From 5c224ad70d9af51dc4cfb622e0495b71c88e4b2f Mon Sep 17 00:00:00 2001
From: Francois Labreche <f.labreche@gmail.com>
Date: Mon, 21 Oct 2019 16:48:14 -0400
Subject: [PATCH 1/3] Added kvm builder and config

---
 config_kvm.js                                 | 80 +++++++++++++++++++
 .../snippets/builder_kvm_windows.json         | 20 +++++
 .../templates/snippets/win10_x64_analyst.json |  3 +
 3 files changed, 103 insertions(+)
 create mode 100644 config_kvm.js
 create mode 100644 malboxes/templates/snippets/builder_kvm_windows.json

diff --git a/config_kvm.js b/config_kvm.js
new file mode 100644
index 0000000..4a79467
--- /dev/null
+++ b/config_kvm.js
@@ -0,0 +1,80 @@
+{
+	/*
+	 * Malboxes Example Configuration File
+	 *
+	 * Uncomment a specific section of the file to trigger a particular feature.
+	 *
+	 * Paths should be written using forward slashes even on Windows.
+	 * For ex: C:/Tools
+	 */
+
+	// This allows you to use a local filestore for ISOs.
+	// For all versions of Windows except Windows 10 you will need this.
+	// "iso_path": "/path/to/your/windows/isos/",
+
+	// Trial or registered version?
+	// If using a registered product update the product_key and set trial to 'false'.
+	// See https://github.com/GoSecure/malboxes/blob/master/docs/windows-licenses.adoc for more information.
+	"trial": "true",
+	//"trial": "false",
+	//"product_key": "XXXXX-XXXXX-XXXXX-XXXXX-XXXXX",
+
+	// VM settings
+	"username": "malboxes",
+	"password": "malboxes",
+	"computername": "dirty",
+	// disk size is in megabytes
+	"disk_size": "20480",
+	// This example profile will attempt to load profiles/maldoc.js
+	// For more information on profiles check an example profile:
+	// https://github.com/GoSecure/malboxes/blob/master/malboxes/profile-example.js
+	//"profile": "maldoc",
+	//"input_locale": "fr-FR",
+
+	// Provision settings
+	// Which Hypervisor for privisoning and deployment? (Options are: "virtualbox" and "vsphere") Default is "virtualbox"
+	"hypervisor": "kvm",
+	//If vsphere, the following configuration options are mandatory
+	"remote_host": "",
+	"remote_datastore": "",
+	"remote_username": "",
+	"remote_password": "",
+	"vsphere_host": "",
+	"vsphere_clone_from_vm": "packer-test",
+	"vsphere_name": "malboxestest",
+	"vsphere_user": "",
+	"vsphere_password": "",
+	"vsphere_insecure": "true",
+	// If AWS, the following configuration options are mandatory
+	"aws_access_key": "",
+	"aws_secret_key": "",
+	"aws_s3_bucket": "",
+	"aws_keypair": "",
+	"aws_security_group": "", // See Usage/AWS in doc to understand why you need to create one.
+	// Optional
+	"aws_region": "us-east-1",
+	"aws_instance_type" : "m3.medium",
+
+	//"proxy": "company_proxy:3128",
+
+	// Windows Defender: true means enabled, false means disabled. Default is false.
+	//"windows_defender": "false",
+	// Windows Updates: true means enabled, false means disabled. Default is false.
+	//"windows_updates": "false",
+
+	// Chocolatey packages to install on the VM
+	// TODO re-add dependencywalker and regshot once upstream choco package provides a checksum
+	// TODO: Re-add processhacker when its fixed for win7_64
+	"choco_packages": "ghidra x64dbg.portable dnspy ollydbg sysinternals hxd windbg die pesieve pebear 7zip putty wireshark winpcap",
+
+	// Setting the IDA Path will copy the IDA remote debugging tools into the guest
+	//"ida_path": "/path/to/your/ida",
+
+	// Setting Tools Path will copy all the files under the given path into the guest.
+	// Useful to copy proprietary or unpackaged tools.
+	// Note: packer's file provisonning is really slow, avoid having more than
+	// 100 megabytes in there.
+	//"tools_path": "/path/to/your/tools",
+
+	"_comment": "last line must finish without a comma for file to be valid json"
+}
diff --git a/malboxes/templates/snippets/builder_kvm_windows.json b/malboxes/templates/snippets/builder_kvm_windows.json
new file mode 100644
index 0000000..257c307
--- /dev/null
+++ b/malboxes/templates/snippets/builder_kvm_windows.json
@@ -0,0 +1,20 @@
+		"type": "qemu",
+		"accelerator": "kvm",
+		"guest_additions_mode": "attach",
+		{# headless = true now due to issue #10. Will revisit later. #}
+		"headless": "true",
+		"communicator": "winrm",
+		"winrm_username": "{{ username }}",
+		"winrm_password": "{{ password }}",
+		"winrm_timeout": "60m",
+		"shutdown_command": "shutdown /s /f /t 10",
+		"net_device": "e1000",
+		"disk_interface": "ide",
+		"qemuargs": [
+			["-m", "4096"],
+			["-smp", "cpus=1"]
+		],
+		"boot_wait": "10s",
+		"disk_size": "{{ disk_size }}",
+		"format": "qcow2",
+		"output_directory": "builds"
diff --git a/malboxes/templates/snippets/win10_x64_analyst.json b/malboxes/templates/snippets/win10_x64_analyst.json
index 0a971a6..63fa48c 100644
--- a/malboxes/templates/snippets/win10_x64_analyst.json
+++ b/malboxes/templates/snippets/win10_x64_analyst.json
@@ -7,6 +7,9 @@
 		{% elif hypervisor == "vsphere" %}
 			"guest_os_type": "windows8-64",
 			{% include 'snippets/builder_vsphere_windows.json' %},
+		{% elif hypervisor == "kvm" %}
+			"guest_os_type": "windows10_64",
+			{% include 'snippets/builder_kvm_windows.json' %},
 		{% endif %}
 
 		"iso_urls": [

From 8f99e1826eb9daa2840bd074cfbc9da6c04e5d88 Mon Sep 17 00:00:00 2001
From: Francois Labreche <f.labreche@gmail.com>
Date: Mon, 21 Oct 2019 17:11:01 -0400
Subject: [PATCH 2/3] Fix for guest_os_type

---
 malboxes/malboxes.py                                 | 11 ++++++++++-
 malboxes/templates/snippets/builder_kvm_windows.json |  1 -
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/malboxes/malboxes.py b/malboxes/malboxes.py
index 40882e8..9ca830f 100644
--- a/malboxes/malboxes.py
+++ b/malboxes/malboxes.py
@@ -285,7 +285,16 @@ def _get_os_type(config):
             _os_type = 'windows10'
         elif _os_type == 'windows8-64':
             _os_type = 'windows10_64'
-
+    elif config['hypervisor'] == 'kvm':
+        if 'win7_64' in config['template_name']:
+            _os_type = 'windows7_64'
+        elif 'win7' in config['template_name']:
+            _os_type = 'windows7'
+        elif 'win10_64' in config['template_name']:
+            _os_type = 'windows10_64'
+        elif 'win10' in config['template_name']:
+            _os_type = 'windows10'
+    
     return _os_type
 
 
diff --git a/malboxes/templates/snippets/builder_kvm_windows.json b/malboxes/templates/snippets/builder_kvm_windows.json
index 257c307..ced4bd7 100644
--- a/malboxes/templates/snippets/builder_kvm_windows.json
+++ b/malboxes/templates/snippets/builder_kvm_windows.json
@@ -1,6 +1,5 @@
 		"type": "qemu",
 		"accelerator": "kvm",
-		"guest_additions_mode": "attach",
 		{# headless = true now due to issue #10. Will revisit later. #}
 		"headless": "true",
 		"communicator": "winrm",

From f30d3c82c27c0ecedb6cb860f7f5c79de2bff7e6 Mon Sep 17 00:00:00 2001
From: Francois Labreche <f.labreche@gmail.com>
Date: Thu, 14 Nov 2019 21:33:38 -0500
Subject: [PATCH 3/3] Builder and snippets changes for KVM

---
 malboxes/malboxes.py                               | 6 +++++-
 malboxes/templates/snippets/win10_x64_analyst.json | 1 -
 malboxes/templates/snippets/win10_x86_analyst.json | 2 ++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/malboxes/malboxes.py b/malboxes/malboxes.py
index 9ca830f..dd31aff 100644
--- a/malboxes/malboxes.py
+++ b/malboxes/malboxes.py
@@ -279,8 +279,9 @@ def _get_os_type(config):
     """OS Type is extracted from template json config.
        For older hypervisor compatibility, some values needs to be updated here.
     """
-    _os_type = config['builders'][0]['guest_os_type'].lower()
     if config['hypervisor'] == 'vsphere':
+        _os_type = config['builders'][0]['guest_os_type'].lower()
+
         if _os_type == 'windows8':
             _os_type = 'windows10'
         elif _os_type == 'windows8-64':
@@ -294,6 +295,9 @@ def _get_os_type(config):
             _os_type = 'windows10_64'
         elif 'win10' in config['template_name']:
             _os_type = 'windows10'
+    else:
+        _os_type = config['builders'][0]['guest_os_type'].lower()
+
     
     return _os_type
 
diff --git a/malboxes/templates/snippets/win10_x64_analyst.json b/malboxes/templates/snippets/win10_x64_analyst.json
index 63fa48c..b2b7fce 100644
--- a/malboxes/templates/snippets/win10_x64_analyst.json
+++ b/malboxes/templates/snippets/win10_x64_analyst.json
@@ -8,7 +8,6 @@
 			"guest_os_type": "windows8-64",
 			{% include 'snippets/builder_vsphere_windows.json' %},
 		{% elif hypervisor == "kvm" %}
-			"guest_os_type": "windows10_64",
 			{% include 'snippets/builder_kvm_windows.json' %},
 		{% endif %}
 
diff --git a/malboxes/templates/snippets/win10_x86_analyst.json b/malboxes/templates/snippets/win10_x86_analyst.json
index b607071..d850ff7 100644
--- a/malboxes/templates/snippets/win10_x86_analyst.json
+++ b/malboxes/templates/snippets/win10_x86_analyst.json
@@ -7,6 +7,8 @@
 		{% elif hypervisor == "vsphere" %}
 			"guest_os_type": "windows8",
 			{% include 'snippets/builder_vsphere_windows.json' %},
+		{% elif hypervisor == "kvm" %}
+			{% include 'snippets/builder_kvm_windows.json' %},
 		{% endif %}
 
 		"iso_urls": [