Status of Unlocker 2.0

[VABAV]

Hi! Is it possible to test current (2.0) unlocker? I'm almost begging you... Or please tell us why don't you want to upload current version. Maybe you could provide just me with some sort of private link? (If you are bothered with everybody crying and pushing you in case of public upload)

[MSoK]

Please all be patient, when the new unlocker is ready for public release Donk will make it available, and not before. I will be providing Donk with whatever help I can including testing the new unlocker and providing support in this forum.

[Donk]

Hi! Is it possible to test current (2.0) unlocker? I'm almost begging you... Or please tell us why don't you want to upload current version. Maybe you could provide just me with some sort of private link? (If you are bothered with everybody crying and pushing you in case of public upload)

 

The code is not complete and I cannot upload something that is not finished!

[Mr. Xtreme]

The code is not complete and I cannot upload something that is not finished!

We

 

I have 0 knowledge regarding reverse engineering. Is there any chance to have a quick tutorial to explain how to make VMware Unlocker, bro?

 

 

Hi! Is it possible to test current (2.0) unlocker? I'm almost begging you... Or please tell us why don't you want to upload current version. Maybe you could provide just me with some sort of private link? (If you are bothered with everybody crying and pushing you in case of public upload)

Look at the text in bold with italics

 

I will use this thread to update the status of the work on a new unlocker for the latest VMware products released end of 2014.

 

The unlocker currently changes three things to enable OS X to run as a guest on non-Apple hardware:

 

1. Enable the virtual SMC presented to the guest - fundamentally the most important change

2. Remove the check for server version of OS X up to 10.6 Snow Leopard - not needed for 10.7 - 10.10

3. Fix the dialogs for virtual machines to add Apple OS X back into the selections and create the VM

 

As you can see I have made progress from the screenshots. (Note I am running VMware Workstation 11 nested in Fusion7 for development and testing purposes)

 

 

 

 

Currently the working matrix is:

• Workstation 11 - 1 + 3
• Player Pro 7- 1 + 3
• Player 7- 1 + 3
• Fusion 7- 1 (3 is not required as enabled by default)
• ESXi 6 - none working

The Server check is very different now, and not a simple change to a text compare. The code is deep in the VMware host<->guest communications and not too happy about hacking it. ESXi 6 is very odd, as it shares code with the other products and patches but will not run OS X. So there is something else needed to make that work.

 

The code is Python and probably BASH/ASH shell scripts or Windows command scripts. For Windows I will also look at providing the unlocker without needing Python installed, such as pyinstaller package.

 

This is not ready to release yet so please do not pester me for it. I need to finish off the code, and then test all the products on Windows/Linux/OS X. We are talking at least 2 weeks, as I can only do this in whatever spare time I have available.

 

Cheers

 

Donk

 

[Mr. Xtreme]

Thanks for uploading your work here so we can use vmware+os x take as much time as you need.

[Donk]

Thanks for uploading your work here so we can use vmware+os x take as much time as you need.

Thanks for reminding folks about the timescale.

[VABAV]

Maybe my English is not so good... What the phrase "The current working matrix is ...." in OP means? Does it mean that mentioned things are already working or are they things being worked on? In the latter case I apologize for (how do you say?) pestering you :-)

[Donk]

Coding is complete for the first version. Now need to test for a couple of days to ensure all is OK. I have the copied the readme.txt file below so you can see what to expect before end of week, assuming testing goes well.

 

I haven't got a complied version for Windows at the moment, as it looks like I have hit a known issue in IronPython that stops the script from running when compiled against .NET.

Mac OS X Unlocker for VMware V2.0
=================================

1. Introduction
---------------

The package is a combination of the Unlocker Python code plus some
scripts that wrap the actual Unlocker code.

It has been tested against:

* Workstation 11 on Windows and Linux
* Player 7 on Windows and Linux
* Fusion 7 on Mavericks and Yosemite
* (Currently is does not work on ESXi 6.0)

The patch code carries out the following modifications dependent on the product
being patched:

* Fix vmware-vmx and derivatives to allow Mac OS X to boot
* Fix vmwarebase .dll or .so to allow Apple to be selected during VM creation
* A copy of the latest VMware Tools for OS X is included

Note that not all products recognise the darwin.iso via install tools menu item.
You will have to manually mount the darwin.iso for example on Workstation and Player.

The vmwarebase code does not need to be patched on OS X so you will see a
message on those systems telling you that it will not be patched.

In all cases make sure VMware is not running, and any background guests have
been shutdown.

The code is now Python as it makes the Unlocker easier to run and maintain on ESXi.
There are some challenges to write the code as ESXi has a subset of Python 2.7 which
constrains some modules that can be used.

2. Prerequisites
----------------

The code requires Python 2.7 to work. Most Linux distros and OS X ship with a compatible
Python interpreter and should work without requiring any additional software.

Windows will need a version of Python installed and the code has been tested against:

CPython - https://www.python.org/downloads/
ActiveState Python - http://www.activestate.com/activepython/downloads
IronPython - https://ironpython.codeplex.com/releases/view/169382

Python folder must be C:\Python27. If you move it please edit win-install.cmd to
point to the installation path.

3. Limitations
--------------

The Unlocker currently does not work on ESXi 6.
The Unlocker does not remove the check for server versions for OS X Leopard and Snow
Leopard (10.5 and 10.6).

Work continues to find a solution to the limitations.

4. Windows
----------
On Windows you will need to either run cmd.exe as Administrator or using
Explorer right click on the command file and select "Run as administrator".

win-install.cmd   - patches VMware
win- uninstall.cmd - restores VMware

5. Linux
---------
On Linux you will need to be either root or use sudo to run the scripts.

You may need to ensure the Linux scripts have execute permissions
by running chmod +x against the 2 files.

lnx-install.sh   - patches VMware
lnx-uninstall.sh - restores VMware

6. Mac OS X
-----------
On Mac OS X you will need to be either root or use sudo to run the scripts.
This is really only needed if you want to use client versions of Mac OS X.

You may need to ensure the OS X scripts have execute permissions
by running chmod +x against the 2 files.

osx-install.sh   - patches VMware
osx-uninstall.sh - restores VMware


Thanks to Zenith432 for originally building the C++ unlocker and Mac Son of Knife for all
the testing and support.


History
-------
xx/12/14 1.0.0 - First release

(c) 2011-2014 Dave Parsons

[Hookahice]

@ Donk,

Thanks for the update mate, few questions, hopefully you could clarify:

Under Windows, to run your patcher (win-install.cmd) you are saying that we need to have Python installed to successfully patch?
Your Patcher for Windows VMware Workstation v11 -- are you just patching "vmwarebase.dll" only OR vmware-vmx.exe, vmware-vmx-debug.exe & vmware-vmx-stats.exe?

Thanks,

-HooK


 

[Donk]

@ Donk,

Thanks for the update mate, few questions, hopefully you could clarify:

 

Under Windows, to run your patcher (win-install.cmd) you are saying that we need to have Python installed to successfully patch?

Your Patcher for Windows VMware Workstation v11 -- are you just patching "vmwarebase.dll" only OR vmware-vmx.exe, vmware-vmx-debug.exe & vmware-vmx-starts.exe?

 

Thanks,

-HooK

 

 

 

 

Hi

 

Yep code is Python and you need it installed at this point, but when I get time I do plan on creating a compiled version. Currently just trying to do it quickly for folks to get going on Workstation 11.

 

Secondly it patches vmwarebase.dll and all the vmware-vmx.exe types.

 

Not long to wait, I just want to test a couple of extra combination for Player users.

[Hookahice]

Thanks Donk, I was able to patch vmwarebase.dll myself under Workstation v11 successfully adding the options:



But I am having hard time finding the SERV offset location inside vmware-vmx.exe, vmware-vmx-debug.exe & vmware-vmx-stats.exe. Any hints you could assist with mate?    PM me if you want keep private...

Thanks man,

-HooK 

[Donk]

Thanks Donk, I was able to patch vmwarebase.dll myself under Workstation v11 successfully adding the options:

 

 

But I am having hard time finding the SERV offset location inside vmware-vmx.exe, vmware-vmx-debug.exe & vmware-vmx-stats.exe. Any hints you could assist with mate?    PM me if you want keep private...

 

Thanks man,

-HooK 

 

Well done on finding the flags.

 

I cannot find the SRVR code. It has changed and isn't a check against a string. A far as I can tell, the EFI BIOS has code that looks for com.apple.server.plist and passes a message via the backdoor from guest to host that raises the error. It is just possible that there is a VMX file setting to override the behaviour of stopping the  VM. I worked back from the error message to code in a disassembler but haven't deciphered it yet. Will need to run under a debugger to get a bit further. Any help on working that out would be great.

 

Virtual SMC structures have changed but you will see in the code how they are laid out.

[Mr. Xtreme]

Good job boy i use vmware only 'cause graphics sucks in virtualbox.

[Forge64]

I don't want to hurt the noise level too much, but I feel compelled to say 'thank you Donk'. I'm running VMware 11 and can fire up 10 if I need my OSX VMs in the meantime. Can't want to have my cake and eat it, too.

 

Resuming patient, quiet waiting! Thanks again!

[untarded]

Thanks Donk.  I'd like to dig around in there myself.  What are you using to decompile?

[Hookahice]

You need to debug vmware-vmx.exe using a disassembler, and depending on the platform you reside on, you pick the debugger tool that’s suitable for that. I’m running VMware Workstation on a Win 7 64-bit so I use x64_dbg.

But if anyone figures out the SRVR bypass in any one of the platforms, the same method can be applied to other OS’s VMware binaries which will make this unlocker complete!

 

Just to illustrate what’s going on for those that are curious, this is what was done for v10:

This is how the same area looks now in v11:



Now, we have to work our magic and figure out how it's done in v11, identify the bytes to change and incorporate to unlocker and done!

-HooK

[VABAV]

@Hookahice: Hi! Could you please provide community with details on how to manually patch (or find a place to patch) vmwarebase.dll? (I personally don't mind using IDA Pro or something alike + my brain)

Best wishes,
Andrew.

[Donk]

@Hookahice: Hi! Could you please provide community with details on how to manually patch (or find a place to patch) vmwarebase.dll? (I personally don't mind using IDA Pro or something alike + my brain)

 

Best wishes,

Andrew.

 

It will not help you as you can not start the guest without the other changes. We are getting close to a release so once again please be patient! You can then see how I search for the different patch points.

[VABAV]

Sorry for offtopic, but if anyone has some problems with scrolling in VMs with Synaptics touchpad on Windows, you can try this little utility - http://superuser.com/a/683726/261370. Never tested it on VMware 11, though. Should not be hard to fix to work on it, anyway.

It will not help you as you can not start the guest without the other changes. We are getting close to a release so once again please be patient! You can then see how I search for the different patch points.

Thanks for explanation!

[Donk]

Important limitation found by MSoK.

 

During some private testing it has been found the virtual hardware 11 won't work with OS X guests and causes a core dump of vmare-vmx process. It does work with virtual hardware 10 compatibility. This is not an unlocker problem but something in the VMware code which differs between Workstation and Fusion. We continue to investigate the issue.

 

I hope everyone will be OK with this for now, and we can go ahead with release within next 24-48 hours.

[Zenith432]

As indicated here, I'm running OS 10.10.1, on locked Workstation 11, with virtual hardware set to 11 - and it doesn't crash.

So it's either 1) a problem with the unlocker, or 2) something else in MSoK's setup causing this crash.

Important limitation found by MSoK.

 

During some private testing it has been found the virtual hardware 11 won't work with OS X guests and causes a core dump of vmare-vmx process. It does work with virtual hardware 10 compatibility. This is not an unlocker problem but something in the VMware code which differs between Workstation and Fusion. We continue to investigate the issue.

[access9]

Important limitation found by MSoK.

 

During some private testing it has been found the virtual hardware 11 won't work with OS X guests and causes a core dump of vmare-vmx process. It does work with virtual hardware 10 compatibility. This is not an unlocker problem but something in the VMware code which differs between Workstation and Fusion. We continue to investigate the issue.

 

I hope everyone will be OK with this for now, and we can go ahead with release within next 24-48 hours.

What are the implications (side effects)? Will that affect windows users running an osx guest?

[sebus]

Same as Zenith432, run Yosemite 10.10.1 & ML 10.8.5 on WKS 11 with hardware upgraded to 11 with no issues

 

sebus

[Donk]

As indicated here, I'm running OS 10.10.1, on locked Workstation 11, with virtual hardware set to 11 - and it doesn't crash.

So it's either 1) a problem with the unlocker, or 2) something else in MSoK's setup causing this crash.

 

 

Same as Zenith432, run Yosemite 10.10.1 & ML 10.8.5 on WKS 11 with hardware upgraded to 11 with no issues

 

sebus

 

What CPU are you running? Can you attach the VMX files you are using please?

 

The error is in the the physical memory monitor of vmware-vmx. You guys are running with FakeSMC so it is possible there is something wrong with the virtual SMC in VMware after it is enabled by the patches. I think I may know what the difference is between HW10 and HW11 so will continue looking.

 

What are the implications (side effects)? Will that affect windows users running an osx guest?

 

You can still run it but using HW10 level compatibility.

[Zenith432]

Attached. I've censored the sata devices, ethernet, uuid and shared folders. Otherwise settings are the same. To use, need to add sata and ethernet devices.

 

What CPU are you running? Can you attach the VMX files you are using please?

 

The error is in the the physical memory monitor of vmware-vmx. You guys are running with FakeSMC so it is possible there is something wrong with the virtual SMC in VMware after it is enabled by the patches. I think I may know what the difference is between HW10 and HW11 so will continue looking.

MacOSX.zip