

APK 1: Dart version: 3.0.3, Snapshot: 90b56a561f70cd55e972cb49b79b3d8b, Target: android arm64
APK 2: Dart version: 2.19.6, Snapshot: adb4292f3ec25074ca70abcd2d5c7251, Target: android arm64

/home/xxx/blutter/blutter/src/DartDumper.cpp:679:29: error: invalid operands to binary expression ('std::vector<DartClass *>' and 'const std::ranges::views::_Reverse')
        for (auto parent : parents | std::views::reverse) {
                           ~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~

Is there any steps I missed?

Run error

OS:kali
g++:gcc version 13.2.0 (Debian 13.2.0-5)
clang:Debian clang version 16.0.6 (16)
I uesd this tool,but it can't run,show elf file section error,may elf file can't identify.

Traceback (most recent call last):
File "/root/blutter/blutter.py", line 138, in
main(args.indir, args.outdir, args.rebuild, args.vs_sln)
File "/root/blutter/blutter.py", line 84, in main
dart_version, snapshot_hash, arch, os_name = extract_dart_info(libapp_file, libflutter_file)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/blutter/extract_dart_info.py", line 104, in extract_dart_info
snapshot_hash = extract_snapshot_hash(libapp_file)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/blutter/extract_dart_info.py", line 19, in extract_snapshot_hash
dynsym = elf.get_section_by_name('.dynsym')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/elftools/elf/elffile.py", line 151, in get_section_by_name
self._make_section_name_map()
File "/usr/lib/python3/dist-packages/elftools/elf/elffile.py", line 679, in _make_section_name_map
for i, sec in enumerate(self.iter_sections()):
File "/usr/lib/python3/dist-packages/elftools/elf/elffile.py", line 174, in iter_sections
section = self.get_section(i)
^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/elftools/elf/elffile.py", line 141, in get_section
return self._make_section(section_header)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/elftools/elf/elffile.py", line 645, in _make_section
return self._make_symbol_table_section(section_header, name)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/elftools/elf/elffile.py", line 687, in _make_symbol_table_section
return SymbolTableSection(
^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/elftools/elf/sections.py", line 174, in init
elf_assert(self['sh_entsize'] > 0,
File "/usr/lib/python3/dist-packages/elftools/common/utils.py", line 80, in elf_assert
_assert_with_exception(cond, msg, ELFError)
File "/usr/lib/python3/dist-packages/elftools/common/utils.py", line 143, in _assert_with_exception
raise exception_type(msg)
elftools.common.exceptions.ELFError: Expected entry size of section '' to be > 0

vm/tagged_pointer.h: No such file or directory

I've tried commenting tagged_pointer.h also but got no success.

Environment:
OS: Ubuntu(20.04)[GH Workspaces, Termux]

ERROR:

/usr/bin/c++ -DDART_COMPRESSED_POINTERS -DDART_PRECOMPILED_RUNTIME -DDART_TARGET_OS_ANDROID -DDART_TARGET_OS_WINDOWS_UWP -DEXCLUDE_CFE_AND_KERNEL_PLATFORM -DFRIDA_TEMPLATE_DIR=\"/workspaces/blutter/scripts\" -DHAS_SHARED_CLASS_TABLE -DHAS_TYPE_REF -DNDEBUG -DPRODUCT -DTARGET_ARCH_ARM64 -DU_USING_ICU_NAMESPACE=0 -D_HAS_EXCEPTIONS=0 -I/usr/include/capstone -isystem /workspaces/blutter/packages/include/dartvm2.8.2 -O3 -DNDEBUG -std=c++2a -O3 -fno-rtti -fvisibility=hidden -fvisibility-inlines-hidden -fno-omit-frame-pointer -Winvalid-pch -x c++-header -include /workspaces/blutter/build/blutter_dartvm2.8.2_android_arm64/CMakeFiles/blutter_dartvm2.8.2_android_arm64.dir/cmake_pch.hxx -MD -MT CMakeFiles/blutter_dartvm2.8.2_android_arm64.dir/cmake_pch.hxx.gch -MF CMakeFiles/blutter_dartvm2.8.2_android_arm64.dir/cmake_pch.hxx.gch.d -o CMakeFiles/blutter_dartvm2.8.2_android_arm64.dir/cmake_pch.hxx.gch -c /workspaces/blutter/build/blutter_dartvm2.8.2_android_arm64/CMakeFiles/blutter_dartvm2.8.2_android_arm64.dir/cmake_pch.hxx.cxx
In file included from /workspaces/blutter/build/blutter_dartvm2.8.2_android_arm64/CMakeFiles/blutter_dartvm2.8.2_android_arm64.dir/cmake_pch.hxx:5,
                 from <command-line>:
/workspaces/blutter/blutter/src/pch.h:35:10: fatal error: vm/tagged_pointer.h: No such file or directory
   35 | #include <vm/tagged_pointer.h>
      |          ^~~~~~~~~~~~~~~~~~~~~
compilation terminated.
ninja: build stopped: subcommand failed.
Traceback (most recent call last):
  File "/workspaces/blutter/blutter.py", line 138, in <module>
    main(args.indir, args.outdir, args.rebuild, args.vs_sln)
  File "/workspaces/blutter/blutter.py", line 120, in main
    cmake_blutter(blutter_name, dartlib_name, macros)
  File "/workspaces/blutter/blutter.py", line 76, in cmake_blutter
    subprocess.run([NINJA_CMD], cwd=builddir, check=True)
  File "/home/codespace/.python/current/lib/python3.10/subprocess.py", line 526, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['ninja']' returned non-zero exit status 1.

运行报错

Dart version: 2.16.2, Snapshot: d56742caf7b3b3f4bd2df93a9bbb5503, Target: android arm64
flags: product no-code_comments no-dwarf_stack_traces_mode lazy_async_stacks no-lazy_dispatchers dedup_instructions no-asserts arm64-sysv compressed-pointers null-safety
Cloning into 'C:\Users\admin\Desktop\blutter-main\dartsdk\v2.16.2'...
remote: Enumerating objects: 2189, done.
remote: Counting objects: 100% (2189/2189), done.
remote: Compressing objects: 100% (1779/1779), done.
remote: Total 2189 (delta 69), reused 1422 (delta 53), pack-reused 0
Receiving objects: 100% (2189/2189), 1.17 MiB | 744.00 KiB/s, done.
Resolving deltas: 100% (69/69), done.
remote: Enumerating objects: 23, done.
remote: Counting objects: 100% (23/23), done.
remote: Compressing objects: 100% (22/22), done.
remote: Total 23 (delta 0), reused 11 (delta 0), pack-reused 0
Receiving objects: 100% (23/23), 106.61 KiB | 357.00 KiB/s, done.
Updating files: 100% (23/23), done.
remote: Enumerating objects: 3156, done.
remote: Counting objects: 100% (3156/3156), done.
remote: Compressing objects: 100% (2176/2176), done.
remote: Total 3156 (delta 1067), reused 2189 (delta 953), pack-reused 0
Receiving objects: 100% (3156/3156), 8.40 MiB | 758.00 KiB/s, done.
Resolving deltas: 100% (1067/1067), done.
Updating files: 100% (3538/3538), done.
CMake Error at D:/xxx/Visual Studio2022 IDE/Common7/IDE/CommonExtensions/Microsoft/CMake/CMake/share/cmake-3.27/Modules/FindPackageHandleStandardArgs.cmake:230 (message):
Failed to find all ICU components (missing: ICU_INCLUDE_DIR)
Call Stack (most recent call first):
D:/SoftFiles/Visual Studio2022 IDE/Common7/IDE/CommonExtensions/Microsoft/CMake/CMake/share/cmake-3.27/Modules/FindPackageHandleStandardArgs.cmake:600 (_FPHSA_FAILURE_MESSAGE)
D:/SoftFiles/Visual Studio2022 IDE/Common7/IDE/CommonExtensions/Microsoft/CMake/CMake/share/cmake-3.27/Modules/FindICU.cmake:333 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
CMakeLists.txt:22 (find_package)

-- Configuring incomplete, errors occurred!
Traceback (most recent call last):
File "blutter.py", line 168, in
main(args.indir, args.outdir, args.rebuild, args.vs_sln, args.no_analysis)
File "blutter.py", line 130, in main
fetch_and_build(dart_version, arch, os_name, has_compressed_ptrs, snapshot_hash)
File "C:\Users\admin\Desktop\blutter-main\dartvm_fetch_build.py", line 120, in fetch_and_build
cmake_dart(ver, arch, os_name, has_compressed_ptrs, outdir)
File "C:\Users\admin\Desktop\blutter-main\dartvm_fetch_build.py", line 110, in cmake_dart
subprocess.run([CMAKE_CMD, '-GNinja', '-B', builddir, f'-DTARGET_OS={os_name}', f'-DTARGET_ARCH={arch}',
File "D:\SoftFiles\python3\lib\subprocess.py", line 516, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['cmake', '-GNinja', '-B', 'C:\Users\admin\Desktop\blutter-main\build\dartvm2.16.2_android_arm64', '-DTARGET_OS=android', '-DTARGET_ARCH=arm64', '-DCOMPRESSED_PTRS=1', '-DCMAKE_BUILD_TYPE=Release', '--log-level=NOTICE']' returned non-zero exit status 1.