seb-win-refactoring/SafeExamBrowser.SystemComponents/VirtualMachineDetector.cs

/*
 * Copyright (c) 2023 ETH Zürich, Educational Development and Technology (LET)
 * 
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

using System;
using System.Linq;
using System.Management;
using System.Runtime.InteropServices;
using SafeExamBrowser.Logging.Contracts;
using SafeExamBrowser.SystemComponents.Contracts;
using Microsoft.Win32;

namespace SafeExamBrowser.SystemComponents
{
	public class VirtualMachineDetector : IVirtualMachineDetector
	{
		private static readonly string[] DEVICE_BLACKLIST =
		{
			// Hyper-V
			"PROD_VIRTUAL", "HYPER_V",
			// QEMU
			"qemu", "ven_1af4", "ven_1b36", "subsys_11001af4",
			// VirtualBox
			"vbox", "vid_80ee",
			// VMware
			"PROD_VMWARE", "VEN_VMWARE", "VMWARE_IDE"
		};
		private static readonly string QEMU_MAC_PREFIX = "525400";
		private static readonly string VIRTUALBOX_MAC_PREFIX = "080027";

		private readonly ILogger logger;
		private readonly ISystemInfo systemInfo;

		public VirtualMachineDetector(ILogger logger, ISystemInfo systemInfo)
		{
			this.logger = logger;
			this.systemInfo = systemInfo;
		}
		private bool IsVirtualSystemInfo(string biosInfo, string manufacturer, string model)
		{
			bool isVirtualMachine = false;

			biosInfo = biosInfo.ToLower();
			manufacturer = manufacturer.ToLower();
			model = model.ToLower();

			isVirtualMachine |= biosInfo.Contains("hyper-v");
			isVirtualMachine |= biosInfo.Contains("virtualbox");
			isVirtualMachine |= biosInfo.Contains("vmware");
			isVirtualMachine |= biosInfo.Contains("ovmf");
			isVirtualMachine |= biosInfo.Contains("edk ii unknown");  // qemu
			isVirtualMachine |= manufacturer.Contains("microsoft corporation") && !model.Contains("surface");
			isVirtualMachine |= manufacturer.Contains("parallels software");
			isVirtualMachine |= manufacturer.Contains("qemu");
			isVirtualMachine |= manufacturer.Contains("vmware");
			isVirtualMachine |= model.Contains("virtualbox");
			isVirtualMachine |= model.Contains("Q35 +");

			return isVirtualMachine;
		}

		private bool IsVirtualRegistry()
		{
			bool isVirtualMachine = false;

			RegistryKey hardwareConfig = Microsoft.Win32.Registry.LocalMachine.OpenSubKey("SYSTEM\\HardwareConfig");

			foreach (string childKeyName in hardwareConfig.GetSubKeyNames())
			{
				RegistryKey childKey = Microsoft.Win32.Registry.LocalMachine.OpenSubKey($"SYSTEM\\HardwareConfig\\{childKeyName}");
				childKey.GetValue("");

			}

			return isVirtualMachine;
		}

		private bool IsVirtualWmi()
		{
			bool isVirtualMachine = false;

			ManagementObjectSearcher searcherCpu = new ManagementObjectSearcher("SELECT * FROM Win32_Processor");

			// edge case where no CPU is detected?
			foreach (ManagementObject obj in searcherCpu.Get())
			{
				isVirtualMachine |= ((string) obj["Name"]).ToLower().Contains(" kvm ");  // qemu
			}

			return isVirtualMachine;
		}

		public bool IsVirtualMachine()
		{
			var biosInfo = systemInfo.BiosInfo;
			var isVirtualMachine = false;
			var macAddress = systemInfo.MacAddress;
			var manufacturer = systemInfo.Manufacturer;
			var model = systemInfo.Model;
			var devices = systemInfo.PlugAndPlayDeviceIds;

			isVirtualMachine |= IsVirtualSystemInfo(biosInfo, manufacturer, model);
			isVirtualMachine |= IsVirtualWmi();
			isVirtualMachine |= IsVirtualRegistry();

			// TODO: system version

			if (macAddress != null && macAddress.Count() > 2)
			{
				isVirtualMachine |= macAddress.StartsWith(QEMU_MAC_PREFIX);
				isVirtualMachine |= macAddress.StartsWith(VIRTUALBOX_MAC_PREFIX);
				isVirtualMachine |= macAddress.StartsWith("000000000000");  // indicates tampering
			}

			foreach (var device in devices)
			{
				isVirtualMachine |= DEVICE_BLACKLIST.Any(d => device.ToLower().Contains(d.ToLower()));
			}


			logger.Debug($"Computer '{systemInfo.Name}' appears {(isVirtualMachine ? "" : "not ")}to be a virtual machine.");

			return isVirtualMachine;
		}
	}
}
-												SEBWIN-316: Implemented rudimentary VM detection.

											
										
										
											2020-01-06 15:11:57 +01:00
+								/*
-												SEBWIN-649: Updated year in license and copyright remarks.

											
										
										
											2023-03-08 00:30:20 +01:00
+								 * Copyright (c) 2023 ETH Zürich, Educational Development and Technology (LET)
-												SEBWIN-316: Implemented rudimentary VM detection.

											
										
										
											2020-01-06 15:11:57 +01:00
+								 *
 								 * This Source Code Form is subject to the terms of the Mozilla Public
 								 * License, v. 2.0. If a copy of the MPL was not distributed with this
 								 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 								 */
-												added mac check, added WMI checks, and in progress registry check

											
										
										
											2023-04-01 16:25:56 +02:00
+								using System;
-												Code cleanup.

											
										
										
											2020-09-29 14:37:54 +02:00
+								using System.Linq;
-												added mac check, added WMI checks, and in progress registry check

											
										
										
											2023-04-01 16:25:56 +02:00
+								using System.Management;
 								using System.Runtime.InteropServices;
-												SEBWIN-316: Implemented rudimentary VM detection.

											
										
										
											2020-01-06 15:11:57 +01:00
+								using SafeExamBrowser.Logging.Contracts;
 								using SafeExamBrowser.SystemComponents.Contracts;
-												added mac check, added WMI checks, and in progress registry check

											
										
										
											2023-04-01 16:25:56 +02:00
+								using Microsoft.Win32;
-												SEBWIN-316: Implemented rudimentary VM detection.

											
										
										
											2020-01-06 15:11:57 +01:00
 								namespace SafeExamBrowser.SystemComponents
 								{
 									public class VirtualMachineDetector : IVirtualMachineDetector
 									{
-												SEBWIN-653: Added Hyper-V to virtual machine detector.

											
										
										
											2023-03-07 23:41:56 +01:00
+										private static readonly string[] DEVICE_BLACKLIST =
-												SEBWIN-648: Added VMware to PCI vendor blacklist.

											
										
										
											2023-02-23 16:40:26 +01:00
+										{
-												SEBWIN-653: Added Hyper-V to virtual machine detector.

											
										
										
											2023-03-07 23:41:56 +01:00
+											// Hyper-V
 											"PROD_VIRTUAL", "HYPER_V",
 											// QEMU
 											"qemu", "ven_1af4", "ven_1b36", "subsys_11001af4",
 											// VirtualBox
 											"vbox", "vid_80ee",
 											// VMware
 											"PROD_VMWARE", "VEN_VMWARE", "VMWARE_IDE"
-												SEBWIN-648: Added VMware to PCI vendor blacklist.

											
										
										
											2023-02-23 16:40:26 +01:00
+										};
-												Refactored mac detection

											
										
										
											2020-07-13 18:55:42 +02:00
+										private static readonly string QEMU_MAC_PREFIX = "525400";
-												SEBWIN-577: Implemented detection of BIOS manufacturer & name.

											
										
										
											2022-07-29 13:49:26 +02:00
+										private static readonly string VIRTUALBOX_MAC_PREFIX = "080027";
 										private readonly ILogger logger;
 										private readonly ISystemInfo systemInfo;
-												Fixed mac detection  #6 and new Property added

											
										
										
											2020-05-06 18:44:08 +02:00
-												SEBWIN-316: Implemented rudimentary VM detection.

											
										
										
											2020-01-06 15:11:57 +01:00
+										public VirtualMachineDetector(ILogger logger, ISystemInfo systemInfo)
 										{
 											this.logger = logger;
 											this.systemInfo = systemInfo;
 										}
-												added mac check, added WMI checks, and in progress registry check

											
										
										
											2023-04-01 16:25:56 +02:00
+										private bool IsVirtualSystemInfo(string biosInfo, string manufacturer, string model)
-												SEBWIN-316: Implemented rudimentary VM detection.

											
										
										
											2020-01-06 15:11:57 +01:00
+										{
-												added mac check, added WMI checks, and in progress registry check

											
										
										
											2023-04-01 16:25:56 +02:00
+											bool isVirtualMachine = false;
 											biosInfo = biosInfo.ToLower();
 											manufacturer = manufacturer.ToLower();
 											model = model.ToLower();
-												Minor fixes and Mac > 2 check

											
										
										
											2020-05-07 13:21:57 +02:00
-												SEBWIN-653: Added Hyper-V to virtual machine detector.

											
										
										
											2023-03-07 23:41:56 +01:00
+											isVirtualMachine |= biosInfo.Contains("hyper-v");
-												SEBWIN-577: Implemented detection of BIOS manufacturer & name.

											
										
										
											2022-07-29 13:49:26 +02:00
+											isVirtualMachine |= biosInfo.Contains("virtualbox");
-												SEBWIN-653: Added Hyper-V to virtual machine detector.

											
										
										
											2023-03-07 23:41:56 +01:00
+											isVirtualMachine |= biosInfo.Contains("vmware");
-												added mac check, added WMI checks, and in progress registry check

											
										
										
											2023-04-01 16:25:56 +02:00
+											isVirtualMachine |= biosInfo.Contains("ovmf");
 											isVirtualMachine |= biosInfo.Contains("edk ii unknown");  // qemu
-												SEBWIN-316: Implemented rudimentary VM detection.

											
										
										
											2020-01-06 15:11:57 +01:00
+											isVirtualMachine |= manufacturer.Contains("microsoft corporation") && !model.Contains("surface");
 											isVirtualMachine |= manufacturer.Contains("parallels software");
-												 qemu detection added
											
										
										
											2020-04-28 13:28:59 +02:00
+											isVirtualMachine |= manufacturer.Contains("qemu");
-												SEBWIN-653: Added Hyper-V to virtual machine detector.

											
										
										
											2023-03-07 23:41:56 +01:00
+											isVirtualMachine |= manufacturer.Contains("vmware");
 											isVirtualMachine |= model.Contains("virtualbox");
-												added mac check, added WMI checks, and in progress registry check

											
										
										
											2023-04-01 16:25:56 +02:00
+											isVirtualMachine |= model.Contains("Q35 +");
 											return isVirtualMachine;
 										}
 										private bool IsVirtualRegistry()
 										{
 											bool isVirtualMachine = false;
 											RegistryKey hardwareConfig = Microsoft.Win32.Registry.LocalMachine.OpenSubKey("SYSTEM\\HardwareConfig");
 											foreach (string childKeyName in hardwareConfig.GetSubKeyNames())
 											{
 												RegistryKey childKey = Microsoft.Win32.Registry.LocalMachine.OpenSubKey($"SYSTEM\\HardwareConfig\\{childKeyName}");
 												childKey.GetValue("");
 											}
 											return isVirtualMachine;
 										}
 										private bool IsVirtualWmi()
 										{
 											bool isVirtualMachine = false;
 											ManagementObjectSearcher searcherCpu = new ManagementObjectSearcher("SELECT * FROM Win32_Processor");
 											// edge case where no CPU is detected?
 											foreach (ManagementObject obj in searcherCpu.Get())
 											{
 												isVirtualMachine |= ((string) obj["Name"]).ToLower().Contains(" kvm ");  // qemu
 											}
 											return isVirtualMachine;
 										}
 										public bool IsVirtualMachine()
 										{
 											var biosInfo = systemInfo.BiosInfo;
 											var isVirtualMachine = false;
 											var macAddress = systemInfo.MacAddress;
 											var manufacturer = systemInfo.Manufacturer;
 											var model = systemInfo.Model;
 											var devices = systemInfo.PlugAndPlayDeviceIds;
 											isVirtualMachine |= IsVirtualSystemInfo(biosInfo, manufacturer, model);
 											isVirtualMachine |= IsVirtualWmi();
 											isVirtualMachine |= IsVirtualRegistry();
 											// TODO: system version
-												Minor fixes and Mac > 2 check

											
										
										
											2020-05-07 13:21:57 +02:00
 											if (macAddress != null && macAddress.Count() > 2)
 											{
-												added mac check, added WMI checks, and in progress registry check

											
										
										
											2023-04-01 16:25:56 +02:00
+												isVirtualMachine |= macAddress.StartsWith(QEMU_MAC_PREFIX);
 												isVirtualMachine |= macAddress.StartsWith(VIRTUALBOX_MAC_PREFIX);
 												isVirtualMachine |= macAddress.StartsWith("000000000000");  // indicates tampering
-												Minor fixes and Mac > 2 check

											
										
										
											2020-05-07 13:21:57 +02:00
+											}
-												SEBWIN-653: Added Hyper-V to virtual machine detector.

											
										
										
											2023-03-07 23:41:56 +01:00
+											foreach (var device in devices)
-												Fixed name Vendor #6 and new Property added

											
										
										
											2020-05-06 21:45:04 +02:00
+											{
-												SEBWIN-653: Added Hyper-V to virtual machine detector.

											
										
										
											2023-03-07 23:41:56 +01:00
+												isVirtualMachine |= DEVICE_BLACKLIST.Any(d => device.ToLower().Contains(d.ToLower()));
-												Fixed name Vendor #6 and new Property added

											
										
										
											2020-05-06 21:45:04 +02:00
+											}
-												Minor fixes and Mac > 2 check

											
										
										
											2020-05-07 13:21:57 +02:00
-												added mac check, added WMI checks, and in progress registry check

											
										
										
											2023-04-01 16:25:56 +02:00
-												SEBWIN-577: Implemented detection of BIOS manufacturer & name.

											
										
										
											2022-07-29 13:49:26 +02:00
+											logger.Debug($"Computer '{systemInfo.Name}' appears {(isVirtualMachine ? "" : "not ")}to be a virtual machine.");
-												SEBWIN-316: Implemented rudimentary VM detection.

											
										
										
											2020-01-06 15:11:57 +01:00
 											return isVirtualMachine;
 										}
 									}
 								}