Question 1

What is OpenHuizeBox?

Accepted Answer

OpenHuizeBox is an open-source fork of Oracle VirtualBox 7.2 OSE, focused on privacy-audit research. It exposes every hardware-identity signal that commercial software reads from the host — CPUID brand, SMBIOS/DMI tables, ACPI OEM IDs, disk model and serial, NIC OUI — as visible, per-VM Settings you can toggle, document and reproduce. It ships under GPL v3 for Windows x64 hosts.

Question 2

How is OpenHuizeBox different from stock Oracle VirtualBox?

Accepted Answer

OpenHuizeBox is a shallow fork: it adds a 'Realistic Hardware Identity' groupbox across five Settings tabs (Motherboard, Processor, Display, Storage, Network), an audit menu (pktmon capture, TLS root CA install, profile apply), a rebranded installer, and a project-CA-signed kernel driver. It deliberately does NOT patch the VMM core — no RDTSC smoothing, no SIDT/SGDT redirection, no MSR masking, no SUPDRV device-name tampering. Those are documented as out-of-reach on the detector-coverage matrix.

Question 3

Is OpenHuizeBox a piracy tool? Does it bypass software activation or DRM?

Accepted Answer

No. OpenHuizeBox is explicitly not for software activation bypass, DRM circumvention, anti-cheat evasion, bank-fraud evasion, mass synthetic identity generation, or advertiser-fraud evasion. These are listed as out-of-scope in both the website governance statement and the repository's ACCEPTABLE_USE.md. Contributions whose only applicable use case falls into those categories are closed without review.

Question 4

Who is OpenHuizeBox for?

Accepted Answer

Privacy researchers documenting how commercial software profiles its host; compliance auditors reproducing telemetry under controlled conditions; malware analysts who need a sandbox that doesn't trivially self-declare as one; educators teaching endpoint-profiling attack surfaces. The tool is aimed at work the researcher is legally authorised to perform — on hardware they own or have been contracted to analyse.

Question 5

What platforms does OpenHuizeBox support?

Accepted Answer

Windows x64 hosts only for the current alpha — Windows 10 22H2 or newer, and Windows 11. Guest OS support is identical to Oracle VirtualBox 7.2. A Linux or macOS host port is post-1.0 and not currently in development.

Question 6

Does OpenHuizeBox require a kernel driver?

Accepted Answer

Yes — the stock Oracle VBoxSup.sys driver is required for VMs to power on. The installer generates a self-signed 4096-bit RSA CA, signs VBoxSup.sys and every ring-0 module with it, installs the CA into LocalMachine trust, enables Windows test-signing, and registers the kernel service. A reboot is required to activate test-signing. An EV-certificate / Microsoft-attested signing path is planned for the 0.5.0 milestone.

Question 7

Does OpenHuizeBox phone home or collect telemetry?

Accepted Answer

No. The installer does not register with any backend, submits no hardware IDs, and does not check for updates automatically. Release checking, if enabled, fetches a single static JSON file over HTTPS; no payload is sent beyond a standard User-Agent and your IP address. Crash reporting is disabled by default and, if opted in, works by attaching an anonymised dump to a GitHub issue manually — no automated crash-ingestion service is operated.

Question 8

How well does OpenHuizeBox evade commodity VM detectors?

Accepted Answer

On a reference Dell-OptiPlex profile applied to an alpha build, OpenHuizeBox raises Pafish pass rate from ~53% vanilla to ~88%, Al-Khaser from ~61% to ~85%, VMAware from ~58% to ~88%, and InviZzzible from ~22% to ~92% — all at L1 + L2 (extradata + build flags). The remaining 5–8% requires VMM-level counter-measures that OpenHuizeBox deliberately does not ship.

Question 9

Can I contribute?

Accepted Answer

Yes — items marked as unchecked in docs/ROADMAP.md and as 🔴 or 🟡 in TESTING.md are open for contribution. New contributors should start with DEVELOPING.md in the main repository. Pull requests must declare which of the three audit layers (L1 extradata, L2 build flags, L3 optional in-guest agent) they touch and which intended-use category they serve. Contributions touching VMM-level code are redirected at the design-proposal stage.

Question 10

Is there commercial support?

Accepted Answer

No. OpenHuizeBox has no commercial sponsor, no paid contractors, and no support-contract offering. Response-time expectations for bug reports, security advisories and feature requests are best-effort and published on the support page. The project is explicitly a research tool, not a product.

Question 11

What's the relationship to Oracle VirtualBox?

Accepted Answer

OpenHuizeBox is a GPL v3 derivative of Oracle VirtualBox 7.2 OSE. Oracle copyright headers in individual source files are preserved verbatim. The fork is not affiliated with or endorsed by Oracle. VirtualBox and Oracle are trademarks of Oracle Corporation. The modified VBox source lives at github.com/zhihuiyuze/OpenHuizeBox-VBox to satisfy GPL §6 source-disclosure obligations.

Frequently asked questions

Still have questions?