Open MrFatoni opened 2 years ago
App.framework/App inside Frameworks folder, so reFlutter not detecting App.framework/App
Hi @MrFatoni, You have the correct paths, this should work. Try it on a non-MacOS device.
To track the issue, find FlutterEngine, usually located in the Flutter.framework
folder open Info.plist
it contains the engine commit. Example:
#somepath/Flutter.framework/Info.plist
<key> FlutterEngine </key>
<string> b8752bbfff0419c8bf616b602bc59fd28f6a3d1b </string>
Please send it here.
or Unpack ipa and
c0de@c0de:~/repos/extracted_ipa$ grep -r "FlutterEngine" . -A 5
grep: ./Payload/Runner.app/Frameworks/Flutter.framework/Flutter: binary file matches
--
./Payload/Runner.app/Frameworks/Flutter.framework/Info.plist: <key>FlutterEngine</key>
./Payload/Runner.app/Frameworks/Flutter.framework/Info.plist- <string>b8752bbfff0419c8bf616b602bc59fd28f6a3d1b</string>
./Payload/Runner.app/Frameworks/Flutter.framework/Info.plist- <key>ClangVersion</key>
./Payload/Runner.app/Frameworks/Flutter.framework/Info.plist- <string>Apple clang version 11.0.0 (clang-1100.0.33.8)</string>
./Payload/Runner.app/Frameworks/Flutter.framework/Info.plist-</dict>
./Payload/Runner.app/Frameworks/Flutter.framework/Info.plist-</plist>
Make sure you have the latest version of reFlutter 0.4.9
installed
pip3 install reflutter==0.4.9
Thanks
already update and still got error
./Frameworks/Flutter.framework/Info.plist: <key>FlutterEngine</key>
./Frameworks/Flutter.framework/Info.plist- <string>a9d88a4d182bdae23e3a4989abfb7ea25954aad1</string>
./Frameworks/Flutter.framework/Info.plist- <key>ClangVersion</key>
./Frameworks/Flutter.framework/Info.plist- <string>Apple clang version 11.0.3 (clang-1103.0.32.62)</string>
@MrFatoni , Ok, find Flutter Engine in /Frameworks/Flutter.framework/
folder and replace manually in archive with this https://github.com/ptswarm/reFlutter/releases/tag/ios-e4a09dbf2bb120fe4674e0576617a0dc
Note the ip of your BurpSuite must be 192.168.133.104
port 8083
I would really like to prevent users from encountering this error in the future.
Can you show the content of ./Frameworks/Flutter.framework/
?
It would be cool if you share this amazing ipa
or
strings ./Frameworks/App.framework/App -n 32 | grep -e "^[0-9a-f]\{32\}"
Please send output it here.
Thanks
sorry i can't share the ipa. i run the command, but I am not getting anything as output.
.Frameworks/Flutter.framework/
@MrFatoni , I may have found a reason
How about
strings ./Frameworks/App.framework/App -n 32 | head -5
Thanks for the feedback
@MrFatoni, I understood. Fine. By the way, have you successfully replaced the library? Do you have traffic interception in BurpSuite?
yes it works, thanks
Hi @Impact-I, I'm experiencing the same issue with FlutterEngine - d3ea636dc5d16b56819f3266241e1f708979c233.
Running
strings ./Frameworks/App.framework/App -n 32 | grep -e "^[0-9a-f]\{32\}"
returns an empty response.
Any help? If you would require me to share the IPA, let me know. Thanks.
Hi @jayluxferro , Yes, it would be very cool if you could share the ipa file.
Thanks!
Hi @Impact-I
So far these are the flutter engines I've come across whose snapshot hashes do not exist in the engine hash. FlutterEngine
Thanks.
@jayluxferro , Thanks for sharing
For hash d3ea636dc5d16b56819f3266241e1f708979c233
you can take
https://github.com/ptswarm/reFlutter/releases/tag/ios-9cf77f4405212c45daf608e1cd646852
For hash 40a99c595137e4b2f5b2efa8ff343ea23c1e16b8
you can take
https://github.com/ptswarm/reFlutter/releases/tag/ios-adf563436d12ba0d50ea5beb7f3be1bb
Thanks @Impact-I. I used the suggested binaries, completed the process and signed the .ipa file. After successful installation, it can't launch. It seems to crash once launched. I hooked it to lldb and got an error "Cannot allocate memory".
Hi @Impact-I, after several hours, I was able to determine why some snapshots don't get detected.
Most .ipa files are encrypted hence has to be decrypted. I used frida (https://github.com/AloneMonkey/frida-ios-dump) to dump a decrypted version of the IPA file.
Afterwards, I used reFlutter to generate the new IPA and signed it using iOS App Signer https://github.com/DanTheMan827/ios-app-signer) and it worked. I'm able to monitor/intercept the traffic now.
Thanks a lot for your tool.
not working for some apps
i got error "Make sure there is arm64-v8a/libapp.so or App.framework/App file in the package" the app is flutter and has App.framework/App