logo

One Step Ahead of Cheaters -- Instrumenting Android Emulators

Conference:  Defcon 26

2018-08-01

Summary

The presentation discusses a native hooking framework for Android emulators to prevent cheating in mobile games.
  • Commercial Android emulators are popular and often shipped with root permission, making them vulnerable to cheating tools.
  • Cheating on emulators is often done through touch simulation, which requires root privilege or shell access.
  • A native hooking framework can be used to prevent cheating on mixed-mode emulators.
  • The presentation includes a demo of using the hooking framework to cheat a game on an emulator.
  • The future of mobile game cheating may be impacted by the development of such frameworks.
The presenter demonstrates a demo of using the hooking framework to cheat a game on an emulator, showing how the dark market of mobile game cheating may develop in the future.

Abstract

Commercial Android emulators such as NOX, BlueStacks and Leidian are very popular at the moment and most games can run on these emulators fast and soundly. The bad news for game vendors is that these emulators are usually shipped with root permission in the first place. On the other hand, cheating tools developers are happy because they can easily distribute their tools to abusers without requiring the abusers to have a physical rooted device, nor do they need to perform laborious tuning for different Android OS / firmware version. However, luckily for game vendors, commercial Android emulators usually use an x86/ARM mixed-mode emulation for speed-up. As a result, a standard native hooking/DBI framework won't work on this kind of platform. This drawback could discourage the cheating developers. In this talk, I will introduce a native hooking framework on such a kind of mixed-mode emulators. The talk will include the process start routine of both command-line applications and Android JNI applications as well as how these routines differ on an emulator. The different emulation strategies adopted by different emulators and runtime environments (Dalvik/ART) will also be discussed. Based on these knowledge, I will explain why the existing hooking/DBI frameworks do not work on these emulators and how to make one that works. Lastly, I will present a demo of using this hooking framework to cheat a game on emulator. With this demo, I will discuss how the dark market of mobile game cheating may develop in the foreseeable future.

Materials:

Tags:

Post a comment