diff --git a/src/mvt/android/modules/adb/__init__.py b/src/mvt/android/modules/adb/__init__.py index 1832134..b2b4368 100644 --- a/src/mvt/android/modules/adb/__init__.py +++ b/src/mvt/android/modules/adb/__init__.py @@ -4,15 +4,7 @@ # https://license.mvt.re/1.1/ from .chrome_history import ChromeHistory -from .dumpsys_accessibility import DumpsysAccessibility -from .dumpsys_activities import DumpsysActivities -from .dumpsys_appops import DumpsysAppOps -from .dumpsys_battery_daily import DumpsysBatteryDaily -from .dumpsys_battery_history import DumpsysBatteryHistory -from .dumpsys_dbinfo import DumpsysDBInfo -from .dumpsys_adbstate import DumpsysADBState from .dumpsys_full import DumpsysFull -from .dumpsys_receivers import DumpsysReceivers from .files import Files from .getprop import Getprop from .logcat import Logcat @@ -32,15 +24,7 @@ ADB_MODULES = [ Getprop, Settings, SELinuxStatus, - DumpsysBatteryHistory, - DumpsysBatteryDaily, - DumpsysReceivers, - DumpsysActivities, - DumpsysAccessibility, - DumpsysDBInfo, - DumpsysADBState, DumpsysFull, - DumpsysAppOps, Packages, Logcat, RootBinaries, diff --git a/src/mvt/android/modules/adb/dumpsys_accessibility.py b/src/mvt/android/modules/adb/dumpsys_accessibility.py deleted file mode 100644 index a987ae4..0000000 --- a/src/mvt/android/modules/adb/dumpsys_accessibility.py +++ /dev/null @@ -1,49 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Optional - -from mvt.android.artifacts.dumpsys_accessibility import DumpsysAccessibilityArtifact - -from .base import AndroidExtraction - - -class DumpsysAccessibility(DumpsysAccessibilityArtifact, AndroidExtraction): - """This module extracts stats on accessibility.""" - - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Optional[list] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - def run(self) -> None: - self._adb_connect() - output = self._adb_command("dumpsys accessibility") - self._adb_disconnect() - - self.parse(output) - - for result in self.results: - self.log.info( - 'Found installed accessibility service "%s"', result.get("service") - ) - - self.log.info( - "Identified a total of %d accessibility services", len(self.results) - ) diff --git a/src/mvt/android/modules/adb/dumpsys_activities.py b/src/mvt/android/modules/adb/dumpsys_activities.py deleted file mode 100644 index 5125cbf..0000000 --- a/src/mvt/android/modules/adb/dumpsys_activities.py +++ /dev/null @@ -1,45 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Optional - -from mvt.android.artifacts.dumpsys_package_activities import ( - DumpsysPackageActivitiesArtifact, -) - -from .base import AndroidExtraction - - -class DumpsysActivities(DumpsysPackageActivitiesArtifact, AndroidExtraction): - """This module extracts details on receivers for risky activities.""" - - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Optional[list] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - self.results = results if results else [] - - def run(self) -> None: - self._adb_connect() - output = self._adb_command("dumpsys package") - self._adb_disconnect() - self.parse(output) - - self.log.info("Extracted %d package activities", len(self.results)) diff --git a/src/mvt/android/modules/adb/dumpsys_adbstate.py b/src/mvt/android/modules/adb/dumpsys_adbstate.py deleted file mode 100644 index 0bcd8fd..0000000 --- a/src/mvt/android/modules/adb/dumpsys_adbstate.py +++ /dev/null @@ -1,45 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Optional - -from mvt.android.artifacts.dumpsys_adb import DumpsysADBArtifact - -from .base import AndroidExtraction - - -class DumpsysADBState(DumpsysADBArtifact, AndroidExtraction): - """This module extracts ADB keystore state.""" - - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Optional[list] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - def run(self) -> None: - self._adb_connect() - output = self._adb_command("dumpsys adb", decode=False) - self._adb_disconnect() - - self.parse(output) - if self.results: - self.log.info( - "Identified a total of %d trusted ADB keys", - len(self.results[0].get("user_keys", [])), - ) diff --git a/src/mvt/android/modules/adb/dumpsys_appops.py b/src/mvt/android/modules/adb/dumpsys_appops.py deleted file mode 100644 index 7a7594e..0000000 --- a/src/mvt/android/modules/adb/dumpsys_appops.py +++ /dev/null @@ -1,46 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Optional - -from mvt.android.artifacts.dumpsys_appops import DumpsysAppopsArtifact - -from .base import AndroidExtraction - - -class DumpsysAppOps(DumpsysAppopsArtifact, AndroidExtraction): - """This module extracts records from App-op Manager.""" - - slug = "dumpsys_appops" - - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Optional[list] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - def run(self) -> None: - self._adb_connect() - output = self._adb_command("dumpsys appops") - self._adb_disconnect() - - self.parse(output) - - self.log.info( - "Extracted a total of %d records from app-ops manager", len(self.results) - ) diff --git a/src/mvt/android/modules/adb/dumpsys_battery_daily.py b/src/mvt/android/modules/adb/dumpsys_battery_daily.py deleted file mode 100644 index 3a9eee6..0000000 --- a/src/mvt/android/modules/adb/dumpsys_battery_daily.py +++ /dev/null @@ -1,44 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Optional - -from mvt.android.artifacts.dumpsys_battery_daily import DumpsysBatteryDailyArtifact - -from .base import AndroidExtraction - - -class DumpsysBatteryDaily(DumpsysBatteryDailyArtifact, AndroidExtraction): - """This module extracts records from battery daily updates.""" - - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Optional[list] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - def run(self) -> None: - self._adb_connect() - output = self._adb_command("dumpsys batterystats --daily") - self._adb_disconnect() - - self.parse(output) - - self.log.info( - "Extracted %d records from battery daily stats", len(self.results) - ) diff --git a/src/mvt/android/modules/adb/dumpsys_battery_history.py b/src/mvt/android/modules/adb/dumpsys_battery_history.py deleted file mode 100644 index aac134c..0000000 --- a/src/mvt/android/modules/adb/dumpsys_battery_history.py +++ /dev/null @@ -1,42 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Optional - -from mvt.android.artifacts.dumpsys_battery_history import DumpsysBatteryHistoryArtifact - -from .base import AndroidExtraction - - -class DumpsysBatteryHistory(DumpsysBatteryHistoryArtifact, AndroidExtraction): - """This module extracts records from battery history events.""" - - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Optional[list] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - def run(self) -> None: - self._adb_connect() - output = self._adb_command("dumpsys batterystats --history") - self._adb_disconnect() - - self.parse(output) - - self.log.info("Extracted %d records from battery history", len(self.results)) diff --git a/src/mvt/android/modules/adb/dumpsys_dbinfo.py b/src/mvt/android/modules/adb/dumpsys_dbinfo.py deleted file mode 100644 index e6b772b..0000000 --- a/src/mvt/android/modules/adb/dumpsys_dbinfo.py +++ /dev/null @@ -1,47 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Optional - -from mvt.android.artifacts.dumpsys_dbinfo import DumpsysDBInfoArtifact - -from .base import AndroidExtraction - - -class DumpsysDBInfo(DumpsysDBInfoArtifact, AndroidExtraction): - """This module extracts records from battery daily updates.""" - - slug = "dumpsys_dbinfo" - - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Optional[list] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - def run(self) -> None: - self._adb_connect() - output = self._adb_command("dumpsys dbinfo") - self._adb_disconnect() - - self.parse(output) - - self.log.info( - "Extracted a total of %d records from database information", - len(self.results), - ) diff --git a/src/mvt/android/modules/adb/dumpsys_receivers.py b/src/mvt/android/modules/adb/dumpsys_receivers.py deleted file mode 100644 index c4759c4..0000000 --- a/src/mvt/android/modules/adb/dumpsys_receivers.py +++ /dev/null @@ -1,44 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Optional - -from mvt.android.artifacts.dumpsys_receivers import DumpsysReceiversArtifact - -from .base import AndroidExtraction - - -class DumpsysReceivers(DumpsysReceiversArtifact, AndroidExtraction): - """This module extracts details on receivers for risky activities.""" - - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Optional[list] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - self.results = results if results else {} - - def run(self) -> None: - self._adb_connect() - - output = self._adb_command("dumpsys package") - self.parse(output) - - self._adb_disconnect() - self.log.info("Extracted receivers for %d intents", len(self.results)) diff --git a/src/mvt/android/modules/androidqf/__init__.py b/src/mvt/android/modules/androidqf/__init__.py index cdb0af8..c6a3e1f 100644 --- a/src/mvt/android/modules/androidqf/__init__.py +++ b/src/mvt/android/modules/androidqf/__init__.py @@ -3,38 +3,18 @@ # Use of this software is governed by the MVT License 1.1 that can be found at # https://license.mvt.re/1.1/ -from .dumpsys_accessibility import DumpsysAccessibility -from .dumpsys_activities import DumpsysActivities -from .dumpsys_appops import DumpsysAppops -from .dumpsys_battery_daily import DumpsysBatteryDaily -from .dumpsys_battery_history import DumpsysBatteryHistory -from .dumpsys_dbinfo import DumpsysDBInfo -from .dumpsys_packages import DumpsysPackages -from .dumpsys_receivers import DumpsysReceivers -from .dumpsys_adb import DumpsysADBState -from .getprop import Getprop -from .packages import Packages -from .dumpsys_platform_compat import DumpsysPlatformCompat -from .processes import Processes -from .settings import Settings +from .aqf_getprop import AQFGetProp +from .aqf_packages import AQFPackages +from .aqf_processes import AQFProcesses +from .aqf_settings import AQFSettings +from .aqf_files import AQFFiles from .sms import SMS -from .files import Files ANDROIDQF_MODULES = [ - DumpsysActivities, - DumpsysReceivers, - DumpsysAccessibility, - DumpsysAppops, - DumpsysDBInfo, - DumpsysBatteryDaily, - DumpsysBatteryHistory, - DumpsysADBState, - Packages, - DumpsysPlatformCompat, - Processes, - Getprop, - Settings, + AQFPackages, + AQFProcesses, + AQFGetProp, + AQFSettings, + AQFFiles, SMS, - DumpsysPackages, - Files, ] diff --git a/src/mvt/android/modules/androidqf/files.py b/src/mvt/android/modules/androidqf/aqf_files.py similarity index 94% rename from src/mvt/android/modules/androidqf/files.py rename to src/mvt/android/modules/androidqf/aqf_files.py index 22b832c..90eb3b8 100644 --- a/src/mvt/android/modules/androidqf/files.py +++ b/src/mvt/android/modules/androidqf/aqf_files.py @@ -21,8 +21,13 @@ SUSPICIOUS_PATHS = [ ] -class Files(AndroidQFModule): - """This module analyse list of files""" +class AQFFiles(AndroidQFModule): + """ + This module analyzes the files.json dump generated by AndroidQF. + + The format needs to be kept in sync with the AndroidQF module code. + https://github.com/mvt-project/androidqf/blob/main/android-collector/cmd/find.go#L28 + """ def __init__( self, diff --git a/src/mvt/android/modules/androidqf/getprop.py b/src/mvt/android/modules/androidqf/aqf_getprop.py similarity index 96% rename from src/mvt/android/modules/androidqf/getprop.py rename to src/mvt/android/modules/androidqf/aqf_getprop.py index e14abd9..35514f8 100644 --- a/src/mvt/android/modules/androidqf/getprop.py +++ b/src/mvt/android/modules/androidqf/aqf_getprop.py @@ -11,7 +11,7 @@ from mvt.android.artifacts.getprop import GetProp as GetPropArtifact from .base import AndroidQFModule -class Getprop(GetPropArtifact, AndroidQFModule): +class AQFGetProp(GetPropArtifact, AndroidQFModule): """This module extracts data from get properties.""" def __init__( diff --git a/src/mvt/android/modules/androidqf/logfile_timestamps.py b/src/mvt/android/modules/androidqf/aqf_log_timestamps.py similarity index 92% rename from src/mvt/android/modules/androidqf/logfile_timestamps.py rename to src/mvt/android/modules/androidqf/aqf_log_timestamps.py index b37851d..e5a1410 100644 --- a/src/mvt/android/modules/androidqf/logfile_timestamps.py +++ b/src/mvt/android/modules/androidqf/aqf_log_timestamps.py @@ -13,10 +13,10 @@ from .base import AndroidQFModule from mvt.android.artifacts.file_timestamps import FileTimestampsArtifact -class LogsFileTimestamps(FileTimestampsArtifact, AndroidQFModule): - """This module extracts records from battery daily updates.""" +class AQFLogTimestamps(FileTimestampsArtifact, AndroidQFModule): + """This module creates timeline for log files extracted by AQF.""" - slug = "logfile_timestamps" + slug = "aqf_log_timestamps" def __init__( self, diff --git a/src/mvt/android/modules/androidqf/packages.py b/src/mvt/android/modules/androidqf/aqf_packages.py similarity index 99% rename from src/mvt/android/modules/androidqf/packages.py rename to src/mvt/android/modules/androidqf/aqf_packages.py index 1d36777..500b3d4 100644 --- a/src/mvt/android/modules/androidqf/packages.py +++ b/src/mvt/android/modules/androidqf/aqf_packages.py @@ -19,7 +19,7 @@ from mvt.android.utils import ( from .base import AndroidQFModule -class Packages(AndroidQFModule): +class AQFPackages(AndroidQFModule): """This module examines the installed packages in packages.json""" def __init__( diff --git a/src/mvt/android/modules/androidqf/processes.py b/src/mvt/android/modules/androidqf/aqf_processes.py similarity index 95% rename from src/mvt/android/modules/androidqf/processes.py rename to src/mvt/android/modules/androidqf/aqf_processes.py index f2c5e08..3faabb4 100644 --- a/src/mvt/android/modules/androidqf/processes.py +++ b/src/mvt/android/modules/androidqf/aqf_processes.py @@ -11,7 +11,7 @@ from mvt.android.artifacts.processes import Processes as ProcessesArtifact from .base import AndroidQFModule -class Processes(ProcessesArtifact, AndroidQFModule): +class AQFProcesses(ProcessesArtifact, AndroidQFModule): """This module analyse running processes""" def __init__( diff --git a/src/mvt/android/modules/androidqf/settings.py b/src/mvt/android/modules/androidqf/aqf_settings.py similarity index 96% rename from src/mvt/android/modules/androidqf/settings.py rename to src/mvt/android/modules/androidqf/aqf_settings.py index 79f55ef..46a70fb 100644 --- a/src/mvt/android/modules/androidqf/settings.py +++ b/src/mvt/android/modules/androidqf/aqf_settings.py @@ -11,7 +11,7 @@ from mvt.android.artifacts.settings import Settings as SettingsArtifact from .base import AndroidQFModule -class Settings(SettingsArtifact, AndroidQFModule): +class AQFSettings(SettingsArtifact, AndroidQFModule): """This module analyse setting files""" def __init__( diff --git a/src/mvt/android/modules/androidqf/dumpsys_accessibility.py b/src/mvt/android/modules/androidqf/dumpsys_accessibility.py deleted file mode 100644 index 0712ef4..0000000 --- a/src/mvt/android/modules/androidqf/dumpsys_accessibility.py +++ /dev/null @@ -1,51 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Optional - -from mvt.android.artifacts.dumpsys_accessibility import DumpsysAccessibilityArtifact - -from .base import AndroidQFModule - - -class DumpsysAccessibility(DumpsysAccessibilityArtifact, AndroidQFModule): - """This module analyses dumpsys accessibility""" - - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Optional[list] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - def run(self) -> None: - dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt") - if not dumpsys_file: - return - - data = self._get_file_content(dumpsys_file[0]).decode("utf-8", errors="replace") - content = self.extract_dumpsys_section(data, "DUMP OF SERVICE accessibility:") - self.parse(content) - - for result in self.results: - self.log.info( - 'Found installed accessibility service "%s"', result.get("service") - ) - - self.log.info( - "Identified a total of %d accessibility services", len(self.results) - ) diff --git a/src/mvt/android/modules/androidqf/dumpsys_activities.py b/src/mvt/android/modules/androidqf/dumpsys_activities.py deleted file mode 100644 index 950d0e5..0000000 --- a/src/mvt/android/modules/androidqf/dumpsys_activities.py +++ /dev/null @@ -1,50 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Optional - -from mvt.android.artifacts.dumpsys_package_activities import ( - DumpsysPackageActivitiesArtifact, -) - -from .base import AndroidQFModule - - -class DumpsysActivities(DumpsysPackageActivitiesArtifact, AndroidQFModule): - """This module extracts details on receivers for risky activities.""" - - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Optional[list] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - self.results = results if results else [] - - def run(self) -> None: - dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt") - if not dumpsys_file: - return - - # Get data and extract the dumpsys section - data = self._get_file_content(dumpsys_file[0]).decode("utf-8", errors="replace") - content = self.extract_dumpsys_section(data, "DUMP OF SERVICE package:") - # Parse it - self.parse(content) - - self.log.info("Extracted %d package activities", len(self.results)) diff --git a/src/mvt/android/modules/androidqf/dumpsys_adb.py b/src/mvt/android/modules/androidqf/dumpsys_adb.py deleted file mode 100644 index 10d8a4d..0000000 --- a/src/mvt/android/modules/androidqf/dumpsys_adb.py +++ /dev/null @@ -1,51 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Optional - -from mvt.android.artifacts.dumpsys_adb import DumpsysADBArtifact - -from .base import AndroidQFModule - - -class DumpsysADBState(DumpsysADBArtifact, AndroidQFModule): - """This module extracts ADB keystore state.""" - - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Optional[list] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - def run(self) -> None: - dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt") - if not dumpsys_file: - return - - full_dumpsys = self._get_file_content(dumpsys_file[0]) - content = self.extract_dumpsys_section( - full_dumpsys, - b"DUMP OF SERVICE adb:", - binary=True, - ) - self.parse(content) - if self.results: - self.log.info( - "Identified a total of %d trusted ADB keys", - len(self.results[0].get("user_keys", [])), - ) diff --git a/src/mvt/android/modules/androidqf/dumpsys_appops.py b/src/mvt/android/modules/androidqf/dumpsys_appops.py deleted file mode 100644 index 350b5c8..0000000 --- a/src/mvt/android/modules/androidqf/dumpsys_appops.py +++ /dev/null @@ -1,46 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Optional - -from mvt.android.artifacts.dumpsys_appops import DumpsysAppopsArtifact - -from .base import AndroidQFModule - - -class DumpsysAppops(DumpsysAppopsArtifact, AndroidQFModule): - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Optional[list] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - def run(self) -> None: - dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt") - if not dumpsys_file: - return - - # Extract section - data = self._get_file_content(dumpsys_file[0]) - section = self.extract_dumpsys_section( - data.decode("utf-8", errors="replace"), "DUMP OF SERVICE appops:" - ) - - # Parse it - self.parse(section) - self.log.info("Identified %d applications in AppOps Manager", len(self.results)) diff --git a/src/mvt/android/modules/androidqf/dumpsys_battery_daily.py b/src/mvt/android/modules/androidqf/dumpsys_battery_daily.py deleted file mode 100644 index 4a19178..0000000 --- a/src/mvt/android/modules/androidqf/dumpsys_battery_daily.py +++ /dev/null @@ -1,46 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Optional - -from mvt.android.artifacts.dumpsys_battery_daily import DumpsysBatteryDailyArtifact - -from .base import AndroidQFModule - - -class DumpsysBatteryDaily(DumpsysBatteryDailyArtifact, AndroidQFModule): - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Optional[list] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - def run(self) -> None: - dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt") - if not dumpsys_file: - return - - # Extract section - data = self._get_file_content(dumpsys_file[0]) - section = self.extract_dumpsys_section( - data.decode("utf-8", errors="replace"), "DUMP OF SERVICE batterystats:" - ) - - # Parse it - self.parse(section) - self.log.info("Extracted a total of %d battery daily stats", len(self.results)) diff --git a/src/mvt/android/modules/androidqf/dumpsys_battery_history.py b/src/mvt/android/modules/androidqf/dumpsys_battery_history.py deleted file mode 100644 index 4a4bef3..0000000 --- a/src/mvt/android/modules/androidqf/dumpsys_battery_history.py +++ /dev/null @@ -1,46 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Optional - -from mvt.android.artifacts.dumpsys_battery_history import DumpsysBatteryHistoryArtifact - -from .base import AndroidQFModule - - -class DumpsysBatteryHistory(DumpsysBatteryHistoryArtifact, AndroidQFModule): - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Optional[list] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - def run(self) -> None: - dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt") - if not dumpsys_file: - return - - # Extract section - data = self._get_file_content(dumpsys_file[0]) - section = self.extract_dumpsys_section( - data.decode("utf-8", errors="replace"), "DUMP OF SERVICE batterystats:" - ) - - # Parse it - self.parse(section) - self.log.info("Extracted a total of %d battery daily stats", len(self.results)) diff --git a/src/mvt/android/modules/androidqf/dumpsys_dbinfo.py b/src/mvt/android/modules/androidqf/dumpsys_dbinfo.py deleted file mode 100644 index 09c8f6f..0000000 --- a/src/mvt/android/modules/androidqf/dumpsys_dbinfo.py +++ /dev/null @@ -1,46 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Optional - -from mvt.android.artifacts.dumpsys_dbinfo import DumpsysDBInfoArtifact - -from .base import AndroidQFModule - - -class DumpsysDBInfo(DumpsysDBInfoArtifact, AndroidQFModule): - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Optional[list] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - def run(self) -> None: - dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt") - if not dumpsys_file: - return - - # Extract dumpsys DBInfo section - data = self._get_file_content(dumpsys_file[0]) - section = self.extract_dumpsys_section( - data.decode("utf-8", errors="replace"), "DUMP OF SERVICE dbinfo:" - ) - - # Parse it - self.parse(section) - self.log.info("Identified %d DB Info entries", len(self.results)) diff --git a/src/mvt/android/modules/androidqf/dumpsys_packages.py b/src/mvt/android/modules/androidqf/dumpsys_packages.py deleted file mode 100644 index 8df7144..0000000 --- a/src/mvt/android/modules/androidqf/dumpsys_packages.py +++ /dev/null @@ -1,62 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Any, Dict, List, Optional - -from mvt.android.artifacts.dumpsys_packages import DumpsysPackagesArtifact -from mvt.android.modules.adb.packages import ( - DANGEROUS_PERMISSIONS, - DANGEROUS_PERMISSIONS_THRESHOLD, -) - -from .base import AndroidQFModule - - -class DumpsysPackages(DumpsysPackagesArtifact, AndroidQFModule): - """This module analyse dumpsys packages""" - - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Optional[List[Dict[str, Any]]] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - def run(self) -> None: - dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt") - if len(dumpsys_file) != 1: - self.log.info("Dumpsys file not found") - return - - data = self._get_file_content(dumpsys_file[0]).decode("utf-8", errors="replace") - content = self.extract_dumpsys_section(data, "DUMP OF SERVICE package:") - self.parse(content) - - for result in self.results: - dangerous_permissions_count = 0 - for perm in result["permissions"]: - if perm["name"] in DANGEROUS_PERMISSIONS: - dangerous_permissions_count += 1 - - if dangerous_permissions_count >= DANGEROUS_PERMISSIONS_THRESHOLD: - self.log.info( - 'Found package "%s" requested %d potentially dangerous permissions', - result["package_name"], - dangerous_permissions_count, - ) - - self.log.info("Extracted details on %d packages", len(self.results)) diff --git a/src/mvt/android/modules/androidqf/dumpsys_platform_compat.py b/src/mvt/android/modules/androidqf/dumpsys_platform_compat.py deleted file mode 100644 index 869c476..0000000 --- a/src/mvt/android/modules/androidqf/dumpsys_platform_compat.py +++ /dev/null @@ -1,44 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Optional - -from mvt.android.artifacts.dumpsys_platform_compat import DumpsysPlatformCompatArtifact - -from .base import AndroidQFModule - - -class DumpsysPlatformCompat(DumpsysPlatformCompatArtifact, AndroidQFModule): - """This module extracts details on uninstalled apps.""" - - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Optional[list] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - def run(self) -> None: - dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt") - if not dumpsys_file: - return - - data = self._get_file_content(dumpsys_file[0]).decode("utf-8", errors="replace") - content = self.extract_dumpsys_section(data, "DUMP OF SERVICE platform_compat:") - self.parse(content) - - self.log.info("Found %d uninstalled apps", len(self.results)) diff --git a/src/mvt/android/modules/androidqf/dumpsys_receivers.py b/src/mvt/android/modules/androidqf/dumpsys_receivers.py deleted file mode 100644 index 9c64d2c..0000000 --- a/src/mvt/android/modules/androidqf/dumpsys_receivers.py +++ /dev/null @@ -1,49 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from typing import Any, Dict, List, Optional, Union - -from mvt.android.artifacts.dumpsys_receivers import DumpsysReceiversArtifact - -from .base import AndroidQFModule - - -class DumpsysReceivers(DumpsysReceiversArtifact, AndroidQFModule): - """This module analyse dumpsys receivers""" - - def __init__( - self, - file_path: Optional[str] = None, - target_path: Optional[str] = None, - results_path: Optional[str] = None, - module_options: Optional[dict] = None, - log: logging.Logger = logging.getLogger(__name__), - results: Union[List[Any], Dict[str, Any], None] = None, - ) -> None: - super().__init__( - file_path=file_path, - target_path=target_path, - results_path=results_path, - module_options=module_options, - log=log, - results=results, - ) - - self.results = results if results else {} - - def run(self) -> None: - dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt") - if not dumpsys_file: - return - data = self._get_file_content(dumpsys_file[0]) - - dumpsys_section = self.extract_dumpsys_section( - data.decode("utf-8", errors="replace"), "DUMP OF SERVICE package:" - ) - - self.parse(dumpsys_section) - - self.log.info("Extracted receivers for %d intents", len(self.results)) diff --git a/src/mvt/android/modules/androidqf/sms.py b/src/mvt/android/modules/androidqf/sms.py index d7e3a9c..893e517 100644 --- a/src/mvt/android/modules/androidqf/sms.py +++ b/src/mvt/android/modules/androidqf/sms.py @@ -19,7 +19,13 @@ from .base import AndroidQFModule class SMS(AndroidQFModule): - """This module analyse SMS file in backup""" + """ + This module analyse SMS file in backup + + XXX: We should also de-duplicate this AQF module, but first we + need to add tests for loading encrypted SMS backups through the backup + sub-module. + """ def __init__( self, diff --git a/src/mvt/android/modules/bugreport/__init__.py b/src/mvt/android/modules/bugreport/__init__.py index b5a1247..1594af9 100644 --- a/src/mvt/android/modules/bugreport/__init__.py +++ b/src/mvt/android/modules/bugreport/__init__.py @@ -3,31 +3,31 @@ # Use of this software is governed by the MVT License 1.1 that can be found at # https://license.mvt.re/1.1/ -from .accessibility import Accessibility -from .activities import Activities -from .appops import Appops -from .battery_daily import BatteryDaily -from .battery_history import BatteryHistory -from .dbinfo import DBInfo -from .getprop import Getprop -from .packages import Packages -from .platform_compat import PlatformCompat -from .receivers import Receivers -from .adb_state import DumpsysADBState +from .dumpsys_accessibility import DumpsysAccessibility +from .dumpsys_activities import DumpsysActivities +from .dumpsys_appops import DumpsysAppops +from .dumpsys_battery_daily import DumpsysBatteryDaily +from .dumpsys_battery_history import DumpsysBatteryHistory +from .dumpsys_dbinfo import DumpsysDBInfo +from .dumpsys_getprop import DumpsysGetProp +from .dumpsys_packages import DumpsysPackages +from .dumpsys_platform_compat import DumpsysPlatformCompat +from .dumpsys_receivers import DumpsysReceivers +from .dumpsys_adb_state import DumpsysADBState from .fs_timestamps import BugReportTimestamps from .tombstones import Tombstones BUGREPORT_MODULES = [ - Accessibility, - Activities, - Appops, - BatteryDaily, - BatteryHistory, - DBInfo, - Getprop, - Packages, - PlatformCompat, - Receivers, + DumpsysAccessibility, + DumpsysActivities, + DumpsysAppops, + DumpsysBatteryDaily, + DumpsysBatteryHistory, + DumpsysDBInfo, + DumpsysGetProp, + DumpsysPackages, + DumpsysPlatformCompat, + DumpsysReceivers, DumpsysADBState, BugReportTimestamps, Tombstones, diff --git a/src/mvt/android/modules/bugreport/accessibility.py b/src/mvt/android/modules/bugreport/dumpsys_accessibility.py similarity index 95% rename from src/mvt/android/modules/bugreport/accessibility.py rename to src/mvt/android/modules/bugreport/dumpsys_accessibility.py index 7d30eb0..e141b2f 100644 --- a/src/mvt/android/modules/bugreport/accessibility.py +++ b/src/mvt/android/modules/bugreport/dumpsys_accessibility.py @@ -11,7 +11,7 @@ from mvt.android.artifacts.dumpsys_accessibility import DumpsysAccessibilityArti from .base import BugReportModule -class Accessibility(DumpsysAccessibilityArtifact, BugReportModule): +class DumpsysAccessibility(DumpsysAccessibilityArtifact, BugReportModule): """This module extracts stats on accessibility.""" def __init__( diff --git a/src/mvt/android/modules/bugreport/activities.py b/src/mvt/android/modules/bugreport/dumpsys_activities.py similarity index 95% rename from src/mvt/android/modules/bugreport/activities.py rename to src/mvt/android/modules/bugreport/dumpsys_activities.py index c2a20dd..a58c6f4 100644 --- a/src/mvt/android/modules/bugreport/activities.py +++ b/src/mvt/android/modules/bugreport/dumpsys_activities.py @@ -13,7 +13,7 @@ from mvt.android.artifacts.dumpsys_package_activities import ( from .base import BugReportModule -class Activities(DumpsysPackageActivitiesArtifact, BugReportModule): +class DumpsysActivities(DumpsysPackageActivitiesArtifact, BugReportModule): """This module extracts details on receivers for risky activities.""" def __init__( diff --git a/src/mvt/android/modules/bugreport/adb_state.py b/src/mvt/android/modules/bugreport/dumpsys_adb_state.py similarity index 100% rename from src/mvt/android/modules/bugreport/adb_state.py rename to src/mvt/android/modules/bugreport/dumpsys_adb_state.py diff --git a/src/mvt/android/modules/bugreport/appops.py b/src/mvt/android/modules/bugreport/dumpsys_appops.py similarity index 96% rename from src/mvt/android/modules/bugreport/appops.py rename to src/mvt/android/modules/bugreport/dumpsys_appops.py index 4fb1e7f..96b4796 100644 --- a/src/mvt/android/modules/bugreport/appops.py +++ b/src/mvt/android/modules/bugreport/dumpsys_appops.py @@ -11,7 +11,7 @@ from mvt.android.artifacts.dumpsys_appops import DumpsysAppopsArtifact from .base import BugReportModule -class Appops(DumpsysAppopsArtifact, BugReportModule): +class DumpsysAppops(DumpsysAppopsArtifact, BugReportModule): """This module extracts information on package from App-Ops Manager.""" def __init__( diff --git a/src/mvt/android/modules/bugreport/battery_daily.py b/src/mvt/android/modules/bugreport/dumpsys_battery_daily.py similarity index 95% rename from src/mvt/android/modules/bugreport/battery_daily.py rename to src/mvt/android/modules/bugreport/dumpsys_battery_daily.py index 4fdcf74..7fc8329 100644 --- a/src/mvt/android/modules/bugreport/battery_daily.py +++ b/src/mvt/android/modules/bugreport/dumpsys_battery_daily.py @@ -11,7 +11,7 @@ from mvt.android.artifacts.dumpsys_battery_daily import DumpsysBatteryDailyArtif from .base import BugReportModule -class BatteryDaily(DumpsysBatteryDailyArtifact, BugReportModule): +class DumpsysBatteryDaily(DumpsysBatteryDailyArtifact, BugReportModule): """This module extracts records from battery daily updates.""" def __init__( diff --git a/src/mvt/android/modules/bugreport/battery_history.py b/src/mvt/android/modules/bugreport/dumpsys_battery_history.py similarity index 95% rename from src/mvt/android/modules/bugreport/battery_history.py rename to src/mvt/android/modules/bugreport/dumpsys_battery_history.py index 968bbbe..729f801 100644 --- a/src/mvt/android/modules/bugreport/battery_history.py +++ b/src/mvt/android/modules/bugreport/dumpsys_battery_history.py @@ -11,7 +11,7 @@ from mvt.android.artifacts.dumpsys_battery_history import DumpsysBatteryHistoryA from .base import BugReportModule -class BatteryHistory(DumpsysBatteryHistoryArtifact, BugReportModule): +class DumpsysBatteryHistory(DumpsysBatteryHistoryArtifact, BugReportModule): """This module extracts records from battery daily updates.""" def __init__( diff --git a/src/mvt/android/modules/bugreport/dbinfo.py b/src/mvt/android/modules/bugreport/dumpsys_dbinfo.py similarity index 96% rename from src/mvt/android/modules/bugreport/dbinfo.py rename to src/mvt/android/modules/bugreport/dumpsys_dbinfo.py index 780d9fc..73902bb 100644 --- a/src/mvt/android/modules/bugreport/dbinfo.py +++ b/src/mvt/android/modules/bugreport/dumpsys_dbinfo.py @@ -11,7 +11,7 @@ from mvt.android.artifacts.dumpsys_dbinfo import DumpsysDBInfoArtifact from .base import BugReportModule -class DBInfo(DumpsysDBInfoArtifact, BugReportModule): +class DumpsysDBInfo(DumpsysDBInfoArtifact, BugReportModule): """This module extracts records from battery daily updates.""" slug = "dbinfo" diff --git a/src/mvt/android/modules/bugreport/getprop.py b/src/mvt/android/modules/bugreport/dumpsys_getprop.py similarity index 97% rename from src/mvt/android/modules/bugreport/getprop.py rename to src/mvt/android/modules/bugreport/dumpsys_getprop.py index 106d63c..acec15c 100644 --- a/src/mvt/android/modules/bugreport/getprop.py +++ b/src/mvt/android/modules/bugreport/dumpsys_getprop.py @@ -11,7 +11,7 @@ from mvt.android.artifacts.getprop import GetProp as GetPropArtifact from .base import BugReportModule -class Getprop(GetPropArtifact, BugReportModule): +class DumpsysGetProp(GetPropArtifact, BugReportModule): """This module extracts device properties from getprop command.""" def __init__( diff --git a/src/mvt/android/modules/bugreport/packages.py b/src/mvt/android/modules/bugreport/dumpsys_packages.py similarity index 97% rename from src/mvt/android/modules/bugreport/packages.py rename to src/mvt/android/modules/bugreport/dumpsys_packages.py index f1b9d63..fccf102 100644 --- a/src/mvt/android/modules/bugreport/packages.py +++ b/src/mvt/android/modules/bugreport/dumpsys_packages.py @@ -12,7 +12,7 @@ from mvt.android.utils import DANGEROUS_PERMISSIONS, DANGEROUS_PERMISSIONS_THRES from .base import BugReportModule -class Packages(DumpsysPackagesArtifact, BugReportModule): +class DumpsysPackages(DumpsysPackagesArtifact, BugReportModule): """This module extracts details on receivers for risky activities.""" def __init__( diff --git a/src/mvt/android/modules/bugreport/platform_compat.py b/src/mvt/android/modules/bugreport/dumpsys_platform_compat.py similarity index 95% rename from src/mvt/android/modules/bugreport/platform_compat.py rename to src/mvt/android/modules/bugreport/dumpsys_platform_compat.py index fadac92..e9d10e6 100644 --- a/src/mvt/android/modules/bugreport/platform_compat.py +++ b/src/mvt/android/modules/bugreport/dumpsys_platform_compat.py @@ -11,7 +11,7 @@ from mvt.android.artifacts.dumpsys_platform_compat import DumpsysPlatformCompatA from mvt.android.modules.bugreport.base import BugReportModule -class PlatformCompat(DumpsysPlatformCompatArtifact, BugReportModule): +class DumpsysPlatformCompat(DumpsysPlatformCompatArtifact, BugReportModule): """This module extracts details on uninstalled apps.""" def __init__( diff --git a/src/mvt/android/modules/bugreport/receivers.py b/src/mvt/android/modules/bugreport/dumpsys_receivers.py similarity index 95% rename from src/mvt/android/modules/bugreport/receivers.py rename to src/mvt/android/modules/bugreport/dumpsys_receivers.py index 57a87ce..591af2f 100644 --- a/src/mvt/android/modules/bugreport/receivers.py +++ b/src/mvt/android/modules/bugreport/dumpsys_receivers.py @@ -11,7 +11,7 @@ from mvt.android.artifacts.dumpsys_receivers import DumpsysReceiversArtifact from .base import BugReportModule -class Receivers(DumpsysReceiversArtifact, BugReportModule): +class DumpsysReceivers(DumpsysReceiversArtifact, BugReportModule): """This module extracts details on receivers for risky activities.""" def __init__( diff --git a/tests/android_androidqf/test_dumpsys_adbstate.py b/tests/android_androidqf/test_dumpsys_adbstate.py deleted file mode 100644 index a3ac72e..0000000 --- a/tests/android_androidqf/test_dumpsys_adbstate.py +++ /dev/null @@ -1,27 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -from pathlib import Path - -from mvt.android.modules.androidqf.dumpsys_adb import DumpsysADBState -from mvt.common.module import run_module - -from ..utils import get_android_androidqf, list_files - - -class TestDumpsysADBModule: - def test_parsing(self): - data_path = get_android_androidqf() - m = DumpsysADBState(target_path=data_path) - files = list_files(data_path) - parent_path = Path(data_path).absolute().parent.as_posix() - m.from_dir(parent_path, files) - run_module(m) - assert len(m.results) == 1 - assert len(m.detected) == 0 - - adb_statedump = m.results[0] - assert "user_keys" in adb_statedump - assert len(adb_statedump["user_keys"]) == 1 diff --git a/tests/android_androidqf/test_dumpsys_battery_daily.py b/tests/android_androidqf/test_dumpsys_battery_daily.py deleted file mode 100644 index f82f330..0000000 --- a/tests/android_androidqf/test_dumpsys_battery_daily.py +++ /dev/null @@ -1,24 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -from pathlib import Path - -from mvt.android.modules.androidqf.dumpsys_battery_daily import DumpsysBatteryDaily -from mvt.common.module import run_module - -from ..utils import get_android_androidqf, list_files - - -class TestDumpsysBatteryDailyModule: - def test_parsing(self): - data_path = get_android_androidqf() - m = DumpsysBatteryDaily(target_path=data_path) - files = list_files(data_path) - parent_path = Path(data_path).absolute().parent.as_posix() - m.from_dir(parent_path, files) - run_module(m) - assert len(m.results) == 3 - assert len(m.timeline) == 3 - assert len(m.detected) == 0 diff --git a/tests/android_androidqf/test_dumpsys_battery_history.py b/tests/android_androidqf/test_dumpsys_battery_history.py deleted file mode 100644 index fd1d0ae..0000000 --- a/tests/android_androidqf/test_dumpsys_battery_history.py +++ /dev/null @@ -1,24 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -from pathlib import Path - -from mvt.android.modules.androidqf.dumpsys_battery_history import DumpsysBatteryHistory -from mvt.common.module import run_module - -from ..utils import get_android_androidqf, list_files - - -class TestDumpsysBatteryHistoryModule: - def test_parsing(self): - data_path = get_android_androidqf() - m = DumpsysBatteryHistory(target_path=data_path) - files = list_files(data_path) - parent_path = Path(data_path).absolute().parent.as_posix() - m.from_dir(parent_path, files) - run_module(m) - assert len(m.results) == 6 - assert len(m.timeline) == 0 - assert len(m.detected) == 0 diff --git a/tests/android_androidqf/test_dumpsys_dbinfo.py b/tests/android_androidqf/test_dumpsys_dbinfo.py deleted file mode 100644 index 371a3bc..0000000 --- a/tests/android_androidqf/test_dumpsys_dbinfo.py +++ /dev/null @@ -1,24 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -from pathlib import Path - -from mvt.android.modules.androidqf.dumpsys_dbinfo import DumpsysDBInfo -from mvt.common.module import run_module - -from ..utils import get_android_androidqf, list_files - - -class TestDumpsysDBInfoModule: - def test_parsing(self): - data_path = get_android_androidqf() - m = DumpsysDBInfo(target_path=data_path) - files = list_files(data_path) - parent_path = Path(data_path).absolute().parent.as_posix() - m.from_dir(parent_path, files) - run_module(m) - assert len(m.results) == 6 - assert len(m.timeline) == 0 - assert len(m.detected) == 0 diff --git a/tests/android_androidqf/test_dumpsys_platform_compat.py b/tests/android_androidqf/test_dumpsys_platform_compat.py deleted file mode 100644 index bddc322..0000000 --- a/tests/android_androidqf/test_dumpsys_platform_compat.py +++ /dev/null @@ -1,23 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -from pathlib import Path - -from mvt.android.modules.androidqf.dumpsys_platform_compat import DumpsysPlatformCompat -from mvt.common.module import run_module - -from ..utils import get_android_androidqf, list_files - - -class TestDumpsysPlatformCompatModule: - def test_parsing(self): - data_path = get_android_androidqf() - m = DumpsysPlatformCompat(target_path=data_path) - files = list_files(data_path) - parent_path = Path(data_path).absolute().parent.as_posix() - m.from_dir(parent_path, files) - run_module(m) - assert len(m.results) == 2 - assert len(m.detected) == 0 diff --git a/tests/android_androidqf/test_dumpsysaccessbility.py b/tests/android_androidqf/test_dumpsysaccessbility.py deleted file mode 100644 index b437275..0000000 --- a/tests/android_androidqf/test_dumpsysaccessbility.py +++ /dev/null @@ -1,23 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -from pathlib import Path - -from mvt.android.modules.androidqf.dumpsys_accessibility import DumpsysAccessibility -from mvt.common.module import run_module - -from ..utils import get_android_androidqf, list_files - - -class TestDumpsysAccessibilityModule: - def test_parsing(self): - data_path = get_android_androidqf() - m = DumpsysAccessibility(target_path=data_path) - files = list_files(data_path) - parent_path = Path(data_path).absolute().parent.as_posix() - m.from_dir(parent_path, files) - run_module(m) - assert len(m.results) == 4 - assert len(m.detected) == 0 diff --git a/tests/android_androidqf/test_dumpsysappops.py b/tests/android_androidqf/test_dumpsysappops.py deleted file mode 100644 index ce74d53..0000000 --- a/tests/android_androidqf/test_dumpsysappops.py +++ /dev/null @@ -1,29 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -from pathlib import Path - -from mvt.android.modules.androidqf.dumpsys_appops import DumpsysAppops -from mvt.common.module import run_module - -from ..utils import get_android_androidqf, list_files - - -class TestDumpsysAppOpsModule: - def test_parsing(self): - data_path = get_android_androidqf() - m = DumpsysAppops(target_path=data_path) - files = list_files(data_path) - parent_path = Path(data_path).absolute().parent.as_posix() - m.from_dir(parent_path, files) - run_module(m) - assert len(m.results) == 12 - assert len(m.timeline) == 16 - - detected_by_ioc = [ - detected for detected in m.detected if detected.get("matched_indicator") - ] - assert len(m.detected) == 1 - assert len(detected_by_ioc) == 0 diff --git a/tests/android_androidqf/test_dumpsyspackages.py b/tests/android_androidqf/test_dumpsyspackages.py deleted file mode 100644 index e801b0a..0000000 --- a/tests/android_androidqf/test_dumpsyspackages.py +++ /dev/null @@ -1,46 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -import logging -from pathlib import Path - -from mvt.android.modules.androidqf.dumpsys_packages import DumpsysPackages -from mvt.common.indicators import Indicators -from mvt.common.module import run_module - -from ..utils import get_android_androidqf, list_files - - -class TestDumpsysPackagesModule: - def test_parsing(self): - data_path = get_android_androidqf() - m = DumpsysPackages(target_path=data_path) - files = list_files(data_path) - parent_path = Path(data_path).absolute().parent.as_posix() - m.from_dir(parent_path, files) - run_module(m) - assert len(m.results) == 2 - assert len(m.detected) == 0 - assert len(m.timeline) == 6 - assert ( - m.results[0]["package_name"] - == "com.samsung.android.provider.filterprovider" - ) - - def test_detection_pkgname(self, indicator_file): - data_path = get_android_androidqf() - m = DumpsysPackages(target_path=data_path) - files = list_files(data_path) - parent_path = Path(data_path).absolute().parent.as_posix() - m.from_dir(parent_path, files) - ind = Indicators(log=logging.getLogger()) - ind.parse_stix2(indicator_file) - ind.ioc_collections[0]["app_ids"].append("com.sec.android.app.DataCreate") - m.indicators = ind - run_module(m) - assert len(m.results) == 2 - assert len(m.detected) == 1 - assert len(m.timeline) == 6 - assert m.detected[0]["package_name"] == "com.sec.android.app.DataCreate" diff --git a/tests/android_androidqf/test_dumpsysreceivers.py b/tests/android_androidqf/test_dumpsysreceivers.py deleted file mode 100644 index 0a06bab..0000000 --- a/tests/android_androidqf/test_dumpsysreceivers.py +++ /dev/null @@ -1,23 +0,0 @@ -# Mobile Verification Toolkit (MVT) -# Copyright (c) 2021-2023 The MVT Authors. -# Use of this software is governed by the MVT License 1.1 that can be found at -# https://license.mvt.re/1.1/ - -from pathlib import Path - -from mvt.android.modules.androidqf.dumpsys_receivers import DumpsysReceivers -from mvt.common.module import run_module - -from ..utils import get_android_androidqf, list_files - - -class TestDumpsysReceiversModule: - def test_parsing(self): - data_path = get_android_androidqf() - m = DumpsysReceivers(target_path=data_path) - files = list_files(data_path) - parent_path = Path(data_path).absolute().parent.as_posix() - m.from_dir(parent_path, files) - run_module(m) - assert len(m.results) == 4 - assert len(m.detected) == 0 diff --git a/tests/android_androidqf/test_files.py b/tests/android_androidqf/test_files.py index de8269c..c0d45b5 100644 --- a/tests/android_androidqf/test_files.py +++ b/tests/android_androidqf/test_files.py @@ -6,7 +6,7 @@ import logging from pathlib import Path -from mvt.android.modules.androidqf.files import Files +from mvt.android.modules.androidqf.aqf_files import AQFFiles from mvt.common.module import run_module from ..utils import get_android_androidqf, list_files @@ -15,7 +15,7 @@ from ..utils import get_android_androidqf, list_files class TestAndroidqfFilesAnalysis: def test_androidqf_files(self): data_path = get_android_androidqf() - m = Files(target_path=data_path, log=logging) + m = AQFFiles(target_path=data_path, log=logging) files = list_files(data_path) parent_path = Path(data_path).absolute().parent.as_posix() m.from_dir(parent_path, files) diff --git a/tests/android_androidqf/test_getprop.py b/tests/android_androidqf/test_getprop.py index 89fb522..3947acd 100644 --- a/tests/android_androidqf/test_getprop.py +++ b/tests/android_androidqf/test_getprop.py @@ -7,7 +7,7 @@ import logging import zipfile from pathlib import Path -from mvt.android.modules.androidqf.getprop import Getprop +from mvt.android.modules.androidqf.aqf_getprop import AQFGetProp from mvt.common.indicators import Indicators from mvt.common.module import run_module @@ -17,7 +17,7 @@ from ..utils import get_android_androidqf, get_artifact, list_files class TestAndroidqfGetpropAnalysis: def test_androidqf_getprop(self): data_path = get_android_androidqf() - m = Getprop(target_path=data_path, log=logging) + m = AQFGetProp(target_path=data_path, log=logging) files = list_files(data_path) parent_path = Path(data_path).absolute().parent.as_posix() m.from_dir(parent_path, files) @@ -30,7 +30,7 @@ class TestAndroidqfGetpropAnalysis: def test_getprop_parsing_zip(self): fpath = get_artifact("androidqf.zip") - m = Getprop(target_path=fpath, log=logging) + m = AQFGetProp(target_path=fpath, log=logging) archive = zipfile.ZipFile(fpath) m.from_zip(archive, archive.namelist()) run_module(m) @@ -42,7 +42,7 @@ class TestAndroidqfGetpropAnalysis: def test_androidqf_getprop_detection(self, indicator_file): data_path = get_android_androidqf() - m = Getprop(target_path=data_path, log=logging) + m = AQFGetProp(target_path=data_path, log=logging) files = list_files(data_path) parent_path = Path(data_path).absolute().parent.as_posix() m.from_dir(parent_path, files) diff --git a/tests/android_androidqf/test_packages.py b/tests/android_androidqf/test_packages.py index d911315..966d8a6 100644 --- a/tests/android_androidqf/test_packages.py +++ b/tests/android_androidqf/test_packages.py @@ -8,7 +8,7 @@ from pathlib import Path import pytest -from mvt.android.modules.androidqf.packages import Packages +from mvt.android.modules.androidqf.aqf_packages import AQFPackages from mvt.common.module import run_module from ..utils import get_android_androidqf, list_files @@ -31,7 +31,7 @@ def file_list(data_path): @pytest.fixture() def module(parent_data_path, file_list): - m = Packages(target_path=parent_data_path, log=logging) + m = AQFPackages(target_path=parent_data_path, log=logging) m.from_dir(parent_data_path, file_list) return m diff --git a/tests/android_androidqf/test_processes.py b/tests/android_androidqf/test_processes.py index 98b5d2a..bcd4013 100644 --- a/tests/android_androidqf/test_processes.py +++ b/tests/android_androidqf/test_processes.py @@ -6,7 +6,7 @@ import logging from pathlib import Path -from mvt.android.modules.androidqf.processes import Processes +from mvt.android.modules.androidqf.aqf_processes import AQFProcesses from mvt.common.module import run_module from ..utils import get_android_androidqf, list_files @@ -15,7 +15,7 @@ from ..utils import get_android_androidqf, list_files class TestAndroidqfProcessesAnalysis: def test_androidqf_processes(self): data_path = get_android_androidqf() - m = Processes(target_path=data_path, log=logging) + m = AQFProcesses(target_path=data_path, log=logging) files = list_files(data_path) parent_path = Path(data_path).absolute().parent.as_posix() m.from_dir(parent_path, files) diff --git a/tests/android_androidqf/test_settings.py b/tests/android_androidqf/test_settings.py index 44ee89c..75527a7 100644 --- a/tests/android_androidqf/test_settings.py +++ b/tests/android_androidqf/test_settings.py @@ -5,7 +5,7 @@ from pathlib import Path -from mvt.android.modules.androidqf.settings import Settings +from mvt.android.modules.androidqf.aqf_settings import AQFSettings from mvt.common.module import run_module from ..utils import get_android_androidqf, list_files @@ -14,7 +14,7 @@ from ..utils import get_android_androidqf, list_files class TestSettingsModule: def test_parsing(self): data_path = get_android_androidqf() - m = Settings(target_path=data_path) + m = AQFSettings(target_path=data_path) files = list_files(data_path) parent_path = Path(data_path).absolute().parent.as_posix() m.from_dir(parent_path, files) diff --git a/tests/android_bugreport/test_bugreport.py b/tests/android_bugreport/test_bugreport.py index 98744a6..8abc896 100644 --- a/tests/android_bugreport/test_bugreport.py +++ b/tests/android_bugreport/test_bugreport.py @@ -6,9 +6,9 @@ import os from pathlib import Path -from mvt.android.modules.bugreport.appops import Appops -from mvt.android.modules.bugreport.getprop import Getprop -from mvt.android.modules.bugreport.packages import Packages +from mvt.android.modules.bugreport.dumpsys_appops import DumpsysAppops +from mvt.android.modules.bugreport.dumpsys_getprop import DumpsysGetProp +from mvt.android.modules.bugreport.dumpsys_packages import DumpsysPackages from mvt.common.module import run_module from ..utils import get_artifact_folder @@ -30,7 +30,7 @@ class TestBugreportAnalysis: return m def test_appops_module(self): - m = self.launch_bug_report_module(Appops) + m = self.launch_bug_report_module(DumpsysAppops) assert len(m.results) == 12 assert len(m.timeline) == 16 @@ -41,7 +41,7 @@ class TestBugreportAnalysis: assert len(detected_by_ioc) == 0 def test_packages_module(self): - m = self.launch_bug_report_module(Packages) + m = self.launch_bug_report_module(DumpsysPackages) assert len(m.results) == 2 assert ( m.results[0]["package_name"] @@ -52,5 +52,5 @@ class TestBugreportAnalysis: assert len(m.results[1]["permissions"]) == 32 def test_getprop_module(self): - m = self.launch_bug_report_module(Getprop) + m = self.launch_bug_report_module(DumpsysGetProp) assert len(m.results) == 0