added 4 new techniques

README.md

@@ -16,7 +16,7 @@ The library is:
 - Cross-platform (Windows + MacOS + Linux)
 - Compatible with x86 and ARM, with backwards compatibility for 32-bit systems
 - Features up to 100+ unique VM detection techniques [[list](https://github.com/kernelwernel/VMAware/blob/main/docs/documentation.md#flag-table)]
-- Able to detect 40 VM brands including VMware, VirtualBox, QEMU, Hyper-V, Parallels, and [much more](https://github.com/kernelwernel/VMAware/blob/main/docs/documentation.md#vmbrand)
+- Able to detect 40+ VM brands including VMware, VirtualBox, QEMU, Hyper-V, Parallels, and [much more](https://github.com/kernelwernel/VMAware/blob/main/docs/documentation.md#vmbrand)
 - Very flexible, with total fine-grained control over which techniques get executed
 - Able to detect various semi-VM technologies like hypervisors, emulators, containers, and Wine
 - Able to guess the VM brand

TODO.md

@@ -42,6 +42,7 @@
 - [ ] make the whole cache table into a mutex so i can claim it's thread-safe
 - [ ] make a medium post about it
 - [ ] test the VM::modify_score() function
+- [ ] check if bios date in /sys/class/dmi/id/ could be useful under QEMU
 
 # Distant plans
 - add the library to conan.io when released

release_notes.md

@@ -9,9 +9,11 @@
 - added 2 new VM brands: 
     - `Hyper-V artifacts (not an actual VM)`
     - `User-mode Linux`
-- added 5 new techniques:
+- added 7 new techniques:
     - `VM::QEMU_VIRTUAL_DMI`
     - `VM::QEMU_USB`
     - `VM::HYPERVISOR_DIR`
     - `VM::UML_CPU`
-    - `VM::KMSG`
+    - `VM::KMSG`
+    - `VM::XEN_PROC`
+    - `VM::VBOX_MODULE`

src/cli.cpp

@@ -363,7 +363,8 @@ bool is_spoofable(const VM::enum_flags flag) {
         case VM::GENERAL_HOSTNAME:
         case VM::BLUESTACKS_FOLDERS: 
         case VM::EVENT_LOGS: 
-        case VM::KMSG: return true;
+        case VM::KMSG: 
+        case VM::XEN_PROC: return true;
         default: return false;
     }
 }
@@ -559,6 +560,10 @@ void general() {
     checker(VM::HYPERVISOR_DIR, "Hypervisor directory (Linux)");
     checker(VM::UML_CPU, "User-mode Linux CPU");
     checker(VM::KMSG, "/dev/kmsg hypervisor message");
+    checker(VM::XEN_PROC, "/proc/xen");
+    checker(VM::VBOX_MODULE, "VBox kernel module");
+    checker(VM::SYSINFO_PROC, "/proc/sysinfo");
+    checker(VM::DEVICE_TREE, "/proc/device-tree");
 
     std::printf("\n");
 

src/vmaware.hpp

@@ -417,6 +417,10 @@ struct VM {
         HYPERVISOR_DIR,
         UML_CPU,
         KMSG,
+        XEN_PROC,
+        VBOX_MODULE,
+        SYSINFO_PROC,
+        DEVICE_TREE,
 
         // start of non-technique flags (THE ORDERING IS VERY SPECIFIC HERE AND MIGHT BREAK SOMETHING IF RE-ORDERED)
         NO_MEMO,
@@ -4471,8 +4475,8 @@ struct VM {
         const bool amd = cpu::is_amd();
 
         // if neither amd or intel, return false
-        if (!(intel ^ amd)) {
-            debug("BOCHS_CPU: neither AMD or Intel detect, returned false");
+        if (!(intel || amd)) {
+            debug("BOCHS_CPU: neither AMD or Intel detected, returned false");
             return false;
         }
 
@@ -8762,6 +8766,10 @@ struct VM {
                     break;
                 }
             }
+
+            if (bytes_read == -1) {
+                break;
+            }
         }
 
         close(fd);
@@ -8780,6 +8788,117 @@ struct VM {
     }
 
 
+    /**
+     * @brief Check for a Xen VM process
+     * @note idea from https://github.com/ShellCode33/VM-Detection/blob/master/vmdetect/linux.go
+     * @category Linux
+     */
+    [[nodiscard]] static bool xen_proc() try {
+#if (!LINUX)
+        return false;
+#else
+        if (util::exists("/proc/xen")) {
+            return core::add(XEN);
+        }
+
+        return false;
+#endif
+    } catch (...) {
+        debug("XEN_PROC: caught error, returned false");
+        return false;
+    }
+
+
+    /**
+     * @brief Check for a VBox kernel module
+     * @note idea from https://github.com/ShellCode33/VM-Detection/blob/master/vmdetect/linux.go
+     * @category Linux
+     */
+    [[nodiscard]] static bool vbox_module() try {
+#if (!LINUX)
+        return false;
+#else
+        const char* file = "/proc/modules";
+
+        if (!util::exists(file)) {
+            return false;
+        }
+
+        const std::string content = util::read_file(file);
+
+        if (util::find(content, "vboxguest")) {
+            return core::add(VBOX);
+        }
+
+        return false;
+#endif
+    } catch (...) {
+        debug("VBOX_MODULE: caught error, returned false");
+        return false;
+    }
+
+
+    /**
+     * @brief Check for potential VM info in /proc/sysinfo
+     * @note idea from https://github.com/ShellCode33/VM-Detection/blob/master/vmdetect/linux.go
+     * @category Linux
+     */
+    [[nodiscard]] static bool sysinfo_proc() try {
+#if (!LINUX)
+        return false;
+#else
+        const char* file = "/proc/sysinfo";
+
+        if (!util::exists(file)) {
+            return false;
+        }
+
+        const std::string content = util::read_file(file);
+
+        if (util::find(content, "VM00")) {
+            return true;
+        }
+
+        return false;
+#endif
+    } catch (...) {
+        debug("SYSINFO_PROC: caught error, returned false");
+        return false;
+    }
+
+
+    /**
+     * @brief Check for /proc/device-tree directory
+     * @note idea from https://github.com/ShellCode33/VM-Detection/blob/master/vmdetect/linux.go
+     * @category Linux
+     */
+    [[nodiscard]] static bool device_tree() try {
+#if (!LINUX)
+        return false;
+#else
+        return (util::exists("/proc/device-tree/hypervisor/compatible"));
+#endif
+    } catch (...) {
+        debug("DEVICE_TREE: caught error, returned false");
+        return false;
+    }
+
+
+    /**
+     * @brief Check for /proc/device-tree directory
+     * @note idea from https://github.com/ShellCode33/VM-Detection/blob/master/vmdetect/linux.go
+     * @category Linux
+     */
+    [[nodiscard]] static bool device_tree() try {
+#if (!LINUX)
+        return false;
+#else
+        return (util::exists("/proc/device-tree/hypervisor/compatible"));
+#endif
+    } catch (...) {
+        debug("DEVICE_TREE: caught error, returned false");
+        return false;
+    }
 
 
 
@@ -8792,9 +8911,6 @@ struct VM {
     */
 
 
-    // https://learn.microsoft.com/en-us/virtualization/hyper-v-on-windows/tlfs/feature-discovery
-
-
     // https://github.com/systemd/systemd/blob/main/src/basic/virt.c
 
 
@@ -8816,13 +8932,6 @@ struct VM {
 
 
 
-
-
-
-
-
-
-
     struct core {
         MSVC_DISABLE_WARNING(PADDING)
         struct technique {
@@ -9894,5 +10003,9 @@ const std::map<VM::enum_flags, VM::core::technique> VM::core::technique_table =
     { VM::QEMU_USB, { 20, VM::qemu_USB, false } },
     { VM::HYPERVISOR_DIR, { 20, VM::hypervisor_dir, false } },
     { VM::UML_CPU, { 80, VM::uml_cpu, false } },
-    { VM::KMSG, { 10, VM::kmsg, true } }
+    { VM::KMSG, { 10, VM::kmsg, true } },
+    { VM::XEN_PROC, { 20, VM::xen_proc, true } },
+    { VM::VBOX_MODULE, { 15, VM::vbox_module, false } },
+    { VM::SYSINFO_PROC, { 15, VM::sysinfo_proc, false } },
+    { VM::DEVICE_TREE, { 20, VM::device_tree, false } }
 };