Having the need of running Safe Exam Browser while I've only got GNU+Linux on my laptop and desktop, I had to look for alternative solutions.
* There is no linux-native full SEB application, it's only for Windows and macOS.
* Running SEB on WinPE is unfeasible as it needs to install many runtime dependencies, it's too slow to do that while booted into the live system, and on my 4 GB laptop the ramdisk is not big enough.
* SEB by default detects and blocks virtual machines.
** This option can be changed in the local configuration file, but when starting an exam the configuration loaded from the server takes precedence over the local one.
** SEB 3.5.0 added an hard-to-break anti-tampering mechanism, where the LMS server verifies if the client is altered and won't let you take exams; patching the few needed modules won't work.
Turns out only way to work around the issue is to make a relatively stealth VM.
By analyzing the SEB for Windows source code, we can see some important files and methods, both by searching the files for keywords and by opening files referenced by other ones:
* [[VirtualMachineDetector.cs:IsVirtualMachine()|https://github.com/SafeExamBrowser/seb-win-refactoring/blob/11b10e8e4524c1fe65b6c3db7d12e172facf322c/SafeExamBrowser.SystemComponents/VirtualMachineDetector.cs#L49]]: Clearly the main place where VM detection is happening.
** [[SystemInfo.cs|https://github.com/SafeExamBrowser/seb-win-refactoring/blob/11b10e8e4524c1fe65b6c3db7d12e172facf322c/SafeExamBrowser.SystemComponents/SystemInfo.cs]]: Contains WMI calls for retrieval of multiple base system and peripheral informations.
Also, by referring to various strings in the source code and [[issue #268|https://github.com/SafeExamBrowser/seb-win-refactoring/issues/268#issuecomment-994586854]], we can see that in VMs a bug occurs where 0 displays are detected. This must be accounted for after succeeding in concealing the VM from the program. A good start is in this class and method, which checks for displays and throws errors if necessary:
* [[DisplayMonitorOperation.cs:CheckDisplayConfiguration()|https://github.com/SafeExamBrowser/seb-win-refactoring/blob/11b10e8e4524c1fe65b6c3db7d12e172facf322c/SafeExamBrowser.Runtime/Operations/DisplayMonitorOperation.cs#L51]]: Main runtime checking for correct display configuration.
** [[DisplayMonitor.cs:TryLoadDisplays()|https://github.com/SafeExamBrowser/seb-win-refactoring/blob/11b10e8e4524c1fe65b6c3db7d12e172facf322c/SafeExamBrowser.Monitoring/Display/DisplayMonitor.cs#L156]]: Contains WMI calls for checking displays.
We choose VMWare Workstation 17 (latest version) as it lets a few important options be customized. First I created a VM with close-to-suggested settings (the primary ones don't matter here).
In this case "hardening" is meant as enhancing the privacy of our Windows against third-party apps, which we need to evade VM detection; we don't mean it as making the system more secure or robust for an exam purpose, which is something neutral to us (we as examinees don't care about it, it does neither benefit nor harm us).
''Note/Credits'': I mostly created these two files by learning from these sources, and then copypasting the examples/defaults values:
* Video: <<YoutubeL vAb00RYFThE "Hide your VM using Registry and WMI tricks">>
* [[Windows Management Instrumentation - Microsoft Learn|https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page]]
''Tip'': In the files, when apparently random product/vendor names are mentioned (in this case Acer, Crucial, Phoenix, ...), they don't actually matter. Whatever matters is that, by doing this, any string containing "VMWare" is overwritten with something else, tricking VM detection. You can set whatever you want except VM programs/vendor. The proprietary names included here are for demonstration purposes only and are not strictly needed for this method, all trademark rights belong to the respective owners and not me.
Finally, in an ''administrator'' CMD/PowerShell, use `mofcomp.exe` to apply these files:
```cmd
mofcomp .\WMI.mof
mofcomp .\CIMv2.mof
```
''Note'': This procedure, as far as I understand, essentially corrupts Windows' WMI database. Internal Windows features should still work, and many applications (including SEB, of course) will still work, but some special software that needs to interface with WMI for useful operations might no longer work. Avoid ever using this procedure on a real machine for whatever purpose, only in a VM.
While not necessary to get SEB working, it's a good idea to harden the entire computer in case an examinator wants to do a manual inspection. See [[Harden VM from Human Inspection]].
Installing VMWare tools before applying these patches should not hinder VM detection bypass, seeing SEB's VM detection code. However, I couldn't verify this, as the VMWare Tools installer executable simply doesn't want to start in my VM. I suspect the program fails to start exactly because of the patches, because I only tried to install the Tools after applying everything else. You could be more lucky.
Be careful of only using this information if you actually need to run SEB on Linux or have other issues. Do not abuse the guide to create a VM for doing the exam and then getting out of it mid-session to use the host system normally and cheat. The procedure is not intended for cheating and if we start using it to do that, examiners will push for the holes that allow VM detection bypass to be patched. If we only use it for valid reasons of OS compatibility, likely no one will protest and we will not be forced to use an OS we don't like as host on our computers. If you have to cheat at the written exam then you will fail the oral exam anyways, so study and don't use this method for cheating.
