[Android] Anti-debug and Anti-memory dump techniques

[darvincisec]

Can you check if some of the below techniques taken from here can be included ?

1. Check for JDWP string in /proc/self/task/comm as an indication of app is debuggable
2. Use of inotify to detect memory dump

[sushi2k]

Hi @darvincisec. Thanks for sharing!

Regarding JDWP this might be a nice extension to our existing content: https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#jdwp-anti-debugging

Regarding TracerPID, this is already available in the MSTG, but please feel free to review as I think this section wasn't touched for quite some time https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#checking-tracerpid

Regarding inotify this would make sense to add it to our existing table in https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#detection-methods, that lists detection mechanisms.

What do you think? Let us know if any questions, can also reach out to us via OWASP Slack.

[darvincisec]

Thanks @sushi2k . Reg. Anti-memory dump, I dont see a section like Anti-Debug, Anti-Hook. Do you think it will be good to have a section on memory dump and mention about anti memory dump.

[cpholguera]

Hi @darvincisec that would be great as part of the Test Case for MSTG-RESILIENCE-6. If you have some time please feel free to send us a PR. Thanks a lot and sorry for the late response!