Roblox in a vm

Running Roblox in a Virtual Machine!

Intro

CREDIT: keyemail (in the vinegar discord server):
Running Roblox in a Virtual Machine!

What this guide is for?:

This is a guide on how to get Roblox working under a VM with KVM/QEMU using Libvirt. Note that these instructions do not work out these! I can also not guarntee that this setup with remain to last forever, however I do not believe that this setup will not be dead by tomorrow. Also, this guide will ONLY be for either Arch, and Debian (Be aware that i dont use debian, if you have a suggestion let me know), any other distros you will have to do the research on what you need to install.

Requirements

• You need a GPU to pass through (Single Passthrough works too, however wont be included in this guide so read about it here: https://github.com/joeknock90/Single-GPU-Passthrough)
• Hyper-V is much needed in this guide, because its the way you can play with the anti-cheat in effect
• Some basic linux knowledge (knowing what you are doing)

Getting QEMU/KVM with Libvirt

Arch:

# pacman -S qemu libvirt edk2-ovmf virt-manager ebtables dnsmasq

# systemctl enable --now libvirtd.service

# systemctl enable --now virtlogd.socket

# virsh net-autostart default

# virsh net-start default

Debian:

# apt update

# apt upgrade -y

# apt install qemu qemu-kvm qemu-systems qemu-utils libvirt-clients libvirt-daemon-system virtisnt virt-manager -y

Open up Virtual Machine Manager and see if it boots! It should do so, if not something went wrong.

Setting up second GPU passthrough (OVMF Passthrough)

Make sure Vt-d (Intel) or AMD-Vi (AMD) is enabled on the BIOS menu, its also a good time to check if Virtualization is enabled on your BIOS too. To enable IOMMU groups for Intel (AMD Users dont have to worry about this if its enabled on the BIOS) do intel_iommu=on and make sure iommu=pt is also into the kernel parameter (Grub, systemdboot, etc..). After this, REBOOT. To verify that it is enabled use # dmesg | grep -i -e DMAR -e IOMMU to verify, it should look something like this.

[    0.000000] ACPI: DMAR 0x00000000BDCB1CB0 0000B8 (v01 INTEL  BDW      00000001 INTL 00000001)
[    0.000000] Intel-IOMMU: enabled
[    0.028879] dmar: IOMMU 0: reg_base_addr fed90000 ver 1:0 cap c0000020660462 ecap f0101a
[    0.028883] dmar: IOMMU 1: reg_base_addr fed91000 ver 1:0 cap d2008c20660462 ecap f010da
[    0.028950] IOAPIC id 8 under DRHD base  0xfed91000 IOMMU 1
[    0.536212] DMAR: No ATSR found
[    0.536229] IOMMU 0 0xfed90000: using Queued invalidation
[    0.536230] IOMMU 1 0xfed91000: using Queued invalidation
[    0.536231] IOMMU: Setting RMRR:
[    0.536241] IOMMU: Setting identity map for device 0000:00:02.0 [0xbf000000 - 0xcf1fffff]
[    0.537490] IOMMU: Setting identity map for device 0000:00:14.0 [0xbdea8000 - 0xbdeb6fff]
[    0.537512] IOMMU: Setting identity map for device 0000:00:1a.0 [0xbdea8000 - 0xbdeb6fff]
[    0.537530] IOMMU: Setting identity map for device 0000:00:1d.0 [0xbdea8000 - 0xbdeb6fff]
[    0.537543] IOMMU: Prepare 0-16MiB unity mapping for LPC
[    0.537549] IOMMU: Setting identity map for device 0000:00:1f.0 [0x0 - 0xffffff]
[    2.182790] [drm] DMAR active, disabling use of stolen memory

so, if you see [ 0.000000] Intel-IOMMU: enabled your good! Next, your going to want to verify that your GPU is on its own IOMMU Group, if not then youll have to do some patching which isnt in this guide. Run this script:

#!/bin/bash
shopt -s nullglob
for g in $(find /sys/kernel/iommu_groups/* -maxdepth 0 -type d | sort -V); do
    echo "IOMMU Group ${g##*/}:"
    for d in $g/devices/*; do
        echo -e "\t$(lspci -nns ${d##*/})"
    done;
done;

and it should report something like this:

IOMMU Group 1:
    00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v2/3rd Gen Core processor PCI Express Root Port [8086:0151] (rev 09)
IOMMU Group 2:
    00:14.0 USB controller: Intel Corporation 7 Series/C210 Series Chipset Family USB xHCI Host Controller [8086:0e31] (rev 04)
IOMMU Group 4:
    00:1a.0 USB controller: Intel Corporation 7 Series/C210 Series Chipset Family USB Enhanced Host Controller #2 [8086:0e2d] (rev 04)
IOMMU Group 10:
    00:1d.0 USB controller: Intel Corporation 7 Series/C210 Series Chipset Family USB Enhanced Host Controller #1 [8086:0e26] (rev 04)
IOMMU Group 13:
    06:00.0 VGA compatible controller: NVIDIA Corporation GM204 [GeForce GTX 970] [10de:13c2] (rev a1)
    06:00.1 Audio device: NVIDIA Corporation GM204 High Definition Audio Controller [10de:0fbb] (rev a1)

notice how group 13 has the cards all by themselves! Its also ok to have a PCIE Express thing in there, but NOTHING ELSE. Also make sure to save the ID’s that are in the brackets (e.g. [10de:0fbb] and [10de:13c2]). You need these BOTH for later so save those! Next, edit your mkinitpcio and make sure these are in MODULES:

MODULES=(... vfio_pci vfio vfio_iommu_type1 ...)

if you have NVIDIA make sure these are in FRONT, otherwise you might have errors. Last, we need to isolate the card so run: # nano /etc/modprobe.d/vfio.conf and put those ID tags you saved ealier using this command,

options vfio-pci ids=10de:13c2,10de:0fbb

and replace those ids with YOURS. Now, run # mkinitcpio -P to run it along all your kernels and REBOOT. https://wiki.archlinux.org/title/PCI_passthrough_via_OVMF (do you know which linux distro I use?? its really hard to tell!!)

Setting up our Virtual Machine!

At this point load up Virtual Machine Manager and get a new VM running.. configure it however you like but and this is import, BEFORE HITTING FINISH HIT “Customize Installation before Install” and in the Overall tab make sure to your chipset is Q35 and your firmware is UEFI (Secure boot with windows 11). Go ahead and finish it off and install windows like regular. Once your done boot off the VM and go into the config area again, you will need to edit some XML so you have been warned. Make sure XML editing is enable! (Edit -> Prefrences -> Enable XML Editing) Tip: To add hardware use the “Add Hardware” button! Make sure to add BOTH PCIE devices (Nvidia Card and Nvidia Audio, they should be the same PCIE 1st number along with the card name in brackets)! Next, you need to get rid of spice graphics so in the Video module turn it to None and then get rid of the sound card (right click), and also get rid of the USB redirects, and then at the bottom of the XML file youll see the <audio> tag, make sure it states:

<audio id="1" type="none"/>

After this you should be able to remove Display Spice and then followed with Video. Some extra stuff you can get rid of: Serial 1, Channel (Spice), Tablet. Heres where the “Getting the anticheat to work with the VM” part comes in, this method is one of my favorite and the only anti cheat I know as of current is Vanguard that bans this. We are going to use Hyper-V (Nested Virtualization) to use Microsofts Hyper-V on beating these anti cheats! In your XML File, in the <features> flag all the way down to </features> put this in:

 <features>
    <acpi/>
    <apic/>
    <pae/>
    <hap state="on"/>
    <privnet/>
    <hyperv mode="passthrough">
      <relaxed state="on"/>
      <vapic state="on"/>
      <spinlocks state="on" retries="8191"/>
      <vpindex state="on"/>
      <runtime state="on"/>
      <synic state="on"/>
      <stimer state="on"/>
      <reset state="off"/>
      <vendor_id state="on" value="PS3000X"/>
      <frequencies state="on"/>
      <reenlightenment state="off"/>
      <tlbflush state="on"/>
      <ipi state="on"/>
      <evmcs state="off"/>
    </hyperv>
    <kvm>
      <hidden state="on"/>
      <hint-dedicated state="on"/>
      <poll-control state="on"/>
      <pv-ipi state="on"/>
    </kvm>
    <vmport state="off"/>
    <smm state="on"/>
    <ioapic driver="kvm"/>
  </features>

Which is one part of the step, next go to your <cpu> tag which should be right below <features> and make sure these two are in here

<feature policy="require" name="hypervisor"/>
<feature policy="require" name="vmx"/>

so it should look like (this is my example):

<cpu mode="custom" match="exact" check="partial">
    <topology sockets="1" dies="1" cores="5" threads="1"/>
    <feature policy="require" name="hypervisor"/>
    <feature policy="require" name="vmx"/>
</cpu>

but, enabling this makes MY system get into a boot loop so i added:

<model fallback="allow">Skylake-Client-noTSX-IBRS</model>

like:

<cpu mode="custom" match="exact" check="partial">
    <model fallback="allow">Skylake-Client-noTSX-IBRS</model>
    <topology sockets="1" dies="1" cores="5" threads="1"/>
    <feature policy="require" name="hypervisor"/>
    <feature policy="require" name="vmx"/>
</cpu>

to prevent this from happening.This should be all to get Hyper-V to get working, now make sure to passthrough either the USB controller (PCIE) or passthrough USB devices to get access into your VM and boot it up! Search up “Turn on or off a windows feature” (This doesent match it entirely but im not booting up a vm to get this matched sorry) and ENABLE and i mean ENABLEEEEEE Hyper-V beacuse it wont work without it. Reboot and pray to god you dont get a boot loop and it should be finished! Your all set.

Installing Roblox

if you dont know how to do this then i dont know how you did the rest of this, cmon now.

Sources:

https://wiki.archlinux.org/title/PCI_passthrough_via_OVMF https://www.youtube.com/watch?v=BUSrdUoedTo&t=693s Some people ive known with this My own brain as well”

I might post a follow up guide on nixos
Also this guide does not help me for some reason, i might make a post about that too, roblox might have upped their anti-cheat since the guide was first sent.

Some other recommendations:

• https://github.com/zhaodice/qemu-anti-detection
• Turning off core memory isolation under device security on windows
• turning off memballon