Tauri Dumper is a Rust CLI and library for inspecting, extracting, and replace-patching embedded frontend assets in compiled Tauri applications.
It is designed for interoperability research, debugging, migration work, and authorized patching of applications you are allowed to inspect or modify.
Warning
Use this project only on software you own or have explicit permission to analyze. Tauri Dumper does not grant rights to modify or redistribute third party applications.
- Detects embedded Tauri frontend assets in PE, Mach-O, and ELF binaries.
- Decompresses Brotli-compressed assets and exports them to a directory.
- Lists assets as a readable directory tree.
- Writes a reproducible
tauri-dumper.manifest.jsonwith source metadata, asset offsets, compressed sizes, and hashes. - Replaces existing embedded assets in a patched binary copy.
- Exposes the same primitives as a Rust library.
Tauri Dumper is not a decompiler and it cannot reconstruct a full Tauri project from extracted files.
A Tauri application is more than its frontend bundle. The executable also contains Rust backend code, Tauri command handlers, IPC contracts, permissions/capabilities, native integrations, window configuration, build metadata, and platform packaging details. Extracted assets are useful for inspection and patching, but they are not equivalent to the original source repository.
Practical distinction:
- Patching an existing application by replacing known embedded assets is supported.
- Building a new complete application from dumped assets alone is not supported.
- Adding new embedded asset entries or deleting existing entries is not supported.
Install from crates.io:
cargo install tauri-dumperDownload prebuilt binaries from GitHub Releases:
https://github.com/Mas0nShi/tauri-dumper/releases
Build from source:
git clone https://github.com/Mas0nShi/tauri-dumper.git
cd tauri-dumper
cargo build --releaseInspect a binary:
tauri-dumper inspect ./App.exeVerify that Tauri assets can be found:
tauri-dumper verify ./App.exeList embedded assets:
tauri-dumper list ./App.exeExample list output:
Assets: 198
βββ _app
β βββ env.js (23 B compressed, 19 B decompressed)
β βββ immutable
β βββ assets
β β βββ app.css (40 KiB compressed, 224 KiB decompressed)
β βββ chunks
β βββ app.js (18 KiB compressed, 69 KiB decompressed)
βββ index.html (1.3 KiB compressed, 7.5 KiB decompressed)
Extract assets:
tauri-dumper extract ./App.exe -o ./assetsThe default shortcut is equivalent to extract:
tauri-dumper ./App.exe -o ./assetsPatch an existing asset in a binary copy:
tauri-dumper repack ./App.exe --assets ./assets -o ./App.patched.exeAlways test the result in an isolated environment before replacing an application in place.
| Command | Purpose |
|---|---|
tauri-dumper list <binary> |
Print embedded assets as a directory tree. |
tauri-dumper inspect <binary> |
Print binary metadata and aggregate asset statistics. |
tauri-dumper verify <binary> |
Fail fast if no valid embedded Tauri assets are found. |
tauri-dumper extract <binary> -o <dir> |
Decompress and export assets. |
tauri-dumper repack <binary> --assets <dir> -o <patched-binary> |
Replace existing assets in a patched binary copy. |
Common read options:
--json
--quiet
--verboseExtraction options:
--include <glob>
--exclude <glob>
--overwrite
--skip-existing
--dry-runRepack options:
--strict
--skip-oversized
--dry-run
--allow-source-mismatch
--ad-hoc-signUse --json when integrating with scripts or CI:
tauri-dumper list ./App.exe --json
tauri-dumper repack ./App.exe --assets ./assets -o ./App.patched.exe --jsonTauri embeds frontend assets into the application binary as static data, pointers, and runtime lookup structures. A safe cross-platform repack flow can reuse existing offsets, but it cannot safely invent new asset table entries or remove existing ones without rebuilding format-specific binary structures.
For that reason, repack is intentionally replace-only.
Supported:
- Replace an asset path that already exists in the scanned binary.
- Replace an asset with smaller or equal-size Brotli-compressed bytes.
- Replace an asset with empty or minimal valid content if the target app can tolerate that content.
- Write a patched binary copy without expanding sections.
Unsupported:
- Add a new asset path.
- Delete an existing asset entry.
- Expand binary sections.
- Rewrite application asset maps, lookup tables, relocations, or fixups.
- Rebuild a complete Tauri project from dumped frontend files.
Replacement content is Brotli-compressed before it is written back. Tauri Dumper tries multiple Brotli quality levels and selects the smallest compressed output it can produce.
A replacement is accepted only if:
new_compressed_size <= original_compressed_size
If the replacement is larger, repack fails by default:
tauri-dumper repack ./App.exe --assets ./assets -o ./App.patched.exeSkip oversized replacements instead:
tauri-dumper repack ./App.exe --assets ./assets -o ./App.patched.exe --skip-oversizedFiles in the asset directory that do not match an existing embedded asset path are reported as unsupported additions. They are ignored by default:
tauri-dumper repack ./App.exe --assets ./assets -o ./App.patched.exeMake unsupported additions an error:
tauri-dumper repack ./App.exe --assets ./assets -o ./App.patched.exe --strictMissing replacement files mean "leave the original asset unchanged".
extract writes tauri-dumper.manifest.json by default. During repack, if
that manifest is present, Tauri Dumper checks that the source binary hash still
matches the binary being patched.
Override this check only when you know the asset directory is compatible with the target binary:
tauri-dumper repack ./App.exe --assets ./assets -o ./App.patched.exe --allow-source-mismatchPatching a Mach-O binary changes its contents and normally invalidates the existing code signature. Sign the patched binary before launching:
codesign --force --deep --sign - ./App.patchedOn macOS, --ad-hoc-sign can run the ad-hoc signing command after a successful
repack:
tauri-dumper repack ./App --assets ./assets -o ./App.patched --ad-hoc-signPrebuilt Tauri Dumper binaries are published for:
| Host OS | Host architecture |
|---|---|
| macOS | x86_64, aarch64 |
| Windows | x86_64, aarch64 |
| Linux | x86_64, aarch64 |
Target application formats:
| Target application | Binary format | Status |
|---|---|---|
| Windows Tauri desktop app | PE, 64-bit | Supported and covered by real fixtures. |
| macOS Tauri desktop app | Mach-O, 64-bit | Supported and covered by real fixtures. |
| Linux Tauri desktop app | ELF, 64-bit | Supported and covered by real x86_64 fixtures. |
| Android Tauri app library | ELF shared object, aarch64 | Supported and covered by real fixtures. |
| 32-bit binaries | PE/Mach-O/ELF | Not supported. |
Parsing is implemented through object::File::parse with format-specific
pointer resolution for PE, Mach-O, and ELF.
extract writes a manifest next to exported assets:
assets/
βββ index.html
βββ _app/
βββ tauri-dumper.manifest.json
The manifest records:
- source binary path, SHA-256, size, format, and architecture;
- asset names;
- header offsets and data offsets;
- original compressed sizes;
- decompressed sizes;
- compressed asset SHA-256 hashes.
This file is intended for auditability and for repack safety checks.
use tauri_dumper::{AssetScanner, BinaryImage, ExportOptions, Repacker};
fn main() -> tauri_dumper::Result<()> {
let image = BinaryImage::open("App.exe")?;
let table = AssetScanner::scan(&image)?;
table.export(&ExportOptions::new("assets"))?;
let image = BinaryImage::open("App.exe")?;
let table = AssetScanner::scan(&image)?;
Repacker::new(image, table)
.replace_from_dir("assets")
.write("App.patched.exe")?;
Ok(())
}The library uses typed errors via tauri_dumper::Error and
tauri_dumper::Result.
Install the Rust stable toolchain, then run:
cargo fmt --all -- --check
cargo clippy --workspace --all-targets -- -D warnings
cargo test --workspace --all-targetsReal-world regression fixtures are configured in
tests/fixtures/fixtures.toml. Download them with:
./scripts/download-fixtures.shRun release-mode smoke tests:
cargo test --release -- --nocaptureValidate the crates.io package locally:
cargo package --allow-dirtyThe GitHub release workflow is tag based:
git tag -a vX.Y.Z -m "Release vX.Y.Z"
git push origin vX.Y.ZThe release workflow builds and uploads platform artifacts for macOS, Windows, and Linux on x86_64 and aarch64.
Publish the crate after the release tag has been validated:
cargo publish --dry-run
cargo publishTauri Dumper is intended for legitimate analysis and authorized modification. It does not bypass licensing, DRM, server-side authorization, or application security controls. When patching software, keep backups of the original binary and verify behavior in a controlled environment before distribution or use.