nsmfoo / antivmdetection Goto Github PK
View Code? Open in Web Editor NEWScript to create templates to use with VirtualBox to make vm detection harder
License: MIT License
Script to create templates to use with VirtualBox to make vm detection harder
License: MIT License
Hi
Why was XP support removed ?
I would like to run this on XP. Please.
Thanks
I'm just getting into researching anti-vm techniques and wanted to ask. as far as I can tell the process for generating xxxx.ps1
is host machine agnostic, and the guest OS is always W7 or W10, so genuine question, why not just release the generated batch files? Is it because the host machines DSDT needs to be dumped (why)?
Hi I am facing the following issue while running the .sh
script, can you help me out?
VBoxManage: error: Invalid MAC address format
VBoxManage: error: Details: code NS_ERROR_INVALID_ARG (0x80070057), component NetworkAdapterWrap, interface INetworkAdapter, callee nsISupports
VBoxManage: error: Context: "COMSETTER(MACAddress)(Bstr(ValueUnion.psz).raw())" at line 2068 of file VBoxManageModifyVM.cpp
==[ Error:
sudo python antivmdetect.py
--- Generate VirtualBox templates to help thwart VM detection and more .. - Mikael, @nsmfoo ---
[*] Creating VirtualBox modifications ..
Traceback (most recent call last):
File "antivmdetect.py", line 46, in
dmi_info['DmiBIOSReleaseDate'] = v['data']['Relase Date']
NameError: name 'v' is not defined
==[ Debbuging Info
$ python -V
Python 2.7.12
$ virtualbox -h
Oracle VM VirtualBox Manager 5.0.32_Ubuntu
(C) 2005-2017 Oracle Corporation
All rights reserved.
sudo dmidecode -V
3.0
$ lsb_release -a
No LSB modules are available.
Distributor ID: LinuxMint
Description: Linux Mint 18.1 Serena
Release: 18.1
Codename: serena
$ sudo dpkg -l python-dmidecode libcdio-utils acpidump mesa-utils
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
ii acpidump 20160108-2 all transitional dummy package
ii libcdio-utils 0.83-4.2ubuntu1 amd64 sample applications based on the CDIO libraries
ii mesa-utils 8.3.0-1 amd64 Miscellaneous Mesa GL utilities
ii python-dmidecode 3.12.2-2 amd64 Python extension module for dmidecode
processor : 7
vendor_id : GenuineIntel
cpu family : 6
model : 58
model name : Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
The .sh files runs with no errors, but when I try to start the VM in order to install the OS I get the following message "Error: failed to start machine. Error message: PIIX3 configuration error: "FirmwareRevision" is longer than 8 bytes (VERR_INVALID_PARAMETER)"
Maybe errors in the .sh file:
VBoxManage setextradata "$1" VBoxInternal/Devices/pcbios/0/Config/DmiSystemVendor 'Dell Inc.'
VBoxManage setextradata "$1" VBoxInternal/Devices/pcbios/0/Config/DmiSystemVersion 'string:'
controller=VBoxManage showvminfo "$1" --machinereadable | grep SATA
if [[ -z "$controller" ]]; then
VBoxManage setextradata "$1" VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/ModelNumber 'SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0d 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HDIO_GET_IDENTITY failed: Invalid argument'
VBoxManage setextradata "$1" VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/SerialNumber '4016140B3A674D9BAA4A'
Ubuntu 16.04.2 LTS
python-dmidecode 3.12.2-2
python 2.7.12
virtualbox 5.1.22r115126
I have followed all the instructions. Although I couldn't install acpidump with apt, I manually downloaded it from https://ubuntu.pkgs.org/16.04/ubuntu-universe-amd64/acpidump_20160108-2_all.deb.html
Upon running the python script, it is mentioned that the bin file is created, although it is nowhere to be found! Am I missing something?
$ sudo python antivmdetect.py
[sudo] password for november:
--- Generate VirtualBox templates to help thwart VM detection and more .. - Mikael, @nsmfoo ---
[*] Creating VirtualBox modifications ..
[*] Creating a DSDT file...
[*] Finished: A template shell script has been created named: C2SBA.sh
[*] Finished: A DSDT dump has been created named: DSDT_C2SBA.bin
[*] Creating guest based modification file (to be run inside the guest)...
[Info] Could not find a user supplied file called: clipboard_buffer, a random string will be generated instead
[*] Finished: A Powershell file has been created, named: C2SBA.ps1
$ ls
antivmdetect.py computer.lst README.md Volumeid64.exe
C2SBA.ps1 DevManView.chm readme.txt Volumeid.exe
C2SBA.sh DevManView.exe user.lst
Hi,
I am getting a warning message for Computer.lst and User.lst
.
I have Centos 7 Has a Host machine & Windows 7 VM (Virtualbox) has a guest machine
.
I am running antivmdetection.py in centos 7 and getting the warning message for Computer.lst & User.lst dependencies.
.
How to fix these dependencies issue.
.
Thanks & Regards
Seantree
Hi Mikael. My host os Ubuntu 16.04, i am try install windows 10 in vbox. After start command [bash p6-2006ru computer] try start guest os for install. After start, i am see this message:
Configuration error: Querying "DmiBoardSerial" as a string failed (VERR_CFGM_NOT_STRING).
Код ошибки: | NS_ERROR_FAILURE (0x80004005) |
---|---|
Компонент: | ConsoleWrap |
Интерфейс: | IConsole {872da645-4a9b-1727-bee2-5585105b9eed} |
How i fix it?
Thank you so much and sorry for my English:)
It seems some of the dependencies are not available on archlinux. How to fix them and use this script on archlinux?
When I exported image in ova file and tried to run in another machine I got the below error.
Error reading custom ACPI table. (VERR_PATH_NOT_FOUND). Result Code: E_FAIL (0x80004005) Component: ConsoleWrap Interface: IConsole {872da645-4a9b-1727-bee2-5585105b9eed}
VirtualBox Logs:
00:00:02.259913 ACPI: Reading custom ACPI table(0) from file '/home/nav/Desktop/antivm/DSDT_OptiPlex9020.bin' (0 bytes)
00:00:02.259924 VMSetError: F:\tinderbox\win-6.0\src\VBox\Devices\PC\DevACPI.cpp(4013) int __cdecl acpiR3Construct(struct PDMDEVINS *,int,struct CFGMNODE *); rc=VERR_PATH_NOT_FOUND
00:00:02.259929 VMSetError: Error reading custom ACPI table.
00:00:02.259937 PDM: Failed to construct 'acpi'/0! VERR_PATH_NOT_FOUND (-103) - Path not found.
How to run the imgae in other machines?
Do I have to run the script in that machine also?
Hi new error
Configuration error: Querying "AcpiCreatorRev" as integer failed (VERR_CFGM_NOT_INTEGER).
in .sh script-
VBoxManage setextradata "$1" VBoxInternal/Devices/acpi/0/Config/AcpiOemId 'ALASKA'
VBoxManage setextradata "$1" VBoxInternal/Devices/acpi/0/Config/AcpiCreatorId 'string:I'
VBoxManage setextradata "$1" VBoxInternal/Devices/acpi/0/Config/AcpiCreatorRev '00000088'
Hello!
DevManView.exe /uninstall "PCI\VEN_80EE&DEV_CAFE"* /use_wildcard
It's cool!!
But VBox contains also another device: "PCI\VEN_80EE&DEV_BEEF", and
DevManView.exe /uninstall "PCI\VEN_80EE&DEV_BEEF"* /use_wildcard
not work =(
Hello,
Nice script that you made.
Biggest problem i have its i am running VirtalBox on my mac. I did make changes my self manaul.
I hope you can make one that run on MacOS too.
I'm seeing the current error:
$ python antivmdetect.py --- Generate VirtualBox templates to help thwart VM detection and more .. - Mikael, @nsmfoo --- [*] Creating VirtualBox modifications .. Traceback (most recent call last): File "antivmdetect.py", line 45, in <module> dmi_info['DmiBIOSReleaseDate'] = v['data']['Relase Date'] NameError: name 'v' is not defined
Here is my output from "sudo dmidecode -t 0":
dmidecode 2.12
SMBIOS 2.8 present.
Handle 0x0000, DMI type 0, 24 bytes
BIOS Information
Vendor: American Megatrends Inc.
Version: 1.0b
Release Date: 04/21/2015
Address: 0xF0000
Runtime Size: 64 kB
ROM Size: 16384 kB
Characteristics:
PCI is supported
BIOS is upgradeable
BIOS shadowing is allowed
Boot from CD is supported
Selectable boot is supported
BIOS ROM is socketed
EDD is supported
5.25"/1.2 MB floppy services are supported (int 13h)
3.5"/720 kB floppy services are supported (int 13h)
3.5"/2.88 MB floppy services are supported (int 13h)
Print screen service is supported (int 5h)
8042 keyboard services are supported (int 9h)
Serial services are supported (int 14h)
Printer services are supported (int 17h)
ACPI is supported
USB legacy is supported
BIOS boot specification is supported
Targeted content distribution is supported
UEFI is supported
BIOS Revision: 5.6
Here's the errors I receive:
VBoxManage: error: The VM session was aborted
VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component SessionMachine, interface ISession
and from the log:
Untrusted device called trusted helper! 'ahci'/0
Any hints on getting this to work? Thank you.
This is used to vmware pass virtual honestly right? I read but did not understand how to
Install dependencies sudo apt install python3-pip libcdio-utils acpica-tools mesa-utils
Install Python modules: pip3 install -r requirements.txt
Can you help me not to thank.
The README.md tells us to run the script and then create computer.lst and user.lst, but then the dependency check fails.
Under what license is this code under? I've looked but I haven't found where this is specified.
If you have no hard opinions on the topic I would advise using the MIT license or a BSD license but the GPL could work in my case too.
ola, need some help for run dis on win10(host)
already have almost finished patch. Im tryin to finish it maself, but in pafish some markers r still red
need some help
@jessstoner telegram
[email protected]
i can pay for ur service.
Virtualbox error-
PIIX3 configuration error: "FirmwareRevision" is longer than 8 bytes (VERR_INVALID_PARAMETER).
sh file error -
VBoxManage setextradata "$1" VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/ModelNumber ' HDIO_GET_IDENTITY failed: Invalid argument'
VBoxManage setextradata "$1" VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/FirmwareRevision ' HDIO_GET_IDENTITY failed: Invalid argument'
else
VBoxManage setextradata "$1" VBoxInternal/Devices/ahci/0/Config/Port0/ModelNumber ' HDIO_GET_IDENTITY failed: Invalid argument'
VBoxManage setextradata "$1" VBoxInternal/Devices/ahci/0/Config/Port0/FirmwareRevision ' HDIO_GET_IDENTITY failed: Invalid argument'
fi
python-dmidecode 3.12.2-2
python 2.7.12
Virtualbox 5.1.22 r115126 (Qt5.5.1)
elementary OS 0.4.1 Loki
antivmdetection -from git
I get this error when running the script:
Traceback (most recent call last):
File "antivmdetect.py", line 50, in
dmi_info['DmiBIOSReleaseDate'] = "string:" + v['Relase Date']
NameError: name 'v' is not defined
hi, after executing the .sh script to modify some vbox parameters, windows 10 x64 cannot be installed. the error is ACPI BIOS ERROR very early in the installation process.
commenting out the VBoxInternal/Devices/acpi/0/Config/CustomTable line in the vbox, windows 10 x64 gets installed correctly, so the problem I think is using the dumped DSDT table
Seems like an edge case:
Code breaks when TMDB match returns is more than +/- 1 year of release date.
Example: Need for Speed (2014)
TMDB look up returns Need for Speed (2018)
directory.py - Line 126 only accepts movie_release_year + / - 1 so you get a KeyError: 'release_date'
You can bypass this error by removing the TMDB key (quick fix) from default_config
What shall I do?What's the problem?
Hi everyone I am new to to this and this is what I try:
Hi
I am using host Windows 10
and vmware workstation 12 Guest Windows 7
Generate script from host
Is it available on Windows 10?
Setup VM
The VMware option does not display this feature.
Can I ignore it?
I am a very beginner.
Can you tell me more about how to use it?
There is any online site (JavaScript perhaps) to check / dedect virtual machine / browser ?
As #13
Same issue, everything installed through pip in a virtualenv (and no python anywhere else in the PATH). dmidecode has versions 0.8.1 and 0.9.0 both with the problem
pip 18.0 from /.../repos/antivmdetection/env/lib/python2.7/site-packages/pip (python 2.7)
Python 2.7.15
I'm booting from UEFI, not BIOS, so that is pretty relevant.
First of all, thank you .. for taking the time to write this script
I have just a couple of questions :
Failed to open a session for the virtual machine ex.
Configuration error: Querying "AcpiCreatorId" as string failed (VERR_CFGM_NOT_STRING).
Result Code: NS_ERROR_FAILURE (0x80004005)
Component: ConsoleWrap
Interface: IConsole {872da645-4a9b-1727-bee2-5585105b9eed}
Many thanks for you in advance
I've generated the script using a LiveUSB of Ubuntu 20.04 and rebooted into MacOS. I'm getting the following when running ./MacBookPro11_3.sh test
VBoxManage: error: Invalid MAC address format
VBoxManage: error: Details: code NS_ERROR_INVALID_ARG (0x80070057), component NetworkAdapterWrap, interface INetworkAdapter, callee nsISupports
VBoxManage: error: Context: "COMSETTER(MACAddress)(Bstr(ValueUnion.psz).raw())" at line 2068 of file VBoxManageModifyVM.cpp
and the W10 guest is giving me the BSOD with Stop Code ACPI Bios Error on booting the W10 install dvd.
I modified the relevant line in MacBookPro11_3.sh
to have an even first byte of the MAC address (not sure why this is happening):
- VBoxManage modifyvm "$1" --macaddress1 e58a54e0fdca
+ VBoxManage modifyvm "$1" --macaddress1 e68a54e0fdca
and recreated the guest in VirtualBox, but it's still repeatedly crashing when the W10 install tries to load up. The W10 install DVD boots fine if I don't run the script.
The only setting I wasn't sure about from the README was the Host Network Manager - I have the vboxnet0 adapter set to Configure Adapter Manually -> 192.168.56.1/24 and DHCP enabled - and the Storage. I have one SATA Storage controller with my vdi
file in the first slot and the W10 install DVD in the second slot.
Not sure how to proceed - let me know if I should post the script (is that safe?)
--- Generate VirtualBox templates to help thwart vm detection - Mikael, @nsmfoo ---
[*] Creating VirtualBox modifications ..
Traceback (most recent call last):
File "./antivmdetect.py", line 38, in <module>
dmi_info['DmiBIOSReleaseDate'] = v['data']['Relase Date']
KeyError: 'Relase Date'
type mistake?
I want to use the webcam, but the traditional usb method does not work. I have to use the webcam passthrough method. https://forums.virtualbox.org/viewtopic.php?f=8&t=74112
After use this, the webcam's name is named VirtualBox Webcam...
Seems I should consider the patching VirtualBox approach... Is threre any easy to use scripts like this?
hi, i m trying to use your script to make my vm detection hard. So far it generates the required scripts as follows, but when i try to execute outside script, it gives me error "too many arguments on line 72". when i sudo run the script, it gives me error of "win7x642 vm not found" while in the list list it clearly detects the said vm. Can you please help me resolve this error?
mxn@mxn-Latitude-E6510:~/antivmdetection$ sudo python antivmdetect.py
--- Generate VirtualBox templates to help thwart VM detection and more .. - Mikael, @nsmfoo ---
[] Creating VirtualBox modifications ..
[] Creating a DSDT file...
[] Finished: A template shell script has been created named: LatitudeE6510.sh
[] Finished: A DSDT dump has been created named: DSDT_LatitudeE6510.bin
[] Creating guest based modification file (to be run inside the guest)...
[Info] Could not find a user supplied file called: clipboard_buffer, a random string will be generated instead
[] Finished: A Powershell file has been created, named: LatitudeE6510.ps1
mxn@mxn-Latitude-E6510:/antivmdetection$ bash ./LatitudeE6510.sh/antivmdetection$ bash ./LatitudeE6510.sh win7x642
[] Please add vm name!
[] Available vms:
win7x64-VB
win7x642
mxn@mxn-Latitude-E6510:
./LatitudeE6510.sh: line 72: [: too many arguments
mxn@mxn-Latitude-E6510:~/antivmdetection$ sudo bash ./LatitudeE6510.sh win7x642
VBoxManage: error: Could not find a registered machine named 'win7x642'
VBoxManage: error: Details: code VBOX_E_OBJECT_NOT_FOUND (0x80bb0001), component VirtualBoxWrap, interface IVirtualBox, callee nsISupports
Getting the following error after running the generated script and attempting to open the VM for the first time:
Failed to open a session for the virtual machine Scam-baitin.
The VM session was aborted.
Result Code: NS_ERROR_FAILURE (0x80004005)
Component: SessionMachine
Interface: ISession {c0447716-ff5a-4795-b57a-ecd5fffa18a4}
I do store my VMs on a separate drive and I suspect that's why. How can I edit the script if that's what's causing this?
All,
I have an interesting setup on my Mac El Capitan:
VMWare Fusion Running an Ubuntu Image
Virtualbox running inside the Ubuntu Image
When running the hardening script, I would get an error showing that the firmware revision was longer than 8 bytes. After looking at the script, I was able to google and see that the issue stemmed from hdparm outputting:
"""
/dev/sda:
SG_IO: bad/missing sense data, sb[]: Byte stream longer than 8 bytes
"""
This information gets shoved into the script and ultimately assigned to the VM.
To correct this, I manually modified the script and added the following parameters (from an old google post):
Set SerialNumber to: "AD3C0845CB6C452CBB30"
FirmwareRevision to: "FC2ZF50B"
ModelNumber to: "HITACHI HTD723216L9SA60"
SerialNumber to: "091118FC1221NCJ6G8GG"
For port firmware revision... i used the same value again with no complaints. I'm not very knowledgable about what these parameters may affect, but perhaps we can add a check to generate some random BS if an error is detected?
you miswrote "release" as "relase" on line 50. I corrected it and the script got working again.
and i suggest you to change your readme.md on one of its line:
pip3 -r requirements.txt
to
sudo pip3 -r requirements.txt
as running it without superuser caused dmidecode not to be found in modules
On Linux, the script is giving an error:
dmi_info['DmiBIOSReleaseDate'] = v['data']['Release Date']
NameError: name 'v' is not defined.
Plus, I noticed that under Linux the script is also checking for Windows dependencies...
Topic :) Here's the run for a 32 bit OS:
--- Generate VirtualBox templates to help thwart VM detection and more .. - Mikael, @nsmfoo ---
[*] Creating VirtualBox modifications ..
[*] Creating a DSDT file...
[*] Finished: A template shell script has been created named: AllSeries.sh
[*] Finished: A DSDT dump has been created named: DSDT_AllSeries.bin
[WARNING] Size of the DSDT file is too large (> 64k). Try to build the template from another computer
[*] Creating guest based modification file (to be run inside the guest)...
[Info] Could not find a user supplied file called: clipboard_buffer, a random string will be generated instead
[*] Finished: A Powershell file has been created, named: AllSeries.ps1
** COLLECTED WARNINGS **
# SMBIOS implementations newer than version 2.7 are not
# fully supported by this version of dmidecode.
** END OF WARNINGS **
[19:22:02 :~/Downloads/sandbox/vmharden/antivmdetection$] sh AllSeries.sh 'WinXP Analysis'
AllSeries.sh: 40: AllSeries.sh: [[: not found
AllSeries.sh: 49: AllSeries.sh: [[: not found
[WARNING] Memory size is 2GB or less. Consider adding more memory!
AllSeries.sh: 82: [: 172.16.0.1: unexpected operator
AllSeries.sh: 84: [: default: unexpected operator
AllSeries.sh: 86: [: pulse: unexpected operator
Is this normal? Thank you.
Hi there
My name is nisar and i have this project of hardening a sandbox e.g. virtual windows 10 to be harden for anti vm malware not to get detect and the anti vm malware should successfully run in it.
so I run Pafish it gives me few stuff to change in the virtual machine windows 10 system for the anti vm malware successfully to run. but then i was googling and i came across this post, now i have problem running the "antivmdetect" code inmy virtual windows 10.
so i install python 3.8.2
installed pip3
i started the cmd as administrator it still gives me problem such as
--- Generate VirtualBox templates to help thwart VM detection and more .. - Mikael, @nsmfoo ---
Traceback (most recent call last):
File "C:\Users\User\Desktop\antivmdetection-master\antivmdetect.py", line 20, in
if not os.geteuid()==0:
AttributeError: module 'os' has no attribute 'geteuid'
any idea please
I'm currently trying to run the sh file that created from antivmdetect.py and I got these errors
Host OS: Ubuntu 20.04.1 LTS
Guess OS: Not installed yet
./HPLaptop.sh: 40: [[: not found
./HPLaptop.sh: 78: [: unexpected operator
./HPLaptop.sh: 80: [: none: unexpected operator
./HPLaptop.sh: 82: [: pulse: unexpected operator
From the beginning of line 40 to 52
if [[ -z "$controller" ]]; then
VBoxManage setextradata "$1" VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/SerialNumber 'F07EA405C1FD49289740'
VBoxManage setextradata "$1" VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/FirmwareRevision ' HDIO_DRIVE_CMD(identify) failed: Inappropriate ioctl for device
HDIO_GET_IDENTITY failed: Inappropriate ioctl for device'
VBoxManage setextradata "$1" VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/ModelNumber ' HDIO_DRIVE_CMD(identify) failed: Inappropriate ioctl for device
HDIO_GET_IDENTITY failed: Inappropriate ioctl for device'
else
VBoxManage setextradata "$1" VBoxInternal/Devices/ahci/0/Config/Port0/SerialNumber 'F07EA405C1FD49289740'
VBoxManage setextradata "$1" VBoxInternal/Devices/ahci/0/Config/Port0/FirmwareRevision ' HDIO_DRIVE_CMD(identify) failed: Inappropriate ioctl for device
HDIO_GET_IDENTITY failed: Inappropriate ioctl for device'
VBoxManage setextradata "$1" VBoxInternal/Devices/ahci/0/Config/Port0/ModelNumber ' HDIO_DRIVE_CMD(identify) failed: Inappropriate ioctl for device
HDIO_GET_IDENTITY failed: Inappropriate ioctl for device'
fi
From the beginning of line 78 to 85
if [ "$hostint_ip" == '192.168.56.1' ]; then echo "[WARNING] You are using the default IP/IP-range. Consider changing the IP and the range used!"; fi
virtualization_type=$(VBoxManage showvminfo --machinereadable "$1" | grep -i ^paravirtprovider | cut -d "=" -f2 | sed 's/"//g')
if [ ! $virtualization_type == 'none' ]; then echo "[WARNING] Please switch paravirtualization interface to: None!"; fi
audio=$(VBoxManage showvminfo --machinereadable "$1" | grep audio | cut -d "=" -f2 | sed 's/"//g' | head -1)
if [ $audio == 'none' ]; then echo "[WARNING] Please consider adding an audio device!"; fi
arc_devman=64
devman_arc=$(VBoxManage showvminfo --machinereadable "$1" | grep ostype | cut -d "=" -f2 | grep -o "(.*)" | sed 's/(//;s/)//;s/-bit//')
if [ $devman_arc != $arc_devman ]; then echo "[WARNING] Please use the DevManView version that coresponds to the guest architecture: $devman_arc "; fi
Hello, I just discovered your script. I was attempting to test it out while reading the README.md
So I ran python antivmdetection.py
It gave me an error saying that dmidecode wasnt install. I pip installed dmidecode
succesfully but on second run it seems that it is giving me the error:
[WARNING] Dependencies are missing, please verify that you have installed: /usr/bin/cd-drive
That being said I am running Linux on an Thinkpad X200 without a CD-ROM drive. I suppose this is the issue?
sudo dmidecode -t0
# dmidecode 2.12
SMBIOS 2.4 present.
Handle 0x0000, DMI type 0, 24 bytes
BIOS Information
Vendor: LENOVO
Version: 6DET38WW (2.02 )
Release Date: 12/19/2008
Address: 0xE0000
Runtime Size: 128 kB
ROM Size: 8192 kB
Characteristics:
PCI is supported
PC Card (PCMCIA) is supported
PNP is supported
BIOS is upgradeable
BIOS shadowing is allowed
ESCD support is available
Boot from CD is supported
Selectable boot is supported
BIOS ROM is socketed
EDD is supported
ACPI is supported
USB legacy is supported
BIOS boot specification is supported
Targeted content distribution is supported
BIOS Revision: 2.2
Firmware Revision: 1.3
This is the error that I got when I execute the ps1 script inside the guest.
Exception setting "CreationTime": "Cannot convert value "23/07/2008 6.00" to type "System.DateTime". Error: "String was
not recognized as a valid DateTime.""
At C:\Users\PC\Desktop\SystemProductName.ps1:5546 char:45
Exception setting "LastWriteTime": "Cannot convert value "15/04/2010 4.27" to type "System.DateTime". Error: "String wa
s not recognized as a valid DateTime.""
At C:\Users\PC\Desktop\SystemProductName.ps1:5547 char:45
Any hints/solutions? Thanks in advance.
--- Generate VirtualBox templates to help thwart vm detection - Mikael, @nsmfoo ---
[*] Creating VirtualBox modifications ..
Traceback (most recent call last):
File "antivmdetect.py", line 34, in
for v in dmidecode.bios().values():
AttributeError: 'module' object has no attribute 'bios'
I have exactly the same issue... I'm using metal ubuntu 18.04 LTS.
The output of the following: hdparm -i /dev/sda | grep -o 'FwRev=[A-Za-z0-9_+/ ."-]*' | awk -F= '{print $2}'
produces /dev/sda: No such file or directory
Originally posted by @oaustin in #23 (comment)
Hi Mikael,
I got no luck to get it running, already tried 2 machines with the same result (one of those is old Lenovo R500). The size of generated DSDT table is not larger than the 64KB (62806 bytes) and still virtualbox refuses to run the session (virtualbox 5.1 on ubuntu 16.04, tried also older versions of both with the same result)
https://dl.dropboxusercontent.com/u/31835862/DSDT.zip
I followed instructions from this article
https://byte-atlas.blogspot.sk/2017/02/hardening-vbox-win7x64.html
Please let me know if you need anything else
Failed to open a session for the virtual machine Z97X-SOCForce.
AHCI configuration error: "FirmwareRevision" is longer than 8 bytes (VERR_INVALID_PARAMETER).
Result Code: | NS_ERROR_FAILURE (0x80004005) |
---|---|
Component: | ConsoleWrap |
Interface: | IConsole {872da645-4a9b-1727-bee2-5585105b9eed} |
looking inside the .vbox file
<ExtraDataItem name="VBoxInternal/Devices/ahci/0/Config/Port0/FirmwareRevision" value=" HDIO_GET_IDENTITY failed: Invalid argument"/> <ExtraDataItem name="VBoxInternal/Devices/ahci/0/Config/Port0/ModelNumber" value=" HDIO_GET_IDENTITY failed: Invalid argument"/>
found another error
INF_SUCCESS 00:00:00.842093 VMSetError: Configuration error: "AcpiCreatorId" must contain not more than 4 characters
and another
00:00:01.097417 ERROR [COM]: aRC=NS_ERROR_FAILURE (0x80004005) aIID={872da645-4a9b-1727-bee2-5585105b9eed} aComponent={ConsoleWrap} aText={Configuration error: Querying "AcpiCreatorRev" as integer failed (VERR_CFGM_NOT_INTEGER)}, preserve=false aResultDetail=-2106
starting to think I should have just manually done these unsure how to trim the table back
Error: ACPI tables bigger than 64KB (VERR_TOO_MUCH_DATA).
ls -l /sys/firmware/acpi/tables/ | grep DSDT
-r-------- 1 root root 67136 Feb 12 17:11 DSDT
anyone able to share their CustomTable bin file ?
http://acpi.sourceforge.net/dsdt/view.php
seems to no longer host them
sudo apt-get install iasl
sudo cat /sys/firmware/acpi/tables/DSDT > ~/dsdt.dat
iasl -d dsdt.dat
now to burn some brain cells and try and trim some stuff out manually
iasl -tc /home//dsdt.dsl
https://www.tonymacx86.com/dsdt-database
or just get some random one from here
good stuff , but it will be better in other arquitectures, not only in VBOX, are you working on that? or thinking in that improvement?
Best Regards
Hello!
Can you explain to me how to use the script?
I did the following: I ran python-script on Ubuntu 16.04, as a result of the work I received three files
The powershell-script has started in the virtual machine
As a result, the computer name and user name were changed
However, the Pafish still detects a virtual machine:
Thank you in advance!
I apologize for my bad english and stupid question)
I would like to use your experience in the course work!
If it's used an old version of acpidump, for example the one in Ubuntu 12.04, "-s" command line argument doesn't exist so the python script will build bash and powershell scripts with wrong parameters for .vbox file settings as well as for registry names that must be changed inside the guest.
Possible solution:
if "invalid option --'s'" in acpi_misc:
print "You have an old version of acpidump. Please upgrade it or use a
Linux distro => 14.04!"
else:
acpi_list = acpi_misc.split(' ')
acpi_list = filter(None, acpi_list)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.