There is a paper at WOOT 10’ described how to use smudges on the touch sceen of a smartphone to get largely decrease the time an attacker need to guess the right password to unlock the screen. For example, by for 4 passcode based iPhone, one just need to try at most P(4,4) = 4! = 24 times before he get the right one.

But I think this situation had happened on PC and we already have a solution. Long time ago, we have Trojan that steals the password. To combat with it, people invented virtual keyboard (like used by many online bank in China). But the attacker then upgraded their program to record the mouse coordinates so they still know which character you entered. Isn’t this sounds familiar? Yes, these coordinates are just like the smudges you left on your screen! So what happened next? We have randomized virtual keyboard.

I’m developing a syscall interception tool for Android as a course’s project. While it is relatively simple to intercept calling into the system services (introduced at the end), it is harder to get the syscall return. The reason is, the latest Android emulator is build upon QEMU 0.10.50, meaning it’s TCG based. So we cannot use the same way Qebek or TEMU uses to intercept the syscall return. Therefore I looked into the new code to find if I could find a way to solve this problem.