This is a very detailed guide on Oracle VM VirtualBox, Oracle VM VirtualBox Extension Pack, and How to install Oracle VM VirtualBox Extension Pack Ubuntu and on other platforms, and How to configure and use each Single Extension: Virtual USB 2.0 and 3.0, VRDP support, Host Webcam Passthrough, PCI Passthrough, Encryption of Disk Images and Experimental support for PCI passthrough on Linux hosts.
A table of content is, therefore, provided for you to easily jump over your desired topic, and get the best out of it. This guide is taken from the official Website of Oracle VM VirtualBox. Thus, you can be sure of its accuracy without any doubt. These instructions are given in the User Manual of VIrtualBox. I have only gathered some related topics here which I thought can be useful.
Oracle VM VirtualBox
VirtualBox is a cross-platform virtualization application. What does that mean? For one thing, it installs on your existing Intel or AMD-based computers, whether they are running Windows, Mac, Linux or Solaris operating systems. Secondly, it extends the capabilities of your existing computer so that it can run multiple operating systems (inside multiple virtual machines) at the same time. So, for example, you can run Windows and Linux on your Mac, run Windows Server 2008 on your Linux server, run Linux on your Windows PC, and so on, all alongside your existing applications. You can install and run as many virtual machines as you like — the only practical limits are disk space and memory.
VirtualBox is deceptively simple yet also very powerful. It can run everywhere from small embedded systems or desktop class machines all the way up to datacenter deployments and even Cloud environments.
The following screenshot shows you how VirtualBox, installed on a Mac computer, is running Windows 8 in a virtual machine window:
- Know How to Install Kali Linux on VirtualBox Mac & Windows 10
- How To Install VirtualBox On Windows 10, Mac OS, Ubuntu and Linux.
- How to Dual Boot Windows 10 and Ubuntu on Hyper V
Oracle VM VirtualBox Extension Pack
Starting with version 4.0, VirtualBox is split into several components.
- The base package consists of all open-source components and is licensed under the GNU General Public License V2.
- Additional Oracle VM VirtualBox Extension Pack can be downloaded which extend the functionality of the VirtualBox base package. Currently, Oracle provides the one extension pack, which can be found at http://www.virtualbox.org and provides the following added functionality:
- The virtual USB 2.0 (EHCI) device
- The virtual USB 3.0 (xHCI) device
- VirtualBox Remote Desktop Protocol (VRDP) support
- Host webcam passthrough
- Intel PXE boot ROM.
- Experimental support for PCI passthrough on Linux hosts
- Disk image encryption with AES algorithm
VirtualBox extension packages have a
.vbox-extpackfile name extension. To install an extension, simply double-click on the package file and a Network Operations Manager window will appear, guiding you through the required steps.
To view the extension packs that are currently installed, please start the VirtualBox Manager (see the next section). From the “File” menu, please select “Preferences”. In the window that shows up, go to the “Extensions” category which shows you the extensions which are currently installed and allows you to remove a package or add a new one.
Detailed Guide on Each Oracle VM VirtualBox Extension Pack
In the following subheadings you will find a very detailed information on how to install and configure each single extension of Oracle VM VirtualBox Extenstoin Pack. This detailed guide will surely answer all the questions you have about the VirtualBox Extensions.
The Virtual USB 2.0 (EHCI) and 3.0 (xHCI)
One of the best Extensions of Oracle VM VirtualBox Extension Pack is Virtual USB 2.0 (EHCI) and 3.0 (xHCI). The “USB” section in a virtual machine’s Settings window allows you to configure VirtualBox’s sophisticated USB support.
VirtualBox can allow virtual machines to access the USB devices on your host directly. To achieve this, VirtualBox presents the guest operating system with a virtual USB controller. As soon as the guest system starts using a USB device, it will appear as unavailable on the host.
- Be careful with USB devices that are currently in use on the host! For example, if you allow your guest to connect to your USB hard disk that is currently mounted on the host, when the guest is activated, it will be disconnected from the host without a proper shutdown. This may cause data loss.
- Solaris hosts have a few known limitations regarding USB support. please see Known limitations.
In addition to allowing a guest access to your local USB devices, VirtualBox even allows your guests to connect to remote USB devices by use of the VirtualBox Remote Desktop Extension (VRDE). For details about this, see “Remote USB”.
In the Settings dialog, you can first configure whether USB is available in the guest at all, and then choose the level of USB support: OHCI for USB 1.1, EHCI (which will also enable OHCI) for USB 2.0, or xHCI for all USB speeds.
The xHCI and EHCI controllers are shipped as a VirtualBox extension package, which must be installed separately.
When USB support is enabled for a VM, you can determine in detail which devices will be automatically attached to the guest. For this, you can create so-called “filters” by specifying certain properties of the USB device. USB devices with a matching filter will be automatically passed to the guest once they are attached to the host. USB devices without a matching filter can be passed manually to the guest, for example by using the Devices / USB devices menu.
Clicking on the “+” button to the right of the “USB Device Filters” window creates a new filter. You can give the filter a name (for referencing it later) and specify the filter criteria. The more criteria you specify, the more precisely devices will be selected. For instance, if you specify only a vendor ID of 046d, all devices produced by Logitech will be available to the guest. If you fill in all fields, on the other hand, the filter will only apply to a particular device model from a particular vendor, and not even to other devices of the same type with a different revision and serial number.
In detail, the following criteria are available:
- Vendor and product ID. With USB, each vendor of USB products carries an identification number that is unique world-wide, the “vendor ID”. Similarly, each line of products is assigned a “product ID” number. Both numbers are commonly written in hexadecimal (that is, they are composed of the numbers 0-9 and the letters A-F), and a colon separates the vendor from the product ID. For example,
046d:c016stands for Logitech as a vendor, and the “M-UV69a Optical Wheel Mouse” product.Alternatively, you can also specify “Manufacturer” and “Product” by name.To list all the USB devices that are connected to your host machine with their respective vendor and product IDs, you can use the following command (VBoxManage):
VBoxManage list usbhost
On Windows, you can also see all USB devices that are attached to your system in the Device Manager. On Linux, you can use the
- Serial number. While vendor and product ID are already quite specific to identify USB devices, if you have two identical devices of the same brand and product line, you will also need their serial numbers to filter them out correctly.
- Remote. This setting specifies whether the device will be local only, or remote only (over VRDP), or either.
On a Windows host, you will need to unplug and reconnect a USB device to use it after creating a filter for it.
As an example, you could create a new USB filter and specify a vendor ID of 046d (Logitech, Inc), a manufacturer index of 1, and “not remote”. Then any USB devices on the host system produced by Logitech, Inc with a manufacturer index of 1 will be visible to the guest system.
Several filters can select a single device — for example, a filter which selects all Logitech devices, and one which selects a particular webcam.
Implementation notes for Windows and Linux hosts
On Windows hosts, a kernel mode device driver provides USB proxy support. It implements both a USB monitor, which allows VirtualBox to capture devices when they are plugged in, and a USB device driver to claim USB devices for a particular virtual machine. As opposed to VirtualBox versions before 1.4.0, system reboots are no longer necessary after installing the driver. Also, you no longer need to replug devices for VirtualBox to claim them.
On newer Linux hosts, VirtualBox accesses USB devices through special files in the file system. When VirtualBox is installed, these are made available to all users in the
vboxusers system group. In order to be able to access USB from guest systems, make sure that you are a member of this group.
On older Linux hosts, USB devices are accessed using the
usbfs file system. Therefore, the user executing VirtualBox needs read and write permission to the USB file system. Most distributions provide a group (e.g.
usbusers) which the VirtualBox user needs to be added to. Also, VirtualBox can only proxy to virtual machines USB devices which are not claimed by a Linux host USB driver. The
Driver= entry in
/proc/bus/usb/devices will show you which devices are currently claimed. Please refer to “USB not working” also for details about
VirtualBox Remote Desktop Protocol (VRDP)
One of the best extensions of Oracle VM VirtualBox Extension Pack is VirtualBox Remote Desktop Protocol (VRDP). While any VM started from the VirtualBox Manager is capable of running virtual machines remotely, it is not convenient to have to run the full-fledged GUI if you never want to have VMs displayed locally in the first place. In particular, if you are running server hardware whose only purpose is to host VMs, and all your VMs are supposed to run remotely over VRDP, then it is pointless to have a graphical user interface on the server at all — especially since, on a Linux or Solaris host, the VirtualBox manager comes with dependencies on the Qt and SDL libraries. This is inconvenient if you would rather not have the X Window system on your server at all.
VirtualBox therefore comes with yet another front-end called
VBoxHeadless, which produces no visible output on the host at all, but still can deliver VRDP data. This front-end has no dependencies on the X Window system on Linux and Solaris hosts.
To start a virtual machine with
VBoxHeadless, you have three options:
- You can use
VBoxManage startvm "VM name" --type headless
--typeoption causes VirtualBox to use
VBoxHeadlessas the front-end to the internal virtualization engine instead of the Qt front-end.
- One alternative is to use
VBoxHeadlessdirectly, as follows:
VBoxHeadless --startvm <uuid|name>
This way of starting the VM helps troubleshooting problems reported by
VBoxManage startvm ...because you can see sometimes more detailed error messages, especially for early failures before the VM execution is started. In normal situations
VBoxManage startvmis preferred since it runs the VM directly as a background process which has to be done explicitly when directly starting
- The other alternative is to start
VBoxHeadlessfrom the VirtualBox Manager GUI, by holding the Shift key when starting a virtual machine or selecting
Headless Startfrom the
Since VirtualBox version 5.0, when you use
VBoxHeadless to start a VM, the VRDP server will be enabled according to the VM configuration. You can override the VM’s setting using
--vrde command line parameter. To enable the VRDP server start the VM like this:
VBoxHeadless --startvm <uuid|name> --vrde on
and to disable it:
VBoxHeadless --startvm <uuid|name> --vrde off
To have the VRDP server enabled depending on the VM configuration, as the other front-ends would, you can still use:
VBoxHeadless --startvm <uuid|name> --vrde config
but this is the same as
VBoxHeadless --startvm <uuid|name>
If you start the VM with
VBoxManage startvm ... then the configuration settings of the VM are always used.
Host Webcam Passthrough – Using a Host Webcam in the Guest
One of the other best Oracle VM VirtualBox Extension Pack is Host Webcam Passthrough. VirtualBox 4.3 includes an experimental feature which allows a guest to use a host webcam. This complements the general USB passthrough support which was the typical way of using host webcams in earlier versions. The webcam passthrough support can handle non-USB video sources in theory, but this is completely untested.
The webcam passthrough module is shipped as part of the Oracle VM VirtualBox extension pack, which must be installed separately.
The host webcam can be attached to the VM using “Devices” menu in the VM menu bar. The “Webcams” menu contains a list of available video input devices on the host. Clicking on a webcam name attaches or detaches the corresponding host device.
The VBoxManage command line tool can be used to enable webcam passthrough. Please see the host-specific sections below for additional details. The following commands are available:
- Get a list of host webcams (or other video input devices):
VBoxManage list webcams
The output format:
alias "user friendly name" host path or identifier
The alias can be used as a shortcut in other commands. Alias ‘.0’ means default video input device on the host, ‘.1’, ‘.2’, etc mean first, second, etc video input device. The device order is host-specific.
- Attach a webcam to a running VM:
VBoxManage controlvm "VM name" webcam attach [host_path|alias [settings]]
This will attach a USB webcam device to the guest.
settingsparameter is a string
Setting1=Value1;Setting2=Value2, which allows to configure the emulated webcam device. The following settings are supported:
MaxFramerateThe highest rate at which video frames are sent to the guest. A higher frame rate requires more CPU power. Therefore sometimes it is useful to set a lower limit. Default is no limit and allow the guest to use all frame rates supported by the host webcam.
MaxPayloadTransferSizeHow many bytes the emulated webcam can send to the guest at a time. Default value is 3060 bytes, which is used by some webcams. Higher values can slightly reduce CPU load, if the guest is able to use larger buffers. However, a high
MaxPayloadTransferSizemight be not supported by some guests.
- Detach a webcam from a running VM:
VBoxManage controlvm "VM name" webcam detach [host_path|alias]
- List webcams attached to a running VM:
VBoxManage controlvm "VM name" webcam list
The output contains path or alias which was used in ‘webcam attach’ command for each attached webcam.
Experimental support for PCI passthrough on Linux hosts
PCI Passthrough is anothe best Extension of Oracle VM VirtualBox Extension Pack. When running on Linux hosts, with a recent enough kernel (at least version
2.6.31) experimental host PCI devices passthrough is available.
The PCI passthrough module is shipped as a VirtualBox extension package, which must be installed separately.
Essentially this feature allows to directly use physical PCI devices on the host by the guest even if host doesn’t have drivers for this particular device. Both, regular PCI and some PCI Express cards, are supported. AGP and certain PCI Express cards are not supported at the moment if they rely on GART (Graphics Address Remapping Table) unit programming for texture management as it does rather non-trivial operations with pages remapping interfering with IOMMU. This limitation may be lifted in future releases.
To be fully functional, PCI passthrough support in VirtualBox depends upon an IOMMU hardware unit which is not yet too widely available. If the device uses bus mastering (i.e. it performs DMA to the OS memory on its own), then an IOMMU is required, otherwise such DMA transactions may write to the wrong physical memory address as the device DMA engine is programmed using a device-specific protocol to perform memory transactions. The IOMMU functions as translation unit mapping physical memory access requests from the device using knowledge of the guest physical address to host physical addresses translation rules.
Intel’s solution for IOMMU is marketed as “Intel Virtualization Technology for Directed I/O” (VT-d), and AMD’s one is called AMD-Vi. So please check if your motherboard datasheet has appropriate technology. Even if your hardware doesn’t have a IOMMU, certain PCI cards may work (such as serial PCI adapters), but the guest will show a warning on boot and the VM execution will terminate if the guest driver will attempt to enable card bus mastering.
It is very common that the BIOS or the host OS disables the IOMMU by default. So before any attempt to use it please make sure that
- Your motherboard has an IOMMU unit.
- Your CPU supports the IOMMU.
- The IOMMU is enabled in the BIOS.
- The VM must run with VT-x/AMD-V and nested paging enabled.
- Your Linux kernel was compiled with IOMMU support (including DMA remapping, see
CONFIG_DMARkernel compilation option). The PCI stub driver (
CONFIG_PCI_STUB) is required as well.
- Your Linux kernel recognizes and uses the IOMMU unit (
intel_iommu=onboot option could be needed). Search for DMAR and PCI-DMA in kernel boot log.
Once you made sure that the host kernel supports the IOMMU, the next step is to select the PCI card and attach it to the guest. To figure out the list of available PCI devices, use the
lspci command. The output will look like this:
01:00.0 VGA compatible controller: ATI Technologies Inc Cedar PRO [Radeon HD 5450] 01:00.1 Audio device: ATI Technologies Inc Manhattan HDMI Audio [Mobility Radeon HD 5000 Series] 02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 03) 03:00.0 SATA controller: JMicron Technology Corp. JMB362/JMB363 Serial ATA Controller (rev 03) 03:00.1 IDE interface: JMicron Technology Corp. JMB362/JMB363 Serial ATA Controller (rev 03) 06:00.0 VGA compatible controller: nVidia Corporation G86 [GeForce 8500 GT] (rev a1)
The first column is a PCI address (in format
bus:device.function). This address could be used to identify the device for further operations. For example, to attach a PCI network controller on the system listed above to the second PCI bus in the guest, as device 5, function 0, use the following command:
VBoxManage modifyvm "VM name" --pciattach 02:00.0@01:05.0
To detach same device, use
VBoxManage modifyvm "VM name" --pcidetach 02:00.0
Please note that both host and guest could freely assign a different PCI address to the card attached during runtime, so those addresses only apply to the address of the card at the moment of attachment (host), and during BIOS PCI init (guest).
If the virtual machine has a PCI device attached, certain limitations apply:
- Only PCI cards with non-shared interrupts (such as using MSI on host) are supported at the moment.
- No guest state can be reliably saved/restored (as the internal state of the PCI card could not be retrieved).
- Teleportation (live migration) doesn’t work (for the same reason).
- No lazy physical memory allocation. The host will preallocate the whole RAM required for the VM on startup (as we cannot catch physical hardware accesses to the physical memory).
Disk Image Encryption with AES Algorithm
Disk Image Encryption with AES Algorithm is one of best extensions of Oracle VM VirtualBox Extension Pack. Starting with VirtualBox 5.0, it is possible to encrypt the data stored in hard disk images transparently for the guest. It does not depend on a specific image format to be used. Images which have the data encrypted are not portable between VirtualBox and other virtualization software.
VirtualBox uses the AES algorithm in XTS mode and supports 128 or 256 bit data encryption keys (DEK). The DEK is stored encrypted in the medium properties and is decrypted during VM startup by entering a password which was chosen when the image was encrypted.
Since the DEK is stored as part of the VM configuration file, it is important that it is kept safe. Losing the DEK means that the data stored in the disk images is lost irrecoverably. Having complete and up to date backups of all data related to the VM is the responsibility of the user.
There are some limitations the user needs to be aware of when using this feature:
- This feature is part of the Oracle VM VirtualBox Extension Pack, which needs to be installed. Otherwise disk encryption is unavailable.
- Since encryption works only on the stored user data, it is currently not possible to check for metadata integrity of the disk image. Attackers might destroy data by removing or changing blocks of data in the image or change metadata items such as the disk size.
- Exporting appliances which contain encrypted disk images is not possible because the OVF specification doesn’t support this. All images are therefore decrypted during export.
- The DEK is kept in memory while the VM is running to be able to decrypt data read and encrypt data written by the guest. While this should be obvious the user needs to be aware of this because an attacker might be able to extract the key on a compromised host and decrypt the data.
- When encrypting or decrypting the images, the password is passed in clear text via the VirtualBox API. This needs to be kept in mind, especially when using third party API clients which make use of the webservice where the password might be transmitted over the network. The use of HTTPS is mandatory in such a case.
- Encrypting images with differencing images is only possible if there are no snapshots or a linear chain of snapshots. This limitation may be addressed in a future VirtualBox version.
Encrypting disk images
Encrypting disk images can be done either using the GUI or VBoxManage. While the GUI is easier to use, it works on a per VM basis and encrypts all disk images attached to the specific VM. With VBoxManage one can encrypt individual images (including all differencing images). To encrypt an unencrypted medium with VBoxManage, use:
VBoxManage encryptmedium "uuid|filename" --newpassword "file|-" --cipher "cipher id" --newpasswordid "id"
To supply the encryption password point VBoxManage to the file where the password is stored or specify
- to let VBoxManage ask you for the password on the command line.
The cipher parameter specifies the cipher to use for encryption and can be either
AES-XTS256-PLAIN64. The specified password identifier can be freely chosen by the user and is used for correct identification when supplying multiple passwords during VM startup.
If the user uses the same password when encrypting multiple images and also the same password identifier, the user needs to supply the password only once during VM startup.
Starting a VM with encrypted images
When a VM is started using the GUI, a dialog will open where the user needs to enter all passwords for all encrypted images attached to the VM. If another frontend like VBoxHeadless is used, the VM will be paused as soon as the guest tries to access an encrypted disk. The user needs to provide the passwords through VBoxManage using the following command:
VBoxManage controlvm "uuid|vmname" addencpassword "id" "password" [--removeonsuspend "yes|no"]
id parameter must be the same as the password identifier supplied when encrypting the images.
password is the password used when encrypting the images. The user can optionally specify
--removeonsuspend "yes|no" to specify whether to remove the password from VM memory when the VM is suspended. Before the VM can be resumed, the user needs to supply the passwords again. This is useful when a VM is suspended by a host suspend event and the user doesn’t want the password to remain in memory.
Decrypting encrypted images
In some circumstances it might be required to decrypt previously encrypted images. This can be done in the GUI for a complete VM or using VBoxManage with the following command:
VBoxManage encryptmedium "uuid|filename" --oldpassword "file|-"
The only required parameter is the password the image was encrypted with. The options are the same as for encrypting images.
- What is Hacking? Types of Computer Hackers & White Hat Hacking 2018
- Hack WiFi Networks in Just a Minute by using Android App
Download Oracle VM VirtualBox Extension Pack for All Supported Platforms
The download link provided for Oracle VM VirtualBox Extension Pack below this paragraph is supported by all platforms. Download Oracle VM VirtualBox Extension Pack and run it.
Following functionalities can be found in Oracle VM VirtualBox Extension Pack:
- Experimental support for PCI passthrough on Linux hosts.
- Host webcam passthrough;
- The virtual USB 2.0 (EHCI) device;
- VirtualBox Remote Desktop Protocol (VRDP) support;
- Intel PXE boot ROM
Install Oracle VM VirtualBox Extension Pack Ubuntu and other platforms
You can install Oracle VM VirtualBox Extension Pack in two ways. First one is by launching the Oracle VM VirtualBox Extension Pack’s “.vbox-extpack” by a double click or openning the file on Windows Hosts, Mac OS X, Linux Mint, Ubuntu Software Manager. The second one is by command lines which are clearly shown below. It is a detailed guide on how to install, uninstall and clean up the extensions.
VBoxManage extpack install [–replace] <
Installs a new extension pack on the system. This command will fail if an older version of the same extension pack is already installed. The
--replace option can be used to uninstall any old package before the new one is installed.
- Uninstall existing extension pack version.
- The file containing the extension pack to be installed.
VBoxManage extpack uninstall [–force] <
Uninstalls an extension pack from the system. The subcommand will also succeed in the case where the specified extension pack is not present on the system. You can use
VBoxManage list extpacks to show the names of the extension packs which are currently installed.
- Overrides most refusals to uninstall an extension pack
- The name of the extension pack to be uninstalled.
VBoxManage extpack cleanup
Used to remove temporary files and directories that may have been left behind if a previous install or uninstall command failed.
How to list extension packs:
$ VBoxManage list extpacks Extension Packs: 1 Pack no. 0: Oracle VM VirtualBox Extension Pack Version: 4.1.12 Revision: 77218 Edition: Description: USB 2.0 Host Controller, VirtualBox RDP, PXE ROM with E1000 support. VRDE Module: VBoxVRDP Usable: true Why unusable:
How to remove an extension pack:
$ VBoxManage extpack uninstall "Oracle VM VirtualBox Extension Pack" 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100% Successfully uninstalled "Oracle VM VirtualBox Extension Pack".
I hope this Article “Oracle VM VirtualBox Extension Pack” was Useful. Please Leave your Feedback, and Ask your Questions in the Comment Box Section.