VMware Communities
RF3
Contributor
Contributor
Jump to solution

Is there a tool to allow editing of an encrypted VMX config file?

When a virtual machine is encrypted, the VMX config file is encrypted, too. Sometimes it's necessary to make a change to the config file by manually editing it, like when you have to add a "cpuid.1.eax = ..." line. This isn't possible with the encrypted file. VMware's official solution is to decrypt the whole virtual machine, make the changes to the then unencrypted VMX file and encrypt the whole machine again. This isn't a smart solution and it takes a lot of time with virtual machines with large virtual disk images. I don't know why there's no way to alter the VMX file of an unlocked halted virtual machine.

So, is there a tool which does nothing more than decrypt/encrypt a VMX file with a given password?

I would write this tool by myself if somebody can explain to me what two parameters of the encrypted VMX file are used for. Right after "vmware:key/list/(pair/(phrase/", there are 8 bytes encoded with base64 (maybe some kind of checksum), and after "HMAC-SHA-1" there are 116 bytes encoded with base64 (no idea what they're used for). I assume the 256 bit AES encryption key for the AES-256 algorithm is the result of the PBKDF2-HMAC-SHA-1 function with the password and 1000 rounds, but I also need to know the IV (initialization vector, 16 bytes) for the AES algorithm.

1 Solution

Accepted Solutions
RF3
Contributor
Contributor
Jump to solution

Sorry for the delay, but I was a bit busy and then I decided I wanted to learn a new programming language for this task: Python. So, here it is, the ultimate 😉 tool to decrypt/encrypt VMX config files. You can find my python project here:

GitHub - RF3/VMwareVMX: VMware VMX Crypto Module for Python 2 and 3

Have fun everyone!

View solution in original post

3 Replies
wila
Immortal
Immortal
Jump to solution

Hi,

AFAIK there is currently no such tool.

Like you I would be interested in hearing about the specific details as my backup tool (see my sig) would also benefit from being able to read the vmx.

Assuming you're on Fusion 10 then one approach to investigate is by using the REST API.

I'm a bit doubtful you could add a CPU mask that way, but would have to investigate.

See also:

https://www.virtuallyghetto.com/2017/09/how-to-enable-remote-rest-api-access-for-vmware-fusion-10.ht...

edit: Just to be clear, Vimalin supports encrypted VMs, but there are some limitations in displaying details in the GUI about the VM once the VM is encrypted.

--

Wil

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva
Reply
0 Kudos
RF3
Contributor
Contributor
Jump to solution

Answer to myself and everyone else:

Yesterday I sat down and spent some hours to write a little Python program that's now able to fully decode an encrypted VMX config file with a given password. It decrypts the so-called dictionary (it's just a string "type=key:cipher=AES-256:key=<base64 data>...") and retrieves the AES key for the encryption.data value which is just the encrypted VMX configuration.

I'm still trying to find out what the 8 bytes encoded with base64 right after "vmware:key/list/(pair/(phrase/" are used for. Still thinking it might be some kind of checksum.

My tool is yet not ready to be published as it needs some file i/o handling and it's also only able to decrypt a VMX file, but the most important part (how to decrypt/encrypt this VMX file) is no longer a mystery.

If anyone at VMware now thinks it's the right time to release their own little tool, don't hesitate. I rather would see an official tool be offered to the customers than the work of a nerd who finds it stupid that regular users have to decrypt and re-encrypt a whole virtual machine only to make some changes by hand and on their own risk to a config file.

RF3
Contributor
Contributor
Jump to solution

Sorry for the delay, but I was a bit busy and then I decided I wanted to learn a new programming language for this task: Python. So, here it is, the ultimate 😉 tool to decrypt/encrypt VMX config files. You can find my python project here:

GitHub - RF3/VMwareVMX: VMware VMX Crypto Module for Python 2 and 3

Have fun everyone!