Source Basic Anti-Tamper for android applications

A

AndroidMaster24

Platinian
The code provided underneath is just a bare bone example which causes an intentional crash if the application is tampered with.

This should not be used for public projects as it can be easily bypassed by practically anyone who has some experience with android reverse engineering.

Credit: Boban - Polar v2

C++: 
// Created by Boban on 2/6/2023.
// Bonk.cpp

#include "Bonk.h"

char *Bonk::getPackageName() {
    const size_t BUFFER_SIZE = 256;
    char buffer[BUFFER_SIZE] = "";
    int fd = open("/proc/self/cmdline", O_RDONLY);
    if (fd > 0) {
        ssize_t r = read(fd, buffer, BUFFER_SIZE - 1);
        close(fd);
        if (r > 0) {
            return strdup(buffer);
        }
    }
    return nullptr;
}

const char *Bonk::getFilenameExt(const char *filename) {
    const char *dot = strrchr(filename, '.');
    if (!dot || dot == filename) return "";
    return dot + 1;
}

char *Bonk::pathHelperGetPath() {
    char *package = getPackageName();
    if (nullptr == package) {
        return nullptr;
    }

    FILE *fp = fopen("/proc/self/maps", "r");
    if (nullptr == fp) {
        free(package);
        return nullptr;
    }
    const size_t BUFFER_SIZE = 256;
    char buffer[BUFFER_SIZE] = "";
    char path[BUFFER_SIZE] = "";

    bool find = false;
    while (fgets(buffer, BUFFER_SIZE, fp)) {
        if (sscanf(buffer, "%*llx-%*llx %*s %*s %*s %*s %s", path) == 1) {
            if (strstr(path, package)) {
                char *bname = basename(path);
                if (strcasecmp(getFilenameExt(bname), "apk") == 0) {
                    find = true;
                    break;
                }
            }
        }
    }
    fclose(fp);
    free(package);
    if (find) {
        return strdup(path);
    }
    return nullptr;
}

size_t Bonk::write_callback(char *ptr, size_t size, size_t nmemb, std::string *data) {
    data->append(ptr, size * nmemb);
    return size * nmemb;
}

void Bonk::initialize() {

    curl = curl_easy_init();

    curl_easy_setopt(curl, CURLOPT_URL, "https://www.example.com/crc32");
    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_callback);
    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response);
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);

    curl_easy_perform(curl);

    curl_easy_cleanup(curl);

    std::ifstream file(pathHelperGetPath(), std::ios::binary);

    uLong crc = crc32(0L, Z_NULL, 0);

    for (int c = file.get(); file.good(); c = file.get()) {

        crc = crc32(crc, (const Bytef *) &c, 1);

    }

    std::string hash = std::to_string(crc);

    unsigned char digest[MD5_DIGEST_LENGTH];

    MD5((unsigned char *) hash.c_str(), hash.length(), (unsigned char *) &digest);

    char mdString[33];

    for(int i = 0; i < 16; i++) {

        sprintf(&mdString[i * 2], "%02x", (unsigned int) digest[i]);

    }

    if(!(mdString == response)) {

        int *p = 0;
        *p = 1;

    }

}

Bonk::Bonk() = default;

C++: 
// Created by Boban on 2/6/2023.
// Bonk.h

#ifndef BONK_H
#define BONK_H

#include <thread>
#include <chrono>
#include <vector>
#include <fstream>

#include <zlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <malloc.h>
#include <libgen.h>
#include <curl/curl.h>
#include <openssl/md5.h>

class Bonk {

private:

    std::string response;

    CURL *curl{};

    static char *getPackageName();

    static const char *getFilenameExt(const char *filename);

    static char *pathHelperGetPath();

    static size_t write_callback(char *ptr, size_t size, size_t nmemb, std::string *data);

public:

    Bonk();

    void initialize();

};

#endif

Code: 
cmake_minimum_required(VERSION 3.22.1)

project("bonk")

add_library(
        bonk

        SHARED

        native-lib.cpp
        Bonk.cpp
)


set(OpenSSL Q:/OpenSSL/${CMAKE_ANDROID_ARCH_ABI})

set(ssl ${OpenSSL}/lib/libssl.a)
set(crypto ${OpenSSL}/lib/libcrypto.a)

set(cURL Q:/cURL/${CMAKE_ANDROID_ARCH_ABI}/lib/libcurl.a)

target_link_libraries(
        bonk
        log
        z
        ${ssl}
        ${crypto}
        ${cURL}
)

include_directories(${OpenSSL}/include Q:/cURL/${CMAKE_ANDROID_ARCH_ABI}/include)
 
Last edited:
Do you happen to have scans of the K, M, or N class drawings? The above is exactly what I need. The previous drawing was eyeballed from a photo which is Certifiably Not Good For Shipbucket.
 
You must log in or register to reply here.
Back
Top Bottom