Emulator Detection

Emulator Detection

Testing Emulator Detection

In the context of anti-reversing, the goal of emulator detection is to increase the difficulty of running the app on an emulated device, which impedes some tools and techniques reverse engineers like to use. This increased difficulty forces the reverse engineer to defeat the emulator checks or utilize the physical device, thereby barring the access required for large-scale device analysis. These are the current checks/tricks we are using to give an indication of emulator.

  • Virtual Phone Number
  • Device IDs
  • Genymotion
  • QEMU
  • Emulator Files Check
  • System Properties
  • Emulator Default IP Check
  • Check Package Name
  • Debug Flag
  • Check Operator Name