한국소프트웨어감정평가학회 논문지 (Journal of Software Assessment and Valuation)

  • 제17권1호
  • /
  • Pages.41-50
  • /
  • 2021
  • /
  • 2092-8114(pISSN)
  • /
  • 2733-4384(eISSN)
한국소프트웨어감정평가학회 (Korea Software Assessment and Valuation Society)
권호 표지
DOI QR코드

DOI QR Code

모바일 게임용 안드로이드 에뮬레이터 탐지 기법 (Nox와 LD Player 탐지 기법 중심으로)

Detecting Android Emulators for Mobile Games (Focusing on Detecting Nox and LD Player)

  • 김남수 (단국대학교 컴퓨터학과) ;
  • 김성호 (단국대학교 컴퓨터학과) ;
  • 박민수 (단국대학교 소프트웨어학과) ;
  • 조성제 (단국대학교 소프트웨어학과)
  • 투고 : 2021.06.04
  • 심사 : 2021.06.20
  • 발행 : 2021.06.30
⟨ 이전 논문 다음 논문 ⟩

초록

많은 게임 앱이나 금융 앱들의 경우, 동적 역공학 공격을 방어하기 위해 에뮬레이터 탐지 기능을 탑재하고 있다. 그러나 기존 안드로이드 에뮬레이터 탐지 방법들은, 실제 기기와 유사해진 최신 모바일 게임용 에뮬레이터를 탐지하는데 한계가 있다. 이에 본 논문에서는 Houdini 모듈과 라이브러리 문자열 기반으로 모바일 게임용 에뮬레이터를 효과적으로 탐지하는 기법을 제안한다. 구체적으로, bionic의 libc 라이브러리에 포함된 특정 문자열, Houdini 관련된 시스템 콜 수행과정 분석과 메모리 매핑을 통해, 잘 알려진 Nox와 LD Player 에뮬레이터를 탐지하는 기법을 제시한다.

Many game and financial apps have emulator detection functionality to defend against dynamic reverse engineering attacks. However, existing Android emulator detection methods have limitations in detecting the latest mobile game emulators that are similar to actual devices. Therefore, in this paper, we propose a method to effectively detect Android emulators for mobile games based on Houdini module and strings of a library. The proposed method detects the two emulators, Nox and LD Player through specific strings included in libc.so of bionic, and an analysis of the system call execution process and memory mapping associated with the Houdini module.

키워드

과제정보

이 연구는 2021년도 정부(과학기술정보통신부)의 재원으로 한국연구재단의 지원을 받아 수행된 기초연구사업임(no. 2021R1A2C2012574). 또한 과학기술정보통신부 및 정보통신기획평가원의 2021년도 SW중심대학사업의 결과로 수행되었음(2017-0-00091)

참고문헌

  1. android developer (AVD User guide) https://developer.android.com/studio/run/managing-avds
  2. Jyoti Gajrani, Jitendra Sarswat, Meenakshi Tripathi, Vijay Laxmi, M. S. Gaur, and Mauro Conti, "A robust dynamic analysis system preventing SandBox detection by Android malware", Proceedings of the 8th International Conference on Security of Information and Networks, 2015. DOI: https://doi.org/10.1145/2799979.2800004
  3. Android Developers Blog (Combating Potentially Harmful Applications with Machine Learning at Google: Datasets and Models) https://android-developers. googleblog.com/2018/11/combating-potentially-harmful.html
  4. Woohwan Nam, "Android Emulators Forensic Analysis Technique", Journal of Digital Forensics, vol. 13, no. 4, pp. 303-316, 2019. DOI: 10.22798/kdfs.2019.13.4.303
  5. Jongseong Yoon, and Sangjin Lee, "A Study on android emulator detection for mobile game security", Journal of the Korea Institute of Information Security & Cryptology 25(5), pp. 1067-1075, Oct. 2015. DOI: https://doi.org/10.13089/JKIISC.2015.25.5.1067
  6. gamebots.run (Mobile Game cheats : Game Bot News) https://gamebots.run/news/Use-Summoners-War-Auto-Farm-Bot-on-PC-1794
  7. arstchnica ("Evil mobile emulator farms" used to steal millions from US and EU banks) https://arstechnica.com/information-technology/2020/12/evil-mobile-emulator-farms-used-to-steal-millions-from-us-and-eu-banks/
  8. Ye Roger, "Android System Programming: Porting, customizing, and debugging Android HAL", ISBN-13: 978-1787125360, ISBN-10: 178712536X Packt Publishing.
  9. github (Houdini module) https://github.com/Rprop/libhoudini
  10. Thanasis Petsas, Giannis Voyatzis, Elias Athanasopoulos, Michalis Polychronakis, and Sotiris Ioannidis, "Rage against the virtual machine: Hindering dynamic analysis of android malware", In Proceedings of the Seventh European Workshop on System Security, pp. 5:1-5:6, Apr. 2014. ACM. DOI : https://doi.org/10.1145/2592791.2592796
  11. Onur Sahin, Ayse K. Coskun, and Manuel Egele, "Proteus: Detecting Androi Emulators from Instruction-Level Profiles", Research in Attacks, Intrusions, and Defenses, pp. 3-24, Sept. 2018. DOI : https://doi.org/10.1007/978-3-030-00470-5_1
  12. Nox App Player Download (2016). Nox App Player Download for Windows PC, Mac, Laptop Retrieved May. 15, 2016. from http://noxappplayer.com/
  13. A highly-customizable free emulator (LDPlayer), https://ld-player.en.softonic.com/
  14. android-x86 (android-x86 download) https://www.android-x86.org/
  15. Qifan Yang, Zhenhua Li, Yunhao Liu, Hai Long, Yuanchao Huang, Jiaming He, Tianyin Xu, and Ennan Zhai, "Mobile Gaming on Personal Computers with Direct Android Emulation", Proceedings of The 25th Annual International Conference on Mobile Computing and Networking, pp.1-15 Aug. 2019. DOI : https://doi.org/10.1145/3300061.3300122
  16. Min Choi, Seung-Ho Lim, "x86-Android performance improvement for x86 smart mobile devices", Concurrency and Computation: Practice and Experience, 28.10, pp.2770-2780, Jul. 2016. DOI : https://doi.org/10.1002/cpe.3189
  17. Timothy Vidas, Nicolas Christin, "Evading android runtime analysis via sandbox detection", Proceedings of the 9th ACM symposium on Information, computer and communications security, pp.1-6, Jun. 2014. DOI: https://doi.org/10.1145/2590296.2590325
  18. Jie Lin, Chuanyi Liu, Binxing Fang. "Out-of-Domain Characteristic Based Hierarchical Emulator Detection for Mobile", Proceedings of the 2nd International Conference on Information Technologies and Electrical Engineering, pp.1-5, Dec. 2019. DOI : https://doi.org/10.1145/3386415.3387091
  19. Daehee Jang, Yunjong Jeong, Sungman Lee, Minjoon Park, Kuenhwan Kwak, Donguk Kim, Brent Byunghoon Kang, "Rethinking anti-emulation techniques for large-scale software deployment", computers & security 83, pp.182-200, Jun. 2019. DOI: https://doi.org/10.1016/j.cose.2019.02.005
  20. Yiming Jing, Ziming Zhao, Gail-Joon Ahn, Hongxin Hu, "Morpheus: automatically generating heuristics to detect android emulators", Proceedings of the 30th Annual Computer Security Applications Conference, pp. 216-225, Dec. 2014. DOI : https://doi.org/10.1145/2664243.2664250
  21. Amazon Web Services (AWS Device Farm device list) https://awsdevicefarm.info/
  22. Sora Lee, Hyoungshick Kim, "Android Emulator Detection for Evading Dynamic Analysis", Proceedings of the Korean Information Science Society Conference, pp.846-848, Dec. 2015.
  23. Namsu Kim, Hanseul Choi, and Seong-je Cho, "Detecting Android Emulators based on API calls: Overview and Research Trends", Proceedings of the Spring Annual Conference of Korea Institute of Next Generation Computing, Aug. 2020.