Enhanced anti debugger

luoyesiqiu · Jun 23, 2024 · 825fa13 · 825fa13
1 parent 679430c
commit 825fa13
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 7 deletions.
diff --git a/shell/src/main/cpp/dpt.cpp b/shell/src/main/cpp/dpt.cpp
@@ -221,10 +221,23 @@ jstring readApplicationName(JNIEnv *env, jclass __unused) {
     return env->NewStringUTF((applicationNameChs));
 }
 
+void createAntiRiskProcess() {
+    int child = fork();
+    if(child == 0) {
+        DLOGD("%s in child process", __FUNCTION__);
+        detectFrida();
+        doPtrace();
+    }
+    else {
+        DLOGD("%s in main process, child pid: %d", __FUNCTION__, getpid());
+        protectChildProcess(child);
+    }
+}
+
 void init_dpt() {
     DLOGI("init_dpt call!");
     dpt_hook();
-    detectFrida();
+    createAntiRiskProcess();
 }
 
 jclass getRealApplicationClass(JNIEnv *env, const char *applicationClassName) {

diff --git a/shell/src/main/cpp/dpt_risk.cpp b/shell/src/main/cpp/dpt_risk.cpp
@@ -4,11 +4,24 @@
 
 #include "dpt_risk.h"
 
-inline void crash() {
-    Dl_info info;
-    dladdr((const void *)junkCodeDexProtect, &info);
-    void (*func)() = (void (*)())info.dli_fbase;
-    func();
+void crash() {
+#ifdef __aarch64__
+    asm volatile(
+            "mov x30,#0\t\n"
+            );
+#elif __arm__
+    asm volatile(
+        "mov lr,#0\t\n"
+    );
+#elif __i386__
+    asm volatile(
+            "ret\t\n"
+            );
+#elif __x86_64__
+    asm volatile(
+            "pop %rbp\t\n"
+    );
+#endif
 }
 
 void junkCodeDexProtect(JNIEnv *env) {
@@ -45,3 +58,22 @@ void detectFrida() {
     pthread_t t;
     pthread_create(&t, nullptr,detectFridaOnThread,nullptr);
 }
+
+void doPtrace() {
+    __unused int ret = sys_ptrace(PTRACE_TRACEME,0,0,0);
+    DLOGD("doPtrace result: %d",ret);
+}
+
+void *protectProcessOnThread(__unused void *args) {
+    int pid = wait(NULL);
+    if(pid > 0) {
+        DLOGD("%s detect child process %d exit!", __FUNCTION__, pid);
+        crash();
+    }
+    return nullptr;
+}
+
+void protectChildProcess(int pid) {
+    pthread_t t;
+    pthread_create(&t, nullptr,protectProcessOnThread,&pid);
+}
diff --git a/shell/src/main/cpp/dpt_risk.h b/shell/src/main/cpp/dpt_risk.h
@@ -11,14 +11,20 @@
 #include <string.h>
 #include <ctype.h>
 #include <pthread.h>
+#include <sys/ptrace.h>
+#include <sys/wait.h>
+
 #include <jni.h>
 
 #include "dpt_util.h"
 #include "dpt_log.h"
 #include "dpt_jni.h"
+#include "linux_syscall_support.h"
 
+void crash();
 void detectFrida();
-
+void doPtrace();
+void protectChildProcess(int pid);
 void junkCodeDexProtect(JNIEnv *env);
 
 #endif //DPT_DPT_RISK_H