KeyError: '_kDartVmSnapshotData' what can I do to fix it?

[viewZz]

Traceback (most recent call last): File "src/main.py", line 53, in isolate = parseELF(args.file) File "src/main.py", line 21, in parseELF s = symbols[s] KeyError: '_kDartVmSnapshotData'

please help me

[rscloura]

Hi! Did you pass a libapp.so file as the input?

[viewZz]

yes ,I pass libapp-armv7.so as the input and the output is the same as yours

[rscloura]

I'm afraid I can't help you any further without the .so file you're trying to parse. I've never encountered a Flutter binary that does not export the _kDartVmSnapshotData symbol. Is the .so available?

[viewZz]

Thanks anyway,may be  I  need to study your code . And this .so is not available sorry 

------------------ 原始邮件 ------------------ 发件人: "rscloura/Doldrums" <notifications@github.com>; 发送时间: 2021年2月5日(星期五) 凌晨4:59 收件人: "rscloura/Doldrums"<Doldrums@noreply.github.com>; 抄送: "╰Aunゝ"<a1046830787@qq.com>;"Author"<author@noreply.github.com>; 主题: Re: [rscloura/Doldrums] KeyError: '_kDartVmSnapshotData' what can I do to fix it? (#2)

I'm afraid I can't help you any further without the .so file you're trying to parse. I've never encountered a Flutter binary that does not export the _kDartVmSnapshotData symbol. Is the .so available?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

[rscloura]

Closing this out, then.

[Anon-Exploiter]

@rscloura I've a flutter application which when decompiled only contains these .so libraries and nothing with libapp.so name. I'm getting the same error.

I guess the creator of this issue also had the same issue, from his message as well, he's not passing the correct file as it isn't in the decompiled code.

[rscloura]

Hi @Anon-Exploiter, and sorry for the delay! The libflutter.so file only contains the Flutter VM, by default. A likely scenario is that your app was split into various .apk files, and only one of them contains the libapp.so.

Another possible scenario is that the binary has been renamed, although this would require some changes to the way Flutter loads its VM and snapshot.

Unfortunately, without access to the .apk you're looking at, I don't know how to help you any further.

[Anon-Exploiter]

Hi @Anon-Exploiter, and sorry for the delay! The libflutter.so file only contains the Flutter VM, by default. A likely scenario is that your app was split into various .apk files, and only one of them contains the libapp.so.

Another possible scenario is that the binary has been renamed, although this would require some changes to the way Flutter loads its VM and snapshot.

Unfortunately, without access to the .apk you're looking at, I don't know how to help you any further.

If you've time, I'm willing to share the apk. It was from a CTF which has ended now. Let me know if I should pm you on your socials or if you can share your discord, thanks.

[rscloura]

If the .apk is from a CTF, it a very likely a debug version, which would explain why there is no libapp.so. Feel free to post a link to the .apk, and I'll take a quick look whenever I find the time :)

[Anon-Exploiter]

The debugging is disabled though since I wasn't able to find the kernel_blob bin file. Thanks though, here's the apk: https://drive.google.com/file/d/1dPw1riTTzCFfLt7fE3Tic5MkOoWsrXwm/view

[rscloura]

The app does contain the lib app.so files, indicating a standard AOT build. To see this, simply rename the .apk you shared to .zip, extract it as a normal ZIP file, and you'll find the libapp.so files under Hybrid/lib/. Unfortunately, the snapshot has a currently unsupported Dart version, so I'm afraid Doldrums is not able to help you out of the box.

[Anon-Exploiter]

Hmmm, could it be that jadx didn't extract it? I didn't unzip it, should have, thanks anyways!

Hoping to see this and other versions being supported in the future 🙏