Debuggers & ptrace
A debugger attaches to your app process to step through execution one instruction at a time, observing memory and branches.
What it is
A debugger traces a process (e.g. via ptrace) to set breakpoints, single-step, and inspect registers and memory.
How attackers use it
Attackers use a debugger to find the branch that bypasses a security check, change runtime values, and trace algorithms.
How Appsolid detects it
ptrace / TracerPid detection
Inspects TracerPid in /proc/self/status to detect debugger attach at startup, and entangles the result into the decryption key.
Timing-based detection
Measures execution-timing anomalies from single-stepping/breakpoints to detect tracing; on detection it reports a DEBUGGER event and exits.
Honest scope: Timing thresholds are set conservatively to avoid false positives on low-end or thermally throttled devices, targeting clearly anomalous tracing.