search

talsec / Free-RASP-Flutter

Flutter library for improving app security and threat monitoring on Android and iOS mobile devices.
https://github.com/talsec/Free-RASP-Community
MIT License
194 stars 20 forks source link

bug: UnsatisfiedLinkError in Flutter release version #59

Closed philmayes closed 1 year ago

philmayes commented 1 year ago

Release version on Play Store crashes with stack trace:

Exception java.lang.UnsatisfiedLinkError:
  at com.aheaditec.talsec_security.security.Natives.b (Natives.java)
  at com.aheaditec.talsec_security.security.Natives.d (Natives.java)
  at com.aheaditec.talsec.security.p1.a (p1.java:7)
  at com.aheaditec.talsec.security.o1.b (o1.java:7)
  at com.aheaditec.talsec.security.o1.g (o1.java:7)
  at com.aheaditec.talsec.security.o1.lambda$pQuqSPVg98SPzityJyeCuWmt-cM (o1.java:7)
  at com.aheaditec.talsec.security.-$$Lambda$o1$pQuqSPVg98SPzityJyeCuWmt-cM.run (-.java:7)
  at com.aheaditec.talsec.security.b.a (b.java)
  at com.aheaditec.talsec.security.o1.d (o1.java:1)
  at com.aheaditec.talsec.security.o1.a (o1.java:1)
  at com.aheaditec.talsec.security.z1.d (z1.java:1)
  at com.aheaditec.talsec.security.z1.lambda$R8aaFX36gDYmbo_QFUzjIfRwELs (z1.java:1)
  at com.aheaditec.talsec.security.-$$Lambda$z1$R8aaFX36gDYmbo_QFUzjIfRwELs.run (-.java:1)
  at java.lang.Thread.run (Thread.java:1012)

Google reports these crashes as being on samsung p3q & samsung r8q and it also fails locally on Pixel 7 Pro.

I tried using the Free-RASP-Community suggestion

dependencies {
    implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlin_version"
    implementation "com.google.android.gms:play-services-ads:21.4.0"
    implementation "com.android.billingclient:billing:5.1.0"
    // Talsec Release
    releaseImplementation 'com.aheaditec.talsec.security:TalsecSecurity-Community-Flutter:4.0.0-release'
    // Talsec Debug
    // implementation 'com.aheaditec.talsec.security:TalsecSecurity-Community-Flutter:4.0.0-dev'
}

but (probably not surprising) this gave me

Launching lib\main.dart on Pixel 7 Pro in release mode...
√  Built build\app\outputs\flutter-apk\app-release.apk (15.0MB).
E/AndroidRuntime(11270): FATAL EXCEPTION: Thread-5
E/AndroidRuntime(11270): Process: app.fourfit.fourfit, PID: 11270
E/AndroidRuntime(11270): java.lang.UnsatisfiedLinkError: No implementation found for java.lang.String[] e.a.c.a.a.f() (tried Java_e_a_c_a_a_f and Java_e_a_c_a_a_f__)
E/AndroidRuntime(11270):    at e.a.c.a.a.f(Native Method)
E/AndroidRuntime(11270):    at e.a.c.a.a.k(Unknown Source:0)
E/AndroidRuntime(11270):    at e.a.b.a.e.run(:7)
E/AndroidRuntime(11270):    at e.a.b.a.p.c(Unknown Source:8)
E/AndroidRuntime(11270):    at e.a.b.a.i0.b(:1)
E/AndroidRuntime(11270):    at e.a.b.a.h.run(:1)
E/AndroidRuntime(11270):    at java.lang.Thread.run(Thread.java:1012)
I/flutter (11270): _loadLocal result: false

I'm running:

Everything works fine in debug AND profile modes. Thanks for any help :-)

msikyna commented 1 year ago

Hello @philmayes ,

we will look at the issue. Thank you for reporting it.

Kind regards, Talsec team

yardexx commented 1 year ago

Hello @philmayes,

Exception java.lang.UnsatisfiedLinkError:
 at com.aheaditec.talsec_security.security.Natives.b (Natives.java)
 at com.aheaditec.talsec_security.security.Natives.d (Natives.java)

We are still working on this issue. We were not able to reproduce it on our testing devices. I hope that we will find at least some workaround soon.


E/AndroidRuntime(11270): java.lang.UnsatisfiedLinkError: No implementation found for java.lang.String[] e.a.c.a.a.f() (tried Java_e_a_c_a_a_f and Java_e_a_c_a_a_f__)
E/AndroidRuntime(11270): at e.a.c.a.a.f(Native Method)

This is strange behavior because the classes containing native methods are obfuscated as well. Classes containing native methods cannot be obfuscated (the name must be preserved because it’s used during native .so file linking -> resulting in UnsatisfiedLinkError). Usually, the keep rule for native methods is automatically added in default android/flutter proguard files.

We added consumer-rules.pro to our Android library, containing the keep exception for native classes. Those rules should be automatically merged with your proguard rules when building the application in release mode. A new release with this fix should be available during next week.

In the meantime, you can apply following rule:

-keepclasseswithmembernames,includedescriptorclasses class * {
    native <methods>;
}

to the proguard-rules.pro file in your android app module folder. If the issue persists, could you send us the content of configuration.txt file that can be found in build/app/outputs/mapping/release after the application is built in release mode.

Best regards, Jaroslav, Talsec team

msikyna commented 1 year ago

Hello @philmayes , we have inspected a similar issue and provided a partial solution and suggested a few more solutions, which needs to be tested. You can check it out in this issue: https://github.com/talsec/Free-RASP-Android/issues/18

Kind regards, Talsec team

yardexx commented 1 year ago

Closed as resolved.

If issue persists, please reopen this issue.