Skip to content

mziadd/sys-nse

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
examples
examples
 
 
include
include
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
compile_flags.txt
compile_flags.txt
 
 

Repository files navigation

sys-nse (Native Security Engine - user-space probes)

This module contains a small, standalone C++ implementation that performs best-effort user-space integrity probes (filesystem + /proc + environment).

It is designed to be embedded into any Linux/macOS process that wants lightweight runtime tamper signals, or into mobile apps (Android NDK / iOS).

What it does

  • Scans for common root/jailbreak artifacts (paths)
  • Checks for debugger attachment signals (/proc/self/statusTracerPid)
  • Checks loaded mappings (/proc/self/maps) for common injection frameworks (Frida, Xposed, Magisk, etc.)
  • Android-only: reads system properties for additional signals
  • Apple-only: simulator + DYLD_INSERT_LIBRARIES heuristic + jailbreak path probes

The output is a raw integer bitmask.

Build (CMake)

From the module root:

cmake -S . -B build
cmake --build build -j
./build/sys_nse_example

Usage

#include "sys_nse.h"

uint32_t mask = sys_nse::sys_rt_p1_validate();

Notes

  • This is heuristic detection. Treat it as a signal, not proof.
  • /proc checks are only meaningful on Linux/Android.

About

Lightweight user-space integrity probes for Linux/macOS and mobile (Android/iOS)

Topics

macos linux security cmake cpp integrity frida anti-tamper

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages