nsmfoo / antivmdetection Goto Github PK

I have exactly the same issue... I'm using metal ubuntu 18.04 LTS.
The output of the following: hdparm -i /dev/sda | grep -o 'FwRev=[A-Za-z0-9_+/ ."-]*' | awk -F= '{print $2}'
produces /dev/sda: No such file or directory

Originally posted by @oaustin in #23 (comment)

--- Generate VirtualBox templates to help thwart vm detection - Mikael, @nsmfoo ---
[*] Creating VirtualBox modifications ..
Traceback (most recent call last):
File "antivmdetect.py", line 34, in
for v in dmidecode.bios().values():
AttributeError: 'module' object has no attribute 'bios'

Hi new error

Configuration error: Querying "AcpiCreatorRev" as integer failed (VERR_CFGM_NOT_INTEGER).

in .sh script-
VBoxManage setextradata "$1" VBoxInternal/Devices/acpi/0/Config/AcpiOemId 'ALASKA'
VBoxManage setextradata "$1" VBoxInternal/Devices/acpi/0/Config/AcpiCreatorId 'string:I'
VBoxManage setextradata "$1" VBoxInternal/Devices/acpi/0/Config/AcpiCreatorRev '00000088'

I get this error when running the script:

Traceback (most recent call last):
File "antivmdetect.py", line 50, in
dmi_info['DmiBIOSReleaseDate'] = "string:" + v['Relase Date']
NameError: name 'v' is not defined

I've generated the script using a LiveUSB of Ubuntu 20.04 and rebooted into MacOS. I'm getting the following when running ./MacBookPro11_3.sh test

VBoxManage: error: Invalid MAC address format
VBoxManage: error: Details: code NS_ERROR_INVALID_ARG (0x80070057), component NetworkAdapterWrap, interface INetworkAdapter, callee nsISupports
VBoxManage: error: Context: "COMSETTER(MACAddress)(Bstr(ValueUnion.psz).raw())" at line 2068 of file VBoxManageModifyVM.cpp

and the W10 guest is giving me the BSOD with Stop Code ACPI Bios Error on booting the W10 install dvd.

I modified the relevant line in MacBookPro11_3.sh to have an even first byte of the MAC address (not sure why this is happening):

- VBoxManage modifyvm "$1" --macaddress1  e58a54e0fdca
+ VBoxManage modifyvm "$1" --macaddress1  e68a54e0fdca

and recreated the guest in VirtualBox, but it's still repeatedly crashing when the W10 install tries to load up. The W10 install DVD boots fine if I don't run the script.

The only setting I wasn't sure about from the README was the Host Network Manager - I have the vboxnet0 adapter set to Configure Adapter Manually -> 192.168.56.1/24 and DHCP enabled - and the Storage. I have one SATA Storage controller with my vdi file in the first slot and the W10 install DVD in the second slot.

Not sure how to proceed - let me know if I should post the script (is that safe?)

The .sh files runs with no errors, but when I try to start the VM in order to install the OS I get the following message "Error: failed to start machine. Error message: PIIX3 configuration error: "FirmwareRevision" is longer than 8 bytes (VERR_INVALID_PARAMETER)"

Maybe errors in the .sh file:
VBoxManage setextradata "$1" VBoxInternal/Devices/pcbios/0/Config/DmiSystemVendor 'Dell Inc.'
VBoxManage setextradata "$1" VBoxInternal/Devices/pcbios/0/Config/DmiSystemVersion 'string:'
controller=VBoxManage showvminfo "$1" --machinereadable | grep SATA
if [[ -z "$controller" ]]; then
VBoxManage setextradata "$1" VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/ModelNumber 'SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0d 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HDIO_GET_IDENTITY failed: Invalid argument'
VBoxManage setextradata "$1" VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/SerialNumber '4016140B3A674D9BAA4A'

Ubuntu 16.04.2 LTS
python-dmidecode 3.12.2-2
python 2.7.12
virtualbox 5.1.22r115126

Hello!
DevManView.exe /uninstall "PCI\VEN_80EE&DEV_CAFE"* /use_wildcard
It's cool!!
But VBox contains also another device: "PCI\VEN_80EE&DEV_BEEF", and
DevManView.exe /uninstall "PCI\VEN_80EE&DEV_BEEF"* /use_wildcard
not work =(

good stuff , but it will be better in other arquitectures, not only in VBOX, are you working on that? or thinking in that improvement?

Best Regards

I have followed all the instructions. Although I couldn't install acpidump with apt, I manually downloaded it from https://ubuntu.pkgs.org/16.04/ubuntu-universe-amd64/acpidump_20160108-2_all.deb.html
Upon running the python script, it is mentioned that the bin file is created, although it is nowhere to be found! Am I missing something?

$ sudo python antivmdetect.py 
[sudo] password for november: 
--- Generate VirtualBox templates to help thwart VM detection and more .. - Mikael, @nsmfoo ---
[*] Creating VirtualBox modifications ..
[*] Creating a DSDT file...
[*] Finished: A template shell script has been created named: C2SBA.sh
[*] Finished: A DSDT dump has been created named: DSDT_C2SBA.bin
[*] Creating guest based modification file (to be run inside the guest)...
[Info] Could not find a user supplied file called: clipboard_buffer, a random string will be generated instead
[*] Finished: A Powershell file has been created, named: C2SBA.ps1
 
$ ls
antivmdetect.py  computer.lst    README.md   Volumeid64.exe
C2SBA.ps1        DevManView.chm  readme.txt  Volumeid.exe
C2SBA.sh         DevManView.exe  user.lst

Seems like an edge case:

Code breaks when TMDB match returns is more than +/- 1 year of release date.

Example: Need for Speed (2014)

TMDB look up returns Need for Speed (2018)

directory.py - Line 126 only accepts movie_release_year + / - 1 so you get a KeyError: 'release_date'

You can bypass this error by removing the TMDB key (quick fix) from default_config

hi, after executing the .sh script to modify some vbox parameters, windows 10 x64 cannot be installed. the error is ACPI BIOS ERROR very early in the installation process.

commenting out the VBoxInternal/Devices/acpi/0/Config/CustomTable line in the vbox, windows 10 x64 gets installed correctly, so the problem I think is using the dumped DSDT table

hi, i m trying to use your script to make my vm detection hard. So far it generates the required scripts as follows, but when i try to execute outside script, it gives me error "too many arguments on line 72". when i sudo run the script, it gives me error of "win7x642 vm not found" while in the list list it clearly detects the said vm. Can you please help me resolve this error?

mxn@mxn-Latitude-E6510:~/antivmdetection$ sudo python antivmdetect.py
--- Generate VirtualBox templates to help thwart VM detection and more .. - Mikael, @nsmfoo ---
[] Creating VirtualBox modifications ..
[] Creating a DSDT file...
[] Finished: A template shell script has been created named: LatitudeE6510.sh
[] Finished: A DSDT dump has been created named: DSDT_LatitudeE6510.bin
[] Creating guest based modification file (to be run inside the guest)...
[Info] Could not find a user supplied file called: clipboard_buffer, a random string will be generated instead
[] Finished: A Powershell file has been created, named: LatitudeE6510.ps1

mxn@mxn-Latitude-E6510:/antivmdetection$ bash ./LatitudeE6510.sh
[] Please add vm name!
[] Available vms:
win7x64-VB
win7x642
mxn@mxn-Latitude-E6510:/antivmdetection$ bash ./LatitudeE6510.sh win7x642
./LatitudeE6510.sh: line 72: [: too many arguments

mxn@mxn-Latitude-E6510:~/antivmdetection$ sudo bash ./LatitudeE6510.sh win7x642
VBoxManage: error: Could not find a registered machine named 'win7x642'
VBoxManage: error: Details: code VBOX_E_OBJECT_NOT_FOUND (0x80bb0001), component VirtualBoxWrap, interface IVirtualBox, callee nsISupports

This is the error that I got when I execute the ps1 script inside the guest.

Exception setting "CreationTime": "Cannot convert value "23/07/2008 6.00" to type "System.DateTime". Error: "String was
not recognized as a valid DateTime.""
At C:\Users\PC\Desktop\SystemProductName.ps1:5546 char:45

• Get-ChildItem $location$namely$ext | % {$_. <<<< CreationTime = RandomDate }
• CategoryInfo : InvalidOperation: (:) [], RuntimeException
• FullyQualifiedErrorId : PropertyAssignmentException

Exception setting "LastWriteTime": "Cannot convert value "15/04/2010 4.27" to type "System.DateTime". Error: "String wa
s not recognized as a valid DateTime.""
At C:\Users\PC\Desktop\SystemProductName.ps1:5547 char:45

• Get-ChildItem $location$namely$ext | % {$_. <<<< LastWriteTime = RandomDate }
• CategoryInfo : InvalidOperation: (:) [], RuntimeException
• FullyQualifiedErrorId : PropertyAssignmentException

Any hints/solutions? Thanks in advance.

--- Generate VirtualBox templates to help thwart vm detection - Mikael, @nsmfoo ---
[*] Creating VirtualBox modifications ..
Traceback (most recent call last):
  File "./antivmdetect.py", line 38, in <module>
    dmi_info['DmiBIOSReleaseDate'] = v['data']['Relase Date']
KeyError: 'Relase Date'

type mistake?

When I exported image in ova file and tried to run in another machine I got the below error.

Error reading custom ACPI table. (VERR_PATH_NOT_FOUND). Result Code: E_FAIL (0x80004005) Component: ConsoleWrap Interface: IConsole {872da645-4a9b-1727-bee2-5585105b9eed}
VirtualBox Logs:
00:00:02.259913 ACPI: Reading custom ACPI table(0) from file '/home/nav/Desktop/antivm/DSDT_OptiPlex9020.bin' (0 bytes)
00:00:02.259924 VMSetError: F:\tinderbox\win-6.0\src\VBox\Devices\PC\DevACPI.cpp(4013) int __cdecl acpiR3Construct(struct PDMDEVINS *,int,struct CFGMNODE *); rc=VERR_PATH_NOT_FOUND
00:00:02.259929 VMSetError: Error reading custom ACPI table.
00:00:02.259937 PDM: Failed to construct 'acpi'/0! VERR_PATH_NOT_FOUND (-103) - Path not found.

How to run the imgae in other machines?

Do I have to run the script in that machine also?

I'm just getting into researching anti-vm techniques and wanted to ask. as far as I can tell the process for generating xxxx.ps1 is host machine agnostic, and the guest OS is always W7 or W10, so genuine question, why not just release the generated batch files? Is it because the host machines DSDT needs to be dumped (why)?

I'm currently trying to run the sh file that created from antivmdetect.py and I got these errors

Host OS: Ubuntu 20.04.1 LTS
Guess OS: Not installed yet

./HPLaptop.sh: 40: [[: not found
./HPLaptop.sh: 78: [: unexpected operator
./HPLaptop.sh: 80: [: none: unexpected operator
./HPLaptop.sh: 82: [: pulse: unexpected operator

From the beginning of line 40 to 52

if [[ -z "$controller" ]]; then
VBoxManage setextradata "$1" VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/SerialNumber	'F07EA405C1FD49289740'
VBoxManage setextradata "$1" VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/FirmwareRevision	' HDIO_DRIVE_CMD(identify) failed: Inappropriate ioctl for device
 HDIO_GET_IDENTITY failed: Inappropriate ioctl for device'
VBoxManage setextradata "$1" VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/ModelNumber	' HDIO_DRIVE_CMD(identify) failed: Inappropriate ioctl for device
 HDIO_GET_IDENTITY failed: Inappropriate ioctl for device'
else
VBoxManage setextradata "$1" VBoxInternal/Devices/ahci/0/Config/Port0/SerialNumber	'F07EA405C1FD49289740'
VBoxManage setextradata "$1" VBoxInternal/Devices/ahci/0/Config/Port0/FirmwareRevision	' HDIO_DRIVE_CMD(identify) failed: Inappropriate ioctl for device
 HDIO_GET_IDENTITY failed: Inappropriate ioctl for device'
VBoxManage setextradata "$1" VBoxInternal/Devices/ahci/0/Config/Port0/ModelNumber	' HDIO_DRIVE_CMD(identify) failed: Inappropriate ioctl for device
 HDIO_GET_IDENTITY failed: Inappropriate ioctl for device'
fi

From the beginning of line 78 to 85

if [ "$hostint_ip" == '192.168.56.1' ]; then echo "[WARNING] You are using the default IP/IP-range. Consider changing the IP and the range used!"; fi	
virtualization_type=$(VBoxManage showvminfo --machinereadable "$1" | grep -i ^paravirtprovider | cut -d "=" -f2 | sed 's/"//g')	
if [ ! $virtualization_type == 'none' ]; then echo "[WARNING] Please switch paravirtualization interface to: None!"; fi	
audio=$(VBoxManage showvminfo --machinereadable "$1" | grep audio | cut -d "=" -f2 | sed 's/"//g' | head -1)	
if [ $audio == 'none' ]; then echo "[WARNING] Please consider adding an audio device!"; fi	
arc_devman=64	
devman_arc=$(VBoxManage showvminfo --machinereadable "$1" | grep ostype | cut -d "=" -f2 | grep -o "(.*)" | sed 's/(//;s/)//;s/-bit//')	
if [ $devman_arc != $arc_devman ]; then echo "[WARNING] Please use the DevManView version that coresponds to the guest architecture: $devman_arc "; fi	

Getting the following error after running the generated script and attempting to open the VM for the first time:

Failed to open a session for the virtual machine Scam-baitin.

The VM session was aborted.

Result Code: NS_ERROR_FAILURE (0x80004005)
Component: SessionMachine
Interface: ISession {c0447716-ff5a-4795-b57a-ecd5fffa18a4}

I do store my VMs on a separate drive and I suspect that's why. How can I edit the script if that's what's causing this?

Hi
I am using host Windows 10
and vmware workstation 12 Guest Windows 7

1. Generate script from host
   Is it available on Windows 10?

2. Setup VM
   The VMware option does not display this feature.
   Can I ignore it?

I am a very beginner.
Can you tell me more about how to use it?

What shall I do?What's the problem?

Hello, I just discovered your script. I was attempting to test it out while reading the README.md

So I ran python antivmdetection.py

It gave me an error saying that dmidecode wasnt install. I pip installed dmidecode succesfully but on second run it seems that it is giving me the error:
[WARNING] Dependencies are missing, please verify that you have installed: /usr/bin/cd-drive

That being said I am running Linux on an Thinkpad X200 without a CD-ROM drive. I suppose this is the issue?

sudo dmidecode -t0
# dmidecode 2.12
SMBIOS 2.4 present.

Handle 0x0000, DMI type 0, 24 bytes
BIOS Information
	Vendor: LENOVO
	Version: 6DET38WW (2.02 )
	Release Date: 12/19/2008
	Address: 0xE0000
	Runtime Size: 128 kB
	ROM Size: 8192 kB
	Characteristics:
		PCI is supported
		PC Card (PCMCIA) is supported
		PNP is supported
		BIOS is upgradeable
		BIOS shadowing is allowed
		ESCD support is available
		Boot from CD is supported
		Selectable boot is supported
		BIOS ROM is socketed
		EDD is supported
		ACPI is supported
		USB legacy is supported
		BIOS boot specification is supported
		Targeted content distribution is supported
	BIOS Revision: 2.2
	Firmware Revision: 1.3

Topic :) Here's the run for a 32 bit OS:

--- Generate VirtualBox templates to help thwart VM detection and more .. - Mikael, @nsmfoo ---
[*] Creating VirtualBox modifications ..
[*] Creating a DSDT file...
[*] Finished: A template shell script has been created named: AllSeries.sh
[*] Finished: A DSDT dump has been created named: DSDT_AllSeries.bin
[WARNING] Size of the DSDT file is too large (> 64k). Try to build the template from another computer
[*] Creating guest based modification file (to be run inside the guest)...
[Info] Could not find a user supplied file called: clipboard_buffer, a random string will be generated instead
[*] Finished: A Powershell file has been created, named: AllSeries.ps1

** COLLECTED WARNINGS **
# SMBIOS implementations newer than version 2.7 are not
# fully supported by this version of dmidecode.

** END OF WARNINGS **

[19:22:02 :~/Downloads/sandbox/vmharden/antivmdetection$] sh AllSeries.sh 'WinXP Analysis'
AllSeries.sh: 40: AllSeries.sh: [[: not found
AllSeries.sh: 49: AllSeries.sh: [[: not found
[WARNING] Memory size is 2GB or less. Consider adding more memory!
AllSeries.sh: 82: [: 172.16.0.1: unexpected operator
AllSeries.sh: 84: [: default: unexpected operator
AllSeries.sh: 86: [: pulse: unexpected operator

Is this normal? Thank you.

ola, need some help for run dis on win10(host)
already have almost finished patch. Im tryin to finish it maself, but in pafish some markers r still red
need some help
@jessstoner telegram
[email protected]
i can pay for ur service.

Failed to open a session for the virtual machine Z97X-SOCForce.

AHCI configuration error: "FirmwareRevision" is longer than 8 bytes (VERR_INVALID_PARAMETER).

looking inside the .vbox file

<ExtraDataItem name="VBoxInternal/Devices/ahci/0/Config/Port0/FirmwareRevision" value=" HDIO_GET_IDENTITY failed: Invalid argument"/> <ExtraDataItem name="VBoxInternal/Devices/ahci/0/Config/Port0/ModelNumber" value=" HDIO_GET_IDENTITY failed: Invalid argument"/>

found another error

INF_SUCCESS 00:00:00.842093 VMSetError: Configuration error: "AcpiCreatorId" must contain not more than 4 characters

and another

00:00:01.097417 ERROR [COM]: aRC=NS_ERROR_FAILURE (0x80004005) aIID={872da645-4a9b-1727-bee2-5585105b9eed} aComponent={ConsoleWrap} aText={Configuration error: Querying "AcpiCreatorRev" as integer failed (VERR_CFGM_NOT_INTEGER)}, preserve=false aResultDetail=-2106

starting to think I should have just manually done these unsure how to trim the table back

Error: ACPI tables bigger than 64KB (VERR_TOO_MUCH_DATA).

ls -l /sys/firmware/acpi/tables/ | grep DSDT
-r-------- 1 root root 67136 Feb 12 17:11 DSDT

anyone able to share their CustomTable bin file ?
http://acpi.sourceforge.net/dsdt/view.php
seems to no longer host them

sudo apt-get install iasl
sudo cat /sys/firmware/acpi/tables/DSDT > ~/dsdt.dat
iasl -d dsdt.dat
now to burn some brain cells and try and trim some stuff out manually
iasl -tc /home//dsdt.dsl

https://www.tonymacx86.com/dsdt-database
or just get some random one from here

Z97X-SOCForce.zip

It seems some of the dependencies are not available on archlinux. How to fix them and use this script on archlinux?

Hi Mikael. My host os Ubuntu 16.04, i am try install windows 10 in vbox. After start command [bash p6-2006ru computer] try start guest os for install. After start, i am see this message:

Configuration error: Querying "DmiBoardSerial" as a string failed (VERR_CFGM_NOT_STRING).

How i fix it?

Thank you so much and sorry for my English:)

==[ Error:
sudo python antivmdetect.py
--- Generate VirtualBox templates to help thwart VM detection and more .. - Mikael, @nsmfoo ---
[*] Creating VirtualBox modifications ..
Traceback (most recent call last):
File "antivmdetect.py", line 46, in
dmi_info['DmiBIOSReleaseDate'] = v['data']['Relase Date']
NameError: name 'v' is not defined

==[ Debbuging Info

$ python -V
Python 2.7.12

$ virtualbox -h
Oracle VM VirtualBox Manager 5.0.32_Ubuntu
(C) 2005-2017 Oracle Corporation
All rights reserved.

sudo dmidecode -V
3.0

$ lsb_release -a
No LSB modules are available.
Distributor ID: LinuxMint
Description: Linux Mint 18.1 Serena
Release: 18.1
Codename: serena

$ sudo dpkg -l python-dmidecode libcdio-utils acpidump mesa-utils
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
ii acpidump 20160108-2 all transitional dummy package
ii libcdio-utils 0.83-4.2ubuntu1 amd64 sample applications based on the CDIO libraries
ii mesa-utils 8.3.0-1 amd64 Miscellaneous Mesa GL utilities
ii python-dmidecode 3.12.2-2 amd64 Python extension module for dmidecode

processor : 7
vendor_id : GenuineIntel
cpu family : 6
model : 58
model name : Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz

Here's the errors I receive:

VBoxManage: error: The VM session was aborted
VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component SessionMachine, interface ISession

and from the log:

Untrusted device called trusted helper! 'ahci'/0

Any hints on getting this to work? Thank you.

Hi,

I am getting a warning message for Computer.lst and User.lst
.

I have Centos 7 Has a Host machine & Windows 7 VM (Virtualbox) has a guest machine
.
I am running antivmdetection.py in centos 7 and getting the warning message for Computer.lst & User.lst dependencies.
.
How to fix these dependencies issue.
.
Thanks & Regards
Seantree

I'm seeing the current error:

$ python antivmdetect.py --- Generate VirtualBox templates to help thwart VM detection and more .. - Mikael, @nsmfoo --- [*] Creating VirtualBox modifications .. Traceback (most recent call last): File "antivmdetect.py", line 45, in <module> dmi_info['DmiBIOSReleaseDate'] = v['data']['Relase Date'] NameError: name 'v' is not defined

Here is my output from "sudo dmidecode -t 0":

dmidecode 2.12
SMBIOS 2.8 present.

Handle 0x0000, DMI type 0, 24 bytes
BIOS Information
Vendor: American Megatrends Inc.
Version: 1.0b
Release Date: 04/21/2015
Address: 0xF0000
Runtime Size: 64 kB
ROM Size: 16384 kB
Characteristics:
PCI is supported
BIOS is upgradeable
BIOS shadowing is allowed
Boot from CD is supported
Selectable boot is supported
BIOS ROM is socketed
EDD is supported
5.25"/1.2 MB floppy services are supported (int 13h)
3.5"/720 kB floppy services are supported (int 13h)
3.5"/2.88 MB floppy services are supported (int 13h)
Print screen service is supported (int 5h)
8042 keyboard services are supported (int 9h)
Serial services are supported (int 14h)
Printer services are supported (int 17h)
ACPI is supported
USB legacy is supported
BIOS boot specification is supported
Targeted content distribution is supported
UEFI is supported
BIOS Revision: 5.6

Hi everyone I am new to to this and this is what I try:

1. Setup a new Virtualbox VM with IDE: Primary master (Disk) and Primary slave (CD-ROM) + SATA: Port 0 (Disk) and Port 1 (CD-ROM)
2. Install Windows 7 in the VM
3. Install latest Python 2.7 in Win 7
4. Run the antivmdetection py
   Do I miss any important step? Thanks.

The README.md tells us to run the script and then create computer.lst and user.lst, but then the dependency check fails.

I want to use the webcam, but the traditional usb method does not work. I have to use the webcam passthrough method. https://forums.virtualbox.org/viewtopic.php?f=8&t=74112

After use this, the webcam's name is named VirtualBox Webcam...

Seems I should consider the patching VirtualBox approach... Is threre any easy to use scripts like this?

Hi I am facing the following issue while running the .sh script, can you help me out?

VBoxManage: error: Invalid MAC address format
VBoxManage: error: Details: code NS_ERROR_INVALID_ARG (0x80070057), component NetworkAdapterWrap, interface INetworkAdapter, callee nsISupports
VBoxManage: error: Context: "COMSETTER(MACAddress)(Bstr(ValueUnion.psz).raw())" at line 2068 of file VBoxManageModifyVM.cpp

Hi Mikael,

I got no luck to get it running, already tried 2 machines with the same result (one of those is old Lenovo R500). The size of generated DSDT table is not larger than the 64KB (62806 bytes) and still virtualbox refuses to run the session (virtualbox 5.1 on ubuntu 16.04, tried also older versions of both with the same result)

https://dl.dropboxusercontent.com/u/31835862/DSDT.zip

I followed instructions from this article
https://byte-atlas.blogspot.sk/2017/02/hardening-vbox-win7x64.html

Please let me know if you need anything else

Hello,

Nice script that you made.
Biggest problem i have its i am running VirtalBox on my mac. I did make changes my self manaul.

I hope you can make one that run on MacOS too.

As #13

Same issue, everything installed through pip in a virtualenv (and no python anywhere else in the PATH). dmidecode has versions 0.8.1 and 0.9.0 both with the problem

pip 18.0 from /.../repos/antivmdetection/env/lib/python2.7/site-packages/pip (python 2.7)
Python 2.7.15

I'm booting from UEFI, not BIOS, so that is pretty relevant.

you miswrote "release" as "relase" on line 50. I corrected it and the script got working again.

and i suggest you to change your readme.md on one of its line:
pip3 -r requirements.txt
to
sudo pip3 -r requirements.txt

as running it without superuser caused dmidecode not to be found in modules

Virtualbox error-

PIIX3 configuration error: "FirmwareRevision" is longer than 8 bytes (VERR_INVALID_PARAMETER).

sh file error -

VBoxManage setextradata "$1" VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/ModelNumber	' HDIO_GET_IDENTITY failed: Invalid argument'
VBoxManage setextradata "$1" VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/FirmwareRevision	' HDIO_GET_IDENTITY failed: Invalid argument'
else
VBoxManage setextradata "$1" VBoxInternal/Devices/ahci/0/Config/Port0/ModelNumber	' HDIO_GET_IDENTITY failed: Invalid argument'
VBoxManage setextradata "$1" VBoxInternal/Devices/ahci/0/Config/Port0/FirmwareRevision	' HDIO_GET_IDENTITY failed: Invalid argument'
fi

python-dmidecode 3.12.2-2
python 2.7.12
Virtualbox 5.1.22 r115126 (Qt5.5.1)
elementary OS 0.4.1 Loki
antivmdetection -from git

Under what license is this code under? I've looked but I haven't found where this is specified.

If you have no hard opinions on the topic I would advise using the MIT license or a BSD license but the GPL could work in my case too.

This is used to vmware pass virtual honestly right? I read but did not understand how to
Install dependencies sudo apt install python3-pip libcdio-utils acpica-tools mesa-utils
Install Python modules: pip3 install -r requirements.txt
Can you help me not to thank.

Hi

Why was XP support removed ?

I would like to run this on XP. Please.

Thanks

If it's used an old version of acpidump, for example the one in Ubuntu 12.04, "-s" command line argument doesn't exist so the python script will build bash and powershell scripts with wrong parameters for .vbox file settings as well as for registry names that must be changed inside the guest.

Possible solution:

if "invalid option --'s'" in acpi_misc:
print "You have an old version of acpidump. Please upgrade it or use a
Linux distro => 14.04!"
else:
acpi_list = acpi_misc.split(' ')
acpi_list = filter(None, acpi_list)

There is any online site (JavaScript perhaps) to check / dedect virtual machine / browser ?

All,

I have an interesting setup on my Mac El Capitan:
VMWare Fusion Running an Ubuntu Image
Virtualbox running inside the Ubuntu Image

When running the hardening script, I would get an error showing that the firmware revision was longer than 8 bytes. After looking at the script, I was able to google and see that the issue stemmed from hdparm outputting:
"""
/dev/sda:
SG_IO: bad/missing sense data, sb[]: Byte stream longer than 8 bytes
"""

This information gets shoved into the script and ultimately assigned to the VM.

To correct this, I manually modified the script and added the following parameters (from an old google post):
Set SerialNumber to: "AD3C0845CB6C452CBB30"
FirmwareRevision to: "FC2ZF50B"
ModelNumber to: "HITACHI HTD723216L9SA60"
SerialNumber to: "091118FC1221NCJ6G8GG"

For port firmware revision... i used the same value again with no complaints. I'm not very knowledgable about what these parameters may affect, but perhaps we can add a check to generate some random BS if an error is detected?

Hello!
Can you explain to me how to use the script?
I did the following: I ran python-script on Ubuntu 16.04, as a result of the work I received three files
The powershell-script has started in the virtual machine
As a result, the computer name and user name were changed
However, the Pafish still detects a virtual machine:

Thank you in advance!
I apologize for my bad english and stupid question)
I would like to use your experience in the course work!

First of all, thank you .. for taking the time to write this script

I have just a couple of questions :

1. I've done all the instructions and at the end run the shell passing my vm name , however when I tried to start my vm I've got the following error:

Failed to open a session for the virtual machine ex.

Configuration error: Querying "AcpiCreatorId" as string failed (VERR_CFGM_NOT_STRING).

Result Code: NS_ERROR_FAILURE (0x80004005)
Component: ConsoleWrap
Interface: IConsole {872da645-4a9b-1727-bee2-5585105b9eed}

1. do I need to move DevManView.exe to the guest as well with the batch file ?
2. If I want to use it with cuckoo .. is it enough to run the batch file before taking the snapshot or I should put the file with the auto run as you suggested ?

Many thanks for you in advance

On Linux, the script is giving an error:
dmi_info['DmiBIOSReleaseDate'] = v['data']['Release Date']
NameError: name 'v' is not defined.

Plus, I noticed that under Linux the script is also checking for Windows dependencies...

Hi there

My name is nisar and i have this project of hardening a sandbox e.g. virtual windows 10 to be harden for anti vm malware not to get detect and the anti vm malware should successfully run in it.

so I run Pafish it gives me few stuff to change in the virtual machine windows 10 system for the anti vm malware successfully to run. but then i was googling and i came across this post, now i have problem running the "antivmdetect" code inmy virtual windows 10.

so i install python 3.8.2
installed pip3

i started the cmd as administrator it still gives me problem such as

--- Generate VirtualBox templates to help thwart VM detection and more .. - Mikael, @nsmfoo ---
Traceback (most recent call last):
File "C:\Users\User\Desktop\antivmdetection-master\antivmdetect.py", line 20, in
if not os.geteuid()==0:
AttributeError: module 'os' has no attribute 'geteuid'

any idea please