pyplugins.interventions package

Penguin Interventions Plugins

This package contains a collection of Penguin interventions plugins for dynamic analysis, emulation, and modeling of embedded Linux systems. These plugins provide mechanisms to intercept, log, and model various guest OS behaviors, such as pseudo-file accesses, NVRAM operations, symbolic execution of IOCTLs, and more.

Overview

Purpose: Enhance the observability, control, and modeling of guest system interactions during emulation or analysis. Useful for firmware analysis, device modeling, and dynamic introspection.

Key Plugins: - pseudofiles: Model and log accesses to pseudo-files (e.g., /dev, /proc, /sys). - nvram2: Track and log NVRAM get/set/clear operations. - hyperfile: Provide a hypercall-based interface for guest/host file operations. - symex: Symbolically execute IOCTLs to discover distinct execution paths and constraints.

Usage: Plugins are loaded via the Penguin framework and can be configured for specific analysis tasks.

---

See individual plugin modules for detailed documentation and configuration options.

Submodules

• pyplugins.interventions.hyperfile module
  • HyperFile Plugin
    • Features
    • Example Usage
    • File Model Example
    • Classes
    • Functions
  • HyperFile
    • getattr()
    • handle_file_op()
    • handle_get_hyperfile_paths()
    • handle_get_num_hyperfiles()
    • handle_result()
    • ioctl()
    • ioctl_unhandled()
    • read_unhandled()
    • read_zero()
    • uninit()
    • write_discard()
    • write_unhandled()
  • hyper()
  • hyper2name()
• pyplugins.interventions.kernelversion module
  • Kernel Version Utilities
    • Features
    • Classes
  • KernelVersion
    • change_uname()
    • create_string()
    • domainname
    • machine
    • nodename
    • outdir
    • release
    • sysname
    • version
• pyplugins.interventions.kmods module
  • Kernel Module Tracker
    • Features
    • Configuration
    • Outputs
  • KmodTracker
    • finit_module()
    • init_module()
    • is_allowed()
    • is_denied()
    • track_kmod()
• pyplugins.interventions.lifeguard module
  • Lifeguard: Signal Blocking Plugin
    • Features
    • Usage
  • Lifeguard
    • blocked_signals
    • on_sys_kill_enter()
    • outdir
• pyplugins.interventions.mount module
  • Mount Tracker Plugin
    • Purpose
    • Usage
    • Example
  • MountTracker
    • find_mount()
    • log_mount()
    • post_mount()
• pyplugins.interventions.nvram2 module
  • NVRAM Tracker Plugin
    • Purpose
    • Usage
    • Example
  • Nvram2
    • log_write()
    • on_nvram_clear()
    • on_nvram_get()
    • on_nvram_get_hit()
    • on_nvram_get_miss()
    • on_nvram_logging_enabled()
    • on_nvram_set()
  • add_lib_inject_all_abis()
  • add_lib_inject_for_abi()
  • prep_config()
• pyplugins.interventions.pseudofiles module
  • Pseudofiles Plugin
    • Purpose
    • Usage
    • Example
  • Pseudofiles
    • centralized_log()
    • dump_results()
    • fail_detect_ioctl()
    • fail_detect_opens()
    • gen_hyperfile_function()
    • hyp_enoent()
    • ioctl_default()
    • log_ioctl_failure()
    • populate_hf_config()
    • proc_mtd_check()
    • read_const_buf()
    • read_const_map()
    • read_const_map_file()
    • read_default()
    • read_empty()
    • read_from_file()
    • read_one()
    • read_zero()
    • symex_ioctl_return()
    • uninit()
    • write_default()
    • write_discard()
    • write_to_file()
  • get_total_counts()
  • ignore_cmd()
  • ignore_ioctl_path()
  • make_rwif()
  • path_interesting()
  • proc_interesting()
  • sort_file_failures()
• pyplugins.interventions.remotectrl module
  • RemoteCtrl Plugin
    • Socket Protocol
    • Supported Commands
    • Example Payload
    • Dependencies
  • RemoteCtrl
    • uninit()
• pyplugins.interventions.symex module