flutter逆向实战1-寻找一个目标Flutter应用用来分析

发布于 作者:

寻找一个目标Flutter应用用来分析

由于市面上flutter应用还是不够普及,想在商店找到一款完全使用flutter技术实现的应用居然有点难度。

商店并没有区分普通原生应用和flutter应用,如此查找确实费事费力。

好在flutter官方网站有个showcase页面

网站链接 https://flutter.dev/showcase

4 Pics 1 Word

我们随便翻一下,发现 4 Pics 1 Word 这个应用使用了flutter

https://storage.googleapis.com/cms-storage-bucket/images/header_Lotus.width-1440.format-webp-lossless.webp

这个说明他们完全使用了flutter技术

Lotum used Flutter to completely rewrite 4 Pics 1 Word as a cross-platform app.
Whereas other cross-platform frameworks either try to emulate native components or translate cross-platform code into their native counterparts, Flutter uses its own rendering engine, Skia, to offer a consistent game layout, look, and feel.
This was important to the team, as it would help them achieve the feature parity they felt they had previously lacked.

为了验证这个应用 我们下载他的最新版apk

https://4-pics-1-word.en.uptodown.com/android/download

进行jadx打开,发现主页面确实继承FlutterActivity而且lib包含一个超大的libapp.so以及libflutter.so

确认无误之后

那么我们这次的flutter逆向之路就从分析 4 Pics 1 Word 开始吧

在后续的研究中 发现前一个应用不联网也能通信使用,不太好定位url

我选择更换一个其他类型的应用

Sua Musica 这个应用 是流媒体联网应用

https://dw40.uptodown.com/dwn/WMMLvDq88Nxz7O8zUvD6uI7RZucy4WjI7M9BtbJ33YtIs0SHJgzA92RuLrguGxIvIXhA4DRxPIqbpvUpdiGWFc6sVJWegjl-nPaTBXNPU9C4I4arRuaYxG7g3C6UmL1Z/n90RxG-3OCU7M5hj3fpQHAq6AJ4s1RqcUp_pxqOVsh3z2qTQ6Hqca9V2sgQVInJvmCIUQMH8XvEaXnevIf6mWB2wa_Y-NHnUtZSkO-rbg54YHf6MA6ww_rISIdjP7lCC/9teeqq_TmWrLQp1emvUebxXBskbOSOXbYFolXxgvg2EwmM1KywjDaBLyGi13Gzsbgjbb72Jmrpl_DlaC2v2BZg==/sua-musica-3-7-10.apk

或者换成 Dream11 同样是个资讯工具