Nytro Posted October 6, 2014 Report Posted October 6, 2014 [h=3]VBoxAntiVMDetectHardened mitigation (10/09/14)[/h] by EP_X0FF » Thu Aug 28, 2014 9:46 am Step by step guide for VirtualBox Hardened (4.3.14+) VM detection mitigation configuring.Later if nothing changes in Oracle product this will be moved to public forums.This guide and AntiVMDetect only applies to x86-64 Windows platform.Guide consists the following parts:1) VirtualBox Installation2) AntiVMDetect installation and configuring3) VirtualBox VM installation and configuring1) VirtualBox installation1.1) Do clean installation of latest VirtualBox. Clean mean - you must firstly uninstall any other versions of VirtualBox and reboot Windows to complete uninstallation. This ensures that no old VBox files will left in system memory and disk. Unfortunately VBox setup sometimes can't do complete removal without reboot.1.2) Start installation and select VirtualBox components to install as shown on fugure below.DO NOT INSTALL VirtualBox Networking, otherwise you will have problems with part 2 and 3 of this guide, as VirtualBox driver cannot be stoped when VirtualBox networking is active. This feature is pretty useless however, NAT still will be available for virtual machines.2) AntiVMDetect VM installation and configuring2.1) What we will target:- DMI Information;- IDE/AHCI devices (harddisks, cd-rom's);- ACPI OEM Information;- Ethernet Adapter MAC address;- PXE Boot data;- ACPI DSDT (Differentiated System Description Table);- ACPI SSDT (Secondary System Descriptor Table);- VGA Video BIOS data;- BIOS data;- VM splashscreen (optional, just for nice looking).How do we target this: we remove all sings of Oracle/Innotek signatures inside original data extracted by various ways from Oracle VirtualBox itself and then use documented and "not documented" ways to set these customized data for specific virtual machine using batch scripts, see 2.2 for more info and example.Articol complet: KernelMode.info • View topic - VBoxAntiVMDetectHardened mitigation (10/09/14) Quote
