53

Is there a way or program to make another program think I am using a different system?

For example, let's say currently I am on Windows 7 32-bit and I want the program to detect Windows 10 64-bit or perhaps Windows XP.

Can I do something similar with hardware? Can I tell a program that I'm running on a PC from the early 2003 even if it's from last year (2019)?

Patrick Mevzek
  • 1,768
  • 2
  • 11
  • 23
Wolwo
  • 599
  • 1
  • 4
  • 5
  • 11
    Somewhat related question: [Why is the OS obfuscation defense against “It's a Unix system!” not widely implemented?](/q/222839/129883) – Fire Quacker Mar 04 '20 at 20:41
  • 30
    Can you explain WHY you want to do this? Is it to get some software to run that detects the OS, or the hardware directly? – Neil Mar 05 '20 at 11:03
  • 2
    You can't because detecting the OS usually is more than just checking a number; calling a function that doesn't exist in the host OS will crash the program. – John Keates Mar 06 '20 at 02:55
  • 4
    Scope of this question seems far too wide - it needs clarification whether we're asking about trying to fool a program that is just refusing to run when a simple (and easily spoofed) version check gives the wrong number, or a program that is actively exploiting an anomaly peculiar to the specific OS/hardware, which may need a full emulation (including emulating bugs that were fixed on newer hardware/OS releases). Top voted answer about VM would be overkill for some scenarios and insufficient for others. – Steve Mar 06 '20 at 08:16
  • FWIW I deal with ancient software from time to time, and sometimes it does in fact guess its host OS completely wrong - like an early XP era program believing Windows 8 is actually something older than Windows 95 and as such incompatible – htmlcoderexe Mar 06 '20 at 08:23
  • 3
    It seems you are assuming that you can run a binary for the OS *y* in the OS *z*. That's not generally true, so you don't have a case in the first place. For OSes in the same family (where binary compatibility is a thing), you can spoof a few system calls to trick a program. You can't hide an OS from a program because the program **needs** the OS to do anything. Finally, programs don't have access to the hardware directly, they can check brands and vendor strings (this is how cheap antiVM checks are done) or recent technologies, but again, easy to spoof. ISA extensions can also be tested. – Margaret Bloom Mar 06 '20 at 12:41
  • 2
    Might be cheaper to pick up some old hardware on eBay or a local Goodwill type store. – WBT Mar 06 '20 at 14:12
  • 3
    This exists. [WINE](https://www.winehq.org/) makes Unix appear to be Windows, from the perspective of the program running in it. – jpaugh Mar 06 '20 at 22:01

7 Answers7

154

Cheeky answer: I think you are about to invent a Virtual Machine.

In order to spoof the hardware to look like a 2003 motherboard you'll need to deal with things like writing a CPU instruction translation layer so that the program gives 2003-era CPU binary instructions, and your layer translates them into instructions that your 2019 hardware understands.

In order to spoof the OS to look like Windows 7 32-bit, you will need to hide all the binaries and other files in C:\Windows, C:\Program Files, etc, that are clearly part of a Windows 10 install, and instead "fake" a complete file system with all the Windows 7 32-bit files. You'd also need a wrapper around the Windows 10 kernel to make the kernel APIs that are accessible to the program look and behave like the Windows 7 kernel. ie you can't really "fake" this; you basically need to emulate a fully functional install of Windows 7 32-bit inside your Windows 10.

By the time you have done all that, you will basically have invented virtual machines. So why don't you just download VirtualBox, set the hardware emulation to 2003-era hardware, and install Windows 7 32 bit on it?

Mike Ounsworth
  • 58,107
  • 21
  • 154
  • 209
  • 46
    If you want to emulate a 2003 CPU specifically, you'll probably want something like QEMU; AFAIK VirtualBox does not support picking specific instruction sets. – Bob Mar 05 '20 at 04:31
  • 11
    2003-era x86 instructions will still run on 2019-era machines (in 32-bit mode). No translation is necessary. But you still need to tell it that only the 2003-era instructions are available. And you might need to throw an error if an instruction later than 2003 gets executed, otherwise the program could detect that you're lying. – user253751 Mar 05 '20 at 11:02
  • 4
    "emulate a fully functional install of Windows 7 32-bit inside your Windows 10" - minor point, but I think the OP was referring to the other way round... they are currently using Win7 32-bit and want to "emulate" Win10 64-bit (or WinXP). – MrWhite Mar 05 '20 at 11:56
  • @MrWhite No problem if the hardware is x64 capable and has Virtualisation support enabled this is possible even if the host OS is 32-bit. If the hardware is REALLY 32-bit (or doesn't have hardware virtualisation capability) full emulation is the only option. And I don't know of any product that can do that. – Tonny Mar 05 '20 at 13:28
  • 3
    Sounds like the wine project; but they make it easy to detect on purpose. – Joshua Mar 05 '20 at 17:12
  • 3
    As I have explained [here](https://stackoverflow.com/a/23998052/103167) this would take an *emulator*, not merely a virtual machine. A virtual machine creates the illusion that you have your own machine, when in fact you are sharing with others (no information leakage between VMs). An emulator creates the illusion that you are running on a particular system different from the actual hardware (no information leakage about the actual hardware into the emulated environment). – Ben Voigt Mar 05 '20 at 22:19
  • 2
    @user253751: Intel's SDE (Software Development Emulator) can do that: dynamic binary translation (via Intel PIN library) for instructions that need to be emulated as present or not-present, otherwise native speed. e.g. [How to test AVX-512 instructions w/o supported hardware?](https://stackoverflow.com/q/51805127) / [Coding on insufficient hardware](https://stackoverflow.com/q/53637886). Not sure if you can emulate 64-bit userspace in a 32-bit process, though; obviously virtual address space limits are a problem! QEMU can, but probably not SDE. – Peter Cordes Mar 06 '20 at 02:00
25

Depending on the level of "trick" you want, you might be able to do this with built-in compatibility features. Windows supports running programs in special modes that emulate older versions and/or older hardware in various ways. The emulation isn't perfect - it's quite easy to tell that it's being used, if you look, and to tell what the actual OS is - but it'll satisfy a piece of software that thinks it can only run on Windows 2000 or that only knows about 256 color mode.

For tricking the software into thinking it's running on a totally different OS - Linux instead of Windows or similar - your best bet (other than a VM) is wine (for Windows code on Linux) or wsl (Windows Subsystem for Linux, runs unmodified ELF64 Linux binaries and Linux-requiring scripts but requires Win10). Again, this is quite detectable by anything looking for it, but it'll fool a program that just invokes a program or library call to spit out the OS name/version.

CBHacking
  • 42,359
  • 3
  • 76
  • 107
9

You can do this to an extent, but it won't be easy.

First off, you can try WINE, a Windows Compatibility Layer for Linux. You can set which version of Windows you'd like to emulate pretty easily. The downside is that application compatibility can be very hit and miss, and if your application doesn't work, you may need to figure out a workaround to make it work (if one exists at all)

The second approach, which would marry up well with your second requirement (hiding hardware details) is QEMU. QEMU is a free Virtual Machine software, and the reason I mention this over things like VMware or VirtualBox is that it gives you much more control over the kind of machine you want to build, at the cost of usability.

For, example, you can use the -cpu flag to specify what kind of CPU you want to emulate. You can, for example use -cpu pentium3 to emulate a Pentium 3 CPU. That's what the installed guest OS and therefore the program would see.

520
  • 723
  • 3
  • 5
  • 1
    I must say, my windows applications were never fooled for a moment by WINE. Maybe it was my lack of skill, or a preference for beer, but my applications always knew they weren't running on *real* windows! – Cort Ammon Mar 07 '20 at 02:58
  • @CortAmmon how did they know?! :-D – Prof. Falken Mar 09 '20 at 09:12
  • @CortAmmon WINE leaves it's own, easily-identifiable registry entries in it's faux-Windows instances. – 520 Mar 09 '20 at 09:59
7

Is there a way or program to make another program think I am using a different system?

Yes, and it's common.

For example FreeBSD has a "Linuxulator" which allows to run Linux binaries. This is neither in a virtual machine, nor an emulation. It is an alternative set of system calls for Linux binaries. Detection whether a binary uses native FreeBSD system calls or Linux system calls is via the executable's ELF header, AFAIK.

A similar principle is used in WINE (which runs Windows-native programs on a Linux or BSD system), and in version 1 of Windows Services for Linux (which runs Linux-native programs on Windows).

Jens
  • 179
  • 3
5

Only to some extent, depending on the program.

Every modern OS has a system call that just returns a version numbers and/or string.

Sure, you can fake that. Windows even has this in the UI (search for "compatibility mode").

If the program goes beyond that (explicitly trying a certain OS capabilities or searching for a specific files at specific places) then you have to reverse-engineer the detection mechanism and think hard how to fool it.

See @Mike answer - you will quickly invent the VMs and emulators. And even an emulator is not a perfect solution.

fraxinus
  • 3,458
  • 6
  • 20
  • 4
    I'm pretty sure Compatibility Mode does more than just faking the version string; a few examples are given here: https://superuser.com/questions/133746/how-does-the-compatibility-mode-in-windows-work and here: http://web.archive.org/web/20181202210601/https://blogs.msdn.microsoft.com/oldnewthing/20031223-00/?p=41373#comment-117803 – IMSoP Mar 05 '20 at 09:57
2

It will depend on what you program(s) you are trying to "fool". Is it one specific program? In that case, maybe look into exactly how it deduces what kind of operating system and machine it's running on. If it uses just a one or a few ways to detect it, you could find simple ways to override those calls, or even to patch the program executable file itself.

But if you are looking for a general solution that will fool any or many programs, the both correct and cheeky answer is to run the program in some sort of emulated environment, like Wine or a system emulator like Qemu.

Edit with "practical" examples:

Using WSL2 on Windows 10, you can install Wine in Windows and run OLD Windows programs in Windows 10 which might not work in Windows 10 otherwise. With winetricks you can install old system libraries and tweak Wine to behave like old Windows versions.

Prof. Falken
  • 121
  • 4
2

Just adding my 10 bits here.

If your context is web based then definitely you can change USER AGENT string using developer tools.

For Chrome, go to Developer Tools (Ctrl + Shift + I).

Within Network tab go to Network Conditions and then User Agent.

Uncheck Select Automatically checkbox. You will now be able to select User Agent at your will and also edit it.

Note: This modification is temporary and it will revert if you refresh or close developer tools.

Rahul
  • 373
  • 4
  • 13