Android Code Snippet Tricks Anti Debug - Anti Proxy

In addition to the good guide created some time by the dear @Informatix ( Pro Bundle https://www.b4x.com/android/forum/threads/probundle-chargeable.58754/ ) i add something else that could be useful ( i hope )

1) CHECK IF YOUR APP IS INTERCEPTED BY A PROXY.
Using a proxy is easy without even disassembling the app knowing any call you make to the outside

B4X:
Sub Process_Globals
    'These global variables will be declared once when the application starts.
    Dim check_pro As String = $"DIRECT"$
    Dim msgcheck As String = "Proxy"
End Sub

'Per Check Proxy
    If Not(Check.Contains(check_pro)) Then
        Msgbox(msgcheck, "INFORMATION")
        Return
    Else
        'OK NO PROXY RUN APP
        ..............
    End If

Sub Check As String
    Dim ProxySelector As JavaObject
    ProxySelector = ProxySelector.InitializeStatic("java.net.ProxySelector").RunMethod("getDefault", Null)
    Dim uri As JavaObject
    uri = uri.InitializeStatic("java.net.URI").RunMethod("create", Array("https://www.google.com"))
    Dim list As List = ProxySelector.RunMethod("select", Array(uri))
    If list.IsInitialized And list.Size > 0 Then
        Dim proxy As String = list.Get(0)
        'Log(proxy) 'DIRECT, HTTP or SOCKS
        Return proxy
        'IF DIRECT@ IS ---> OK
        ' Example with a proxy --> HTTP@localhost:8008
    End If
End Sub


2. TRICKS ANTI DEBUG
if hooked to a process to debug

In the Android system, all application processes and SystemServer system service processes are managed by the Zygote process.

This is process without hooked ( Look TracePid = 0 )
upload_2019-6-5_15-38-34.png


This is process with hooked gdbserver ( Look TracePid <> 0 )

upload_2019-6-5_15-39-24.png

For more information see: http://www.zhaoxiaodan.com/java/android/android-native反调试.html

ptrace is very important in this case:
A process can be executed by debugging a single process

There is a function written in C that checks if a process is attacked by a debugger

upload_2019-6-5_15-44-16.png


This is Translate in B4a:

B4X:
Sub getPID As Int
    Dim jo As JavaObject
    jo.InitializeStatic("android.os.Process")
    Dim pidstr As Int = jo.RunMethod("myPid",Null)
    Log("MyPID: " & pidstr)
    Return pidstr
End Sub

Sub KillProcess(pid As Int)
    Dim jo As JavaObject
    jo.InitializeStatic("android.os.Process")
    jo.RunMethod("killProcess",Array(pid))
End Sub


Sub attached_check
'**** CODE B4X
    Try
        Dim filename As String
        Dim pid As Int = getPID
        filename = $"/proc/${pid}/status"$
     
        Dim TextReader1 As TextReader
        TextReader1.Initialize(File.OpenInput("", filename))
        Dim line As String
        line = TextReader1.ReadLine
        Do While Not(line.Contains("TracerPid"))
            Log(line) 'write the line to LogCat
            line = TextReader1.ReadLine
        Loop
        TextReader1.Close
        Dim splitta() As String = Regex.Split("\t",line)
        Log(splitta(1))

        If splitta(1) <> 0 Then
                'Debug is Attached  -- Kill PID
                KillProcess(pid)
        End If  
    Catch
        Log(LastException)
    End Try

'**** CODE C++
'    Try
'    {
'        const int bufsize = 1024;
'        char filename[bufsize];
'        char line[bufsize];
'        int pid = getPID();
'        sprintf(filename, "/proc/%d/status", pid);
'        File* fd = fopen(filename, "r");
'        If (fd != nullptr)
'        {
'        While (fgets(line, bufsize, fd))
'            {
'        If (strncmp(line, "TracerPid", 9) == 0)
'                {
'        int statue = atoi(&line[10]);
'        LOGD("%s", line);
'        If (statue != 0)
'                    {
'        LOGD("be attached !! kill %d", pid);
'        fclose(fd);
'        int ret = kill(pid, SIGKILL);
'                    }
'        break;
'                }
'            }
'        fclose(fd);
'        } Else
'        {
'        LOGD("open %s fail...", filename);
'        }
'    } Catch (...)
'    {
'
'    }
End Sub

Have a nice day
Marco
 
Top