HTML5

Web-based virtual machine detection using the HTML5 Performance object

Multiple browsers (Microsoft Edge, Microsoft Internet Explorer, Mozilla Firefox) Performance object leaks the Windows performance counter frequency (equivalent to physical CPU clock speed or virtual machine detection)

 

Advisory

Amit Klein

 

Web-based virtual machine detection with HTML5 features

Here's a quick and simple web-based heuristic to detect a virtual machine (not 100% accurate).

 

Observation 1

1.a A typical virtual machine configuration assigns a guest VM a single (HT) core. Clearly this is not 100% accurate, but in the case of a large-scale virtualization (as is the case of sandboxing/research), it makes a lot of sense.

1.b A typical modern physical machine has multiple (HT) cores. I can't remember when I last saw a physical machine with a single core. Definitely not in the last 5 years.

Tags:

Subscribe to RSS - HTML5