ARM cross platform breakpoint detection using memory scaning

A place to submit all custom code, scripts, and programs.
Forum rules
Do NOT post malicious code or programs. Please review all code posted in this forum before downloading or running any of the code or programs here.

ARM cross platform breakpoint detection using memory scaning

Post by MadM0use on Sat Jan 31, 2015 8:07 pm
([msg=86528]see ARM cross platform breakpoint detection using memory scaning[/msg])

Code: Select all
/*
@@@@@@@@@@@@@
@ Arm Anti debugging 101 
@@@@@@@@@@@@@

.section .text
.global scan

@ scan(void* code, unsigned int depth);
scan:
   .code 32
   ldr r3, =0xE7F00000   @ load breakpoint constant
   ldr r4, =0xFFFF0000   @ mask
loop:
   ldr r2, [r0]   @ load byte code into r2
   and r2, r4   @ clear out extra data in bytecode with mask
   cmp r2, r3   @ is it a breakpoint?
   beq fuck   @ if so FUCK
   cmp r1, #0   @ are we at the end?
   beq safe   @ if so we are safe
   sub r1, #1   @ decrement the counter
   add r0, #1   @ increment our pointer
   bne loop   @ if we are still looping, loop
safe:
   mov r0, #0   @ return false
   mov r1, r0
   bx lr
fuck:
   mov r0, #0x1   @ return true
   mov r1, #0
   bx lr



*/

bool scan(void (*fun), unsigned int depth)   /// scans a section of a function for break points
{
   int i;
   unsigned int inst;
   for(i=0;i<=depth;i+=sizeof(inst))   /// count from offset start to depth
   {
      inst = (*(volatile unsigned int *)((unsigned int)fun + i) & 0xffff0000)>>16;
      if (inst == 0xE7F0)   /// if this is a break point
         return true;   /// return true
   }
   return false;
}





Go forth and prosper fellow binary whores :D next to come is a tutorial on this for MIPS and another two on shellcode for both platforms
const char main[]="\xeb\xfe -> A fully functional program in C";

<@MadMouse> i am forgot what i was doing today but i had motivation and a distinct plan when i woke up stoned right now

http://pastebin.com/FnwUG5KS
Books:
http://goo.gl/muPm3d
User avatar
MadM0use
Experienced User
Experienced User
 
Posts: 70
Joined: Thu Sep 11, 2014 10:30 pm
Blog: View Blog (0)


Re: ARM cross platform breakpoint detection using memory scaning

Post by cyberdrain on Sun Feb 01, 2015 7:31 pm
([msg=86543]see Re: ARM cross platform breakpoint detection using memory scaning[/msg])

So 0xE7F0 is the breakpoint, while the mask only truncates the data?
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: ARM cross platform breakpoint detection using memory scaning

Post by MadM0use on Sun Feb 01, 2015 7:55 pm
([msg=86548]see Re: ARM cross platform breakpoint detection using memory scaning[/msg])

cyberdrain wrote:So 0xE7F0 is the breakpoint, while the mask only truncates the data?


yep :D
const char main[]="\xeb\xfe -> A fully functional program in C";

<@MadMouse> i am forgot what i was doing today but i had motivation and a distinct plan when i woke up stoned right now

http://pastebin.com/FnwUG5KS
Books:
http://goo.gl/muPm3d
User avatar
MadM0use
Experienced User
Experienced User
 
Posts: 70
Joined: Thu Sep 11, 2014 10:30 pm
Blog: View Blog (0)



Return to Custom Code

Who is online

Users browsing this forum: No registered users and 0 guests