Doldrums Introduction

Doldrums is a powerful reverse engineering analysis tool that is targeted for Android side Flutter applications. Specifically, DoldRums is a parser and information extractor for Flutter / Dartandroid code (generally known as libapp.so), supports all DARTV2.10 release. Doldrums can export all classes existing in the isolation snapshot at runtime.

Note: This tool is currently in the test version, and there are still some re-sequence features and some types of information.

About Flutter and DART

Flutter is Google’s mobile UI framework that quickly builds high quality native user interfaces on iOS and Android. FLUTTER can work with existing code. In the world, Flutter is being used by more and more developers and organizations, and flutter is completely free, open source.

Dart is the computer programming language developed by Google, which is later determined by ECMA (ECMA-408) as a standard. It is used in the development of web, servers, mobile applications, and Internet of Things. It is open source software under the loose open source license (modified BSD certificate).

Tool requirements

DoldRums runs to use pyelftools to resolve ELF format, we can install the component using the following command:

Pip3InstallPyElftools

Tool use

This tool is very simple, we can run the following commands directly, replace libApp.so and output to replace the corresponding binary and target output files, respectively. It should be noted that the Verbose option only supports Dart Snapshot V2.12:

Python3src / main.py [-v] libapp.sooutput

The output is expected to be exported all classes, which are given below is the format of the export class:

classMyAppextendsStatelessWidget {Widgetbuild (DynamicType, DynamicType) {Codeatabsoluteoffset: 0xec85c} StringmyPrint (DynamicType, DynamicType) {Codeatabsoluteoffset: 0xeca80}}

The absolute code offset indicates the specific location of the native function in the libapp.so file.

project address

Doldrums: