/*
* Copyright (c) 2023 ETH Zürich, Educational Development and Technology (LET)
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
using System.Linq;
using SafeExamBrowser.Logging.Contracts;
using SafeExamBrowser.SystemComponents.Contracts;
using SafeExamBrowser.SystemComponents.Contracts.Registry;
namespace SafeExamBrowser.SystemComponents
{
public class VirtualMachineDetector : IVirtualMachineDetector
{
private const string MANIPULATED = "000000000000";
private const string QEMU_MAC_PREFIX = "525400";
private const string VIRTUALBOX_MAC_PREFIX = "080027";
private static readonly string[] DeviceBlacklist =
{
// Hyper-V
"PROD_VIRTUAL", "HYPER_V",
// QEMU
"qemu", "ven_1af4", "ven_1b36", "subsys_11001af4",
// VirtualBox
"VEN_VBOX", "vid_80ee",
// VMware
"PROD_VMWARE", "VEN_VMWARE", "VMWARE_IDE"
};
private static readonly string[] DeviceWhitelist =
{
// Microsoft Virtual Disk Device
"PROD_VIRTUAL_DISK",
// Microsoft Virtual DVD Device
"PROD_VIRTUAL_DVD"
};
private readonly ILogger logger;
private readonly IRegistry registry;
private readonly ISystemInfo systemInfo;
public VirtualMachineDetector(ILogger logger, IRegistry registry, ISystemInfo systemInfo)
{
this.logger = logger;
this.registry = registry;
this.systemInfo = systemInfo;
}
public bool IsVirtualMachine()
{
var isVirtualMachine = false;
isVirtualMachine |= HasVirtualDevice();
isVirtualMachine |= HasVirtualMacAddress();
isVirtualMachine |= IsVirtualCpu();
isVirtualMachine |= IsVirtualRegistry();
isVirtualMachine |= IsVirtualSystem(systemInfo.BiosInfo, systemInfo.Manufacturer, systemInfo.Model);
logger.Debug($"Computer '{systemInfo.Name}' appears {(isVirtualMachine ? "" : "not ")}to be a virtual machine.");
return isVirtualMachine;
}
private bool HasVirtualDevice()
{
var hasVirtualDevice = false;
foreach (var device in systemInfo.PlugAndPlayDeviceIds)
{
hasVirtualDevice |= DeviceBlacklist.Any(d => device.ToLower().Contains(d.ToLower())) && DeviceWhitelist.All(d => !device.ToLower().Contains(d.ToLower()));
}
return hasVirtualDevice;
}
private bool HasVirtualMacAddress()
{
var hasVirtualMacAddress = false;
var macAddress = systemInfo.MacAddress;
if (macAddress != null && macAddress.Length > 2)
{
hasVirtualMacAddress |= macAddress.StartsWith(MANIPULATED);
hasVirtualMacAddress |= macAddress.StartsWith(QEMU_MAC_PREFIX);
hasVirtualMacAddress |= macAddress.StartsWith(VIRTUALBOX_MAC_PREFIX);
}
return hasVirtualMacAddress;
}
private bool IsVirtualCpu()
{
var isVirtualCpu = false;
isVirtualCpu |= systemInfo.CpuName.ToLower().Contains(" kvm ");
return isVirtualCpu;
}
private bool IsVirtualRegistry()
{
var isVirtualRegistry = false;
isVirtualRegistry |= HasHistoricVirtualMachineHardwareConfiguration();
isVirtualRegistry |= HasLocalVirtualMachineDeviceCache();
return isVirtualRegistry;
}
private bool IsVirtualSystem(string biosInfo, string manufacturer, string model)
{
var isVirtualSystem = false;
biosInfo = biosInfo.ToLower();
manufacturer = manufacturer.ToLower();
model = model.ToLower();
isVirtualSystem |= biosInfo.Contains("hyper-v");
isVirtualSystem |= biosInfo.Contains("virtualbox");
isVirtualSystem |= biosInfo.Contains("vmware");
isVirtualSystem |= biosInfo.Contains("ovmf");
isVirtualSystem |= biosInfo.Contains("edk ii unknown");
isVirtualSystem |= manufacturer.Contains("microsoft corporation") && !model.Contains("surface");
isVirtualSystem |= manufacturer.Contains("parallels software");
isVirtualSystem |= manufacturer.Contains("qemu");
isVirtualSystem |= manufacturer.Contains("vmware");
isVirtualSystem |= model.Contains("virtualbox");
isVirtualSystem |= model.Contains("Q35 +");
return isVirtualSystem;
}
private bool HasHistoricVirtualMachineHardwareConfiguration()
{
var hasHistoricConfiguration = false;
if (registry.TryGetSubKeys(RegistryValue.MachineHive.HardwareConfig_Key, out var hardwareConfigSubkeys))
{
foreach (var configId in hardwareConfigSubkeys)
{
var hardwareConfigKey = $@"{RegistryValue.MachineHive.HardwareConfig_Key}\{configId}";
var computerIdsKey = $@"{hardwareConfigKey}\ComputerIds";
var success = true;
success &= registry.TryRead(hardwareConfigKey, "BIOSVendor", out var biosVendor);
success &= registry.TryRead(hardwareConfigKey, "BIOSVersion", out var biosVersion);
success &= registry.TryRead(hardwareConfigKey, "SystemManufacturer", out var systemManufacturer);
success &= registry.TryRead(hardwareConfigKey, "SystemProductName", out var systemProductName);
if (success)
{
var biosInfo = $"{(string) biosVendor} {(string) biosVersion}";
hasHistoricConfiguration |= IsVirtualSystem(biosInfo, (string) systemManufacturer, (string) systemProductName);
if (registry.TryGetNames(computerIdsKey, out var computerIdNames))
{
foreach (var computerIdName in computerIdNames)
{
if (registry.TryRead(computerIdsKey, computerIdName, out var computerSummary))
{
hasHistoricConfiguration |= IsVirtualSystem((string) computerSummary, (string) systemManufacturer, (string) systemProductName);
}
}
}
}
}
}
return hasHistoricConfiguration;
}
private bool HasLocalVirtualMachineDeviceCache()
{
var deviceName = System.Environment.GetEnvironmentVariable("COMPUTERNAME");
var hasDeviceCache = false;
var hasDeviceCacheKeys = registry.TryGetSubKeys(RegistryValue.UserHive.DeviceCache_Key, out var deviceCacheKeys);
if (deviceName != default && hasDeviceCacheKeys)
{
foreach (var cacheId in deviceCacheKeys)
{
var cacheIdKey = $@"{RegistryValue.UserHive.DeviceCache_Key}\{cacheId}";
var didReadKeys = true;
didReadKeys &= registry.TryRead(cacheIdKey, "DeviceName", out var cacheDeviceName);
if (didReadKeys && deviceName.ToLower() == ((string) cacheDeviceName).ToLower())
{
didReadKeys &= registry.TryRead(cacheIdKey, "DeviceMake", out var cacheDeviceManufacturer);
didReadKeys &= registry.TryRead(cacheIdKey, "DeviceModel", out var cacheDeviceModel);
if (didReadKeys)
{
hasDeviceCache |= IsVirtualSystem("", (string) cacheDeviceManufacturer, (string) cacheDeviceModel);
}
}
}
}
return hasDeviceCache;
}
}
}