I wrote this blog mainly to share the anti-cheating ideas of virtual positioning
because I have done small software related to virtual positioning before. I also played with the virtual positioning of VA, which is very interesting. Then I think that I should solve the anti-cheating ideas Write a share next.


1. Android developer mode simulation positioning


Implementation method

1) Open developer mode on Android 6.0 → Simulate location information application

2) Open developer mode before Android 6.0 → Allow mock location

3) Call the Android native SDK provided method

The pseudo code is as follows:

try {
    locationManager.addTestProvider(providerName, false, false, false,
            false, true, true, true, 0, Criteria.ACCURACY_FINE);
    locationManager.setTestProviderEnabled(providerName, true);
} catch (SecurityException e) {
    Toast.makeText(mainActivity, "请打开模拟位置应用", Toast.LENGTH_LONG).show();
    Log.d("异常", e.getMessage());
try {
    locationManager.setTestProviderStatus(providerName, 100, null, System.currentTimeMillis());
    locationManager.setTestProviderLocation(providerName, MyUtils.generateLocation(latLng));
} catch (Exception e) {
    Log.d("异常", e.getMessage());

2. Pros and cons

1) Easy to use, just call the native SDK

2) Not easy to detect (for Baidu map, Gaode map and software using its APK)

1) It has no effect on software using Tencent’s map API (such as WeChat, Mobike APP), but the bikes in Meituan can take effect without Tencent.

P: There are two types of positioning simulations in native code

1.GPS simulation

GPS simulation will drift with a certain probability when GPS is turned on

2.NETWORK simulation

NETWORK simulation has a certain probability of drifting when GPS or Internet connection is turned on


3. Processing ideas

1) Add Tencent Map API to make secondary location judgment

2) Force the GPS to be turned on when the software is opened

(The NETWORK simulation used by many such APP positioning will drift back and forth due to GPS turning on. You can record the number of anomalies and threshold judgments, or define a drift algorithm.)

3) Check whether the developer mode / simulation positioning is turned on (can be detected before Android 6.0)

if (Settings.Secure.getInt(getContentResolver(),
        Settings.Secure.ALLOW_MOCK_LOCATION, 0) != 0) {
    Toast.makeText(this, "1", Toast.LENGTH_SHORT).show();
} else {
    Toast.makeText(this, "0", Toast.LENGTH_SHORT).show();

4) Altitude comparison, it is necessary to inject altitude when simulating

For specific implementation, see the blog

Pikachu Virtual Positioning




Implementation method

1) Phone needs root

2) Development based on hook frameworks such as Xposed


2. Pros and cons

1) It is basically impossible to determine whether there have been changes to the software after root

2) The hook framework can be used to do many things, such as JustTrustMe (turn off strong certificate verification), modify the number of steps, grab red envelopes, etc.

1) It is difficult to ban root or root on many mobile phones (such as Huawei, vivo and other mobile phones have been banned)

2) One foot high and one foot high, there is a framework like Magisk to avoid root access to root

3) In addition, the root authority is too high, which is easy to be used by third parties for poisoning or system crash.


3. Processing ideas

1) Detect root and prohibit root machine

2) Detection of Hook framework modules such as Xposed

3) Detect frameworks such as Magisk to obtain root permissions without root


3. Run in a virtual container




Implementation method

Different from root injection, root directly modifies the system file to add a code injection window. VirtualApp registers the application in the virtual space, and objects created in the space call bindApplication () to add a code injection window

Similar to Docker, VirtualApp is a set of plug-in frameworks that allows applications to run as plug-ins in their constructed virtual space without actually installing the application

A lot of software is similar or developed based on VirtualApp …

(Use YAHFA instead of Xposed)


2. Pros and cons

1) Realize root function without root

2) It is more convenient to use than root, there are a lot of open source products that you can learn from

1) The relative root method can be detected (virtual space really exists)


3. Processing ideas


3.2. Tai Chi Xposed

Based on the second development of Hook frameworks such as Xposed, it is also a virtual operation, which is different from the VirtualApp above.

It needs to uninstall the original APP and reinstall it inside the Tai Chi container (the operation is obviously stuck)

It feels like one is a virtual machine (Tai Chi) and one is Docker (VirtualApp)

The detection of software such as Tai Chi should start from the detection application list (with anti-detection function) / detection package directory.


4. Modify the APP source code directly for secondary packaging


Advantages and disadvantages

1) Freely modify source code to add functions

1) At present, most software has anti-modification function, and it is difficult to crack it further.

2) Code obfuscation tool, the source code of the software is difficult to understand


5. Run in the Android emulator

The emulator cannot simulate a phone call or the like, or a common file will be generated inside the emulator to detect it.


6. Black box

The physical box can be positioned inside.


7. Analog interface request


* Solution idea expansion

1) For common virtual positioning software, directly check whether it exists in the software list or the software directory, and it must be uninstalled before it can be used.

(Significantly targeted ban, but treat the symptoms but not the root causes, change the package name and use again)

Such as: FakeLoction, Tai Chi Xposed, Xposed, etc …

If it is directly used in open apps such as Mobike / Meituan, it will lead to a poor user experience.

This detection method is suitable for internal APP

2) Check the Wifi list. If you have n’t changed for a long time, you have n’t touched the position at all.

3) Write a judgment algorithm based on the movement trajectory / history movement trajectory, for example:

1. A point is repeated many times in historical positioning, and it may be used as a positioning point.

2. In a certain range, the positioning latitude and longitude are the same continuously without any deviation. In theory, the mobile phone shakes even if there is no movement.

Article last published at: 2019-11-06 11:35:37

Orignal link: