由于公司应用需要过安全测试,测试那边说有so注入漏洞,所以找到了这份代码,并成功通过测试。
废话不多说。直接上代码
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
//非Debug 编译,反调试检测 if(!BuildConfig.DEBUG) { if(isDebuggable()) { exit(0); } Thread t = new Thread(new Runnable() { @Override public void run() { while(true) { try { sleep(100); if(Debug.isDebuggerConnected()) { exit(0); } if(isUnderTraced()) { exit(0); } } catch (InterruptedException e) { e.printStackTrace(); } } } }, "SafeGuardThread"); t.start(); } if(isUnderTraced()) { System.exit(0); } CrashReport.initCrashReport(getApplicationContext(), "4abcbaaf23", BuildConfig.DEBUG); } private boolean isUnderTraced() { String processStatusFilePath = String.format(Locale.US, "/proc/%d/status", android.os.Process.myPid()); File procInfoFile = new File(processStatusFilePath); try { BufferedReader b = new BufferedReader(new FileReader(procInfoFile)); String readLine; while ((readLine = b.readLine()) != null) { if(readLine.contains("TracerPid")) { String[] arrays = readLine.split(":"); if(arrays.length == 2) { int tracerPid = Integer.parseInt(arrays[1].trim()); if(tracerPid != 0) { return true; } } } } b.close(); } catch (Exception e) { e.printStackTrace(); } return false; } public boolean isDebuggable() { return 0 != ( getApplicationInfo().flags & ApplicationInfo.FLAG_DEBUGGABLE ); } |
Comments | 4 条评论
ljcheng
你好 请问这个代码是放在哪里才能实现防止动态调试呢?
小峰
@ljcheng : 放在自定义Application里面
liu
请问我是h5写的APP,h5要怎么可以防止动态注入???
小峰
@liu : h5外面的马甲里面防止动态注入