Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False positive on few specific devices like samsung A13 Android 12 #33

Open
ravibhojwani86 opened this issue Jan 25, 2023 · 2 comments
Open

False positive on few specific devices like samsung A13 Android 12 #33

ravibhojwani86 opened this issue Jan 25, 2023 · 2 comments

Comments

@ravibhojwani86
Copy link

hi ,

For samsung A13 model android 12.0, script is giving false positive for frida detection.
It is happening in scan_executable_segments method where checksum is not matching.

Following is the log dump of the same:

2023-01-25 18:18:08.878 20767-20796 DetectMalware pid-20767 E !@ Checksum:[64076][64076], count: 0
2023-01-25 18:18:08.878 20767-20796 DetectMalware pid-20767 E !@ Checksum:[956873][956873], count: 1
2023-01-25 18:18:08.990 20767-20796 DetectMalware pid-20767 E !@ Checksum:[59601097][59680139], count: 0
2023-01-25 18:18:08.990 20767-20796 DetectMalware pid-20767 E !@ Checksum:[1421520][1670286], count: 1

Here we can see that 59601097 and 59680139 is mismatch and 1421520 and 1670286.

Please help.
Also if there is documentation which explains clearly on what we are trying to do with scan_executable_segments, will be more helpful.
@flikkr
Copy link

flikkr commented Feb 3, 2023

Duplicate issue of #31

@jhlee8804
Copy link

jhlee8804 commented Mar 1, 2023
edited
Loading

Is there any solutions?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ravibhojwani86 @jhlee8804 @flikkr