1

I want to change the default vendor id prefix VID_80EE Give by Virtual Box.

VID_80EE

I am doing malware analysis and malware use this id to detect whether it is running in a Virtual BOX or not.

peterh
  • 11,875
  • 18
  • 85
  • 108
satvik
  • 95
  • 9
  • 1
    I would be surprised if it would not be hardcoded in the source. But it is opensource, so you can change it. In your place I would first try to power off the virtual usb device in the sysfs of the guest. If it does not work, then I would try to play with the xml descriptor file of the virtual machine. I would recompile virtualbox only after that. – peterh Nov 24 '20 at 15:17
  • I tried searching it a lot but not luck with Xml descriptor. I think there will we be a solution but may be I am new to this so I am unable to find a proper solution to it. Anyways thanks for suggesting @peterh-ReinstateMonica – satvik Nov 25 '20 at 04:46
  • Right, I made an answer with the things which will work. The bad thing is that you can not avoid the vbox recompilation, the good is that it is not so hard. – peterh Nov 25 '20 at 10:09

1 Answers1

2

It is a virtual usb device, which runs inside the VM. Normal usb drivers talk to usb devices on the usb bus. This virtual device is still on the virtual usb bus, but it is not a hardware, instead it is talking to the virtualbox process on the host. The virtualbox has some kernel drivers, they provide the virtual usb devices which bind the virtual usb bus of the guest with the virtualbox process of the host.

To change their USB vendor/product ID, I see no way than change their source code and recompiling them. They are Linux kernel drivers, part of the upstream virtualbox sources.

The vendor/product id of the virtual USB keyboard is here, and of the mouse is here.

You can do the recompilation following the virtualbox build instructions.

I did already some vbox recompilation, and it is not trivial, but it can be done without major problems. And you only need the guest kernel drivers.

peterh
  • 11,875
  • 18
  • 85
  • 108
  • https://github.com/hfiref0x/VBoxHardenedLoader :This can be a easier option if you want just keyboard and mouse. Not working for camera. Only Option is as you suggested. Thanks for answering @peterh - Reinstate Monica – satvik Nov 26 '20 at 08:45
  • 1
    @aglomarative It solves your original problem, but your question was to change the USB vendor id. That can be done only by the recompilation of the virtualbox. – peterh Nov 26 '20 at 14:23