www.romainthomas.fr Open in urlscan Pro
2606:50c0:8001::153  Public Scan

Form analysis
0 forms found in the DOM

Text Content

R. T R. T
 * About
 * Posts
 * Projects
 * Publications
 * Trainings
 * Work Experience
 * Misc
 * Contact




DROIDGUARD: A DEEP DIVE INTO SAFETYNET

SSTIC & BlackHat Asia May 12, 2022

Abstract

SafetyNet is the Android component developed by Google to verify the devices'
integrity. These checks are used by the developers to prevent running
applications on devices that would not meet security requirements but it is also
used by Google to prevent bots, fraud & abuse.

In 2017, Collin Mulliner & John Kozyrakis made one of the first public
presentations about SafetyNet and a glimpse into the internal mechanisms. Since
then, the Google anti-abuse team improved the strength of the solution which
moved most of the original Java layer of SafetyNet, into a native module called
DroidGuard. This module implements a custom virtual machine that runs a
proprietary bytecode provided by Google to perform the devices integrity checks.

This paper aims at providing a state-of-the-art of the current implementation of
SafetyNet. In particular, it presents the internal mechanisms behind SafetyNet
and the DroidGuard module. This includes an overview of the VM design, its
internal mechanisms, and the security checks performed by SafetyNet to detect
Magisk, emulators, rooted devices, and even Pegasus.


SLIDES




WHITEPAPER




TALK AT BLACKHAT (ENGLISH)




TALK AT SSTIC (FRENCH)


ASSETS

https://github.com/romainthomas/droidguard-samples