Post

SMBIOS Binary Patcher for QEMU

Posted Updated
By Tabby
4 min read
SMBIOS Binary Patcher for QEMU

So I have made a tool that allows patching SMBIOS binary for you to pass it to QEMU using this argument:

1

--smbios file=/location/of/smbios_patched.bin

or when using libvirt XML:

1
2
3
4

<qemu:commandline>
    <qemu:arg value="-smbios"/>
    <qemu:arg value="file=/location/of/smbios_patched.bin"/>
</qemu:commandline>

What is SMBIOS?

SMBIOS (System Management BIOS) is a standard used by operating systems to retrieve information about the hardware components of a computer system. It provides a way for the BIOS (Basic Input/Output System) or UEFI (Unified Extensible Firmware Interface) firmware to expose details about the system’s hardware to the operating system and software applications.

But, Why?

As part of Anti-VM detections this SMBIOS allows you to emulate a real system information, by default QEMU already has SMBIOS that you can modify on the fly but this is not enough and missing a lots of tables that anti-vms can detect such as VMAware.

Maybe I can just use qemu arguments and binary blobs?

No, this is not supported by QEMU as it will just use the binary blob you provided and ignore the arguments, for example if you provide:

1
2

-smbios type=1,manufacturer=CustomManufacturer,product=CustomProduct,version=1.0,serial=1234567890,uuid=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \
-smbios type=17,manufacturer=CustomMemoryInc.,serial=MEM12345678,size=16384,type=0x22

QEMU will just ignore the arguments and use the binary blob as is, except for the Type 0, which QEMU will get from your OMVF firmware. That is why this tool is made to patch the binary blob directly.

I want to patch SMBIOS in runtime, is that possible?

Yes, but only if you are using my custom QEMU fork that supports runtime SMBIOS patching. See my qemu fork https://github.com/t4bby/qemu that supports both. See my blog post about it here.

What does this tool do?

This tool allows you to patch various fields in the SMBIOS binary such as:

  • BIOS Information (Vendor, Version, Release Date)
  • System Information (Manufacturer, Product Name, Version, Serial Number, UUID)
  • Baseboard Information (Manufacturer, Product Name, Version, Serial Number)
  • Chassis Information (Manufacturer, Version, Serial Number, Asset Tag, SKU)
  • Memory Device Information (Manufacturer, Serial Number, Asset Tag, Part Number, Speed, Size, Type)

Installation

1
2
3
4
5

git clone  https://github.com/t4bby/smbios-patcher
cd smbios-patcher
meson setup build
sudo ninja -C build install
smbios_patcher --help

Usage

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

Options:
  -i, --input <file>           Input SMBIOS binary file (default: smbios.bin)
  -o, --output <file>          Output SMBIOS binary file (default: smbios_patched.bin)
  -b, --bios-vendor <string>   BIOS vendor
  -B, --bios-version <string>  BIOS version
  -d, --bios-date <string>     BIOS release date
  -m, --manufacturer <string>  System manufacturer
  -p, --product <string>       Product name
  -v, --version <string>       Version string
  -s, --serial <string>        Serial number
  -k, --sku <string>           SKU number
  -f, --family <string>        Family string
  -u, --uuid <string>          UUID in format xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx or 'random'
  -c, --cpu-vendor <string>    CPU vendor string
  -n, --cpu-name <string>      CPU name string
      --cpu-family <int>       CPU family code (SMBIOS byte value)

Baseboard (Type 2) options:
      --baseboard-manufacturer <str> Baseboard manufacturer
      --baseboard-product <str>      Baseboard product name
      --baseboard-version <str>      Baseboard version
      --baseboard-serial <str>       Baseboard serial number

Chassis (Type 3) options:
      --chassis-manufacturer <str>   Chassis manufacturer
      --chassis-version <str>        Chassis version
      --chassis-serial <str>         Chassis serial number
      --chassis-asset <str>          Chassis asset tag
      --chassis-sku <str>            Chassis SKU

Memory Device (Type 17) options:
      --mem-manufacturer <str> Memory Manufacturer string
      --mem-serial <str>       Memory Serial Number string
      --mem-asset <str>        Memory Asset Tag string
      --mem-part <str>         Memory Part Number string
      --mem-speed <int>        Memory Speed (MT/s)
      --mem-cspeed <int>       Configured Clock Speed (MT/s)
      --mem-size <int>         Memory Size (MB)
      --mem-esize <int>        Memory Extended Size (MB)
      --mem-type <int>         Memory Type enum (e.g., 0x18=DDR2, 0x18=DDR3, 0x1A=DDR4, 0x22=DDR5)
  -h, --help                   Display this help message

Here how you can use it

  • You dump your current system SMBIOS binary using either of these commands:
1

dmidecode --dump-bin /opt/smbios.bin

1

sudo cat /sys/firmware/dmi/tables/{entry_point,table} > /opt/smbios.bin
  • You provide a command arguments with the fields you want to patch. For example:
1
2
3
4
5
6
7
8
9

smbios_patcher -i /opt/smbios.bin -o /opt/smbios_patched.bin \
    -b "Custom BIOS Vendor" \
    -m "Custom Manufacturer" \
    -p "Custom Product" \
    -s "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" \
    --mem-manufacturer "Custom Memory Inc." \
    --mem-serial "MEM12345678" \
    --mem-size 16384 \
    --mem-type 0x22

  • It will parse the binary and patch the fields you provided

  • Finally it will output a new SMBIOS binary that you can pass to QEMU using the argument mentioned above. For example:

    1

    --smbios file=/opt/smbios_patched.bin

For XML libvirt:

1
2
3
4

<qemu:commandline>
    <qemu:arg value="-smbios"/>
    <qemu:arg value="file=/opt/smbios_patched.bin"/>
</qemu:commandline>
linux, vm
virtual-machines qemu
This post is licensed under CC BY 4.0 by the author.

Trending Tags

qemu virtual-machines