One Step Before Game Hackers - Instrumenting Android Emulators

Explore the world of Android emulator exploitation in this 26-minute conference talk from NorthSec. Dive into the intricacies of commercial Android emulators like NOX, BlueStacks, and Leidian, and learn how their root permissions and x86/ARM mixed-mode emulation impact game security. Discover the challenges faced by standard native hooking and DBI frameworks on these platforms. Gain insights into the process start routines for command-line and Android JNI applications, and understand how they differ in emulated environments. Compare emulation strategies across various emulators and runtime environments. Learn to develop a native hooking framework that overcomes the limitations of existing tools on mixed-mode emulators. Witness a live demonstration of game cheating using this custom framework, and explore the potential future of mobile game cheating in the dark market. Enhance your understanding of mobile game security and emulator vulnerabilities through this comprehensive exploration of Android emulator instrumentation.

Self Introduction
Agenda
Background: Game Cheating Threat Model
Background: Mobile Game Cheating Business Model
Background: Purpose
Targets
Command Line Binary
Java Application
Init Houdini
Houdini License
Existing Hooking Framework
Normal Approach
(A) Utilize Houdini
(B) Utilize Xposed
Conclusion