-1

For security concern I want to stop any outside person to see or attach debugger to my app and can check logs of app. For this to prevent this I have came across JNI script which actually kill app if someone tries to attach debugger in release app.

static int child_pid;

void *monitor_pid(void *arg) {

    int status;

    //waitpid(child_pid, &status, 0);

    /* Child status should never change. */

    //_exit(0);

}

jboolean anti_debug() {

    child_pid=fork();

    if(child_pid==0)
    {
        int ppid = getppid();
        int status;

        if(ptrace(PTRACE_ATTACH,ppid,NULL,NULL) ==0)
        {
            waitpid(ppid, &status,0);

            ptrace(PTRACE_CONT,ppid,NULL,NULL);

            while(waitpid(ppid, &status,0)) {

                if(WIFSTOPPED(status)) {
                    ptrace(PTRACE_CONT,ppid,NULL,NULL);
                } else{
                    // Process has exited
                    //_exit(0);
                    //ptrace(PTRACE_DETACH,ppid,NULL,NULL);
                    return JNI_TRUE;
                }
            }
        }

    } else{
        pthread_t t;
        //ptrace(PTRACE_DETACH,getppid(),NULL,NULL);
        /* Start the monitoring thread */
        pthread_create(&t, NULL, monitor_pid, (void *)NULL);
    }

    return JNI_FALSE; 
}

extern "C" JNIEXPORT jboolean JNICALL Java_com_utilities_Global_checkPtrace(
        JNIEnv *env, jobject instance) {
    return anti_debug(); 
}

Now my problem is it is working for debug build for 1st time then when I open app for 2nd time it crash and below are the errors I am getting.

Any help will be appriciated

A/DEBUG:     #00 pc 0000965c  /data/app/com.dev-uvtomKbV4Z3rmhQFiqJ81Q==/lib/x86/libapp.so (monitor_pid(void*)+12)
2019-05-16 16:40:24.646 12904-12904/? A/DEBUG:     #01 pc 0008f065  /system/lib/libc.so (__pthread_start(void*)+53)
2019-05-16 16:40:24.646 12904-12904/? A/DEBUG:     #02 pc 0002485b  /system/lib/libc.so (__start_thread+75)
Wasim K. Memon
  • 5,979
  • 4
  • 40
  • 55
  • So which line of code corresponds to address `0000965c`? Look it up with addr2line or some other tool. Also, I didn't quite understand why you would use this approach to prevent people from checking your app's logs. Why don't you simply disable logging in the builds that you share with other people? – Michael May 17 '19 at 05:50
  • @Michael I have already disabled logging flag but still using reverse engineering that flag can be changed so I am trying to put 2nd level of security in my app. – Wasim K. Memon May 17 '19 at 06:22
  • I meant disabling logging at build time, so that your app doesn't contain any calls to logging functions. – Michael May 17 '19 at 06:44
  • Can you elaborate this more. Are you telling me to use lib like timber for logs ? – Wasim K. Memon May 17 '19 at 06:48
  • I mean something basic like using log macro which you `#define` as either nothing or as a call to some logging function, depending on the build variant. And for Java/Kotlin code you can probably remove logging calls with ProGuard using the `assumenosideeffects` rule. – Michael May 17 '19 at 07:01
  • @WasimK.Memon I ran into the same problem, did you fix it later? – Heaven Feb 22 '22 at 12:59

1 Answers1

0

You are crashing because monitor_pid is a function that returns void * and has no return statement, so the compiler defaults to placing a trap opcode there.

void *monitor_pid(void *arg) {

    int status;

    //waitpid(child_pid, &status, 0);

    /* Child status should never change. */

    //_exit(0);

}

I have to mention a couple of things:

  1. It's impossible to completely stop a passionate researcher from debugging your app, they can also reverse engineer your code to remove your anti-debugging efforts.

  2. You have commented out a lot of your code that was in the URL you posted. How did you expect it to work?

  3. I'ts not a JNI script, it's native code compiled with your app.

Mark Segal
  • 5,427
  • 4
  • 31
  • 69
  • Actually it was crashing app so for trial and error I have committed code. for 2nd and 3rd point I know about it. but as programmer you might have done same. so what you suggest as solution ? – Wasim K. Memon Jun 09 '19 at 03:39