Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

blutter tool added (by @appknox) #2881

Merged
merged 14 commits into from
Nov 7, 2024
Merged

blutter tool added (by @appknox) #2881

merged 14 commits into from
Nov 7, 2024

Conversation

ScreaMy7
Copy link
Collaborator

Blutter tool added
closes #2619

@cpholguera
Copy link
Collaborator

Hi @ScreaMy7, is this a draft? The file is empty. Also, please sort the tools table here to find out what the next ID should be:

https://mas.owasp.org/MASTG/tools/

Thanks!

@ScreaMy7
Copy link
Collaborator Author

Hey, @cpholguera we have made changes.

@OWASP OWASP deleted a comment Sep 9, 2024
TheDauntless
TheDauntless requested changes Sep 11, 2024
View reviewed changes
Copy link
Collaborator

@TheDauntless TheDauntless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few suggestions. Maybe you can also add the different interesting outputs that Blutter provides?

tools/android/MASTG-TOOL-0111.md Outdated Show resolved Hide resolved
tools/android/MASTG-TOOL-0111.md Outdated

[Blutter](https://github.com/worawit/blutter) is an open-source tool created to support the reverse engineering of Flutter applications by compiling the Dart AOT Runtime. It targets the lib files found in decompiled apks and is compatible with the latest versions of Dart. It makes use of an advanced C++20 formatting library. The tool is compatible with Linux, Windows, and macOS operating systems. Blutter is capable of extracting and analyzing Dart objects and can generate Frida scripts for further analysis. It automatically compiles any required Dart versions that are not already installed.

This tool does require a specific environment to work, which can be found [here](https://github.com/worawit/blutter?tab=readme-ov-file#environment-setup).If you don’t want to setup the environment here is the docker support for the blutter tool.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is the docker support?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's not supported yet: worawit/blutter#50

pancake has one currently: https://github.com/trufae/blutter-docker

Copy link
Collaborator Author

@ScreaMy7 ScreaMy7 Sep 30, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no official docker support as of now, so I have not added it here. But, docker is necessary to work with this tool as it is difficult to get the right dependency. So @cpholguera should we include links to these in the guide?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, please update the paragraph accordingly (you can include both links)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have added the docker file itself, as it is a short file, and this will prevent any broken links while providing ease of usage for this tool.

tools/android/MASTG-TOOL-0111.md Outdated Show resolved Hide resolved
@cpholguera
Copy link
Collaborator

@ScreaMy7 could you please take a look at the review comments? Thanks a lot!

cpholguera
cpholguera requested changes Oct 1, 2024
View reviewed changes
tools/android/MASTG-TOOL-0111.md Outdated Show resolved Hide resolved
tools/android/MASTG-TOOL-0111.md Outdated Show resolved Hide resolved
TheDauntless
TheDauntless reviewed Nov 4, 2024
View reviewed changes
Copy link
Collaborator

@TheDauntless TheDauntless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small updates. Docker script is no longer in there, but there is a reference to the PR. If at some point it gets merged, we can link directly.

@TheDauntless
Copy link
Collaborator

@cpholguera Merge please :)

@TheDauntless TheDauntless self-requested a review November 7, 2024 11:30
@cpholguera cpholguera merged commit 5c2d9c8 into OWASP:master Nov 7, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpholguera cpholguera cpholguera approved these changes

@TheDauntless TheDauntless TheDauntless approved these changes

Assignees

@ScreaMy7 ScreaMy7

Labels
changes-requested tools
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Tool] Add blutter?
3 participants
@ScreaMy7 @cpholguera @TheDauntless