Filip Nikiforov

Senior Mobile AppSec Analyst, Positive Technologies

About the speaker

Filip is a member of PT SWARM (Positive Technologies Security Weakness Advanced Research and Modeling). He participates in bug bounty programs, including the Google Play Security Reward Program. Filip also likes hacking and researching APIs (maybe even more than mobile apps). Telegram: @impact_l.
August 25
15:00–16:00
Track 1
Russian

You can come across Flutter applications in security analysis projects or bug bounty programs. Most often, such assets are simply overlooked due to the lack of methodologies and ways to reverse engineer them.

This study is the result of Filip deciding one day not to put up with this anymore and to find a way, which led him to writing the reFlutter tool.

The report explores patches to the Dart VM source code and demonstrates the operation of the utility in the BMW application.