One key difference between blutter and reflutter which I notice is that, reflutter dumps the offsets with dump.dart file which require the patched app to run , but blutter does this by building a sdk around libapp.so .What are the other key difference between using reflutter and blutter tool.
A major difference in using these tools is the one you mentioned that reflutter patches the libapp.so and requires the apk to be resigned which sometimes can cause problems. Apart from this reflutter automatically patches the certificate pinning check so you don’t have to bother about that.
Sir meri aap se ek choti se request hai mera ek game hai jo 2012 me lunch hua tha ab wo game nhi chal rha hai please aus ko aaj ke phone ke hisaab se kr dijiye please 😢😢😢😢😢😢😢😢😢😢😢😢
Hello my freind , first thank you for your effort , Secondly, when obfuscation is not done in flutter applications reverse engineering is very easy with blutter , But when obfuscation is used, reverse engineering is complicated , I hope you will find a solution for me to reverse engineer Flutter applications that have been obfuscated
Yes, if you can share any sample application which is having obfuscation then it would be great. I will have a look. Also, it’s not just the case with flutter apps. Any app which is heavily obfuscated will cause trouble in reverse engineering.
Very informative video. My thought : we can do it only when a func returning a string. Also we need frida so we can not share the app to others? Last,(request) can we edit inside Assembly to return our string? By storing our string in an address then load the address and return? Like we do in normal apk const-string 😊
No you can hook any type of function irrespective of the function return type. And to answer your second question you need to wait for the upcoming Flutter series. 😉
You can inject frida-gadget and a frida script into the APK, so you can share the app with others without requiring them to have frida installed or a rooted device
@@pubggamer7971 Sorry, I don't understand your answer. I replied to this question, 'Also, do we need Frida so we cannot share the app with others?' So, you can actually share the app with others without them having Frida installed. From your answer, I think you're referring to what happens if we have a longer string in the function call. I'm also curious about how to handle that. What if the function returns a string with a length of 5 characters, but we need to change it to more characters, for example, 10 or 20?
Blutter tool is not able to recover the obfuscated symbols so yes it’s difficult to analyse the obfuscated binary. In such cases you can rely on flutter sdk apis and reverse from there!
@@fatalsec For the Flutter app, I would like to modify some simple logic, such as changing if-else statements or updating the text displayed in the UI, or perhaps adding a new method to the class and calling it somewhere in the app.
I was struggling for month while trying to work on an Flutter app, until I saw this video! Great job
Woow i was waiting for this kind of video ❤
This was awesome! Can't wait for your RE series on Flutter :D
Waited too long for flutter😢 thanks brother❤
Yes I know, thanks for waiting.
@@fatalsec you pro😿♥️
😮
What about dumping 360 protection apps like Yunji 雲集 which is Chinese version og Jnotes?
You can make course on UDEMY
Thanks for your suggestion. Noted.
One key difference between blutter and reflutter which I notice is that, reflutter dumps the offsets with dump.dart file which require the patched app to run , but blutter does this by building a sdk around libapp.so .What are the other key difference between using reflutter and blutter tool.
A major difference in using these tools is the one you mentioned that reflutter patches the libapp.so and requires the apk to be resigned which sometimes can cause problems. Apart from this reflutter automatically patches the certificate pinning check so you don’t have to bother about that.
In your next flutter reversing app we would like you to see solving a challenge specifically ssl;-pinning using the above videos methodology.
Sounds like a good idea. Noted.
Bro bypæss SSL pinning using Http toolkit 💯 tested
Wow! Pretty useful video👏
Sir meri aap se ek choti se request hai mera ek game hai jo 2012 me lunch hua tha ab wo game nhi chal rha hai please aus ko aaj ke phone ke hisaab se kr dijiye please 😢😢😢😢😢😢😢😢😢😢😢😢
Awesome ❤
Hello my freind , first thank you for your effort ,
Secondly, when obfuscation is not done in flutter applications reverse engineering is very easy with blutter ,
But when obfuscation is used, reverse engineering is complicated , I hope you will find a solution for me to reverse engineer Flutter applications that have been obfuscated
Yes, if you can share any sample application which is having obfuscation then it would be great. I will have a look.
Also, it’s not just the case with flutter apps. Any app which is heavily obfuscated will cause trouble in reverse engineering.
Very informative video.
My thought : we can do it only when a func returning a string.
Also we need frida so we can not share the app to others?
Last,(request) can we edit inside Assembly to return our string? By storing our string in an address then load the address and return?
Like we do in normal apk const-string 😊
No you can hook any type of function irrespective of the function return type.
And to answer your second question you need to wait for the upcoming Flutter series. 😉
@@fatalsec i am waiting sir 😁😁😁 please hurry if possible..
You can inject frida-gadget and a frida script into the APK, so you can share the app with others without requiring them to have frida installed or a rooted device
@@sayutizxc that's one method, but some limitation like string length must be same or less, not all string are inside in function call,
@@pubggamer7971 Sorry, I don't understand your answer. I replied to this question, 'Also, do we need Frida so we cannot share the app with others?' So, you can actually share the app with others without them having Frida installed. From your answer, I think you're referring to what happens if we have a longer string in the function call. I'm also curious about how to handle that. What if the function returns a string with a length of 5 characters, but we need to change it to more characters, for example, 10 or 20?
TypeError: cannon read property ‘shl’ of undefined
Thoughts ob
Obfuscate flutter apps?
Blutter tool is not able to recover the obfuscated symbols so yes it’s difficult to analyse the obfuscated binary. In such cases you can rely on flutter sdk apis and reverse from there!
@@fatalsec wow flutter sdk apis?
Where can i learn this.
Can you do something about unity apps?
Yes I can make a tutorial on reversing unity apps if people are interested.
hello friend, may I know what android emulator you are using?
It’s not an emulator but a real device. I use “scrcpy” to share the screen.
Is it possible to modify the assembly code to patch the APK, like we do with Smali?
You mean for flutter apps specifically or for any other native android library?
@@fatalsec For the Flutter app, I would like to modify some simple logic, such as changing if-else statements or updating the text displayed in the UI, or perhaps adding a new method to the class and calling it somewhere in the app.
@@fatalsec can we ?
How can we Use this to bypass ssl-pinng on any flutter application?
You can use reflutter to bypass ssl-pinning any flutter app, even without rooting your physical smartphone.
teach how to reflutter
Noted
@@fatalsecplease teach how to bypass anti virtualapp like this
github.com/ysrc/AntiVirtualApp
How to root android emulator...??
Epic ❤
Hello Brother.. how to contact you...
You can connect with us by joining our telegram group: t.me/SecFatal
Or you can contact us via mail: secfatal@proton.me
@@fatalsec I want to reverse app... should you
you discord please?