https://github.com/xiosec.png?size=250

~ xio

The content of this blog is about cyber security and programming

Bypassing jailbreak detection mechanisms

In this post, I will talk about the challenges that this week with the mechanisms of Jailbreak Detection and how to bypass it. In much important software such as banking software, mechanisms such as Jailbreak Detection or debugging are incorporated to prevent software implementation. The use of these types of mechanisms can have various reasons, such as preventing software lock bypassing by using debugging and dumping sensitive software information, etc.

Direct Kernel Object Manipulation (DKOM)

In this post, we talk about manipulating the _EPROCESS structure in the kernel and how to hide processes. Overview In most cases, rootkits can hide a process by exploiting various kernel structures such as _EPROCESS. EPROCESS is a kernel memory structure that describes system-related processes, in fact, every process that runs on the system has a unique _EPROCESS object that is stored somewhere in the kernel. This object contains various things like process ID or structures like _PEB (Process Environment Block).

Masquerading Processes via PEB

In this post, we explain how to show a process with the information from another process by changing the Block Process Environment (abbreviated as PEB) Overview The information of a process, such as arguments, image location, loaded modules, etc., is stored in a structure called the process environment block (_PEB) in memory, which can be accessed through the userland and whose values can be edited. Tools like ProcExplorer display some process information by looking at the _PEB.