Simone如何加载 VMware Workstation v8.0.1 加密过的虚拟磁盘文件
的有关信息介绍如下:
首先介绍一下VMware Workstation v8.0 的加密功能(修改、移除密码也是在这里操作),操作很简单: 新建一个任意虚拟机,然后“编辑虚拟机设置”→“选项”,可以看到一个“加密”,说明写的是:“该虚拟机未加密。你可以使用密码保护该虚拟机的数据和配置。” 旁边有个“加密按钮”,点击,会要求你输入密码,然后开始加密,他会把虚拟机配置文件和整个虚拟弯备磁盘统统重新编码进行加密,而且是不可逆的高强度加密,如果你没有密匙,是无法还原的。 我们再看看它的配置文件发生了什么变化弯闹大。 主要文件有: Windows XP Professional.vmdk //虚拟磁盘文件Windows XP Professional.vmsd /埋竖/储存密匙的文件Windows XP Professional.vmx //虚拟机的整体配置文件Windows XP Professional.vmxf //某种配置文件加密前: Windows XP Professional.vmdk //正常Windows XP Professional.vmsd //空白Windows XP Professional.vmx //明文的配置内容Windows XP Professional.vmxf //明文的配置内容Windows XP Professional.vmx 内容大概是这个样子的: .encoding = "GBK"config.version = "8"virtualHW.version = "8"scsi0.present = "TRUE"memsize = "512"ide1:0.present = "TRUE"ide1:0.autodetect = "TRUE"ide1:0.deviceType = "cdrom-raw"ide1:1.present = "TRUE"ide1:1.fileName = "E:\b\1\Windows XP Professional.vmdk"floppy0.startConnected = "FALSE"floppy0.fileName = ""floppy0.autodetect = "TRUE"usb.present = "TRUE"ehci.present = "TRUE"sound.present = "TRUE"sound.fileName = "-1"sound.autodetect = "TRUE"mks.enable3d = "TRUE"serial0.present = "TRUE"serial0.fileType = "thinprint"pciBridge0.present = "TRUE"pciBridge4.present = "TRUE"pciBridge4.virtualDev = "pcieRootPort"pciBridge4.functions = "8"pciBridge5.present = "TRUE"pciBridge5.virtualDev = "pcieRootPort"pciBridge5.functions = "8"pciBridge6.present = "TRUE"pciBridge6.virtualDev = "pcieRootPort"pciBridge6.functions = "8"pciBridge7.present = "TRUE"pciBridge7.virtualDev = "pcieRootPort"pciBridge7.functions = "8"vmci0.present = "TRUE"hpet0.present = "TRUE"usb.vbluetooth.startConnected = "TRUE"displayName = "Windows XP Professional"guestOS = "winxppro"nvram = "Windows XP Professional.nvram"virtualHW.productCompatibility = "hosted"powerType.powerOff = "hard"powerType.powerOn = "hard"powerType.suspend = "hard"powerType.reset = "hard"extendedConfigFile = "Windows XP Professional.vmxf"可以看到第一行是指定了编码,底下是虚拟机的参数。 加密后: Windows XP Professional.vmdk //文件数据完全改变Windows XP Professional.vmsd //有内容了Windows XP Professional.vmx //加密的配置内容Windows XP Professional.vmxf //没变Windows XP Professional.vmsd 内容为: .encoding = "GBK"encryption.keySafe = "vmware:key/list/(pair/(null/%3cVMWARE%2dEMPTYSTRING%3e,HMAC%2dSHA%2d1,tvdbb%2bzvghOoH8vW4NP2l4jqZ6wTl5SWHxlavNe2TLDv9V%2b7seyEXsITq%2frJfM%2bpRhuxn6hLdUf0sV2M7KK%2fDkj2jQuETk51Ur97CxwpgZA1H9WF6K%2bvDIIk%2f8MPcJJTb2EdzkYyjJwxW69bUpw91qWC3zM%3d))"encryption.data = "jzMK85KB33C+ZvVvCDKF9cTMLXd7hUEWEZCY2p3/fVZERl1trvql+gD65kYqSk4WS+NKrQ=="第一行指定编码格式,第二行是安全密匙(Url 编码的密匙信息+ Base64 编码的密匙),第三行是Base64 编码的加密数据。 Windows XP Professional.vmx 内容为: .encoding = "GBK"displayName = "Windows XP Professional"encryption.keySafe = "vmware:key/list/(pair/(phrase/Q8qRfGi6V0M%3d/pass2key%3dPBKDF2%2dHMAC%2dSHA%2d1%3acipher%3dAES%2d256%3arounds%3d1000%3asalt%3dOiu7KvvIxTv%2b5a0RBmb4VA%253d%253d,HMAC%2dSHA%2d1,mwIz3U9k2vDV8kW5zgVcUkmP8SWBB%2bGbAK5IBypuQXoHgpsDQn0ePuAGPkAFENslqU9vuWVA3tJfkgyeFbbKxQibEo%2fcTA7RN9EoAb4A%2fD3fBYXctJDdDSKprDCk%2fPx77UHkReKz2zETj84DB6sUgNkGcXU%3d))"encryption.data = "flICV2ArJPAfyMdnvdapuacSDRw0GV8svRWq+D5d8Y8NV2Ua8+j3HbqLK2uw42hvs7m14Ijz25gxnX8t4aiGZaaToJbx0Js71XHB6xXzAuWUZt2JDBB5yKupsCIDEkrrmCakEnHTr6qMBEuSYt2ltI0wdrNXqpadg80ErN4+SwaB5iVsD7y3oySVU3A3SODO8EA3l7q7gRPFMVQi3QgghqzMsCxMKbUX1+mv/hqrZWWCjUZrH0jUJfS9L55vimoJq802l5dsfpG6UC8OPo+zVtqUsI2iupelm2h0H4eqbtV3vWUnyqzYmxnT9WZupH0VPf90y7zLq0MKghD+EGqqVXpDzfiE7u6VQ7uqR9eupstktbIu/yi1Q/EpN5dIOHjFr9H0Vb3GLlu+94FWEZOod0xMK0rYNyl8g9gW3A5pwidUI9hM4fMhpKtIc4bnhHnnf0MGbe+eqvqWpFBNZUgKU+vH3ROfLNhGM6qnbaWrpn/K56lMFX2vNsCPqRoNzaxJ02R8KH7lcARVVgy9jlVQkCRE6Weji2kCdDZ08/LH3aabvPgEL4CaBcyOFMnVnHlCz4wzeCUi+BbwMCulF5GXxQF57671KWZkRqKfJJ3nR8nehiwpbQJCL8J19DPrY0dYJjEp74yjW4JgENMsKAoIep7sfoZt930dftukzb3pMbC1dXTBxZVhIpygl93wTaoA2ob8lyjOMS/JREBebh2nHGjQediok33UD6SvvWVTLfloV4i2WdXE/3b+SOu3PJfEpr9pQ/aa/ezEAKrVE+2gb6L6ZIFsz/E6EqrQklJKHO+y9LtoW0BnsaW4AAxLCSCod4VR7TydkW3sEYBpBrCKM61q/WJ6m4CyAFt03RX/KoaxaAB4asCHjUqovu5RX6F2MpCwya+7aqXY+o+mAq3MTEa8h8tL8mQfU2Jr83FFeFLbcrB8S5ADo2N4w8cSh+9X0DxUGn8Y2W76agCZPVN3wO+WtXK61HebzoK3SQHDZEvBUoXeaJC2fk3jsC2k2YMbomdchNWkcb7xIFz2nIqkJassXQqUh/d6TyIkfrYkdAdvGlIEgYiH7xx6IMPFYuXMIBVCe3Gn8nU4EcMzqU63MBqNF/53sV2EaUib9A0T8xg2ZdRYek2bqCJc4hhh039Sw51P2PXjfdselz7IQiuNx+k7RFa/7CfE0x88KS2nTk6rDPNN41kkRfzvyQm1lU1/oElW0HSRTELSEqcu1XuVN24j3D1U2QcLcYVDOPy9rDLZGi1CdeqL/DomPZ/dOJFVBKKDlFpUcfg2ezhEWsrFbsv4bqNIZQXFvnBppaINvoQDvUAHIAvvTvb1jIhvs24p7vyxzIeaj/zafelc+9XM57DDTD6+D/dZbonatgXkQKnEEwSF4RCYBV+qm7MNlg+Y9vJ5QZGMfuHkaEiGIA4lCmi70DUGkK0MdmXGyxPT8CcHhAGov3CYXO7caGjR8iybiAWGCjz8pUHSK6QyGaOzj+WlU6O3XwELTB1zzl6JthHY/HHMgR/C4T3Tj2LPwK/nLq8+s5dRDGOedyb3sIauVMkf3FlH4lg7QsYk3Q3ygaLb9Fnj/TNJHMQndHksoc8kR64hbWDlzx0kkgpBlv6mgiafD4qVy80PLGOPd6X4Gz5dkrxvMoBqKyS2GDR/s4lPV4ooy11tlk9w0fNoE4hHrCuTRlsTVI+WaoGBRH2OaieCzXkcfdi8RQgJ8JxGo/HIhv4D7MAqFj9ysXKYx6oawN5c48eosD4+uQhB7BrFzLnzmh7+BP9Tm3WG5J3vG0nb2MblKfRPk3u+u9CTlNssiFhyGMbKOHxG8huPKmcRdVHc1WIoUmaf200aofocsW/5mVCiAtMVWPHjQ+GGPY4K3w52FJy2dMKT2D2TbLxXNPigHQfo"格式和上边的差不多,实际上“encryption.data”为加密过的明文配置信息。 对两段encryption.keySafe www.2cto.com 分别进行Url解码后,发现: vmware:key/list/(pair/(phrase/Q8qRfGi6V0M=/pass2key=PBKDF2-HMAC-SHA-1:cipher=AES-256:rounds=1000:salt=Oiu7KvvIxTv+5a0RBmb4VA==,HMAC-SHA-1,mwIz3U9k2vDV8kW5zgVcUkmP8SWBB+GbAK5IBypuQXoHgpsDQn0ePuAGPkAFENslqU9vuWVA3tJfkgyeFbbKxQibEo/cTA7RN9EoAb4A/D3fBYXctJDdDSKprDCk/Px77UHkReKz2zETj84DB6sUgNkGcXU=))vmware:key/list/(pair/(null/
