Say you have a VMWare disk image (.vmdk file) or a CD image (.iso file) on your desktop and would like to look at the files inside. Perhaps there are a couple of files you would like to extract. You could start the virtual machine to access its files (What was the damn administrator password again?), or install a bunch of utilities to let you mount the image as a filesystem. Or, you could use VMXray, which, being a pure web app, requires no installation at all
You could also look at other filesystem dumps (FAT, ext2, NTFS) in various formats (qcow2, raw). We haven't tested all combinations.
In theory, you can recover deleted photos from raw dumps of your camera's SD card. It might be a little slow, though.
What about the privacy of my data?
No data from your files is ever sent over the network. The privacy of your data is assured for the simple reason that it never leaves your machine. VMXRay does all its magic completely inside your browser.
What browsers are supported?
VMXRay uses bleeding edge HTML5 features like the FileReader API to access local files. Not all browsers support it, and even in those which do, API support is evolving. Currently, we know of the following browsers on which browsing of images and preview of files work:
Google Chrome 13+ (Mac OS X, Ubuntu)
Firefox 7+ (Mac OS X, Ubuntu)
Downloading of files works properly only on Chrome.
What file formats are supported?
There are two formats to be aware of - the disk image format and the filesystem/volume manager. The unhelpful answer is: whatever disk image format is supported by QEMU and whatever filesystem format is supported by sleuthkit. A partial list of formats known to work is given below.
Disk image formats: Raw, VMWare single and multi-file VMDKs, QEMU/KVM QCOW2 (without encryption/compression), Virtualbox VDI, ISO.
Filesystems: ext2, ext3, FAT, NTFS.
Popular formats which don't work yet include ext4 and Linux filesystems on top of LVM. We hope to support many more in future.
How do I feed it multi-file VMDKs?
Select multiple files in the Select Disk Image dialog (Ctrl-click or Cmd-click). If your image is called WinXP, make sure you pick each and every one of the WinXP-s00n.vmdk files and the WinXP.vmdk file.
VMWare Fusion on the Mac represents the VM as a bundle, so you cannot use Select Disk Image for this purpose. Instead, use the Finder to locate and select your desired machine and use the Action menu (gear icon) to Show Package Contents. This will take you inside the bundle directory, where you can see the individual files (.vmdk, .vmx, .vmem etc.) which constitute the VM. You can now select all the VMDK components using Cmd-click. Now drag and drop them onto the vmxray.com page in your browser, on the welcome message or on the explorer window.
Drag and drop can be used on all platforms for single files as well.
It reports unsupported file type or gets stuck indefinitely at "Opening folder"
It might be slow, but if there is no progress for a minute or more, it is likely a bug somewhere, or browser incompatibility. Look at the error console on the browser. Send us a screenshot of the page and the error console, or better still, a fix :)
Is it free software?
Yes! The Emscripten version uses only open source components. All open source software modifications made by Coriolis are released under the same license as the original software, and under 2-clause BSD where new components were created.
As it is a side project, it is still a bit of a mess, with little documentation on how to put it together - a situation we plan to remedy soon. The code running vmxray.com is available on Github. It uses Emscripten to compile QEMU and Sleuthkit.
How does it work?
Briefly,
A fork of Sleuthkit, a filesystem forensics tool is enhanced to understand virtual disk images like .vmdk, .vdi, .qcow2 etc. by making it use QEMU library.
The Sleuthkit tool is run as a webworker that extracts file and folders information from the image file.
We have implemented LD_PRELOAD like hook for pread system call that reads actual file bits through HTML5 file reader APIs.
A fork of the beautiful elFinder is used to present a folder interface to the file system
There is no server-side processing; everything happens within the browser.
Hey, where's this Linux in the browser I heard about?
The previous version of VMXray used JSLinux and ran a tiny virtual machine inside the browser, which ran sleuthkit and interpreted the disk image. While it was a very neat hack (and the only real-world app based on JSLinux we know of), it suffered from two limitations:
x86 emulation is too slow for interesting use cases
JSLinux is not free software at the moment. To quote the FAQ, "The readable source code of the JS PC emulator itself is not yet available. At this point, any mirroring or redistribution of the code needs my explicit permission."
Enter Alon Zakai's Emscripten, an amazing project which compiles large, real-world C code bases to Javascript. The resulting code runs in the browser at a good fraction of native speeds (30-50%), which is more than enough for many interesting applications.
So we switched to Emscripten, and VMXRay is now so fast it is barely distinguishable from a native app. While it lacks the Rube Goldberg attraction of running Linux in the browser, it more than makes up for it in speed and potential future applications.
We will continue to keep a live version of JSLinux-based VMXRay for the foreseeable future, though all new development will be focussed on the emscripten branch.