Penguin Configuration¶
Configuration file for config-file-based rehosting with IGLOO
core Core configuration options¶
Core configuration options for this rehosting
core.arch Architecture of guest¶
Type |
|
Default |
|
armel
aarch64
mipsel
mipseb
mips64el
mips64eb
intel64
core.kernel Path to kernel image¶
Type |
string or null |
Default |
|
/igloo_static/kernels/zImage.armel
/igloo_static/kernels/zImage.arm64
/igloo_static/kernels/vmlinux.mipsel
/igloo_static/kernels/vmlinux.mipseb
/igloo_static/kernels/vmlinux.mips64el
/igloo_static/kernels/vmlinux.mips64eb
core.fs Project-relative path to filesystem tarball¶
Type |
string or null |
Default |
|
base/fs.tar.gz
core.plugin_path Path to search for PyPlugins¶
Type |
string |
Default |
|
/pyplugins
core.root_shell Enable root shell¶
Type |
boolean |
Default |
|
Whether to enable a root shell into the guest
false
true
core.strace Enable strace¶
Type |
boolean or list of string |
Default |
|
If true, run strace for entire system starting from init. If names of programs, enable strace only for those programs.
false
true
- lighttpd
core.ltrace Enable ltrace¶
Type |
boolean or list of string |
Default |
|
If true, run ltrace for entire system starting from init. If names of programs, enable ltrace only for those programs.
false
true
- lighttpd
core.gdbserver Programs to run through gdbserver¶
Default |
|
Mapping between names of programs and ports for gdbserver. When a program in this mapping is run, it will start paused with gdbserver attached, listening on the specified port.
{}
lighttpd: 9999
core.gdbserver.<string> Port¶
Type |
integer |
Default |
|
core.force_www Try to force webserver start¶
Type |
boolean |
Default |
|
Whether to try forcing webserver start
false
true
core.cpu CPU model¶
Type |
string or null |
Default |
|
Specify non-default QEMU CPU model
core.show_output Write serial to stdout¶
Type |
boolean |
Default |
|
Whether to print QEMU serial output to stdout instead of writing to a log file
false
true
core.immutable Enable immutable mode¶
Type |
boolean |
Default |
|
Whether to run the guest filesystem in immutable mode
false
true
core.network Connect guest to network¶
Type |
boolean |
Default |
|
Whether to connect the guest to the network
false
true
core.version Config format version¶
Type |
|
Version of the config file format
core.auto_patching Enable automatic patching¶
Type |
boolean |
Default |
|
Whether to automatically apply patches named patch_.yaml or from patches/.yaml in the project directory
false
true
core.guest_cmd Enable running commands in the guest¶
Type |
boolean |
Default |
|
When enabled, starts the guesthopper daemon in the guest that the host can use to run commands over vsock
false
true
core.extra_qemu_args Extra QEMU arguments¶
Type |
string |
Patch merge behavior |
Concatenate strings separated by |
Default |
|
A list of additional QEMU command-line arguments to use when booting the guest
-vnc :0 -vga std -device usb-kbd -device usb-tablet
core.mem Panda Memory Value¶
Type |
string or null |
Default |
|
Allows users to customize memory allocation for guest
16K
512M
1G
2G
core.kernel_quiet Whether to include quiet flag in kernel command line¶
Type |
boolean |
Default |
|
If true, the kernel command line will include the quiet flag, otherwise all kernel boot messages will be printed to the console
false
true
core.smp Number of CPUs¶
Type |
integer or null |
Default |
|
Number of CPUs to emulate in the guest (Warning: This can break things)
1
2
4
core.graphics Enable graphics¶
Type |
boolean |
Default |
|
Whether to enable graphics in the guest
false
true
patches Patches¶
Type |
list of string |
Default |
|
List of paths to patch files
env Environment¶
Default |
|
Environment variables to set in the guest
VAR1: VAL1
VAR2: VAL2
FOO: DYNVALDYNVALDYNVAL
PATH: /bin:/sbin
TMPDIR: /tmp
env.<string> Value¶
Type |
string |
Default |
|
Value of the environment variable
DYNVALDYNVALDYNVAL
pseudofiles Pseudo-files¶
Default |
|
Device files to emulate in the guest
pseudofiles.<string> File emulation spec¶
How to emulate a device file
pseudofiles.<string>.name MTD name¶
Type |
string or null |
Default |
|
Name of an MTD device (ignored for non-mtd)
flash
uboot
pseudofiles.<string>.size File size¶
Type |
integer or null |
Default |
|
Size of the pseudofile to be reported by stat(). This must be specified for mmap() on the pseudofile to work.
1
4096
pseudofiles.<string>.read Read¶
Default |
|
How to handle reads from the file
pseudofiles.<string>.read.<model=zero> Read a zero¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Read modelling method (read a zero) |
pseudofiles.<string>.read.<model=empty> Read empty file¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Read modelling method (read empty file) |
pseudofiles.<string>.read.<model=const_buf> Read a constant buffer¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Read modelling method (read a constant buffer) |
|
|
string |
Pseudofile contents |
pseudofiles.<string>.read.<model=const_map> Read a constant map¶
pseudofiles.<string>.read.<model=const_map>.model Read modelling method (read a constant map)¶
Type |
|
pseudofiles.<string>.read.<model=const_map>.pad Byte for padding file¶
Type |
string or integer |
Default |
|
pseudofiles.<string>.read.<model=const_map>.size File size¶
Type |
integer |
Default |
|
pseudofiles.<string>.read.<model=const_map>.vals Mapping from file offsets to data¶
pseudofiles.<string>.read.<model=const_map>.vals.<integer> Data to place in the file at an offset¶
Type |
string or list of integer or list of string |
Default |
|
When this is a list of integers, it treated as a byte array. When this is a list of strings, the strings are separated by null bytes.
pseudofiles.<string>.read.<model=const_map_file> Read a constant map with host file¶
pseudofiles.<string>.read.<model=const_map_file>.model Read modelling method (read a constant map with host file)¶
Type |
|
pseudofiles.<string>.read.<model=const_map_file>.filename Path to host file to store constant map¶
Type |
string |
pseudofiles.<string>.read.<model=const_map_file>.pad Byte for padding file¶
Type |
string or integer |
Default |
|
pseudofiles.<string>.read.<model=const_map_file>.size File size¶
Type |
integer |
Default |
|
pseudofiles.<string>.read.<model=const_map_file>.vals Mapping from file offsets to data¶
pseudofiles.<string>.read.<model=const_map_file>.vals.<integer> Data to place in the file at an offset¶
Type |
string or list of integer or list of string |
Default |
|
When this is a list of integers, it treated as a byte array. When this is a list of strings, the strings are separated by null bytes.
pseudofiles.<string>.read.<model=from_file> Read from a host file¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Read modelling method (read from a host file) |
|
|
string |
Path to host file |
pseudofiles.<string>.read.<model=from_plugin> Read from a custom PyPlugin¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Read modelling method (read from a custom pyplugin) |
|
|
string |
Name of the loaded PyPlugin |
|
|
string or null |
|
Function to call |
pseudofiles.<string>.read.<model=default> Default¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Read modelling method (default) |
pseudofiles.<string>.write Write¶
Default |
|
How to handle writes to the file
pseudofiles.<string>.write.<model=to_file> Write to host file¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Write modelling method (write to host file) |
|
|
string |
Path to host file |
pseudofiles.<string>.write.<model=from_plugin> Read from a custom PyPlugin¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Write modelling method (read from a custom pyplugin) |
|
|
string |
Name of the loaded PyPlugin |
|
|
string or null |
|
Function to call |
pseudofiles.<string>.write.<model=discard> Discard write¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Write modelling method (discard write) |
pseudofiles.<string>.write.<model=default> Default¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Write modelling method (default) |
pseudofiles.<string>.ioctl ioctl¶
Default |
|
How to handle ioctl() calls
'*':
model: return_const
val: 0
'1000':
model: return_const
val: 5
'*':
model: return_const
function: ioctl_handler
model: from_plugin
plugin: my_plugin
pseudofiles.<string>.ioctl.<integer or "*"> Ioctl¶
Default |
|
pseudofiles.<string>.ioctl.<integer or "*">.<model=return_const> Return a constant¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
ioctl modelling method (return a constant) |
|
|
integer |
Constant to return |
pseudofiles.<string>.ioctl.<integer or "*">.<model=symex> Symbolic execution¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
ioctl modelling method (symbolic execution) |
pseudofiles.<string>.ioctl.<integer or "*">.<model=from_plugin> ioctl from a custom PyPlugin¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
ioctl modelling method (ioctl from a custom pyplugin) |
|
|
string |
Name of the loaded PyPlugin |
|
|
string or null |
|
Function to call |
nvram NVRAM¶
Default |
|
NVRAM values to add to the guest
nvram.<string> NVRAM value¶
Type |
string or integer |
Default |
|
netdevs Network devices¶
Type |
list of string |
Default |
|
Names for guest network interfaces
- eth0
- eth1
- ens33
- wlp3s0
uboot_env U-Boot environment¶
Default |
|
U-Boot environment variables to set in the guest
uboot_env.<string> Value¶
Type |
string |
Default |
|
Value of the U-Boot environment variable
blocked_signals List of blocked signals¶
Type |
list of integer |
Default |
|
Signals numbers to block within the guest. Supported values are 6 (SIGABRT), 9 (SIGKILL), 15 (SIGTERM), and 17 (SIGCHLD).
lib_inject Injected library configuration¶
Library functions to be intercepted
lib_inject.aliases Injected library aliases¶
Default |
|
Mapping between names of external library functions and names of functions defined in the injected library. This allows replacing arbitrary library functions with your own code.
fputs: 'false'
nvram_load: nvram_init
lib_inject.aliases.<string> Injected library alias target¶
Type |
string |
Default |
|
This is the name of the target function that the alias points to.
nvram_init
'true'
'false'
lib_inject.extra Extra injected library code¶
Type |
string |
Patch merge behavior |
Concatenate strings separated by |
Default |
|
Custom source code for library functions to intercept and model
static_files Static files¶
Files to create in the guest filesystem
{}
/path/to/file:
contents: Hello world!
type: file
/path/to/symlink/source:
target: /path/to/symlink/target
type: symlink
/dev/some_device:
devtype: char
major: 1
minor: 2
mode: 438
type: dev
static_files.<string> Static filesystem action¶
Default |
|
static_files.<string>.<type=inline_file> Add inline file¶
Add a file with contents specified inline in this config
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Type of file action (add inline file) |
|
|
integer |
Permissions of file |
|
|
string |
Contents of file |
static_files.<string>.<type=host_file> Copy host file¶
Copy a file from the host into the guest
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Type of file action (copy host file) |
|
|
integer |
Permissions of file |
|
|
string |
Host path |
static_files.<string>.<type=dir> Add directory¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Type of file action (add directory) |
|
|
integer |
Permissions of directory |
static_files.<string>.<type=symlink> Add symbolic link¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Type of file action (add symbolic link) |
|
|
string |
Target linked path |
static_files.<string>.<type=dev> Add device file¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Type of file action (add device file) |
|
|
|
Type of device file |
|
|
integer |
Major device number |
|
|
integer |
Minor device number |
|
|
integer |
Permissions of device file |
static_files.<string>.<type=delete> Delete file¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Type of file action (delete file) |
static_files.<string>.<type=move> Move file¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Type of file action (move file) |
|
|
string |
File to be moved to the specified location |
|
|
integer or null |
|
Permissions of target file |
static_files.<string>.<type=shim> Shim file¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
|
Type of file action (shim file) |
|
|
string |
Target file we want the shim to be symlinked to |
static_files.<string>.<type=binary_patch> Patch binary file¶
Make a patch to a binary file at the specified offset. This can either be arbitrary bytes specified as a hex string, or assembly code that will be automatically assembled in the specified mode.
Field |
Type |
Default |
Title |
Examples |
|---|---|---|---|---|
|
|
Type of file action (patch binary file) |
||
|
integer |
File offset (integer) |
||
|
string or null |
|
Bytes to write at offset (hex string) |
|
|
string or null |
|
Assembly code to write at offset (runs through keystone) |
|
|
string or null |
|
Assembly mode |
|
plugins Plugins¶
plugins.<string> Plugin¶
Field |
Type |
Default |
Title |
|---|---|---|---|
|
string or null |
|
Plugin description |
|
string or null |
|
Plugin dependency |
|
boolean |
|
Enable this plugin (default depends on plugin) |
|
string or null |
|
Plugin version |
network Network Configuration¶
Default |
|
Configuration for networks to attach to guest
network.external Set up NAT for outgoing connections¶
Configuration for NAT for external connections
network.external.mac MAC Address for external interface¶
Type |
string or null |
Default |
|
MAC Address for external network interface
network.external.pcap pcap file name¶
Type |
boolean or null |
Default |
|
Whether to capture traffic over the external net in a pcap file. The file will be called ‘ext.pcap’ in the output directory. Capture disabled if unset.