Tauri Dumper is a Rust CLI and library for inspecting, extracting, and replace-patching embedded frontend assets in compiled Tauri applications.
It is designed for interoperability research, debugging, migration work, and authorized patching of applications you are allowed to inspect or modify.
[!WARNING] Use this project only on software you own or have explicit permission to analyze. Tauri Dumper does not grant rights to modify or redistribute third party applications.
tauri-dumper.manifest.json with source metadata,
asset offsets, compressed sizes, and hashes.Tauri Dumper is not a decompiler and it cannot reconstruct a full Tauri project from extracted files.
A Tauri application is more than its frontend bundle. The executable also contains Rust backend code, Tauri command handlers, IPC contracts, permissions/capabilities, native integrations, window configuration, build metadata, and platform packaging details. Extracted assets are useful for inspection and patching, but they are not equivalent to the original source repository.
Practical distinction:
Install from crates.io:
cargo install tauri-dumper
Download prebuilt binaries from GitHub Releases:
https://github.com/Mas0nShi/tauri-dumper/releases
Build from source:
git clone https://github.com/Mas0nShi/tauri-dumper.git
cd tauri-dumper
cargo build --release
Inspect a binary:
tauri-dumper inspect ./App.exe
Verify that Tauri assets can be found:
tauri-dumper verify ./App.exe
List embedded assets:
tauri-dumper list ./App.exe
Example list output:
Assets: 198
├── _app
│ ├── env.js (23 B compressed, 19 B decompressed)
│ └── immutable
│ ├── assets
│ │ └── app.css (40 KiB compressed, 224 KiB decompressed)
│ └── chunks
│ └── app.js (18 KiB compressed, 69 KiB decompressed)
└── index.html (1.3 KiB compressed, 7.5 KiB decompressed)
Extract assets:
tauri-dumper extract ./App.exe -o ./assets
The default shortcut is equivalent to extract:
tauri-dumper ./App.exe -o ./assets
Patch an existing asset in a binary copy:
tauri-dumper repack ./App.exe --assets ./assets -o ./App.patched.exe
Always test the result in an isolated environment before replacing an application in place.
| Command | Purpose |
|---|---|
tauri-dumper list <binary> |
Print embedded assets as a directory tree. |
tauri-dumper inspect <binary> |
Print binary metadata and aggregate asset statistics. |
tauri-dumper verify <binary> |
Fail fast if no valid embedded Tauri assets are found. |
tauri-dumper extract <binary> -o <dir> |
Decompress and export assets. |
tauri-dumper repack <binary> --assets <dir> -o <patched-binary> |
Replace existing assets in a patched binary copy. |
Common read options:
--json
--quiet
--verbose
Extraction options:
--include <glob>
--exclude <glob>
--overwrite
--skip-existing
--dry-run
Repack options:
--strict
--skip-oversized
--dry-run
--allow-source-mismatch
--ad-hoc-sign
Use --json when integrating with scripts or CI:
tauri-dumper list ./App.exe --json
tauri-dumper repack ./App.exe --assets ./assets -o ./App.patched.exe --json
Tauri embeds frontend assets into the application binary as static data, pointers, and runtime lookup structures. A safe cross-platform repack flow can reuse existing offsets, but it cannot safely invent new asset table entries or remove existing ones without rebuilding format-specific binary structures.
For that reason, repack is intentionally replace-only.
Supported:
Unsupported:
Replacement content is Brotli-compressed before it is written back. Tauri Dumper tries multiple Brotli quality levels and selects the smallest compressed output it can produce.
A replacement is accepted only if:
new_compressed_size <= original_compressed_size
If the replacement is larger, repack fails by default:
tauri-dumper repack ./App.exe --assets ./assets -o ./App.patched.exe
Skip oversized replacements instead:
tauri-dumper repack ./App.exe --assets ./assets -o ./App.patched.exe --skip-oversized
Files in the asset directory that do not match an existing embedded asset path are reported as unsupported additions. They are ignored by default:
tauri-dumper repack ./App.exe --assets ./assets -o ./App.patched.exe
Make unsupported additions an error:
tauri-dumper repack ./App.exe --assets ./assets -o ./App.patched.exe --strict
Missing replacement files mean "leave the original asset unchanged".
extract writes tauri-dumper.manifest.json by default. During repack, if
that manifest is present, Tauri Dumper checks that the source binary hash still
matches the binary being patched.
Override this check only when you know the asset directory is compatible with the target binary:
tauri-dumper repack ./App.exe --assets ./assets -o ./App.patched.exe --allow-source-mismatch
Patching a Mach-O binary changes its contents and normally invalidates the existing code signature. Sign the patched binary before launching:
codesign --force --deep --sign - ./App.patched
On macOS, --ad-hoc-sign can run the ad-hoc signing command after a successful
repack:
tauri-dumper repack ./App --assets ./assets -o ./App.patched --ad-hoc-sign
Prebuilt Tauri Dumper binaries are published for:
| Host OS | Host architecture |
|---|---|
| macOS | x86_64, aarch64 |
| Windows | x86_64, aarch64 |
| Linux | x86_64, aarch64 |
Target application formats:
| Target application | Binary format | Status |
|---|---|---|
| Windows Tauri desktop app | PE, 64-bit | Supported and covered by real fixtures. |
| macOS Tauri desktop app | Mach-O, 64-bit | Supported and covered by real fixtures. |
| Linux Tauri desktop app | ELF, 64-bit | Supported and covered by real x86_64 fixtures. |
| Android Tauri app library | ELF shared object, aarch64 | Supported and covered by real fixtures. |
| 32-bit binaries | PE/Mach-O/ELF | Not supported. |
Parsing is implemented through object::File::parse with format-specific
pointer resolution for PE, Mach-O, and ELF.
extract writes a manifest next to exported assets:
assets/
├── index.html
├── _app/
└── tauri-dumper.manifest.json
The manifest records:
This file is intended for auditability and for repack safety checks.
use tauri_dumper::{AssetScanner, BinaryImage, ExportOptions, Repacker};
fn main() -> tauri_dumper::Result<()> {
let image = BinaryImage::open("App.exe")?;
let table = AssetScanner::scan(&image)?;
table.export(&ExportOptions::new("assets"))?;
let image = BinaryImage::open("App.exe")?;
let table = AssetScanner::scan(&image)?;
Repacker::new(image, table)
.replace_from_dir("assets")
.write("App.patched.exe")?;
Ok(())
}
The library uses typed errors via tauri_dumper::Error and
tauri_dumper::Result.
Install the Rust stable toolchain, then run:
cargo fmt --all -- --check
cargo clippy --workspace --all-targets -- -D warnings
cargo test --workspace --all-targets
Real-world regression fixtures are configured in
tests/fixtures/fixtures.toml. Download them with:
./scripts/download-fixtures.sh
Run release-mode smoke tests:
cargo test --release -- --nocapture
Validate the crates.io package locally:
cargo package --allow-dirty
The GitHub release workflow is tag based:
git tag -a vX.Y.Z -m "Release vX.Y.Z"
git push origin vX.Y.Z
The release workflow builds and uploads platform artifacts for macOS, Windows, and Linux on x86_64 and aarch64.
Publish the crate after the release tag has been validated:
cargo publish --dry-run
cargo publish
Tauri Dumper is intended for legitimate analysis and authorized modification. It does not bypass licensing, DRM, server-side authorization, or application security controls. When patching software, keep backups of the original binary and verify behavior in a controlled environment before distribution or use.
$ claude mcp add tauri-dumper \
-- python -m otcore.mcp_server <graph>