2

I know a software that is able to identify me as a host even when it runs inside a vm (using vmware running Windows 7 x64, host is Windows 10 x64). They generate some unique signature/hardware fingerprint and it's based on hardware.

This fingerprint is the same on host PC and the same on guest PC. Even when I disconnect network adapter so it must be done offline. How can I achieve something like this? Do they use some kind of magic or hack and access my real hardware information inside VM, on a completely clean windows?

They're able to generate completely unique identifiers and they're the same on my home PC and virtual machines created on this PC.

Is that technically possible to do this?

Konrad
  • 6,385
  • 12
  • 53
  • 96
  • 1
    You write _"I know a software that is.."_. Which software is this? – Jabberwocky Dec 21 '17 at 13:25
  • It's a game that is using some magic tricks to do this, probably undocumented stuff as well. Actually your previous comment was quite useful: https://sites.google.com/site/chitchatvmback/backdoor – Konrad Dec 21 '17 at 13:26

1 Answers1

1

After a lot of research, there's no way to get any hardware information of host machine from inside of VMWare. It is completely isolated environment and it has no right to go beyond that.

You can use a backdoor that is provided officially by VMWare: https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/lib/include/backdoor_def.h but that will only allow you to access contents of the .VFX file and to detect if program is running inside a VM.

Anything else are just exploits used by hackers, so called "VM escape": http://vmblog.com/archive/2017/03/30/vmware-patches-critical-vm-escape-vulnerabilities-identified-at-pwn2own.aspx but they're patched quickly and for good.

The only thing that can be shared between host and guest is IP address.

Konrad
  • 6,385
  • 12
  • 53
  • 96