Using QEMU for VRChat

Using QEMU for VRChat

[danko babro]

[-- Attachment #1: Type: text/plain, Size: 880 bytes --]

Dear QEMU dev team,
Recently a game called VRChat got a security update, implementing Easy Anti
Cheat into their game (pretty much spyware that logs everything happening
on the users PC) which made me want to install their game on a virtual
machine.

The problem now is, that the anti cheat detects if the user is playing on a
virtual machine, but in the official documentation by their dev team there
is a workaround for that, specifically for QEMU, that can be found here:

https://docs.vrchat.com/docs/using-vrchat-in-a-virtual-machine

I simply cant understand what that code (on the given website) does. Does
it open up a backdoor for the anti cheat to access my real pc?

Is QEMU in general a good solution for when it comes to protecting my
actual PC from threats like these, or any other sorts of viruses for
example, since it uses a kernel based VM.

All the best,
David

[-- Attachment #2: Type: text/html, Size: 1256 bytes --]

Re: Using QEMU for VRChat

[Daniel P. Berrangé]

On Wed, Aug 10, 2022 at 01:06:59PM +0200, danko babro wrote:
> Dear QEMU dev team,
> Recently a game called VRChat got a security update, implementing Easy Anti
> Cheat into their game (pretty much spyware that logs everything happening
> on the users PC) which made me want to install their game on a virtual
> machine.
> 
> The problem now is, that the anti cheat detects if the user is playing on a
> virtual machine, but in the official documentation by their dev team there
> is a workaround for that, specifically for QEMU, that can be found here:
> 
> https://docs.vrchat.com/docs/using-vrchat-in-a-virtual-machine
> 
> I simply cant understand what that code (on the given website) does. Does
> it open up a backdoor for the anti cheat to access my real pc?
> 
> Is QEMU in general a good solution for when it comes to protecting my
> actual PC from threats like these, or any other sorts of viruses for
> example, since it uses a kernel based VM.

The targetted recommendation of

      <vendor_id state='on' value='0123756792CD'/>

     -cpu ....,hv-vendor-id=0123756792CD

is essentially harmless. It merely changes one CPUID register so that
the anti cheat code no longer believe it is running in a HyperV VM.

It wouldn't fool a really determined anti cheat code chcker, because
there are a great many ways to detect you're inside a VM. Evidentially
this particular code though only cares about a CPUID value.

I the vendor ID value could be essentially anything you want it to
be, not just this one specific value - just has to be different from
the default.

This is not opening a backdoor to your host OS.

The more general recommendation

   <hyperv mode='passthrough'>

simply enables all hyperv enlightenments. This appears to be sufficient
to again fool the anti cheat code, while having the added benefit of
likely improving performance.

Again, this is not opening a backdoor to your host OS.

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: Using QEMU for VRChat

[Paolo Bonzini]

On 8/10/22 13:06, danko babro wrote:
> https://docs.vrchat.com/docs/using-vrchat-in-a-virtual-machine 
> <https://docs.vrchat.com/docs/using-vrchat-in-a-virtual-machine>
> 
> I simply cant understand what that code (on the given website) does. 
> Does it open up a backdoor for the anti cheat to access my real pc?

No, it just hides to the program the fact that it's running in a VM. 
The libvirt and QEMU sections both do the same thing, just talking to 
different programs.

Paolo

Re: Using QEMU for VRChat

[Denis V. Lunev]

On 8/10/22 13:06, danko babro wrote:
> Dear QEMU dev team,
> Recently a game called VRChat got a security update, implementing Easy 
> Anti Cheat into their game (pretty much spyware that logs everything 
> happening on the users PC) which made me want to install their game on 
> a virtual machine.
>
> The problem now is, that the anti cheat detects if the user is playing 
> on a virtual machine, but in the official documentation by their dev 
> team there is a workaround for that, specifically for QEMU, that can 
> be found here:
>
> https://docs.vrchat.com/docs/using-vrchat-in-a-virtual-machine
>
> I simply cant understand what that code (on the given website) does. 
> Does it open up a backdoor for the anti cheat to access my real pc?
>
> Is QEMU in general a good solution for when it comes to protecting my 
> actual PC from threats like these, or any other sorts of viruses for 
> example, since it uses a kernel based VM.
>
> All the best,
> David
this seems harmless at the first glance, but the point that
doing this will not affect the performance is wrong.

Windows inside virtual machine is doing a lot of things
on performance critical paths, like when the APIC is accessed
or in similar places and doing that in HyperV mode is faster
than in HW mode.

You have denied the detection of HyperV and thus Windows
inside does not feel that it runs in virtual machine and thus
could fall into BSoD when IRQ routine processing is not
fast enough (potential inside VMs, the time was spent in
host). This should not happen frequently though.

Den