Senior Mobile AppSec Analyst, Positive Technologies
You can come across Flutter applications in security analysis projects or bug bounty programs. Most often, such assets are simply overlooked due to the lack of methodologies and ways to reverse engineer them.
This study is the result of Filip deciding one day not to put up with this anymore and to find a way, which led him to writing the reFlutter tool.
The report explores patches to the Dart VM source code and demonstrates the operation of the utility in the BMW application.