CalvinBackup/mvt
1
0
Fork 0
mirror of https://github.com/mvt-project/mvt.git synced 2026-02-12 16:42:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,117 Commits 47 Branches 71 Tags
7009cddc8c28dc4b91c2657c4c53a10712168de6
Commit Graph

102 Commits

Author SHA1 Message Date
besendorf
b795ea3129 Add root_binaries androidqf module (#676) 
* Add root_binaries androidqf module

* Fix AndroidQF file count test

* fix ruff

---------

Co-authored-by: User <user@DESKTOP-3T8T346.localdomain>
 2025-10-23 15:12:01 +02:00
besendorf
5be5ffbf49 add mounts module for androidqf (#710) 
* add mounts module for androidqf

* adds test for mounts module
 2025-10-23 15:09:37 +02:00
Tek
4757cff262 Fixes date parsing issue in tombstones (#635) 2025-06-12 20:49:31 +02:00
Donncha Ó Cearbhaill
b184eeedf4 Handle XML encoded ADB keystore and fix parsing bugs (#605) 2025-02-07 02:00:24 +01:00
Donncha Ó Cearbhaill
4e97e85350 Load Android device timezone info and add additional file modification logs (#567) 
* Use local timestamp for Files module timeline.

Most other Android timestamps appear to be local time. The
results timeline is more useful if all the timestamps
are consistent. I would prefer to use UTC, but that would
mean converting all the other timestamps to UTC as well. We probably
do not have sufficient information to do that accurately,
especially if the device is moving between timezones..

* Add file timestamp modules to add logs into timeline

* Handle case were we cannot load device timezone

* Fix crash if prop file does not exist

* Move _get_file_modification_time to BugReportModule

* Add backport for timezone and fix Tombstone module to use local time.

* Fix import for backported Zoneinfo

* Fix ruff error
 2025-02-06 20:51:15 +01:00
Donncha Ó Cearbhaill
b7595b62eb Add initial tombstone parser 
This supports parsing tombstone files from Android bugreports. The parser
can load both the legacy text format and the new binary protobuf format.
 2025-02-06 20:07:05 +01:00
Donncha Ó Cearbhaill
02c02ca15c Merge branch 'main' into feature/tombstone-parser 2025-02-03 18:44:00 +01:00
Donncha Ó Cearbhaill
086871e21d Merge branch 'main' into feature/config-file 2025-01-30 13:15:28 +01:00
Donncha Ó Cearbhaill
43901c96a0 Add improved heuristic detections to AppOps module 2025-01-30 13:02:26 +01:00
Donncha Ó Cearbhaill
f4425865c0 Add missed modules using updated settings module 2024-12-25 00:14:14 +00:00
tes
9d81b5bfa8 Add a module to parse uninstalled apps from dumpsys data, for both bugreport and AndroidQF output, and match them against package name IoCs. 2024-12-11 16:47:19 -03:00
Donncha Ó Cearbhaill
bc09e2a394 Initial tests for tombstone parsing 2024-10-28 10:51:58 +01:00
Donncha Ó Cearbhaill
9b41ba99aa WIP: initial tombstone modules 2024-10-28 10:34:53 +01:00
Donncha Ó Cearbhaill
5fe8238ef0 Update tests to work with the new side-loading detections 2024-10-24 17:35:34 +02:00
Donncha Ó Cearbhaill
3afe218c7c Add support for check APK certificate hash IOCs (#557) 
* Fix bug loading indicators which I introduced in 81b647b

* Add support for matching on APK certificate hash IOCs
 2024-10-18 16:35:50 +02:00
Donncha Ó Cearbhaill
665806db98 Add initial parser for ADB state in Dumpsys (#547) 
* Add initial parser for ADB dumpsys

* Add ADBState tests and support for AndroidQF and
check-adb

* Handle case where ADB is not available in device dumpsys
 2024-10-18 15:31:25 +02:00
Tek
a03f4e55ff Adds androidqf files module (#541) 
* Adds androidqf files module

* Add new files module to module list

---------

Co-authored-by: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
 2024-10-17 18:32:23 +02:00
Donncha Ó Cearbhaill
81b647beac Add basic support for IP indicators in MVT (#556) 
* Add prelimary ipv4-addr ioc matching support under collection domains

* Add IP addresses as a valid IOC type

This currently just supports IPv4 addresses which
are treated as domains internally in MVT.

---------

Co-authored-by: renini <renini@local>
 2024-10-17 18:20:17 +02:00
Tek
052c4e207b Improves STIX2 support and testing (#523) 
* Improves STIX2 support and testing

* Adds documentation on STIX2 support in MVT

---------

Co-authored-by: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
 2024-10-16 16:47:10 +02:00
Donncha Ó Cearbhaill
822536a1cb Add formating change made by ruff linter 2024-09-30 12:41:46 +02:00
tek
617c5d9e1c Fixes import order 2024-09-28 13:15:43 +02:00
Rory Flynn
caeeec2816 Add packages module for androidqf (#506) 
* Add Packages module for androidqf

* Update test
 2024-06-24 19:00:07 +02:00
Rory Flynn
a6d32e1c88 Fix dumpsys accessibility detections for v14+ (#483) 2024-05-19 22:27:28 +02:00
Rory Flynn
6c7ad0ac95 Convert timezone-aware datetimes automatically to UTC (#485) 2024-04-18 16:49:30 +02:00
tek
5826e6b11c Migrate dumpsys_packages parsing into an artifact 2024-04-01 01:49:08 +02:00
Rory Flynn
2838bac63f Circular reference in SMS module serialization (#444) 
* Fix circular reference in SMS module serialization
* Modify SMS test artifact to include date_read
 2024-01-03 18:55:32 +01:00
Donncha Ó Cearbhaill
013282dbba Impovements for SMS module (#438) 
* Add indicator checking in the SMS module

* Don't add SMS entries when read timestamp not set

* Remove print() line
 2023-12-17 12:59:35 +01:00
Rory Flynn
fd3ef76873 Open all iOS sqlite3 databases with immutable=1 (#430) 2023-11-28 12:46:18 +01:00
Rory Flynn
4b4cad46ba Add CustomJSONEncoder to handle bytes types (#414) 
Adds a custom JSON encoder class to fix serialisation issues where modules included bytes types containing non-utf8 bytes, which can't be serialised to JSON.

---------

Co-authored-by: Rory Flynn <rory.flynn@amnesty.org>
 2023-11-15 11:40:24 +01:00
Nex
9988887d27 Updated copyright notice 2023-09-09 17:55:27 +02:00
tek
a2ee46b8f8 Refactors dumpsys receiver parsing into an artifact 2023-08-08 20:23:09 +02:00
tek
e60e5fdc6e Refactors DumpsysBatteryHistory and adds related androidqf module 2023-08-04 19:20:14 +02:00
tek
7e0e071c5d Refactor DumpsysBatteryDaily module and add related artifact 2023-08-04 16:17:52 +02:00
tek
9a831b5930 Adds GlobalPreferences iOS module 2023-08-02 15:28:16 +02:00
tek
a103b50759 Rename artifacts to avoid name collisions 2023-08-02 13:32:58 +02:00
tek
84dc13144d Refactor DumpsysAppOps 2023-08-01 11:58:20 +02:00
tek
6356a4ff87 Refactor code of DumpsysDBInfo 2023-07-31 23:43:20 +02:00
tek
f96f2fe34a refactor dumpsys package activity code 2023-07-31 18:38:41 +02:00
Donncha Ó Cearbhaill
ae0e470c56 Fix inconsisent filesytem tests on some platforms 2023-07-31 11:45:53 +02:00
tek
4c175530a8 Refactor dumpsys accessibility in an artifact 2023-07-27 19:42:06 +02:00
Tek
3ec3b86a45 Adds support for zip files in check-androidqf command (#372) 2023-07-26 13:53:54 +02:00
Donncha Ó Cearbhaill
57d4aca72e Refactor Android modules to remove duplication (#368) 
* Remove duplicated detection logic from GetProp modules
* Deduplicate settings and processes
* Refactor detection in artifacts
* Improves Artifact class
---------

Co-authored-by: tek <tek@randhome.io>
 2023-07-26 13:42:17 +02:00
Donncha Ó Cearbhaill
ed7d6fb847 Add integration tests for 'mvt-android check-backup' 2023-07-22 19:26:05 +02:00
Donncha Ó Cearbhaill
a2386dbdf7 Refactor Android backup password handling and add tests 2023-07-22 19:17:27 +02:00
tek
e7270d6a07 Fixes import and adds test for PR 361 2023-07-10 22:55:22 +02:00
Donncha Ó Cearbhaill
7046ff80d1 Add SMS read time in the MVT logs 2023-06-30 19:30:50 +02:00
Nex
e1677639c4 Linted code using isort + autoflake + black, fixed wrong use of Optional[bool] 2023-06-01 23:40:26 +02:00
tek
a1994079b1 Sort imports 2023-05-24 12:03:49 +02:00
tek
f814244ff8 Fixes bug in bugreport getprop module 2023-05-06 11:20:10 -04:00
tek
33d092692e Adds calendar iOS plugin 2023-04-12 10:21:17 +02:00