An open-source privacy-audit research sandbox derived from VirtualBox 7.2 OSE. OpenHuizeBox surfaces the hardware-identity signals that commercial software and malware read from the host — CPUID brand, SMBIOS/DMI, ACPI OEM, disk model/serial, MAC OUI — as visible, per-VM Settings you can toggle, document and reproduce. Built for researchers, auditors and educators.
Languages: English (authoritative) · 中文 (README.zh.md) · العربية (README.ar.md) Site: openbox.huize.org · Maintainers: MAINTAINERS.md
A fork of Oracle VirtualBox OSE, with a disclosed patch set, focused on a single coherent use case: privacy-audit research on software that profiles its host.
Commercial software and malware routinely read host-identifying signals — DMI / ACPI / disk serials / MAC OUI / CPUID — to decide whether they are being analysed, and suppress behaviour accordingly. OpenHuizeBox makes every one of those signals a visible, per-VM Settings toggle so a researcher can:
- Apply a named hardware-identity profile (Dell OptiPlex, Lenovo ThinkPad, generic OEM workstation, or their own) to a VM.
- Observe what signals a piece of software reads before and after the profile is applied.
- Capture the outbound traffic and TLS handshakes with a scripted pktmon session and a locally-rooted TLS CA.
- Document the decision in a reproducible way.
OpenHuizeBox is not a piracy or licensing-bypass tool.
┌──────────────────────────────────────────────────────────────────────┐
│ zhihuiyuze/OpenHuizeBox (this repo) │
│ • modules/ hardware-identity profiles (JSON) │
│ • build/ Windows PowerShell build + installer + signing scripts │
│ • installer/ Inno Setup .iss → single signed .exe │
│ • tests/ end-to-end smoke suite (53-check APT-scanner matrix) │
│ • docs/ architecture, governance, threat model, coverage │
│ • vbox-upstream/ git submodule, pinned to our fork │
└──────────────────────────────────┬───────────────────────────────────┘
│ pins
▼
┌──────────────────────────────────────────────────────────────────────┐
│ zhihuiyuze/OpenHuizeBox-VBox (submodule, branch ohb-7.2) │
│ VirtualBox 7.2 OSE + disclosed patch set: │
│ – Settings-tab integration (Motherboard / Processor / Display / │
│ Storage / Network) │
│ – OpenHuizeBox menu + Create Audit VM dialog │
│ – Branding rewrite (no Oracle strings in Windows file properties) │
│ – Kernel driver signing unchanged from OSE │
└──────────────────────────────────────────────────────────────────────┘
The fork is deliberately shallow: no VMM patches, no RDTSC/SIDT/SGDT evasion, no MSR masking. See docs/DETECTOR_COVERAGE.md for the out-of-reach list and docs/ARCHITECTURE.md for the full design.
👉 New contributors: read DEVELOPING.md first. It's the 5-minute map: how to bootstrap a dev box, where the code lives, what's already done, and which open items are waiting for someone to pick them up. Items marked
[ ]in docs/ROADMAP.md and🔴 / 🟡in TESTING.md are live good-first-issues.
Download the signed Inno Setup installer from the latest release:
Run the .exe, reboot once (required for Windows test-signing mode), run
build\post_reboot_driver_check.ps1 to confirm the signed kernel driver
loaded, then open OpenHuizeBox. Full walk-through: docs/QUICKSTART.md.
# Clone with the vbox-upstream submodule
git clone --recursive https://github.com/zhihuiyuze/OpenHuizeBox.git
cd OpenHuizeBox
# Install toolchain (MSVC 2022, kBuild, Qt 6.8, WDK, vcpkg)
powershell -File .\build\install_build_toolchain.ps1
# Build + produce installer
powershell -File .\build\local_build.ps1
# Optional: sign the driver + register kernel service
powershell -File .\build\install_ohb_driver.ps1 -EnableTestSigning
# (reboot, then:)
powershell -File .\build\post_reboot_driver_check.ps1A clean first-build takes ~45 min on a reference host (Windows 11 Pro, 32 GB RAM, NVMe). See PATCHES.md for the patch-set and rebase workflow.
OpenHuizeBox is for:
- Privacy-audit research on commercial / mobile software
- Malware analysis, under proper legal authorisation
- Teaching endpoint-profiling attack surfaces
- Compliance reproduction work (GDPR / PIPL / CCPA)
OpenHuizeBox is not for:
- Circumventing software licensing, DRM, or activation controls
- Evading bank / payment / gambling anti-fraud controls
- Mass synthetic-identity generation for rate-limit / trial / review abuse
- Advertiser-fraud evasion
See ACCEPTABLE_USE.md and GOVERNANCE.md.
| Document | Purpose |
|---|---|
| QUICKSTART.md · zh | 10-minute first run |
| ARCHITECTURE.md | System design, layer taxonomy |
| MODULES.md | Per-module matrix |
| DETECTOR_COVERAGE.md | Per-scanner coverage + out-of-reach list |
| THREAT_MODEL.md | What we defend against |
| PATCHES.md | Patch-set & rebase workflow |
| UPSTREAM_TRACKING.md | Upstream VBox pin |
| TESTING.md | What's verified vs deferred |
| ROADMAP.md | Release planning |
| CHANGELOG.md · zh | Version history |
Read before sending a PR or opening an issue:
- GOVERNANCE.md · zh · ar — intended use, scope, contribution gate (authoritative)
- ACCEPTABLE_USE.md · zh — out-of-scope list
- CONTRIBUTING.md · zh — PR workflow, DCO
- CODE_OF_CONDUCT.md — community standards
- SECURITY.md — private vulnerability disclosure
Dual-licensed:
| Component | License | Why |
|---|---|---|
VBox-derivative code (in vbox-upstream submodule, any built binaries) |
GPL v3 (LICENSE) | Oracle VirtualBox OSE is GPL v3; derivatives inherit |
Standalone toolkit (modules/, build/, installer/, tests/, docs/) |
Apache License 2.0 (LICENSE-APACHE-2.0) | Independent code |
When in doubt, assume GPL v3.
Trademark: "VirtualBox" and "Oracle" are trademarks of Oracle Corporation. OpenHuizeBox is not affiliated with or endorsed by Oracle. See TRADEMARKS.md and NOTICE.
Extension Pack: Oracle's PUEL-licensed VirtualBox Extension Pack is never bundled. Install it yourself from Oracle if you need its features.
- Oracle VirtualBox OSE — the foundation (GPL v3)
- The sandbox-detection research community — Pafish, Al-Khaser, VMAware, InviZzzible — the detectors we benchmark against
- Everyone who published prior analyses of the techniques we defend against