aboutsummaryrefslogtreecommitdiff
path: root/unix/virt/dos.sh
diff options
context:
space:
mode:
authorsrdusr <trevorgray@srdusr.com>2025-09-24 05:01:20 +0200
committersrdusr <trevorgray@srdusr.com>2025-09-24 05:01:20 +0200
commit553cb2204b0bf27afe13c6332f5679bbd47172a0 (patch)
tree75c86ff018122a682e0afd7a0e2a0228a63e44bd /unix/virt/dos.sh
parentb20e4e004be74884cc72c57a3128e36fd5177d7a (diff)
downloaddotfiles-553cb2204b0bf27afe13c6332f5679bbd47172a0.tar.gz
dotfiles-553cb2204b0bf27afe13c6332f5679bbd47172a0.zip
Update/Overhaul
Diffstat (limited to 'unix/virt/dos.sh')
-rwxr-xr-xunix/virt/dos.sh998
1 files changed, 998 insertions, 0 deletions
diff --git a/unix/virt/dos.sh b/unix/virt/dos.sh
new file mode 100755
index 0000000..0b50c4b
--- /dev/null
+++ b/unix/virt/dos.sh
@@ -0,0 +1,998 @@
+#!/usr/bin/env bash
+
+# Set variables
+HOST_DIR="virt"
+VM_NAME="dos"
+VM_SIZE="80G" # Disk size in GB
+VM_RAM="8G" # RAM size
+VM_CPU="6" # Number of virtual CPUs
+CORES=$((VM_CPU / 2))
+THREADS_PER_CORE=2
+SOCKETS=1
+
+VM_DIR="$HOST_DIR/machines"
+IMAGE_DIR="$HOST_DIR/images"
+WIN_ISO_DIR="${IMAGE_DIR}/${VM_NAME}" # Directory for Windows ISO
+VM_DIR="$WIN_ISO_DIR"
+SOCKET_DIR="$VM_DIR"
+SHARED_DIR="${HOST_DIR}/shared"
+FIRMWARE_DIR="${HOST_DIR}/firmware"
+TPM_DIR="$WIN_ISO_DIR"
+TPM_SOCKET="${WIN_ISO_DIR}/${VM_NAME}.swtpm-sock"
+GUEST_PORT=22
+QCOW2_FILE="${VM_DIR}/${VM_NAME}.qcow2"
+RAW_FILE="${VM_DIR}/${VM_NAME}.raw"
+
+# Anti-detection: Generate realistic hardware identifiers
+REAL_MAC="00:1A:2B:3C:4D:5E" # Example Dell MAC - replace with your choice
+REAL_SERIAL="$(openssl rand -hex 8 | tr '[:lower:]' '[:upper:]')"
+REAL_UUID="$(uuidgen)"
+REAL_VENDOR="Dell Inc."
+REAL_PRODUCT="OptiPlex 7090"
+REAL_VERSION="01"
+REAL_FAMILY="OptiPlex"
+
+# Try to find an available host port starting from 22220
+HOST_PORT_START=22220
+HOST_PORT_END=22300
+
+for ((port = HOST_PORT_START; port <= HOST_PORT_END; port++)); do
+ if ! ss -tuln | grep -q ":$port\b"; then
+ HOST_PORT=$port
+ echo "Using available port: $HOST_PORT"
+ break
+ fi
+done
+
+if [[ $port -gt $HOST_PORT_END ]]; then
+ echo "Error: No available ports found between $HOST_PORT_START and $HOST_PORT_END" >&2
+ exit 1
+fi
+
+# Set SMP configuration
+SMP_CONFIG="cores=$CORES,threads=$THREADS_PER_CORE,sockets=$SOCKETS"
+
+# Create necessary directories
+mkdir -p "${HOME}/${HOST_DIR}"
+mkdir -p "$IMAGE_DIR" "$SHARED_DIR" "$FIRMWARE_DIR"
+mkdir -p "$WIN_ISO_DIR" "$VM_DIR"
+mkdir -p "${WIN_ISO_DIR}/unattended"
+
+# Define ISO paths and URLs
+ISO_VIRTIO="${WIN_ISO_DIR}/virtio-win.iso"
+ISO_UNATTENDED="${WIN_ISO_DIR}/unattended.iso"
+
+# Find Windows ISO with flexible pattern matching
+find_windows_iso() {
+ # Check if directory exists
+ if [[ ! -d "$WIN_ISO_DIR" ]]; then
+ mkdir -p "$WIN_ISO_DIR"
+ fi
+
+ # Try to find any Windows ISO using case-insensitive patterns
+ local found_iso
+ found_iso=$(find "$WIN_ISO_DIR" -maxdepth 1 -type f \( \
+ -iname "*win11*.iso" -o \
+ -iname "*win*11*.iso" -o \
+ -iname "Win*.iso" -o \
+ -iname "Win11*.iso" -o \
+ -iname "Win*11*.iso" -o \
+ -iname "*windows*11*.iso" -o \
+ -iname "*windows11*.iso" \
+ \) -exec stat --format="%Y %n" {} \; | sort -n | tail -n 1 | cut -d' ' -f2-)
+
+ if [[ -n "$found_iso" && -f "$found_iso" ]]; then
+ echo "$found_iso"
+ return 0
+ fi
+
+ return 1
+}
+
+# Define download URLs
+VIRTIO_ISO_URL="https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso"
+
+# Print colored messages
+print_info() { echo -e "\033[1;34m[INFO]\033[0m $1" >&2; }
+print_success() { echo -e "\033[1;32m[SUCCESS]\033[0m $1" >&2; }
+print_warning() { echo -e "\033[1;33m[WARNING]\033[0m $1" >&2; }
+print_error() { echo -e "\033[1;31m[ERROR]\033[0m $1" >&2; }
+
+# Helper: verify file integrity
+verify_file() {
+ local file="$1"
+ local expected_sha256="$2"
+
+ if [[ ! -f "$file" ]]; then
+ return 1
+ fi
+
+ if [[ -n "$expected_sha256" ]]; then
+ local actual_sha256
+ actual_sha256=$(sha256sum "$file" | cut -d' ' -f1)
+ if [[ "$actual_sha256" != "$expected_sha256" ]]; then
+ print_error "File integrity check failed for $file"
+ return 1
+ fi
+ fi
+
+ return 0
+}
+
+# Helper: download file with verification
+download_file() {
+ local url="$1"
+ local dest="$2"
+ local expected_sha256="$3"
+ local allow_failure="$4"
+
+ # Check if file exists and is valid
+ if [[ -f "$dest" ]]; then
+ if verify_file "$dest" "$expected_sha256"; then
+ print_info "File $dest already exists and verified."
+ return 0
+ else
+ print_warning "File $dest exists but failed verification. Redownloading..."
+ rm -f "$dest"
+ fi
+ fi
+
+ print_info "Downloading $url..."
+ if ! curl -fL --progress-bar -o "$dest" "$url"; then
+ print_error "Failed to download $url."
+ if [[ "$allow_failure" != "true" ]]; then
+ return 1
+ fi
+ else
+ # Verify downloaded file
+ if ! verify_file "$dest" "$expected_sha256"; then
+ print_error "Downloaded file failed verification"
+ rm -f "$dest"
+ return 1
+ fi
+ print_success "Successfully downloaded and verified $dest"
+ fi
+
+ return 0
+}
+
+# Handle curl errors
+handle_curl_error() {
+ local exit_code=$1
+ case $exit_code in
+ 6) print_error "Couldn't resolve host" ;;
+ 7) print_error "Failed to connect to host" ;;
+ 22) print_error "HTTP page not retrieved (404, etc.)" ;;
+ 28) print_error "Operation timeout" ;;
+ *) print_error "Curl failed with exit code $exit_code" ;;
+ esac
+}
+
+# Download Windows 11 ISO using Microsoft's API
+download_windows_iso() {
+ local windows_version="11" # Default to Windows 11
+ local language="English (United States)" # Default language
+
+ # Parse arguments if provided
+ if [[ -n "$1" ]]; then
+ windows_version="$1"
+ fi
+
+ print_info "Attempting to download Windows $windows_version ISO from Microsoft..."
+
+ # Set required variables
+ local user_agent="Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0"
+ local session_id="$(uuidgen)"
+ local profile="606624d44113"
+ local url="https://www.microsoft.com/en-us/software-download/windows$windows_version"
+
+ # Add ISO to URL for Windows 10
+ case "$windows_version" in
+ 10) url="${url}ISO" ;;
+ esac
+
+ # Step 1: Get download page HTML
+ print_info "Fetching download page: $url"
+ local iso_download_page_html
+ iso_download_page_html="$(curl --disable --silent --user-agent "$user_agent" --header "Accept:" --max-filesize 1M --fail --proto =https --tlsv1.2 --http1.1 -- "$url")" || {
+ handle_curl_error $?
+ print_error "Failed to fetch the download page. Please download Windows $windows_version ISO manually from $url"
+ return 1
+ }
+
+ # Step 2: Extract Product Edition ID
+ print_info "Getting Product Edition ID..."
+ local product_edition_id
+ product_edition_id="$(echo "$iso_download_page_html" | grep -Eo '<option value="[0-9]+">Windows' | cut -d '"' -f 2 | head -n 1 | tr -cd '0-9' | head -c 16)"
+
+ if [[ -z "$product_edition_id" ]]; then
+ print_error "Failed to extract product edition ID."
+ print_error "Please download Windows $windows_version ISO manually from $url"
+ return 1
+ fi
+
+ print_success "Product Edition ID: $product_edition_id"
+
+ # Step 3: Register session ID
+ print_info "Registering session ID: $session_id"
+ curl --disable --silent --output /dev/null --user-agent "$user_agent" \
+ --header "Accept:" --max-filesize 100K --fail --proto =https --tlsv1.2 \
+ --http1.1 -- "https://vlscppe.microsoft.com/tags?org_id=y6jn8c31&session_id=$session_id" || {
+ print_error "Failed to register session ID."
+ return 1
+ }
+
+ # Step 4: Get language SKU ID
+ print_info "Getting language SKU ID..."
+ local language_skuid_table_json
+ language_skuid_table_json="$(curl --disable -s --fail --max-filesize 100K --proto =https --tlsv1.2 --http1.1 \
+ "https://www.microsoft.com/software-download-connector/api/getskuinformationbyproductedition?profile=${profile}&ProductEditionId=${product_edition_id}&SKU=undefined&friendlyFileName=undefined&Locale=en-US&sessionID=${session_id}")" || {
+ handle_curl_error $?
+ print_error "Failed to get language SKU information."
+ return 1
+ }
+
+ # Extract SKU ID for selected language
+ local sku_id
+
+ # Try with jq if available (more reliable)
+ if command -v jq >/dev/null 2>&1; then
+ sku_id="$(echo "$language_skuid_table_json" | jq -r '.Skus[] | select(.LocalizedLanguage=="'"$language"'" or .Language=="'"$language"'").Id')"
+ else
+ # Fallback to grep/cut if jq not available
+ sku_id="$(echo "$language_skuid_table_json" | grep -o '"Id":"[^"]*","Language":"'"$language"'"' | cut -d'"' -f4)"
+
+ if [[ -z "$sku_id" ]]; then
+ # Try alternative extraction method
+ sku_id="$(echo "$language_skuid_table_json" | grep -o '"LocalizedLanguage":"'"$language"'","Id":"[^"]*"' | cut -d'"' -f6)"
+ fi
+ fi
+
+ if [[ -z "$sku_id" ]]; then
+ print_error "Failed to extract SKU ID for $language."
+ return 1
+ fi
+
+ print_success "SKU ID: $sku_id"
+
+ # Step 5: Get ISO download link
+ print_info "Getting ISO download link..."
+ local iso_download_link_json
+ iso_download_link_json="$(curl --disable -s --fail --referer "$url" \
+ "https://www.microsoft.com/software-download-connector/api/GetProductDownloadLinksBySku?profile=${profile}&productEditionId=undefined&SKU=${sku_id}&friendlyFileName=undefined&Locale=en-US&sessionID=${session_id}")"
+
+ local failed=0
+
+ if [[ -z "$iso_download_link_json" ]]; then
+ print_error "Microsoft servers gave an empty response to the download request."
+ failed=1
+ fi
+
+ if echo "$iso_download_link_json" | grep -q "Sentinel marked this request as rejected."; then
+ print_error "Microsoft blocked the automated download request based on your IP address."
+ failed=1
+ fi
+
+ if [[ "$failed" -eq 1 ]]; then
+ print_warning "Please manually download the Windows $windows_version ISO using a web browser from: $url"
+ print_warning "Save the downloaded ISO to: $WIN_ISO_DIR"
+ return 1
+ fi
+
+ # Extract 64-bit ISO download URL
+ local iso_download_link
+
+ # Try with jq if available
+ if command -v jq >/dev/null 2>&1; then
+ iso_download_link="$(echo "$iso_download_link_json" | jq -r '.ProductDownloadOptions[].Uri' | grep x64 | head -n 1)"
+ else
+ # Fallback to grep/cut if jq not available
+ iso_download_link="$(echo "$iso_download_link_json" | grep -o '"Uri":"[^"]*x64[^"]*"' | cut -d'"' -f4 | head -n 1)"
+ fi
+
+ if [[ -z "$iso_download_link" ]]; then
+ print_error "Failed to extract the download link from Microsoft's response."
+ print_warning "Manually download the Windows $windows_version ISO using a web browser from: $url"
+ return 1
+ fi
+
+ print_success "Got download link: ${iso_download_link%%\?*}"
+
+ # Extract filename from URL
+ local file_name="$(echo "$iso_download_link" | cut -d'?' -f1 | rev | cut -d'/' -f1 | rev)"
+
+ # If filename couldn't be extracted, use default
+ if [[ -z "$file_name" || "$file_name" == "$iso_download_link" ]]; then
+ file_name="windows-$windows_version.iso"
+ fi
+
+ # Step 6: Download the ISO
+ print_info "Downloading Windows $windows_version ISO to $WIN_ISO_DIR/$file_name. This may take a while..."
+
+ # Direct curl download
+ curl --disable --progress-bar --fail --location --proto '=https' --tlsv1.2 --http1.1 \
+ --retry 3 --retry-delay 3 --connect-timeout 30 \
+ --output "$WIN_ISO_DIR/$file_name" "$iso_download_link" || {
+ handle_curl_error $?
+ return 1
+ }
+
+ if [[ $? -ne 0 ]]; then
+ print_error "Failed to download the Windows $windows_version ISO."
+ return 1
+ fi
+
+ print_success "Successfully downloaded Windows $windows_version ISO to $WIN_ISO_DIR/$file_name"
+
+ # Return the downloaded filename so calling code can use it
+ echo "$file_name"
+ return 0
+}
+
+# Create unattended installation ISO with proper Windows 11 bypass
+create_unattended_iso() {
+ print_info "Creating unattended installation ISO..."
+
+ # Create enhanced autounattend.xml with Windows 11 TPM/Secure Boot bypass
+ if [ ! -f "$WIN_ISO_DIR/unattended/autounattend.xml" ]; then
+ print_info "Creating enhanced autounattend.xml with Windows 11 bypass..."
+ mkdir -p "$WIN_ISO_DIR/unattended"
+ cat >"$WIN_ISO_DIR/unattended/autounattend.xml" <<'EOF'
+<?xml version="1.0" encoding="utf-8"?>
+<unattend xmlns="urn:schemas-microsoft-com:unattend">
+ <settings pass="windowsPE">
+ <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <SetupUILanguage>
+ <UILanguage>en-US</UILanguage>
+ </SetupUILanguage>
+ <InputLocale>en-US</InputLocale>
+ <SystemLocale>en-US</SystemLocale>
+ <UILanguage>en-US</UILanguage>
+ <UILanguageFallback>en-US</UILanguageFallback>
+ <UserLocale>en-US</UserLocale>
+ </component>
+ <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <DiskConfiguration>
+ <Disk wcm:action="add">
+ <CreatePartitions>
+ <CreatePartition wcm:action="add">
+ <Order>1</Order>
+ <Type>Primary</Type>
+ <Size>100</Size>
+ </CreatePartition>
+ <CreatePartition wcm:action="add">
+ <Order>2</Order>
+ <Type>EFI</Type>
+ <Size>100</Size>
+ </CreatePartition>
+ <CreatePartition wcm:action="add">
+ <Order>3</Order>
+ <Type>MSR</Type>
+ <Size>16</Size>
+ </CreatePartition>
+ <CreatePartition wcm:action="add">
+ <Order>4</Order>
+ <Type>Primary</Type>
+ <Extend>true</Extend>
+ </CreatePartition>
+ </CreatePartitions>
+ <ModifyPartitions>
+ <ModifyPartition wcm:action="add">
+ <Order>1</Order>
+ <PartitionID>1</PartitionID>
+ <Label>WINRE</Label>
+ <Format>NTFS</Format>
+ <TypeID>DE94BBA4-06D1-4D40-A16A-BFD50179D6AC</TypeID>
+ </ModifyPartition>
+ <ModifyPartition wcm:action="add">
+ <Order>2</Order>
+ <PartitionID>2</PartitionID>
+ <Label>System</Label>
+ <Format>FAT32</Format>
+ </ModifyPartition>
+ <ModifyPartition wcm:action="add">
+ <Order>3</Order>
+ <PartitionID>3</PartitionID>
+ </ModifyPartition>
+ <ModifyPartition wcm:action="add">
+ <Order>4</Order>
+ <PartitionID>4</PartitionID>
+ <Label>Windows</Label>
+ <Format>NTFS</Format>
+ </ModifyPartition>
+ </ModifyPartitions>
+ <DiskID>0</DiskID>
+ <WillWipeDisk>true</WillWipeDisk>
+ </Disk>
+ </DiskConfiguration>
+ <ImageInstall>
+ <OSImage>
+ <InstallTo>
+ <DiskID>0</DiskID>
+ <PartitionID>4</PartitionID>
+ </InstallTo>
+ <InstallToAvailablePartition>false</InstallToAvailablePartition>
+ <WillShowUI>OnError</WillShowUI>
+ <InstallFrom>
+ <MetaData wcm:action="add">
+ <Key>/IMAGE/INDEX</Key>
+ <Value>6</Value>
+ </MetaData>
+ </InstallFrom>
+ </OSImage>
+ </ImageInstall>
+ <UserData>
+ <AcceptEula>true</AcceptEula>
+ <FullName>Windows User</FullName>
+ <Organization>Windows</Organization>
+ <ProductKey>
+ <WillShowUI>Never</WillShowUI>
+ </ProductKey>
+ </UserData>
+ <!-- Windows 11 Requirements Bypass -->
+ <RunSynchronous>
+ <RunSynchronousCommand wcm:action="add">
+ <Order>1</Order>
+ <Path>reg add HKLM\SYSTEM\Setup\LabConfig /v BypassTPMCheck /t REG_DWORD /d 1 /f</Path>
+ </RunSynchronousCommand>
+ <RunSynchronousCommand wcm:action="add">
+ <Order>2</Order>
+ <Path>reg add HKLM\SYSTEM\Setup\LabConfig /v BypassSecureBootCheck /t REG_DWORD /d 1 /f</Path>
+ </RunSynchronousCommand>
+ <RunSynchronousCommand wcm:action="add">
+ <Order>3</Order>
+ <Path>reg add HKLM\SYSTEM\Setup\LabConfig /v BypassRAMCheck /t REG_DWORD /d 1 /f</Path>
+ </RunSynchronousCommand>
+ <RunSynchronousCommand wcm:action="add">
+ <Order>4</Order>
+ <Path>reg add HKLM\SYSTEM\Setup\LabConfig /v BypassStorageCheck /t REG_DWORD /d 1 /f</Path>
+ </RunSynchronousCommand>
+ <RunSynchronousCommand wcm:action="add">
+ <Order>5</Order>
+ <Path>reg add HKLM\SYSTEM\Setup\LabConfig /v BypassCPUCheck /t REG_DWORD /d 1 /f</Path>
+ </RunSynchronousCommand>
+ </RunSynchronous>
+ <EnableFirewall>false</EnableFirewall>
+ <EnableNetwork>true</EnableNetwork>
+ </component>
+ </settings>
+ <settings pass="specialize">
+ <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <InputLocale>en-US</InputLocale>
+ <SystemLocale>en-US</SystemLocale>
+ <UILanguage>en-US</UILanguage>
+ <UILanguageFallback>en-US</UILanguageFallback>
+ <UserLocale>en-US</UserLocale>
+ </component>
+ <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <ComputerName>DESKTOP-PC</ComputerName>
+ <TimeZone>UTC</TimeZone>
+ </component>
+ <component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <SkipAutoActivation>true</SkipAutoActivation>
+ </component>
+ </settings>
+ <settings pass="oobeSystem">
+ <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <AutoLogon>
+ <Password>
+ <Value>password</Value>
+ <PlainText>true</PlainText>
+ </Password>
+ <LogonCount>1</LogonCount>
+ <Username>Administrator</Username>
+ <Enabled>true</Enabled>
+ </AutoLogon>
+ <OOBE>
+ <HideEULAPage>true</HideEULAPage>
+ <HideLocalAccountScreen>true</HideLocalAccountScreen>
+ <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
+ <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
+ <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
+ <NetworkLocation>Home</NetworkLocation>
+ <ProtectYourPC>1</ProtectYourPC>
+ <SkipMachineOOBE>true</SkipMachineOOBE>
+ <SkipUserOOBE>true</SkipUserOOBE>
+ </OOBE>
+ <UserAccounts>
+ <AdministratorPassword>
+ <Value>password</Value>
+ <PlainText>true</PlainText>
+ </AdministratorPassword>
+ <LocalAccounts>
+ <LocalAccount wcm:action="add">
+ <Password>
+ <Value>password</Value>
+ <PlainText>true</PlainText>
+ </Password>
+ <Name>User</Name>
+ <Group>Administrators</Group>
+ <DisplayName>User</DisplayName>
+ </LocalAccount>
+ </LocalAccounts>
+ </UserAccounts>
+ <!-- Additional Windows 11 bypass commands -->
+ <FirstLogonCommands>
+ <SynchronousCommand wcm:action="add">
+ <Order>1</Order>
+ <CommandLine>reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoUpdate /t REG_DWORD /d 1 /f</CommandLine>
+ </SynchronousCommand>
+ <SynchronousCommand wcm:action="add">
+ <Order>2</Order>
+ <CommandLine>reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f</CommandLine>
+ </SynchronousCommand>
+ <SynchronousCommand wcm:action="add">
+ <Order>3</Order>
+ <CommandLine>powershell -Command "Set-ExecutionPolicy Unrestricted -Force"</CommandLine>
+ </SynchronousCommand>
+ </FirstLogonCommands>
+ </component>
+ </settings>
+</unattend>
+EOF
+ fi
+
+ # Create the unattended ISO
+ if command -v genisoimage >/dev/null 2>&1; then
+ print_info "Creating unattended ISO using genisoimage..."
+ genisoimage -J -r -o "$WIN_ISO_DIR/unattended.iso" "$WIN_ISO_DIR/unattended" 2>/dev/null
+ return $?
+ elif command -v mkisofs >/dev/null 2>&1; then
+ print_info "Creating unattended ISO using mkisofs..."
+ mkisofs -J -r -o "$WIN_ISO_DIR/unattended.iso" "$WIN_ISO_DIR/unattended" 2>/dev/null
+ return $?
+ elif command -v xorriso >/dev/null 2>&1; then
+ print_info "Creating unattended ISO using xorriso..."
+ xorriso -as genisoimage -J -r -o "$WIN_ISO_DIR/unattended.iso" "$WIN_ISO_DIR/unattended" 2>/dev/null
+ return $?
+ else
+ print_warning "No ISO creation tool found (genisoimage, mkisofs, or xorriso)"
+ print_warning "Installing genisoimage..."
+ if command -v apt-get >/dev/null 2>&1; then
+ sudo apt-get update && sudo apt-get install -y genisoimage
+ elif command -v yum >/dev/null 2>&1; then
+ sudo yum install -y genisoimage
+ elif command -v pacman >/dev/null 2>&1; then
+ sudo pacman -S --noconfirm cdrtools
+ fi
+
+ # Try again after installation
+ if command -v genisoimage >/dev/null 2>&1; then
+ print_info "Creating unattended ISO using newly installed genisoimage..."
+ genisoimage -J -r -o "$WIN_ISO_DIR/unattended.iso" "$WIN_ISO_DIR/unattended" 2>/dev/null
+ return $?
+ else
+ print_error "Failed to install ISO creation tools"
+ return 1
+ fi
+ fi
+}
+
+# Download or locate essential files
+prepare_files() {
+ # Find Windows ISO
+ WINDOWS_ISO_PATH=$(find_windows_iso | tail -n 1 | xargs)
+ local iso_found=false
+
+ # Check if we found a valid ISO
+ if [[ -n "$WINDOWS_ISO_PATH" && -f "$WINDOWS_ISO_PATH" ]]; then
+ print_success "Using Windows ISO: $WINDOWS_ISO_PATH"
+ iso_found=true
+ else
+ print_warning "Windows ISO not found, attempting to download..."
+ if download_windows_iso; then
+ # Check again after download attempt
+ WINDOWS_ISO_PATH=$(find_windows_iso | tail -n 1 | xargs)
+ if [[ -n "$WINDOWS_ISO_PATH" && -f "$WINDOWS_ISO_PATH" ]]; then
+ print_success "Using downloaded Windows ISO: $WINDOWS_ISO_PATH"
+ iso_found=true
+ fi
+ fi
+ fi
+
+ # If we still don't have an ISO, exit
+ if [[ "$iso_found" != "true" ]]; then
+ print_error "Could not find or download Windows ISO"
+ print_info "Please place your Windows ISO file in: $WIN_ISO_DIR"
+ exit 1
+ fi
+
+ # Download VirtIO drivers if missing (optional for stealth mode)
+ if [[ ! -f "$ISO_VIRTIO" ]]; then
+ print_info "VirtIO drivers ISO not found, downloading (for fallback)..."
+ download_file "$VIRTIO_ISO_URL" "$ISO_VIRTIO" "" "true"
+ else
+ print_success "VirtIO drivers ISO already exists: $ISO_VIRTIO"
+ fi
+
+ # Create unattended ISO if it doesn't exist
+ if [[ ! -f "$ISO_UNATTENDED" ]]; then
+ create_unattended_iso
+ if [[ $? -eq 0 ]]; then
+ print_success "Created unattended ISO: $ISO_UNATTENDED"
+ else
+ print_error "Failed to create unattended ISO"
+ exit 1
+ fi
+ else
+ print_success "Unattended ISO already exists: $ISO_UNATTENDED"
+ fi
+}
+
+# Locate OVMF firmware files
+locate_ovmf() {
+ OVMF_DIRS=(
+ "/usr/share/OVMF"
+ "/usr/share/qemu"
+ "/usr/lib/qemu"
+ "/usr/share/edk2"
+ "/usr/lib/edk2"
+ "/usr/share/edk2/ovmf"
+ "/usr/share/edk2-ovmf"
+ "/usr/share/qemu/edk2-x86_64-code.fd"
+ )
+
+ OVMF_CODE=""
+ OVMF_VARS=""
+
+ for dir in "${OVMF_DIRS[@]}"; do
+ if [[ -f "$dir" ]]; then
+ # Handle direct file paths
+ if [[ "$dir" == *"code.fd" ]]; then
+ OVMF_CODE="$dir"
+ OVMF_VARS="$(dirname "$dir")/edk2-x86_64-vars.fd"
+ fi
+ elif [[ -d "$dir" ]]; then
+ # Handle directories
+ [[ -z "$OVMF_CODE" ]] && OVMF_CODE=$(find "$dir" -type f -name "OVMF_CODE.fd" -o -name "edk2-x86_64-code.fd" 2>/dev/null | head -n 1)
+ [[ -z "$OVMF_VARS" ]] && OVMF_VARS=$(find "$dir" -type f -name "OVMF_VARS.fd" -o -name "edk2-x86_64-vars.fd" 2>/dev/null | head -n 1)
+ fi
+ [[ -n "$OVMF_CODE" && -n "$OVMF_VARS" ]] && break
+ done
+
+ # Try package-specific locations
+ if [[ -z "$OVMF_CODE" || -z "$OVMF_VARS" ]]; then
+ # Ubuntu/Debian locations
+ [[ -z "$OVMF_CODE" ]] && OVMF_CODE="/usr/share/OVMF/OVMF_CODE_4M.fd"
+ [[ -z "$OVMF_VARS" && -f "/usr/share/OVMF/OVMF_VARS_4M.fd" ]] && OVMF_VARS="/usr/share/OVMF/OVMF_VARS_4M.fd"
+
+ # Arch Linux locations
+ [[ -z "$OVMF_CODE" ]] && OVMF_CODE="/usr/share/edk2-ovmf/x64/OVMF_CODE.fd"
+ [[ -z "$OVMF_VARS" && -f "/usr/share/edk2-ovmf/x64/OVMF_VARS.fd" ]] && OVMF_VARS="/usr/share/edk2-ovmf/x64/OVMF_VARS.fd"
+ fi
+
+ # Ensure a writable copy of OVMF_VARS.fd
+ local original_ovmf_vars="$OVMF_VARS"
+ OVMF_VARS="$FIRMWARE_DIR/OVMF_VARS.fd"
+
+ if [[ ! -f "$OVMF_VARS" && -f "$original_ovmf_vars" ]]; then
+ print_info "Copying OVMF_VARS.fd to $OVMF_VARS"
+ cp "$original_ovmf_vars" "$OVMF_VARS" 2>/dev/null || {
+ print_error "Failed to copy OVMF_VARS.fd!"
+ print_info "Trying to install OVMF firmware..."
+
+ # Try to install OVMF
+ if command -v apt-get >/dev/null 2>&1; then
+ sudo apt-get update && sudo apt-get install -y ovmf
+ elif command -v yum >/dev/null 2>&1; then
+ sudo yum install -y edk2-ovmf
+ elif command -v pacman >/dev/null 2>&1; then
+ sudo pacman -S --noconfirm edk2-ovmf
+ fi
+
+ # Try to locate again after installation
+ locate_ovmf
+ return
+ }
+ fi
+
+ # Check if required files exist
+ if [[ -z "$OVMF_CODE" || ! -f "$OVMF_CODE" ]]; then
+ print_error "OVMF_CODE.fd not found!"
+ print_info "Please install OVMF firmware package:"
+ print_info " Ubuntu/Debian: sudo apt install ovmf"
+ print_info " RHEL/CentOS: sudo yum install edk2-ovmf"
+ print_info " Arch: sudo pacman -S edk2-ovmf"
+ exit 1
+ fi
+ if [[ ! -f "$OVMF_VARS" ]]; then
+ print_error "OVMF_VARS.fd not found or could not be copied!"
+ exit 1
+ fi
+
+ print_success "Found OVMF firmware: $OVMF_CODE"
+ print_success "Using OVMF vars: $OVMF_VARS"
+}
+
+# Create VM disk image
+create_disk() {
+ # Check if the qcow2 image file exists; if not, create it
+ if [[ ! -f "$QCOW2_FILE" ]]; then
+ print_info "Creating $QCOW2_FILE with a size of $VM_SIZE"
+ qemu-img create -f qcow2 "$QCOW2_FILE" "$VM_SIZE" || {
+ print_error "Failed to create qcow2 image!"
+ exit 1
+ }
+ print_success "Created VM disk image: $QCOW2_FILE"
+ else
+ print_success "VM disk image already exists: $QCOW2_FILE"
+ fi
+}
+
+# Helper function to convert QCOW2 to RAW for stealth
+convert_to_raw() {
+ if [[ -f "$QCOW2_FILE" && ! -f "$RAW_FILE" ]]; then
+ print_info "Converting QCOW2 to RAW format for stealth..."
+ qemu-img convert -f qcow2 -O raw "$QCOW2_FILE" "$RAW_FILE" || {
+ print_error "Failed to convert to RAW format"
+ exit 1
+ }
+ print_success "Successfully converted to RAW format: $RAW_FILE"
+ elif [[ ! -f "$RAW_FILE" ]]; then
+ print_info "Creating RAW disk image..."
+ qemu-img create -f raw "$RAW_FILE" "$VM_SIZE" || {
+ print_error "Failed to create RAW disk image"
+ exit 1
+ }
+ print_success "Created RAW disk image: $RAW_FILE"
+ else
+ print_success "RAW disk image already exists: $RAW_FILE"
+ fi
+}
+
+# Check dependencies
+check_dependencies() {
+ local missing_deps=()
+
+ # Check for essential tools
+ command -v qemu-system-x86_64 >/dev/null 2>&1 || missing_deps+=("qemu-system-x86_64")
+ command -v swtpm >/dev/null 2>&1 || missing_deps+=("swtpm")
+ command -v curl >/dev/null 2>&1 || missing_deps+=("curl")
+ command -v uuidgen >/dev/null 2>&1 || missing_deps+=("uuidgen")
+ command -v openssl >/dev/null 2>&1 || missing_deps+=("openssl")
+
+ if [[ ${#missing_deps[@]} -gt 0 ]]; then
+ print_error "Missing required dependencies: ${missing_deps[*]}"
+ print_info "Please install them using your package manager:"
+ print_info " Ubuntu/Debian: sudo apt install qemu-system-x86 swtpm curl uuid-runtime openssl"
+ print_info " RHEL/CentOS: sudo yum install qemu-kvm swtpm curl util-linux openssl"
+ print_info " Arch: sudo pacman -S qemu swtpm curl util-linux openssl"
+ exit 1
+ fi
+}
+
+start_vm() {
+ # Verify that we have a Windows ISO
+ if [[ -z "$WINDOWS_ISO_PATH" || ! -f "$WINDOWS_ISO_PATH" ]]; then
+ print_error "Windows ISO file not found. Cannot start VM."
+ print_info "Please download Windows 11 ISO and save it to: $WIN_ISO_DIR"
+ exit 1
+ fi
+
+ # Anti-detection: Generate realistic hardware identifiers
+ REAL_MAC="00:1A:79:$(openssl rand -hex 3 | sed 's/../&:/g; s/:$//')" # Dell OUI
+ REAL_SERIAL="$(openssl rand -hex 8 | tr '[:lower:]' '[:upper:]')"
+ REAL_UUID="$(uuidgen)"
+ REAL_VENDOR="Dell Inc."
+ REAL_PRODUCT="OptiPlex 7090"
+ REAL_VERSION="01"
+ REAL_FAMILY="OptiPlex"
+
+ # Stop any existing swtpm process for this VM
+ if [[ -f "$TPM_SOCKET" ]]; then
+ print_info "Cleaning up existing TPM socket..."
+ rm -f "$TPM_SOCKET"
+ fi
+
+ # Start swtpm (TPM emulator)
+ print_info "Starting TPM emulator..."
+ /sbin/swtpm socket \
+ --ctrl type=unixio,path="$TPM_SOCKET" \
+ --terminate \
+ --tpmstate dir="$TPM_DIR" \
+ --tpm2 &
+
+ # Give swtpm a moment to create the socket
+ sleep 1
+
+ # Verify TPM socket exists
+ if [[ ! -S "$TPM_SOCKET" ]]; then
+ print_error "TPM socket not created: $TPM_SOCKET"
+ exit 1
+ fi
+
+ print_info "Starting stealth Windows 11 VM..."
+ print_info "Using Windows ISO: $WINDOWS_ISO_PATH"
+ print_info "VM will boot from unattended installation ISO"
+ print_info "Default login: Username=User, Password=password"
+ print_info "Anti-detection measures enabled"
+
+ # Build qemu arguments in an array for safety and readability
+ QEMU_ARGS=(
+ # Basic VM configuration
+ -name "$REAL_PRODUCT",process="$VM_NAME"
+ -machine q35,hpet=off,smm=on,vmport=off,accel=kvm
+
+ # Global optimizations
+ -global kvm-pit.lost_tick_policy=discard
+ -global ICH9-LPC.disable_s3=1
+
+ # CPU configuration (stealth)
+ -cpu host,-hypervisor,+invtsc,+ssse3,l3-cache=on,migratable=no
+ -smp "$SMP_CONFIG"
+ -m "$VM_RAM"
+
+ # SMBIOS spoofing for anti-detection
+ -smbios type=0,vendor="$REAL_VENDOR",version="$REAL_VERSION",date="03/15/2023"
+ -smbios type=1,manufacturer="$REAL_VENDOR",product="$REAL_PRODUCT",version="$REAL_VERSION",serial="$REAL_SERIAL",uuid="$REAL_UUID",family="$REAL_FAMILY"
+ -smbios type=2,manufacturer="$REAL_VENDOR",product="0NK70N",version="A00",serial="$REAL_SERIAL"
+ -smbios type=3,manufacturer="$REAL_VENDOR",version="$REAL_VERSION",serial="$REAL_SERIAL"
+ -smbios type=4,manufacturer="Intel(R) Corporation",version="11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz"
+
+ # Process management
+ -pidfile "$VM_DIR/$VM_NAME.pid"
+ -rtc base=localtime,clock=host,driftfix=slew
+
+ # Display and graphics
+ -vga qxl
+ -display sdl
+
+ # Boot configuration
+ -boot menu=on,splash-time=0,order=d,reboot-timeout=5000
+
+ # Random number generator
+ -object rng-random,id=rng0,filename=/dev/urandom
+ -device i82801b11-bridge,id=pci.1
+
+ # usb
+ -device usb-ehci,id=usb
+ -device usb-kbd,bus=usb.0
+ -device usb-tablet,bus=usb.0
+ -k en-us
+
+ # audio (pipewire)
+ -audiodev pipewire,id=audio0
+ -device AC97,audiodev=audio0
+
+ # Network (realistic NIC with stealth MAC)
+ -device rtl8139,netdev=nic,mac="$REAL_MAC"
+ -netdev user,hostname="$VM_NAME",hostfwd=tcp::"$HOST_PORT"-:"$GUEST_PORT",smb="$SHARED_DIR",id=nic
+
+ # UEFI firmware
+ -global driver=cfi.pflash01,property=secure,value=on
+ -drive if=pflash,format=raw,unit=0,file="$OVMF_CODE",readonly=on
+ -drive if=pflash,format=raw,unit=1,file="$OVMF_VARS"
+
+ # Main storage (AHCI for compatibility)
+ -device ahci,id=ahci
+ -drive if=none,id=disk0,format=raw,file="$RAW_FILE",cache=writeback
+ -device ide-hd,bus=ahci.0,drive=disk0
+
+ # CD-ROM drives (Windows ISO + Unattended)
+ -drive media=cdrom,index=0,file="$WINDOWS_ISO_PATH",if=ide
+ -drive media=cdrom,index=1,file="$ISO_UNATTENDED",if=ide
+
+ # TPM 2.0
+ -chardev socket,id=chrtpm,path="$TPM_SOCKET"
+ -tpmdev emulator,id=tpm0,chardev=chrtpm
+ -device tpm-tis,tpmdev=tpm0
+
+ # Monitoring and management sockets
+ -monitor unix:"$SOCKET_DIR/$VM_NAME-monitor.socket",server,nowait
+ -serial unix:"$SOCKET_DIR/$VM_NAME-serial.socket",server,nowait
+ )
+
+ # Add VirtIO ISO if it exists (as fallback)
+ if [[ -f "$ISO_VIRTIO" ]]; then
+ QEMU_ARGS+=(-drive media=cdrom,index=2,file="$ISO_VIRTIO",if=ide,readonly=on)
+ fi
+
+ print_info "Starting QEMU with stealth configuration..."
+ print_info "Monitor socket: $SOCKET_DIR/$VM_NAME-monitor.socket"
+ print_info "Serial socket: $SOCKET_DIR/$VM_NAME-serial.socket"
+ print_info "SSH port forwarding: localhost:$HOST_PORT -> VM:$GUEST_PORT"
+
+ # Execute qemu
+ exec qemu-system-x86_64 "${QEMU_ARGS[@]}"
+
+}
+
+# Helper function to convert QCOW2 to RAW for stealth
+convert_to_raw() {
+ if [[ -f "$QCOW2_FILE" && ! -f "$RAW_FILE" ]]; then
+ print_info "Converting QCOW2 to RAW format for stealth..."
+ qemu-img convert -f qcow2 -O raw "$QCOW2_FILE" "$RAW_FILE"
+ if [[ $? -eq 0 ]]; then
+ print_success "Successfully converted to RAW format"
+ else
+ print_error "Failed to convert to RAW format"
+ exit 1
+ fi
+ elif [[ ! -f "$RAW_FILE" ]]; then
+ print_info "Creating RAW disk image..."
+ qemu-img create -f raw "$RAW_FILE" "$VM_SIZE"
+ fi
+}
+
+# Anti-detection validation commands
+show_validation_commands() {
+ cat << 'EOF'
+=== VM DETECTION VALIDATION COMMANDS ===
+
+Run these commands inside Windows to verify stealth:
+
+# PowerShell - Check hardware info:
+Get-WmiObject -Class Win32_ComputerSystem | Select-Object Manufacturer, Model, TotalPhysicalMemory
+Get-WmiObject -Class Win32_BIOS | Select-Object Manufacturer, Version, SerialNumber
+Get-WmiObject -Class Win32_BaseBoard | Select-Object Manufacturer, Product, SerialNumber
+Get-WmiObject -Class Win32_Processor | Select-Object Name, Manufacturer, MaxClockSpeed
+
+# Check for hypervisor presence:
+Get-WmiObject -Class Win32_ComputerSystem | Select-Object HypervisorPresent
+bcdedit /enum | findstr hypervisorlaunchtype
+
+# Registry checks for VM artifacts:
+reg query "HKLM\HARDWARE\DESCRIPTION\System" /v SystemBiosVersion
+reg query "HKLM\HARDWARE\DESCRIPTION\System\BIOS" /v SystemManufacturer
+reg query "HKLM\SYSTEM\CurrentControlSet\Services" | findstr -i "vbox\|vmware\|qemu\|virtio"
+
+# Check network adapter:
+Get-WmiObject -Class Win32_NetworkAdapter | Where-Object {$_.NetConnectionStatus -eq 2} | Select-Object Name, MACAddress, Manufacturer
+
+# Check PCI devices for VM signatures:
+Get-WmiObject -Class Win32_PnPEntity | Where-Object {$_.Name -match "VirtIO|QEMU|VMware|VirtualBox|Hyper-V"} | Select-Object Name, DeviceID
+
+# Check running services:
+Get-Service | Where-Object {$_.Name -match "vbox|vmware|qemu|virtio|spice"}
+
+# Check for VM-specific processes:
+Get-Process | Where-Object {$_.ProcessName -match "vbox|vmware|qemu|virtio"}
+
+# Additional checks:
+systeminfo | findstr /C:"System Manufacturer" /C:"System Model" /C:"BIOS Version"
+wmic computersystem get manufacturer,model,name,systemtype
+
+EOF
+}
+
+# Cleanup function
+cleanup() {
+ print_info "Cleaning up..."
+
+ # Kill swtpm if running
+ if [[ -f "$TPM_SOCKET" ]]; then
+ pkill -f "swtpm.*$TPM_SOCKET" 2>/dev/null || true
+ rm -f "$TPM_SOCKET" 2>/dev/null || true
+ fi
+
+ # Remove PID file
+ if [[ -f "$VM_DIR/$VM_NAME.pid" ]]; then
+ rm -f "$VM_DIR/$VM_NAME.pid" 2>/dev/null || true
+ fi
+}
+
+# Trap cleanup on exit
+trap cleanup EXIT
+
+# Main execution function
+main() {
+ print_info "=== Windows 11 Stealth VM Setup ==="
+ print_info "VM Name: $VM_NAME"
+ print_info "VM Size: $VM_SIZE"
+ print_info "VM RAM: $VM_RAM"
+ print_info "VM CPUs: $VM_CPU"
+ print_info "Host Port: $HOST_PORT"
+
+ check_dependencies
+ prepare_files
+ locate_ovmf
+ create_disk
+ convert_to_raw
+ show_validation_commands
+
+ print_success "Setup complete! Starting VM..."
+ start_vm
+}
+
+# Run main function
+main "$@"
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-06 06:00:54 +0000