DebuggerCheckHP 1.0

DebuggerCheckHP 1.0

This is part of the HackProtect extension. If you want to see if a debugger is connected, you can use this extension. The following checks are performed.

  1. Is ADB Debugging Enabled on the device.
  2. Is a Debugger Connected at a level the device knows about.
  3. Is the app running from External Storage. (This is a way people try to side load apps to get them to interface with a debugger)
  4. Is the CPU behaving in a strange way. We do some checks on how certain functions are performing, and if they are too slow, it could mean that a debugger is intercepting the activities.
  5. Do any of the processes on the device have a TracerID attached to them. That is a sure sign of a debugger.

Blocks

Use the AllDebuggerCheck block as a boolean, either True or false if a debbugger is connected. If one is connected and you want to see why, you can then use the AllDebuggerCheckInfo block.

Here is an example.

Here are the messages you could get in the second block, you may got one or many depending on how many hits there are.

  • No ADB Issues Found.
  • ADB is enabled on the device!!
  • A debugger is connected to the device!!
  • This APP is running from External Storage. That is not good!!
  • Something is slowing down the CPU on easy thread analysis. This means something is watching, like a debugger!!
  • A process on the device has a tracer attached to it. That means something is intercepting, or debugging. Not Good!!
  • There was an error trying to detect Tracers on the processes. This could be a hook, and a sign of debugger!!

###Download

DebuggerCheckHP.aix (10.5 KB)

6 Likes