Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 8 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -225,15 +225,17 @@ If you want to learn about the architecture and design of the library, head over
<summary>How is it developed?</summary>
<br>

> Based on online research (ranging from science papers to things like private game hacking forums and discord servers), we try to identify the methods currently used to hide VMs and investigate generic detections capable of detecting them, while constantly tracking their activity to ensure we stay one step ahead.
> Based on online research (ranging from scientific papers to private game-hacking forums and Discord servers), we identify the methods currently used to hide VMs and investigate generic detection techniques capable of finding them, while continuously tracking their activity so we stay one step ahead.
>
> Once we have developed production-level code, we upload it to the dev branch to start testing it in real environments, where products using our library on hundreds or even thousands of devices run our detection algorithms and silently alert us if a VM has been detected, to be later manually verified for false positives.
>
> If we believe that false positives have been corrected based on experimental tests and online evidence in public documentation and databases, we merge the changes to the main branch, assigning the new detections a score, taking into account their effectiveness, reliability, and their operation in conjunction with the rest of the techniques.
> Once we have production-ready code, we upload it directly to the main branch and begin testing in real environments.
>
> Products that include our library run our detection algorithms on hundreds or even thousands of devices and quietly report back if a VM is detected; those reports are later manually checked for false positives.
>
> If experimental tests and public documentation/databases indicate that false positives have been resolved, we keep the changes in main and assign scores to new detections based on their effectiveness, reliability, and how they operate together with other techniques.
>
> Other situations (such as false flags, compilation errors, possible vulnerabilities, etc.) are immediately merged into the main branch.
> Other situations (false flags, compilation errors, possible vulnerabilities, etc.) are also merged into main immediately.
>
> Once the library has undergone sufficient modifications compared to previous versions, we place the library in the releases section, explaining these changes in detail.
> When the library has accumulated enough changes compared to previous versions, we publish a release and explain those changes in detail.

</details>

Expand Down
18 changes: 9 additions & 9 deletions README_CN.md
Original file line number Diff line number Diff line change
Expand Up @@ -220,15 +220,15 @@ endif()
<details>
<summary>它是如何开发的?</summary>

> 基于线上研究(涵盖从学术论文到私人游戏黑客论坛及Discord社群等渠道),我们持续追踪当前用于隐藏虚拟机的方法,并研究能检测它们的通用方案,以此确保我们始终保持技术领先
>
> 当我们完成生产级代码开发后,会将其上传至开发分支进行真实环境测试——通过数百乃至数千台设备运行我们的检测算法,并在识别到虚拟机时静默上报,后续由人工核验误报情况
>
> 若通过实验测试及公开文档/数据库的线上证据确认误报已修正,我们会将变更合并至主分支,并根据新检测技术的有效性、可靠性及与其他技术的协同表现进行综合评分
>
> 其他特殊情况(如误报标记、编译错误、潜在漏洞等)则立即合并至主分支
>
> 当库版本累积足够改进后,我们会在发布区详细说明所有变更内容
> 基于线上研究(涵盖学术论文到私人游戏破解论坛及 Discord 社群等渠道),我们识别当前用于隐藏虚拟机的方法,并研究能够检测它们的通用检测手段,同时持续追踪其活动以保持领先
>
> 当我们完成生产级代码后,会直接将其上传到 main 分支并在真实环境开始测试。使用我们库的产品会在数百甚至数千台设备上运行检测算法,若检测到虚拟机会静默上报;这些上报随后由人工核验误报
>
> 如果实验测试和公开文档/数据库的线上证据表明误报已被修正,我们会将变更保留在 main,并根据新检测项的有效性、可靠性及与其他技术的协同表现对其进行评分
>
> 其他情况(例如误报标记、编译错误、潜在漏洞等)也会立即合并到 main
>
> 当库相比之前的版本积累了足够的改进后,我们会发布新版本,并在发布说明中详细说明这些更改

</details>

Expand Down
16 changes: 9 additions & 7 deletions README_FR.md
Original file line number Diff line number Diff line change
Expand Up @@ -215,15 +215,17 @@ Si vous voulez comprendre l’architecture et la conception de la bibliothèque,
<summary>Comment est-il développé?</summary>
<br>

> À partir de recherches en ligne (articles scientifiques, forums de piratage de jeux privés, serveurs Discord, etc.), nous identifions les méthodes utilisées pour dissimuler les VM et étudions les systèmes de détection génériques capables de les repérer. Nous surveillons en permanence leur activité pour garder une longueur d'avance.
>
> Une fois le code prêt pour la production, nous le téléchargeons sur la branche de développement (`dev`) pour le tester en conditions réelles. Sur des centaines, voire des milliers d'appareils, les produits utilisant notre bibliothèque exécutent nos algorithmes de détection et nous alertent discrètement en cas de détection d'une VM. Les faux positifs sont ensuite vérifiés manuellement.
> À partir de recherches en ligne (articles scientifiques, forums privés de piratage de jeux, serveurs Discord, etc.), nous identifions les méthodes utilisées pour dissimuler les VM et étudions des techniques de détection générales capables de les repérer, tout en surveillant en permanence leur activité pour garder une longueur d'avance.
>
> Si nous estimons que les faux positifs ont été corrigés grâce à des tests expérimentaux et des preuves en ligne issues de la documentation et des bases de données publiques, nous intégrons les modifications à la branche `main`, en attribuant un score aux nouvelles détections. Ce score tient compte de leur efficacité, de leur fiabilité et de leur fonctionnement en combinaison avec les autres techniques.
>
> Les autres situations (telles que les faux positifs, les erreurs de compilation, les vulnérabilités potentielles, etc.) sont immédiatement résolues et intégrées sur `main`.
> Une fois le code prêt pour la production, nous le téléversons directement sur la branche main et commençons les tests en conditions réelles.
>
> Les produits intégrant notre bibliothèque exécutent nos algorithmes de détection sur des centaines voire des milliers d'appareils et nous signalent discrètement toute détection de VM ; ces signalements sont ensuite vérifiés manuellement pour détecter d'éventuels faux positifs.
>
> Si les tests expérimentaux et les preuves issues de la documentation et des bases de données publiques confirment que les faux positifs ont été corrigés, nous conservons les modifications sur main et attribuons un score aux nouvelles détections selon leur efficacité, leur fiabilité et leur interaction avec les autres techniques.
>
> D'autres situations (faux positifs, erreurs de compilation, vulnérabilités potentielles, etc.) sont également intégrées immédiatement sur main.
>
> Une fois que la bibliothèque a subi suffisamment de modifications par rapport aux versions précédentes, nous la publions dans la section des versions, en expliquant ces modifications en détail.
> Quand la bibliothèque a accumulé suffisamment de modifications par rapport aux versions précédentes, nous publions une release et détaillons les changements dans les notes de version.

</details>

Expand Down
24 changes: 8 additions & 16 deletions README_KR.md
Original file line number Diff line number Diff line change
Expand Up @@ -187,14 +187,6 @@ endif()

</details>

<!--
<details>
<summary>How does it compare to paid VM detection libraries?</summary>
<br>

> There are several paid software solutions available for protecting software licenses from reverse engineering or cracking, such as <a href="https://docs.sentinel.thalesgroup.com/home.htm">Thales' Sentinel RMS</a> and <a href="https://vmpsoft.com/">VMProtect</a>. These tools include VM detection as part of their feature set, though their primary focus is not necessarily VM detection unlike this project.
</details>
-->

<details>
<summary>오픈 소스 프로젝트는 라이브러리를 더 취약하게 만들지 않을까요?</summary>
Expand All @@ -221,15 +213,15 @@ endif()
<summary>어떻게 개발되나요?</summary>
<br>

> 학술 논문부터 개인 게임 해킹 포럼, Discord 커뮤니티에 이르기까지 다양한 채널을 통한 온라인 연구를 바탕으로, 우리는 가상 머신을 숨기는 데 사용되는 최신 기법을 지속적으로 추적하고 이를 감지할 수 있는 일반적인 솔루션을 연구하여 항상 기술의 선두를 유지합니다.
>
> 프로덕션 퀄리티의 코드 개발을 완료하면 실제 테스트를 위해 개발 브랜치에 업로드합니다. 수백, 수천 대의 장치에서 감지 알고리즘을 실행하고 가상 머신이 감지되면 자동으로 보고한 후, 오탐지에 대한 수동 검증을 수행합니다.
> 학술 논문에서 개인 게임 해킹 포럼, Discord 커뮤니티에 이르기까지 온라인 조사를 바탕으로 가상 머신을 숨기는 최신 기법을 식별하고, 이를 탐지할 수 있는 일반적 방법을 연구하며 그 활동을 지속적으로 추적해 기술 우위를 유지합니다.
>
> 실험 테스트와 공개 문서/데이터베이스의 온라인 증거를 토대로 오탐지가 수정된 것으로 확인되면 변경 사항을 메인 브렌치에 병합합니다. 또한 새로운 탐지 기술에 효과성, 신뢰성, 다른 기술과의 시너지 효과 바탕으로 포괄적인 점수를 부여합니다.
>
> 기타 특수한 경우(예: 오탐지, 컴파일 오류, 잠재적 취약점 등)는 즉시 메인 브랜치에 병합됩니다.
>
> 라이브러리 버전에 충분한 개선 사항이 누적되면 릴리즈 되며, 릴리즈 페이지에서 모든 변경 사항을 상세히 기술합니다.
> 프로덕션 품질의 코드가 준비되면 이를 main 분기에 직접 업로드하고 실제 환경에서 테스트를 시작합니다. 우리 라이브러리를 포함한 제품들은 수백에서 수천 대의 장치에서 탐지 알고리즘을 실행하며, 가상 머신이 감지되면 조용히 보고하고 해당 보고서는 이후 수동으로 오탐 여부를 검증합니다.
>
> 실험 테스트 및 공개 문서/데이터베이스의 증거로 오탐이 수정된 것이 확인되면 변경사항은 main에 남겨지며, 새 탐지 항목에는 유효성, 신뢰성, 다른 기법과의 상호작용을 고려한 점수가 부여됩니다.
>
> 오탐, 컴파일 오류, 잠재적 취약점 등 다른 상황도 즉시 main에 통합됩니다.
>
> 라이브러리가 이전 버전 대비 충분한 개선을 누적하면 릴리스를 게시하고 변경 사항을 상세히 설명합니다.

</details>

Expand Down
Loading
Loading