{"id":13841316,"url":"https://github.com/TUGOhost/anti_Android","last_synced_at":"2025-07-11T12:31:09.602Z","repository":{"id":38365172,"uuid":"348566357","full_name":"TUGOhost/anti_Android","owner":"TUGOhost","description":"Is a protect Android App anti any attacks and environments.","archived":false,"fork":false,"pushed_at":"2023-12-28T07:55:51.000Z","size":3052,"stargazers_count":313,"open_issues_count":0,"forks_count":98,"subscribers_count":15,"default_branch":"main","last_synced_at":"2024-08-05T17:27:09.160Z","etag":null,"topics":["android","anti"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TUGOhost.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-03-17T03:19:53.000Z","updated_at":"2024-07-29T08:21:46.000Z","dependencies_parsed_at":"2023-02-09T20:15:39.652Z","dependency_job_id":null,"html_url":"https://github.com/TUGOhost/anti_Android","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TUGOhost%2Fanti_Android","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TUGOhost%2Fanti_Android/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TUGOhost%2Fanti_Android/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TUGOhost%2Fanti_Android/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TUGOhost","download_url":"https://codeload.github.com/TUGOhost/anti_Android/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225720398,"owners_count":17513596,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","anti"],"created_at":"2024-08-04T17:01:08.247Z","updated_at":"2024-11-21T11:30:35.222Z","avatar_url":"https://github.com/TUGOhost.png","language":"C++","funding_links":[],"categories":["C++"],"sub_categories":[],"readme":"# anti\n\n## Introduction\n\nIs a protect Android App anti any attacks and environments.\n\n可能会通过检测的方式来进行anti，也有可能通过攻击手段的实现原理进行anti。\n\n## Anti Frida\n\n根据frida的实现细节来作出相应的anti对策。\nfrida在hook的时候会对目标应用的libc进行获取，使用目标libc的mmap将自身的相关so注册到目标maps表中;再执行目标libc的dlopen和dlsym函数将自身so中的函数进行执行，从而实现了hook操作，详情请看：\nhttps://github.com/frida/frida-core/blob/8f6e88225b702d062ab581c905448b88384f6ab6/src/linux/frida-helper-backend-glue.c\nanti frida的灵感也是来自于这里。就是将mmap一个只读的libc到maps表中，这样frida 无法将继续拿到可执行的libc从而崩溃。能够有效针对https://github.com/hluwa/strongR-frida-android 此类项目的去掉特征。\n![](imgs/1.png)\n![](imgs/2.png)\n![](imgs/3.png)\n\n`Anti Frida`只对frida attach模式攻击的对抗。\n\n## Anti Xposed/like Xposed\n思路来源：\n- https://blog.canyie.top/2021/05/01/anti-magisk-xposed/\n- https://github.com/vvb2060/XposedDetector\n## Anti Root\n\n## Anti Debug\n\n## Anti MemDump\n思路来源：https://github.com/darvincisec/AntiDebugandMemoryDump\n- 使用监视相关文件\n\n更多详细内容，参考：https://s5rxx58djb.feishu.cn/docs/doccnEenEJJas6iQPjc83M0dLed\n\n## Anti Virtual App/Multi Run\n\n### Anti Virtual App\nVirtual App 会在自己的文件系统中创建一个文件目录，通过这特点可以判断是否为Virtual App，因为正常情况下，app访问所有父目录都是不可读的。\n思路来自：https://juejin.cn/post/6964673582924300296#heading-18\n![](imgs/4.png)\n![](imgs/5.png)\n\n### Anti Multi Run\n思路来源：https://bbs.pediy.com/thread-255212.htm\n基于svc来获得app的安装目录，防止被hook（除内核层面）。\n\n## Anti Emulator\n思路来源：https://bbs.pediy.com/thread-255672.htm\n\n# Thanks\n- [xCrash](https://github.com/iqiyi/xCrash)\n- [JNIHelper](https://github.com/kvintessence/JNIHelper)\n- [XposedDetector](https://github.com/vvb2060/XposedDetector)\n- [AntiDebugandMemoryDump](https://github.com/darvincisec/AntiDebugandMemoryDump)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTUGOhost%2Fanti_Android","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FTUGOhost%2Fanti_Android","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTUGOhost%2Fanti_Android/lists"}