Merge pull request #100 from NotRequiem/main

kernelwernel · web-flow · commit 96f22753284d · 2024-07-01T11:24:12.000+01:00
Removed USB_DRIVE technique
diff --git a/src/cli.cpp b/src/cli.cpp
@@ -278,7 +278,6 @@ void general(const bool enable_hyperv = true) {
     checker(VM::HYPERV_CPUID, "Hyper-V CPUID");
     checker(VM::CUCKOO_DIR, "Cuckoo directory");
     checker(VM::CUCKOO_PIPE, "Cuckoo pipe");
-    checker(VM::USB_DRIVE, "USB drive absence");
     checker(VM::HYPERV_HOSTNAME, "Hyper-V Azure hostname");
     checker(VM::GENERAL_HOSTNAME, "general VM hostnames");
     checker(VM::SCREEN_RESOLUTION, "screen resolution");
@@ -505,4 +504,4 @@ Cuckoo
     }
     
     return 0;
-}
+}
diff --git a/src/vmaware.hpp b/src/vmaware.hpp
@@ -393,7 +393,6 @@ struct VM {
         HYPERV_CPUID,
         CUCKOO_DIR,
         CUCKOO_PIPE,
-        USB_DRIVE,
         HYPERV_HOSTNAME,
         GENERAL_HOSTNAME,
         SCREEN_RESOLUTION,
@@ -7609,34 +7608,6 @@ struct VM {
     }
 
 
-    /**
-     * @brief Check for presence of USB drive
-     * @category Windows
-     * @author Thomas Roccia (fr0gger)
-     * @link https://unprotect.it/technique/detecting-usb-drive/
-     * @copyright MIT
-     */
-    [[nodiscard]] static bool usb_drive() try {
-#if (!MSVC)
-        return false;
-#else
-        UINT drives = GetLogicalDrives();
-
-        for (int i = 0; i < 26; i++) {
-            if ((drives & (1 << i)) && GetDriveTypeA((char)('A' + i) + ":\\") == DRIVE_REMOVABLE) {
-                debug("USB drive detected: ", 'A' + i, ", returning false");
-                return false;
-            }
-        }
-
-        // at this point, no drives have been detected
-        return true;
-#endif
-    }
-    catch (...) {
-        debug("USB_DRIVE: caught error, returned false");
-        return false;
-    }
 
 
     /**
@@ -8800,7 +8771,6 @@ const std::map<VM::u8, VM::core::technique> VM::core::technique_table = {
     { VM::HYPERV_CPUID, { 35, VM::hyperv_cpuid }},
     { VM::CUCKOO_DIR, { 15, VM::cuckoo_dir }},
     { VM::CUCKOO_PIPE, { 20, VM::cuckoo_pipe }},
-    { VM::USB_DRIVE, { 30, VM::usb_drive }},
     { VM::HYPERV_HOSTNAME, { 50, VM::hyperv_hostname }},
     { VM::GENERAL_HOSTNAME, { 20, VM::general_hostname }},
     { VM::SCREEN_RESOLUTION, { 30, VM::screen_resolution }},
@@ -8809,4 +8779,4 @@ const std::map<VM::u8, VM::core::technique> VM::core::technique_table = {
     // __TABLE_LABEL, add your technique above
     // { VM::FUNCTION, { POINTS, FUNCTION_POINTER }}
     // ^ template 
-};
+};
