Skip to content
/ Nanomit3r Public

Anti debug protection system which uses separate thread to debug main application

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

reyder/Nanomit3r

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
Examples
Examples
 
 
NanoBreak
NanoBreak
 
 
Nanomit3r.xcodeproj
Nanomit3r.xcodeproj
 
 
Nanomit3r
Nanomit3r
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
helper.sh
helper.sh
 
 

Repository files navigation

Nanomiter

Nanomiter is an experimental project focused on showing a concept of implementing powerful anti-debugging system. Whole project consists of 3 stages:

  • Target disassembly
  • Building external library with debugger
  • Injecting library

This implementation targets macOS system only ! Other operating systems are not taken into consideration in future development.

New Features!

  • You can specify what sections are analyzed in 1st stage

Development

Want to contribute? Great! .. but not yet !

Building for source

For development build:

$ xcodebuild -target Nanomit3r -scheme Nanomit3r -configuration DEBUG build
WARNING: Make sure to install capstone library from brew and link it in the project!

Usage

First step is to analyze binary file that we want to nanomite. Example of the command:

/Users/korona/Nanomit3r -f /Users/korona/csr -s __text -g __TEXT -o /Users/korona/nanomite_data.json --output_binary /Users/korona/csr_mod

In result we receive 2 files:

  • JSON file with nanomite data
  • Modified binary file with nanomites

Next step is to build external library. We need first copy nanomite_data.json as ww.h file to Nanobreak folder in this project. Afterwards execute:

xcodebuild -target NanoBreak -scheme NanoBreak -configuration DEBUG build

Finally we have all parts and we can execute our binary. You can use any injection method to attach dylib. For testing purposes you can try:

DYLD_INSERT_LIBRARIES=/Users/korona/libNanoBreak.dylib /Users/korona/csr_mod

Special script was created for automted building and execution. Bash version 4+ is required: brew install bash All builds will be stored in project folder.

./helper.sh

Test commands

This commands are used to test performance of the solution (No command for specific binary means no additional parameters). Path needs to be adjusted.

DYLD_INSERT_LIBRARIES=/Code/Nanomit3r/build_dylib/Build/Products/Debug/libNanoBreak.dylib /tmp/disarm_mod 0x1F2003D5
DYLD_INSERT_LIBRARIES=/Code/Nanomit3r/build_dylib/Build/Products/Debug/libNanoBreak.dylib /tmp/stat_mod /Code/Nanomit3r/Examples/clear
DYLD_INSERT_LIBRARIES=/Code/Nanomit3r/build_dylib/Build/Products/Debug/libNanoBreak.dylib /tmp/whois_mod wp.pl
DYLD_INSERT_LIBRARIES=/Code/Nanomit3r/build_dylib/Build/Products/Debug/libNanoBreak.dylib /tmp/insert_dylib_mod --strip-codesig 'test' /Code/Nanomit3r/Examples/clear /tmp/result_m
DYLD_INSERT_LIBRARIES=/Code/Nanomit3r/build_dylib/Build/Products/Debug/libNanoBreak.dylib /tmp/jtool2_mod -S /Code/Nanomit3r/Examples/clear

Tech

Nanomiter uses a number of open source projects to work properly:

  • Capstone - lightweight multi-platform, multi-architecture disassembly framework
  • argparse - simple C++ header only command line argument parser
  • json.h - simple single header solution to parsing JSON in C and C++.

Todos

  • Add json output file for PART 1
  • Support multiple segments / sections in dissassembly
  • Add limits for nanomites
  • Randomization
  • Add support for calls

Free Software, Hell Yeah!

About

Anti debug protection system which uses separate thread to debug main application

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages