seb-win-refactoring/SafeExamBrowser.SystemComponents/VirtualMachineDetector.cs

/*
 * Copyright (c) 2023 ETH Zürich, Educational Development and Technology (LET)
 * 
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

using System.Linq;
using SafeExamBrowser.Logging.Contracts;
using SafeExamBrowser.SystemComponents.Contracts;
using SafeExamBrowser.SystemComponents.Contracts.Registry;

namespace SafeExamBrowser.SystemComponents
{
	public class VirtualMachineDetector : IVirtualMachineDetector
	{
		private const string MANIPULATED = "000000000000";
		private const string QEMU_MAC_PREFIX = "525400";
		private const string VIRTUALBOX_MAC_PREFIX = "080027";

		private static readonly string[] DeviceBlacklist =
		{
			// Hyper-V
			"PROD_VIRTUAL", "HYPER_V",
			// QEMU
			"qemu", "ven_1af4", "ven_1b36", "subsys_11001af4",
			// VirtualBox
			"VEN_VBOX", "vid_80ee",
			// VMware
			"PROD_VMWARE", "VEN_VMWARE", "VMWARE_IDE"
		};

		private static readonly string[] DeviceWhitelist =
		{
			// Microsoft Virtual Disk Device
			"PROD_VIRTUAL_DISK",
			// Microsoft Virtual DVD Device
			"PROD_VIRTUAL_DVD"
		};

		private readonly ILogger logger;
		private readonly IRegistry registry;
		private readonly ISystemInfo systemInfo;

		public VirtualMachineDetector(ILogger logger, IRegistry registry, ISystemInfo systemInfo)
		{
			this.logger = logger;
			this.registry = registry;
			this.systemInfo = systemInfo;
		}

		public bool IsVirtualMachine()
		{
			var isVirtualMachine = false;

			isVirtualMachine |= HasVirtualDevice();
			isVirtualMachine |= HasVirtualMacAddress();
			isVirtualMachine |= IsVirtualCpu();
			isVirtualMachine |= IsVirtualRegistry();
			isVirtualMachine |= IsVirtualSystem(systemInfo.BiosInfo, systemInfo.Manufacturer, systemInfo.Model);

			logger.Debug($"Computer '{systemInfo.Name}' appears {(isVirtualMachine ? "" : "not ")}to be a virtual machine.");

			return isVirtualMachine;
		}

		private bool HasVirtualDevice()
		{
			var hasVirtualDevice = false;

			foreach (var device in systemInfo.PlugAndPlayDeviceIds)
			{
				hasVirtualDevice |= DeviceBlacklist.Any(d => device.ToLower().Contains(d.ToLower())) && DeviceWhitelist.All(d => !device.ToLower().Contains(d.ToLower()));
			}

			return hasVirtualDevice;
		}

		private bool HasVirtualMacAddress()
		{
			var hasVirtualMacAddress = false;
			var macAddress = systemInfo.MacAddress;

			if (macAddress != null && macAddress.Length > 2)
			{
				hasVirtualMacAddress |= macAddress.StartsWith(MANIPULATED);
				hasVirtualMacAddress |= macAddress.StartsWith(QEMU_MAC_PREFIX);
				hasVirtualMacAddress |= macAddress.StartsWith(VIRTUALBOX_MAC_PREFIX);
			}

			return hasVirtualMacAddress;
		}

		private bool IsVirtualCpu()
		{
			var isVirtualCpu = false;

			isVirtualCpu |= systemInfo.CpuName.ToLower().Contains(" kvm ");

			return isVirtualCpu;
		}

		private bool IsVirtualRegistry()
		{
			var isVirtualRegistry = false;

			isVirtualRegistry |= HasHistoricVirtualMachineHardwareConfiguration();
			isVirtualRegistry |= HasLocalVirtualMachineDeviceCache();

			return isVirtualRegistry;
		}

		private bool IsVirtualSystem(string biosInfo, string manufacturer, string model)
		{
			var isVirtualSystem = false;

			biosInfo = biosInfo.ToLower();
			manufacturer = manufacturer.ToLower();
			model = model.ToLower();

			isVirtualSystem |= biosInfo.Contains("hyper-v");
			isVirtualSystem |= biosInfo.Contains("virtualbox");
			isVirtualSystem |= biosInfo.Contains("vmware");
			isVirtualSystem |= biosInfo.Contains("ovmf");
			isVirtualSystem |= biosInfo.Contains("edk ii unknown");
			isVirtualSystem |= manufacturer.Contains("microsoft corporation") && !model.Contains("surface");
			isVirtualSystem |= manufacturer.Contains("parallels software");
			isVirtualSystem |= manufacturer.Contains("qemu");
			isVirtualSystem |= manufacturer.Contains("vmware");
			isVirtualSystem |= model.Contains("virtualbox");
			isVirtualSystem |= model.Contains("Q35 +");

			return isVirtualSystem;
		}

		private bool HasHistoricVirtualMachineHardwareConfiguration()
		{
			var hasHistoricConfiguration = false;

			if (registry.TryGetSubKeys(RegistryValue.MachineHive.HardwareConfig_Key, out var hardwareConfigSubkeys))
			{
				foreach (var configId in hardwareConfigSubkeys)
				{
					var hardwareConfigKey = $@"{RegistryValue.MachineHive.HardwareConfig_Key}\{configId}";
					var computerIdsKey = $@"{hardwareConfigKey}\ComputerIds";
					var success = true;

					success &= registry.TryRead(hardwareConfigKey, "BIOSVendor", out var biosVendor);
					success &= registry.TryRead(hardwareConfigKey, "BIOSVersion", out var biosVersion);
					success &= registry.TryRead(hardwareConfigKey, "SystemManufacturer", out var systemManufacturer);
					success &= registry.TryRead(hardwareConfigKey, "SystemProductName", out var systemProductName);

					if (success)
					{
						var biosInfo = $"{(string) biosVendor} {(string) biosVersion}";

						hasHistoricConfiguration |= IsVirtualSystem(biosInfo, (string) systemManufacturer, (string) systemProductName);

						if (registry.TryGetNames(computerIdsKey, out var computerIdNames))
						{
							foreach (var computerIdName in computerIdNames)
							{
								if (registry.TryRead(computerIdsKey, computerIdName, out var computerSummary))
								{
									hasHistoricConfiguration |= IsVirtualSystem((string) computerSummary, (string) systemManufacturer, (string) systemProductName);
								}
							}
						}
					}
				}
			}

			return hasHistoricConfiguration;
		}

		private bool HasLocalVirtualMachineDeviceCache()
		{
			var deviceName = System.Environment.GetEnvironmentVariable("COMPUTERNAME");
			var hasDeviceCache = false;
			var hasDeviceCacheKeys = registry.TryGetSubKeys(RegistryValue.UserHive.DeviceCache_Key, out var deviceCacheKeys);

			if (deviceName != default && hasDeviceCacheKeys)
			{
				foreach (var cacheId in deviceCacheKeys)
				{
					var cacheIdKey = $@"{RegistryValue.UserHive.DeviceCache_Key}\{cacheId}";
					var didReadKeys = true;

					didReadKeys &= registry.TryRead(cacheIdKey, "DeviceName", out var cacheDeviceName);

					if (didReadKeys && deviceName.ToLower() == ((string) cacheDeviceName).ToLower())
					{
						didReadKeys &= registry.TryRead(cacheIdKey, "DeviceMake", out var cacheDeviceManufacturer);
						didReadKeys &= registry.TryRead(cacheIdKey, "DeviceModel", out var cacheDeviceModel);

						if (didReadKeys)
						{
							hasDeviceCache |= IsVirtualSystem("", (string) cacheDeviceManufacturer, (string) cacheDeviceModel);
						}
					}
				}
			}

			return hasDeviceCache;
		}
	}
}