Closed YoonChangKIM closed 5 years ago
commjoen
commented
5 years ago Hi @YoonChangKIM ! Welcome to the MSTG! Sooo what is exactly your issue? If you seek guidance, have you tried connecting with us on Slack? because that makes understanding the issue you face a little more easier :).
YoonChangKIM
commented
5 years ago Hi, @commjoen . How to prevent attaching frida on my app? Using ptrace and sysctl doesn't work.
commjoen
commented
5 years ago Can you be a bit broader on which ios/android version you are trying to prevent this? Please note that the attacker can rename hte process name all hte time so eventually there is no closing detection scheme based on proces name, all you could do then is check if there are certain symbols available..
commjoen
commented
5 years ago Basically, as discussed on slack: you cannot prevent it, you can only detect it partially when you check the running processes... again : it depends on the method and os version...
commjoen
commented
5 years ago Does this answer your question? Or would it be a nice idea to dive into the details of Frida together in order to understand what is happening so you can make a more detailed write up on detection in return :)?
YoonChangKIM
commented
5 years ago I realized there are not absolutely skill for anti-debugging. Thank you for your kind answer.
Platform: iOS Description: I have test with 'Anti-Debugging Cehcks' part. But, I can't detect attaching frida on my app by using ptrace and sysctl... It can't be do? Please, teach me.