├── .gitignore
├── AntiEmulator
    ├── AndroidManifest.xml
    ├── AntiEmulator.iml
    ├── build.gradle
    ├── ic_launcher-web.png
    ├── jni
    │   ├── Android.mk
    │   ├── Application.mk
    │   └── anti.c
    ├── libs
    │   └── android-support-v4.jar
    ├── proguard-project.txt
    ├── project.properties
    ├── res
    │   ├── drawable-hdpi
    │   │   └── ic_launcher.png
    │   ├── drawable-mdpi
    │   │   └── ic_launcher.png
    │   ├── drawable-xhdpi
    │   │   └── ic_launcher.png
    │   ├── drawable-xxhdpi
    │   │   └── ic_launcher.png
    │   ├── layout
    │   │   └── activity_main.xml
    │   ├── menu
    │   │   └── main.xml
    │   ├── values-sw600dp
    │   │   └── dimens.xml
    │   ├── values-sw720dp-land
    │   │   └── dimens.xml
    │   └── values
    │   │   ├── dimens.xml
    │   │   ├── strings.xml
    │   │   └── styles.xml
    └── src
    │   └── diff
    │       └── strazzere
    │           └── anti
    │               ├── MainActivity.java
    │               ├── common
    │                   ├── Property.java
    │                   └── Utilities.java
    │               ├── debugger
    │                   └── FindDebugger.java
    │               ├── emulator
    │                   └── FindEmulator.java
    │               ├── monkey
    │                   └── FindMonkey.java
    │               └── taint
    │                   └── FindTaint.java
├── LICENSE.txt
├── README.md
├── build.gradle
├── gradle
    └── wrapper
    │   ├── gradle-wrapper.jar
    │   └── gradle-wrapper.properties
├── gradlew
├── gradlew.bat
├── settings.gradle
└── slides
    └── Dex Education 201 - Anti-Emulation.pdf


/.gitignore:
--------------------------------------------------------------------------------
 1 | # built application files
 2 | *.apk
 3 | *.ap_
 4 | 
 5 | # files for the dex VM
 6 | *.dex
 7 | 
 8 | # Java class files
 9 | *.class
10 | 
11 | # generated files
12 | libs/
13 | obj/
14 | bin/
15 | gen/
16 | build/
17 | .gradle/
18 | 
19 | # Local configuration file (sdk path, etc)
20 | local.properties
21 | 
22 | # Eclipse project files
23 | .classpath
24 | .project
25 | 
26 | .idea/
27 | *.iml


--------------------------------------------------------------------------------
/AntiEmulator/AndroidManifest.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <manifest xmlns:android="http://schemas.android.com/apk/res/android"
 3 |     xmlns:tools="http://schemas.android.com/tools"
 4 |     package="diff.strazzere.anti">
 5 | 
 6 |     <uses-sdk android:targetSdkVersion="23"/>
 7 |     
 8 |     <uses-permission android:name="android.permission.READ_PHONE_STATE" />
 9 |     <uses-permission android:name="android.permission.READ_PRIVILEGED_PHONE_STATE" tools:ignore="ProtectedPermissions"/>
10 | 
11 |     <application
12 |         android:allowBackup="false"
13 |         android:icon="@drawable/ic_launcher"
14 | 
15 |         android:label="@string/app_name"
16 |         android:theme="@style/AppTheme">
17 |         <activity
18 |             android:name="diff.strazzere.anti.MainActivity"
19 |             android:label="@string/app_name">
20 |             <intent-filter>
21 |                 <action android:name="android.intent.action.MAIN" />
22 | 
23 |                 <category android:name="android.intent.category.LAUNCHER" />
24 |             </intent-filter>
25 |         </activity>
26 |     </application>
27 | 
28 | </manifest>
29 | 


--------------------------------------------------------------------------------
/AntiEmulator/AntiEmulator.iml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <module external.linked.project.id=":AntiEmulator" external.linked.project.path="$MODULE_DIR$" external.root.project.path="$MODULE_DIR$/.." external.system.id="GRADLE" type="JAVA_MODULE" version="4">
 3 |   <component name="FacetManager">
 4 |     <facet type="android-gradle" name="Android-Gradle">
 5 |       <configuration>
 6 |         <option name="GRADLE_PROJECT_PATH" value=":AntiEmulator" />
 7 |         <option name="LAST_SUCCESSFUL_SYNC_AGP_VERSION" value="3.5.0" />
 8 |         <option name="LAST_KNOWN_AGP_VERSION" value="3.5.0" />
 9 |       </configuration>
10 |     </facet>
11 |     <facet type="android" name="Android">
12 |       <configuration>
13 |         <option name="SELECTED_BUILD_VARIANT" value="debug" />
14 |         <option name="ASSEMBLE_TASK_NAME" value="assembleDebug" />
15 |         <option name="COMPILE_JAVA_TASK_NAME" value="compileDebugSources" />
16 |         <afterSyncTasks>
17 |           <task>generateDebugSources</task>
18 |         </afterSyncTasks>
19 |         <option name="ALLOW_USER_CONFIGURATION" value="false" />
20 |         <option name="RES_FOLDERS_RELATIVE_PATH" value="file://$MODULE_DIR$/res;file://$MODULE_DIR$/build/generated/res/rs/debug;file://$MODULE_DIR$/build/generated/res/resValues/debug" />
21 |         <option name="TEST_RES_FOLDERS_RELATIVE_PATH" value="" />
22 |       </configuration>
23 |     </facet>
24 |   </component>
25 |   <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_7">
26 |     <output url="file://$MODULE_DIR$/build/intermediates/javac/debug/classes" />
27 |     <output-test url="file://$MODULE_DIR$/build/intermediates/javac/debugUnitTest/classes" />
28 |     <exclude-output />
29 |     <content url="file://$MODULE_DIR$">
30 |       <sourceFolder url="file://$MODULE_DIR$/build/generated/ap_generated_sources/debug/out" isTestSource="false" generated="true" />
31 |       <sourceFolder url="file://$MODULE_DIR$/build/generated/aidl_source_output_dir/debug/compileDebugAidl/out" isTestSource="false" generated="true" />
32 |       <sourceFolder url="file://$MODULE_DIR$/build/generated/source/buildConfig/debug" isTestSource="false" generated="true" />
33 |       <sourceFolder url="file://$MODULE_DIR$/build/generated/renderscript_source_output_dir/debug/compileDebugRenderscript/out" isTestSource="false" generated="true" />
34 |       <sourceFolder url="file://$MODULE_DIR$/build/generated/res/rs/debug" type="java-resource" generated="true" />
35 |       <sourceFolder url="file://$MODULE_DIR$/build/generated/res/resValues/debug" type="java-resource" generated="true" />
36 |       <sourceFolder url="file://$MODULE_DIR$/build/generated/ap_generated_sources/debugAndroidTest/out" isTestSource="true" generated="true" />
37 |       <sourceFolder url="file://$MODULE_DIR$/build/generated/aidl_source_output_dir/debugAndroidTest/compileDebugAndroidTestAidl/out" isTestSource="true" generated="true" />
38 |       <sourceFolder url="file://$MODULE_DIR$/build/generated/source/buildConfig/androidTest/debug" isTestSource="true" generated="true" />
39 |       <sourceFolder url="file://$MODULE_DIR$/build/generated/renderscript_source_output_dir/debugAndroidTest/compileDebugAndroidTestRenderscript/out" isTestSource="true" generated="true" />
40 |       <sourceFolder url="file://$MODULE_DIR$/build/generated/res/rs/androidTest/debug" type="java-test-resource" generated="true" />
41 |       <sourceFolder url="file://$MODULE_DIR$/build/generated/res/resValues/androidTest/debug" type="java-test-resource" generated="true" />
42 |       <sourceFolder url="file://$MODULE_DIR$/build/generated/ap_generated_sources/debugUnitTest/out" isTestSource="true" generated="true" />
43 |       <sourceFolder url="file://$MODULE_DIR$/build-types/debug/res" type="java-resource" />
44 |       <sourceFolder url="file://$MODULE_DIR$/build-types/debug/resources" type="java-resource" />
45 |       <sourceFolder url="file://$MODULE_DIR$/build-types/debug/assets" type="java-resource" />
46 |       <sourceFolder url="file://$MODULE_DIR$/build-types/debug/aidl" isTestSource="false" />
47 |       <sourceFolder url="file://$MODULE_DIR$/build-types/debug/java" isTestSource="false" />
48 |       <sourceFolder url="file://$MODULE_DIR$/build-types/debug/rs" isTestSource="false" />
49 |       <sourceFolder url="file://$MODULE_DIR$/build-types/debug/shaders" isTestSource="false" />
50 |       <sourceFolder url="file://$MODULE_DIR$/src/androidTestDebug/res" type="java-test-resource" />
51 |       <sourceFolder url="file://$MODULE_DIR$/src/androidTestDebug/resources" type="java-test-resource" />
52 |       <sourceFolder url="file://$MODULE_DIR$/src/androidTestDebug/assets" type="java-test-resource" />
53 |       <sourceFolder url="file://$MODULE_DIR$/src/androidTestDebug/aidl" isTestSource="true" />
54 |       <sourceFolder url="file://$MODULE_DIR$/src/androidTestDebug/java" isTestSource="true" />
55 |       <sourceFolder url="file://$MODULE_DIR$/src/androidTestDebug/rs" isTestSource="true" />
56 |       <sourceFolder url="file://$MODULE_DIR$/src/androidTestDebug/shaders" isTestSource="true" />
57 |       <sourceFolder url="file://$MODULE_DIR$/src/testDebug/res" type="java-test-resource" />
58 |       <sourceFolder url="file://$MODULE_DIR$/src/testDebug/resources" type="java-test-resource" />
59 |       <sourceFolder url="file://$MODULE_DIR$/src/testDebug/assets" type="java-test-resource" />
60 |       <sourceFolder url="file://$MODULE_DIR$/src/testDebug/aidl" isTestSource="true" />
61 |       <sourceFolder url="file://$MODULE_DIR$/src/testDebug/java" isTestSource="true" />
62 |       <sourceFolder url="file://$MODULE_DIR$/src/testDebug/rs" isTestSource="true" />
63 |       <sourceFolder url="file://$MODULE_DIR$/src/testDebug/shaders" isTestSource="true" />
64 |       <sourceFolder url="file://$MODULE_DIR$/res" type="java-resource" />
65 |       <sourceFolder url="file://$MODULE_DIR$/src" type="java-resource" />
66 |       <sourceFolder url="file://$MODULE_DIR$/assets" type="java-resource" />
67 |       <sourceFolder url="file://$MODULE_DIR$/src" isTestSource="false" />
68 |       <sourceFolder url="file://$MODULE_DIR$/src/main/shaders" isTestSource="false" />
69 |       <sourceFolder url="file://$MODULE_DIR$/src/androidTest/res" type="java-test-resource" />
70 |       <sourceFolder url="file://$MODULE_DIR$/src/androidTest/resources" type="java-test-resource" />
71 |       <sourceFolder url="file://$MODULE_DIR$/src/androidTest/assets" type="java-test-resource" />
72 |       <sourceFolder url="file://$MODULE_DIR$/src/androidTest/aidl" isTestSource="true" />
73 |       <sourceFolder url="file://$MODULE_DIR$/src/androidTest/java" isTestSource="true" />
74 |       <sourceFolder url="file://$MODULE_DIR$/src/androidTest/rs" isTestSource="true" />
75 |       <sourceFolder url="file://$MODULE_DIR$/src/androidTest/shaders" isTestSource="true" />
76 |       <sourceFolder url="file://$MODULE_DIR$/src/test/res" type="java-test-resource" />
77 |       <sourceFolder url="file://$MODULE_DIR$/src/test/resources" type="java-test-resource" />
78 |       <sourceFolder url="file://$MODULE_DIR$/src/test/assets" type="java-test-resource" />
79 |       <sourceFolder url="file://$MODULE_DIR$/src/test/aidl" isTestSource="true" />
80 |       <sourceFolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
81 |       <sourceFolder url="file://$MODULE_DIR$/src/test/rs" isTestSource="true" />
82 |       <sourceFolder url="file://$MODULE_DIR$/src/test/shaders" isTestSource="true" />
83 |       <excludeFolder url="file://$MODULE_DIR$/build" />
84 |     </content>
85 |     <orderEntry type="jdk" jdkName="Android API 29 Platform" jdkType="Android SDK" />
86 |     <orderEntry type="sourceFolder" forTests="false" />
87 |     <orderEntry type="library" name="Gradle: __local_aars__:/home/diff/repo/android/anti-emulator/AntiEmulator/libs/android-support-v4.jar:unspecified@jar" level="project" />
88 |   </component>
89 | </module>


--------------------------------------------------------------------------------
/AntiEmulator/build.gradle:
--------------------------------------------------------------------------------
 1 | apply plugin: 'com.android.application'
 2 | 
 3 | android {
 4 |     compileSdkVersion 'android-29'
 5 |     buildToolsVersion '29.0.3'
 6 | 
 7 | 
 8 |     defaultConfig {
 9 |         applicationId "diff.strazzere.anti"
10 |         minSdkVersion 21
11 |         targetSdkVersion 29
12 |         versionCode 1
13 |         versionName "1.0"
14 |     }
15 | 
16 |     sourceSets {
17 |         main {
18 |             manifest.srcFile 'AndroidManifest.xml'
19 |             java.srcDirs = ['src']
20 |             resources.srcDirs = ['src']
21 |             aidl.srcDirs = ['src']
22 |             renderscript.srcDirs = ['src']
23 |             res.srcDirs = ['res']
24 |             assets.srcDirs = ['assets']
25 |             jniLibs.srcDirs = ['libs']
26 |         }
27 | 
28 |         debug.setRoot('build-types/debug')
29 |         release.setRoot('build-types/release')
30 |     }
31 | 
32 | 
33 |     buildTypes {
34 |         release {
35 |             minifyEnabled false
36 |             proguardFile getDefaultProguardFile('proguard-android.txt')
37 |         }
38 |     }
39 | 
40 | }
41 | 
42 | dependencies {
43 |     implementation fileTree(dir: 'libs', include: ['*.jar'])
44 | }
45 | 
46 | task ndkBuild(type: Exec, description: "Task to run ndk-build") {
47 |     def ndkDir = android.ndkDirectory.getAbsolutePath()
48 |     commandLine ndkDir + "/ndk-build"
49 | }
50 | 
51 | tasks.withType(JavaCompile) { compileTask -> compileTask.dependsOn ndkBuild }
52 | 
53 | task cleanNative(type: Exec, description: "Task to run ndk-build clean") {
54 |     def ndkDir = android.ndkDirectory.getAbsolutePath()
55 |     commandLine ndkDir + '/ndk-build', 'clean'
56 | }
57 | 
58 | clean.dependsOn 'cleanNative'


--------------------------------------------------------------------------------
/AntiEmulator/ic_launcher-web.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strazzere/anti-emulator/cfdfa432149ea1892aeee44adab7c88a46edafca/AntiEmulator/ic_launcher-web.png


--------------------------------------------------------------------------------
/AntiEmulator/jni/Android.mk:
--------------------------------------------------------------------------------
1 | LOCAL_PATH := $(call my-dir)
2 | 
3 | include $(CLEAR_VARS)
4 | 
5 | LOCAL_MODULE    := anti
6 | LOCAL_SRC_FILES := anti.c
7 | 
8 | include $(BUILD_SHARED_LIBRARY)


--------------------------------------------------------------------------------
/AntiEmulator/jni/Application.mk:
--------------------------------------------------------------------------------
 1 | LOCAL_PATH := $(call my-dir)
 2 | 
 3 | include $(CLEAR_VARS)
 4 | 
 5 | APP_ABI := armeabi-v7a arm64-v8a
 6 | 
 7 | APP_PLATFORM := android-21
 8 | 
 9 | include $(BUILD_SHARED_LIBRARY)
10 | 


--------------------------------------------------------------------------------
/AntiEmulator/jni/anti.c:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Fun with qemu arm issues
 3 |  *
 4 |  * <diff@protonmail.com>
 5 |  */
 6 | 
 7 | #include <stdlib.h> // avoid exit warning
 8 | #include <signal.h> // sigtrap stuff, duh
 9 | #include <sys/wait.h> // for waitpid
10 | #include <unistd.h> // fork() / sleep()
11 | #include <jni.h>
12 | 
13 | void handler_sigtrap(int signo) {
14 |   exit(-1);
15 | }
16 | 
17 | void handler_sigbus(int signo) {
18 |   exit(-1);
19 | }
20 | 
21 | void setupSigTrap() {
22 |   // BKPT throws SIGTRAP on nexus 5 / oneplus one (and most devices)
23 |   signal(SIGTRAP, handler_sigtrap);
24 |   // BKPT throws SIGBUS on nexus 4
25 |   signal(SIGBUS, handler_sigbus);
26 | }
27 | 
28 | // This will cause a SIGSEGV on some QEMU or be properly respected
29 | void tryBKPT() {  
30 |   #if defined(__arm__)
31 |     __asm__ __volatile__ ("bkpt 255");
32 |   #endif
33 | }
34 | 
35 | jint Java_diff_strazzere_anti_emulator_FindEmulator_qemuBkpt(JNIEnv* env, jobject jObject) {
36 |   
37 |   pid_t child = fork();
38 |   int child_status, status = 0;
39 |   
40 |   if(child == 0) {
41 |     setupSigTrap();
42 |     tryBKPT();
43 |   } else if(child == -1) {
44 |     status = -1;
45 |   } else {
46 | 
47 |     int timeout = 0;
48 |     int i = 0;
49 |     while ( waitpid(child, &child_status, WNOHANG) == 0 ) {
50 |       sleep(1);
51 |       // Time could be adjusted here, though in my experience if the child has not returned instantly
52 |       // then something has gone wrong and it is an emulated device
53 |       if(i++ == 1) {
54 | 	timeout = 1;
55 | 	break;
56 |       }
57 |     }
58 | 
59 |     if(timeout == 1) {
60 |       // Process timed out - likely an emulated device and child is frozen
61 |       status = 1;
62 |     }
63 | 
64 |     if ( WIFEXITED(child_status) ) {
65 |       // Likely a real device
66 |       status = 0;
67 |     } else {
68 |       // Didn't exit properly - very likely an emulator
69 |       status = 2;
70 |     }
71 | 
72 |     // Ensure child is dead
73 |     kill(child, SIGKILL);
74 |   }
75 | 
76 |   return status;
77 | }
78 | 
79 | 


--------------------------------------------------------------------------------
/AntiEmulator/libs/android-support-v4.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strazzere/anti-emulator/cfdfa432149ea1892aeee44adab7c88a46edafca/AntiEmulator/libs/android-support-v4.jar


--------------------------------------------------------------------------------
/AntiEmulator/proguard-project.txt:
--------------------------------------------------------------------------------
 1 | # To enable ProGuard in your project, edit project.properties
 2 | # to define the proguard.config property as described in that file.
 3 | #
 4 | # Add project specific ProGuard rules here.
 5 | # By default, the flags in this file are appended to flags specified
 6 | # in ${sdk.dir}/tools/proguard/proguard-android.txt
 7 | # You can edit the include path and order by changing the ProGuard
 8 | # include property in project.properties.
 9 | #
10 | # For more details, see
11 | #   http://developer.android.com/guide/developing/tools/proguard.html
12 | 
13 | # Add any project specific keep options here:
14 | 
15 | # If your project uses WebView with JS, uncomment the following
16 | # and specify the fully qualified class name to the JavaScript interface
17 | # class:
18 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview {
19 | #   public *;
20 | #}
21 | 


--------------------------------------------------------------------------------
/AntiEmulator/project.properties:
--------------------------------------------------------------------------------
 1 | # This file is automatically generated by Android Tools.
 2 | # Do not modify this file -- YOUR CHANGES WILL BE ERASED!
 3 | #
 4 | # This file must be checked in Version Control Systems.
 5 | #
 6 | # To customize properties used by the Ant build system edit
 7 | # "ant.properties", and override values to adapt the script to your
 8 | # project structure.
 9 | #
10 | # To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home):
11 | #proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
12 | 
13 | # Project target.
14 | target=android-17
15 | 


--------------------------------------------------------------------------------
/AntiEmulator/res/drawable-hdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strazzere/anti-emulator/cfdfa432149ea1892aeee44adab7c88a46edafca/AntiEmulator/res/drawable-hdpi/ic_launcher.png


--------------------------------------------------------------------------------
/AntiEmulator/res/drawable-mdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strazzere/anti-emulator/cfdfa432149ea1892aeee44adab7c88a46edafca/AntiEmulator/res/drawable-mdpi/ic_launcher.png


--------------------------------------------------------------------------------
/AntiEmulator/res/drawable-xhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strazzere/anti-emulator/cfdfa432149ea1892aeee44adab7c88a46edafca/AntiEmulator/res/drawable-xhdpi/ic_launcher.png


--------------------------------------------------------------------------------
/AntiEmulator/res/drawable-xxhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strazzere/anti-emulator/cfdfa432149ea1892aeee44adab7c88a46edafca/AntiEmulator/res/drawable-xxhdpi/ic_launcher.png


--------------------------------------------------------------------------------
/AntiEmulator/res/layout/activity_main.xml:
--------------------------------------------------------------------------------
 1 | <RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
 2 |     xmlns:tools="http://schemas.android.com/tools"
 3 |     android:layout_width="match_parent"
 4 |     android:layout_height="match_parent"
 5 |     android:paddingBottom="@dimen/activity_vertical_margin"
 6 |     android:paddingLeft="@dimen/activity_horizontal_margin"
 7 |     android:paddingRight="@dimen/activity_horizontal_margin"
 8 |     android:paddingTop="@dimen/activity_vertical_margin"
 9 |     tools:context=".MainActivity" >
10 | 
11 |     <TextView
12 |         android:layout_width="wrap_content"
13 |         android:layout_height="wrap_content"
14 |         android:text="@string/hello_world" />
15 | 
16 | </RelativeLayout>


--------------------------------------------------------------------------------
/AntiEmulator/res/menu/main.xml:
--------------------------------------------------------------------------------
1 | <menu xmlns:android="http://schemas.android.com/apk/res/android" >
2 | 
3 |     <item
4 |         android:id="@+id/action_settings"
5 |         android:orderInCategory="100"
6 |         android:showAsAction="never"
7 |         android:title="@string/action_settings"/>
8 | 
9 | </menu>


--------------------------------------------------------------------------------
/AntiEmulator/res/values-sw600dp/dimens.xml:
--------------------------------------------------------------------------------
1 | <resources>
2 | 
3 |     <!--
4 |          Customize dimensions originally defined in res/values/dimens.xml (such as
5 |          screen margins) for sw600dp devices (e.g. 7" tablets) here.
6 |     -->
7 | 
8 | </resources>


--------------------------------------------------------------------------------
/AntiEmulator/res/values-sw720dp-land/dimens.xml:
--------------------------------------------------------------------------------
1 | <resources>
2 | 
3 |     <!--
4 |          Customize dimensions originally defined in res/values/dimens.xml (such as
5 |          screen margins) for sw720dp devices (e.g. 10" tablets) in landscape here.
6 |     -->
7 |     <dimen name="activity_horizontal_margin">128dp</dimen>
8 | 
9 | </resources>


--------------------------------------------------------------------------------
/AntiEmulator/res/values/dimens.xml:
--------------------------------------------------------------------------------
1 | <resources>
2 | 
3 |     <!-- Default screen margins, per the Android Design guidelines. -->
4 |     <dimen name="activity_horizontal_margin">16dp</dimen>
5 |     <dimen name="activity_vertical_margin">16dp</dimen>
6 | 
7 | </resources>


--------------------------------------------------------------------------------
/AntiEmulator/res/values/strings.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <resources>
3 | 
4 |     <string name="app_name">AntiEmulator</string>
5 |     <string name="action_settings">Settings</string>
6 |     <string name="hello_world">Hello world!</string>
7 | 
8 | </resources>


--------------------------------------------------------------------------------
/AntiEmulator/res/values/styles.xml:
--------------------------------------------------------------------------------
 1 | <resources>
 2 | 
 3 |     <!--
 4 |         Base application theme, dependent on API level. This theme is replaced
 5 |         by AppBaseTheme from res/values-vXX/styles.xml on newer devices.
 6 |     -->
 7 |     <style name="AppBaseTheme" parent="android:Theme.Light">
 8 |         <!--
 9 |             Theme customizations available in newer API levels can go in
10 |             res/values-vXX/styles.xml, while customizations related to
11 |             backward-compatibility can go here.
12 |         -->
13 |     </style>
14 | 
15 |     <!-- Application theme. -->
16 |     <style name="AppTheme" parent="AppBaseTheme">
17 |         <!-- All customizations that are NOT specific to a particular API-level can go here. -->
18 |     </style>
19 | 
20 | </resources>


--------------------------------------------------------------------------------
/AntiEmulator/src/diff/strazzere/anti/MainActivity.java:
--------------------------------------------------------------------------------
  1 | package diff.strazzere.anti;
  2 | 
  3 | import android.app.Activity;
  4 | import android.os.Build;
  5 | import android.os.Bundle;
  6 | import android.util.Log;
  7 | import android.view.Menu;
  8 | import diff.strazzere.anti.debugger.FindDebugger;
  9 | import diff.strazzere.anti.emulator.FindEmulator;
 10 | import diff.strazzere.anti.monkey.FindMonkey;
 11 | import diff.strazzere.anti.taint.FindTaint;
 12 | 
 13 | public class MainActivity extends Activity {
 14 | 
 15 |     @Override
 16 |     protected void onCreate(Bundle savedInstanceState) {
 17 |         super.onCreate(savedInstanceState);
 18 |         setContentView(R.layout.activity_main);
 19 | 
 20 |         new Thread() {
 21 |             @Override
 22 |             public void run() {
 23 |                 super.run();
 24 |                 isTaintTrackingDetected();
 25 | 
 26 |                 isMonkeyDetected();
 27 | 
 28 |                 isDebugged();
 29 | 
 30 |                 isQEmuEnvDetected();
 31 | 
 32 |             }
 33 |         }.start();
 34 |     }
 35 | 
 36 |     @Override
 37 |     public boolean onCreateOptionsMenu(Menu menu) {
 38 |         // Inflate the menu; this adds items to the action bar if it is present.
 39 |         getMenuInflater().inflate(R.menu.main, menu);
 40 |         return true;
 41 |     }
 42 | 
 43 |     public boolean isQEmuEnvDetected() {
 44 |         log("Checking for QEmu env...");
 45 |         log("hasKnownDeviceId : " + FindEmulator.hasKnownDeviceId(getApplicationContext()));
 46 |         log("hasKnownPhoneNumber : " + FindEmulator.hasKnownPhoneNumber(getApplicationContext()));
 47 |         log("isOperatorNameAndroid : " + FindEmulator.isOperatorNameAndroid(getApplicationContext()));
 48 |         log("hasKnownImsi : " + FindEmulator.hasKnownImsi(getApplicationContext()));
 49 |         log("hasEmulatorBuild : " + FindEmulator.hasEmulatorBuild(getApplicationContext()));
 50 |         log("hasPipes : " + FindEmulator.hasPipes());
 51 |         log("hasQEmuDriver : " + FindEmulator.hasQEmuDrivers());
 52 |         log("hasQEmuFiles : " + FindEmulator.hasQEmuFiles());
 53 |         log("hasGenyFiles : " + FindEmulator.hasGenyFiles());
 54 |         log("hasEmulatorAdb :" + FindEmulator.hasEmulatorAdb());
 55 |         for(String abi : Build.SUPPORTED_ABIS) {
 56 |             if (abi.equalsIgnoreCase("armeabi-v7a")) {
 57 |                 log("hitsQemuBreakpoint : " + FindEmulator.checkQemuBreakpoint());
 58 |             }
 59 |         }
 60 |         if (FindEmulator.hasKnownDeviceId(getApplicationContext())
 61 |                         || FindEmulator.hasKnownImsi(getApplicationContext())
 62 |                         || FindEmulator.hasEmulatorBuild(getApplicationContext())
 63 |                         || FindEmulator.hasKnownPhoneNumber(getApplicationContext()) || FindEmulator.hasPipes()
 64 |                         || FindEmulator.hasQEmuDrivers() || FindEmulator.hasEmulatorAdb()
 65 |                         || FindEmulator.hasQEmuFiles()
 66 |                         || FindEmulator.hasGenyFiles()) {
 67 |             log("QEmu environment detected.");
 68 |             return true;
 69 |         } else {
 70 |             log("QEmu environment not detected.");
 71 |             return false;
 72 |         }
 73 |     }
 74 | 
 75 |     public boolean isTaintTrackingDetected() {
 76 |         log("Checking for Taint tracking...");
 77 |         log("hasAppAnalysisPackage : " + FindTaint.hasAppAnalysisPackage(getApplicationContext()));
 78 |         log("hasTaintClass : " + FindTaint.hasTaintClass());
 79 |         log("hasTaintMemberVariables : " + FindTaint.hasTaintMemberVariables());
 80 |         if (FindTaint.hasAppAnalysisPackage(getApplicationContext()) || FindTaint.hasTaintClass()
 81 |                         || FindTaint.hasTaintMemberVariables()) {
 82 |             log("Taint tracking was detected.");
 83 |             return true;
 84 |         } else {
 85 |             log("Taint tracking was not detected.");
 86 |             return false;
 87 |         }
 88 |     }
 89 | 
 90 |     public boolean isMonkeyDetected() {
 91 |         log("Checking for Monkey user...");
 92 |         log("isUserAMonkey : " + FindMonkey.isUserAMonkey());
 93 | 
 94 |         if (FindMonkey.isUserAMonkey()) {
 95 |             log("Monkey user was detected.");
 96 |             return true;
 97 |         } else {
 98 |             log("Monkey user was not detected.");
 99 |             return false;
100 |         }
101 |     }
102 | 
103 |     public boolean isDebugged() {
104 |         log("Checking for debuggers...");
105 | 
106 |         boolean tracer = false;
107 |         try {
108 |             tracer = FindDebugger.hasTracerPid();
109 |         } catch (Exception exception) {
110 |             exception.printStackTrace();
111 |         }
112 | 
113 |         if (FindDebugger.isBeingDebugged() || tracer) {
114 |             log("Debugger was detected");
115 |             return true;
116 |         } else {
117 |             log("No debugger was detected.");
118 |             return false;
119 |         }
120 |     }
121 | 
122 |     public void log(String msg) {
123 |         Log.v("AntiEmulator", msg);
124 |     }
125 | }
126 | 


--------------------------------------------------------------------------------
/AntiEmulator/src/diff/strazzere/anti/common/Property.java:
--------------------------------------------------------------------------------
 1 | package diff.strazzere.anti.common;
 2 | 
 3 | /**
 4 |  * Simple class used for the systems properties
 5 |  * checked in later places of the application.
 6 |  * 
 7 |  * @author tstrazzere
 8 |  */
 9 | public class Property {
10 | 	public String name;
11 | 	public String seek_value;
12 | 	
13 | 	public Property(String name, String seek_value) {
14 | 		this.name = name;
15 | 		this.seek_value = seek_value;
16 | 	}
17 | }
18 | 


--------------------------------------------------------------------------------
/AntiEmulator/src/diff/strazzere/anti/common/Utilities.java:
--------------------------------------------------------------------------------
 1 | package diff.strazzere.anti.common;
 2 | 
 3 | import java.lang.reflect.Method;
 4 | 
 5 | import android.content.Context;
 6 | import android.content.pm.PackageManager;
 7 | 
 8 | /**
 9 |  * Common functions used for detection of system fingerprints.
10 |  * 
11 |  * @author tstrazzere
12 |  */
13 | public class Utilities {
14 | 
15 |     /**
16 |      * Method to reflectively invoke the SystemProperties.get command - which is the equivalent to the adb shell getProp
17 |      * command.
18 |      * 
19 |      * @param context
20 |      *            A {@link Context} object used to get the proper ClassLoader (just needs to be Application Context
21 |      *            object)
22 |      * @param property
23 |      *            A {@code String} object for the property to retrieve.
24 |      * @return {@code String} value of the property requested.
25 |      */
26 |     public static String getProp(Context context, String property) {
27 |         try {
28 |             ClassLoader classLoader = context.getClassLoader();
29 |             Class<?> systemProperties = classLoader.loadClass("android.os.SystemProperties");
30 | 
31 |             Method get = systemProperties.getMethod("get", String.class);
32 | 
33 |             Object[] params = new Object[1];
34 |             params[0] = new String(property);
35 | 
36 |             return (String) get.invoke(systemProperties, params);
37 |         } catch (IllegalArgumentException iAE) {
38 |             throw iAE;
39 |         } catch (Exception exception) {
40 |             throw null;
41 |         }
42 |     }
43 | 
44 |     public static boolean hasPackageNameInstalled(Context context, String packageName) {
45 |         PackageManager packageManager = context.getPackageManager();
46 | 
47 |         // In theory, if the package installer does not throw an exception, package exists
48 |         try {
49 |             packageManager.getInstallerPackageName(packageName);
50 |             return true;
51 |         } catch (IllegalArgumentException exception) {
52 |             return false;
53 |         }
54 |     }
55 | }
56 | 


--------------------------------------------------------------------------------
/AntiEmulator/src/diff/strazzere/anti/debugger/FindDebugger.java:
--------------------------------------------------------------------------------
  1 | package diff.strazzere.anti.debugger;
  2 | 
  3 | import java.io.BufferedReader;
  4 | import java.io.FileInputStream;
  5 | import java.io.IOException;
  6 | import java.io.InputStreamReader;
  7 | import java.util.ArrayList;
  8 | 
  9 | import android.os.Debug;
 10 | 
 11 | /**
 12 |  * Class used to determine functionality specific to the Android debuggers
 13 |  * 
 14 |  * @author tstrazzere
 15 |  */
 16 | public class FindDebugger {
 17 | 
 18 |     private static String tracerpid = "TracerPid";
 19 | 
 20 |     /**
 21 |      * Believe it or not, there are packers that use this...
 22 |      */
 23 |     public static boolean isBeingDebugged() {
 24 |         return Debug.isDebuggerConnected();
 25 |     }
 26 | 
 27 |     /**
 28 |      * This is used by Alibaba to detect someone ptracing the application.
 29 |      * 
 30 |      * Easy to circumvent, the usage ITW was a native thread constantly doing this every three seconds - and would cause
 31 |      * the application to crash if it was detected.
 32 |      * 
 33 |      * @return
 34 |      * @throws IOException
 35 |      */
 36 |     public static boolean hasTracerPid() throws IOException {
 37 |         BufferedReader reader = null;
 38 |         try {
 39 |             reader = new BufferedReader(new InputStreamReader(new FileInputStream("/proc/self/status")), 1000);
 40 |             String line;
 41 | 
 42 |             while ((line = reader.readLine()) != null) {
 43 |                 if (line.length() > tracerpid.length()) {
 44 |                     if (line.substring(0, tracerpid.length()).equalsIgnoreCase(tracerpid)) {
 45 |                         if (Integer.decode(line.substring(tracerpid.length() + 1).trim()) > 0) {
 46 |                             return true;
 47 |                         }
 48 |                         break;
 49 |                     }
 50 |                 }
 51 |             }
 52 | 
 53 |         } catch (Exception exception) {
 54 |             exception.printStackTrace();
 55 |         } finally {
 56 |             reader.close();
 57 |         }
 58 |         return false;
 59 |     }
 60 | 
 61 |     /**
 62 |      * This was reversed from a sample someone was submitting to sandboxes for a thesis, can't find paper anymore
 63 |      * 
 64 |      * @throws IOException
 65 |      */
 66 |     public static boolean  hasAdbInEmulator() throws IOException {
 67 |         boolean adbInEmulator = false;
 68 |         BufferedReader reader = null;
 69 |         try {
 70 |             reader = new BufferedReader(new InputStreamReader(new FileInputStream("/proc/net/tcp")), 1000);
 71 |             String line;
 72 |             // Skip column names
 73 |             reader.readLine();
 74 | 
 75 |             ArrayList<tcp> tcpList = new ArrayList<tcp>();
 76 | 
 77 |             while ((line = reader.readLine()) != null) {
 78 |                 tcpList.add(tcp.create(line.split("\\W+")));
 79 |             }
 80 | 
 81 |             reader.close();
 82 | 
 83 |             // Adb is always bounce to 0.0.0.0 - though the port can change
 84 |             // real devices should be != 127.0.0.1
 85 |             int adbPort = -1;
 86 |             for (tcp tcpItem : tcpList) {
 87 |                 if (tcpItem.localIp == 0) {
 88 |                     adbPort = tcpItem.localPort;
 89 |                     break;
 90 |                 }
 91 |             }
 92 | 
 93 |             if (adbPort != -1) {
 94 |                 for (tcp tcpItem : tcpList) {
 95 |                     if ((tcpItem.localIp != 0) && (tcpItem.localPort == adbPort)) {
 96 |                         adbInEmulator = true;
 97 |                     }
 98 |                 }
 99 |             }
100 |         } catch (Exception exception) {
101 |             exception.printStackTrace();
102 |         } finally {
103 |             reader.close();
104 |         }
105 | 
106 |         return adbInEmulator;
107 |     }
108 | 
109 |     public static class tcp {
110 | 
111 |         public int id;
112 |         public long localIp;
113 |         public int localPort;
114 |         public int remoteIp;
115 |         public int remotePort;
116 | 
117 |         static tcp create(String[] params) {
118 |             return new tcp(params[1], params[2], params[3], params[4], params[5], params[6], params[7], params[8],
119 |                             params[9], params[10], params[11], params[12], params[13], params[14]);
120 |         }
121 | 
122 |         public tcp(String id, String localIp, String localPort, String remoteIp, String remotePort, String state,
123 |                         String tx_queue, String rx_queue, String tr, String tm_when, String retrnsmt, String uid,
124 |                         String timeout, String inode) {
125 |             this.id = Integer.parseInt(id, 16);
126 |             this.localIp = Long.parseLong(localIp, 16);
127 |             this.localPort = Integer.parseInt(localPort, 16);
128 |         }
129 |     }
130 | }
131 | 


--------------------------------------------------------------------------------
/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java:
--------------------------------------------------------------------------------
  1 | package diff.strazzere.anti.emulator;
  2 | 
  3 | import android.content.Context;
  4 | import android.os.Build;
  5 | import android.telephony.TelephonyManager;
  6 | import android.util.Log;
  7 | 
  8 | import java.io.File;
  9 | import java.io.FileInputStream;
 10 | import java.io.InputStream;
 11 | 
 12 | import diff.strazzere.anti.common.Property;
 13 | import diff.strazzere.anti.common.Utilities;
 14 | import diff.strazzere.anti.debugger.FindDebugger;
 15 | 
 16 | /**
 17 |  * Class used to determine functionality specific to the Android QEmu.
 18 |  *
 19 |  * @author tstrazzere
 20 |  */
 21 | public class FindEmulator {
 22 | 
 23 |     // Need to check the format of these
 24 |     // Android emulator support up to 16 concurrent emulator
 25 |     // The console of the first emulator instance running on a given
 26 |     // machine uses console port 5554
 27 |     // Subsequent instances use port numbers increasing by two
 28 |     private static String[] known_numbers = {
 29 |             "15555215554", // Default emulator phone numbers + VirusTotal
 30 |             "15555215556", "15555215558", "15555215560", "15555215562", "15555215564", "15555215566",
 31 |             "15555215568", "15555215570", "15555215572", "15555215574", "15555215576", "15555215578",
 32 |             "15555215580", "15555215582", "15555215584",};
 33 |     private static String[] known_device_ids = {"000000000000000", // Default emulator id
 34 |             "e21833235b6eef10", // VirusTotal id
 35 |             "012345678912345"};
 36 |     private static String[] known_imsi_ids = {"310260000000000" // Default imsi id
 37 |     };
 38 |     private static String[] known_pipes = {"/dev/socket/qemud", "/dev/qemu_pipe"};
 39 |     private static String[] known_files = {"/system/lib/libc_malloc_debug_qemu.so", "/sys/qemu_trace",
 40 |             "/system/bin/qemu-props"};
 41 |     private static String[] known_geny_files = {"/dev/socket/genyd", "/dev/socket/baseband_genyd"};
 42 |     private static String[] known_qemu_drivers = {"goldfish"};
 43 |     /**
 44 |      * Known props, in the format of [property name, value to seek] if value to seek is null, then it is assumed that
 45 |      * the existence of this property (anything not null) indicates the QEmu environment.
 46 |      */
 47 |     private static Property[] known_props = {new Property("init.svc.qemud", null),
 48 |             new Property("init.svc.qemu-props", null), new Property("qemu.hw.mainkeys", null),
 49 |             new Property("qemu.sf.fake_camera", null), new Property("qemu.sf.lcd_density", null),
 50 |             new Property("ro.bootloader", "unknown"), new Property("ro.bootmode", "unknown"),
 51 |             new Property("ro.hardware", "goldfish"), new Property("ro.kernel.android.qemud", null),
 52 |             new Property("ro.kernel.qemu.gles", null), new Property("ro.kernel.qemu", "1"),
 53 |             new Property("ro.product.device", "generic"), new Property("ro.product.model", "sdk"),
 54 |             new Property("ro.product.name", "sdk"),
 55 |             // Need to double check that an "empty" string ("") returns null
 56 |             new Property("ro.serialno", null)};
 57 |     /**
 58 |      * The "known" props have the potential for false-positiving due to interesting (see: poorly) made Chinese
 59 |      * devices/odd ROMs. Keeping this threshold low will result in better QEmu detection with possible side affects.
 60 |      */
 61 |     private static int MIN_PROPERTIES_THRESHOLD = 0x5;
 62 | 
 63 |     static {
 64 |         // This is only valid for arm, so gate it
 65 |         for(String abi : Build.SUPPORTED_ABIS) {
 66 |             if(abi.equalsIgnoreCase("armeabi-v7a")) {
 67 |                 System.loadLibrary("anti");
 68 |                 break;
 69 |             }
 70 |         }
 71 |     }
 72 | 
 73 |     /**
 74 |      * Check the existence of known pipes used by the Android QEmu environment.
 75 |      *
 76 |      * @return {@code true} if any pipes where found to exist or {@code false} if not.
 77 |      */
 78 |     public static boolean hasPipes() {
 79 |         for (String pipe : known_pipes) {
 80 |             File qemu_socket = new File(pipe);
 81 |             if (qemu_socket.exists()) {
 82 |                 return true;
 83 |             }
 84 |         }
 85 | 
 86 |         return false;
 87 |     }
 88 | 
 89 |     /**
 90 |      * Check the existence of known files used by the Android QEmu environment.
 91 |      *
 92 |      * @return {@code true} if any files where found to exist or {@code false} if not.
 93 |      */
 94 |     public static boolean hasQEmuFiles() {
 95 |         for (String pipe : known_files) {
 96 |             File qemu_file = new File(pipe);
 97 |             if (qemu_file.exists()) {
 98 |                 return true;
 99 |             }
100 |         }
101 | 
102 |         return false;
103 |     }
104 | 
105 |     /**
106 |      * Check the existence of known files used by the Genymotion environment.
107 |      *
108 |      * @return {@code true} if any files where found to exist or {@code false} if not.
109 |      */
110 |     public static boolean hasGenyFiles() {
111 |         for (String file : known_geny_files) {
112 |             File geny_file = new File(file);
113 |             if (geny_file.exists()) {
114 |                 return true;
115 |             }
116 |         }
117 | 
118 |         return false;
119 |     }
120 | 
121 |     /**
122 |      * Reads in the driver file, then checks a list for known QEmu drivers.
123 |      *
124 |      * @return {@code true} if any known drivers where found to exist or {@code false} if not.
125 |      */
126 |     public static boolean hasQEmuDrivers() {
127 |         for (File drivers_file : new File[]{new File("/proc/tty/drivers"), new File("/proc/cpuinfo")}) {
128 |             if (drivers_file.exists() && drivers_file.canRead()) {
129 |                 // We don't care to read much past things since info we care about should be inside here
130 |                 byte[] data = new byte[1024];
131 |                 try {
132 |                     InputStream is = new FileInputStream(drivers_file);
133 |                     is.read(data);
134 |                     is.close();
135 |                 } catch (Exception exception) {
136 |                     exception.printStackTrace();
137 |                 }
138 | 
139 |                 String driver_data = new String(data);
140 |                 for (String known_qemu_driver : FindEmulator.known_qemu_drivers) {
141 |                     if (driver_data.indexOf(known_qemu_driver) != -1) {
142 |                         return true;
143 |                     }
144 |                 }
145 |             }
146 |         }
147 | 
148 |         return false;
149 |     }
150 | 
151 |     public static boolean hasKnownPhoneNumber(Context context) {
152 |         TelephonyManager telephonyManager = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE);
153 | 
154 |         try {
155 |             String phoneNumber = telephonyManager.getLine1Number();
156 |             for (String number : known_numbers) {
157 |                 if (number.equalsIgnoreCase(phoneNumber)) {
158 |                     return true;
159 |                 }
160 | 
161 |             }
162 |         } catch( SecurityException exception) {
163 |             log("Unable to request getLine1Number, failing open :" + exception.toString());
164 |         }
165 | 
166 |         return false;
167 |     }
168 | 
169 |     public static boolean hasKnownDeviceId(Context context) {
170 |         TelephonyManager telephonyManager = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE);
171 | 
172 |         try {
173 |             String deviceId = telephonyManager.getDeviceId();
174 |             for (String known_deviceId : known_device_ids) {
175 |                 if (known_deviceId.equalsIgnoreCase(deviceId)) {
176 |                     return true;
177 |                 }
178 |             }
179 |         } catch( SecurityException exception) {
180 |             log("Unable to request getDeviceId, failing open :" + exception.toString());
181 |         }
182 | 
183 |         return false;
184 |     }
185 | 
186 |     public static boolean hasKnownImsi(Context context) {
187 |         TelephonyManager telephonyManager = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE);
188 | 
189 |         try {
190 |             String imsi = telephonyManager.getSubscriberId();
191 | 
192 |             for (String known_imsi : known_imsi_ids) {
193 |                 if (known_imsi.equalsIgnoreCase(imsi)) {
194 |                     return true;
195 |                 }
196 |             }
197 |         } catch( SecurityException exception) {
198 |             log("Unable to request getSubscriberId, failing open :" + exception.toString());
199 |         }
200 | 
201 |         return false;
202 |     }
203 | 
204 |     public static boolean hasEmulatorBuild(Context context) {
205 |         String BOARD = android.os.Build.BOARD; // The name of the underlying board, like "unknown".
206 |         // This appears to occur often on real hardware... that's sad
207 |         // String BOOTLOADER = android.os.Build.BOOTLOADER; // The system bootloader version number.
208 |         String BRAND = android.os.Build.BRAND; // The brand (e.g., carrier) the software is customized for, if any.
209 |         // "generic"
210 |         String DEVICE = android.os.Build.DEVICE; // The name of the industrial design. "generic"
211 |         String HARDWARE = android.os.Build.HARDWARE; // The name of the hardware (from the kernel command line or
212 |         // /proc). "goldfish"
213 |         String MODEL = android.os.Build.MODEL; // The end-user-visible name for the end product. "sdk"
214 |         String PRODUCT = android.os.Build.PRODUCT; // The name of the overall product.
215 |         if ((BOARD.compareTo("unknown") == 0) /* || (BOOTLOADER.compareTo("unknown") == 0) */
216 |                 || (BRAND.compareTo("generic") == 0) || (DEVICE.compareTo("generic") == 0)
217 |                 || (MODEL.compareTo("sdk") == 0) || (PRODUCT.compareTo("sdk") == 0)
218 |                 || (HARDWARE.compareTo("goldfish") == 0)) {
219 |             return true;
220 |         }
221 |         return false;
222 |     }
223 | 
224 |     public static boolean isOperatorNameAndroid(Context paramContext) {
225 |         String szOperatorName = ((TelephonyManager) paramContext.getSystemService(Context.TELEPHONY_SERVICE)).getNetworkOperatorName();
226 |         boolean isAndroid = szOperatorName.equalsIgnoreCase("android");
227 |         return isAndroid;
228 |     }
229 | 
230 |     public native static int qemuBkpt();
231 | 
232 |     public static boolean checkQemuBreakpoint() {
233 |         boolean hit_breakpoint = false;
234 | 
235 |         // Potentially you may want to see if this is a specific value
236 |         int result = qemuBkpt();
237 | 
238 |         if (result > 0) {
239 |             hit_breakpoint = true;
240 |         }
241 | 
242 |         return hit_breakpoint;
243 |     }
244 | 
245 |     public static boolean hasEmulatorAdb() {
246 |         try {
247 |             return FindDebugger.hasAdbInEmulator();
248 |         } catch (Exception exception) {
249 |             exception.printStackTrace();
250 |             return false;
251 |         }
252 |     }
253 | 
254 |     /**
255 |      * Will query specific system properties to try and fingerprint a QEmu environment. A minimum threshold must be met
256 |      * in order to prevent false positives.
257 |      *
258 |      * @param context A {link Context} object for the Android application.
259 |      * @return {@code true} if enough properties where found to exist or {@code false} if not.
260 |      */
261 |     public boolean hasQEmuProps(Context context) {
262 |         int found_props = 0;
263 | 
264 |         for (Property property : known_props) {
265 |             String property_value = Utilities.getProp(context, property.name);
266 |             // See if we expected just a non-null
267 |             if ((property.seek_value == null) && (property_value != null)) {
268 |                 found_props++;
269 |             }
270 |             // See if we expected a value to seek
271 |             if ((property.seek_value != null) && (property_value.indexOf(property.seek_value) != -1)) {
272 |                 found_props++;
273 |             }
274 | 
275 |         }
276 | 
277 |         if (found_props >= MIN_PROPERTIES_THRESHOLD) {
278 |             return true;
279 |         }
280 | 
281 |         return false;
282 |     }
283 | 
284 | 
285 |     public static void log(String msg) {
286 |         Log.v("AntiEmu:FindEmulator", msg);
287 |     }
288 | }
289 | 


--------------------------------------------------------------------------------
/AntiEmulator/src/diff/strazzere/anti/monkey/FindMonkey.java:
--------------------------------------------------------------------------------
 1 | package diff.strazzere.anti.monkey;
 2 | 
 3 | import android.app.ActivityManager;
 4 | 
 5 | /**
 6 |  * Class used to determine functionality
 7 |  * specific to Monkey.
 8 |  * 
 9 |  * @author tstrazzere
10 |  */
11 | public class FindMonkey {
12 | 
13 | 	/**
14 | 	 * Check if the normal method of "isUserAMonkey"
15 | 	 * returns a quick win of who the user is.
16 | 	 *  
17 | 	 * @return {@code true} if the user is a monkey
18 | 	 * 		or {@code false} if not.
19 | 	 */
20 | 	public static boolean isUserAMonkey() {
21 | 		return ActivityManager.isUserAMonkey();
22 | 	}
23 | }
24 | 


--------------------------------------------------------------------------------
/AntiEmulator/src/diff/strazzere/anti/taint/FindTaint.java:
--------------------------------------------------------------------------------
 1 | package diff.strazzere.anti.taint;
 2 | 
 3 | import java.io.FileDescriptor;
 4 | import java.lang.reflect.Field;
 5 | 
 6 | import javax.crypto.Cipher;
 7 | import javax.crypto.spec.SecretKeySpec;
 8 | 
 9 | import android.content.Context;
10 | 
11 | import diff.strazzere.anti.common.Utilities;
12 | 
13 | /**
14 |  * Class used to determine functionality
15 |  * specific to Taintdroid.
16 |  * 
17 |  * @author tstrazzere
18 |  */
19 | public class FindTaint {
20 | 	
21 | 	/**
22 | 	 * Check if the "taint" java class used
23 | 	 *  by Taintdroid exists.
24 | 	 *  
25 | 	 * @return {@code true} if the Taintdroid class exists
26 | 	 * 		or {@code false} if not.
27 | 	 */
28 | 	public static boolean hasTaintClass() {
29 | 		try {
30 | 			Class.forName("dalvik.system.Taint");
31 | 			return true;
32 | 		}
33 | 		catch (ClassNotFoundException exception) {
34 | 			return false;
35 | 		}
36 | 	}
37 | 	
38 | 	/**
39 | 	 * Check if specific member variables injected by
40 | 	 * Taintdroid exist, if any do, it is likely that
41 | 	 * Taintdroid is being used.
42 | 	 * 
43 | 	 * @return {@code true} if the Taintdroid member variables
44 | 	 * 		exist or {@code false} if not.
45 | 	 */
46 | 	@SuppressWarnings("unused")
47 | 	public static boolean hasTaintMemberVariables() {
48 | 		boolean taintDetected = false;
49 | 		Class<FileDescriptor> fileDescriptorClass = FileDescriptor.class;
50 | 		try {
51 | 			Field field = fileDescriptorClass.getField("name");
52 | 			taintDetected = true;
53 | 		} catch (NoSuchFieldException nsfe) {
54 | 			// This is normal - no need to do anything here, possibly add logging?
55 | 		}
56 | 		
57 | 		Class cipher = Cipher.class;
58 | 		try {
59 | 			Field key = cipher.getField("key");
60 | 			taintDetected = true;
61 | 		} catch (NoSuchFieldException nsfe) {
62 | 			// This is normal - no need to do anything here, possibly add logging?
63 | 		}
64 | 
65 | 		return taintDetected;
66 | 	}
67 | 	
68 | 	/**
69 | 	 * Check if the known Taintdroid application exists
70 | 	 * on the system.
71 | 	 * <P>
72 | 	 * Not very reliable and easy to have changed.
73 | 	 * 
74 | 	 * @param context A {link Context} object for the Android
75 | 	 * 			application.
76 | 	 * @return {@code true} if the package was found to
77 | 	 * 		exist or {@code false} if not.
78 | 	 */
79 | 	public static boolean hasAppAnalysisPackage(Context context) {
80 | 		return Utilities.hasPackageNameInstalled(context, "org.appanalysis");
81 | 	}
82 | }
83 | 


--------------------------------------------------------------------------------
/LICENSE.txt:
--------------------------------------------------------------------------------
  1 | 
  2 |                                  Apache License
  3 |                            Version 2.0, January 2004
  4 |                         http://www.apache.org/licenses/
  5 | 
  6 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  7 | 
  8 |    1. Definitions.
  9 | 
 10 |       "License" shall mean the terms and conditions for use, reproduction,
 11 |       and distribution as defined by Sections 1 through 9 of this document.
 12 | 
 13 |       "Licensor" shall mean the copyright owner or entity authorized by
 14 |       the copyright owner that is granting the License.
 15 | 
 16 |       "Legal Entity" shall mean the union of the acting entity and all
 17 |       other entities that control, are controlled by, or are under common
 18 |       control with that entity. For the purposes of this definition,
 19 |       "control" means (i) the power, direct or indirect, to cause the
 20 |       direction or management of such entity, whether by contract or
 21 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 22 |       outstanding shares, or (iii) beneficial ownership of such entity.
 23 | 
 24 |       "You" (or "Your") shall mean an individual or Legal Entity
 25 |       exercising permissions granted by this License.
 26 | 
 27 |       "Source" form shall mean the preferred form for making modifications,
 28 |       including but not limited to software source code, documentation
 29 |       source, and configuration files.
 30 | 
 31 |       "Object" form shall mean any form resulting from mechanical
 32 |       transformation or translation of a Source form, including but
 33 |       not limited to compiled object code, generated documentation,
 34 |       and conversions to other media types.
 35 | 
 36 |       "Work" shall mean the work of authorship, whether in Source or
 37 |       Object form, made available under the License, as indicated by a
 38 |       copyright notice that is included in or attached to the work
 39 |       (an example is provided in the Appendix below).
 40 | 
 41 |       "Derivative Works" shall mean any work, whether in Source or Object
 42 |       form, that is based on (or derived from) the Work and for which the
 43 |       editorial revisions, annotations, elaborations, or other modifications
 44 |       represent, as a whole, an original work of authorship. For the purposes
 45 |       of this License, Derivative Works shall not include works that remain
 46 |       separable from, or merely link (or bind by name) to the interfaces of,
 47 |       the Work and Derivative Works thereof.
 48 | 
 49 |       "Contribution" shall mean any work of authorship, including
 50 |       the original version of the Work and any modifications or additions
 51 |       to that Work or Derivative Works thereof, that is intentionally
 52 |       submitted to Licensor for inclusion in the Work by the copyright owner
 53 |       or by an individual or Legal Entity authorized to submit on behalf of
 54 |       the copyright owner. For the purposes of this definition, "submitted"
 55 |       means any form of electronic, verbal, or written communication sent
 56 |       to the Licensor or its representatives, including but not limited to
 57 |       communication on electronic mailing lists, source code control systems,
 58 |       and issue tracking systems that are managed by, or on behalf of, the
 59 |       Licensor for the purpose of discussing and improving the Work, but
 60 |       excluding communication that is conspicuously marked or otherwise
 61 |       designated in writing by the copyright owner as "Not a Contribution."
 62 | 
 63 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 64 |       on behalf of whom a Contribution has been received by Licensor and
 65 |       subsequently incorporated within the Work.
 66 | 
 67 |    2. Grant of Copyright License. Subject to the terms and conditions of
 68 |       this License, each Contributor hereby grants to You a perpetual,
 69 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 70 |       copyright license to reproduce, prepare Derivative Works of,
 71 |       publicly display, publicly perform, sublicense, and distribute the
 72 |       Work and such Derivative Works in Source or Object form.
 73 | 
 74 |    3. Grant of Patent License. Subject to the terms and conditions of
 75 |       this License, each Contributor hereby grants to You a perpetual,
 76 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 77 |       (except as stated in this section) patent license to make, have made,
 78 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 79 |       where such license applies only to those patent claims licensable
 80 |       by such Contributor that are necessarily infringed by their
 81 |       Contribution(s) alone or by combination of their Contribution(s)
 82 |       with the Work to which such Contribution(s) was submitted. If You
 83 |       institute patent litigation against any entity (including a
 84 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 85 |       or a Contribution incorporated within the Work constitutes direct
 86 |       or contributory patent infringement, then any patent licenses
 87 |       granted to You under this License for that Work shall terminate
 88 |       as of the date such litigation is filed.
 89 | 
 90 |    4. Redistribution. You may reproduce and distribute copies of the
 91 |       Work or Derivative Works thereof in any medium, with or without
 92 |       modifications, and in Source or Object form, provided that You
 93 |       meet the following conditions:
 94 | 
 95 |       (a) You must give any other recipients of the Work or
 96 |           Derivative Works a copy of this License; and
 97 | 
 98 |       (b) You must cause any modified files to carry prominent notices
 99 |           stating that You changed the files; and
100 | 
101 |       (c) You must retain, in the Source form of any Derivative Works
102 |           that You distribute, all copyright, patent, trademark, and
103 |           attribution notices from the Source form of the Work,
104 |           excluding those notices that do not pertain to any part of
105 |           the Derivative Works; and
106 | 
107 |       (d) If the Work includes a "NOTICE" text file as part of its
108 |           distribution, then any Derivative Works that You distribute must
109 |           include a readable copy of the attribution notices contained
110 |           within such NOTICE file, excluding those notices that do not
111 |           pertain to any part of the Derivative Works, in at least one
112 |           of the following places: within a NOTICE text file distributed
113 |           as part of the Derivative Works; within the Source form or
114 |           documentation, if provided along with the Derivative Works; or,
115 |           within a display generated by the Derivative Works, if and
116 |           wherever such third-party notices normally appear. The contents
117 |           of the NOTICE file are for informational purposes only and
118 |           do not modify the License. You may add Your own attribution
119 |           notices within Derivative Works that You distribute, alongside
120 |           or as an addendum to the NOTICE text from the Work, provided
121 |           that such additional attribution notices cannot be construed
122 |           as modifying the License.
123 | 
124 |       You may add Your own copyright statement to Your modifications and
125 |       may provide additional or different license terms and conditions
126 |       for use, reproduction, or distribution of Your modifications, or
127 |       for any such Derivative Works as a whole, provided Your use,
128 |       reproduction, and distribution of the Work otherwise complies with
129 |       the conditions stated in this License.
130 | 
131 |    5. Submission of Contributions. Unless You explicitly state otherwise,
132 |       any Contribution intentionally submitted for inclusion in the Work
133 |       by You to the Licensor shall be under the terms and conditions of
134 |       this License, without any additional terms or conditions.
135 |       Notwithstanding the above, nothing herein shall supersede or modify
136 |       the terms of any separate license agreement you may have executed
137 |       with Licensor regarding such Contributions.
138 | 
139 |    6. Trademarks. This License does not grant permission to use the trade
140 |       names, trademarks, service marks, or product names of the Licensor,
141 |       except as required for reasonable and customary use in describing the
142 |       origin of the Work and reproducing the content of the NOTICE file.
143 | 
144 |    7. Disclaimer of Warranty. Unless required by applicable law or
145 |       agreed to in writing, Licensor provides the Work (and each
146 |       Contributor provides its Contributions) on an "AS IS" BASIS,
147 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148 |       implied, including, without limitation, any warranties or conditions
149 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150 |       PARTICULAR PURPOSE. You are solely responsible for determining the
151 |       appropriateness of using or redistributing the Work and assume any
152 |       risks associated with Your exercise of permissions under this License.
153 | 
154 |    8. Limitation of Liability. In no event and under no legal theory,
155 |       whether in tort (including negligence), contract, or otherwise,
156 |       unless required by applicable law (such as deliberate and grossly
157 |       negligent acts) or agreed to in writing, shall any Contributor be
158 |       liable to You for damages, including any direct, indirect, special,
159 |       incidental, or consequential damages of any character arising as a
160 |       result of this License or out of the use or inability to use the
161 |       Work (including but not limited to damages for loss of goodwill,
162 |       work stoppage, computer failure or malfunction, or any and all
163 |       other commercial damages or losses), even if such Contributor
164 |       has been advised of the possibility of such damages.
165 | 
166 |    9. Accepting Warranty or Additional Liability. While redistributing
167 |       the Work or Derivative Works thereof, You may choose to offer,
168 |       and charge a fee for, acceptance of support, warranty, indemnity,
169 |       or other liability obligations and/or rights consistent with this
170 |       License. However, in accepting such obligations, You may act only
171 |       on Your own behalf and on Your sole responsibility, not on behalf
172 |       of any other Contributor, and only if You agree to indemnify,
173 |       defend, and hold each Contributor harmless for any liability
174 |       incurred by, or claims asserted against, such Contributor by reason
175 |       of your accepting any such warranty or additional liability.
176 | 
177 |    END OF TERMS AND CONDITIONS
178 | 
179 |    APPENDIX: How to apply the Apache License to your work.
180 | 
181 |       To apply the Apache License to your work, attach the following
182 |       boilerplate notice, with the fields enclosed by brackets "[]"
183 |       replaced with your own identifying information. (Don't include
184 |       the brackets!)  The text should be enclosed in the appropriate
185 |       comment syntax for the file format. We also recommend that a
186 |       file or class name and description of purpose be included on the
187 |       same "printed page" as the copyright notice for easier
188 |       identification within third-party archives.
189 | 
190 |    Copyright [yyyy] [name of copyright owner]
191 | 
192 |    Licensed under the Apache License, Version 2.0 (the "License");
193 |    you may not use this file except in compliance with the License.
194 |    You may obtain a copy of the License at
195 | 
196 |        http://www.apache.org/licenses/LICENSE-2.0
197 | 
198 |    Unless required by applicable law or agreed to in writing, software
199 |    distributed under the License is distributed on an "AS IS" BASIS,
200 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
201 |    See the License for the specific language governing permissions and
202 |    limitations under the License.
203 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | anti-emulator
 2 | =============
 3 | 
 4 | Android Anti-Emulator, originally presented at HitCon 2013: "Dex Education 201: Anti-Emulation"
 5 | 
 6 | Purpose of this project was intended to show various ways of detecting an emulated Android environment. Some of the methods are adapted from previously seen malware on other operating systems, others are just random thoughts. Slowly over time things have been added that I've either thought of randomly, stumbled upon or came across in the wild. I'll do my best to comment if anything from the wild is added directly to the project, as this would likely be more interesting to AV/researchers attempting to hide their own sandboxes.
 7 | 
 8 | Contents
 9 | --------
10 | 
11 |  - slides/ - Talk slides
12 |  - AntiEmulation/ - Eclipse project and main source of anti* code
13 | 
14 | Disclaimer
15 | ----------
16 | 
17 | This presentation and code are meant for education and research purposes only. Do as you please with it, but accept any and all responsibility for your actions. The tools were created specifically to assist in malware reversing and analysis - be careful.
18 | 
19 | License
20 | -------
21 | 
22 |     Copyright 2014-19 Tim 'diff' Strazzere <strazz@gmail.com>
23 | 
24 |     Licensed under the Apache License, Version 2.0 (the "License");
25 |     you may not use this file except in compliance with the License.
26 |     You may obtain a copy of the License at
27 | 
28 |        http://www.apache.org/licenses/LICENSE-2.0
29 | 
30 |     Unless required by applicable law or agreed to in writing, software
31 |     distributed under the License is distributed on an "AS IS" BASIS,
32 |     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
33 |     See the License for the specific language governing permissions and
34 |     limitations under the License.
35 | 


--------------------------------------------------------------------------------
/build.gradle:
--------------------------------------------------------------------------------
 1 | // Top-level build file where you can add configuration options common to all sub-projects/modules.
 2 | 
 3 | buildscript {
 4 |     repositories {
 5 |         jcenter()
 6 |         google()
 7 |     }
 8 |     dependencies {
 9 |         classpath 'com.android.tools.build:gradle:3.6.1'
10 | 
11 |         // NOTE: Do not place your application dependencies here; they belong
12 |         // in the individual module build.gradle files
13 |     }
14 | }
15 | 
16 | allprojects {
17 |     repositories {
18 |         jcenter()
19 |         google()
20 |     }
21 | }


--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strazzere/anti-emulator/cfdfa432149ea1892aeee44adab7c88a46edafca/gradle/wrapper/gradle-wrapper.jar


--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.properties:
--------------------------------------------------------------------------------
1 | #Thu Sep 05 10:54:42 PDT 2019
2 | distributionBase=GRADLE_USER_HOME
3 | distributionPath=wrapper/dists
4 | zipStoreBase=GRADLE_USER_HOME
5 | zipStorePath=wrapper/dists
6 | distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.4-all.zip
7 | 


--------------------------------------------------------------------------------
/gradlew:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | 
  3 | ##############################################################################
  4 | ##
  5 | ##  Gradle start up script for UN*X
  6 | ##
  7 | ##############################################################################
  8 | 
  9 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 10 | DEFAULT_JVM_OPTS=""
 11 | 
 12 | APP_NAME="Gradle"
 13 | APP_BASE_NAME=`basename "$0"`
 14 | 
 15 | # Use the maximum available, or set MAX_FD != -1 to use that value.
 16 | MAX_FD="maximum"
 17 | 
 18 | warn ( ) {
 19 |     echo "$*"
 20 | }
 21 | 
 22 | die ( ) {
 23 |     echo
 24 |     echo "$*"
 25 |     echo
 26 |     exit 1
 27 | }
 28 | 
 29 | # OS specific support (must be 'true' or 'false').
 30 | cygwin=false
 31 | msys=false
 32 | darwin=false
 33 | case "`uname`" in
 34 |   CYGWIN* )
 35 |     cygwin=true
 36 |     ;;
 37 |   Darwin* )
 38 |     darwin=true
 39 |     ;;
 40 |   MINGW* )
 41 |     msys=true
 42 |     ;;
 43 | esac
 44 | 
 45 | # For Cygwin, ensure paths are in UNIX format before anything is touched.
 46 | if $cygwin ; then
 47 |     [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
 48 | fi
 49 | 
 50 | # Attempt to set APP_HOME
 51 | # Resolve links: $0 may be a link
 52 | PRG="$0"
 53 | # Need this for relative symlinks.
 54 | while [ -h "$PRG" ] ; do
 55 |     ls=`ls -ld "$PRG"`
 56 |     link=`expr "$ls" : '.*-> \(.*\)$'`
 57 |     if expr "$link" : '/.*' > /dev/null; then
 58 |         PRG="$link"
 59 |     else
 60 |         PRG=`dirname "$PRG"`"/$link"
 61 |     fi
 62 | done
 63 | SAVED="`pwd`"
 64 | cd "`dirname \"$PRG\"`/" >&-
 65 | APP_HOME="`pwd -P`"
 66 | cd "$SAVED" >&-
 67 | 
 68 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 69 | 
 70 | # Determine the Java command to use to start the JVM.
 71 | if [ -n "$JAVA_HOME" ] ; then
 72 |     if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
 73 |         # IBM's JDK on AIX uses strange locations for the executables
 74 |         JAVACMD="$JAVA_HOME/jre/sh/java"
 75 |     else
 76 |         JAVACMD="$JAVA_HOME/bin/java"
 77 |     fi
 78 |     if [ ! -x "$JAVACMD" ] ; then
 79 |         die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
 80 | 
 81 | Please set the JAVA_HOME variable in your environment to match the
 82 | location of your Java installation."
 83 |     fi
 84 | else
 85 |     JAVACMD="java"
 86 |     which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 87 | 
 88 | Please set the JAVA_HOME variable in your environment to match the
 89 | location of your Java installation."
 90 | fi
 91 | 
 92 | # Increase the maximum file descriptors if we can.
 93 | if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then
 94 |     MAX_FD_LIMIT=`ulimit -H -n`
 95 |     if [ $? -eq 0 ] ; then
 96 |         if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
 97 |             MAX_FD="$MAX_FD_LIMIT"
 98 |         fi
 99 |         ulimit -n $MAX_FD
100 |         if [ $? -ne 0 ] ; then
101 |             warn "Could not set maximum file descriptor limit: $MAX_FD"
102 |         fi
103 |     else
104 |         warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
105 |     fi
106 | fi
107 | 
108 | # For Darwin, add options to specify how the application appears in the dock
109 | if $darwin; then
110 |     GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
111 | fi
112 | 
113 | # For Cygwin, switch paths to Windows format before running java
114 | if $cygwin ; then
115 |     APP_HOME=`cygpath --path --mixed "$APP_HOME"`
116 |     CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
117 | 
118 |     # We build the pattern for arguments to be converted via cygpath
119 |     ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
120 |     SEP=""
121 |     for dir in $ROOTDIRSRAW ; do
122 |         ROOTDIRS="$ROOTDIRS$SEP$dir"
123 |         SEP="|"
124 |     done
125 |     OURCYGPATTERN="(^($ROOTDIRS))"
126 |     # Add a user-defined pattern to the cygpath arguments
127 |     if [ "$GRADLE_CYGPATTERN" != "" ] ; then
128 |         OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
129 |     fi
130 |     # Now convert the arguments - kludge to limit ourselves to /bin/sh
131 |     i=0
132 |     for arg in "$@" ; do
133 |         CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
134 |         CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
135 | 
136 |         if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
137 |             eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
138 |         else
139 |             eval `echo args$i`="\"$arg\""
140 |         fi
141 |         i=$((i+1))
142 |     done
143 |     case $i in
144 |         (0) set -- ;;
145 |         (1) set -- "$args0" ;;
146 |         (2) set -- "$args0" "$args1" ;;
147 |         (3) set -- "$args0" "$args1" "$args2" ;;
148 |         (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
149 |         (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
150 |         (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
151 |         (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
152 |         (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
153 |         (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
154 |     esac
155 | fi
156 | 
157 | # Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
158 | function splitJvmOpts() {
159 |     JVM_OPTS=("$@")
160 | }
161 | eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
162 | JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
163 | 
164 | exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"
165 | 


--------------------------------------------------------------------------------
/gradlew.bat:
--------------------------------------------------------------------------------
 1 | @if "%DEBUG%" == "" @echo off
 2 | @rem ##########################################################################
 3 | @rem
 4 | @rem  Gradle startup script for Windows
 5 | @rem
 6 | @rem ##########################################################################
 7 | 
 8 | @rem Set local scope for the variables with windows NT shell
 9 | if "%OS%"=="Windows_NT" setlocal
10 | 
11 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
12 | set DEFAULT_JVM_OPTS=
13 | 
14 | set DIRNAME=%~dp0
15 | if "%DIRNAME%" == "" set DIRNAME=.
16 | set APP_BASE_NAME=%~n0
17 | set APP_HOME=%DIRNAME%
18 | 
19 | @rem Find java.exe
20 | if defined JAVA_HOME goto findJavaFromJavaHome
21 | 
22 | set JAVA_EXE=java.exe
23 | %JAVA_EXE% -version >NUL 2>&1
24 | if "%ERRORLEVEL%" == "0" goto init
25 | 
26 | echo.
27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
28 | echo.
29 | echo Please set the JAVA_HOME variable in your environment to match the
30 | echo location of your Java installation.
31 | 
32 | goto fail
33 | 
34 | :findJavaFromJavaHome
35 | set JAVA_HOME=%JAVA_HOME:"=%
36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe
37 | 
38 | if exist "%JAVA_EXE%" goto init
39 | 
40 | echo.
41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
42 | echo.
43 | echo Please set the JAVA_HOME variable in your environment to match the
44 | echo location of your Java installation.
45 | 
46 | goto fail
47 | 
48 | :init
49 | @rem Get command-line arguments, handling Windowz variants
50 | 
51 | if not "%OS%" == "Windows_NT" goto win9xME_args
52 | if "%@eval[2+2]" == "4" goto 4NT_args
53 | 
54 | :win9xME_args
55 | @rem Slurp the command line arguments.
56 | set CMD_LINE_ARGS=
57 | set _SKIP=2
58 | 
59 | :win9xME_args_slurp
60 | if "x%~1" == "x" goto execute
61 | 
62 | set CMD_LINE_ARGS=%*
63 | goto execute
64 | 
65 | :4NT_args
66 | @rem Get arguments from the 4NT Shell from JP Software
67 | set CMD_LINE_ARGS=%$
68 | 
69 | :execute
70 | @rem Setup the command line
71 | 
72 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
73 | 
74 | @rem Execute Gradle
75 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
76 | 
77 | :end
78 | @rem End local scope for the variables with windows NT shell
79 | if "%ERRORLEVEL%"=="0" goto mainEnd
80 | 
81 | :fail
82 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
83 | rem the _cmd.exe /c_ return code!
84 | if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
85 | exit /b 1
86 | 
87 | :mainEnd
88 | if "%OS%"=="Windows_NT" endlocal
89 | 
90 | :omega
91 | 


--------------------------------------------------------------------------------
/settings.gradle:
--------------------------------------------------------------------------------
1 | include ':AntiEmulator'


--------------------------------------------------------------------------------
/slides/Dex Education 201 - Anti-Emulation.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strazzere/anti-emulator/cfdfa432149ea1892aeee44adab7c88a46edafca/slides/Dex Education 201 - Anti-Emulation.pdf


--------------------------------------------------------------------------------