Recently I’m using debugserver+lldb to dive into an app. Its behaviour changes when I connect into it.
Firstly, I’ve tried to set a breakpoint on ptrace and find that it doesn’t use ptrace and also doesn’t prevent me to debug.
Then, I’ve tried to find that whether it detects debug by sysctl, and I didn’t found any appropriate one.
So, Is there any other way to detect debug? like app integrity verification.
If there is one, how does it works maybe.