Jump to content

How we can hide Virtual Machine from Softwares?


morteza

Recommended Posts

Hi guys

How we can hide Virtual Machine from Softwares?

Maybe we need create topic in Coders Corner! :)

Link to comment
Share on other sites


  • Replies 15
  • Views 3.1k
  • Created
  • Last Reply
9 hours ago, morteza said:

Hi guys

How we can hide Virtual Machine from Softwares?

Maybe we need create topic in Coders Corner! :)

 

 

Method 1: edit VMX file for the specific VM
#add this line
SMBIOS.reflectHost = TRUE
 
Method 2: use VMWare GUI
Edit Settings > Options > General > select “Configuration Parameters”

Add a row “smbios.reflecthost” as the name, and true as the value

 

QEMU allows you to hide a VM also.

 

Or you could give this a go:-

"

@echo off
@reg copy HKLM\HARDWARE\ACPI\DSDT\VBOX__ HKLM\HARDWARE\ACPI\DSDT\NOBOX__ /s /f
@reg delete HKLM\HARDWARE\ACPI\DSDT\VBOX__ /f
@reg add HKLM\HARDWARE\DESCRIPTION\System /v SystemBiosVersion /t REG_MULTI_SZ /d "NOBOX - 1" /f
@reg add HKLM\HARDWARE\DESCRIPTION\System /v VideoBiosVersion /t REG_MULTI_SZ /d "NOBOX - 1" /f
@taskkill /f /im VBoxTray.exe

@exit"

 

https://gist.github.com/LiamKarlMitchell/11e9290ecdf8f9a1fc403a4bc86c94da

Link to comment
Share on other sites


Nice info/finding Mr. Dödel.

 

Methods 1&2 seem specific to vmware while the third is for virtualbox where I could not find how to add commands.

Never had to hide the vm till now, but will keep this in my notes 👍

Link to comment
Share on other sites


Anyone that expert in this section ,,, i need help ... please give me PM ... 

Thanks in advanced 

Link to comment
Share on other sites


1 hour ago, morteza said:

Anyone that expert in this section ,,, i need help ... please give me PM ... 

Thanks in advanced 

Did you try the methods proposed by Dodel? Any feedback?

Link to comment
Share on other sites


1 hour ago, mp68terr said:

Did you try the methods proposed by Dodel? Any feedback?

Yes does not work ... 

I wanna share my problem with some body in private message ...

Link to comment
Share on other sites


43 minutes ago, morteza said:

Yes does not work ... 

I wanna share my problem with some body in private message ...

 

It's what you are trying to do that doesn't work, try removing VMware tools if you have that installed and try again.

 

Or add the below to your .vmx and give it a go.

 

isolation.tools.getPtrLocation.disable = “TRUE”
isolation.tools.setPtrLocation.disable = “TRUE”
isolation.tools.setVersion.disable = “TRUE”
isolation.tools.getVersion.disable = “TRUE”
monitor_control.disable_directexec = “TRUE”
monitor_control.disable_chksimd = “TRUE”
monitor_control.disable_ntreloc = “TRUE”
monitor_control.disable_selfmod = “TRUE”
monitor_control.disable_reloc = “TRUE”
monitor_control.disable_btinout = “TRUE”
monitor_control.disable_btmemspace = “TRUE”
monitor_control.disable_btpriv = “TRUE”
monitor_control.disable_btseg = “TRUE”

monitor_control.virtual_rdtsc = "false"

monitor_control.restrict_backdoor = "true"

 

The issue lies in the application detecting it's running under hypervisor.

 

Also, have a look here : https://www.scammer.info/d/12648-win-10-how-to-fully-hide-vmware-services-in-your-virtual-machine

 

Did you try QEMU ?

Link to comment
Share on other sites


2 hours ago, morteza said:

Yes does not work ... 

I wanna share my problem with some body in private message ...

What about asking directly to those in charge of the application?

Also, might be helpful to know which application you are using. Dodel focuses on vmware, others are using virtualbox. There are likely different ways to treat your problem 😉

Link to comment
Share on other sites


I'm using virtual box and I want to crack antivirus that I don't want to share it in public... 

I want to use that for sharing license in this forums

Link to comment
Share on other sites


On 9/19/2020 at 10:09 PM, morteza said:

I'm using virtual box and I want to crack antivirus that I don't want to share it in public... 

I want to use that for sharing license in this forums

 Knock knock ... anyone there :)

 

 

Link to comment
Share on other sites


2 hours ago, morteza said:

 Knock knock ... anyone there :)

How to hide a hide Virtual Machine, interesting question.

Some hints already for vmware, but virtualbox settings are different. If no expected reply here, what about trying some forums specialized in vm/virtualbox?

Link to comment
Share on other sites


I've spent a few hours on this (purely in a workstation env.) I've managed to stop the act.0 error using details supplied in above posts, however there are simply too many checks within the application to detect it's running in a VM, reference article.

 

https://www.cyberbit.com/blog/endpoint-security/anti-vm-and-anti-sandbox-explained/

 

So unless you patch the .exe on the fly, and you can't do that generically.

 

There is this : https://www.andreafortuna.org/2016/11/07/avoid-malwares-vm-detection-with-antivmdetection/

 

Which is possibly an path, however it's linux based, so it's a lot more fudgery required, and ultimately not worth the hassle imho.

Link to comment
Share on other sites


  • 1 month later...
On 9/16/2020 at 5:29 AM, morteza said:

Hi guys

How we can hide Virtual Machine from Softwares?

 

In addition to your reason, what are the possible reasons for trying to obfuscate the use of VMs?

Link to comment
Share on other sites


Various reasons:

- Some software may refuse to run in a VM. E.g. There are often Anti-VM settings in Software Protection products like Themida and others.

- Malware may act differently in a VM by not running its payload, making it appear harmless even though it is malicious. E.g. See here for a list of techniques that have been used by malware: https://github.com/LordNoteworthy/al-khaser

- etc. etc.

Link to comment
Share on other sites


I wanna extended trial priod of ESET with " refer to friends " option.... Before recently changes in online installer i could but now i can not do that ... 

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...