hax/vbox_stealth
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Create README.md

Browse source
This commit is contained in:
bRootForceOfficial 2025-10-25 09:11:11 -04:00 committed by GitHub
parent b47f4c04a5
commit 966f2eeb95
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 197 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

197
README.md Normal file
View file

@ -0,0 +1,197 @@
# VirtualBox Stealth Configuration Scripts
Bash scripts to configure VirtualBox VMs with realistic hardware identifiers to reduce detectability.
## ⚠️ Disclaimer
**My boy Big Claude helped me out with these scripts so they are probably jank.** However, they will get you significantly further than running VBoxCloak.ps1 alone because they modify the VM's hardware configuration at the hypervisor level *before* the OS boots, making the guest OS believe it has different hardware than what VirtualBox supplies by default.
## 📋 What's Included
- **`vbox_stealth.sh`** - Main configuration script that applies stealth settings
- **`undo.sh`** - Reverts all changes and restores VirtualBox defaults
## 🎯 Best Results
These scripts work best when combined with **[VBoxCloak by Kyle Cucci](https://github.com/d4rksystem/VBoxCloak)**.
**Recommended workflow:**
1. Power off your VM completely
2. Run `vbox_stealth.sh` to configure hardware identifiers
3. Start the VM
4. Run VBoxCloak.ps1 inside the guest OS to clean up registry entries and artifacts
This two-pronged approach addresses detection vectors at both the hypervisor level (hardware) and the guest OS level (software artifacts).
## 💻 Windows Users - Running Bash Scripts
Since these are bash scripts but VirtualBox runs on Windows, you'll need a bash environment. Here are the easiest options:
### Option 1: Git Bash (Recommended - Easiest)
1. **Install Git for Windows** from [git-scm.com](https://git-scm.com/download/win)
- During installation, make sure "Git Bash" is selected
2. **Open Git Bash** (search for it in Start menu)
3. **Navigate to your scripts folder:**
```bash
cd /c/path/to/your/scripts
```
4. **Run the scripts** as shown in the Usage section below
### Option 2: WSL (Windows Subsystem for Linux)
1. **Install WSL** (PowerShell as Admin):
```powershell
wsl --install
```
2. **Restart your computer** when prompted
3. **Open Ubuntu** (or your chosen distro) from Start menu
4. **Navigate to Windows files:**
```bash
cd /mnt/c/path/to/your/scripts
```
5. **Run the scripts** as shown in the Usage section below
### Option 3: Cygwin
1. Download and install [Cygwin](https://www.cygwin.com/)
2. Ensure `bash` package is selected during installation
3. Open Cygwin terminal and run scripts
**Note:** VBoxManage must be in your PATH. If you get "VBoxManage not found" errors:
```bash
# Add to PATH (Git Bash/WSL)
export PATH="$PATH:/c/Program Files/Oracle/VirtualBox"
# Or use full path
"/c/Program Files/Oracle/VirtualBox/VBoxManage.exe" list vms
```
## 🚀 Usage
### Initial Setup
```bash
# Make scripts executable
chmod +x vbox_stealth.sh undo.sh
# Apply stealth configuration (Dell preset)
./vbox_stealth.sh "VM Name" dell
# Available presets: dell, hp, lenovo, asus
./vbox_stealth.sh "Windows 10" hp
```
### Reverting Changes
```bash
# Restore VirtualBox defaults
./undo.sh "VM Name"
```
## 🔧 What Gets Modified
The script configures the following to mimic real hardware:
### BIOS/SMBIOS Information
- BIOS vendor, version, and release date
- System vendor and product names
- Motherboard details and serials
- Chassis information
### Hardware Identifiers
- Randomized serial numbers for system, board, and chassis
- Realistic disk model and serial numbers
- MAC address changed from VirtualBox range (08:00:27:xx:xx:xx)
### CPU Configuration
- Removes hypervisor CPUID leaves
- Disables paravirtualization provider
- Masks virtualization detection flags
### Timing & Performance
- TSC tied to execution
- Disabled time synchronization
- Large pages enabled
### ACPI Tables
- OEM IDs changed to match manufacturer presets
## 📝 Requirements
- VirtualBox 7.x (tested on 7.2.2)
- VM must be **powered off** before running scripts
- `uuidgen` or `/proc/sys/kernel/random/uuid` for UUID generation
- Bash shell
## ⚙️ Hardware Presets
| Preset | System | BIOS | Typical Use Case |
|--------|--------|------|------------------|
| `dell` | OptiPlex 7090 | American Megatrends | Corporate desktop |
| `hp` | EliteDesk 800 G6 | HP | Enterprise workstation |
| `lenovo` | ThinkCentre M720q | Lenovo | Small form factor PC |
| `asus` | PRIME B560M-A | American Megatrends | Custom build |
## 🛡️ Additional Steps (Important!)
After running the script, you should:
1. **Start the VM** and run VBoxCloak.ps1:
```powershell
PowerShell -ExecutionPolicy Bypass -File VBoxCloak.ps1 -all
```
2. **Remove VirtualBox Guest Additions** completely
3. **Disable in VirtualBox settings:**
- Shared folders
- Bidirectional clipboard
- Drag and drop
4. **Verify in Device Manager:**
- No VirtualBox devices should be visible
- Remove any "Unknown devices" related to VBox
5. **Test with detection tools:**
- al-khaser
- pafish
- Ensure Guest Additions are removed first
## 🚨 Known Limitations
Some detections will likely remain due to VirtualBox's architecture:
- WMI class instance checks (Win32_PhysicalMemory, etc.)
- Thermal zone information (MSAcpi_ThermalZoneTemperature)
- Some CIM sensor classes
- Power management capability differences
- Hardware timing variations
These would require kernel-mode drivers or VirtualBox source code modifications to address.
## 🔄 Backup & Recovery
The `undo.sh` script automatically creates backups before making changes:
- Backups stored in `/tmp/vbox_backups/`
- Named with timestamp: `vbox_backup_VMName_YYYYMMDD_HHMMSS.txt`
- Contains all original settings for manual restoration if needed
## 📚 Resources
- [VBoxCloak](https://github.com/d4rksystem/VBoxCloak) - Companion PowerShell script for guest OS cleanup
- [VirtualBox Manual](https://www.virtualbox.org/manual/) - Official documentation
- [al-khaser](https://github.com/LordNoteworthy/al-khaser) - VM detection testing tool
- [pafish](https://github.com/a0rtega/pafish) - Paranoid Fish VM detection
## ⚖️ Legal Notice
These scripts are for **educational and legitimate testing purposes only**. Users are responsible for ensuring compliance with applicable laws and terms of service. Bypassing security measures or evading detection for malicious purposes is illegal.
## 📄 License
MIT License - Feel free to use, modify, and distribute.
---
**Note:** Always test in a non-production environment first. VM detection is a cat-and-mouse game, and no solution is 100% foolproof.