Menu
I am trying to intercept all system calls made by my Android app on a non rooted device.
So every time my app writes/reads a file, I want to intercept the system call and encrypt/decrypt the stream for security purposes. The encryption part is no problem, but how do I intercept the system calls?
Because parts of the app are modules developed by third party providers of which I can not change the source code, there is no other way to make sure that data is stored securely.
Since I do not have root access I cannot access the address of the system call table as described here and I can not do this through an LKM module as well.
I would appreciate any suggestions, thanks.
Edit:
Ok I got the code link form Simone Margaritelli to work now! the reason why my code kept crashing is because i had to set the right memory access permisions:
uint32_t page_size = getpagesize();
uint32_t entry_page_start = reloc& (~(page_size - 1));
mprotect((uint32_t *)entry_page_start, page_size, PROT_READ | PROT_WRITE);
741
Before you start, you will need to root your device in case you haven't done so already. It is technically also possible to use Frida without rooting your device, for example by repackaging the app to include frida-gadget, or using a debugger to accomplish the same.
This is how you can hook syscalls on Android without root permissions ( only working for your own process of course, this is not system wide ).
153
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
