iOS Anti-Debugging Protections #2
In the previous part (iOS Anti-Debugging Protections: Part 1) we discussed about ptrace and how it can be used to prevent a debugger from attaching to a process. This post describes a technique that is commonly used to detect the presence of a debugger. Note that unlike the ptrace technique this method doesn’t prevent a debugger from attaching to a process. Instead, it uses the sysctl function to retrieve information about the process and determine whether it is being debugged. Apple has an article in their Mac Technical Q&As with sample code that uses this method: Detecting the Debugger
iOS Anti-Debugging Protections #1
Many iOS applications use anti-debugging techniques to prevent malicious users from using a debugger to analyze or modify their behavior. In this first part of the iOS anti-debugging series I will describe one of the most commonly used anti-debugging techniques in iOS nowadays and provide ways to bypass it.