{"id":13483533,"url":"https://github.com/mildsunrise/darter","last_synced_at":"2025-04-09T12:06:11.632Z","repository":{"id":50425120,"uuid":"220013975","full_name":"mildsunrise/darter","owner":"mildsunrise","description":":detective: Dart / Flutter VM snapshot analyzer","archived":false,"fork":false,"pushed_at":"2022-01-11T00:50:22.000Z","size":3317,"stargazers_count":320,"open_issues_count":7,"forks_count":52,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-04-02T11:04:27.129Z","etag":null,"topics":["dart","flutter","reverse-engineering"],"latest_commit_sha":null,"homepage":"","language":"Jupyter Notebook","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mildsunrise.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-11-06T14:20:11.000Z","updated_at":"2025-03-25T07:04:56.000Z","dependencies_parsed_at":"2022-09-23T21:40:23.566Z","dependency_job_id":null,"html_url":"https://github.com/mildsunrise/darter","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mildsunrise%2Fdarter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mildsunrise%2Fdarter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mildsunrise%2Fdarter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mildsunrise%2Fdarter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mildsunrise","download_url":"https://codeload.github.com/mildsunrise/darter/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248036063,"owners_count":21037092,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dart","flutter","reverse-engineering"],"created_at":"2024-07-31T17:01:12.468Z","updated_at":"2025-04-09T12:06:11.612Z","avatar_url":"https://github.com/mildsunrise.png","language":"Jupyter Notebook","funding_links":[],"categories":["Jupyter Notebook"],"sub_categories":[],"readme":"⚠️ **Warning:** This project is outdated. The format of Dart snapshots changes CONSTANTLY, and any Dart RE tools like this one NEED constant maintenance or they stop working with newer versions of Dart / Flutter. Contributions are welcome, but I currently do not have the time to invest in monitoring changes to the VM and keeping this updated.\n\nSo, if your snapshot was produced by a reasonably modern version, it probably won't parse [correctly]. Still, if you want to try, you'll probably need at least [the fix in #3](https://github.com/mildsunrise/darter/issues/8#issuecomment-929099367).\n\n---\n\n# darter: Dart snapshot parser\n\n`darter` is a Python module that can fully parse the data inside a Dart snapshot\n(i.e. the `libapp.so` file in a release Flutter app).\n\nFeatures:\n\n - Parses 100% of the snapshot data, including memory structures.\n - Supports many architectures and the three snapshot types (old, AppJIT and AppAOT).\n - Usually zero-config: autodetects flags \u0026 settings from the snapshot.\n - Extracts the blobs from `app.so` or `.snapshot` files automatically.\n - Stores back-references, so you can navigate the graph easily.\n - Debugging output \u0026 strict mode controls.\n - Disassembles and analyzes the compiled code to find references to VM objects.\n\nExamples of what you can do with the parsed info:\n\n - Extract string table of the application\n - Find usages of a certain object\n - Export metadata for Radare2\n - Deobfuscate a snapshot by matching it with a reference one\n - Generate call graph, library dependency graph, etc.\n\n**Note:**\nKeep in mind that this is for parsing binary (i.e. architecture-dependent) snapshots.\n`.dill` files and some `.snapshot` files contain [Kernel AST](https://github.com/dart-lang/sdk/tree/master/pkg/kernel), which\nis a completely different format and currently not supported by `darter`.\n[[Learn more]](https://github.com/dart-lang/sdk/wiki/Snapshots#kernel-snapshots)\n\n\n## How to use\n\nMost of the code is zero-dependency, except for:\n\n - `parse_elf_snapshot(...)` requires [pyelftools](https://github.com/eliben/pyelftools)\n\n - the `darter.asm` module (for analyzing the assembled code) requires\n   [Capstone](https://www.capstone-engine.org/documentation.html)\n   (and its python binding)\n\n`darter` in itself is just a module, it has no stand-alone program or CLI.  \nThe recommended way to use it is by including it in a notebook and\nplaying with the parsed data.\n\n[Install Jupyter](https://jupyter.org/install) and open the `1-introduction`\nnotebook for a basic walkthrough of the parsed data; then head to `2-playground`\nwhich contains more interesting examples of use.\n\nIt's *highly recommended* that you first play with a known snapshot (i.e.\nthat you have built yourself or have the code), before analyzing the\nsnapshot you are after.\n\n\n## Status\n\nThe parser is still at an early stage and will not work in every case.\n\n - It has been heavily tested on AppAOT Product snapshots on ARM and ARM64.\n - It has been lightly tested on AppJIT Release snapshots on x64.\n - The disassembly analysis is architecture-dependent, and currently supports ARM and ARM64.\n - The rest of the code is mostly architecture-independent, but it may not work on other architectures without some modifications.\n\nThis parser was written based on dart-sdk at `1ef83b86ae`.\nThe snapshot format is internal to the VM. It dumps some of the objects as they appear\nin memory; you need to know how the VM (arch, compile flags) was compiled in order\nto parse it. It [can change frequently between versions](./info/versions.md), as\nthere's not a standard spec (AFAIK) for the format.\n\nAny help or donations are welcome.\n\n\n## Technical details\n\nGiven an *data section* and an *instructions section* (and optionally a *base*):\n\n - Parse the clusters allocation section, building the reference table.\n - Parse the clusters fill section.\n - Parse the root object.\n - Link the references between objects.\n - Parse the native structures (`OneByteString`, `CodeSourceMap`, `Instructions`, etc.).\n - The resulting VM objects (and cluster descriptions) are returned.\n\nThe information is returned as parsed as much as possible, so that it is easy to\nmanipulate. Back-references are tracked too, so that it's easy to know where a certain\nobject is referenced from.\n\n`darter` can parse both 'VM' snapshots and 'isolate' ones (the ones we care about).\n\nThe `darter.asm` module disassembles the compiled code and analyzes it.\nThis is crucial for AOT snapshots, because we get no high-level bytecode.\n\n\n## See also\n\nIf you are new to Dart / Flutter reverse-engineering, it's a good idea to read\nthis introduction first: https://mrale.ph/dartvm/\n\nThe relevant code on snapshot serialization is at [`runtime/vm/clustered_snapshot.cc`](https://github.com/dart-lang/sdk/blob/1ef83b86ae637ffe7359173804cbc6d3fa25e6db/runtime/vm/clustered_snapshot.cc)\nand [`runtime/vm/raw_object.h`](https://github.com/dart-lang/sdk/blob/1ef83b86ae637ffe7359173804cbc6d3fa25e6db/runtime/vm/raw_object.h).\n\nThere's also additional info in the `info` directory.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmildsunrise%2Fdarter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmildsunrise%2Fdarter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmildsunrise%2Fdarter/lists"}