Hacker is a person who enjoys a thorough understanding of the inner workings of systems, computers and computer networks in particular.
Hello! I propose to look under the hood of the framework and analyze the compilation process and, at the same time, identify potential problems when reverse engineering a Flutter application on the Android platform.
Mum! Well, how many times can I tell you, I don't give a fuck, I'm a HACKER!
, IT-, 1989 , «», – Intel 8086 5 128. ( ) Robotron, , , . , , - BIOS , . , -, , , «» , , .
, , , , . , , , . - DOS/RT-11/Windows/Linux, .NET Framework, Java, . , , , IT- Flutter, «» « » , .
, . , Dart Android «» , -, .
crackers ( RFC 1983). «», , . . « » «». (, IL .NET Framework) , . – .
Android , , , iOS .
, - , apk Android, , , , , (, ).
, - , . . , «» .
, - . , - «» Android Flutter? - , Flutter -. Android, , – , Java dex/jar , Smali , Flutter «», . , , , , . , , .
Android Flutter, , .
MacOS.
Debug&Release
Flutter . – debug release .
Debug , , , , JIT (Just-In-Time) , «--», , , .
Release AOT (Ahead-Of-Time) «», , , .
2- – AST . AST (Abstract-Syntax-Tree), Kernel Binary ( dill).
JIT AOT: JIT , , (, – ) , iOS JIT , release AOT.
Debug
debug. flutter build apk --debug
APK , , zip ,
app-debug.apk
, Flutter Android:
classes.dex – Dalvik, Java/Kotlin - . Flutter Flutter Android API, - FlutterActivity, ,
libflutter.so – Flutter C/C++. runtime Flutter, OpenGL, SKIA runtime Dart. c GN
, :
isolate_snapshot_data / , , ,
vm_snapshot_data Dart
kernel_blob.bin, kernel binary, Dart. blob , . . kernel binary, debug . debug , «» . , , release
Release
flutter build apk
--verbose
, , . , AST , app.dill, gen_snapshot, app.dill libapp.so, APK .
app-release.apk
release classes.dex libflutter.so, debug, «», , . debug isolate_snapshot_data, vm_snapshot_data, , libapp.so, , , kernel_blob.bin _kDartIsolateSnapshotInstructions _kDartVmSnapshotInstructions .
, (assets) flutter_assets, .
, libapp.so, , . Dart IL, AST Dart . , , – , (_kDartIsolateSnapshotData), IL , kernel binary , , Dart. , , .
- , , .
2 , , , -, , . , .
libapp.so arm64, . , , . tbnz tbz .
IL Dart sdk, . assembler ARM64 . flowgraph IL. , JIT, AOT .
, , Dart SDK .
main.dart
const _secret = 'secret';
void main(List<String> args) {
if (args.isNotEmpty) {
String value = args[0];
if (value == _secret) {
print("You are in!!");
} else {
print("Please, enter again");
}
}
}
IL, CFG
dart --print-flow-graph --print-flow-graph-filter=main --disassemble main.dart
,
;; t0 <- LoadLocal(value @-1)
0x10ac21e87 ff75e0 push [rbp-0x20]
;; t1 <- Constant(#secret)
0x10ac21e8a 4d8b5f47 movq r11,[pp+0x47]
0x10ac21e8e 4153 push r11
;; t0 <- InstanceCall:24( ==<0>, t0, t1)
0x10ac21e90 488b542408 movq rdx,[rsp+0x8]
0x10ac21e95 498b5f4f movq rbx,[pp+0x4f]
0x10ac21e99 4d8b6757 movq r12,[pp+0x57]
0x10ac21e9d 41ff54240f call [r12+0xf]
0x10ac21ea2 59 pop rcx
0x10ac21ea3 59 pop rcx
0x10ac21ea4 50 push rax
;; t1 <- LoadLocal(:t0 @-2)
;; AssertBoolean:26(t1)
0x10ac21ea5 488b45d8 movq rax,[rbp-0x28]
0x10ac21ea9 493b86d0000000 cmpq rax,[thr+0xd0] null
0x10ac21eb0 0f8509000000 jnz 0x000000010ac21ebf
0x10ac21eb6 4d8b672f movq r12,[pp+0x2f]
0x10ac21eba 41ff542407 call [r12+0x7]
;; t1 <- Constant(#true)
0x10ac21ebf 41ffb6d8000000 push [thr+0xd8]
;; Branch if StrictCompare:28(===, t0, t1) goto (4, 5)
0x10ac21ec6 415b pop r11
0x10ac21ec8 58 pop rax
0x10ac21ec9 493b86d8000000 cmpq rax,[thr+0xd8] true
0x10ac21ed0 0f8522000000 jnz 0x000000010ac21ef8
- APK
apk . :
apk
libapp.so
apk
apk
apktool
apktool d -r -s app-release.apk
app-release . arm64 libapp.so lib/arm64-v8a .
0x1FFCA7 037
libapp.so c apk
apktool b app-release
APK, . , .
keytool -genkeypair -v -keystore example.keystore -alias example -keyalg RSA -keysize 2048 -validity 10000
apksigner sign --ks example.keystore --ks-key-alias example app-release.apk
adb install app-release.apk
, ... ! .
- , – Flutter «» Android. «», – -, SQL-unpinning, , . , , , , . -, . , , -.
Flutter, , flutter_secure_storage , , .
Dart SDK , Dart
https://github.com/dart-lang/sdk/blob/master/runtime/docs/index.md