made a bios checker, u need to implement a point system, because some of the checks are just for suspicion

[Mustwey]

powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "function Get-Entropy{param([string]`$inputString);`$frequencyTable=@{};`$stringLength=`$inputString.Length;foreach(`$char in `$inputString.ToCharArray()){if(`$frequencyTable.ContainsKey(`$char)){`$frequencyTable[`$char]++}else{`$frequencyTable[`$char]=1}};`$entropy=0;foreach(`$value in `$frequencyTable.Values){`$frequency=`$value/`$stringLength;`$entropy-=`$frequency*[Math]::Log(`$frequency,2)};return `$entropy};`$bios=Get-WmiObject -Class Win32_BIOS;`$computer=Get-WmiObject -Class Win32_ComputerSystem;`$vm_bios_list=@('VMware, Inc.','Xen','VirtualBox','QEMU','Microsoft Corporation','KVM','Bochs','Parallels','Oracle VM VirtualBox','Red Hat','SeaBIOS','innotek GmbH','Amazon EC2','Hyper-V','Citrix','Virtuozzo','bhyve','Nutanix','Proxmox','Virtual Iron','VMware7,1','Virtual Machine');`$suspicious_bios_list=@('Default','To be filled by O.E.M.','Not available','Unknown','System manufacturer','TBD by OEM','O.E.M.','OEM','N/A','Not Specified','System Product Name','System','System Version','OEM Manufacturer','OEM Product','OEM Serial');`$suspicious_versions=@('VRTUAL - 1', 'INTEL - 1', 'A M I - 9000906','Phoenix Technologies LTD','Award Software, Inc.','AMI BIOS','Insyde Software','Laptop','Desktop','Tablet');`$suspicious_dates=@('01/01/2000', '02/02/2002','01/01/1970','12/31/1999','01/02/2000','01/01/2010','01/01/2015');if(`$null -eq `$bios -or `$null -eq `$computer){Write-Host 'WMI Query Failed. Possible attempt to hide VM.';exit 1};if(`$bios.Manufacturer -ne `$computer.Manufacturer){Write-Host 'Inconsistent BIOS and System Manufacturer. Possible attempt to hide VM.';exit 1};if(`$vm_bios_list -contains `$bios.Manufacturer -or `$suspicious_versions -contains `$bios.BIOSVersion -or `$suspicious_dates -contains `$bios.ReleaseDate){Write-Host ('Virtual Machine Detected. BIOS Information: '+`$bios.Manufacturer+' '+`$bios.BIOSVersion+' '+`$bios.ReleaseDate);exit 1};if(`$suspicious_bios_list -contains `$bios.Manufacturer){Write-Host ('Suspicious BIOS Manufacturer Detected. BIOS Manufacturer: '+`$bios.Manufacturer);exit 1};`$entropy=Get-Entropy -inputString `$bios.SerialNumber;if(`$entropy -lt 1){Write-Host 'Low Entropy Detected in BIOS Serial Number. Possible attempt to hide VM.';exit 1};if([string]::IsNullOrEmpty(`$bios.Manufacturer) -or [string]::IsNullOrEmpty(`$bios.BIOSVersion) -or [string]::IsNullOrEmpty(`$bios.ReleaseDate)){Write-Host 'Missing BIOS Information. Possible attempt to hide VM.';exit 1}else{Write-Host ('No Virtual Machine Detected. BIOS Information: '+`$bios.Manufacturer+' '+`$bios.BIOSVersion+' '+`$bios.ReleaseDate);exit 0}"

[Mustwey]

[KDot227]

bro blessed up. I'll have to change all the printed code but as long as it obfuscates below 4k chars I'll use it. thx fr 😭

[Mustwey]

remember to update the datasets(im sure websites give u lists of vms) and implement a point based approach

[KDot227]

remember to update the datasets and implement a point based approach

ik of a virus total and vm db that could do that too. I think I had it implemented somewhere but it was breaking itself so I removed it.

[Mustwey]

virus total? can u elaborate, i might be able to help

[KDot227]

virus total? can u elaborate, i might be able to help

https://github.com/6nz/virustotal-vm-blacklist

some things can't be used since some of the vms use the same processors and have the same names as other people but this would make it a lot easier to compress since all you would have to do is make a request then check.

[KDot227]

those are JUST the virus total virtual machines but what you sent would help a lot too if I combined.

[Mustwey]

if u want il make checker for network adapters, processer and drives, but tbh this bios checker is pretty good

[Mustwey]

virus total? can u elaborate, i might be able to help

https://github.com/6nz/virustotal-vm-blacklist

some things can't be used since some of the vms use the same processors and have the same names as other people but this would make it a lot easier to compress since all you would have to do is make a request then check.

if the amount of matches between vms and normal people are small, why not just make a point based system for that too?

[KDot227]

virus total? can u elaborate, i might be able to help

https://github.com/6nz/virustotal-vm-blacklist some things can't be used since some of the vms use the same processors and have the same names as other people but this would make it a lot easier to compress since all you would have to do is make a request then check.

if the amount of matches between vms and normal people are small, why not just make a point based system for that too?

because if you have definite things like the word "Virtual Machine" in their system info or "Hyper-V" it overrules everything but if you think a point system is better give me some reasons.

[Mustwey]

a point based system is much better because u can use basically anything suspicious in the slightest allowing for much more functionality, u can take stuff like amount of processors or how much ram the user have, which dont exactly say if they are on a vm, but if they have a suspicious amount of ram, processors and space, then its obvious they are a vm

[KDot227]

a point based system is much better because u can use basically anything suspicious in the slightest allowing for much more functionality, u can take stuff like amount of processors or how much ram the user have, which dont exactly say if they are on a vm, but if they have a suspicious amount of ram, processors and space, then its obvious they are a vm

I can see what your talking about. Are you supposed to treat it as a normal point system as in ram check fail = 50 points, etc?

[Mustwey]

yes, plus anything that definitely says its a vm, is usually messed with or hidden

[KDot227]

yes, plus anything that definitely says its a vm, is usually messed with or hidden

got it. I'll try and add it tonight.

[Mustwey]

discord link? pls

[KDot227]

discord link? pls

kdot_227. There is no server

[KDot227]

im sick of getting banned

[Mustwey]

btw i did update the code, while we were talking, make sure to use the updated one

[KDot227]

adding today