반응형
스마트폰 BTC 채굴앱
https://get.cryptobrowser.site/34473645
Earn coins while browsing the web
Earn bitcoins while watching videos, chatting, or playing online. It has never been so easy to increase your income! Tell your friends about CryptoTab Browser, invite them to join, and earn more together. Grow your network—get more profit!
get.cryptobrowser.site
앱 실행 시 디버깅 정보 접근 차단 처리
아래 클래스는 Objective-C, C 언어로 작성되었고
Swift 프로젝트에 사용되었습니다.
Release 빌드시에만 적용되도록 처리하였습니다.
//
// AntiDebug.h
//
// Created by netcanis on 2020/05/22.
// Copyright © 2020 netcanis. All rights reserved.
//
#import <Foundation/Foundation.h>
NS_ASSUME_NONNULL_BEGIN
@interface AntiDebug : NSObject
+ (BOOL)run;
@end
NS_ASSUME_NONNULL_END
//
// AntiDebug.m
//
// Created by netcanis on 2020/05/22.
// Copyright © 2020 netcanis. All rights reserved.
//
#import "AntiDebug.h"
#import <Foundation/Foundation.h>
#import <UIKit/UIKit.h>
////////////////////////////////////////////////////////////////////////
// 배포시 자동으로 안티디버깅 활성화 - 0:디버깅 연결, 1:디버깅 차단
#ifdef DEBUG
#define ANTI_DEBUG (0) // 개발시 - 디버깅
#else
#define ANTI_DEBUG (1) // 배포시 - 디버깅 차단
#endif//DEBUG
////////////////////////////////////////////////////////////////////////
//
// Anti Debug 처리
//
#if ANTI_DEBUG
// For debugger_ptrace.
// Ref: https://www.theiphonewiki.com/wiki/Bugging_Debuggers
#import <dlfcn.h>
#import <sys/types.h>
// For debugger_sysctl
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/sysctl.h>
#include <stdlib.h>
// For ioctl
#include <termios.h>
#include <sys/ioctl.h>
// For task_get_exception_ports
#include <mach/task.h>
#include <mach/mach_init.h>
// For kdebug_signpost
#import <sys/kdebug_signpost.h>
typedef int (*ptrace_ptr_t)(int _request, pid_t _pid, caddr_t _addr, int _data);
#if !defined(PT_DENY_ATTACH)
#define PT_DENY_ATTACH 31
#endif // !defined(PT_DENY_ATTACH)
/*!
@brief This is the basic ptrace functionality.
@link http://www.coredump.gr/articles/ios-anti-debugging-protections-part-1/
*/
void debugger_ptrace()
{
void* handle = dlopen(0, RTLD_GLOBAL | RTLD_NOW);
ptrace_ptr_t ptrace_ptr = dlsym(handle, "ptrace");
ptrace_ptr(PT_DENY_ATTACH, 0, 0, 0);
dlclose(handle);
}
/*!
@brief This function uses sysctl to check for attached debuggers.
@link https://developer.apple.com/library/mac/qa/qa1361/_index.html
@link http://www.coredump.gr/articles/ios-anti-debugging-protections-part-2/
*/
static bool debugger_sysctl(void)
// Returns true if the current process is being debugged (either
// running under the debugger or has a debugger attached post facto).
{
int mib[4];
struct kinfo_proc info;
size_t info_size = sizeof(info);
// Initialize the flags so that, if sysctl fails for some bizarre
// reason, we get a predictable result.
info.kp_proc.p_flag = 0;
// Initialize mib, which tells sysctl the info we want, in this case
// we're looking for information about a specific process ID.
mib[0] = CTL_KERN;
mib[1] = KERN_PROC;
mib[2] = KERN_PROC_PID;
mib[3] = getpid();
// Call sysctl.
if (sysctl(mib, 4, &info, &info_size, NULL, 0) == -1)
{
perror("perror sysctl");
exit(-1);
}
// We're being debugged if the P_TRACED flag is set.
return ((info.kp_proc.p_flag & P_TRACED) != 0);
}
static bool antiDebug(void)
{
// // Determine if iOS device is 32- or 64-bit
// if (sizeof(void*) == 4) {
// NSLog(@"32-bit App");
// } else if (sizeof(void*) == 8) {
// NSLog(@"64-bit App");
// }
// If enabled the program should exit with code 055 in GDB
// Program exited with code 055.
debugger_ptrace();
NSLog(@"Bypassed ptrace()");
// If enabled the program should exit with code 0377 in GDB
// Program exited with code 0377.
if (debugger_sysctl())
{
//return -1;
return NO;
} else {
NSLog(@"Bypassed sysctl()");
}
// Another way of calling ptrace.
// Ref: https://www.theiphonewiki.com/wiki/Kernel_Syscalls
#if __IPHONE_OS_VERSION_MIN_REQUIRED < __IPHONE_10_0
// 'syscall' is deprecated: first deprecated in iOS 10.0 - syscall(2) is unsupported;
// please switch to a supported interface.
// For SYS_kdebug_trace use kdebug_signpost().
syscall(26, 31, 0, 0);
NSLog(@"Bypassed syscall()");
#endif
// Ref: https://reverse.put.as/wp-content/uploads/2012/07/Secuinside-2012-Presentation.pdf
struct ios_execp_info
{
exception_mask_t masks[EXC_TYPES_COUNT];
mach_port_t ports[EXC_TYPES_COUNT];
exception_behavior_t behaviors[EXC_TYPES_COUNT];
thread_state_flavor_t flavors[EXC_TYPES_COUNT];
mach_msg_type_number_t count;
};
struct ios_execp_info *info = malloc(sizeof(struct ios_execp_info));
kern_return_t kr = task_get_exception_ports(mach_task_self(), EXC_MASK_ALL, info->masks, &info->count, info->ports, info->behaviors, info->flavors);
NSLog(@"Routine task_get_exception_ports : %d", kr);
for (int i = 0; i < info->count; i++)
{
if (info->ports[i] !=0 || info->flavors[i] == THREAD_STATE_NONE)
{
NSLog(@"Being debugged... task_get_exception_ports");
} else {
NSLog(@"task_get_exception_ports bypassed");
}
}
// Another way of figuring out if LLDB is attached.
if (isatty(1)) {
NSLog(@"Being Debugged isatty");
} else {
NSLog(@"isatty() bypassed");
}
// Yet another way of figuring out if LLDB is attached.
if (!ioctl(1, TIOCGWINSZ)) {
NSLog(@"Being Debugged ioctl");
} else {
NSLog(@"ioctl bypassed");
}
// Everything above relies on libraries. It is easy enough to hook these libraries and return the required
// result to bypass those checks. So here it is implemented in ARM assembly. Not very fun to bypass these.
#ifdef __arm__
asm volatile (
"mov r0, #31\n"
"mov r1, #0\n"
"mov r2, #0\n"
"mov r12, #26\n"
"svc #80\n"
);
NSLog(@"Bypassed syscall() ASM");
#endif
#ifdef __arm64__
asm volatile (
"mov x0, #26\n"
"mov x1, #31\n"
"mov x2, #0\n"
"mov x3, #0\n"
"mov x16, #0\n"
"svc #128\n"
);
NSLog(@"Bypassed syscall() ASM64");
#endif
return YES;
}
#endif//ANTI_DEBUG
@implementation AntiDebug
+ (BOOL)run {
#if ANTI_DEBUG
return antiDebug();
#endif
return YES;
}
@end
//
// XXX-Bridging-Header.h
//
// Created by netcanis on 2019/11/25.
// Copyright © 2019 netcanis. All rights reserved.
//
#ifndef XXX_Bridging_Header_h
#define XXX_Bridging_Header_h
#import "AntiDebug.h"
#endif /* XXX_Bridging_Header_h */
//
// AppDelegate.swift
//
// Created by netcanis on 2019/11/25.
// Copyright © 2019 netcanis. All rights reserved.
//
func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
// Override point for customization after application launch.
guard AntiDebug.run() else {
return false
}
... 생략 ...
return true
}
스마트폰 BTC 채굴앱
https://get.cryptobrowser.site/34473645
Earn coins while browsing the web
Earn bitcoins while watching videos, chatting, or playing online. It has never been so easy to increase your income! Tell your friends about CryptoTab Browser, invite them to join, and earn more together. Grow your network—get more profit!
get.cryptobrowser.site
2020/12/14 - [iOS/Tips] - bundle id 알아내기
2020/12/12 - [AI/Algorithm] - 2D 충돌처리
2020/12/11 - [iOS/Swift] - UIViewController 스위칭
2020/12/11 - [개발노트] - PlantUML 설치 (Mac OS X)
2020/12/10 - [iOS/Objective-C] - 웹뷰에서 javascript 함수 동기식 호출
2020/12/10 - [iOS/Tips] - Fat Static Library 빌드 (2/2)
2020/12/10 - [iOS/Tips] - Fat Static Library 빌드 (1/2)
2020/12/10 - [iOS/Tips] - Custom UserAgent 설정
2020/12/10 - [iOS/Tips] - CocoaPods 설치 및 제거
2020/12/10 - [iOS/Tips] - Clang diagnostic 경고 무시하기
2020/12/10 - [개발노트] - Bluetooth UUID
2020/12/08 - [개발노트] - 모바일 앱 메모리덤프 이슈 해결방법
2020/12/08 - [프로그래밍/Java Script] - Android, iOS 앱 설치여부 체크 및 스토어 이동
2020/08/21 - [Android/Tips] - aab파일 apk파일로 변환
2020/08/11 - [iOS/Swift] - WKWebView 화면 출력 완료 이벤트
반응형
'개발 > iOS' 카테고리의 다른 글
| 앱 호출 (URL scheme) (0) | 2021.01.05 |
|---|---|
| URL query 파싱 및 json string 변환 (0) | 2020.12.17 |
| bundle id 알아내기 (0) | 2020.12.14 |
| UIViewController 스위칭 (0) | 2020.12.11 |
| 웹뷰에서 javascript 함수 동기식 호출 (0) | 2020.12.10 |
SKY STORY