pyplugins.interventions.nvram2 module

NVRAM Tracker Plugin

This module provides a plugin for tracking NVRAM (non-volatile RAM) operations in the guest environment. It is intended for use with the Penguin analysis framework and is implemented as a plugin.

Purpose

  • Tracks NVRAM get (hit/miss), set, and clear operations.

  • Logs all operations to a CSV file for later analysis.

  • Optionally enables debug logging for set operations.

Usage

The plugin can be configured with the following arguments: - outdir: Output directory for logs. - verbose: Enables debug logging for set operations. - logging: Enables or disables logging of NVRAM operations (default: True).

Example

from penguin import plugins
plugins.load("interventions.nvram2", outdir="/tmp", verbose=True)

If logging is enabled, NVRAM operations are logged to nvram.csv in the specified output directory.

class pyplugins.interventions.nvram2.Nvram2[source]

Bases: Plugin

Nvram2 Plugin

Tracks and logs NVRAM operations in the guest.

Attributes

outdirstr

Output directory for logs.

Behavior

  • Subscribes to NVRAM get (hit/miss), set, and clear events.

  • Logs each operation to a CSV file.

log_write(entry)[source]

Write a log entry to the CSV file.

Parameters

entrystr

Log entry to write

Returns

None

Parameters:

entry (str)

Return type:

None

on_nvram_clear(regs, key)[source]

Handles and logs an NVRAM clear operation.

Parameters

regsobject

CPU register/context (opaque, framework-specific)

keystr

NVRAM key being cleared

Returns

None

Parameters:

key (str)

Return type:

None

on_nvram_get(regs, key, hit)[source]

Logs an NVRAM get operation (hit or miss).

Parameters

regsobject

CPU register/context (opaque, framework-specific)

keystr

NVRAM key accessed

hitbool

True if get was a hit, False if miss

Returns

None

Parameters:

  • key (str)

  • hit (bool)

Return type:

None

on_nvram_get_hit(regs, key)[source]

Handles an NVRAM get hit event.

Parameters

regsobject

CPU register/context (opaque, framework-specific)

keystr

NVRAM key accessed

Returns

None

Parameters:

key (str)

Return type:

None

on_nvram_get_miss(regs, key)[source]

Handles an NVRAM get miss event.

Parameters

regsobject

CPU register/context (opaque, framework-specific)

keystr

NVRAM key accessed

Returns

None

Parameters:

key (str)

Return type:

None

on_nvram_logging_enabled(regs)[source]

Handles and logs an NVRAM clear operation. Sets return value register to 1 if logging is enabled, 0 otherwise.

Parameters

regsobject

CPU register/context (opaque, framework-specific)

Returns

None

Return type:

None

on_nvram_set(regs, key, newval)[source]

Handles and logs an NVRAM set operation.

Parameters

regsobject

CPU register/context (opaque, framework-specific)

keystr

NVRAM key being set

newvalstr

New value being set

Returns

None

Parameters:

  • key (str)

  • newval (str)

Return type:

None

pyplugins.interventions.nvram2.add_lib_inject_all_abis(conf, cache_dir)[source]

Add lib_inject for all supported ABIs to /igloo

pyplugins.interventions.nvram2.add_lib_inject_for_abi(config, abi, cache_dir)[source]

Compile lib_inject for the ABI and put it in /igloo, using cache_dir for caching

pyplugins.interventions.nvram2.prep_config(conf, cache_dir)[source]