Impact-I
Can't get dump.dart
After generating an apk with option 2 and running the app on my emulator no dump.dart file is generated, when using an emulator on windows (x86 but it has ARM translation)
I tried generating the apk this way, for several different apps:
pip3 install reflutter==0.8.0
reflutter main.apk
2
java -jar uber-apk-signer.jar --allowResign -a release.RE.apk
adb install release.RE-aligned-debugSigned.apk
adb logcat -e reFlutter
check /data/data/<PACKAGE_NAME>/dump.dart
Additional info:
>dart --version
Dart SDK version: 3.5.4 (stable) (Wed Oct 16 16:18:51 2024 +0000) on "windows_x64"
>pip show reflutter
Name: reflutter
Version: 0.8.0
Summary: Reverse Flutter
Home-page: https://github.com/Impact-I/reFlutter
Author: impact
Author-email: [email protected]
License: GPLv3+
Location: c:\users\antunes\appdata\local\programs\python\python37\lib\site-packages
Requires:
Required-by:
You mentioned using an x86 emulator with ARM translation. One thing to check is whether the Android application has been built with x86 support. To verify, look inside the lib/ folder of the .apk file for a libflutter.so file in the lib/x86/ directory. If this file exists, the app might be running in x86 mode inside the emulator, using libraries built for x86, even with ARM translation enabled.
From my (limited) understanding, the CI/CD pipeline for Reflutter does not currently include x86 builds. As a result, when Reflutter attempts to modify the lib/x86/libflutter.so file to enable functions like dumping offsets, it won’t work. This is because this repository’s releases don’t include a customized libflutter.so compiled for the x86 architecture. For reference:
- Releases labeled
android-v3-...are intended for dumping offsets and redirecting traffic, there are onlyarmandarm64library files. - Releases labeled
android-v2-...are focused solely on traffic redirection, there are onlyarmandarm64library files.
This means that features like traffic redirection (Option 1 of Reflutter) or dumping function offsets with reflutter are not "directly" supported in x86 or x86_64 environments or emulators. However, you can build a customized version of libflutter.so for x86 using the Docker file provided in the repository’s README. I can help you with this if this is the case.
On the other hand, if the application lacks an x86 subfolder in lib/ or a libflutter.so file in the lib/x86/ directory, then it likely does not have x86 support. In that case, it should fall back to using ARM translation as you mentioned, which in theory should work. At this point, my knowledge is limited, and I’m not entirely sure what might be causing the issue. Have you tested whether traffic interception works? Testing this could help narrow down the problem—clarifying whether the issue is specific to dumping function offsets or something related to the runtime environment.
I'm aware that it does not work on x86 , but the apk had arm64 lib only. Same issue still
Could you possibly share the .apk file? If this is not possible or you don't want, perhaps just the snapshot hash reported by reflutter.
In the meantime, I’ll download an emulator with ARM translation enabled and test Reflutter with a few .apk files to see if it works in a similar setup. Once I’ve done some testing, I’ll share the results!
NyaNya Rocket_2.6.0.zip I think it was this one, although I just checked and this has arm32 only (no arm64). But regardless I was getting the same result with any arm64 lib apps (without any x86 lib folder)
Are you sure that is the application you tried? When using reflutter with that app it reports that the snapshot hash is not found:
~/store/reFlutter$ reflutter ~/store/reFlutter/issues/NyaNya\ Rocket_2.6.0_apkcombo.app.apk
Choose an option:
1. Traffic monitoring and interception
2. Display absolute code offset for functions
[1/2]? 2
This mode is only for dump and offset output, slow application operation is possible (network patch is still left)
Engine SnapshotHash: b63f41229f2d3db31322b62c3d39978a
This engine is currently not supported.
Most likely this flutter application uses the Debug version engine which you need to build manually using Docker at the moment.
More details: https://github.com/Impact-I/reFlutter
Nonetheless, I tried to find alternatives version to keep trying. I've downloaded the 2.5.0 version of NyaNyaRocket for arm32 and arm64 from APKPure. They were XAPKs so I had to convert them with APKEditor.
The 2.5.0 versions of the app are supported by reflutter out of the box so I decided to test them in an emulator with ARM translation.
The following picture shows the dump.dart file for the arm32 version of 2.5.0 NyaNyaRocket, running in an x86 emulator with ARM Translation.
I am using Android Studio in Linux Mint and the emulators it includes. Particularly, I downloaded an x86 Android 11.0 ("R") (With Google APIs), which has ARM translation:
The next picture shows the dump.dart for 2.5.0 NyaNyaRocket for arm64, running in an x86_64 emulator with ARM translation.
And this is some info of the virtual device:
What emulator are you using in Windows? While I don't think the emulator you're using is the problem, maybe you could try using the Android 11.0 ("R") I've used from Android Studio.
In the meantime, I've just compiled a custom libflutter.so for the application you provided (the 2.6.0 version of NyaNyaRocket), it took a whopping 1h 30mins to compile 😅. I haven't used it yet but I will, shortly. It should probably work to intercept traffic even with that version of the application.
If you could share another application that you tried and didn't output the dump.dart would be great! Specially if the snapshot hash is supported by reflutter directly, to avoid having to compile custom versions.
@jmaantunes
maybe you need to
pip3 install reflutter==0.8.4
reflutter --patch-dump main.apk
Pls don't miss the option --patch-dump.
I confirm the comment above. I also followed the instructions in the readme and was surprised why there was no dump.dart file. Then I looked at reflutter -h and saw that it had the -p option.
