{"id":46922463,"url":"https://github.com/impact-i/reflutter","last_synced_at":"2026-05-03T12:05:07.201Z","repository":{"id":37665407,"uuid":"481258108","full_name":"Impact-I/reFlutter","owner":"Impact-I","description":"Flutter Reverse Engineering Framework","archived":false,"fork":false,"pushed_at":"2026-02-16T23:01:44.000Z","size":840,"stargazers_count":2455,"open_issues_count":39,"forks_count":273,"subscribers_count":28,"default_branch":"main","last_synced_at":"2026-02-17T05:32:28.888Z","etag":null,"topics":["bugbounty","mobile-security","reverse-engineering","ssl-pinning"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Impact-I.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-04-13T14:50:18.000Z","updated_at":"2026-02-16T23:01:23.000Z","dependencies_parsed_at":"2023-12-24T20:17:18.876Z","dependency_job_id":"0df5892f-5a3e-4b3e-89c1-758b60bd5a55","html_url":"https://github.com/Impact-I/reFlutter","commit_stats":{"total_commits":87,"total_committers":1,"mean_commits":87.0,"dds":0.0,"last_synced_commit":"bb8a8c01c8ae8a561455bc94c25a90336aeb922e"},"previous_names":[],"tags_count":202,"template":false,"template_full_name":null,"purl":"pkg:github/Impact-I/reFlutter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Impact-I%2FreFlutter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Impact-I%2FreFlutter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Impact-I%2FreFlutter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Impact-I%2FreFlutter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Impact-I","download_url":"https://codeload.github.com/Impact-I/reFlutter/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Impact-I%2FreFlutter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30368601,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-10T21:41:54.280Z","status":"online","status_checked_at":"2026-03-11T02:00:07.027Z","response_time":84,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","mobile-security","reverse-engineering","ssl-pinning"],"created_at":"2026-03-11T03:03:09.292Z","updated_at":"2026-03-11T03:03:14.400Z","avatar_url":"https://github.com/Impact-I.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![stars](https://img.shields.io/github/stars/Impact-I/reFlutter)](https://github.com/Impact-I/reFlutter/stargazers)\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://user-images.githubusercontent.com/87244850/135659542-22bb8496-bf26-4e25-b7c1-ffd8fc0cea10.png\" width=\"75%\"/\u003e\u003c/p\u003e\n\n**Read more on the blog:** \u003chttps://swarm.ptsecurity.com/fork-bomb-for-flutter/\u003e\n\nThis framework helps with Flutter apps reverse engineering using the patched version of the Flutter library which is already compiled and ready for app repacking. This library has snapshot deserialization process modified to allow you perform dynamic analysis in a convenient way.\n\nKey features:\n\n- `socket.cc` is patched for traffic monitoring and interception;\n- `dart.cc` is modified to print classes, functions and some fields;\n- display absolute code offset for functions;\n- contains minor changes for successful compilation;\n- if you would like to implement your own patches, manual Flutter code changes are supported using a specially crafted `Dockerfile`.\n\n### Supported engines\n\n- Android: arm64, arm32;\n- iOS: arm64;\n- Release: Stable, Beta\n\n### Install\n\n```\n# Linux, Windows, MacOS\npip3 install reflutter==0.8.6\n```\n\n### Usage\n\n```console\nimpact@f:~$ reflutter main.apk\n\nPlease enter your Burp Suite IP: \u003cinput_ip\u003e\n\nSnapshotHash: 8ee4ef7a67df9845fba331734198a953\nThe resulting apk file: ./release.RE.apk\nPlease sign the apk file\n\nimpact@f:~$ reflutter main.ipa\n```\n\n### Traffic interception\n\nYou need to specify the IP of your Burp Suite Proxy Server located in the same network where the device with the Flutter application is. Then configure the Proxy in `BurpSuite -\u003e Listener Proxy -\u003e Options tab`:\n\n- Add port: `8083`\n- Bind to address: `All interfaces`\n- Request handling: Support invisible proxying = `True`\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://user-images.githubusercontent.com/87244850/135753172-20489ef9-0759-432f-b2fa-220607e896b8.png\" width=\"84%\"/\u003e\u003c/p\u003e\n\nNo certificate installation or root access is required for Android. reFlutter also allows bypassing some of the Flutter certificate pinning implementations.\n\n\u003e ⚠️ **Note:** Starting from Flutter version **3.24.0** (snapshot hash: `80a49c7111088100a233b2ae788e1f48`), the hardcoded proxy IP and port have been removed. You now need to configure your proxy directly on the device.\n\n#### On Android\n\nUse ADB to configure the device’s proxy:\n\n```bash\nadb -s \u003cdevice\u003e shell \"settings put global http_proxy \u003cproxy_ip:port\u003e\"\n```\n\nSign, align, and install the APK. Optionally configure **TunProxy** to route traffic through Burp Suite.\n\n#### On iOS\n\nSign and install the IPA. Configure **Potatso** to use your Burp Suite proxy server.\n\n### Usage on Android\n\nThe resulting apk must be aligned and signed. A recommended tool is [uber-apk-signer](https://github.com/patrickfav/uber-apk-signer/releases/tag/v1.2.1):\n\n```bash\njava -jar uber-apk-signer.jar --allowResign -a release.RE.apk\n```\n\nRun the app on a device. Determine `_kDartIsolateSnapshotInstructions` via binary search. reFlutter writes the dump file to the app's root folder and sets 777 permissions. Retrieve it using:\n\n```bash\nadb -d shell \"cat /data/data/\u003cPACKAGE_NAME\u003e/dump.dart\" \u003e dump.dart\n```\n\n\u003cdetails\u003e\n\u003csummary\u003efile contents\u003c/summary\u003e\n\n```dart\nLibrary:'package:anyapp/navigation/DeepLinkImpl.dart' Class: Navigation extends Object {\nString* DeepUrl = anyapp://evil.com/ ;\n...\n```\n\n\u003c/details\u003e\n\n### Usage on iOS\n\nAfter running `reflutter main.ipa`, execute the app on device. The dump file path is printed to Xcode console logs:\n\n```\nCurrent working dir: /private/var/mobile/Containers/Data/Application/\u003cUUID\u003e/dump.dart\n```\n\nRetrieve the file from the device.\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://user-images.githubusercontent.com/87244850/135860648-a13ba3fd-93d2-4eab-bd38-9aa775c3178f.png\" width=\"100%\"/\u003e\u003c/p\u003e\n\n### Frida\n\n```\nfrida-tools==13.7.1\nfrida==16.7.19\n```\n\nUse dump offsets in the Frida [script](https://github.com/Impact-I/reFlutter/blob/main/frida.js):\n\n```bash\nfrida -U -f \u003cpackage\u003e -l frida.js\n```\n\nTo find `_kDartIsolateSnapshotInstructions`:\n\n```bash\nreadelf -Ws libapp.so\n```\n\nLook for the `Value` field.\n\n### To Do\n\n- [x] Display absolute code offset for functions;\n- [ ] Extract more strings and fields;\n- [x] Add socket patch;\n- [ ] Extend engine support to Debug using Fork and Github Actions;\n- [ ] Improve detection of `App.framework` and `libapp.so` inside zip archive\n\n### Build Engine\n\nEngines are built using [GitHub Actions](https://github.com/Impact-I/reFlutter/actions) based on data in [enginehash.csv](https://github.com/Impact-I/reFlutter/blob/main/enginehash.csv). Snapshot hash is retrieved from:\n\n```\nhttps://storage.googleapis.com/flutter_infra_release/flutter/\u003chash\u003e/android-arm64-release/linux-x64.zip\n```\n\n\u003cdetails\u003e\n\u003csummary\u003erelease\u003c/summary\u003e\n\n[![gif](https://user-images.githubusercontent.com/87244850/135758767-47b7d51f-8b6c-40b5-85aa-a13c5a94423a.gif)](https://github.com/Impact-I/reFlutter/actions)\n\n\u003c/details\u003e\n\n### Custom Build\n\nManual Flutter code patching is supported using Docker:\n\n```bash\ngit clone https://github.com/Impact-I/reFlutter \u0026\u0026 cd reFlutter\ndocker build -t reflutter -f Dockerfile .\n```\n\nRun with:\n\n```bash\ndocker run -it -v \"$(pwd):/t\" -e HASH_PATCH=\u003cSnapshot_Hash\u003e -e COMMIT=\u003cEngine_commit\u003e reflutter\n```\n\nExample:\n\n```bash\ndocker run -it -v \"$(pwd):/t\" -e HASH_PATCH=aa64af18e7d086041ac127cc4bc50c5e -e COMMIT=d44b5a94c976fbb65815374f61ab5392a220b084 reflutter\n```\n\n#### Example: Build Android ARM64 (Linux/Windows)\n\n```bash\ndocker run -e WAIT=300 -e x64=0 -e arm=0 -e HASH_PATCH=\u003cSnapshot_Hash\u003e -e COMMIT=\u003cEngine_commit\u003e --rm -iv${PWD}:/t reflutter\n```\n\nFlags:\n\n- `-e x64=0`: disables x64 build\n- `-e arm64=0`: disables arm64 build\n- `-e arm=0`: disables arm32 build\n- `-e WAIT=300`: time in seconds to modify source before build\n- `-e HASH_PATCH`: snapshot hash from `enginehash.csv`\n- `-e COMMIT`: engine commit hash\n\n---\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fimpact-i%2Freflutter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fimpact-i%2Freflutter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fimpact-i%2Freflutter/lists"}