├── app ├── .gitignore ├── src │ ├── main │ │ ├── ic_launcher-playstore.png │ │ ├── res │ │ │ ├── values │ │ │ │ ├── ic_launcher_background.xml │ │ │ │ ├── arrays.xml │ │ │ │ ├── colors.xml │ │ │ │ ├── strings.xml │ │ │ │ └── themes.xml │ │ │ ├── mipmap-anydpi-v26 │ │ │ │ ├── ic_launcher.xml │ │ │ │ └── ic_launcher_round.xml │ │ │ ├── drawable │ │ │ │ └── ic_launcher_foreground.xml │ │ │ ├── values-night │ │ │ │ └── themes.xml │ │ │ └── layout │ │ │ │ └── activity_main.xml │ │ ├── cpp │ │ │ ├── CMakeLists.txt │ │ │ ├── syscall.S │ │ │ ├── my_bionic_asm.h │ │ │ └── antifrida.cpp │ │ ├── AndroidManifest.xml │ │ └── java │ │ │ └── com │ │ │ └── xxr0ss │ │ │ └── antifrida │ │ │ ├── utils │ │ │ ├── AntiFridaUtil.kt │ │ │ └── SuperUser.kt │ │ │ └── MainActivity.kt │ ├── test │ │ └── java │ │ │ └── com │ │ │ └── xxr0ss │ │ │ └── antifrida │ │ │ └── ExampleUnitTest.kt │ └── androidTest │ │ └── java │ │ └── com │ │ └── xxr0ss │ │ └── antifrida │ │ └── ExampleInstrumentedTest.kt ├── proguard-rules.pro └── build.gradle ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── README.md ├── .gitignore ├── settings.gradle ├── gradle.properties ├── gradlew.bat └── gradlew /app/.gitignore: -------------------------------------------------------------------------------- 1 | /build -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xxr0ss/AntiFrida/HEAD/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # AntiFrida 2 | 3 | ## 检查项 4 | 5 | * 默认端口 6 | * 进程列表 7 | * 进程内存模块列表 8 | * 进程内存模块存在Frida特征字符串 9 | * 进程处于被调试状态 -------------------------------------------------------------------------------- /app/src/main/ic_launcher-playstore.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/xxr0ss/AntiFrida/HEAD/app/src/main/ic_launcher-playstore.png -------------------------------------------------------------------------------- /app/src/main/res/values/ic_launcher_background.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | #FFFFFF 4 | -------------------------------------------------------------------------------- /app/src/main/res/values/arrays.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Java(Kotlin) 5 | syscall 6 | customized syscall 7 | 8 | -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | #Wed Mar 08 22:57:35 CST 2023 2 | distributionBase=GRADLE_USER_HOME 3 | distributionUrl=https\://services.gradle.org/distributions/gradle-7.5-bin.zip 4 | distributionPath=wrapper/dists 5 | zipStorePath=wrapper/dists 6 | zipStoreBase=GRADLE_USER_HOME 7 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.iml 2 | .gradle 3 | .idea 4 | /local.properties 5 | /.idea/caches 6 | /.idea/libraries 7 | /.idea/modules.xml 8 | /.idea/workspace.xml 9 | /.idea/navEditor.xml 10 | /.idea/assetWizardSettings.xml 11 | .DS_Store 12 | /build 13 | /captures 14 | .externalNativeBuild 15 | .cxx 16 | local.properties 17 | -------------------------------------------------------------------------------- /app/src/main/cpp/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.18.1) 2 | 3 | project("antifrida") 4 | 5 | set(can_use_assembler TRUE) 6 | enable_language(ASM) 7 | 8 | add_library(antifrida SHARED syscall.S antifrida.cpp) 9 | 10 | find_library(log-lib log) 11 | 12 | target_link_libraries(antifrida ${log-lib}) 13 | -------------------------------------------------------------------------------- /app/src/main/res/mipmap-anydpi-v26/ic_launcher.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /app/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /settings.gradle: -------------------------------------------------------------------------------- 1 | pluginManagement { 2 | repositories { 3 | gradlePluginPortal() 4 | google() 5 | mavenCentral() 6 | } 7 | } 8 | dependencyResolutionManagement { 9 | repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS) 10 | repositories { 11 | google() 12 | mavenCentral() 13 | } 14 | } 15 | rootProject.name = "Anti Frida" 16 | include ':app' 17 | -------------------------------------------------------------------------------- /app/src/main/res/values/colors.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | #FFBB86FC 4 | #FF6200EE 5 | #FF3700B3 6 | #FF03DAC5 7 | #FF018786 8 | #FF000000 9 | #FFFFFFFF 10 | -------------------------------------------------------------------------------- /app/src/test/java/com/xxr0ss/antifrida/ExampleUnitTest.kt: -------------------------------------------------------------------------------- 1 | package com.xxr0ss.antifrida 2 | 3 | import org.junit.Test 4 | 5 | import org.junit.Assert.* 6 | 7 | /** 8 | * Example local unit test, which will execute on the development machine (host). 9 | * 10 | * See [testing documentation](http://d.android.com/tools/testing). 11 | */ 12 | class ExampleUnitTest { 13 | @Test 14 | fun addition_isCorrect() { 15 | assertEquals(4, 2 + 2) 16 | } 17 | } -------------------------------------------------------------------------------- /app/src/main/res/drawable/ic_launcher_foreground.xml: -------------------------------------------------------------------------------- 1 | 6 | 10 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /app/src/androidTest/java/com/xxr0ss/antifrida/ExampleInstrumentedTest.kt: -------------------------------------------------------------------------------- 1 | package com.xxr0ss.antifrida 2 | 3 | import androidx.test.platform.app.InstrumentationRegistry 4 | import androidx.test.ext.junit.runners.AndroidJUnit4 5 | 6 | import org.junit.Test 7 | import org.junit.runner.RunWith 8 | 9 | import org.junit.Assert.* 10 | 11 | /** 12 | * Instrumented test, which will execute on an Android device. 13 | * 14 | * See [testing documentation](http://d.android.com/tools/testing). 15 | */ 16 | @RunWith(AndroidJUnit4::class) 17 | class ExampleInstrumentedTest { 18 | @Test 19 | fun useAppContext() { 20 | // Context of the app under test. 21 | val appContext = InstrumentationRegistry.getInstrumentation().targetContext 22 | assertEquals("com.xxr0ss.antifrida", appContext.packageName) 23 | } 24 | } -------------------------------------------------------------------------------- /app/proguard-rules.pro: -------------------------------------------------------------------------------- 1 | # Add project specific ProGuard rules here. 2 | # You can control the set of applied configuration files using the 3 | # proguardFiles setting in build.gradle. 4 | # 5 | # For more details, see 6 | # http://developer.android.com/guide/developing/tools/proguard.html 7 | 8 | # If your project uses WebView with JS, uncomment the following 9 | # and specify the fully qualified class name to the JavaScript interface 10 | # class: 11 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview { 12 | # public *; 13 | #} 14 | 15 | # Uncomment this to preserve the line number information for 16 | # debugging stack traces. 17 | #-keepattributes SourceFile,LineNumberTable 18 | 19 | # If you keep the line number information, uncomment this to 20 | # hide the original source file name. 21 | #-renamesourcefileattribute SourceFile -------------------------------------------------------------------------------- /app/src/main/res/values/strings.xml: -------------------------------------------------------------------------------- 1 | 2 | Anti Frida 3 | Enum modules 4 | Check port 5 | Check processes 6 | Test root 7 | No need for root 8 | via 9 | Root needed 10 | Root status 11 | Status: 12 | Scan modules 13 | Use customized syscalls 14 | enabled 15 | disabled 16 | Check being debugged 17 | -------------------------------------------------------------------------------- /app/src/main/res/values/themes.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 16 | -------------------------------------------------------------------------------- /app/src/main/res/values-night/themes.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 16 | -------------------------------------------------------------------------------- /app/src/main/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 14 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /gradle.properties: -------------------------------------------------------------------------------- 1 | # Project-wide Gradle settings. 2 | # IDE (e.g. Android Studio) users: 3 | # Gradle settings configured through the IDE *will override* 4 | # any settings specified in this file. 5 | # For more details on how to configure your build environment visit 6 | # http://www.gradle.org/docs/current/userguide/build_environment.html 7 | # Specifies the JVM arguments used for the daemon process. 8 | # The setting is particularly useful for tweaking memory settings. 9 | org.gradle.jvmargs=-Xmx2048m -Dfile.encoding=UTF-8 10 | # When configured, Gradle will run in incubating parallel mode. 11 | # This option should only be used with decoupled projects. More details, visit 12 | # http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects 13 | # org.gradle.parallel=true 14 | # AndroidX package structure to make it clearer which packages are bundled with the 15 | # Android operating system, and which are packaged with your app"s APK 16 | # https://developer.android.com/topic/libraries/support-library/androidx-rn 17 | android.useAndroidX=true 18 | # Kotlin code style for this project: "official" or "obsolete": 19 | kotlin.code.style=official 20 | # Enables namespacing of each library's R class so that its R class includes only the 21 | # resources declared in the library itself and none from the library's dependencies, 22 | # thereby reducing the size of the R class for that library 23 | android.nonTransitiveRClass=true -------------------------------------------------------------------------------- /app/build.gradle: -------------------------------------------------------------------------------- 1 | plugins { 2 | id 'com.android.application' 3 | id 'org.jetbrains.kotlin.android' 4 | } 5 | 6 | android { 7 | compileSdk 33 8 | 9 | defaultConfig { 10 | applicationId "com.xxr0ss.antifrida" 11 | minSdk 29 12 | targetSdk 33 13 | versionCode 1 14 | versionName "1.0" 15 | 16 | testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner" 17 | externalNativeBuild { 18 | cmake { 19 | cppFlags '' 20 | } 21 | 22 | ndk { 23 | abiFilters 'arm64-v8a', 'armeabi-v7a', 'x86_64' 24 | } 25 | } 26 | } 27 | 28 | buildTypes { 29 | release { 30 | minifyEnabled false 31 | proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro' 32 | } 33 | } 34 | buildFeatures { 35 | viewBinding true 36 | } 37 | compileOptions { 38 | sourceCompatibility JavaVersion.VERSION_1_8 39 | targetCompatibility JavaVersion.VERSION_1_8 40 | } 41 | kotlinOptions { 42 | jvmTarget = '1.8' 43 | } 44 | externalNativeBuild { 45 | cmake { 46 | path file('src/main/cpp/CMakeLists.txt') 47 | } 48 | } 49 | namespace 'com.xxr0ss.antifrida' 50 | } 51 | 52 | dependencies { 53 | 54 | implementation 'androidx.core:core-ktx:1.10.0' 55 | implementation 'androidx.appcompat:appcompat:1.6.1' 56 | implementation 'com.google.android.material:material:1.8.0' 57 | implementation 'androidx.constraintlayout:constraintlayout:2.1.4' 58 | testImplementation 'junit:junit:4.13.2' 59 | androidTestImplementation 'androidx.test.ext:junit:1.1.5' 60 | androidTestImplementation 'androidx.test.espresso:espresso-core:3.5.1' 61 | } -------------------------------------------------------------------------------- /app/src/main/java/com/xxr0ss/antifrida/utils/AntiFridaUtil.kt: -------------------------------------------------------------------------------- 1 | package com.xxr0ss.antifrida.utils 2 | 3 | import java.io.File 4 | import java.lang.Exception 5 | import android.util.Log 6 | 7 | 8 | object AntiFridaUtil { 9 | private var TAG: String = "AntiFridaUtil" 10 | 11 | var maps_file_content: String? = null 12 | 13 | fun checkFridaByProcMaps(targets: List, via: ReadVia): Boolean { 14 | maps_file_content = when (via) { 15 | ReadVia.JVM -> readProcMaps() 16 | ReadVia.ORIG_SYSCALL -> nativeReadProcMaps() 17 | ReadVia.CUSTOMIZED_SYSCALL -> nativeReadProcMaps(true) 18 | } 19 | 20 | if (maps_file_content == null) { 21 | Log.d(TAG, "maps got null") 22 | return false 23 | } 24 | 25 | Log.d(TAG, maps_file_content!!) 26 | for (target in targets) { 27 | if (target in maps_file_content!!) 28 | return true 29 | } 30 | return false 31 | } 32 | 33 | 34 | private fun readProcMaps(): String? { 35 | try { 36 | val mapsFile = File("/proc/self/maps") 37 | return mapsFile.readText() 38 | } catch (e: Exception) { 39 | Log.e(TAG, e.stackTraceToString()) 40 | } 41 | return null 42 | } 43 | 44 | private external fun nativeReadProcMaps(useCustomizedSyscall: Boolean = false): String? 45 | 46 | external fun checkFridaByPort(port: Int): Boolean 47 | 48 | external fun scanModulesForSignature( 49 | signature: String, 50 | useCustomizedSyscalls: Boolean = false 51 | ): Boolean 52 | 53 | external fun checkBeingDebugged(useCustomizedSyscall: Boolean=false): Boolean 54 | 55 | init { 56 | System.loadLibrary("antifrida") 57 | } 58 | } 59 | 60 | enum class ReadVia(val value: Int) { 61 | JVM(0), 62 | ORIG_SYSCALL(1), 63 | CUSTOMIZED_SYSCALL(2); 64 | 65 | companion object { 66 | fun fromInt(value: Int) = values().first { it.value == value } 67 | } 68 | } -------------------------------------------------------------------------------- /app/src/main/java/com/xxr0ss/antifrida/utils/SuperUser.kt: -------------------------------------------------------------------------------- 1 | package com.xxr0ss.antifrida.utils 2 | 3 | import android.util.Log 4 | import java.io.* 5 | 6 | object SuperUser { 7 | private val TAG: String = "SuperUser" 8 | var rooted = false 9 | 10 | fun tryRoot(pkgCodePath: String) { 11 | // try exec su and refresh `rooted` 12 | var process: Process? = null 13 | var dos: DataOutputStream? = null 14 | try { 15 | process = Runtime.getRuntime().exec("su") 16 | dos = DataOutputStream(process.outputStream) 17 | dos.writeBytes("chmod 777 ${pkgCodePath}\n") 18 | dos.writeBytes("exit\n") 19 | dos.flush() 20 | rooted = process.waitFor() == 0 21 | } catch (e: Exception) { 22 | rooted = false 23 | } finally { 24 | dos?.close() 25 | process?.destroy() 26 | } 27 | } 28 | 29 | fun execRootCmd(cmd: String): String { 30 | if (!rooted) return "" 31 | var out = "" 32 | try { 33 | val process = Runtime.getRuntime().exec("su") 34 | val stdin = DataOutputStream(process.outputStream) 35 | val stdout = process.inputStream 36 | val stderr = process.errorStream 37 | 38 | Log.i(TAG, "execRootCmd: $cmd") 39 | stdin.writeBytes(cmd + "\n") 40 | stdin.flush() 41 | stdin.writeBytes("exit\n") 42 | stdin.flush() 43 | stdin.close() 44 | 45 | var br = BufferedReader(InputStreamReader(stdout)) 46 | var line: String? 47 | 48 | while ((br.readLine().also { line = it }) != null) { 49 | out += line 50 | } 51 | br.close() 52 | br = BufferedReader(InputStreamReader(stderr)) 53 | while ((br.readLine().also { line = it }) != null) { 54 | out += line 55 | } 56 | br.close() 57 | }catch (e: Exception) { 58 | Log.e(TAG, e.stackTraceToString()) 59 | } 60 | return out 61 | } 62 | } -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- 1 | @rem 2 | @rem Copyright 2015 the original author or authors. 3 | @rem 4 | @rem Licensed under the Apache License, Version 2.0 (the "License"); 5 | @rem you may not use this file except in compliance with the License. 6 | @rem You may obtain a copy of the License at 7 | @rem 8 | @rem https://www.apache.org/licenses/LICENSE-2.0 9 | @rem 10 | @rem Unless required by applicable law or agreed to in writing, software 11 | @rem distributed under the License is distributed on an "AS IS" BASIS, 12 | @rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | @rem See the License for the specific language governing permissions and 14 | @rem limitations under the License. 15 | @rem 16 | 17 | @if "%DEBUG%" == "" @echo off 18 | @rem ########################################################################## 19 | @rem 20 | @rem Gradle startup script for Windows 21 | @rem 22 | @rem ########################################################################## 23 | 24 | @rem Set local scope for the variables with windows NT shell 25 | if "%OS%"=="Windows_NT" setlocal 26 | 27 | set DIRNAME=%~dp0 28 | if "%DIRNAME%" == "" set DIRNAME=. 29 | set APP_BASE_NAME=%~n0 30 | set APP_HOME=%DIRNAME% 31 | 32 | @rem Resolve any "." and ".." in APP_HOME to make it shorter. 33 | for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi 34 | 35 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 36 | set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" 37 | 38 | @rem Find java.exe 39 | if defined JAVA_HOME goto findJavaFromJavaHome 40 | 41 | set JAVA_EXE=java.exe 42 | %JAVA_EXE% -version >NUL 2>&1 43 | if "%ERRORLEVEL%" == "0" goto execute 44 | 45 | echo. 46 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 47 | echo. 48 | echo Please set the JAVA_HOME variable in your environment to match the 49 | echo location of your Java installation. 50 | 51 | goto fail 52 | 53 | :findJavaFromJavaHome 54 | set JAVA_HOME=%JAVA_HOME:"=% 55 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 56 | 57 | if exist "%JAVA_EXE%" goto execute 58 | 59 | echo. 60 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 61 | echo. 62 | echo Please set the JAVA_HOME variable in your environment to match the 63 | echo location of your Java installation. 64 | 65 | goto fail 66 | 67 | :execute 68 | @rem Setup the command line 69 | 70 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 71 | 72 | 73 | @rem Execute Gradle 74 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* 75 | 76 | :end 77 | @rem End local scope for the variables with windows NT shell 78 | if "%ERRORLEVEL%"=="0" goto mainEnd 79 | 80 | :fail 81 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 82 | rem the _cmd.exe /c_ return code! 83 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 84 | exit /b 1 85 | 86 | :mainEnd 87 | if "%OS%"=="Windows_NT" endlocal 88 | 89 | :omega 90 | -------------------------------------------------------------------------------- /app/src/main/cpp/syscall.S: -------------------------------------------------------------------------------- 1 | #include "my_bionic_asm.h" 2 | 3 | #if defined(__aarch64__) 4 | 5 | ENTRY(my_read) 6 | mov x8, __NR_read 7 | svc #0 8 | cmn x0, #(MAX_ERRNO + 1) 9 | cneg x0, x0, hi 10 | b.hi __set_errno_internal 11 | ret 12 | END(my_read) 13 | 14 | ENTRY(my_openat) 15 | mov x8, __NR_openat 16 | svc #0 17 | cmn x0, #(MAX_ERRNO + 1) 18 | cneg x0, x0, hi 19 | b.hi __set_errno_internal 20 | ret 21 | END(my_openat) 22 | 23 | ENTRY(my_ptrace) 24 | mov x8, __NR_ptrace 25 | svc #0 26 | cmn x0, #(MAX_ERRNO + 1) 27 | cneg x0, x0, hi 28 | b.hi __set_errno_internal 29 | ret 30 | END(my_ptrace) 31 | # endif 32 | 33 | #if defined(__arm__) 34 | ENTRY(my_read) 35 | mov ip, sp 36 | stmfd sp!, {r4, r5, r6, r7} 37 | .cfi_def_cfa_offset 16 38 | .cfi_rel_offset r4, 0 39 | .cfi_rel_offset r5, 4 40 | .cfi_rel_offset r6, 8 41 | .cfi_rel_offset r7, 12 42 | ldmfd ip, {r4, r5, r6} 43 | ldr r7, =__NR_read 44 | swi #0 45 | ldmfd sp!, {r4, r5, r6, r7} 46 | .cfi_def_cfa_offset 0 47 | cmn r0, #(MAX_ERRNO + 1) 48 | bxls lr 49 | neg r0, r0 50 | b __set_errno_internal 51 | END(my_read) 52 | 53 | ENTRY(my_openat) 54 | mov ip, sp 55 | stmfd sp!, {r4, r5, r6, r7} 56 | .cfi_def_cfa_offset 16 57 | .cfi_rel_offset r4, 0 58 | .cfi_rel_offset r5, 4 59 | .cfi_rel_offset r6, 8 60 | .cfi_rel_offset r7, 12 61 | ldmfd ip, {r4, r5, r6} 62 | ldr r7, =__NR_openat 63 | swi #0 64 | ldmfd sp!, {r4, r5, r6, r7} 65 | .cfi_def_cfa_offset 0 66 | cmn r0, #(MAX_ERRNO + 1) 67 | bxls lr 68 | neg r0, r0 69 | b __set_errno_internal 70 | END(my_openat) 71 | 72 | ENTRY(my_ptrace) 73 | mov ip, r7 74 | mov ip, sp 75 | stmfd sp!, {r4, r5, r6, r7} 76 | .cfi_def_cfa_offset 16 77 | .cfi_rel_offset r4, 0 78 | .cfi_rel_offset r5, 4 79 | .cfi_rel_offset r6, 8 80 | .cfi_rel_offset r7, 12 81 | ldmfd ip, {r4, r5, r6} 82 | ldr r7, =__NR_ptrace 83 | swi #0 84 | ldmfd sp!, {r4, r5, r6, r7} 85 | .cfi_def_cfa_offset 0 86 | cmn r0, #(MAX_ERRNO + 1) 87 | bxls lr 88 | neg r0, r0 89 | b __set_errno_internal 90 | END(my_ptrace) 91 | #endif 92 | 93 | #if defined(__x86_64__) 94 | ENTRY(my_read) 95 | movl $__NR_read, %eax 96 | syscall 97 | cmpq $-MAX_ERRNO, %rax 98 | jb my_read_return 99 | negl %eax 100 | movl %eax, %edi 101 | call __set_errno_internal 102 | my_read_return: 103 | ret 104 | END(my_read) 105 | 106 | ENTRY(my_openat) 107 | movl $__NR_openat, %eax 108 | syscall 109 | cmpq $-MAX_ERRNO, %rax 110 | jb my_openat_return 111 | negl %eax 112 | movl %eax, %edi 113 | call __set_errno_internal 114 | my_openat_return: 115 | ret 116 | END(my_openat) 117 | 118 | ENTRY(my_ptrace) 119 | movl $__NR_ptrace, %eax 120 | syscall 121 | cmpq $-MAX_ERRNO, %rax 122 | jb my_ptrace_return 123 | negl %eax 124 | movl %eax, %edi 125 | call __set_errno_internal 126 | my_ptrace_return: 127 | ret 128 | END(my_ptrace) 129 | 130 | #endif -------------------------------------------------------------------------------- /app/src/main/cpp/my_bionic_asm.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2013 The Android Open Source Project 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * * Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * * Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in 12 | * the documentation and/or other materials provided with the 13 | * distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 | * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 | * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 | * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 | * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 | * SUCH DAMAGE. 27 | */ 28 | 29 | #pragma once 30 | 31 | // /* https://github.com/android/ndk/issues/1422 */ 32 | // #include 33 | 34 | #include /* For system call numbers. */ 35 | 36 | #define MAX_ERRNO 4095 /* For recognizing system call error returns. */ 37 | 38 | #define __bionic_asm_custom_entry(f) 39 | #define __bionic_asm_custom_end(f) 40 | #define __bionic_asm_function_type @function 41 | #define __bionic_asm_custom_note_gnu_section() 42 | 43 | /* Instead of including ""s, which are private in 44 | * AOSP and not available in Android NDK, we copy what we need in them and paste 45 | * them into the following architecture-specific defines. This makes our 46 | * "bionic_asm.h" a standalone header file. 47 | */ 48 | #if defined(__aarch64__) 49 | 50 | // #include 51 | // == NOTE: code here is copied from "bionic_asm_arm64.h" == 52 | #define __bionic_asm_align 16 53 | #undef __bionic_asm_function_type 54 | #define __bionic_asm_function_type %function 55 | // ========================================================= 56 | 57 | #elif defined(__arm__) 58 | 59 | // #include 60 | #define __bionic_asm_align 0 61 | #undef __bionic_asm_custom_entry 62 | #undef __bionic_asm_custom_end 63 | #define __bionic_asm_custom_entry(f) .fnstart 64 | #define __bionic_asm_custom_end(f) .fnend 65 | #undef __bionic_asm_function_type 66 | #define __bionic_asm_function_type #function 67 | 68 | #elif defined(__x86_64__) 69 | 70 | // #include 71 | #define __bionic_asm_align 16 72 | 73 | #endif 74 | 75 | 76 | #define ENTRY_NO_DWARF(f) \ 77 | .text; \ 78 | .globl f; \ 79 | .balign __bionic_asm_align; \ 80 | .type f, __bionic_asm_function_type; \ 81 | f: \ 82 | __bionic_asm_custom_entry(f); \ 83 | 84 | #define ENTRY(f) \ 85 | ENTRY_NO_DWARF(f) \ 86 | .cfi_startproc \ 87 | 88 | #define END_NO_DWARF(f) \ 89 | .size f, .-f; \ 90 | __bionic_asm_custom_end(f) \ 91 | 92 | #define END(f) \ 93 | .cfi_endproc; \ 94 | END_NO_DWARF(f) \ 95 | 96 | /* Like ENTRY, but with hidden visibility. */ 97 | #define ENTRY_PRIVATE(f) \ 98 | ENTRY(f); \ 99 | .hidden f \ 100 | 101 | /* Like ENTRY_NO_DWARF, but with hidden visibility. */ 102 | #define ENTRY_PRIVATE_NO_DWARF(f) \ 103 | ENTRY_NO_DWARF(f); \ 104 | .hidden f \ 105 | 106 | #define __BIONIC_WEAK_ASM_FOR_NATIVE_BRIDGE(f) \ 107 | .weak f; \ 108 | 109 | #define ALIAS_SYMBOL(alias, original) \ 110 | .globl alias; \ 111 | .equ alias, original 112 | 113 | #define NOTE_GNU_PROPERTY() \ 114 | __bionic_asm_custom_note_gnu_section() 115 | -------------------------------------------------------------------------------- /app/src/main/java/com/xxr0ss/antifrida/MainActivity.kt: -------------------------------------------------------------------------------- 1 | package com.xxr0ss.antifrida 2 | 3 | import android.os.Bundle 4 | import android.util.Log 5 | import android.view.View 6 | import android.widget.AdapterView 7 | import android.widget.Toast 8 | import androidx.appcompat.app.AppCompatActivity 9 | import com.xxr0ss.antifrida.databinding.ActivityMainBinding 10 | import com.xxr0ss.antifrida.utils.AntiFridaUtil 11 | import com.xxr0ss.antifrida.utils.ReadVia 12 | import com.xxr0ss.antifrida.utils.SuperUser 13 | 14 | 15 | class MainActivity : AppCompatActivity() { 16 | private lateinit var binding: ActivityMainBinding 17 | 18 | private val TAG = "MainActivity" 19 | 20 | private var posReadVia: Int = 0 21 | 22 | // put possible frida module names here 23 | private val frida_module_blocklist = listOf("frida-agent", "frida-gadget") 24 | 25 | override fun onCreate(savedInstanceState: Bundle?) { 26 | super.onCreate(savedInstanceState) 27 | binding = ActivityMainBinding.inflate(layoutInflater) 28 | setContentView(binding.root) 29 | 30 | SuperUser.tryRoot(packageCodePath) 31 | binding.rootStatus.text = "rooted: ${SuperUser.rooted.toString()}" 32 | 33 | binding.spinnerVia.onItemSelectedListener = object : AdapterView.OnItemSelectedListener { 34 | override fun onItemSelected(parent: AdapterView<*>?, view: View?, pos: Int, id: Long) { 35 | posReadVia = pos 36 | Log.d(TAG, "onItemSelected: $pos $id") 37 | } 38 | 39 | override fun onNothingSelected(parent: AdapterView<*>?) { 40 | Log.d(TAG, "onNothingSelected: null") 41 | } 42 | } 43 | 44 | binding.btnCheckMaps.setOnClickListener { 45 | Toast.makeText( 46 | this, 47 | (if (AntiFridaUtil.checkFridaByProcMaps( 48 | frida_module_blocklist, 49 | ReadVia.fromInt(posReadVia) 50 | ) 51 | ) 52 | "frida module detected" else "No frida module detected") 53 | + " via ${ReadVia.fromInt(posReadVia).name}", 54 | Toast.LENGTH_SHORT 55 | ).show() 56 | binding.textStatus.editableText.clear() 57 | binding.textStatus.editableText.append( 58 | when (AntiFridaUtil.maps_file_content) { 59 | null -> "no maps file data" 60 | else -> "maps file:\n ${AntiFridaUtil.maps_file_content}" 61 | } 62 | ) 63 | } 64 | 65 | binding.btnCheckPort.setOnClickListener { 66 | Toast.makeText( 67 | this, if (AntiFridaUtil.checkFridaByPort(27042)) 68 | "frida default port 27042 detected" else "no frida default port detected", 69 | Toast.LENGTH_SHORT 70 | ).show() 71 | } 72 | 73 | binding.btnCheckProcesses.setOnClickListener { 74 | if (!SuperUser.rooted) { 75 | SuperUser.tryRoot(packageCodePath) 76 | if (!SuperUser.rooted) 77 | return@setOnClickListener 78 | } 79 | val result = SuperUser.execRootCmd("ps -ef") 80 | Log.i(TAG, "Root cmd result (size ${result.length}): $result ") 81 | binding.textStatus.text.clear() 82 | binding.textStatus.text.append(result) 83 | 84 | Toast.makeText( 85 | this, if (result.contains("frida-server")) 86 | "frida-server process detected" else "no frida-server process found", 87 | Toast.LENGTH_SHORT 88 | ).show() 89 | } 90 | 91 | binding.btnScanModules.setOnClickListener { 92 | val useMySyscalls = binding.switchUseMySyscalls.isChecked 93 | // not all signatures here exist in the latest frida modules 94 | // if you find any signature that works, just put it here 95 | val blockList = listOf("frida:rpc", "LIBFRIDA") 96 | var detected = false; 97 | blockList.forEach { 98 | detected = AntiFridaUtil.scanModulesForSignature(it, useMySyscalls) 99 | } 100 | 101 | Toast.makeText( 102 | this, if (detected) 103 | "frida signature found" else "no frida signature found", Toast.LENGTH_SHORT 104 | ).show() 105 | } 106 | 107 | binding.btnCheckBeingDebugged.setOnClickListener { 108 | val useMySyscalls = binding.switchUseMySyscalls.isChecked 109 | Toast.makeText( 110 | this, if (AntiFridaUtil.checkBeingDebugged(useMySyscalls)) 111 | "Being debugged" else "Not being debugged", Toast.LENGTH_SHORT 112 | ).show() 113 | } 114 | 115 | binding.btnCheckPmap.setOnClickListener { 116 | if (!SuperUser.rooted) { 117 | SuperUser.tryRoot(packageCodePath) 118 | if (!SuperUser.rooted) 119 | return@setOnClickListener 120 | } 121 | 122 | val result = SuperUser.execRootCmd("pmap ${android.os.Process.myPid()}") 123 | Log.i(TAG, "Root cmd result (size ${result.length}): $result ") 124 | binding.textStatus.text.clear() 125 | binding.textStatus.text.append(result) 126 | var moduleExists = false 127 | for (module in frida_module_blocklist) { 128 | if (result.contains(module)) { 129 | moduleExists = true 130 | } 131 | } 132 | 133 | Toast.makeText( 134 | this, if (moduleExists) 135 | "frida module detected" else "no frida module found", 136 | Toast.LENGTH_SHORT 137 | ).show() 138 | } 139 | } 140 | } -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # 4 | # Copyright 2015 the original author or authors. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | ############################################################################## 20 | ## 21 | ## Gradle start up script for UN*X 22 | ## 23 | ############################################################################## 24 | 25 | # Attempt to set APP_HOME 26 | # Resolve links: $0 may be a link 27 | PRG="$0" 28 | # Need this for relative symlinks. 29 | while [ -h "$PRG" ] ; do 30 | ls=`ls -ld "$PRG"` 31 | link=`expr "$ls" : '.*-> $.*$$'` 32 | if expr "$link" : '/.*' > /dev/null; then 33 | PRG="$link" 34 | else 35 | PRG=`dirname "$PRG"`"/$link" 36 | fi 37 | done 38 | SAVED="`pwd`" 39 | cd "`dirname \"$PRG\"`/" >/dev/null 40 | APP_HOME="`pwd -P`" 41 | cd "$SAVED" >/dev/null 42 | 43 | APP_NAME="Gradle" 44 | APP_BASE_NAME=`basename "$0"` 45 | 46 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 47 | DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' 48 | 49 | # Use the maximum available, or set MAX_FD != -1 to use that value. 50 | MAX_FD="maximum" 51 | 52 | warn () { 53 | echo "$*" 54 | } 55 | 56 | die () { 57 | echo 58 | echo "$*" 59 | echo 60 | exit 1 61 | } 62 | 63 | # OS specific support (must be 'true' or 'false'). 64 | cygwin=false 65 | msys=false 66 | darwin=false 67 | nonstop=false 68 | case "`uname`" in 69 | CYGWIN* ) 70 | cygwin=true 71 | ;; 72 | Darwin* ) 73 | darwin=true 74 | ;; 75 | MINGW* ) 76 | msys=true 77 | ;; 78 | NONSTOP* ) 79 | nonstop=true 80 | ;; 81 | esac 82 | 83 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 84 | 85 | 86 | # Determine the Java command to use to start the JVM. 87 | if [ -n "$JAVA_HOME" ] ; then 88 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 89 | # IBM's JDK on AIX uses strange locations for the executables 90 | JAVACMD="$JAVA_HOME/jre/sh/java" 91 | else 92 | JAVACMD="$JAVA_HOME/bin/java" 93 | fi 94 | if [ ! -x "$JAVACMD" ] ; then 95 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 96 | 97 | Please set the JAVA_HOME variable in your environment to match the 98 | location of your Java installation." 99 | fi 100 | else 101 | JAVACMD="java" 102 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 103 | 104 | Please set the JAVA_HOME variable in your environment to match the 105 | location of your Java installation." 106 | fi 107 | 108 | # Increase the maximum file descriptors if we can. 109 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 110 | MAX_FD_LIMIT=`ulimit -H -n` 111 | if [ $? -eq 0 ] ; then 112 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 113 | MAX_FD="$MAX_FD_LIMIT" 114 | fi 115 | ulimit -n $MAX_FD 116 | if [ $? -ne 0 ] ; then 117 | warn "Could not set maximum file descriptor limit: $MAX_FD" 118 | fi 119 | else 120 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 121 | fi 122 | fi 123 | 124 | # For Darwin, add options to specify how the application appears in the dock 125 | if $darwin; then 126 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 127 | fi 128 | 129 | # For Cygwin or MSYS, switch paths to Windows format before running java 130 | if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then 131 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 132 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 133 | 134 | JAVACMD=`cygpath --unix "$JAVACMD"` 135 | 136 | # We build the pattern for arguments to be converted via cygpath 137 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 138 | SEP="" 139 | for dir in $ROOTDIRSRAW ; do 140 | ROOTDIRS="$ROOTDIRS$SEP$dir" 141 | SEP="|" 142 | done 143 | OURCYGPATTERN="(^($ROOTDIRS))" 144 | # Add a user-defined pattern to the cygpath arguments 145 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 146 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 147 | fi 148 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 149 | i=0 150 | for arg in "$@" ; do 151 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 152 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 153 | 154 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 155 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 156 | else 157 | eval `echo args$i`="\"$arg\"" 158 | fi 159 | i=`expr $i + 1` 160 | done 161 | case $i in 162 | 0) set -- ;; 163 | 1) set -- "$args0" ;; 164 | 2) set -- "$args0" "$args1" ;; 165 | 3) set -- "$args0" "$args1" "$args2" ;; 166 | 4) set -- "$args0" "$args1" "$args2" "$args3" ;; 167 | 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 168 | 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 169 | 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 170 | 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 171 | 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 172 | esac 173 | fi 174 | 175 | # Escape application args 176 | save () { 177 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 178 | echo " " 179 | } 180 | APP_ARGS=`save "$@"` 181 | 182 | # Collect all arguments for the java command, following the shell quoting and substitution rules 183 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" 184 | 185 | exec "$JAVACMD" "$@" 186 | -------------------------------------------------------------------------------- /app/src/main/res/layout/activity_main.xml: -------------------------------------------------------------------------------- 1 | 2 | 8 | 9 | 10 | 16 | 17 | 22 | 23 | 31 | 32 | 36 | 37 | 40 | 41 |