diff --git a/src/mvt/android/modules/androidqf/root_binaries.py b/src/mvt/android/modules/androidqf/root_binaries.py index e9b5007..c5df729 100644 --- a/src/mvt/android/modules/androidqf/root_binaries.py +++ b/src/mvt/android/modules/androidqf/root_binaries.py @@ -36,7 +36,7 @@ class RootBinaries(AndroidQFModule): "timestamp": record.get("timestamp"), "module": self.__class__.__name__, "event": "root_binary_found", - "data": f"Root binary found: {record['path']} (binary: {record['binary_name']})" + "data": f"Root binary found: {record['path']} (binary: {record['binary_name']})", } def check_indicators(self) -> None: @@ -49,14 +49,14 @@ class RootBinaries(AndroidQFModule): self.log.warning( 'Found root binary "%s" at path "%s"', result["binary_name"], - result["path"] + result["path"], ) self.detected.append(result) if self.detected: self.log.warning( "Device shows signs of rooting with %d root binaries found", - len(self.detected) + len(self.detected), ) def run(self) -> None: @@ -67,7 +67,9 @@ class RootBinaries(AndroidQFModule): self.log.info("No root_binaries.json file found") return - rawdata = self._get_file_content(root_binaries_files[0]).decode("utf-8", errors="ignore") + rawdata = self._get_file_content(root_binaries_files[0]).decode( + "utf-8", errors="ignore" + ) try: root_binary_paths = json.loads(rawdata) @@ -91,7 +93,7 @@ class RootBinaries(AndroidQFModule): "magisk": "Magisk root framework", "magiskhide": "Magisk hide utility", "magiskinit": "Magisk init binary", - "magiskpolicy": "Magisk policy binary" + "magiskpolicy": "Magisk policy binary", } for path in root_binary_paths: diff --git a/tests/android_androidqf/test_root_binaries.py b/tests/android_androidqf/test_root_binaries.py index 20393f0..a59ecf5 100644 --- a/tests/android_androidqf/test_root_binaries.py +++ b/tests/android_androidqf/test_root_binaries.py @@ -59,15 +59,21 @@ class TestAndroidqfRootBinaries: assert su_result is not None assert "SuperUser binary" in su_result["description"] - busybox_result = next((r for r in module.results if "busybox" in r["binary_name"]), None) + busybox_result = next( + (r for r in module.results if "busybox" in r["binary_name"]), None + ) assert busybox_result is not None assert "BusyBox utilities" in busybox_result["description"] - magisk_result = next((r for r in module.results if r["binary_name"] == "magisk"), None) + magisk_result = next( + (r for r in module.results if r["binary_name"] == "magisk"), None + ) assert magisk_result is not None assert "Magisk root framework" in magisk_result["description"] - magiskhide_result = next((r for r in module.results if "magiskhide" in r["binary_name"]), None) + magiskhide_result = next( + (r for r in module.results if "magiskhide" in r["binary_name"]), None + ) assert magiskhide_result is not None assert "Magisk hide utility" in magiskhide_result["description"] @@ -76,9 +82,16 @@ class TestAndroidqfRootBinaries: # Check that warnings are logged for each root binary found assert 'Found root binary "su" at path "/system/bin/su"' in caplog.text - assert 'Found root binary "busybox" at path "/system/xbin/busybox"' in caplog.text - assert 'Found root binary "magisk" at path "/data/local/tmp/magisk"' in caplog.text - assert 'Found root binary "magiskhide" at path "/system/bin/magiskhide"' in caplog.text + assert ( + 'Found root binary "busybox" at path "/system/xbin/busybox"' in caplog.text + ) + assert ( + 'Found root binary "magisk" at path "/data/local/tmp/magisk"' in caplog.text + ) + assert ( + 'Found root binary "magiskhide" at path "/system/bin/magiskhide"' + in caplog.text + ) assert "Device shows signs of rooting with 4 root binaries found" in caplog.text def test_serialize_method(self, module):