Hide the Emulator

As malware might try to detect if it runs in an emulated environment it might check for a valid IMSI, IMEI, SIM serial, and/or AndroidId. In order to make your emulated environment as realistic as possible it is possible to set a IMSI, IMEI, SIM serial, and/or AndroidId to your emulator.

IMSI, IMEI, and SIM

By applying the following patch file it is possible to get an emulator build which allows to set the IMSI, IMEI, and the SIM serial via the AVD configuration file.

Configuration File

In the AVD config.ini file you might set the following:

hw.gsmModem.imei=123456789012345
hw.gsmModem.imsi=098765432109876
hw.gsmModem.simSerial=01234567890123456789

Build

To apply the patch you need the Android source code (http://source.android.com) and the patch file (emulator_imsi_patch.patch).
It is assumed that the Android source code is placed in "~/android-2.3".

% cd ~/android-2.3/
% . build/envsetup.sh
% lunch 1
% cd external/qemu
% patch -p0 < ~/emulator_imsi_patch.patch
% cd ~/android-2.3
% make emulator

AndroidId

The AndroidId is located in a database:
  • Database: /data/data/com.android,providers.settings/databases/setting.db
  • Table: secure
  • Entry: name='android_id'
Before doing any modifications make sure that you backup your databases.
From the adb shell do the following:

% su
% cd /data/data/com.android.providers.settings/databases/
% sqlite3 settings.db
sqlite> select * from secure where name='android_id'; // Check for existing entry
sqlite> insert into secure (’name’, ‘value’ ) values (’android_id’,'device_id_goes_here’);
sqlite> .exit

Please remark that the database might also be on a different location depending on your Android version.

Comments