Hacker est une personne qui bénéficie d'une compréhension approfondie du fonctionnement interne des systèmes, des ordinateurs et des réseaux informatiques en particulier.
salut! Je propose de regarder sous le capot du framework et d'analyser le processus de compilation et, en même temps, d'identifier les problèmes potentiels lors du reverse engineering d'une application Flutter sur la plateforme Android.
Maman! Eh bien, combien de fois vous le dire, je ne suis pas du tout, je suis un HACKER!
, IT-, 1989 , «», – Intel 8086 5 128. ( ) Robotron, , , . , , - BIOS , . , -, , , «» , , .
, , , , . , , , . - DOS/RT-11/Windows/Linux, .NET Framework, Java, . , , , IT- Flutter, «» « » , .
, . , Dart Android «» , -, .
crackers ( RFC 1983). «», , . . « » «». (, IL .NET Framework) , . – .
Android , , , iOS .
, - , apk Android, , , , , (, ).
, - , . . , «» .
, - . , - «» Android Flutter? - , Flutter -. Android, , – , Java dex/jar , Smali , Flutter «», . , , , , . , , .
Android Flutter, , .
MacOS.
Debug&Release
Flutter . – debug release .
Debug , , , , JIT (Just-In-Time) , «--», , , .
Release AOT (Ahead-Of-Time) «», , , .
2- – AST . AST (Abstract-Syntax-Tree), Kernel Binary ( dill).
JIT AOT: JIT , , (, – ) , iOS JIT , release AOT.
Debug
debug. flutter build apk --debug
APK , , zip ,
app-debug.apk
, Flutter Android:
classes.dex – Dalvik, Java/Kotlin - . Flutter Flutter Android API, - FlutterActivity, ,
libflutter.so – Flutter C/C++. runtime Flutter, OpenGL, SKIA runtime Dart. c GN
, :
isolate_snapshot_data / , , ,
vm_snapshot_data Dart
kernel_blob.bin, kernel binary, Dart. blob , . . kernel binary, debug . debug , «» . , , release
Release
flutter build apk
--verbose
, , . , AST , app.dill, gen_snapshot, app.dill libapp.so, APK .
app-release.apk
release classes.dex libflutter.so, debug, «», , . debug isolate_snapshot_data, vm_snapshot_data, , libapp.so, , , kernel_blob.bin _kDartIsolateSnapshotInstructions _kDartVmSnapshotInstructions .
, (assets) flutter_assets, .
, libapp.so, , . Dart IL, AST Dart . , , – , (_kDartIsolateSnapshotData), IL , kernel binary , , Dart. , , .
- , , .
2 , , , -, , . , .
libapp.so arm64, . , , . tbnz tbz .
IL Dart sdk, . assembler ARM64 . flowgraph IL. , JIT, AOT .
, , Dart SDK .
main.dart
const _secret = 'secret';
void main(List<String> args) {
if (args.isNotEmpty) {
String value = args[0];
if (value == _secret) {
print("You are in!!");
} else {
print("Please, enter again");
}
}
}
IL, CFG
dart --print-flow-graph --print-flow-graph-filter=main --disassemble main.dart
,
;; t0 <- LoadLocal(value @-1)
0x10ac21e87 ff75e0 push [rbp-0x20]
;; t1 <- Constant(#secret)
0x10ac21e8a 4d8b5f47 movq r11,[pp+0x47]
0x10ac21e8e 4153 push r11
;; t0 <- InstanceCall:24( ==<0>, t0, t1)
0x10ac21e90 488b542408 movq rdx,[rsp+0x8]
0x10ac21e95 498b5f4f movq rbx,[pp+0x4f]
0x10ac21e99 4d8b6757 movq r12,[pp+0x57]
0x10ac21e9d 41ff54240f call [r12+0xf]
0x10ac21ea2 59 pop rcx
0x10ac21ea3 59 pop rcx
0x10ac21ea4 50 push rax
;; t1 <- LoadLocal(:t0 @-2)
;; AssertBoolean:26(t1)
0x10ac21ea5 488b45d8 movq rax,[rbp-0x28]
0x10ac21ea9 493b86d0000000 cmpq rax,[thr+0xd0] null
0x10ac21eb0 0f8509000000 jnz 0x000000010ac21ebf
0x10ac21eb6 4d8b672f movq r12,[pp+0x2f]
0x10ac21eba 41ff542407 call [r12+0x7]
;; t1 <- Constant(#true)
0x10ac21ebf 41ffb6d8000000 push [thr+0xd8]
;; Branch if StrictCompare:28(===, t0, t1) goto (4, 5)
0x10ac21ec6 415b pop r11
0x10ac21ec8 58 pop rax
0x10ac21ec9 493b86d8000000 cmpq rax,[thr+0xd8] true
0x10ac21ed0 0f8522000000 jnz 0x000000010ac21ef8
- APK
apk . :
apk
libapp.so
apk
apk
apktool
apktool d -r -s app-release.apk
app-release . arm64 libapp.so lib/arm64-v8a .
0x1FFCA7 037
libapp.so c apk
apktool b app-release
APK, . , .
keytool -genkeypair -v -keystore example.keystore -alias example -keyalg RSA -keysize 2048 -validity 10000
apksigner sign --ks example.keystore --ks-key-alias example app-release.apk
adb install app-release.apk
, ... ! .
- , – Flutter «» Android. «», – -, SQL-unpinning, , . , , , , . -, . , , -.
Flutter, , flutter_secure_storage , , .
Dart SDK , Dart
https://github.com/dart-lang/sdk/blob/master/runtime/docs/index.md