DetectFrida

This project has 3 ways to detect frida hooking

Detect through named pipes used by Frida
Detect through frida specific named thread
Compare text section in memory with text section in disk for both libc and native library

More details can be found in my blog -> DetectFrida

Also this project has 3 mechanisms to harden the native code

More details can be found in my blog -> Hardening Native Code

arm64, armv7a, x86_64 architectures are supported in this project. The hardened APK is provided for interested reverse engineers to analyze.

Updates

Re-aligned functions
Fix scanning of executable sections only if it is readable to avoid crashes when app is targetting API 29
Stripped comment section in native library to prevent APKId detecting O-LLVM obfuscator is used
Updated Target API to 30
Updated Obfuscator-LLVM to OLLVM-TLL
Fixed false positives found in Android 10 and Android 11. Now the memdisk compare checks the PLT and TEXT sections of libc and native library in a proper way
Memdisk comparison approach is frida agnostic, hence frida specific signature changes does not bypass this detection mechanism.

Henceforth, Please don't raise issue asking for OLLVM binary for Windows. PRs welcome.

Name		Name	Last commit message	Last commit date
Latest commit History 21 Commits
app		app
gradle/wrapper		gradle/wrapper
.gitignore		.gitignore
DetectFrida.iml		DetectFrida.iml
LICENSE		LICENSE
README.md		README.md
build.gradle		build.gradle
gradle.properties		gradle.properties
gradlew		gradlew
gradlew.bat		gradlew.bat
obfuscated-app-release.apk		obfuscated-app-release.apk
settings.gradle		settings.gradle