darvincisec / antidebugandmemorydump Goto Github PK

Greetings.

The inotify when is watching the /proc/self/maps crashes when is working alongside Frida detection which reads the file and when the verification is done (by checking the flags IN_ACCESS or IN_OPEN), the crash occurs.
When I remove the watcher for /proc/self/maps or not load the Frida detection on the current process (application process) it works fine.

when i compile it getting errors kindly update the code or help me so i can compile it

Build command failed.
Error while executing process C:\Users\DELL\AppData\Local\Android\Sdk\cmake\3.10.2.4988404\bin\ninja.exe with arguments {-C D:_PROJECTS\AntiDebugandMemoryDump\app.cxx\cmake\debug\armeabi-v7a native-lib}
ninja: Entering directory `D:_PROJECTS\AntiDebugandMemoryDump\app.cxx\cmake\debug\armeabi-v7a'
[0/1] Re-running CMake...
-- Configuring done
-- Generating done
-- Build files have been written to: D:/_PROJECTS/AntiDebugandMemoryDump/app/.cxx/cmake/debug/armeabi-v7a
[1/1] Linking C shared library D:_PROJECTS\AntiDebugandMemoryDump\app\build\intermediates\cmake\debug\obj\armeabi-v7a\http://libnative-lib.so
FAILED: D:/_PROJECTS/AntiDebugandMemoryDump/app/build/intermediates/cmake/debug/obj/armeabi-v7a/libnative-lib.so
cmd.exe /C "cd . && C:\Users\DELL\AppData\Local\Android\Sdk\ndk\25.1.8937393\toolchains\llvm\prebuilt\windows-x86_64\bin\clang.exe --target=armv7-none-linux-androideabi23 --sysroot=C:/Users/DELL/AppData/Local/Android/Sdk/ndk/25.1.8937393/toolchains/llvm/prebuilt/windows-x86_64/sysroot -fPIC -g -DANDROID -fdata-sections -ffunction-sections -funwind-tables -fstack-protector-strong -no-canonical-prefixes -D_FORTIFY_SOURCE=2 -march=armv7-a -mthumb -Wformat -Werror=format-security -fno-limit-debug-info -static-libstdc++ -Wl,--build-id=sha1 -Wl,--no-rosegment -Wl,--fatal-warnings -Wl,--gc-sections -Wl,--no-undefined -Qunused-arguments -shared -Wl,-soname,http://libnative-lib.so -o D:_PROJECTS\AntiDebugandMemoryDump\app\build\intermediates\cmake\debug\obj\armeabi-v7a\http://libnative-lib.so CMakeFiles/native-lib.dir/native-lib.c.o -llog -latomic -lm && cmd.exe /C "cd /D D:_PROJECTS\AntiDebugandMemoryDump\app.cxx\cmake\debug\armeabi-v7a && C:\Users\DELL\AppData\Local\Android\Sdk\ndk\25.1.8937393\toolchains\llvm\prebuilt\windows-x86_64\bin\arm-linux-androideabi-strip -R .comment -g -S -d --strip-unneeded D:/_PROJECTS/AntiDebugandMemoryDump/app/src/main/c/../../../build/intermediates/cmake/Debug/obj/armeabi-v7a/libnative-lib.so""
'C:\Users\DELL\AppData\Local\Android\Sdk\ndk\25.1.8937393\toolchains\llvm\prebuilt\windows-x86_64\bin\arm-linux-androideabi-strip' is not recognized as an internal or external command,
operable program or batch file.
ninja: build stopped: subcommand failed.

CMake Warning at C:/Users/DELL/AppData/Local/Android/Sdk/ndk/25.1.8937393/build/cmake/android-legacy.toolchain.cmake:415 (message):
An old version of CMake is being used that cannot automatically detect
compiler attributes. Compiler identification is being bypassed. Some
values may be wrong or missing. Update to CMake 3.19 or newer to use
CMake's built-in compiler identification.
Call Stack (most recent call first):
C:/Users/DELL/AppData/Local/Android/Sdk/ndk/25.1.8937393/build/cmake/android.toolchain.cmake:54 (include)
D:/_PROJECTS/AntiDebugandMemoryDump/app/.cxx/cmake/debug/armeabi-v7a/CMakeFiles/3.10.2/CMakeSystem.cmake:6 (include)
CMakeLists.txt

It seems emulators, Memu and LDplayer does not like being syscalled. It cause crashes
It's working fine on my arm64 android 11, however it doesn't detect dump at all. GG successfully finished whole memory dump without detection

2021-05-29 12:49:41.547 11764-11764/? E/memtrack: Couldn't load memtrack module (No such file or directory)
2021-05-29 12:49:41.547 11764-11764/? E/android.os.Debug: failed to load memtrack module: -2
2021-05-29 12:49:41.551 676-676/com.android.phone E/PhoneInterfaceManager: [PhoneIntfMgr] getCarrierPackageNamesForIntent: No UICC
2021-05-29 12:49:42.735 11775-11775/? E/memtrack: Couldn't load memtrack module (No such file or directory)
2021-05-29 12:49:42.735 11775-11775/? E/android.os.Debug: failed to load memtrack module: -2
2021-05-29 12:49:42.739 676-676/com.android.phone E/PhoneInterfaceManager: [PhoneIntfMgr] getCarrierPackageNamesForIntent: No UICC
2021-05-29 12:49:42.896 11786-11786/? E/memtrack: Couldn't load memtrack module (No such file or directory)
2021-05-29 12:49:42.896 11786-11786/? E/android.os.Debug: failed to load memtrack module: -2
2021-05-29 12:49:42.916 11790-11790/? E/memtrack: Couldn't load memtrack module (No such file or directory)
2021-05-29 12:49:42.916 11790-11790/? E/android.os.Debug: failed to load memtrack module: -2
2021-05-29 12:49:42.921 676-676/com.android.phone E/PhoneInterfaceManager: [PhoneIntfMgr] getCarrierPackageNamesForIntent: No UICC
2021-05-29 12:49:43.084 11810-11810/? E/memtrack: Couldn't load memtrack module (No such file or directory)
2021-05-29 12:49:43.084 11810-11810/? E/android.os.Debug: failed to load memtrack module: -2
2021-05-29 12:49:43.209 11819-11836/com.darvin.security.detectdebugger A/libc: Fatal signal 11 (SIGSEGV), code 1, fault addr 0x0 in tid 11836 (.detectdebugger)
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: Build fingerprint: 'google/google/G011A:7.1.2/20171130.376229:user/release-keys'
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: Revision: '0'
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: ABI: 'x86'
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: pid: 11819, tid: 11836, name: flush-8:0  >>> com.darvin.security.detectdebugger <<<
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG:     eax 0000014c  ebx 00000000  ecx 0000014c  edx b1db2898
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG:     esi 00000000  edi 9a013928
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG:     xcs 00000073  xds 0000007b  xes 0000007b  xfs 0000003b  xss 0000007b
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG:     eip 00000000  ebp 9a00b3e8  esp 9a00b3cc  flags 00010282
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: backtrace:
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG:     #00 pc 00000000  <unknown>
2021-05-29 12:49:43.274 92-92/? E/lowmemorykiller: Error opening /proc/11819/oom_score_adj; errno=2
2021-05-29 12:49:43.340 925-1381/com.microvirt.launcher2 E/EGL_adreno: tid 1381: eglSurfaceAttrib(1582): error 0x3009 (EGL_BAD_MATCH)
2021-05-29 12:49:43.475 520-2853/system_process E/EGL_adreno: tid 2853: eglSurfaceAttrib(1582): error 0x3009 (EGL_BAD_MATCH)

Error linker command failed
Undefined reference to syscall2/3/1

first copy libnative_lib.so to jniLibs
second run app
finally It's not detecting anything at all

Hi bro. I have 2 question on this:

1. I see you're create 2 threads to detect debug and memory dump. But I can not see the thread is stopped, is it gonna be stopped automatically ?. I concern there will be leaking resource if the thread still running when app is close but thread still running
2. I have tried to run the app and connect the android debugger but nothing happen. I've tried put crash function call under __android_log_print(ANDROID_LOG_WARN, APPNAME, "App is Debuggable");
crash(0x3d5f);
   I'm not sure it is correct usage. Can you provide advise ?

Thank you

It's not detecting anything at all, GG fully dumped successfully
My phone is Google Pixel running Android 11

2021-07-02 11:01:27.128 12182-12241/com.darvin.security.detectdebugger I/AdrenoGLES-0: QUALCOMM build                   : 191610ae03, Ic907de5ed0
    Build Date                       : 09/17/20
    OpenGL ES Shader Compiler Version: EV031.32.02.01
    Local Branch                     : 
    Remote Branch                    : refs/tags/AU_LINUX_ANDROID_LA.UM.9.12.10.00.00.582.274
    Remote Branch                    : NONE
    Reconstruct Branch               : NOTHING
2021-07-02 11:01:27.128 12182-12241/com.darvin.security.detectdebugger I/AdrenoGLES-0: Build Config                     : S P 10.0.5 AArch64
2021-07-02 11:01:27.128 12182-12241/com.darvin.security.detectdebugger I/AdrenoGLES-0: Driver Path                      : /vendor/lib64/egl/libGLESv2_adreno.so
2021-07-02 11:01:27.132 12182-12241/com.darvin.security.detectdebugger I/AdrenoGLES-0: PFP: 0x016dd091, ME: 0x00000000
2021-07-02 11:01:28.818 12182-12208/com.darvin.security.detectdebugger W/System: A resource failed to call close.