asysbang

标题: Android模拟器判断与反判断 [打印本页]

作者: admin 时间: 2022-6-7 18:12
标题: Android模拟器判断与反判断
判断与反判断（暂时这个名字，需要起个响亮的名字）

1.判断sensorManager.getDefaultSensor(Sensor.TYPE_LIGHT)

  反判断./core/java/android/hardware/SensorManager.java if (type ==5 ) return new Sensor();

2.判断bluetoothAdapter.getName();
  反判断./core/java/android/bluetooth/BluetoothAdapter.java  getName() 函数直接返回 “btname”

3.判断cat /proc/cpuinfo
  反判断：kernel/arch/x86/kernel/cpu/proc.c show_cpuinfo函数，想改哪个改哪个

4.判断安装的应用  getPackageManager().queryIntentActivities
  反判断  ./services/core/java/com/android/server/pm/PackageManagerService.java applyPostResolutionFilter 函数
if (info.activityInfo.packageName.indexOf("chromium")>=0) {                      resolveInfos.remove(i);
                     Log.v(TAG, "=============applyPostResolutionFilter=remove chromium");
                     continue;
            }
5. 判断通过native getprop 获取ro.product.cpu.abi 等属性    AntiFakerAndroidChecker  绕过libcutil 直接调用的sys/system_properties.h
反判断  bionic/libc/bionic/system_properties.cpp __system_property_get  函数可以拦截
const prop_info* pi = __system_property_find(name); async_safe_format_log(ANDROID_LOG_ERROR, "libc", "=====================__system_property_get \"%s\" ", name);
这个log是异步的  有时候需要再此抓取log才能看到，  logcat 默认是-v time的为了方便对比  可以用-v process 来抓取log
参考下面代码
const char * filter = "ro.product.cpu.abi";
int ret = strcmp(pi->name, filter);
if (ret ==0) {
memcpy(value, "target_abi", 10);
async_safe_format_log(ANDROID_LOG_ERROR, "libc", "=====================__system_property_read  target_abi");
return 10;
} else {
uint32_t serial = __system_property_serial(pi);  // acquire semantics
size_t len = SERIAL_VALUE_LEN(serial);
memcpy(value, pi->value, len + 1);
}
async_safe_format_log(ANDROID_LOG_ERROR, "libc", "=====================__system_property_read value =\"%s\"  , name = %s ,ret = %d  ", value,pi->name,ret);

6.判断电池
  ./services/core/java/com/android/server/BatteryService.java
processValuesLocked 函数

7.判断opengl信息
external/swiftshader/src/OpenGL/libGLESv2/libGLESv2.cpp +3487
修改renderer 和version信息

1

作者: admin 时间: 2022-6-7 19:12
Lunch menu... pick a combo:
   1. aosp_arm-eng
   2. aosp_arm64-eng
   3. aosp_blueline-userdebug
   4. aosp_blueline_car-userdebug
   5. aosp_bonito-userdebug
   6. aosp_bonito_car-userdebug
   7. aosp_bramble_car-userdebug
   8. aosp_car_arm-userdebug
   9. aosp_car_arm64-userdebug
   10. aosp_car_x86-userdebug
   11. aosp_car_x86_64-userdebug
   12. aosp_cf_arm64_auto-userdebug
   13. aosp_cf_arm64_phone-userdebug
   14. aosp_cf_x86_64_foldable-userdebug
   15. aosp_cf_x86_64_pc-userdebug
   16. aosp_cf_x86_64_phone-userdebug
   17. aosp_cf_x86_64_tv-userdebug
   18. aosp_cf_x86_auto-userdebug
   19. aosp_cf_x86_phone-userdebug
   20. aosp_cf_x86_tv-userdebug
   21. aosp_coral_car-userdebug
   22. aosp_crosshatch-userdebug
   23. aosp_crosshatch_car-userdebug
   24. aosp_crosshatch_vf-userdebug
   25. aosp_flame_car-userdebug
   26. aosp_redfin_car-userdebug
   27. aosp_sargo-userdebug
   28. aosp_sargo_car-userdebug
   29. aosp_sunfish_car-userdebug
   30. aosp_x86-eng
   31. aosp_x86_64-eng
   32. arm_krait-eng
   33. arm_v7_v8-eng
   34. armv8-eng
   35. armv8_cortex_a55-eng
   36. armv8_kryo385-eng
   37. beagle_x15-userdebug
   38. beagle_x15_auto-userdebug
   39. car_x86_64-userdebug
   40. fuchsia_arm64-eng
   41. fuchsia_x86_64-eng
   42. gsi_car_arm64-userdebug
   43. gsi_car_x86_64-userdebug
   44. hikey-userdebug
   45. hikey64_only-userdebug
   46. hikey960-userdebug
   47. hikey960_tv-userdebug
   48. hikey_tv-userdebug
   49. qemu_trusty_arm64-userdebug
   50. rk3588_box-user
   51. rk3588_box-userdebug
   52. rk3588_firefly_itx_3588j-user
   53. rk3588_firefly_itx_3588j-userdebug
   54. rk3588_s-user
   55. rk3588_s-userdebug
   56. rk3588s_s-user
   57. rk3588s_s-userdebug
   58. sdk_car_arm-userdebug
   59. sdk_car_arm64-userdebug
   60. sdk_car_x86-userdebug
   61. sdk_car_x86_64-userdebug
   62. silvermont-eng
   63. uml-userdebug
   64. yukawa-userdebug
   65. yukawa_sei510-userdebug

作者: admin 时间: 2022-6-7 19:16
processor : 0vendor_id : genuineintelcpu family : 6model : 94model name : intel(r) core(tm) i7-6700 cpu @ 3.40ghzstepping : 3cpu mhz : 3485.096cache size : 8192 kbphysical id : 0siblings : 2core id : 0cpu cores : 2apicid : 0initial apicid : 0fpu : yesfpu_exception : yescpuid level : 22wp : yesflags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single kaiser fsgsbase invpcid rdseed clflushoptbugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgsbogomips : 6970.19clflush size : 64cache_alignment : 64address sizes : 39 bits physical, 48 bits virtualpower management:processor : 1vendor_id : genuineintelcpu family : 6model : 94model name : intel(r) core(tm) i7-6700 cpu @ 3.40ghzstepping : 3cpu mhz : 3485.096cache size : 8192 kbphysical id : 0siblings : 2core id : 1cpu cores : 2apicid : 1initial apicid : 1fpu : yesfpu_exception : yescpuid level : 22wp : yesflags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single kaiser fsgsbase invpcid rdseed clflushoptbugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgsbogomips : 6970.19clflush size : 64cache_alignment : 64address sizes : 39 bits physical, 48 bits virtualpower management:

作者: admin 时间: 2022-6-9 11:07
com.snail.antifake_jni_EmulatorDetectUtil.c

NIEXPORT jboolean JNICALL Java_com_snail_antifake_jni_EmulatorDetectUtil_detect
      (JNIEnv *env, jobject jobject1) {
load(env);

   char code[] =
                  "\x04\xe0\x2d\xE5"
                  "\x00\x20\xA0\xE3"
                  "\x00\x00\xA0\xE3"
                  "\x01\x20\x82\xE2"
                  "\x0c\x30\x4f\xe2"
                  "\x00\x10\x93\xE5"
                  "\x01\x00\x80\xE2"
                  "\x0c\x30\x4f\xe2"
                  "\x00\x10\x83\xE5"
                  "\x0A\x00\x50\xE3"
                  "\x02\x00\x00\xAA"
                  "\x0A\x00\x52\xE3"
                  "\x00\x00\x00\xAA"
                  "\xf7\xff\xff\xea"
                  "\x04\xf0\x9d\xE4"
                  "\x00\x00\xa0\xe1"
                  "\x00\x00\xa0\xe1"
                  "\x00\x00\xa0\xe1"
                  "\x00\x00\xa0\xe1"
                  "\x00\x00\xa0\xe1"
                  "\x00\x00\xa0\xe1"
                  "\x00\x00\xa0\xe1"
                  "\x00\x00\xa0\xe1"
                  "\x00\x00\xa0\xe1"
                  "\x00\x00\xa0\xe1"
                  "\x00\x00\xa0\xe1"
                  "\x00\x00\xa0\xe1"
                  "\x00\x00\xa0\xe1"
                  "\x00\x00\xa0\xe1"
                  "\x00\x00\xa0\xe1"
                  "\x00\x00\xa0\xe1";

void *exec = mmap(NULL, (size_t) getpagesize(), PROT, MAP_ANONYMOUS | MAP_PRIVATE, -1,
                  (off_t) 0);
memcpy(exec, code,  (size_t) getpagesize() );
__clear_cache(exec, exec+ (size_t) getpagesize() );
asmcheck = (int *) exec;
int ret=-1;
ret= asmcheck();
LOGI(" result  %d " ,ret );
munmap(exec,(size_t) getpagesize());
return ret == 1;

作者: admin 时间: 2022-6-9 11:21
https://bbs.pediy.com/thread-225717.htm

欢迎光临 asysbang (http://asysbang.com/)