-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathdetect-vmware
executable file
·101 lines (71 loc) · 2.38 KB
/
detect-vmware
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#!/usr/bin/env zsh
# macos-scripts/detect-vmware
# detect-vmware
# Try to determine if we're in a VMware Virtual Machine
# https://github.com/LordNoteworthy/al-khaser/blob/master/al-khaser/AntiVM/VMWare.cpp
set -uo pipefail
# -u prevent using undefined variables
# -o pipefail force pipelines to fail on first non-zero status code
IFS=$'\n\t'
# Set Internal Field Separator to newlines and tabs
# This makes bash consider newlines and tabs as separating words
# See: http://redsymbol.net/articles/unofficial-bash-strict-mode/
function check_mac_address {
# VMware, Inc MAC address vendor identifiers
# 00:05:69, 00:0c:29, 00:1C:14, 00:50:56
echo "[👀] Checking Network Adaptor MAC Address(es)"
if wifi_mac="$(networksetup -getmacaddress wi-fi | awk '{print $3}')"; then
if [[ "${wifi_mac}" =~ 00:05:69\|00:0c:29\|00:1C:14\|00:50:56 ]]; then
echo "[⚠️ ] Probably VMware"
echo "[🤔] However, there is a Wi-Fi interface so maybe not?"
fi
fi
if ethernet_mac="$(networksetup -getmacaddress ethernet | awk '{print $3}')"; then
if [[ "${ethernet_mac}" =~ 00:05:69\|00:0c:29\|00:1C:14\|00:50:56 ]]; then
echo "[⚠️ ] Probably VMware"
fi
fi
echo
}
function check_shared_folders {
echo "[👀] Checking for Shared Folders Directory"
if [[ -d "/Volumes/VMware Shared Folders" ]]; then
echo "[⚠️ ] Probably VMware"
fi
echo
}
function check_kexts {
echo "[👀] Checking Installed Kexts"
if [[ -d "/Library/Extensions/VMwareGfx.kext" ]]; then
echo "[⚠️ ] Probably VMware"
fi
echo
echo "[👀] Checking Loaded Kexts"
if kextstat | grep -q 'com.vmware.kext.VMwareGfx' || kextstat | grep -q 'com.vmware.kext.vmhgfs'; then
echo "[⚠️ ] Probably VMware"
fi
echo
}
function check_drivers {
echo "[👀] Checking Drivers via I//O Registry"
if ioreg | grep "VMware" >/dev/null; then
# TODO: Absolutely no idea why grep "VMware" doesnt work
echo "[⚠️ ] Probably VMware"
fi
echo
}
function check_hardware_info {
echo "[👀] Checking System Hardware Data"
hardware_data=$(system_profiler SPHardwareDataType)
if echo "${hardware_data}" | grep -q 'VMware' || echo "${hardware_data}" | grep -q 'Virtual Machine' ; then
echo "[⚠️ ] Probably VMware"
fi
}
function main {
check_mac_address
check_shared_folders
check_kexts
check_drivers
check_hardware_info
}
main "$@"