morteza Posted September 15, 2020 Share Posted September 15, 2020 Hi guys How we can hide Virtual Machine from Softwares? Maybe we need create topic in Coders Corner! Link to comment Share on other sites More sharing options...
Dodel Posted September 16, 2020 Share Posted September 16, 2020 9 hours ago, morteza said: Hi guys How we can hide Virtual Machine from Softwares? Maybe we need create topic in Coders Corner! Method 1: edit VMX file for the specific VM #add this line SMBIOS.reflectHost = TRUE Method 2: use VMWare GUI Edit Settings > Options > General > select “Configuration Parameters” Add a row “smbios.reflecthost” as the name, and true as the value QEMU allows you to hide a VM also. Or you could give this a go:- " @echo off @reg copy HKLM\HARDWARE\ACPI\DSDT\VBOX__ HKLM\HARDWARE\ACPI\DSDT\NOBOX__ /s /f @reg delete HKLM\HARDWARE\ACPI\DSDT\VBOX__ /f @reg add HKLM\HARDWARE\DESCRIPTION\System /v SystemBiosVersion /t REG_MULTI_SZ /d "NOBOX - 1" /f @reg add HKLM\HARDWARE\DESCRIPTION\System /v VideoBiosVersion /t REG_MULTI_SZ /d "NOBOX - 1" /f @taskkill /f /im VBoxTray.exe @exit" https://gist.github.com/LiamKarlMitchell/11e9290ecdf8f9a1fc403a4bc86c94da Link to comment Share on other sites More sharing options...
mp68terr Posted September 16, 2020 Share Posted September 16, 2020 Nice info/finding Mr. Dödel. Methods 1&2 seem specific to vmware while the third is for virtualbox where I could not find how to add commands. Never had to hide the vm till now, but will keep this in my notes 👍 Link to comment Share on other sites More sharing options...
morteza Posted September 19, 2020 Author Share Posted September 19, 2020 Anyone that expert in this section ,,, i need help ... please give me PM ... Thanks in advanced Link to comment Share on other sites More sharing options...
kyber Posted September 19, 2020 Share Posted September 19, 2020 @Dodel Very nice info and find. Link to comment Share on other sites More sharing options...
mp68terr Posted September 19, 2020 Share Posted September 19, 2020 1 hour ago, morteza said: Anyone that expert in this section ,,, i need help ... please give me PM ... Thanks in advanced Did you try the methods proposed by Dodel? Any feedback? Link to comment Share on other sites More sharing options...
morteza Posted September 19, 2020 Author Share Posted September 19, 2020 1 hour ago, mp68terr said: Did you try the methods proposed by Dodel? Any feedback? Yes does not work ... I wanna share my problem with some body in private message ... Link to comment Share on other sites More sharing options...
Dodel Posted September 19, 2020 Share Posted September 19, 2020 43 minutes ago, morteza said: Yes does not work ... I wanna share my problem with some body in private message ... It's what you are trying to do that doesn't work, try removing VMware tools if you have that installed and try again. Or add the below to your .vmx and give it a go. isolation.tools.getPtrLocation.disable = “TRUE” isolation.tools.setPtrLocation.disable = “TRUE” isolation.tools.setVersion.disable = “TRUE” isolation.tools.getVersion.disable = “TRUE” monitor_control.disable_directexec = “TRUE” monitor_control.disable_chksimd = “TRUE” monitor_control.disable_ntreloc = “TRUE” monitor_control.disable_selfmod = “TRUE” monitor_control.disable_reloc = “TRUE” monitor_control.disable_btinout = “TRUE” monitor_control.disable_btmemspace = “TRUE” monitor_control.disable_btpriv = “TRUE” monitor_control.disable_btseg = “TRUE” monitor_control.virtual_rdtsc = "false" monitor_control.restrict_backdoor = "true" The issue lies in the application detecting it's running under hypervisor. Also, have a look here : https://www.scammer.info/d/12648-win-10-how-to-fully-hide-vmware-services-in-your-virtual-machine Did you try QEMU ? Link to comment Share on other sites More sharing options...
mp68terr Posted September 19, 2020 Share Posted September 19, 2020 2 hours ago, morteza said: Yes does not work ... I wanna share my problem with some body in private message ... What about asking directly to those in charge of the application? Also, might be helpful to know which application you are using. Dodel focuses on vmware, others are using virtualbox. There are likely different ways to treat your problem 😉 Link to comment Share on other sites More sharing options...
morteza Posted September 19, 2020 Author Share Posted September 19, 2020 I'm using virtual box and I want to crack antivirus that I don't want to share it in public... I want to use that for sharing license in this forums Link to comment Share on other sites More sharing options...
morteza Posted September 23, 2020 Author Share Posted September 23, 2020 On 9/19/2020 at 10:09 PM, morteza said: I'm using virtual box and I want to crack antivirus that I don't want to share it in public... I want to use that for sharing license in this forums Knock knock ... anyone there Link to comment Share on other sites More sharing options...
mp68terr Posted September 23, 2020 Share Posted September 23, 2020 2 hours ago, morteza said: Knock knock ... anyone there How to hide a hide Virtual Machine, interesting question. Some hints already for vmware, but virtualbox settings are different. If no expected reply here, what about trying some forums specialized in vm/virtualbox? Link to comment Share on other sites More sharing options...
Dodel Posted September 25, 2020 Share Posted September 25, 2020 I've spent a few hours on this (purely in a workstation env.) I've managed to stop the act.0 error using details supplied in above posts, however there are simply too many checks within the application to detect it's running in a VM, reference article. https://www.cyberbit.com/blog/endpoint-security/anti-vm-and-anti-sandbox-explained/ So unless you patch the .exe on the fly, and you can't do that generically. There is this : https://www.andreafortuna.org/2016/11/07/avoid-malwares-vm-detection-with-antivmdetection/ Which is possibly an path, however it's linux based, so it's a lot more fudgery required, and ultimately not worth the hassle imho. Link to comment Share on other sites More sharing options...
caraid Posted October 26, 2020 Share Posted October 26, 2020 On 9/16/2020 at 5:29 AM, morteza said: Hi guys How we can hide Virtual Machine from Softwares? In addition to your reason, what are the possible reasons for trying to obfuscate the use of VMs? Link to comment Share on other sites More sharing options...
derekjohnson Posted October 26, 2020 Share Posted October 26, 2020 Various reasons: - Some software may refuse to run in a VM. E.g. There are often Anti-VM settings in Software Protection products like Themida and others. - Malware may act differently in a VM by not running its payload, making it appear harmless even though it is malicious. E.g. See here for a list of techniques that have been used by malware: https://github.com/LordNoteworthy/al-khaser - etc. etc. Link to comment Share on other sites More sharing options...
morteza Posted October 26, 2020 Author Share Posted October 26, 2020 I wanna extended trial priod of ESET with " refer to friends " option.... Before recently changes in online installer i could but now i can not do that ... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.