Can guest detect that the VM was moved to another host?

[940607]

Hi.
Each our dev has a copy of a single VM. The copies are created by simply extracting a zipped VM folder, so the hardware uuid is the same. They VM has one NAT and one host-only adapter. All copies have the same set of MACs and ip addresses: NAT : 10.0.3.15, host-only: 192.168.56.150.

Is there anything that uniquely identifies a VM host and can be read by a guest? I was thinking of the MAC of the network gateway. However, I was surprised to see that VBox has a hardcoded gateway MAC: 52:54:00:12:35:02

My last hope is the MAC address of the virtual network card on the host. It's visible to the guest as 192.168.56.1 and its MAC is indeed unique, but it is not a gateway, so I will have to hardcode the ip address 192.168.56.1 to my program.

[mpack]

Guest code runs directly on the host CPU, therefore it has access to the physical CPU ID. The guest can also of course detect that it's running in a VM. What the guest does with this is up to the guest.

I'm by no means a networking expert, but the idea of a hard coded gateway MAC sounds nonsensical to me. A MAC is part of an Ethernet card emulation. If you have two emulated Ethernet NICs then your guest can see two MACs. "Gateway" is a TCP/IP concept. You need to know the IP address of the gateway, I have no idea why any part of the protocol stack would care about the MAC address associated with a gateway IP. Nor would it be useful as a machine signature (for activation), since it isn't part of the local machine.

[scottgus1]

Where do you find this "hard-coded" Virtualbox gateway MAC?

[940607]

Where do you find this "hard-coded" Virtualbox gateway MAC?

Code: Select all

[root@localhost ~]# route -n | grep ^0.0.0.0
0.0.0.0         10.0.3.2        0.0.0.0         UG    0      0        0 eth1
[root@localhost ~]# ping -c1 10.0.3.2
PING 10.0.3.2 (10.0.3.2) 56(84) bytes of data.
64 bytes from 10.0.3.2: icmp_seq=1 ttl=64 time=0.221 ms

--- 10.0.3.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.221/0.221/0.221/0.000 ms
[root@localhost ~]# arp -n | grep 10.0.3.2
10.0.3.2                 ether   52:54:00:12:35:02   C                     eth1

[scottgus1]

OK, I see a series of numbers matching the proposed "hard-coded" MAC address. I also see that the gateway IP address for that MAC is 10.0.3.2, from which I surmise that this is the Virtualbox NAT adapter. I ran a search on two NAT guests here and got the same MAC address for each gateway MAC. So Virtualbox theoretically assigns the same MAC address to all NATs. OK, "hard coded".

Why is this a problem?

[940607]

Why is this a problem?

I expected VBox to generate a unique MAC for its NAT gateway during install. Then I would be able to use it to identify a host from a guest.

[scottgus1]

Aha. OK, I get it. Try hunting the CPU ID number, as Mpack suggested. That's the only piece of host hardware that the guest directly sees.

[scottgus1]

Re CPU ID numbers: Might be a dead end. Here: https://superuser.com/questions/216978/ ... ial-number NotMe's answer says that for privacy concerns, Intel, at least, stopped putting serial numbers on their CPUs. AMD may have done the same? I tried reading my Windows 10 host's serial number from the host OS using WMI, which claims to be able to read it, and got nothing in response. If it is true that there are no CPU id numbers anymore, then id'ing hosts via CPU may not work.

[mpack]

Serial number is not the same as model number (i.e. CPUID, which is what I talked about). Intel chips most definitely report a CPUID, and it's quite complex, and different for different models. VirtualBox itself uses this information to run properly.

I wasn't aware that Intel ever put serial numbers onto their CPUs. I've used the feature on other CPUs (e.g. STM32-ARM), and it's very handy since it provides a seed for anything where you might want to generate a globally unique ID, seed a random number generator etc.