03. Anti Debugger Tricks - ThisTestUser/Java-Debugger GitHub Wiki

Some applications don't like people modifying them, so they use tricks to prevent their JAR from being debugged. Here are some common methods and how to circumvent them. Note that we do not endorse use of this application other than for educational purposes!

Class Scanning

Some applications will try to prevent rouge classes from loading, and it is perfectly possible that they check for our Debugger. In that case, simply obfuscate the application with a tool like ProGuard, and there will be no way for the application to check if a class named com.thistestuser.debugger.Debugger exists, because it won't find anything! Note that you'll have to inject the method under a different name, so if you obfuscate com.thistestuser.debugger.Debugger to a.a.a.a, and injectDebugger to abcd, you'll have to call a.a.a.a.abcd() instead.

Class Signatures

Some obfuscators have an anti-tamper function on, which prevents the class files from working when they have been modified. In this case, you have to look for a class that doesn't have this verify protection, or remove the protection for one class. Remember that you can use the "Load Class" feature in Java Debugger to load certain classes in, so once you have Java Debugger open, you can bounce to the class you want.

Class Encryption

Basically one step up from class signatures, this prevents the user from editing the class files at all, because they are decrypted at runtime. To bypass this, you would find a non-encrypted and inject it there. Since you cannot use "Load Class" because the encrypted class files use a custom ClassLoader, you'll have to find a way to load them into Java Debugger. One way is to place a function that runs DebuggerHook.injectDebugger(class, instance, classloader), where class is ldc-ed after the encrypted classes have been decrypted. Be creative!

This list is just a small list of how people could prevent debugging in their application. Remember that there may be infinite ways to prevent Debuggers, but there are also infinite ways to bypass these methods!