Download

Binary installer (Windows x64)

The canonical distribution point is GitHub Releases. Download both the .exe and the .exe.sha256 sidecar; verify before running.

Open the Releases page →

Current build

Verify before installing

# PowerShell
(Get-FileHash .\OpenHuizeBox-Setup-*.exe -Algorithm SHA256).Hash
# compare against the contents of the .sha256 sidecar file

Build from source

Reproducible from a clean git clone --recursive on a reference host in about 45 minutes. See QUICKSTART.md for the full sequence.

git clone --recursive https://github.com/zhihuiyuze/OpenHuizeBox.git
cd OpenHuizeBox
powershell -File .\build\install_build_toolchain.ps1
powershell -File .\build\local_build.ps1

Kernel driver

VBoxSup must load for VMs to power on. The installer generates a self-signed CA, signs the driver and all ring-0 modules (VMMR0.r0, VBoxDDR0.r0) with it, installs the CA into LocalMachine trust, and enables Windows test-signing. Reboot once; run build\post_reboot_driver_check.ps1 to confirm.

If you don't want test-signing on, you have three options:

1. Use OpenHuizeBox against an already-installed upstream Oracle VirtualBox driver (you lose OpenHuizeBox-specific kernel extensions but keep the GUI + profile library).
2. Wait for the EV-cert / Microsoft-attested build (planned 0.5.0, undated).
3. Don't install. The hardware-identity profile library and audit scripts work as host-side tooling against your own VirtualBox.

Uninstall

Control Panel → OpenHuizeBox → Uninstall performs a full removal: kernel driver, project CA from LocalMachine stores, scheduled tasks. VM disk images, captured .pcapng files and applied profiles under your user profile are not touched — delete manually if needed.

Integrity and reproducibility

Every release is produced from a pinned upstream SHA (recorded in UPSTREAM_TRACKING.md) plus the patch set / fork branch frozen at a specific commit. A reproducibility gap is a release blocker.