darvincisec / antidebugandmemorydump Goto Github PK
View Code? Open in Web Editor NEWAnti-Debug and Anti-Memory Dump for Android
Anti-Debug and Anti-Memory Dump for Android
Greetings.
The inotify when is watching the /proc/self/maps crashes when is working alongside Frida detection which reads the file and when the verification is done (by checking the flags IN_ACCESS or IN_OPEN), the crash occurs.
When I remove the watcher for /proc/self/maps or not load the Frida detection on the current process (application process) it works fine.
when i compile it getting errors kindly update the code or help me so i can compile it
Build command failed.
Error while executing process C:\Users\DELL\AppData\Local\Android\Sdk\cmake\3.10.2.4988404\bin\ninja.exe with arguments {-C D:_PROJECTS\AntiDebugandMemoryDump\app.cxx\cmake\debug\armeabi-v7a native-lib}
ninja: Entering directory `D:_PROJECTS\AntiDebugandMemoryDump\app.cxx\cmake\debug\armeabi-v7a'
[0/1] Re-running CMake...
-- Configuring done
-- Generating done
-- Build files have been written to: D:/_PROJECTS/AntiDebugandMemoryDump/app/.cxx/cmake/debug/armeabi-v7a
[1/1] Linking C shared library D:_PROJECTS\AntiDebugandMemoryDump\app\build\intermediates\cmake\debug\obj\armeabi-v7a\http://libnative-lib.so
FAILED: D:/_PROJECTS/AntiDebugandMemoryDump/app/build/intermediates/cmake/debug/obj/armeabi-v7a/libnative-lib.so
cmd.exe /C "cd . && C:\Users\DELL\AppData\Local\Android\Sdk\ndk\25.1.8937393\toolchains\llvm\prebuilt\windows-x86_64\bin\clang.exe --target=armv7-none-linux-androideabi23 --sysroot=C:/Users/DELL/AppData/Local/Android/Sdk/ndk/25.1.8937393/toolchains/llvm/prebuilt/windows-x86_64/sysroot -fPIC -g -DANDROID -fdata-sections -ffunction-sections -funwind-tables -fstack-protector-strong -no-canonical-prefixes -D_FORTIFY_SOURCE=2 -march=armv7-a -mthumb -Wformat -Werror=format-security -fno-limit-debug-info -static-libstdc++ -Wl,--build-id=sha1 -Wl,--no-rosegment -Wl,--fatal-warnings -Wl,--gc-sections -Wl,--no-undefined -Qunused-arguments -shared -Wl,-soname,http://libnative-lib.so -o D:_PROJECTS\AntiDebugandMemoryDump\app\build\intermediates\cmake\debug\obj\armeabi-v7a\http://libnative-lib.so CMakeFiles/native-lib.dir/native-lib.c.o -llog -latomic -lm && cmd.exe /C "cd /D D:_PROJECTS\AntiDebugandMemoryDump\app.cxx\cmake\debug\armeabi-v7a && C:\Users\DELL\AppData\Local\Android\Sdk\ndk\25.1.8937393\toolchains\llvm\prebuilt\windows-x86_64\bin\arm-linux-androideabi-strip -R .comment -g -S -d --strip-unneeded D:/_PROJECTS/AntiDebugandMemoryDump/app/src/main/c/../../../build/intermediates/cmake/Debug/obj/armeabi-v7a/libnative-lib.so""
'C:\Users\DELL\AppData\Local\Android\Sdk\ndk\25.1.8937393\toolchains\llvm\prebuilt\windows-x86_64\bin\arm-linux-androideabi-strip' is not recognized as an internal or external command,
operable program or batch file.
ninja: build stopped: subcommand failed.
CMake Warning at C:/Users/DELL/AppData/Local/Android/Sdk/ndk/25.1.8937393/build/cmake/android-legacy.toolchain.cmake:415 (message):
An old version of CMake is being used that cannot automatically detect
compiler attributes. Compiler identification is being bypassed. Some
values may be wrong or missing. Update to CMake 3.19 or newer to use
CMake's built-in compiler identification.
Call Stack (most recent call first):
C:/Users/DELL/AppData/Local/Android/Sdk/ndk/25.1.8937393/build/cmake/android.toolchain.cmake:54 (include)
D:/_PROJECTS/AntiDebugandMemoryDump/app/.cxx/cmake/debug/armeabi-v7a/CMakeFiles/3.10.2/CMakeSystem.cmake:6 (include)
CMakeLists.txt
It seems emulators, Memu and LDplayer does not like being syscalled. It cause crashes
It's working fine on my arm64 android 11, however it doesn't detect dump at all. GG successfully finished whole memory dump without detection
2021-05-29 12:49:41.547 11764-11764/? E/memtrack: Couldn't load memtrack module (No such file or directory)
2021-05-29 12:49:41.547 11764-11764/? E/android.os.Debug: failed to load memtrack module: -2
2021-05-29 12:49:41.551 676-676/com.android.phone E/PhoneInterfaceManager: [PhoneIntfMgr] getCarrierPackageNamesForIntent: No UICC
2021-05-29 12:49:42.735 11775-11775/? E/memtrack: Couldn't load memtrack module (No such file or directory)
2021-05-29 12:49:42.735 11775-11775/? E/android.os.Debug: failed to load memtrack module: -2
2021-05-29 12:49:42.739 676-676/com.android.phone E/PhoneInterfaceManager: [PhoneIntfMgr] getCarrierPackageNamesForIntent: No UICC
2021-05-29 12:49:42.896 11786-11786/? E/memtrack: Couldn't load memtrack module (No such file or directory)
2021-05-29 12:49:42.896 11786-11786/? E/android.os.Debug: failed to load memtrack module: -2
2021-05-29 12:49:42.916 11790-11790/? E/memtrack: Couldn't load memtrack module (No such file or directory)
2021-05-29 12:49:42.916 11790-11790/? E/android.os.Debug: failed to load memtrack module: -2
2021-05-29 12:49:42.921 676-676/com.android.phone E/PhoneInterfaceManager: [PhoneIntfMgr] getCarrierPackageNamesForIntent: No UICC
2021-05-29 12:49:43.084 11810-11810/? E/memtrack: Couldn't load memtrack module (No such file or directory)
2021-05-29 12:49:43.084 11810-11810/? E/android.os.Debug: failed to load memtrack module: -2
2021-05-29 12:49:43.209 11819-11836/com.darvin.security.detectdebugger A/libc: Fatal signal 11 (SIGSEGV), code 1, fault addr 0x0 in tid 11836 (.detectdebugger)
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: Build fingerprint: 'google/google/G011A:7.1.2/20171130.376229:user/release-keys'
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: Revision: '0'
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: ABI: 'x86'
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: pid: 11819, tid: 11836, name: flush-8:0 >>> com.darvin.security.detectdebugger <<<
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: eax 0000014c ebx 00000000 ecx 0000014c edx b1db2898
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: esi 00000000 edi 9a013928
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: xcs 00000073 xds 0000007b xes 0000007b xfs 0000003b xss 0000007b
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: eip 00000000 ebp 9a00b3e8 esp 9a00b3cc flags 00010282
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: backtrace:
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: #00 pc 00000000 <unknown>
2021-05-29 12:49:43.274 92-92/? E/lowmemorykiller: Error opening /proc/11819/oom_score_adj; errno=2
2021-05-29 12:49:43.340 925-1381/com.microvirt.launcher2 E/EGL_adreno: tid 1381: eglSurfaceAttrib(1582): error 0x3009 (EGL_BAD_MATCH)
2021-05-29 12:49:43.475 520-2853/system_process E/EGL_adreno: tid 2853: eglSurfaceAttrib(1582): error 0x3009 (EGL_BAD_MATCH)
Hi bro. I have 2 question on this:
__android_log_print(ANDROID_LOG_WARN, APPNAME, "App is Debuggable");
crash(0x3d5f);
Thank you
first copy libnative_lib.so to jniLibs
second run app
finally It's not detecting anything at all
It's not detecting anything at all, GG fully dumped successfully
My phone is Google Pixel running Android 11
2021-07-02 11:01:27.128 12182-12241/com.darvin.security.detectdebugger I/AdrenoGLES-0: QUALCOMM build : 191610ae03, Ic907de5ed0
Build Date : 09/17/20
OpenGL ES Shader Compiler Version: EV031.32.02.01
Local Branch :
Remote Branch : refs/tags/AU_LINUX_ANDROID_LA.UM.9.12.10.00.00.582.274
Remote Branch : NONE
Reconstruct Branch : NOTHING
2021-07-02 11:01:27.128 12182-12241/com.darvin.security.detectdebugger I/AdrenoGLES-0: Build Config : S P 10.0.5 AArch64
2021-07-02 11:01:27.128 12182-12241/com.darvin.security.detectdebugger I/AdrenoGLES-0: Driver Path : /vendor/lib64/egl/libGLESv2_adreno.so
2021-07-02 11:01:27.132 12182-12241/com.darvin.security.detectdebugger I/AdrenoGLES-0: PFP: 0x016dd091, ME: 0x00000000
2021-07-02 11:01:28.818 12182-12208/com.darvin.security.detectdebugger W/System: A resource failed to call close.
Error linker command failed
Undefined reference to syscall2/3/1
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.