Add ptrace anti-debug method in release mode in Android

OWASP · DoranekoSystems · Jun 7, 2024 · Jun 7, 2024 · 212e6cc21d239f90c5ffb1f44296c21fa7529bef
commit 212e6cc21d239f90c5ffb1f44296c21fa7529bef
diff --git a/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md b/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md
@@ -466,12 +466,15 @@ Let's look at a simple improvement for the method above. After the initial `fork
 - In release mode: The call to ptrace fails and the child crashes immediately with a segmentation fault (exit code 11).
 - In debug mode: The call to ptrace works and the child should run indefinitely. Consequently, a call to `waitpid(child_pid)` should never return. If it does, something is fishy and we would kill the whole process group.
 
+To handle errors in release mode, by calling `prctl(PR_SET_DUMPABLE, 1, 0, 0, 0)` before forking, it is possible to implement anti-debugging regardless of the value of `android:debuggable`.
+
 The following is the complete code for implementing this improvement with a JNI function:
 
 ```c
 #include <jni.h>
 #include <unistd.h>
 #include <sys/ptrace.h>
+#include <sys/prctl.h>
 #include <sys/wait.h>
 #include <pthread.h>
 
@@ -491,6 +494,9 @@ void *monitor_pid() {
 
 void anti_debug() {
 
+ /* Set PR_SET_DUMPABLE to 1 to allow tracing. */
+ prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
+
  child_pid = fork();
 
  if (child_pid == 0)