Jump to content
morteza

How we can hide Virtual Machine from Softwares?

Recommended Posts

morteza

Hi guys

How we can hide Virtual Machine from Softwares?

Maybe we need create topic in Coders Corner! :)

Edited by morteza

Share this post


Link to post
Share on other sites
mp68terr

Nice info/finding Mr. Dödel.

 

Methods 1&2 seem specific to vmware while the third is for virtualbox where I could not find how to add commands.

Never had to hide the vm till now, but will keep this in my notes 👍

Share this post


Link to post
Share on other sites
morteza

Anyone that expert in this section ,,, i need help ... please give me PM ... 

Thanks in advanced 

Share this post


Link to post
Share on other sites
mp68terr
1 hour ago, morteza said:

Anyone that expert in this section ,,, i need help ... please give me PM ... 

Thanks in advanced 

Did you try the methods proposed by Dodel? Any feedback?

Share this post


Link to post
Share on other sites
morteza
1 hour ago, mp68terr said:

Did you try the methods proposed by Dodel? Any feedback?

Yes does not work ... 

I wanna share my problem with some body in private message ...

Share this post


Link to post
Share on other sites
Dodel
43 minutes ago, morteza said:

Yes does not work ... 

I wanna share my problem with some body in private message ...

 

It's what you are trying to do that doesn't work, try removing VMware tools if you have that installed and try again.

 

Or add the below to your .vmx and give it a go.

 

isolation.tools.getPtrLocation.disable = “TRUE”
isolation.tools.setPtrLocation.disable = “TRUE”
isolation.tools.setVersion.disable = “TRUE”
isolation.tools.getVersion.disable = “TRUE”
monitor_control.disable_directexec = “TRUE”
monitor_control.disable_chksimd = “TRUE”
monitor_control.disable_ntreloc = “TRUE”
monitor_control.disable_selfmod = “TRUE”
monitor_control.disable_reloc = “TRUE”
monitor_control.disable_btinout = “TRUE”
monitor_control.disable_btmemspace = “TRUE”
monitor_control.disable_btpriv = “TRUE”
monitor_control.disable_btseg = “TRUE”

monitor_control.virtual_rdtsc = "false"

monitor_control.restrict_backdoor = "true"

 

The issue lies in the application detecting it's running under hypervisor.

 

Also, have a look here : https://www.scammer.info/d/12648-win-10-how-to-fully-hide-vmware-services-in-your-virtual-machine

 

Did you try QEMU ?

Edited by Dodel

Share this post


Link to post
Share on other sites
mp68terr
2 hours ago, morteza said:

Yes does not work ... 

I wanna share my problem with some body in private message ...

What about asking directly to those in charge of the application?

Also, might be helpful to know which application you are using. Dodel focuses on vmware, others are using virtualbox. There are likely different ways to treat your problem 😉

Share this post


Link to post
Share on other sites
morteza

I'm using virtual box and I want to crack antivirus that I don't want to share it in public... 

I want to use that for sharing license in this forums

Share this post


Link to post
Share on other sites
morteza
On 9/19/2020 at 10:09 PM, morteza said:

I'm using virtual box and I want to crack antivirus that I don't want to share it in public... 

I want to use that for sharing license in this forums

 Knock knock ... anyone there :)

 

 

Share this post


Link to post
Share on other sites
mp68terr
2 hours ago, morteza said:

 Knock knock ... anyone there :)

How to hide a hide Virtual Machine, interesting question.

Some hints already for vmware, but virtualbox settings are different. If no expected reply here, what about trying some forums specialized in vm/virtualbox?

Share this post


Link to post
Share on other sites
Dodel

I've spent a few hours on this (purely in a workstation env.) I've managed to stop the act.0 error using details supplied in above posts, however there are simply too many checks within the application to detect it's running in a VM, reference article.

 

https://www.cyberbit.com/blog/endpoint-security/anti-vm-and-anti-sandbox-explained/

 

So unless you patch the .exe on the fly, and you can't do that generically.

 

There is this : https://www.andreafortuna.org/2016/11/07/avoid-malwares-vm-detection-with-antivmdetection/

 

Which is possibly an path, however it's linux based, so it's a lot more fudgery required, and ultimately not worth the hassle imho.

Edited by Dodel

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...