From: "Daniel P. Berrangé" <berrange@redhat.com>
To: danko babro <dankobabro@gmail.com>
Cc: qemu-devel@nongnu.org
Subject: Re: Using QEMU for VRChat
Date: Wed, 10 Aug 2022 14:41:46 +0100 [thread overview]
Message-ID: <YvO1mganYJDey1FM@redhat.com> (raw)
In-Reply-To: <CADfEUTJ4AvfUnwcWtiBk+V1gXrGt6W8cpxcUMbx_MtociwEC7g@mail.gmail.com>
On Wed, Aug 10, 2022 at 01:06:59PM +0200, danko babro wrote:
> Dear QEMU dev team,
> Recently a game called VRChat got a security update, implementing Easy Anti
> Cheat into their game (pretty much spyware that logs everything happening
> on the users PC) which made me want to install their game on a virtual
> machine.
>
> The problem now is, that the anti cheat detects if the user is playing on a
> virtual machine, but in the official documentation by their dev team there
> is a workaround for that, specifically for QEMU, that can be found here:
>
> https://docs.vrchat.com/docs/using-vrchat-in-a-virtual-machine
>
> I simply cant understand what that code (on the given website) does. Does
> it open up a backdoor for the anti cheat to access my real pc?
>
> Is QEMU in general a good solution for when it comes to protecting my
> actual PC from threats like these, or any other sorts of viruses for
> example, since it uses a kernel based VM.
The targetted recommendation of
<vendor_id state='on' value='0123756792CD'/>
-cpu ....,hv-vendor-id=0123756792CD
is essentially harmless. It merely changes one CPUID register so that
the anti cheat code no longer believe it is running in a HyperV VM.
It wouldn't fool a really determined anti cheat code chcker, because
there are a great many ways to detect you're inside a VM. Evidentially
this particular code though only cares about a CPUID value.
I the vendor ID value could be essentially anything you want it to
be, not just this one specific value - just has to be different from
the default.
This is not opening a backdoor to your host OS.
The more general recommendation
<hyperv mode='passthrough'>
simply enables all hyperv enlightenments. This appears to be sufficient
to again fool the anti cheat code, while having the added benefit of
likely improving performance.
Again, this is not opening a backdoor to your host OS.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2022-08-10 14:13 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-10 11:06 Using QEMU for VRChat danko babro
2022-08-10 13:41 ` Daniel P. Berrangé [this message]
2022-11-02 13:13 ` Paolo Bonzini
2022-11-02 16:02 ` Denis V. Lunev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YvO1mganYJDey1FM@redhat.com \
--to=berrange@redhat.com \
--cc=dankobabro@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).