How does the code integrity check work

Question

How does the code integrity check work

jhftss opened this issue 4 years ago · comments

Execuse me,
I just wondered how the code integrity check work.
If I patch the function "is_nativelibrary_tampered" to directly return "success" in the libnative-lib.so,
then your code to check the text segment integrity will not be executed because of the patch.
So my question is how does it work?

Darvin · Answer 1 · Wed Mar 11 2020 23:04:10 GMT+0800 (China Standard Time)

The detection logic is expected to be used alongside app's core logic in native, wherein the explicit symbols exported in this project will never show up as it is showing here.

Mickey Jin · Answer 2 · Thu Mar 12 2020 09:44:50 GMT+0800 (China Standard Time)

The detection logic is expected to be used alongside app's core logic in native, wherein the explicit symbols exported in this project will never show up as it is showing here.

I think I can reverse and patch the detection logic directly by debugging, even without the assistance of the explicit symbols. It is easy to do that.

Darvin · Answer 3 · Thu Mar 12 2020 16:38:03 GMT+0800 (China Standard Time)

Well, there is no denial of the fact that any binary can be reversed. The point here is the extra time it takes to identify the logic vs attacking known interfaces used for signature verification.