OpenHuizeBox is a compliance-positioned fork of VirtualBox OSE for privacy-audit research. It surfaces every hardware-identity knob that commercial software and malware use to profile their host — CPUID brand, SMBIOS tables, ACPI OEM IDs, disk model & serial, NIC OUI — as visible, per-VM settings you can toggle, document, and reproduce.
Pick a profile (Dell OptiPlex, Lenovo ThinkPad, generic OEM workstation) and apply realistic SMBIOS / ACPI / disk / MAC values to a single VM. No hidden magic — every change is a visible VBoxManage setextradata line you can audit.
The Realistic Hardware Identity groupbox sits inside Motherboard, Processor, Display, Storage and Network tabs — configure next to the native VBox controls, not in a separate “mystery” dialog.
Scripted network capture (pktmon) and TLS root CA generation for traffic inspection. Outbound tracker classifier and before/after snapshot diff are on the 0.2.0 roadmap — today the raw capture is produced, the classifier step is manual.
Tested against the four common commodity VM detectors — Pafish, Al-Khaser, VMAware, InviZzzible — with a documented, honest layer taxonomy (L1 extradata → L5 VMM patches) and a published out-of-reach list.
GPL v3, full source, deterministic build via kBuild. Windows file properties list OpenHuizeBox Project, not Oracle — no silent vendor leakage.
TCP-fingerprint and TTL-rewrite behaviour as opt-in kernel extensions is designed, not shipped — see the testing matrix §7.7–7.8 (scheduled for 0.3.x+). The current alpha runs with the stock Oracle SUPDRV signed by the project CA; no extra kernel code.
OpenHuizeBox is distributed under GPL v3 for lawful privacy-audit research. See governance for the full statement of intended use and the published out-of-scope list.