first version

.gitignore

@@ -0,0 +1,16 @@
+*.iml
+.gradle
+/local.properties
+/.idea/caches
+/.idea/libraries
+/.idea/modules.xml
+/.idea/workspace.xml
+/.idea/navEditor.xml
+/.idea/assetWizardSettings.xml
+.DS_Store
+/build
+/captures
+.externalNativeBuild
+.cxx
+local.properties
+build.bat

README.md

@@ -0,0 +1,32 @@
+# Zygisk-based reFlutter implementation
+
+reFlutter is a handy tool for reverse engineering Flutter-based applications for both rooted and non-rooted Android. To use Reflutter, you must obtain your APK and replace libflutter.so, resign the APK and reinstall it.
+
+The Zygisk module is designed to empower rooted Android users by simplifying the process. With the provided app, you can easily download `libflutter.so` from reFlutter project. The Zygisk module will then seamlessly replace `libflutter.so` at runtime, making the process straightforward and efficient.
+
+Please note: set up your Proxy IP. Set your Burp Suite like you would set when using reFlutter (listen to `*:8083` and enable "Support invisible proxying").
+
+## Requirements
+
+Rooted Android with Magisk installed and Zygisk Enabled
+
+## Installation
+
+Download the ZIP file, and install it as Zygisk module. You can also do it from ADB:
+
+
+```
+adb push  zygiskreflutter_1.0.zip /sdcard/
+adb shell su -c magisk --install-module /sdcard/zygiskreflutter_1.0.zip
+adb reboot
+```
+
+
+Install the APK, then setup your proxy IP from "Set Proxy Host" menu.
+
+Select the app that you want to *reFlutter*, click download library, once it is downloaded, you can enable the proxy feature.
+
+You can now start the target app normally
+
+
+Check adb log and filter it by "ZygiskReflutter" in case you found a problem

app/.gitignore

@@ -0,0 +1 @@
+/build

app/build.gradle.kts

@@ -0,0 +1,115 @@
+plugins {
+    alias(libs.plugins.androidApplication)
+}
+
+android {
+    namespace = "com.tinyhack.zygiskreflutter"
+    compileSdk = 34
+
+    defaultConfig {
+        applicationId = "com.tinyhack.zygiskreflutter"
+        minSdk = 27
+        targetSdk = 34
+        versionCode = 1
+        versionName = "1.0"
+
+        testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
+        externalNativeBuild {
+            cmake {
+                arguments += "-DCMAKE_BUILD_TYPE=MinSizeRel"
+
+                cppFlags += "-std=c++17"
+                cppFlags += "-fno-exceptions"
+                cppFlags += "-fno-rtti"
+                cppFlags += "-fvisibility=hidden"
+                cppFlags += "-fvisibility-inlines-hidden"
+            }
+        }
+    }
+
+    buildTypes {
+        release {
+            isMinifyEnabled = true
+            isShrinkResources = true
+            multiDexEnabled = false
+            proguardFiles(
+                getDefaultProguardFile("proguard-android-optimize.txt"),
+                "proguard-rules.pro"
+            )
+        }
+    }
+    compileOptions {
+        sourceCompatibility = JavaVersion.VERSION_1_8
+        targetCompatibility = JavaVersion.VERSION_1_8
+    }
+    externalNativeBuild {
+        cmake {
+            path = file("src/main/cpp/CMakeLists.txt")
+            version = "3.22.1"
+        }
+    }
+    buildFeatures {
+        viewBinding = true
+    }
+}
+
+
+
+dependencies {
+
+    implementation(libs.appcompat)
+    implementation(libs.material)
+    implementation(libs.constraintlayout)
+    implementation(libs.activity)
+    testImplementation(libs.junit)
+    androidTestImplementation(libs.ext.junit)
+    androidTestImplementation(libs.espresso.core)
+}
+
+tasks.register("updateModuleProp") {
+    doLast {
+        val versionName = project.android.defaultConfig.versionName
+        val versionCode = project.android.defaultConfig.versionCode
+
+        val modulePropFile = project.rootDir.resolve("module/module.prop")
+
+        var content = modulePropFile.readText()
+
+        content = content.replace(Regex("version=.*"), "version=$versionName")
+        content = content.replace(Regex("versionCode=.*"), "versionCode=$versionCode")
+
+        modulePropFile.writeText(content)
+    }
+}
+
+
+tasks.register("copyFiles") {
+    dependsOn("updateModuleProp")
+
+    doLast {
+        val moduleFolder = project.rootDir.resolve("module")
+        val dexFile = project.layout.buildDirectory.get().asFile.resolve("intermediates/dex/release/minifyReleaseWithR8/classes.dex")
+        val soDir = project.layout.buildDirectory.get().asFile.resolve("intermediates/stripped_native_libs/release/stripReleaseDebugSymbols/out/lib")
+
+        //dexFile.copyTo(moduleFolder.resolve("classes.dex"), overwrite = true)
+
+        soDir.walk().filter { it.isFile && it.extension == "so" }.forEach { soFile ->
+            val abiFolder = soFile.parentFile.name
+            val destination = moduleFolder.resolve("zygisk/$abiFolder.so")
+            soFile.copyTo(destination, overwrite = true)
+        }
+    }
+}
+
+tasks.register<Zip>("zip") {
+    dependsOn("copyFiles")
+
+    archiveFileName.set("zygiskreflutter_${project.android.defaultConfig.versionName}.zip")
+    destinationDirectory.set(project.rootDir.resolve("out"))
+
+    from(project.rootDir.resolve("module"))
+}
+
+afterEvaluate {
+    tasks["assembleRelease"].finalizedBy("updateModuleProp", "copyFiles", "zip")
+}

app/proguard-rules.pro

@@ -0,0 +1,21 @@
+# Add project specific ProGuard rules here.
+# You can control the set of applied configuration files using the
+# proguardFiles setting in build.gradle.
+#
+# For more details, see
+#   http://developer.android.com/guide/developing/tools/proguard.html
+
+# If your project uses WebView with JS, uncomment the following
+# and specify the fully qualified class name to the JavaScript interface
+# class:
+#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
+#   public *;
+#}
+
+# Uncomment this to preserve the line number information for
+# debugging stack traces.
+#-keepattributes SourceFile,LineNumberTable
+
+# If you keep the line number information, uncomment this to
+# hide the original source file name.
+#-renamesourcefileattribute SourceFile

app/src/androidTest/java/com/tinyhack/zygiskreflutter/ExampleInstrumentedTest.java

@@ -0,0 +1,26 @@
+package com.tinyhack.zygiskreflutter;
+
+import android.content.Context;
+
+import androidx.test.platform.app.InstrumentationRegistry;
+import androidx.test.ext.junit.runners.AndroidJUnit4;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import static org.junit.Assert.*;
+
+/**
+ * Instrumented test, which will execute on an Android device.
+ *
+ * @see <a href="http://d.android.com/tools/testing">Testing documentation</a>
+ */
+@RunWith(AndroidJUnit4.class)
+public class ExampleInstrumentedTest {
+    @Test
+    public void useAppContext() {
+        // Context of the app under test.
+        Context appContext = InstrumentationRegistry.getInstrumentation().getTargetContext();
+        assertEquals("com.tinyhack.zygiskreflutter", appContext.getPackageName());
+    }
+}

app/src/main/AndroidManifest.xml

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools">
+
+    <uses-permission android:name="android.permission.INTERNET" />
+    <uses-permission
+        android:name="android.permission.QUERY_ALL_PACKAGES"
+        tools:ignore="QueryAllPackagesPermission" />
+
+    <application
+        android:allowBackup="true"
+        android:dataExtractionRules="@xml/data_extraction_rules"
+        android:fullBackupContent="@xml/backup_rules"
+        android:icon="@mipmap/ic_launcher"
+        android:label="@string/app_name"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:supportsRtl="true"
+        android:theme="@style/Theme.Zygiskreflutter"
+        tools:targetApi="31">
+        <activity
+            android:name=".SetHostActivity"
+            android:exported="false" />
+        <activity
+            android:name=".AboutActivity"
+            android:exported="false" />
+        <activity
+            android:name=".AppDetailActivity"
+            android:exported="false" />
+        <activity
+            android:name=".MainActivity"
+            android:exported="true">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN" />
+
+                <category android:name="android.intent.category.LAUNCHER" />
+            </intent-filter>
+        </activity>
+    </application>
+
+</manifest>

app/src/main/cpp/CMakeLists.txt

@@ -0,0 +1,37 @@
+# For more information about using CMake with Android Studio, read the
+# documentation: https://d.android.com/studio/projects/add-native-code.html.
+# For more examples on how to use CMake, see https://github.com/android/ndk-samples.
+
+# Sets the minimum CMake version required for this project.
+cmake_minimum_required(VERSION 3.22.1)
+
+# Declares the project name. The project name can be accessed via ${ PROJECT_NAME},
+# Since this is the top level CMakeLists.txt, the project name is also accessible
+# with ${CMAKE_PROJECT_NAME} (both CMake variables are in-sync within the top level
+# build script scope).
+project("zygiskreflutter")
+
+# Creates and names a library, sets it as either STATIC
+# or SHARED, and provides the relative paths to its source code.
+# You can define multiple libraries, and CMake builds them for you.
+# Gradle automatically packages shared libraries with your APK.
+#
+# In this top level CMakeLists.txt, ${CMAKE_PROJECT_NAME} is used to define
+# the target library name; in the sub-module's CMakeLists.txt, ${PROJECT_NAME}
+# is preferred for the same purpose.
+#
+# In order to load a library into your app from Java/Kotlin, you must call
+# System.loadLibrary() and pass the name of the library defined here;
+# for GameActivity/NativeActivity derived applications, the same library name must be
+# used in the AndroidManifest.xml file.
+add_library(${CMAKE_PROJECT_NAME} SHARED
+        # List C/C++ source files with relative paths to this CMakeLists.txt.
+        native-lib.cpp)
+
+# Specifies libraries CMake should link to your target library. You
+# can link libraries from various origins, such as libraries defined in this
+# build script, prebuilt third-party libraries, or Android system libraries.
+target_link_libraries(${CMAKE_PROJECT_NAME}
+        # List libraries link to the target library
+        # do not link to android https://github.com/topjohnwu/Magisk/issues/6351
+        log)