ID: 408PHID: PHID-TASK-epod6nvhe4jindlomc7yAuthor: PatrickStatus at Migration Time: resolvedPriority at Migration Time: Normal
--synthcpu was removed in VirtualBox 5?
Let’s try some likely newly available options.
--cpuid-portability-level 3--cpuid-portability-level 999--cpuidremoveall
Info:
TODO:
Set the new option for exiting VMs.
Set the new option during build.
Test.
2015-12-05 13:25:25 UTC
2017-01-17 10:02:56 UTC
2017-01-18 04:59:43 UTC
After much research this is the best way to hide the CPU using VirtualBox:
Set vendor_id to “GenuineIntel”
–cpuidset 00000000 0x00000005 0x756e6547 0x49656e69 0x6c65746e
Set family/model/stepping (15/4/3), and feature flags (most are overridden by cpuid-portability-level any way)
–cpuidset 00000001 0x00000f43 0x00020800 0x0000649d 0xbfebfbff
Set model name to “Intel(R) Pentium(R) 4 CPU 3.00GHz”
–cpuidset 80000002 0x20202020 0x20202020 0x20202020 0x6e492020
Remove most feature flags
–cpuid-portability-level 3
This should work on all host x86 CPUs. I have tested on only Intel. Performance impact should be the same as --synthcpu (no different to now).
Reference notes for anyone investigates this later:
–cpuid-portability-level is the successor of --synthcpu and does all/most of the same things
–cpuidremoveleaf and --cpuidremoveall modify the .vbox config file only. They remove CPUID overrides added by --cpuidset. Beside that they have no effect.
A better solution if it worked would be to set VBoxInternal/CPUM/GuestCpuName to “Intel(R) Pentium(R) 4 CPU 3.00GHz”. GuestCpuName makes VirtualBox load all CPUID leaves and MSRs from its internal database of CPUs and their data, overriding all host CPU data. Unfortunately in testing only about 25% of CPUs actually work and whether they work or not probably depends on the host CPU so it is not suitable for general distribution. Maybe GuestCpuName will improve some time.
To change the vendor_id or model name hex use the scripts here:windows xp - Virtualbox, how to force a specific CPU to the guest - Super User
Setting VBoxInternal/CPUM/HostCPUID/… has the same affect as --cpuidset but --cpuidset is documented and better to use.
Related source files:
Primary file. Reads host CPU info and configuration overrides and passes it through or masks it
VBox/VMM/VMMR3/CPUMR3CpuId.cpp
Related to GuestCpuName
VBox/VMM/VMMR3/CPUMR3Db.cpp
Pretty obvious
VBox/Frontends/VBoxManage/VBoxManageHelp.cpp
2017-01-18 05:29:27 UTC
2017-01-18 06:04:10 UTC
2017-01-18 06:35:58 UTC
2017-01-21 19:59:59 UTC
Here is a more limited version, but better for general distribution:
vboxmanage modifyvm <uuid> --cpuidremoveall
# GenuineIntel
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/00000000/ebx 0x756e6547
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/00000000/ecx 0x6c65746e
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/00000000/edx 0x49656e69
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000000/ebx 0x756e6547
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000000/ecx 0x6c65746e
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000000/edx 0x49656e69
# Model/Family/Stepping
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/00000001/eax 0x00000f43
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000001/eax 0x00000f43
# Pentium model name
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000002/eax 0x20202020
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000002/ebx 0x20202020
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000002/ecx 0x20202020
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000002/edx 0x6e492020
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000003/eax 0x286c6574
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000003/ebx 0x50202952
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000003/ecx 0x69746e65
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000003/edx 0x52286d75
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000004/eax 0x20342029
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000004/ebx 0x20555043
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000004/ecx 0x30302e33
vboxmanage setextradata <uuid> VBoxInternal/CPUM/HostCPUID/80000004/edx 0x007a4847```
This version only changes registers controlling vendor, family/model/stepping and model name. The last version used `--cpuidset` which requires all registers be passed (eax...edx) which means overriding some flags and that makes problems.
Also `--cpuid-portability-level` even at `1` (the lowest level) removes too many flags and gives compatibility and performance problems.
With this version only text strings and family/model/stepping are changed. Flags are passed from host CPU but the likelyhood of profiling a user by looking at flags is low. VirtualBox sanitizes the flags and only passes those it supports. The host and guest CPU flags will be different and most guests will have the same or almost the same flags.
Most other CPU leaves are sanitized, removed or zero'd by VirtualBox. There will be differences in cache sizes, TLB and maybe a few others. I have not researched every single thing but I believe the most an attacker could determine would be a CPU series (i-3, Broadwell, Athlon, ..). I don't see anything indicating a specific model.
I mentioned in my last comment but for anyone researching later, test `GuestCpuName` and check if it has improved and is usable. If it works and is reliable that is a better choice than setting these registers.
Note: `/proc/cpuinfo` does not show all of the information. A tool like `cpuid` is needed.
Unfortunately I do not have a Whonix build set up and don't know anything about that. The build could either run the commands above or include the extra data in the configuration file like this:
```<Machine ...>
<ExtraData>
...
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/00000000/ebx" value="0x756e6547"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/00000000/ecx" value="0x6c65746e"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/00000000/edx" value="0x49656e69"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/00000001/eax" value="0x00000f43"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000000/ebx" value="0x756e6547"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000000/ecx" value="0x6c65746e"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000000/edx" value="0x49656e69"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000001/eax" value="0x00000f43"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000002/eax" value="0x20202020"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000002/ebx" value="0x20202020"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000002/ecx" value="0x20202020"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000002/edx" value="0x6e492020"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000003/eax" value="0x286c6574"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000003/ebx" value="0x50202952"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000003/ecx" value="0x69746e65"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000003/edx" value="0x52286d75"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000004/eax" value="0x20342029"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000004/ebx" value="0x20555043"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000004/ecx" value="0x30302e33"/>
<ExtraDataItem name="VBoxInternal/CPUM/HostCPUID/80000004/edx" value="0x007a4847"/>
<ExtraData>
</Machine>
2017-01-22 07:23:06 UTC
2017-03-10 01:01:33 UTC
2018-08-27 18:32:14 UTC
2018-08-27 18:32:48 UTC
2018-11-28 06:44:22 UTC