Using VirtualBox Virtual Machines

With REVEN, you can build RE projects where analyzed scenarios are recorded from Virtual Machines (VMs) running in Oracle VM VirtualBox.

This section describes how to setup a VirtualBox VM that will be suitable for scenario recording.

Pre-requisites

IMPORTANT: Replaying scenarios recorded with a VirtualBox VM in REVEN will often lead to partial replays due to replay desynchronization errors. Therefore, using QEMU VMs is highly recommended and must be preferred. However, using VirtualBox VMs may prove successful in some rare cases where using QEMU VMs is not convenient or fails.

IMPORTANT: REVEN currently provides the analysis of scenarios with VirtualBox VMs only on servers equipped with Intel processors. It does not support such analysis on servers equipped with AMD processors.

IMPORTANT: The autorecord features of the Project Manager are not supported with VirtualBox VMs. With REVEN Enterprise edition, the ASM stub autorecord feature is available from the Workflow Python API.

VirtualBox is installed on the REVEN server during the REVEN installation process.

Should you need some advanced system configuration, such as dedicating a USB device to a VM, you will have to manually add the Linux user running REVEN to the Linux group vboxusers. If reven_user is the user login, this can be done using the command line:

$ sudo adduser reven_user vboxusers

Managing remotely a VirtualBox machine may be done through a SSH connection with X-Forwarding enabled or with solutions such as phpVirtualbox or remotebox. We will not document them here.

Creating a VirtualBox VM for scenario recording

1. Create a virtual machine in Oracle VM VirtualBox Manager. Please refer to VirtualBox's online documentation.
2. Add an IDE adapter to the VM configuration (or make sure it exists). This can be done through the Storage section of the virtual machine settings:
3. Set the IDE adapter name to reven.
4. Set it as CD-ROM / primary master device.
5. Setup the System settings as follows:
6. In the Processor tab, set the number of processors to 1.
7. In the Acceleration tab:
   • Set the Paravirtualization interface to None.
   • Check all boxes of Hardware Virtualization.
8. Setup the Audio settings either disabled, or enabled with the ICH AC97 audio controler selected. Otherwise, the Virtual Machine may not start.
9. Install the Microsoft Windows or Linux guest OS of your choice on the virtual machine.

WARNING: Make sure to remove any software that may communicate with the VirtualBox hypervisor from the guest. Intrusive software such as VirtualBox's Guest additions (which provides extended features like drag and drop, clipboard sharing and full resolution display) may lead to unhandled hypervisor behavior, and the recorded scenario will not be properly handled by REVEN.

What you must know

VirtualBox saves states of a VM in Snapshots. Technically, there are Disk snapshots and Live snapshots.

Disk snapshots are saved while a VM is off, or by taking a snapshot on a running VM and discarding saved state.

Live snapshots are obtained by shutting down a VM and choosing Save state, or when you take a snapshot on a running VM.

For a given VM, REVEN's Project Manager will show you a single list of VirtualBox snapshots to record scenarios from.

Preparing VirtualBox snapshots to use with REVEN

We recommend the following approach to prepare a VirtualBox snapshot that will be used to record a scenario.

In the VirtualBox GUI:

1. Create and setup the VirtualBox VM.
2. Install software & configuration required by your scenario in the VM.
3. Run operations required in the VM before the scenario recording, but that need not be recorded.
4. Take a snapshot of the VM.
5. Shutdown the VM.

In the REVEN Project Manager:

1. If the VM has previously been registered, simply refresh the list of snapshots for the VM.
2. If the VM has not been registered yet, simply register it. Its snapshots will be automatically known by the Project Manager.