Skip to content

Releases: kernelwernel/VMAware

1.7.1 Release

02 Aug 18:58
@kernelwernel kernelwernel
v1.7.1
da35a41
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.7.1 Release
  • added VM::SPOOFABLE flag to enable easily spoofable techniques
  • added VM types as summary output
  • added CLI options for VM type details (-t or --type)
  • added QEMU+KVM Hyper-V Enlightenment VM brand
  • added better CLI indications such as techniques that require permissions
  • changed so that spoofable techniques are no longer run by default, unless VM::SPOOFABLE is inputted.
Loading

1.7 Release

01 Aug 21:43
@kernelwernel kernelwernel
v1.7
c95c55e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.7 Release

  • added better heuristic checks for Hyper-V host virtualisation

  • added argument handler improvements to the CLI

  • added VM type information to the CLI

  • added 4 new techniques:

    • VM::CPUID_SIGNATURE
    • VM::HYPERV_BITMASK
    • VM::KVM_BITMASK
    • VM::KGT_SIGNATURE

  • added 7 new VM brands:

    • Jailhouse
    • Apple VZ
    • Intel KGT (Trusty)
    • VMware Fusion
    • Microsoft Azure Hyper-V
    • Xbox NanoVisor (Hyper-V)
    • SimpleVisor

  • renamed VM brand "Thread Expert" to "ThreatExpert" (i fucked up)

  • renamed VM::HYPERV_CPUID technique to VM::CPUID_BITSET

  • removed VM::EXTREME settings flag

  • removed 2 techniques (both due to potential false positives):

    • VM::CPUID_SPACING
    • VM::CPUID_0X4
Loading

1.6 Release

08 Jul 21:57
@kernelwernel kernelwernel
v1.6
8d95057
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.6 Release
  • added 2 new variables:
    • VM::technique_count
    • VM::technique_vector variables
  • added 9 new techniques:
    • VM::NETTITUDE_VM_REGIONS
    • VM::HYPERV_CPUID
    • VM::CUCKOO_DIR
    • VM::CUCKOO_PIPE
    • VM::USB_DRIVE
    • VM::HYPERV_HOSTNAME
    • VM::GENERAL_HOSTNAME
    • VM::SCREEN_RESOLUTION
    • VM::DEVICE_STRING
  • added VM::HIGH_THRESHOLD non-technique flag to set a higher threshold score
  • added optimisations to VM::detect() and VM::percentage()
  • added Cuckoo and BlueStacks VM brands
  • added heuristic checks for Hyper-V host virtualisation (thanks to @NotRequiem for the suggestion)
  • improved memoization system
  • renamed VM::BRAND technique to VM::CPU_BRAND to avoid confusion with VM::brand()
  • fixed wcstomb() deprecation warning

Contributors

NotRequiem
Loading

1.5 Release

10 Jun 16:35
@kernelwernel kernelwernel
v1.5
3b91815
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.5 Release
  • added 6 different brands:
    • KVM Hyper-V Enlightenment
    • NVMM
    • OpenBSD VMM
    • Intel HAXM
    • Unisys s-Par
    • Lockheed Martin LMHS
  • added better checks for flag handling
  • added C++23 support
  • added VM::DISABLE() function for manually disabling flags
  • major CLI changes
    • added --brand-list option which outputs the list of possible VM brands
    • added --disable-hyperv-host options which will disregard the possibility of Hyper-V default virtualisation
    • added number of techniques and number of detected techniques as output
  • improved and renewed flag system
  • improved discarding mechanism if Hyper-V is detected in case of default virtualisation
  • removed VM::WMIC technique
  • deprecated VM::WIN_HYPERV_DEFAULT, use VM::ENABLE_HYPERV_HOST instead

Full Changelog: v1.4...v1.5

Loading

1.4 Release

27 May 20:14
@kernelwernel kernelwernel
v1.4
a545c89
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.4 Release
  • Added 3 new techniques:
    VM::ODD_CPU_THREADS
    VM::INTEL_THREAD_MISMATCH
    VM::XEON_THREAD_MISMATCH
  • Added better x86 compatibility for description table techniques (idt)
  • Added better caching that's much more efficient now
  • Fixed warnings, thanks Requiem :)
  • Removed Hyper-V virtualisation (by default unless specified with VM::WIN_HYPERV_DEFAULT due to false positives associated with default virtualisation for every program when Hyper-V is enabled)

Full Changelog: v1.3...v1.4

Loading

1.3 Release

05 Apr 22:29
@kernelwernel kernelwernel
v1.3
85bd00a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.3 Release
  • added specific VMware products (ESX, GSX, etc...) as potential brands
  • added --conclusion flag to cli to return just the conclusion message
  • added 12 new techniques
  • added "Microsoft Virtual PC/Hyper-V" as possible brand string
  • added 32-bit support
  • added VM::MULTIPLE flag for multiple brand outputs
  • fixed VM::ALL and VM::DEFAULT flags being private
  • improved cpuid hypervisor leaf detections
Loading

1.2 Release

25 Mar 14:59
@kernelwernel kernelwernel
v1.2
4f180ac

Choose a tag to compare

View all tags
1.2 Release
  • added 11 new techniques
  • added VM::WIN_HYPERV_DEFAULT flag to tackle Hyper-V default virtualisation on windows
  • added ARM support
  • fixed false positives for VM::VM_FILES, VM::CPUID_0X4, and other techniques
  • fixed memory leaks
  • merged the "Sunbelt" and "CWSandbox" VMs as just "CWSandbox"
Loading

1.1 Release

07 Mar 14:19
@kernelwernel kernelwernel
v1.1
fabfc4a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.1 Release
  • restructured and organised the code better
  • added new function VM::add_custom()
  • memoization fixes
  • CLI bug fixes for MSVC and --detect flag added
  • added auxiliary dev tools for the library
  • added 2 new MSVC techniques
  • added MIT and GPL 3.0 separate code libraries
Loading

Official 1.0 Release 🎉

08 Feb 12:17
@kernelwernel kernelwernel
v1.0
6b0e103
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Official 1.0 Release 🎉
  • added better technique storing method with bitsets
  • added 8 new techniques
  • decluttered the code
  • improved memoization mechanisms
  • miscellaneous changes
Loading

Official alpha release

26 Dec 05:25
@kernelwernel kernelwernel
v0.2
d421db0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Official alpha release
  • major compatibility fixes with C++11, 14, and 17
  • added many Windows-specific techniques
  • added new VM::percentage() function
  • massively improved the CLI with a more "dynamic" result than a boolean true or false answer
  • added Thread Expert, CW SandBox, Comodo, SunBelt, and Bochs VM techniques as possible VM brands
  • added 16 new VM detection techniques
  • added memoization improvements
  • fixed all MSVC warnings
  • added VM::EXTREME flag for extremely sensitive VM detection
  • added other miscellaneous improvements
Loading