CalvinBackup/mvt
1
0
Fork 0
mirror of https://github.com/mvt-project/mvt.git synced 2026-03-05 10:30:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' of https://github.com/j0k2r/mvt into j0k2r-main

Browse Source
This commit is contained in:
Nex
2021-08-12 18:07:50 +02:00
parent 411ac53522 15c0d71933
commit f78c671885
13 changed files with 57 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
mvt/android/cli.py
View File

@@ -51,7 +51,8 @@ def cli():
help="Specify a path to a folder where you want to store the APKs")
@click.option("--from-file", "-f", type=click.Path(exists=True),
help="Instead of acquiring from phone, load an existing packages.json file for lookups (mainly for debug purposes)")
def download_apks(all_apks, virustotal, koodous, all_checks, output, from_file):
@click.option("--serial", "-s", type=str, help="Use the Android device with a given serial number")
def download_apks(all_apks, virustotal, koodous, all_checks, output, from_file, serial):
try:
if from_file:
download = DownloadAPKs.from_json(from_file)
@@ -63,7 +64,7 @@ def download_apks(all_apks, virustotal, koodous, all_checks, output, from_file):
log.critical("Unable to create output folder %s: %s", output, e)
sys.exit(-1)
download = DownloadAPKs(output_folder=output, all_apks=all_apks)
download = DownloadAPKs(output_folder=output, all_apks=all_apks, serial=serial)
download.run()
packages = download.packages
@@ -90,7 +91,8 @@ def download_apks(all_apks, virustotal, koodous, all_checks, output, from_file):
help="Specify a path to a folder where you want to store JSON results")
@click.option("--list-modules", "-l", is_flag=True, help="Print list of available modules and exit")
@click.option("--module", "-m", help="Name of a single module you would like to run instead of all")
def check_adb(iocs, output, list_modules, module):
@click.option("--serial", "-s", type=str, help="Use the Android device with a given serial")
def check_adb(iocs, output, list_modules, module, serial):
if list_modules:
log.info("Following is the list of available check-adb modules:")
for adb_module in ADB_MODULES:
@@ -118,7 +120,7 @@ def check_adb(iocs, output, list_modules, module):
if module and adb_module.__name__ != module:
continue
m = adb_module(output_folder=output, log=logging.getLogger(adb_module.__module__))
m = adb_module(output_folder=output, serial=serial, log=logging.getLogger(adb_module.__module__))
if iocs:
indicators.log = m.log
@@ -140,8 +142,9 @@ def check_adb(iocs, output, list_modules, module):
@cli.command("check-backup", help="Check an Android Backup")
@click.option("--iocs", "-i", type=click.Path(exists=True), help="Path to indicators file")
@click.option("--output", "-o", type=click.Path(exists=False), help=OUTPUT_HELP_MESSAGE)
@click.option("--serial", "-s", type=str, help="Use the Android device with a given serial")
@click.argument("BACKUP_PATH", type=click.Path(exists=True))
def check_backup(iocs, output, backup_path):
def check_backup(iocs, output, backup_path, serial):
log.info("Checking ADB backup located at: %s", backup_path)
if output and not os.path.exists(output):
@@ -166,7 +169,7 @@ def check_backup(iocs, output, backup_path):
for module in BACKUP_MODULES:
m = module(base_folder=backup_path, output_folder=output,
log=logging.getLogger(module.__module__))
serial=serial, log=logging.getLogger(module.__module__))
if iocs:
indicators.log = m.log

5
mvt/android/download_apks.py
View File

@@ -40,15 +40,16 @@ class DownloadAPKs(AndroidExtraction):
"""DownloadAPKs is the main class operating the download of APKs
from the device."""
def __init__(self, output_folder=None, all_apks=False, packages=None):
def __init__(self, output_folder=None, all_apks=False, packages=None, serial=None):
"""Initialize module.
:param output_folder: Path to the folder where data should be stored
:param all_apks: Boolean indicating whether to download all packages
or filter known-goods
:param packages: Provided list of packages, typically for JSON checks
:param serial: The USB device serial ID
"""
super().__init__(file_path=None, base_folder=None,
output_folder=output_folder)
output_folder=output_folder, serial=serial)
self.output_folder_apk = None
self.packages = packages or []

21
mvt/android/modules/adb/base.py
View File

@@ -10,8 +10,7 @@ import string
import sys
import tempfile
import time
from adb_shell.adb_device import AdbDeviceUsb
from adb_shell.adb_device import AdbDeviceUsb, AdbDeviceTcp
from adb_shell.auth.keygen import keygen, write_public_keyfile
from adb_shell.auth.sign_pythonrsa import PythonRSASigner
from adb_shell.exceptions import AdbCommandFailureException, DeviceAuthError
@@ -28,16 +27,17 @@ class AndroidExtraction(MVTModule):
"""This class provides a base for all Android extraction modules."""
def __init__(self, file_path=None, base_folder=None, output_folder=None,
fast_mode=False, log=None, results=[]):
serial=None, fast_mode=False, log=None, results=[]):
"""Initialize Android extraction module.
:param file_path: Path to the database file to parse
:param base_folder: Path to a base folder containing an Android dump
:param output_folder: Path to the folder where to store extraction
results
:param serial: The USB device serial ID
"""
super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
output_folder=output_folder, serial=serial,
fast_mode=fast_mode, log=log, results=results)
self.device = None
@@ -59,7 +59,16 @@ class AndroidExtraction(MVTModule):
priv_key = handle.read()
signer = PythonRSASigner("", priv_key)
self.device = AdbDeviceUsb()
if self.serial is None or ":" not in self.serial:
self.device = AdbDeviceUsb(serial=self.serial)
else:
addr = self.serial.split(":")
if len(addr) < 2:
raise ValueError("TCP serial number must follow the format: `address:port`")
self.device = AdbDeviceTcp(addr[0], int(addr[1]), default_transport_timeout_s=9.)
while True:
try:

6
mvt/android/modules/adb/chrome_history.py
View File

@@ -20,10 +20,10 @@ class ChromeHistory(AndroidExtraction):
"""This module extracts records from Android's Chrome browsing history."""
def __init__(self, file_path=None, base_folder=None, output_folder=None,
fast_mode=False, log=None, results=[]):
serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
output_folder=output_folder, serial=serial,
fast_mode=fast_mode, log=log, results=results)
def serialize(self, record):
return {

6
mvt/android/modules/adb/dumpsys_batterystats.py
View File

@@ -14,10 +14,10 @@ class DumpsysBatterystats(AndroidExtraction):
"""This module extracts stats on battery consumption by processes."""
def __init__(self, file_path=None, base_folder=None, output_folder=None,
fast_mode=False, log=None, results=[]):
serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
output_folder=output_folder, serial=serial,
fast_mode=fast_mode, log=log, results=results)
def run(self):
self._adb_connect()

6
mvt/android/modules/adb/dumpsys_packages.py
View File

@@ -14,10 +14,10 @@ class DumpsysPackages(AndroidExtraction):
"""This module extracts stats on installed packages."""
def __init__(self, file_path=None, base_folder=None, output_folder=None,
fast_mode=False, log=None, results=[]):
serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
output_folder=output_folder, serial=serial,
fast_mode=fast_mode, log=log, results=results)
def run(self):
self._adb_connect()

6
mvt/android/modules/adb/dumpsys_procstats.py
View File

@@ -14,10 +14,10 @@ class DumpsysProcstats(AndroidExtraction):
"""This module extracts stats on memory consumption by processes."""
def __init__(self, file_path=None, base_folder=None, output_folder=None,
fast_mode=False, log=None, results=[]):
serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
output_folder=output_folder, serial=serial,
fast_mode=fast_mode, log=log, results=results)
def run(self):
self._adb_connect()

6
mvt/android/modules/adb/packages.py
View File

@@ -16,10 +16,10 @@ class Packages(AndroidExtraction):
"""This module extracts the list of installed packages."""
def __init__(self, file_path=None, base_folder=None, output_folder=None,
fast_mode=False, log=None, results=[]):
serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
output_folder=output_folder, serial=serial,
fast_mode=fast_mode, log=log, results=results)
def serialize(self, record):
records = []

6
mvt/android/modules/adb/processes.py
View File

@@ -13,10 +13,10 @@ class Processes(AndroidExtraction):
"""This module extracts details on running processes."""
def __init__(self, file_path=None, base_folder=None, output_folder=None,
fast_mode=False, log=None, results=[]):
serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
output_folder=output_folder, serial=serial,
fast_mode=fast_mode, log=log, results=results)
def run(self):
self._adb_connect()

6
mvt/android/modules/adb/rootbinaries.py
View File

@@ -16,10 +16,10 @@ class RootBinaries(AndroidExtraction):
"""This module extracts the list of installed packages."""
def __init__(self, file_path=None, base_folder=None, output_folder=None,
fast_mode=False, log=None, results=[]):
serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
output_folder=output_folder, serial=serial,
fast_mode=fast_mode, log=log, results=results)
def run(self):
root_binaries_path = os.path.join("..", "..", "data", "root_binaries.txt")

6
mvt/android/modules/adb/sms.py
View File

@@ -43,10 +43,10 @@ class SMS(AndroidExtraction):
"""This module extracts all SMS messages containing links."""
def __init__(self, file_path=None, base_folder=None, output_folder=None,
fast_mode=False, log=None, results=[]):
serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
output_folder=output_folder, serial=serial,
fast_mode=fast_mode, log=log, results=results)
def serialize(self, record):
text = record["text"].replace("\n", "\\n")

6
mvt/android/modules/adb/whatsapp.py
View File

@@ -20,10 +20,10 @@ class Whatsapp(AndroidExtraction):
"""This module extracts all WhatsApp messages containing links."""
def __init__(self, file_path=None, base_folder=None, output_folder=None,
fast_mode=False, log=None, results=[]):
serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
output_folder=output_folder, serial=serial,
fast_mode=fast_mode, log=log, results=results)
def serialize(self, record):
text = record["data"].replace("\n", "\\n")

4
mvt/common/module.py
View File

@@ -31,11 +31,12 @@ class MVTModule(object):
slug = None
def __init__(self, file_path=None, base_folder=None, output_folder=None,
fast_mode=False, log=None, results=[]):
serial=None, fast_mode=False, log=None, results=[]):
"""Initialize module.
:param file_path: Path to the module's database file, if there is any.
:param base_folder: Path to the base folder (backup or filesystem dump)
:param output_folder: Folder where results will be stored
:param serial: The USB device serial ID
:param fast_mode: Flag to enable or disable slow modules
:param log: Handle to logger
:param results: Provided list of results entries
@@ -43,6 +44,7 @@ class MVTModule(object):
self.file_path = file_path
self.base_folder = base_folder
self.output_folder = output_folder
self.serial= serial
self.fast_mode = fast_mode
self.log = log
self.indicators = None