Qemu is a well-known and often used full system software emulator. In this talk we will discuss how to detect that a process is running in an emulated system. The presented techniques are based on how emulation is achieved, in particular for the ARM architecutre.
This talk deals with how to detect full system emulation that is based on binary translation like Qemu, a well-known full system software emulator. This can come in handy on Android where most emulator and dynamic analysis systems are based on QEMU. A second presended method will focus on caching behavior that can be abused on ARM to detect whether the system is emulated or exectued on a real processor.
This OpenChaos will be on January, 29th 2015 at the Chaos Computer Club Cologne starting at 8pm (20:00) CEST. The slides will be english but the talk will be german.
by
thuxnder
2015-01-27T10:12:23+01:00