search

muellerberndt / frida-detection

A couple of methods for detecting Frida on Android.
431 stars 118 forks source link

App crashed when I remove the while(1) in detect_frida_loop() #4

Open thaitam2406 opened 5 years ago

thaitam2406 commented 5 years ago

In method void detect_frida_loop(void ) , if I remove the loop while (1), after the method run through finish, i got app crashed with error :

A/libc: Fatal signal 4 (SIGILL), code 1, fault addr 0xb4371e72 in tid 26687 (point.antifrida) 11-02 14:58:50.136 4273-4273/? E/audit: type=1701 msg=audit(1541141930.126:213): auid=4294967295 uid=10338 gid=10338 ses=4294967295 subj=u:r:untrusted_app:s0 pid=26687 comm="point.antifrida" reason="memory violation" sig=4

11-02 14:58:49.631 2559-2559/? I/DEBUG: 11-02 14:58:49.631 2559-2559/? I/DEBUG: Build fingerprint: 'samsung/ja3gxx/ja3g:5.0.1/LRX22C/I9500XXUHOH6:user/release-keys' 11-02 14:58:49.631 2559-2559/? I/DEBUG: Revision: '10' 11-02 14:58:49.631 2559-2559/? I/DEBUG: ABI: 'arm' 11-02 14:58:49.631 2559-2559/? I/DEBUG: pid: 26670, tid: 26687, name: point.antifrida >>> sg.vantagepoint.antifrida <<< 11-02 14:58:49.636 2559-2559/? I/DEBUG: signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xb4371e72 11-02 14:58:49.656 2559-2559/? I/DEBUG: r0 00000000 r1 b38ffac8 r2 3109c54e r3 3109c54e 11-02 14:58:49.661 2559-2559/? I/DEBUG: r4 aeeb9080 r5 aeeb90c0 r6 aeeb9080 r7 b38ffd90 11-02 14:58:49.661 2559-2559/? I/DEBUG: r8 aeeb9088 r9 aeeb9088 sl b6f2dd5d fp b38ffdb0 11-02 14:58:49.661 2559-2559/? I/DEBUG: ip b38ffd90 sp b38ffae0 lr b6f3c00b pc b4371e72 cpsr 000f0030 11-02 14:58:49.661 2559-2559/? I/DEBUG: backtrace: 11-02 14:58:49.661 2559-2559/? I/DEBUG: #00 pc 00000e72 /data/app/sg.vantagepoint.antifrida-2/lib/arm/libnative-lib.so (detect_frida_loop(void)+529) 11-02 14:58:49.661 2559-2559/? I/DEBUG: #01 pc 00016d7b /system/lib/libc.so (__pthread_start(void)+30) 11-02 14:58:49.661 2559-2559/? I/DEBUG: #02 pc 00014e43 /system/lib/libc.so (__start_thread+6) 11-02 14:58:50.126 2559-2559/? I/DEBUG: Tombstone written to: /data/tombstones/tombstone_07

11-02 14:58:50.421 3112-3112/? D/CrashAnrDetector: Build: samsung/ja3gxx/ja3g:5.0.1/LRX22C/I9500XXUHOH6:user/release-keys Hardware: universal5410 Revision: 10 Bootloader: I9500XXUHOH6 Radio: unknown Kernel: Linux version 3.4.5-5676401 (dpi@SWHD4309) (gcc version 4.8 (GCC) ) #1 SMP PREEMPT Tue Aug 25 19:06:26 KST 2015

                                               *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
                                               Build fingerprint: 'samsung/ja3gxx/ja3g:5.0.1/LRX22C/I9500XXUHOH6:user/release-keys'
                                               Revision: '10'
                                               ABI: 'arm'
                                               pid: 26670, tid: 26687, name: point.antifrida  >>> sg.vantagepoint.antifrida <<<
                                               signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xb4371e72
                                                   r0 00000000  r1 b38ffac8  r2 3109c54e  r3 3109c54e
                                                   r4 aeeb9080  r5 aeeb90c0  r6 aeeb9080  r7 b38ffd90
                                                   r8 aeeb9088  r9 aeeb9088  sl b6f2dd5d  fp b38ffdb0
                                                   ip b38ffd90  sp b38ffae0  lr b6f3c00b  pc b4371e72  cpsr 000f0030
                                                   d0  6e756f6620676e6f  d1  6d656d206e692072
                                                   d2  737573202d205d79  d3  7274732074636521
                                                   d4  000000003920da6a  d5  0004000000000000
                                                   d6  0000000000000000  d7  3f8000003f800000
                                                   d8  3e8000003f400000  d9  0000000000000000
                                                   d10 0000000000000000  d11 0000000000000000
                                                   d12 0000000000000000  d13 0000000000000000
                                                   d14 0000000000000000  d15 0000000000000000
                                                   d16 0000001000000010  d17 0000000000000000
                                                   d18 0101010101010101  d19 0000000000000008
                                                   d20 0101010101010101  d21 0101010101010101
                                                   d22 8080808080808080  d23 8080808080808080
                                                   d24 21646c726f57206f  d25 0008018000000000
                                                   d26 0808080808080808  d27 0808080808080808
                                                   d28 0000000000000000  d29 000000ff00000000
                                                   d30 0000000000000000  d31 ffffffffffffffff
                                                   scr 60000011

                                               backtrace:
                                                   #00 pc 00000e72  /data/app/sg.vantagepoint.antifrida-2/lib/arm/libnative-lib.so (detect_frida_loop(void*)+529)
                                                   #01 pc 00016d7b  /system/lib/libc.so (__pthread_start(void*)+30)
                                                   #02 pc 00014e43  /system/lib/libc.so (__start_thread+6)

                                               stack:
                                                        b38ffa60  00000001  
                                                        b38ffa64  00000002  
                                                        b38ffa68  0000001c  
                                                        b38ffa6c  aeeb9080  
                                                        b38ffa70  b38ffad8  [stack:26687]
                                                        b38ffa74  b4371f1d  /data/app/sg.vantagepoint.antifrida-2/lib/arm/libnative-lib.so (read_one_line(int, char*, unsigned int)+100)
                                                        b38ffa78  b4373f41  /data/app/sg.vantagepoint.antifrida-2/lib/arm/libnative-lib.so
                                                        b38ffa7c  b38ffb70  [stack:26687]
                                                        b38ffa80  00000066  
                                                        b38ffa84  b38ffd90  [stack:26687]
                                                        b38ffa88  ffffffff  
                                                        b38ffa8c  00000062  
                                                        b38ffa90  b4373f41  /data/app/sg.vantagepoint.antifrida-2/lib/arm/libnative-lib.so
                                                        b38ffa94  0000002c  
                                                        b38ffa98  00000002  
                                                        b38ffa9c  0000001c  
                                                        b38ffaa0  b38ffb70  [stack:26687]
                                                        b38ffaa4  00000200  
                                                        b38ffaa8  b4373d84  /data/app/sg.vantagepoint.antifrida-2/lib/arm/libnative-lib.so
                                                        b38ffaac  0000001c  
                                                        b38ffab0  00000000  
                                                        b38ffab4  00000000  
                                                        b38ffab8  00000200  
                                                        b38ffabc  3109c54e  /dev/ashmem/dalvik-main space (deleted)
                                                        b38ffac0  00000003  
                                                        b38ffac4  00000000  
                                                        b38ffac8  aeeb90c0  
                                                        b38ffacc  aeeb9080  
                                                        b38ffad0  b38ffd90  [stack:26687]
                                                        b38ffad4  aeeb9080  
                                                        b38ffad8  aeeb90c0  
                                                        b38ffadc  b4371e71  /data/app/sg.vantagepoint.antifrida-2/lib/arm/libnative-lib.so (detect_frida_loop(void*)+528)
                                                   #00  b38ffae0  00000000  
                                                        b38ffae4  00000000  
                                                        b38ffae8  00000000  
                                                        b38ffaec  00000000  
                                                        b38ffaf0  00000000  
                                                        b38ffaf4  0000004d  
                                                        b38ffaf8  b4373e5f  /data/app/sg.vantagepoint.antifrida-2/lib/arm/libnative-lib.so
                                                        b38ffafc  b4373d84  /data/app/sg.vantagepoint.antifrida-2/lib/arm/libnative-lib.so
                                                        b38ffb00  00000000  
                                                        b38ffb04  00000000  
                                                        b38ffb08  00000000  
                                                        b38ffb0c  00000000  
                                                        b38ffb10  00000000  
                                                        b38ffb14  00000027  
                                                        b38ffb18  b4373e07  /data/app/sg.vantagepoint.antifrida-2/lib/arm/libnative-lib.so
                                                        b38ffb1c  b4373d84  /data/app/sg.vantagepoint.antifrida-2/lib/arm/libnative-lib.so
                                                        b38ffb20  0000

11-02 14:58:50.421 3112-3112/? D/CrashAnrDetector: processName:sg.vantagepoint.antifrida