From b47f4c04a58bcfb6dde67cff5a2394b99dad76de Mon Sep 17 00:00:00 2001 From: bRootForceOfficial <226203328+bRootForceOfficial@users.noreply.github.com> Date: Sat, 25 Oct 2025 09:08:49 -0400 Subject: [PATCH] Add files via upload --- undo.sh | 131 ++++++++++++++++++++ vbox_stealth.sh | 310 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 441 insertions(+) create mode 100644 undo.sh create mode 100644 vbox_stealth.sh diff --git a/undo.sh b/undo.sh new file mode 100644 index 0000000..d5e0773 --- /dev/null +++ b/undo.sh @@ -0,0 +1,131 @@ +#!/bin/bash +# VirtualBox Configuration Undo Script + +set -eo pipefail + +VM="${1:-}" + +# Color output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +CYAN='\033[0;36m' +NC='\033[0m' + +log_error() { echo -e "${RED}[ERROR]${NC} $1" >&2; } +log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; } +log_info() { echo -e "${YELLOW}[INFO]${NC} $1"; } +log_section() { echo -e "${CYAN}[*]${NC} $1"; } + +# Validate inputs +if [ -z "$VM" ]; then + echo "Usage: $0 \"VM Name\"" + exit 1 +fi + +# Check if VBoxManage exists +if ! command -v VBoxManage &> /dev/null; then + log_error "VBoxManage not found. Please install VirtualBox." + exit 1 +fi + +VBOXMANAGE="VBoxManage" + +# Check if VM exists +if ! "$VBOXMANAGE" showvminfo "$VM" &> /dev/null; then + log_error "VM '$VM' not found." + exit 1 +fi + +# Check VM state +check_vm_state() { + local state + state=$("$VBOXMANAGE" showvminfo "$VM" --machinereadable | grep "^VMState=" | cut -d'"' -f2) + if [ "$state" != "poweroff" ] && [ "$state" != "aborted" ]; then + log_error "VM must be powered off. Current state: $state" + exit 1 + fi +} + +generate_random_uuid() { + if command -v uuidgen &> /dev/null; then + uuidgen + else + printf '%08x-%04x-%04x-%04x-%012x\n' \ + $((RANDOM * RANDOM)) $RANDOM $((RANDOM | 0x4000)) \ + $((RANDOM | 0x8000)) $((RANDOM * RANDOM * RANDOM)) + fi +} + +# Backup current settings +backup_settings() { + local backup_dir="/tmp/vbox_backups" + mkdir -p "$backup_dir" + + local backup_file="$backup_dir/vbox_backup_${VM// /_}_$(date +%Y%m%d_%H%M%S).txt" + log_info "Backing up current settings to: $backup_file" + + { + echo "=== VM Configuration Backup ===" + echo "Timestamp: $(date)" + echo "VM Name: $VM" + echo "" + echo "=== Hardware UUID ===" + "$VBOXMANAGE" showvminfo "$VM" --machinereadable | grep "^hardwareuuid=" + echo "" + echo "=== MAC Addresses ===" + "$VBOXMANAGE" showvminfo "$VM" --machinereadable | grep "^macaddress" + echo "" + echo "=== Paravirtualization ===" + "$VBOXMANAGE" showvminfo "$VM" --machinereadable | grep "^paravirtprovider=" + echo "" + echo "=== Graphics Controller ===" + "$VBOXMANAGE" showvminfo "$VM" --machinereadable | grep "^graphicscontroller=" + echo "" + echo "=== All Extra Data ===" + "$VBOXMANAGE" getextradata "$VM" enumerate + } > "$backup_file" + + log_success "Backup saved to: $backup_file" +} + +undo_identifiers() { + log_section "Reverting to VirtualBox Defaults" + check_vm_state + backup_settings + + log_info "Removing all custom configuration..." + + # Remove all VBoxInternal extradata + "$VBOXMANAGE" getextradata "$VM" enumerate 2>/dev/null | grep "^Key: VBoxInternal" | while read -r line; do + local key=$(echo "$line" | sed 's/^Key: \(.*\), Value:.*/\1/') + if [ -n "$key" ]; then + "$VBOXMANAGE" setextradata "$VM" "$key" "" 2>/dev/null || true + fi + done + + # Reset MAC addresses + log_info "Resetting network adapters..." + for i in {1..8}; do + "$VBOXMANAGE" modifyvm "$VM" --macaddress${i} auto 2>/dev/null || true + done + + # Reset UUID + log_info "Generating new UUID..." + local new_uuid=$(generate_random_uuid) + "$VBOXMANAGE" modifyvm "$VM" --hardware-uuid "$new_uuid" + + # Restore paravirtualization + "$VBOXMANAGE" modifyvm "$VM" --paravirtprovider default 2>/dev/null || true + + # Restore graphics + "$VBOXMANAGE" modifyvm "$VM" --graphicscontroller vboxsvga 2>/dev/null || true + + # Restore CPU settings + "$VBOXMANAGE" modifyvm "$VM" --cpu-execution-cap 100 2>/dev/null || true + "$VBOXMANAGE" modifyvm "$VM" --hpet on 2>/dev/null || true + + log_success "VM reverted to VirtualBox defaults" +} + +undo_identifiers diff --git a/vbox_stealth.sh b/vbox_stealth.sh new file mode 100644 index 0000000..16f5c61 --- /dev/null +++ b/vbox_stealth.sh @@ -0,0 +1,310 @@ +#!/bin/bash +################################################# +# VirtualBox VM Stealth Configuration - Tested on VBOX 7.2.2 +# Run BEFORE starting the VM (VM must be powered off) +# Usage: ./vbox_stealth.sh "VM_NAME" [dell|hp|lenovo|asus] +################################################# + +VM_NAME="$1" +PRESET="${2:-dell}" + +echo "================================================================" +echo "VirtualBox VM Stealth Configuration - Tested on VBOX v7.2.2" +echo "Tested with Windows 10 VM, may work for other stuff too idk" +echo "================================================================" +echo "" + +# Check arguments +if [ -z "$VM_NAME" ]; then + echo "Usage: $0 \"VM_NAME\" [dell|hp|lenovo|asus]" + echo "Example: $0 \"Windows 10\" dell" + echo "" + echo "Available VMs:" + VBoxManage list vms + exit 1 +fi + +# Check if VBoxManage exists +if ! command -v VBoxManage &> /dev/null; then + echo "Error: VBoxManage not found" + exit 1 +fi + +# Check if VM exists +if ! VBoxManage showvminfo "$VM_NAME" &>/dev/null; then + echo "Error: VM '$VM_NAME' not found" + echo "" + echo "Available VMs:" + VBoxManage list vms + exit 1 +fi + +echo "VM: $VM_NAME" +echo "Preset: $PRESET" +echo "" + +# Generate random serials with more realistic formats +SYSTEM_SERIAL=$(cat /dev/urandom | tr -dc 'A-Z0-9' | fold -w 10 | head -n 1) +BOARD_SERIAL=$(cat /dev/urandom | tr -dc 'A-Z0-9' | fold -w 8 | head -n 1) +CHASSIS_SERIAL=$(cat /dev/urandom | tr -dc 'A-Z0-9' | fold -w 8 | head -n 1) +DISK_SERIAL=$(cat /dev/urandom | tr -dc 'A-Z0-9' | fold -w 20 | head -n 1) + +# Preset configurations +case "$PRESET" in + dell) + BIOS_VENDOR="American Megatrends Inc." + BIOS_VERSION="2.18.0" + BIOS_RELEASE_DATE="12/15/2022" + SYSTEM_VENDOR="Dell Inc." + SYSTEM_PRODUCT="OptiPlex 7090" + BOARD_PRODUCT="0J42H4" + DISK_MODEL="Samsung SSD 870 EVO 500GB" + ;; + hp) + BIOS_VENDOR="HP" + BIOS_VERSION="T83 v02.08" + BIOS_RELEASE_DATE="10/28/2022" + SYSTEM_VENDOR="HP" + SYSTEM_PRODUCT="HP EliteDesk 800 G6" + BOARD_PRODUCT="872E" + DISK_MODEL="WDC WD5000AAKX-60U6AA0" + ;; + lenovo) + BIOS_VENDOR="LENOVO" + BIOS_VERSION="M1AKT59A" + BIOS_RELEASE_DATE="11/03/2022" + SYSTEM_VENDOR="LENOVO" + SYSTEM_PRODUCT="ThinkCentre M720q" + BOARD_PRODUCT="3106SDK0J40705" + DISK_MODEL="Samsung SSD 860 EVO 500GB" + ;; + asus) + BIOS_VENDOR="American Megatrends Inc." + BIOS_VERSION="1401" + BIOS_RELEASE_DATE="09/20/2022" + SYSTEM_VENDOR="ASUSTeK COMPUTER INC." + SYSTEM_PRODUCT="PRIME B560M-A" + BOARD_PRODUCT="PRIME B560M-A" + DISK_MODEL="Samsung SSD 980 PRO 500GB" + ;; + *) + echo "Unknown preset: $PRESET, using dell" + PRESET="dell" + BIOS_VENDOR="American Megatrends Inc." + BIOS_VERSION="2.18.0" + BIOS_RELEASE_DATE="12/15/2022" + SYSTEM_VENDOR="Dell Inc." + SYSTEM_PRODUCT="OptiPlex 7090" + BOARD_PRODUCT="0J42H4" + DISK_MODEL="Samsung SSD 870 EVO 500GB" + ;; +esac + +echo "================================================================" +echo "DMI/SMBIOS BIOS Information" +echo "================================================================" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVendor" "$BIOS_VENDOR" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVersion" "$BIOS_VERSION" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseDate" "$BIOS_RELEASE_DATE" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseMajor" 5 +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseMinor" 12 +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSFirmwareMajor" 5 +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSFirmwareMinor" 12 +echo "✓ BIOS information configured (Date: $BIOS_RELEASE_DATE)" +echo "" + +echo "================================================================" +echo "DMI/SMBIOS System Information" +echo "================================================================" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemVendor" "$SYSTEM_VENDOR" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemProduct" "$SYSTEM_PRODUCT" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemVersion" "1.0" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemSerial" "$SYSTEM_SERIAL" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemSKU" "0A12" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemFamily" "Desktop" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemUuid" "$(uuidgen 2>/dev/null || cat /proc/sys/kernel/random/uuid 2>/dev/null || echo '00000000-0000-0000-0000-000000000000')" +echo "✓ System information configured" +echo "" + +echo "================================================================" +echo "DMI/SMBIOS Board Information" +echo "================================================================" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardVendor" "$SYSTEM_VENDOR" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardProduct" "$BOARD_PRODUCT" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardVersion" "A00" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardSerial" "$BOARD_SERIAL" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardAssetTag" "Default" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardLocInChass" "Default" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardBoardType" 10 +echo "✓ Board information configured" +echo "" + +echo "================================================================" +echo "DMI/SMBIOS Chassis Information" +echo "================================================================" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiChassisVendor" "$SYSTEM_VENDOR" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiChassisVersion" "1.0" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiChassisSerial" "$CHASSIS_SERIAL" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiChassisAssetTag" "Default" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/pcbios/0/Config/DmiChassisType" 3 +echo "✓ Chassis information configured" +echo "" + +echo "================================================================" +echo "ACPI Configuration" +echo "================================================================" +# Change ACPI OEM IDs to match real hardware +case "$PRESET" in + dell) + VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/acpi/0/Config/AcpiOemId" "DELL " + ;; + hp) + VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/acpi/0/Config/AcpiOemId" "HPQOEM" + ;; + lenovo) + VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/acpi/0/Config/AcpiOemId" "LENOVO" + ;; + asus) + VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/acpi/0/Config/AcpiOemId" "ALASKA" + ;; +esac + +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/acpi/0/Config/AcpiCreatorId" "INTL" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/acpi/0/Config/AcpiCreatorRev" "0x20210331" + +echo "✓ ACPI tables configured" +echo "⚠️ Note: ACPI VBOX__ entries require guest-side registry cleanup" +echo "" + +echo "================================================================" +echo "Disk Configuration (AHCI/IDE/NVMe)" +echo "================================================================" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/ahci/0/Config/Port0/ModelNumber" "$DISK_MODEL" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/ahci/0/Config/Port0/SerialNumber" "$DISK_SERIAL" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/ahci/0/Config/Port0/FirmwareRevision" "SVT02B6Q" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/ModelNumber" "$DISK_MODEL" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/SerialNumber" "$DISK_SERIAL" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/FirmwareRevision" "01.01A01" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/nvme/0/Config/ModelNumber" "$DISK_MODEL" +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/nvme/0/Config/SerialNumber" "$DISK_SERIAL" +echo "✓ Disk information configured" +echo "" + +echo "================================================================" +echo "CPU Configuration" +echo "================================================================" +# Set paravirtualization provider to none to hide hypervisor presence +VBoxManage modifyvm "$VM_NAME" --paravirtprovider none + +# Remove CPUID leaves that expose hypervisor +VBoxManage modifyvm "$VM_NAME" --cpuid-set 0x00000001 0x000306a9 0x00020800 0x7fbae3ff 0xbfebfbff + +# Remove hypervisor CPUID leaves completely +VBoxManage modifyvm "$VM_NAME" --cpuid-remove 0x40000000 +VBoxManage modifyvm "$VM_NAME" --cpuid-remove 0x40000001 +VBoxManage modifyvm "$VM_NAME" --cpuid-remove 0x40000002 +VBoxManage modifyvm "$VM_NAME" --cpuid-remove 0x40000003 +VBoxManage modifyvm "$VM_NAME" --cpuid-remove 0x40000004 +VBoxManage modifyvm "$VM_NAME" --cpuid-remove 0x40000005 +VBoxManage modifyvm "$VM_NAME" --cpuid-remove 0x40000006 + +# Remove extended CPUID leaves that might expose virtualization +VBoxManage modifyvm "$VM_NAME" --cpuid-remove 0x80000001 + +echo "✓ CPUID leaves masked" +echo "" + +echo "================================================================" +echo "Timing and Performance" +echo "================================================================" +# Tie TSC to execution to prevent timing-based detection +VBoxManage setextradata "$VM_NAME" "VBoxInternal/TM/TSCTiedToExecution" 1 + +# Enable large pages for more realistic timing +VBoxManage modifyvm "$VM_NAME" --largepages on + +# Disable time sync to prevent detection via timing analysis +VBoxManage setextradata "$VM_NAME" "VBoxInternal/Devices/VMMDev/0/Config/GetHostTimeDisabled" 1 + +echo "✓ Timing optimizations applied" +echo "" + +echo "================================================================" +echo "Network Configuration" +echo "================================================================" +# Change MAC address to avoid VirtualBox range (08:00:27:xx:xx:xx) +# Generate a realistic Intel MAC address +RANDOM_MAC=$(printf '00:1A:2B:%02X:%02X:%02X\n' $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256))) +VBoxManage modifyvm "$VM_NAME" --macaddress1 $(echo $RANDOM_MAC | tr -d ':') +echo "✓ MAC address changed to: $RANDOM_MAC" +echo "" + +echo "================================================================" +echo "Additional Stealth Settings" +echo "================================================================" + +# Disable nested HW virtualization (can be used for detection) +VBoxManage modifyvm "$VM_NAME" --nested-hw-virt off + +# Set realistic firmware type (most modern systems use EFI) +# Note: This may require reinstalling the OS if changing from BIOS to EFI +CURRENT_FIRMWARE=$(VBoxManage showvminfo "$VM_NAME" --machinereadable | grep "firmware=" | cut -d'"' -f2) +echo "Current firmware: $CURRENT_FIRMWARE" +echo "⚠️ Consider using --firmware efi for more realistic modern hardware emulation" +echo " (requires OS reinstall if switching from BIOS)" +echo "" + +echo "================================================================" +echo "Configuration Summary" +echo "================================================================" +echo "System Vendor: $SYSTEM_VENDOR" +echo "System Product: $SYSTEM_PRODUCT" +echo "BIOS Vendor: $BIOS_VENDOR" +echo "BIOS Version: $BIOS_VERSION" +echo "BIOS Date: $BIOS_RELEASE_DATE" +echo "System Serial: $SYSTEM_SERIAL" +echo "Disk Model: $DISK_MODEL" +echo "MAC Address: $RANDOM_MAC" +echo "Paravirt Provider: none" +echo "TSC Mode: Tied to execution" +echo "" + +echo "================================================================" +echo "IMPORTANT: Next Steps" +echo "================================================================" +echo "" +echo "1. START THE VM" +echo "" +echo "2. RUN VBoxCloak.ps1 inside Windows:" +echo " PowerShell -ExecutionPolicy Bypass -File VBoxCloak.ps1 -all" +echo "" +echo "3. DISABLE/REMOVE these features in Windows:" +echo " • VirtualBox Guest Additions (uninstall completely)" +echo " • Shared folders" +echo " • Bidirectional clipboard" +echo " • Drag and drop" +echo "" +echo "4. VERIFY in Device Manager:" +echo " • No VirtualBox devices should be visible" +echo " • Remove any 'Unknown devices' related to VBox" +echo "" +echo "5. TEST with detection tools:" +echo " • al-khaser" +echo " • pafish" +echo " • Ensure Guest Additions are fully removed first" +echo "" +echo "================================================================" +echo "Known Limitations (Cannot be Fixed)" +echo "================================================================" +echo "" +echo "The following detections will likely remain:" +echo "• WMI class instance checks (Win32_PhysicalMemory, etc.)" +echo "• Thermal zone information (MSAcpi_ThermalZoneTemperature)" +echo "• Some CIM sensor classes" +echo "• Power management capability differences" +echo "• Hardware timing variations" +echo "" +echo "These are inherent to VirtualBox's architecture and would" +echo "require kernel-mode drivers or source code modifications." +echo "" +echo "================================================================"