[SSBIZ]

Hi, I uploaded the new uploader and the new virtualbox and now it works to me as well!

Thanks!

[e192168]

Hello!

It is very good for future version, if processor socket DMI information can be change on VM :)

[newcomer]

Only one problem virtual machine start with my original processor id and serial number. As i understand configuration file already contain info for changing this details, additionally run command

Code: Select all

vboxmanage setextradata mx VBoxInternal/CPUM/
HostCPUID/80000003/ebx 0x50202952

for change this parameter, but still no effect. Is any one have same problem?
All other details is changed. I tried different iso - Windows7 and Debian, nothing.

Hello,

can you post your VBox log?

Hi,
have any ideas about my case, bcuz totally stuck (((.

Also looking for hardened for Linux, debian. Do have some instructions how-to-do?

[rootw0rm]

Thanks for the update! Have had some definite NAT weirdness, hope this clears it up.

pafish passes great, VMDE almost passes, but fails on PCI. Is loader not supposed to handle that? (host and guest: w10 x64, 14393)

I'll look into it more later now that i know all the stupid w10 libs to link.

[EP_X0FF]

Hello,

vboxmanage setextradata mx VBoxInternal/CPUM/HostCPUID/80000003/ebx 0x50202952

is the value you used to set with vboxmanage? No mentions in the logs. According to CPUMR3Cpuid.cpp->cpumR3LoadCpuId->cpumR3LoadCpuIdInner & cpumR3InitCpuIdAndMsrs the following functionality present:

Code: Select all

   /*
     * Get the host and guest overrides so we don't reject the state because
     * some feature was enabled thru these interfaces.
     * Note! We currently only need the feature leaves, so skip rest.
     */
    PCFGMNODE   pOverrideCfg = CFGMR3GetChild(CFGMR3GetRoot(pVM), "CPUM/HostCPUID");
    CPUMCPUID   aHostOverrideStd[2];
    memcpy(&aHostOverrideStd[0], &aHostRawStd[0], sizeof(aHostOverrideStd));
    cpumR3CpuIdInitLoadOverrideSet(UINT32_C(0x00000000), &aHostOverrideStd[0], RT_ELEMENTS(aHostOverrideStd), pOverrideCfg);

    CPUMCPUID   aHostOverrideExt[2];
    memcpy(&aHostOverrideExt[0], &aHostRawExt[0], sizeof(aHostOverrideExt));
    cpumR3CpuIdInitLoadOverrideSet(UINT32_C(0x80000000), &aHostOverrideExt[0], RT_ELEMENTS(aHostOverrideExt), pOverrideCfg);

Code: Select all

  /** @cfgm{/CPUM/HostCPUID/[000000xx|800000xx|c000000x]/[eax|ebx|ecx|edx],32-bit}
     * Overrides the CPUID leaf values (from the host CPU usually) used for
     * calculating the guest CPUID leaves.  This can be used to preserve the CPUID
     * values when moving a VM to a different machine.  Another use is restricting
     * (or extending) the feature set exposed to the guest. */
    if (RT_SUCCESS(rc))
        rc = cpumR3LoadCpuIdOverrides(pVM, CFGMR3GetChild(pCpumCfg, "HostCPUID"), "HostCPUID");

For Linux I used this http://download.virtualbox.org/virtualb ... _amd64.deb. Setup of VBox/VM is identical to Windows. Except you obviously need differently decorated set of scripts.

here is for example one of it based on previously posted.

Code: Select all

#!/bin/sh
vboxmanage setextradata $1 "VBoxInternal/CPUM/EnableHVP" 0

vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiBIOSVendor" "Apple Inc."
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiBIOSVersion" "MB52.88Z.0088.B05.0904162222"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiBIOSReleaseDate" "08/10/13"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiBIOSReleaseMajor" "5"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiBIOSReleaseMinor" "9"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiBIOSFirmwareMajor" "1"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiBIOSFirmwareMinor" "0"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiSystemVendor" "Apple Inc."
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiSystemProduct" "MacBook5,2"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiSystemVersion" "1.0"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiSystemSerial" "CSN12345678901234567"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiSystemSKU" "FM550EA#ACB"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiSystemFamily" "Ultrabook"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiSystemUuid" "B5FA3000-9403-81E0-3ADA-F46D045CB676"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiBoardVendor" "Apple Inc."
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiBoardProduct" "Mac-F22788AA"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiBoardVersion" "3.0"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiBoardSerial" "BSN12345678901234567"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiBoardAssetTag" "Base Board Asset Tag#"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiBoardLocInChass" "Board Loc In"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiBoardBoardType" 10
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiChassisVendor" "Apple Inc."
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiChassisType" 10
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiChassisVersion" "Mac-F22788AA"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiChassisSerial" "CSN12345678901234567"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiChassisAssetTag" "Apple"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiOEMVBoxVer" "Extended version info: 1.00.00"
vboxmanage setextradata $1 "VBoxInternal/Devices/efi/0/Config/DmiOEMVBoxRev" "Extended revision info: 1A"

vboxmanage setextradata $1 "VBoxInternal/Devices/ahci/0/Config/Port0/ModelNumber" "Hitachi HTS543232A7A384"
vboxmanage setextradata $1 "VBoxInternal/Devices/ahci/0/Config/Port0/FirmwareRevision" "ES2OA60W"
vboxmanage setextradata $1 "VBoxInternal/Devices/ahci/0/Config/Port0/SerialNumber" "2E3024L1T2V9KA"
vboxmanage setextradata $1 "VBoxInternal/Devices/ahci/0/Config/Port1/ModelNumber" "Slimtype DVD A  DS8A8SH"
vboxmanage setextradata $1 "VBoxInternal/Devices/ahci/0/Config/Port1/FirmwareRevision" "KAA2"
vboxmanage setextradata $1 "VBoxInternal/Devices/ahci/0/Config/Port1/SerialNumber" "ABCDEF0123456789"
vboxmanage setextradata $1 "VBoxInternal/Devices/ahci/0/Config/Port1/ATAPIVendorId" "Slimtype"
vboxmanage setextradata $1 "VBoxInternal/Devices/ahci/0/Config/Port1/ATAPIProductId" "DVD A  DS8A8SH"
vboxmanage setextradata $1 "VBoxInternal/Devices/ahci/0/Config/Port1/ATAPIRevision" "KAA2"

vboxmanage setextradata $1 "VBoxInternal/Devices/acpi/0/Config/AcpiOemId" "APPLE"
vboxmanage setextradata $1 "VBoxInternal/Devices/acpi/0/Config/DsdtFilePath" "/home/mintuser/DATA/WHTMP/vm/ACPI-DSDT.bin"
vboxmanage setextradata $1 "VBoxInternal/Devices/acpi/0/Config/SsdtFilePath" "/home/mintuser/DATA/WHTMP/vm/ACPI-SSDT1.bin"
vboxmanage setextradata $1 "VBoxInternal/Devices/vga/0/Config/BiosRom" "/home/mintuser/DATA/WHTMP/vm/videorom.bin"
vboxmanage modifyvm $1 --macaddress1 6CF0491A6E83

Patched tables for VgaBIOS/ACPI are the same as on Windows. In case of EFI you need patched VBoxEFI64.fd, this file is absolutely the same as on Windows, you need to replace original VBoxEFI64.fd with patched using root privileges.

Because there is no hardenning on Linux you can patch VBox files directly in file (or recompile source as mentioned before). So no additional loader required at all. Your target file is VBoxDD.so. Compared to Windows version there will be even less places required to patch. Replace original VBoxDD.so with patched VBoxDD.so using root privileges. The targets here obviously the same as on Windows, just on different offsets. It is 'XOBV' dword, 'VirtualBox' string, vboxmanage commands array and hardware id's (80EE, BEEF, CAFE). If you use EFI VM then make sure that faked videocard hardware id is the same as set in patched EFI VBoxVgaDxe module otherwise you will face black screen.

TL;DR
The only difference is the scripts definition and VBoxDD.so file patching.

If you need example of patched VBoxDD.so I can upload it later.

Only one problem virtual machine start with my original processor id and serial number. As i understand configuration file already contain info for changing this details, additionally run command

Code: Select all

vboxmanage setextradata mx VBoxInternal/CPUM/
HostCPUID/80000003/ebx 0x50202952

for change this parameter, but still no effect. Is any one have same problem?
All other details is changed. I tried different iso - Windows7 and Debian, nothing.

Hello,

can you post your VBox log?

Hi,
have any ideas about my case, bcuz totally stuck (((.

Also looking for hardened for Linux, debian. Do have some instructions how-to-do?

[SSBIZ]

Hi,

sorry for the stupid question
is there any other string other than cpuid we can put in your system in order to change drivers of graphics card and other elements of a system in order to make VM fully anonymous?

Thanks in advance!

[newcomer]

Good afternoon,

Yes the value tried to set is

vboxmanage setextradata mx VBoxInternal/CPUM/HostCPUID/80000003/ebx 0x50202952

But as understand this two strings, from cmd file used to change CPU details already, but seems they are not working properly.

Code: Select all

%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemFamily" "Ultrabook"
%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemUuid" "B5FA3000-9403-81E0-3ADA-F46D045CB676"

Cmd setup file is running without any error. Where can i search the problem and is any other ways to setup new CPUID and change its name?

If you need example of patched VBoxDD.so I can upload it later.

Yes, it will be nice to see, maybe someone more interested in run Vbox on debian.

[EP_X0FF]

VMDE almost passes, but fails on PCI. Is loader not supposed to handle that? (host and guest: w10 x64, 14393)

Nope, if driver agent loaded and loader set up it settings and PCI hw id still present in registry this mean you misconfigured VM. Either VM tools were installed or installed Windows not genuine (warez pack).

[EP_X0FF]

Hello,

Set of files for 5.1.6 in attach, original source http://download.virtualbox.org/virtualb ... _amd64.deb

Hardware ID part not patched (I don't patch them on Linux because personally I don't need this level of hardening). If you want to patch them too, see this post -> http://www.kernelmode.info/forum/viewto ... 806#p24806, its about old Windows version, so offsets obviosly different but as hint "what to do" this post should be enough.

If you need example of patched VBoxDD.so I can upload it later.

Yes, it will be nice to see, maybe someone more interested in run Vbox on debian.

[EP_X0FF]

Hello,

cpuid data itself is not detection vector. Multiple machines with CPU of same type will run with the same cpuid data. There is no reasons 4 making VM "unique" random as this will make it detectable instead.

Hi,

sorry for the stupid question
is there any other string other than cpuid we can put in your system in order to change drivers of graphics card and other elements of a system in order to make VM fully anonymous?

Thanks in advance!