Blutter Crash Report – DartVM Segfault (SIGSEGV) #11
Description
App:qlango
Dart Version: 3.5.4
libapp.so SnapshotHash: 80a49c7111088100a233b2ae788e1f48
✅ What I was doing:
I used the following command:
blutter
Processing a Flutter application:
/storage/emulated/0/MT2/apks/qlango.apk
❌ What happened:
The tool ran and printed Dart version/snapshot information, then crashed with SIGSEGV while analyzing instructions in libapp.so.
Here is the full traceback and logs:
Dart version: 3.5.4, Snapshot: 80a49c7111088100a233b2ae788e1f48, Target: android arm64
flags: product no-code_comments no-dwarf_stack_traces_mode dedup_instructions no-tsan no-msan arm64 android compressed-pointers
Cannot find null-safety text. Setting null_safety to true.
libapp is loaded at 0x754ec2f000
Dart heap at 0x7400000000
Analyzing the application
Analysis error at line 1670 void FunctionAnalyzer::handleParameterRegisters(AsmIterator &): !isTmpReg
0x1156ca0: mov x0, x3
0x1156ca4: stur x1, [x29, #-8]
0x1156ca8: mov x16, x3
0x1156cac: mov x3, x1
- 0x1156cb0: mov x1, x16
0x1156cb4: stur x1, [x29, #-0x10]
Analysis error at line 644 std::unique_ptr<CallLeafRuntimeInstr> FunctionAnalyzer::processCallLeafRuntime(AsmIterator &): il
0xf9f128: ldur x2, [x1, #7]
0xf9f12c: mov x1, x26
0xf9f130: ldr x9, [x1, #0x608]
0xf9f134: mov x1, x2
- 0xf9f138: ldur x2, [x29, #-8]
0xf9f13c: mov x17, x29
Analysis error at line 487 std::unique_ptr<LeaveFrameInstr> FunctionAnalyzer::processLeaveFrameInstr(AsmIterator &): insn.id() == ARM64_INS_LDP && insn.op_count() == 4
0xf9f15c: mov x16, #8
0xf9f160: str x16, [x26, #0x750]
0xf9f164: mov sp, x19
0xf9f168: mov x15, x29
- 0xf9f16c: ldr x29, [x15], I need help, when I use it all my data is gone, I don't know where #8
0xf9f170: ldur x0, [x29, #-0x18]
Traceback (most recent call last):
File "/data/data/com.termux/files/home/blutter/blutter.py", line 430, in
main(args.indir, args.outdir, args.rebuild, args.vs_sln, args.no_analysis, args.ida_fcn)
File "/data/data/com.termux/files/home/blutter/blutter.py", line 339, in main
main2(
File "/data/data/com.termux/files/home/blutter/blutter.py", line 313, in main2
build_and_run(input)
File "/data/data/com.termux/files/home/blutter/blutter.py", line 277, in build_and_run
subprocess.run(
File "/data/data/com.termux/files/usr/lib/python3.12/subprocess.py", line 571, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['/data/data/com.termux/files/home/blutter/bin/blutter_dartvm3.5.4_android_arm64', '-i', '/storage/emulated/0/MT2/apks/arm64-v8a/libapp.so', '-o', '/storage/emulated/0/MT2/apks/out_dir']' died with <Signals.SIGSEGV: 11>.
🔎 Notes:
This seems to be caused by an unexpected instruction or register state during AArch64 disassembly.
It might be related to inline assembly patterns or obfuscated code sequences in this particular libapp.so