• Title/Summary/Keyword: 에뮬레이터 탐지

Search Result 4, Processing Time 0.019 seconds

Detecting Android Emulators for Mobile Games (Focusing on Detecting Nox and LD Player) (모바일 게임용 안드로이드 에뮬레이터 탐지 기법 (Nox와 LD Player 탐지 기법 중심으로))

  • Kim, Nam-su;Kim, Seong-ho;Pack, Min-su;Cho, Seong-je
    • Journal of Software Assessment and Valuation
    • /
    • v.17 no.1
    • /
    • pp.41-50
    • /
    • 2021
  • Many game and financial apps have emulator detection functionality to defend against dynamic reverse engineering attacks. However, existing Android emulator detection methods have limitations in detecting the latest mobile game emulators that are similar to actual devices. Therefore, in this paper, we propose a method to effectively detect Android emulators for mobile games based on Houdini module and strings of a library. The proposed method detects the two emulators, Nox and LD Player through specific strings included in libc.so of bionic, and an analysis of the system call execution process and memory mapping associated with the Houdini module.

Design and Implementation of API Extraction Method for Android Malicious Code Analysis Using Xposed (Xposed를 이용한 안드로이드 악성코드 분석을 위한 API 추출 기법 설계 및 구현에 관한 연구)

  • Kang, Seongeun;Yoon, Hongsun;Jung, Souhwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.1
    • /
    • pp.105-115
    • /
    • 2019
  • Recently, intelligent Android malicious codes have become difficult to detect malicious behavior by static analysis alone. Malicious code with SO file, dynamic loading, and string obfuscation are difficult to extract information about original code even with various tools for static analysis. There are many dynamic analysis methods to solve this problem, but dynamic analysis requires rooting or emulator environment. However, in the case of dynamic analysis, malicious code performs the rooting and the emulator detection to bypass the analysis environment. To solve this problem, this paper investigates a variety of root detection schemes and builds an environment for bypassing the rooting detection in real devices. In addition, SDK code hooking module for Android malicious code analysis is designed using Xposed, and intent tracking for code flow, dynamic loading file information, and various API information extraction are implemented. This work will contribute to the analysis of obfuscated information and behavior of Android Malware.

A Detecting Method of Polymorphic Virus Using Advanced Virtual Emulator (개선된 가상 에뮬레이터를 이용한 다형성 바이러스 탐지 방법)

  • Kim, Du-Hyeon;Baek, Dong-Hyeon;Kim, Pan-Gu
    • The KIPS Transactions:PartC
    • /
    • v.9C no.2
    • /
    • pp.149-156
    • /
    • 2002
  • Current vaccine program which scans virus code patterns has a difficult to detect the encrypted viruses or polymorphic viruses. The decryption part of polymorphic virus appears to be different every time it replicates. We must monitor the behavior of the decryption code which decrypts the body of the virus in order to detect these kinds of viruses. Specialty, it is not easy for the existing methods to detect the virus if the virus writer has modified the loop count of execution intentionally. In this paper, we propose an advanced emulator using a new algorithm so as to detect various kinds of polymorphic viruses. As a result of experiment using advanced emulator, we found that our proposed method has improved the virus detecting rate about 2%. In addition, our proposed system has a merit that it runs on not only MS-Windows but also Linux, and Unix-like Platform.

A Study on android emulator detection for mobile game security (모바일 게임 보안을 위한 안드로이드 에뮬레이터 탐지방법에 관한 연구)

  • Yoon, Jongseong;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.5
    • /
    • pp.1067-1075
    • /
    • 2015
  • With the recent increase of the number of mobile game users, the side effects such as the manipulation of game points, levels and game speed and payment fraud are emerging. Especially, the emulators which make it possible for mobile applications to run on PC is a great threat to mobile game security since debugging specific game application or automating the game playing can be done easier with them. Therefore, we research the efficient ways to detect widely used Android Emulators such as BlueStacks, GenyMotion, Andy, YouWave and ARC Welder from the perspective of client(app), game server and network to reduce threat to mobile game security.