False positive on few specific devices like samsung A13 Android 12 #33
Description
hi ,
For samsung A13 model android 12.0, script is giving false positive for frida detection.
It is happening in scan_executable_segments method where checksum is not matching.
Following is the log dump of the same:
2023-01-25 18:18:08.878 20767-20796 DetectMalware pid-20767 E !@ Checksum:[64076][64076], count: 0
2023-01-25 18:18:08.878 20767-20796 DetectMalware pid-20767 E !@ Checksum:[956873][956873], count: 1
2023-01-25 18:18:08.990 20767-20796 DetectMalware pid-20767 E !@ Checksum:[59601097][59680139], count: 0
2023-01-25 18:18:08.990 20767-20796 DetectMalware pid-20767 E !@ Checksum:[1421520][1670286], count: 1
Here we can see that 59601097 and 59680139 is mismatch and 1421520 and 1670286.
Please help.
Also if there is documentation which explains clearly on what we are trying to do with scan_executable_segments, will be more helpful.