pafish
Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do (by a0rtega)
al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection. (by LordNoteworthy)
Our great sponsors
| pafish | al-khaser | |
|---|---|---|
| 17 | 5 | |
| 2,996 | 5,521 | |
| - | - | |
| 5.5 | 5.7 | |
| over 2 years ago | about 1 month ago | |
| C | C++ | |
| GNU General Public License v3.0 only | GNU General Public License v3.0 only |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pafish
Posts with mentions or reviews of pafish.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-12-02.
-
Is there still a way to counter virtual machine detection by popular anti cheat?
Pafish is what you asking for, but as u/ForceBlade wrote, you cannot win this game.
-
How to play rainbow 6 siege?
You can do it however that requires extensive Research. There are Things such as https://github.com/a0rtega/pafish That Help you get the First detection vectors sorted. However hate to say it but youll be better off actually coding a "Cheat" that Patches the vm Checks the Game does in Order to Play.
-
Makes perfect sense
Yes. For example: https://github.com/a0rtega/pafish
-
I came again to bother you guys
You can check what thing are detected by using -> https://github.com/a0rtega/pafish Normally VM Exit and Virtual Input devices are detected. But it still works for 99% of the games.
-
Error on BattlEye when getting into bus
I have been working on obfuscating my vm, the results are mixed... A good start is to use paranoid fish , tools gives you an idea how it detects vm's :)
-
VMware Shared Folders
So I suppose that it depends on the malware. Some malware doesn't want to take the chance of being reverse engineered, so when it's aware that it is in a virtual machine, it might shut down. pafish has functionality for working out whether-or-not it is running in a VMware instance.
-
VFIO current status with anti cheats?
Last time when I tried to run Valorant just BSoD the VM Everything else works (EAC, BE, Ricochet, etc...). You can test if your VM can be detected using this tool.
- Virtualization hypervisors what the heck...
-
Gaming VM under nested virtualization
Does soft as pafish https://github.com/a0rtega/pafish will detect RDTSC VM exit on wraped WinVM?
-
Does Windows think I'm running on VM? Not sure where to look.
You can use pafish to test vm detection methods. https://github.com/a0rtega/pafish
al-khaser
Posts with mentions or reviews of al-khaser.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-01-09.
- My neat little internal CS:GO cheat project for Linux
- Virtualization hypervisors what the heck...
-
[Paid] Seeking RE Help.
Have you tried the normal VM modifications to make the VM undetectable? Like changing the CPUID identifier and all the other stuff? Also, check this resource, maybe you find something that looks familiar: https://github.com/LordNoteworthy/al-khaser . Here you can check if your VM is “authentic” enough. Hope that helps! Good luck!
-
Security research homelab, made with <3
To avoid detection of something like a cuckoo I would use https://github.com/nsmfoo/antivmdetection and test it with https://github.com/therealdreg/anticuckoo and https://github.com/LordNoteworthy/al-khaser
-
VM Detection Tricks, Part 2: Driver Thread Fingerprinting
Check out al-khaser on GitHub for a tool that implements dozens of VM detection tricks.
What are some alternatives?
When comparing pafish and al-khaser you can also consider the following projects:
VmwareHardenedLoader - Vmware Hardened VM detection mitigation loader (anti anti-vm)
inside-vm - Detect if code is running inside a virtual machine (x86 and x86-64 only).
RDTSC-KVM-Handler - my patches for linux kernel to spoof rdtsc and make vm exit undetected
antivmdetection - Script to create templates to use with VirtualBox to make vm detection harder
opencanary - Modular and decentralised honeypot
VMDE - Source from VMDE paper, adapted to 2015
UBoat - HTTP Botnet
Reverse-Engineering-Tutorial - A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.
Orca - Orca is an Advanced Malware with multifeatures written in C/C++ , work on all windows versions !
cuckoo-modified - Modified edition of cuckoo
ddoor - DDoor - cross platform backdoor using dns txt records
pafish vs VmwareHardenedLoader
al-khaser vs inside-vm
pafish vs RDTSC-KVM-Handler
al-khaser vs antivmdetection
pafish vs opencanary
al-khaser vs VmwareHardenedLoader
pafish vs VMDE
al-khaser vs UBoat
pafish vs Reverse-Engineering-Tutorial
al-khaser vs Orca
pafish vs cuckoo-modified
al-khaser vs ddoor