Reversing flutter apps is very complex.
This because even if you decrypt a flutter app with any tool (clutch, frida ipa dump, crackerXI, etc.) you still cannot analyze it in a disassembler like Hopper or IDA.
Why that? Because of how flutter works.
When you open a flutter app --> it gets opened the Flutter engine (the “Runner” executable) this is not the real application but only the flutter engine which is no interesting for reverse engineers. The flutter engine will the load the “App.framework” file which is THE ACTUAL application.
Unfortunately you cannot load into a Disassembler because it is not yet an executable, but it is rather a Dart snapshot which must be deserialized and put into the process memory by the “Runner” executable.
You basically have 2 chances here:
- either you modify the flutter engine (extremely complex) to deserialize the App.framework and export it through USB or somewhere so you can analyze
- dump the process memory after the deserialization is complete and try to load the process memory into IDA.
If you make any progress please let me know, I’m trying to reverse flutter app as well but with no success
如果不谈 Flutter 只谈 iOS 的话，防逆向最有效的策略就是包一层虚拟机；Flutter 刚好满足了这个条件。