Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problems Use libnative_lib.so in jniLibs #4

Closed
xmutzlq opened this issue Jun 16, 2022 · 5 comments
Closed

Problems Use libnative_lib.so in jniLibs #4

xmutzlq opened this issue Jun 16, 2022 · 5 comments

Comments

@xmutzlq
Copy link

xmutzlq commented Jun 16, 2022

first copy libnative_lib.so to jniLibs
second run app
finally It's not detecting anything at all
@darvincisec
Copy link
Owner

darvincisec commented Jun 17, 2022
edited

Can you be specific on what detection is not working? As mentioned in other issue, GG is updated to bypass the detection mentioned in this project. But debuggers (gdb/lldb) and frida can be detected.

@xmutzlq
Copy link
Author

xmutzlq commented Jun 17, 2022
edited

sorry, I mean to say it like this:
use this project built result cmake/armeabi-v7a/libnative-lib.so and copy armeabi-v7a/libnative-lib.so to sourceSets.main.jniLibs, comment out externalNativeBuild, run project, test debuggers, this way can not anti-debug;
but when I use externalNativeBuild.cmake, comment out jniLibs.srcDirs, run project, test debuggers, debuggers (gdb/lldb) that can be anti.

so I do not understand why use libnative-lib.so the way can no anti-debug?

app structure like this:
app
-- src
--main
--cpp
--java
--jniLibs
--armeabi-v7a
--libnative-lib.so

build.gradle(app) like this:
`sourceSets {
main {
jniLibs.srcDirs = ['src/main/jniLibs/']
}
}

// externalNativeBuild {
// cmake {
// path "src/main/cpp/CMakeLists.txt"
// version "3.10.2"
// }
// }`

@darvincisec
Copy link
Owner

It should work nevertheless. Did you load the library when application starts?

@xmutzlq
Copy link
Author

xmutzlq commented Jun 19, 2022

yes, I did
this is my step:
first I have downloaded Anti-Debugger-Memdump.apk and decompression it, get libnative-lib.so from lib/armeabi-v7a;
second I have downloaded this project and created the jniLibs/armeabi-v7a directory then put libnative-lib.so into this directory;
finally, comment out externalNativeBuild in build.gradle(app) and run the project and test debuggers, but the result is can not anti-debug
In MainActivty
static { System.loadLibrary("native-lib"); }
In native-lib.c
//Upon loading the library, this function annotated as constructor starts executing
__attribute__((constructor)) void detectMemoryAccess() { ... }
so I think jniLibs way should work, but it can not anti-debug

@darvincisec
Copy link
Owner

Do you see the execution of native code? are you able to debug the binary ?

@xmutzlq xmutzlq closed this as completed Aug 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xmutzlq @darvincisec