Add detect frida logic

luoyesiqiu · Apr 8, 2024 · 214d508 · 214d508
1 parent bbd1480
commit 214d508
Show file tree

Hide file tree

Showing 5 changed files with 152 additions and 9 deletions.
diff --git a/shell/src/main/cpp/dpt.cpp b/shell/src/main/cpp/dpt.cpp
@@ -191,6 +191,7 @@ jstring readApplicationName(JNIEnv *env, jclass __unused) {
 void init_dpt() {
     DLOGI("init_dpt call!");
     dpt_hook();
+    detectFrida();
 }
 
 jclass getRealApplicationClass(JNIEnv *env, const char *applicationClassName) {

diff --git a/shell/src/main/cpp/dpt_risk.cpp b/shell/src/main/cpp/dpt_risk.cpp
@@ -16,4 +16,32 @@ void junkCodeDexProtect(JNIEnv *env) {
     if(klass == nullptr) {
         crash();
     }
-}
+}
+
+[[noreturn]] void *detectFridaOnThread(__unused void *args) {
+    while (true) {
+        int frida_so_count = find_in_maps(1,"frida-agent.so");
+        if(frida_so_count > 0) {
+            DLOGD("detectFridaOnThread found frida so");
+            crash();
+        }
+        int frida_thread_count = find_in_threads_list(4
+                ,"pool-frida"
+                ,"gmain"
+                ,"gdbus"
+                ,"gum-js-loop");
+
+        if(frida_thread_count >= 2) {
+            DLOGD("detectFridaOnThread found frida threads");
+            crash();
+        }
+        DLOGD("detectFridaOnThread pass");
+        sleep(10);
+    }
+}
+
+
+void detectFrida() {
+    pthread_t t;
+    pthread_create(&t, nullptr,detectFridaOnThread,nullptr);
+}
diff --git a/shell/src/main/cpp/dpt_risk.h b/shell/src/main/cpp/dpt_risk.h
@@ -7,10 +7,18 @@
 
 #include <dlfcn.h>
 #include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <ctype.h>
+#include <pthread.h>
 #include <jni.h>
 
+#include "dpt_util.h"
+#include "dpt_log.h"
 #include "dpt_jni.h"
 
+void detectFrida();
+
 void junkCodeDexProtect(JNIEnv *env);
 
 #endif //DPT_DPT_RISK_H
diff --git a/shell/src/main/cpp/dpt_util.cpp b/shell/src/main/cpp/dpt_util.cpp
@@ -261,7 +261,7 @@ void *read_zip_file_entry(void* zip_addr,off_t zip_size,const char* entry_name,i
     return nullptr;
 }
 
-const char* find_symbol_in_elf_file(const char *elf_file,int keyword_count,...){
+const char* find_symbol_in_elf_file(const char *elf_file,int keyword_count,...) {
     FILE *elf_fp = fopen(elf_file, "r");
     if(elf_fp) {
         fseek(elf_fp, 0L, SEEK_END);
@@ -365,6 +365,107 @@ void hexDump(__unused const char* name,const void* data, size_t size){
     free(buffer);
 }
 
+int find_in_maps(int count,...) {
+    const int MAX_READ_LINE = 10 * 1024;
+    char maps_path[128] = {0};
+    snprintf(maps_path, 128, "/proc/%d/maps", getpid());
+    FILE *fp = fopen(maps_path, "r");
+    int found = 0;
+    if (fp != nullptr) {
+        char line[512] = {0};
+        int read_line = 0;
+        va_list ap;
+        while (fgets(line, sizeof(line), fp) != nullptr) {
+            if (read_line++ >= MAX_READ_LINE) {
+                break;
+            }
+            char item_name[128] = {0};
+#ifdef __LP64__
+            int ret = sscanf(line, "%*llx-%*llx %*s %*llx %*s %*s %s", item_name);
+#else
+            int ret = sscanf(line, "%*x-%*x %*s %*x %*s %*s %s", item_name);
+#endif
+
+            if(ret != 1) {
+                continue;
+            }
+            va_start(ap,count);
+
+            for(int i = 0;i < count;i++) {
+                const char *arg = va_arg(ap,const char *);
+                if(strstr(item_name,arg) != 0) {
+                    DLOGD("found %s in %s",arg,item_name);
+                    found++;
+                }
+            }
+            va_end(ap);
+
+        }
+    }
+
+    return found;
+}
+
+int find_in_threads_list(int count,...) {
+    char task_path[128] = {0};
+    pid_t pid = getpid();
+    snprintf(task_path, 128, "/proc/%d/task",pid);
+    DIR *task_dir;
+    if((task_dir = opendir(task_path)) == NULL) {
+        return 0;
+    }
+
+    int match_count = 0;
+
+    struct dirent *de;
+    va_list ap;
+    while ((de = readdir(task_dir)) != NULL) {
+        if(isdigit(de->d_name[0])) {
+            int tid = atoi(de->d_name);
+            if(tid == pid) {
+                DLOGW("list thread self: %d",pid);
+                continue;
+            }
+            char stat_path[256] = {0};
+            snprintf(stat_path,256,"%s/%d/%s",task_path,tid,"stat");
+            FILE *fp = fopen(stat_path,"r");
+            char buf[256] = {0};
+            if(fp) {
+                fgets(buf,256,fp);
+
+                char *t_name = NULL;
+                for(size_t i = 0; i < strnlen(buf,256);i++) {
+                    if(buf[i] == '(') {
+                        t_name = &buf[i + 1];
+                    }
+
+                    if(buf[i] == ')') {
+                        buf[i] = '\0';
+                        break;
+                    }
+
+                }
+                va_start(ap,count);
+
+                for(int i = 0;i < count;i++) {
+                    const char *arg = va_arg(ap,const char *);
+                    if(strncmp(t_name,arg,256) == 0) {
+                        DLOGD("match thread name: %s",t_name);
+                        match_count++;
+                    }
+                }
+                va_end(ap);
+                fclose(fp);
+            }
+        }
+    }
+
+    if(task_dir) {
+        closedir(task_dir);
+    }
+    return match_count;
+}
+
 void appendLog(const char* log){
     FILE *fp = fopen("nlog.log","aw");
     if(NULL != fp){

diff --git a/shell/src/main/cpp/dpt_util.h b/shell/src/main/cpp/dpt_util.h
@@ -5,25 +5,29 @@
 #ifndef DPT_DPT_UTIL_H
 #define DPT_DPT_UTIL_H
 #include <string>
-#include <jni.h>
 #include <stdio.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <libgen.h>
 #include <string.h>
 #include <unistd.h>
-#include <android/asset_manager.h>
-#include <android/asset_manager_jni.h>
 #include <fcntl.h>
 #include <sys/mman.h>
+#include <stdlib.h>
+#include <sys/prctl.h>
+#include <dirent.h>
+#include <jni.h>
+#include <android/asset_manager.h>
+#include <android/asset_manager_jni.h>
+
 #include <minizip-ng/mz_zip.h>
 #include <minizip-ng/mz_strm_mem.h>
 #include <minizip-ng/mz.h>
-#include <stdlib.h>
-#include <sys/prctl.h>
+
+#include "dpt_jni.h"
 #include "common/dpt_log.h"
 #include "common/dpt_macro.h"
-#include "dpt_jni.h"
+
 #include "reflect/android_app_ActivityThread.h"
 #include "reflect/android_content_pm_ApplicationInfo.h"
 #include "reflect/java_lang_Class.h"
@@ -45,7 +49,8 @@ void appendLog(const char* log);
 void hexDump(const char* name,const void* data, size_t size);
 void load_zip(const char* zip_file_path,void **zip_addr,off_t *zip_size);
 void *read_zip_file_entry(void* zip_addr,off_t zip_size,const char* entry_name,int64_t *entry_size);
-int find_in_maps(const char* find_name,pointer_t *start,pointer_t *end,char *full_path);
+int find_in_maps(int count,...);
+int find_in_threads_list(int count,...);
 const char* find_symbol_in_elf_file(const char *elf_file,int keyword_count,...);
 void readPackageName(char *packageName,size_t max_len);
 void getClassName(JNIEnv *env,jobject obj,char *destClassName);