• Title/Summary/Keyword: Android emulator detection

Search Result 4, Processing Time 0.019 seconds

Detecting Android Emulators for Mobile Games (Focusing on Detecting Nox and LD Player) (모바일 게임용 안드로이드 에뮬레이터 탐지 기법 (Nox와 LD Player 탐지 기법 중심으로))

  • Kim, Nam-su;Kim, Seong-ho;Pack, Min-su;Cho, Seong-je
    • Journal of Software Assessment and Valuation
    • /
    • v.17 no.1
    • /
    • pp.41-50
    • /
    • 2021
  • Many game and financial apps have emulator detection functionality to defend against dynamic reverse engineering attacks. However, existing Android emulator detection methods have limitations in detecting the latest mobile game emulators that are similar to actual devices. Therefore, in this paper, we propose a method to effectively detect Android emulators for mobile games based on Houdini module and strings of a library. The proposed method detects the two emulators, Nox and LD Player through specific strings included in libc.so of bionic, and an analysis of the system call execution process and memory mapping associated with the Houdini module.

A Study on android emulator detection for mobile game security (모바일 게임 보안을 위한 안드로이드 에뮬레이터 탐지방법에 관한 연구)

  • Yoon, Jongseong;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.5
    • /
    • pp.1067-1075
    • /
    • 2015
  • With the recent increase of the number of mobile game users, the side effects such as the manipulation of game points, levels and game speed and payment fraud are emerging. Especially, the emulators which make it possible for mobile applications to run on PC is a great threat to mobile game security since debugging specific game application or automating the game playing can be done easier with them. Therefore, we research the efficient ways to detect widely used Android Emulators such as BlueStacks, GenyMotion, Andy, YouWave and ARC Welder from the perspective of client(app), game server and network to reduce threat to mobile game security.

Design and Implementation of API Extraction Method for Android Malicious Code Analysis Using Xposed (Xposed를 이용한 안드로이드 악성코드 분석을 위한 API 추출 기법 설계 및 구현에 관한 연구)

  • Kang, Seongeun;Yoon, Hongsun;Jung, Souhwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.1
    • /
    • pp.105-115
    • /
    • 2019
  • Recently, intelligent Android malicious codes have become difficult to detect malicious behavior by static analysis alone. Malicious code with SO file, dynamic loading, and string obfuscation are difficult to extract information about original code even with various tools for static analysis. There are many dynamic analysis methods to solve this problem, but dynamic analysis requires rooting or emulator environment. However, in the case of dynamic analysis, malicious code performs the rooting and the emulator detection to bypass the analysis environment. To solve this problem, this paper investigates a variety of root detection schemes and builds an environment for bypassing the rooting detection in real devices. In addition, SDK code hooking module for Android malicious code analysis is designed using Xposed, and intent tracking for code flow, dynamic loading file information, and various API information extraction are implemented. This work will contribute to the analysis of obfuscated information and behavior of Android Malware.

Scheduler-based Defense Method against Address Translation Redirection Attack (ATRA) (메모리 주소 변환 공격에 대한 스케줄러 기반의 방어 방법)

  • Jang, Daehee;Jang, Jinsoo;Kim, Donguk;Choi, Changho;Kang, Brent ByungHoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.4
    • /
    • pp.873-880
    • /
    • 2015
  • Since hardware-based kernel-integrity monitoring systems run in the environments that are isolated from the monitored OS, attackers in the monitored OS cannot undermine the security of monitoring systems. However, because the monitoring is performed by using physical addresses, the hardware-based monitoring systems are vulnerable to Address Translation Redirection Attack (ATRA) that manipulates virtual-to-physical memory translations. To ameliorate this problem, we propose a scheduler-based ATRA detection method. The method detects ATRA during the process scheduling by leveraging the fact that kernel scheduler engages every context switch of processes. We implemented a prototype on Android emulator and TizenTV, and verified that it successfully detected ATRA without incurring any significant performance loss.