Reverse engineering tool for flutter APKs
PPTool finds the loading addresses of a Dart object in libapp.so through its pool pointer offset and allows for object replacement..
| App Name | PPTool |
| Latest Version | 1.7 |
| Size | 100 KB |
| Category | Tools |
| Developer | Kirlif' |
| Mod Info | Nothing Required |
| Requires | Android 7.0 + Termux + Python3.12 & up |
Get it on
★★★ Changes ★★★
- Fix: load pair of registers (arm64)
- Made By Kirlif, Release By RBMods
★★★ How to Use ★★★
Install Termux & install Python in it. After that
Install:
dpkg -i path/to/pptool_1.7_ARCH.deb
Uninstall:
dpkg -r pptool
Usage:
pptool [-h] [-v] [-c] [-d] [-p PATCH] [-t TARGET] [-f] libapp offset [offset ...]
Two positionnal arguments:
libapp: path to libapp.so
offset: pool pointer offset to be searched (can be multiple)
sequence of prefixed "0x" hex strings
Options:
-c use default color
-d don't display disassembly but only addresses and offsets
-h, --help show help message and exit
-v, --version show program's version number and exit
Patch options:
-p PATCH, --patch PATCH
specify a pool pointer offset for replacement
prefixed "0x" hex string
the offset argument must have a single element
arm: 0x6 < offset < 0x100000 ; offset mod 4 = 3
arm64: 0xf < offset < 0x1000000 ; offset mod 8 = 0
-t TARGET, --target TARGET
specify an address to apply the change to
(all those that match by default)
must be used for each targeted address
-f overwrite the library othewise create libapp-mod.so
Each option can be placed either before or after the positional arguments.
Examples:
[Basic Search] pptool path/to/libapp.so 0x8880
[Multiple Search] pptool path/to/libapp.so 0x8880 0xad98 0xdac0
[Basic Replacement] pptool path/to/libapp.so 0x8880 -p 0xedf0
[Targeted Replacement] pptool -p 0xedf0 -t 0x12345 -t 0x23456 path/to/libapp.so 0x8880
About the results displayed:
---------- pp+0xedf0 ----------
FUNCTION OBJECT OFFSET
・1 0x3f4e04 0x3f4e94 0x90
add x17, x27, 0xe, lsl 12
ldr x17, [x17, 0xdf0]
Colomn FUNCTION: adresss of the function loading the dart object
Colomn OBjECT: loading adress of the dart object
Colomn OFFSET: difference between first and second
Displaying disassembly
Download File (Arm)-Main LinkAlternate LinkDownload File(aarch64)-Main LinkAlternate Link
== Required Termux & Python ==
Termux combines powerful terminal emulation with an extensive Linux package collection.
• Enjoy the bash and zsh shells.
• Manage files with nnn and edit them with nano, vim or emacs.
• Access servers over ssh.
• Develop in C with clang, make and gdb.
• Use the python console as a pocket calculator.
• Check out projects with git.
• Run text-based games with frotz.
At first start a small base system is installed - desired packages can then be installed using the apt package manager. Access the built-in help by long-pressing anywhere on the terminal and selecting the Help menu option to learn more.
Want to read the wiki?
https://wiki.termux.com
Want to report bugs?
https://bugs.termux.com
Want to interact with a community of users?
https://www.reddit.com/r/termux/
• Enjoy the bash and zsh shells.
• Manage files with nnn and edit them with nano, vim or emacs.
• Access servers over ssh.
• Develop in C with clang, make and gdb.
• Use the python console as a pocket calculator.
• Check out projects with git.
• Run text-based games with frotz.
At first start a small base system is installed - desired packages can then be installed using the apt package manager. Access the built-in help by long-pressing anywhere on the terminal and selecting the Help menu option to learn more.
Want to read the wiki?
https://wiki.termux.com
Want to report bugs?
https://bugs.termux.com
Want to interact with a community of users?
https://www.reddit.com/r/termux/
![[Exclusive] MDGram Messenger v21 (TG v10.12.0)(Premium)(Mod)(Ghost Mode)(AntiDelete)](https://play-lh.googleusercontent.com/uI9xKvwoGgzJaYSCY0fiasL3fiMsEvzwp18pkdcvhp2_3izIM0g8oPJLc54LLq-QVC8=w74-h74-p-k-no-nu)
