Merge branch 'main' into fix/webkit_session_resource_error_handling

* reduce update check timeouts to 5s

* add error hadnling for Update checks

* Add CLI flags to disable version and indicator checks

* ruff syntax fix

* fix tests

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "pip" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"

.github/workflows/tests.yml

@@ -12,7 +12,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: ['3.8', '3.9', '3.10']  # , '3.11']
+        python-version: ['3.10', '3.11', '3.12', '3.13']
 
     steps:
       - uses: actions/checkout@v4
@@ -35,4 +35,4 @@ jobs:
         if: github.event_name == 'pull_request'
         with:
           pytest-coverage-path: ./pytest-coverage.txt
-          junitxml-path: ./pytest.xml
+          junitxml-path: ./pytest.xml

.github/workflows/update-ios-data.yml

@@ -21,6 +21,7 @@ jobs:
           title: '[auto] Update iOS releases and versions'
           commit-message: Add new iOS versions and build numbers
           branch: auto/add-new-ios-releases
+          draft: true
           body: |
             This is an automated pull request to update the iOS releases and version numbers.
           add-paths: |

CONTRIBUTING.md

@@ -1,19 +1,65 @@
-# Contributing
+# Contributing to Mobile Verification Toolkit (MVT)
 
-Thank you for your interest in contributing to Mobile Verification Toolkit (MVT)! Your help is very much appreciated.
+We greatly appreciate contributions to MVT!
+
+Your involvement, whether through identifying issues, improving functionality, or enhancing documentation, is very much appreciated. To ensure smooth collaboration and a welcoming environment, we've outlined some key guidelines for contributing below.
+
+## Getting started
+
+Contributing to an open-source project like MVT might seem overwhelming at first, but we're here to support you!
+
+ Whether you're a technologist, a frontline human rights defender, a field researcher, or someone new to consensual spyware forensics, there are many ways to make meaningful contributions.
+
+ Here's how you can get started:
+
+1. **Explore the codebase:**
+    - Browse the repository to get familar with MVT. Many MVT modules are simple in functionality and easy to understand.
+    - Look for `TODO:` or `FIXME:` comments in the code for areas that need attention.
+
+2. **Check Github issues:**
+    - Look for issues tagged with ["help wanted"](https://github.com/mvt-project/mvt/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) or ["good first issue"](https://github.com/mvt-project/mvt/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) to find tasks that are beginner-friendly or where input from the community would be helpful.
+
+3. **Ask for guidance:**
+
+    - If you're unsure where to start, feel free to open a [discussion](https://github.com/mvt-project/mvt/discussions) or comment on an issue.
+
+## How to contribute:
+
+1. **Report issues:**
+
+ - Found a bug? Please check existing issues to see if it's already reported. If not, open a new issue. Mobile operating systems and databases are constantly evolving, an new errors may appear spontaniously in new app versions.
+
+ **Please provide as much information as possible about the prodblem including: any error messages, steps to reproduce the problem, and any logs or screenshots that can help.**
 
 
-## Where to start
+2. **Suggest features:**
+    - If you have an idea for new functionality, create a feature request issue and describe your proposal.
 
-Starting to contribute to a somewhat complex project like MVT might seem intimidating. Unless you have specific ideas of new functionality you would like to submit, some good starting points are searching for `TODO:` and `FIXME:` comments throughout the code. Alternatively you can check if any GitHub issues existed marked with the ["help wanted"](https://github.com/mvt-project/mvt/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) tag.
+3. **Submit code:**
+    - Fork the repository and create a new branch for your changes.
+    - Ensure your changes align with the code style guidelines (see below).
+    - Open a pull request (PR) with a clear description of your changes and link it to any relevant issues.
 
+4. **Documentation contributions:**
+    - Improving documentation is just as valuable as contributing code! If you notice gaps or inaccuracies in the documentation, feel free to submit changes or suggest updates.
 
 ## Code style
+Please follow these code style guidelines for consistency and readability:
 
-When contributing code to 
+- **Indentation**: use 4 spaces per tab.
+- **Quotes**: Use double quotes (`"`) by default. Use single quotes (`'`) for nested strings instead of escaping (`\"`), or when using f-formatting.
+- **Maximum line length**:
+    - Aim for lines no longer than 80 characters.
+    - Exceptions are allowed for long log lines or strings, which may extend up to 100 characters.
+    - Wrap lines that exceed 100 characters.
 
-- **Indentation**: we use 4-spaces tabs.
+Follow [PEP 8 guidelines](https://peps.python.org/pep-0008/) for indentation and overall Python code style. All MVT code is automatically linted with [Ruff](https://github.com/astral-sh/ruff) before merging.
 
-- **Quotes**: we use double quotes (`"`) as a default. Single quotes (`'`) can be favored with nested strings instead of escaping (`\"`), or when using f-formatting.
+Please check your code before opening a pull request by running `make ruff`
 
-- **Maximum line length**: we strongly encourage to respect a 80 characters long lines and to follow [PEP8 indentation guidelines](https://peps.python.org/pep-0008/#indentation) when having to wrap. However, if breaking at 80 is not possible or is detrimental to the readability of the code, exceptions are tolerated. For example, long log lines, or long strings can be extended to 100 characters long. Please hard wrap anything beyond 100 characters.
+
+## Community and support
+
+We aim to create a supportive and collaborative environment for all contributors. If you run into any challenges, feel free to reach out through the discussions or issues section of the repository.
+
+Your contributions, big or small, help improve MVT and are always appreciated.

Dockerfile

@@ -103,7 +103,7 @@ RUN git clone https://github.com/libimobiledevice/usbmuxd && cd usbmuxd \
 
 
 # Create main image
-FROM ubuntu:22.04 as main
+FROM ubuntu:24.04 as main
 
 LABEL org.opencontainers.image.url="https://mvt.re"
 LABEL org.opencontainers.image.documentation="https://docs.mvt.re"
@@ -135,8 +135,7 @@ COPY --from=build-usbmuxd /build /
 COPY . mvt/
 RUN apt-get update \
    && apt-get install -y git python3-pip \
-   && PIP_NO_CACHE_DIR=1 pip3 install --upgrade pip \
-   && PIP_NO_CACHE_DIR=1 pip3 install ./mvt \
+   && PIP_NO_CACHE_DIR=1 pip3 install --break-system-packages ./mvt \
    && apt-get remove -y python3-pip git && apt-get autoremove -y \
    && rm -rf /var/lib/apt/lists/* \
    && rm -rf mvt

Makefile

@@ -23,7 +23,12 @@ install:
 	python3 -m pip install --upgrade -e .
 
 test-requirements:
-	python3 -m pip install --upgrade -r test-requirements.txt
+	python3 -m pip install --upgrade --group dev
+
+generate-proto-parsers:
+	# Generate python parsers for protobuf files
+	PROTO_FILES=$$(find src/mvt/android/parsers/proto/ -iname "*.proto"); \
+	protoc -Isrc/mvt/android/parsers/proto/ --python_betterproto_out=src/mvt/android/parsers/proto/ $$PROTO_FILES
 
 clean:
 	rm -rf $(PWD)/build $(PWD)/dist $(PWD)/src/mvt.egg-info

docs/command_completion.md

@@ -0,0 +1,43 @@
+# Command Completion 
+
+MVT utilizes the [Click](https://click.palletsprojects.com/en/stable/) library for creating its command line interface. 
+
+Click provides tab completion support for Bash (version 4.4 and up), Zsh, and Fish.
+
+To enable it, you need to manually register a special function with your shell, which varies depending on the shell you are using.
+
+The following describes how to generate the command completion scripts and add them to your shell configuration. 
+
+> **Note: You will need to start a new shell for the changes to take effect.**
+
+### For Bash
+
+```bash
+# Generates bash completion scripts
+echo "$(_MVT_IOS_COMPLETE=bash_source mvt-ios)" > ~/.mvt-ios-complete.bash &&
+echo "$(_MVT_ANDROID_COMPLETE=bash_source mvt-android)" > ~/.mvt-android-complete.bash
+```
+
+Add the following to `~/.bashrc`:
+```bash
+# source mvt completion scripts
+. ~/.mvt-ios-complete.bash && .  ~/.mvt-android-complete.bash
+```
+
+### For Zsh
+
+```bash
+# Generates zsh completion scripts
+echo "$(_MVT_IOS_COMPLETE=zsh_source mvt-ios)" >  ~/.mvt-ios-complete.zsh &&
+echo "$(_MVT_ANDROID_COMPLETE=zsh_source mvt-android)" > ~/.mvt-android-complete.zsh
+```
+
+Add the following to `~/.zshrc`:
+```bash
+# source mvt completion scripts
+.  ~/.mvt-ios-complete.zsh  && .  ~/.mvt-android-complete.zsh
+```
+
+For more information, visit the official [Click Docs](https://click.palletsprojects.com/en/stable/shell-completion/#enabling-completion).
+
+

docs/install.md

@@ -98,3 +98,7 @@ You now should have the `mvt-ios` and `mvt-android` utilities installed.
 **Notes:**
 1. The `--force` flag is necessary to force the reinstallation of the package.
 2. To revert to using a PyPI version, it will be necessary to `pipx uninstall mvt` first.
+
+## Setting up command completions
+
+See ["Command completions"](command_completion.md)

docs/requirements.txt

@@ -1,5 +1,5 @@
 mkdocs==1.6.1
-mkdocs-autorefs==1.2.0
-mkdocs-material==9.5.42
+mkdocs-autorefs==1.4.3
+mkdocs-material==9.6.20
 mkdocs-material-extensions==1.3.1
-mkdocstrings==0.23.0
+mkdocstrings==0.30.1

pyproject.toml

@@ -1,13 +1,11 @@
 [project]
 name = "mvt"
 dynamic = ["version"]
-authors = [
-    {name = "Claudio Guarnieri", email = "nex@nex.sx"}
-]
+authors = [{ name = "Claudio Guarnieri", email = "nex@nex.sx" }]
 maintainers = [
-    {name = "Etienne Maynier", email = "tek@randhome.io"},
-    {name = "Donncha Ó Cearbhaill", email = "donncha.ocearbhaill@amnesty.org"},
-    {name = "Rory Flynn", email = "rory.flynn@amnesty.org"}
+    { name = "Etienne Maynier", email = "tek@randhome.io" },
+    { name = "Donncha Ó Cearbhaill", email = "donncha.ocearbhaill@amnesty.org" },
+    { name = "Rory Flynn", email = "rory.flynn@amnesty.org" },
 ]
 description = "Mobile Verification Toolkit"
 readme = "README.md"
@@ -16,44 +14,61 @@ classifiers = [
     "Development Status :: 5 - Production/Stable",
     "Intended Audience :: Information Technology",
     "Operating System :: OS Independent",
-    "Programming Language :: Python"
+    "Programming Language :: Python",
 ]
 dependencies = [
-    "click >=8.1.3",
-    "rich >=12.6.0",
-    "tld >=0.12.6",
-    "requests >=2.28.1",
-    "simplejson >=3.17.6",
-    "packaging >=21.3",
-    "appdirs >=1.4.4",
-    "iOSbackup >=0.9.923",
-    "adb-shell[usb] >=0.4.3",
-    "libusb1 >=3.0.0",
-    "cryptography >=42.0.5",
-    "pyyaml >=6.0",
-    "pyahocorasick >= 2.0.0",
+    "click==8.2.1",
+    "rich==14.1.0",
+    "tld==0.13.1",
+    "requests==2.32.4",
+    "simplejson==3.20.1",
+    "packaging==25.0",
+    "appdirs==1.4.4",
+    "iOSbackup==0.9.925",
+    "adb-shell[usb]==0.4.4",
+    "libusb1==3.3.1",
+    "cryptography==45.0.6",
+    "PyYAML>=6.0.2",
+    "pyahocorasick==2.2.0",
+    "betterproto==1.2.5",
+    "pydantic==2.11.7",
+    "pydantic-settings==2.10.1",
+    "NSKeyedUnArchiver==1.5.2",
+    "python-dateutil==2.9.0.post0",
+    "tzdata==2025.2",
 ]
-requires-python = ">= 3.8"
+requires-python = ">= 3.10"
 
 [project.urls]
 homepage = "https://docs.mvt.re/en/latest/"
 repository = "https://github.com/mvt-project/mvt"
 
 [project.scripts]
-    mvt-ios = "mvt.ios:cli"
-    mvt-android = "mvt.android:cli"
+mvt-ios = "mvt.ios:cli"
+mvt-android = "mvt.android:cli"
+
+[dependency-groups]
+dev = [
+    "requests>=2.31.0",
+    "pytest>=7.4.3",
+    "pytest-cov>=4.1.0",
+    "pytest-github-actions-annotate-failures>=0.2.0",
+    "pytest-mock>=3.14.0",
+    "stix2>=3.0.1",
+    "ruff>=0.1.6",
+    "mypy>=1.7.1",
+    "betterproto[compiler]",
+]
 
 [build-system]
 requires = ["setuptools>=61.0"]
 build-backend = "setuptools.build_meta"
 
 [tool.coverage.run]
-omit = [
-    "tests/*",
-]
+omit = ["tests/*"]
 
 [tool.coverage.html]
-directory= "htmlcov"
+directory = "htmlcov"
 
 [tool.mypy]
 install_types = true
@@ -63,15 +78,13 @@ packages = "src"
 
 [tool.pytest.ini_options]
 addopts = "-ra -q --cov=mvt --cov-report html --junitxml=pytest.xml --cov-report=term-missing:skip-covered"
-testpaths = [
-    "tests"
-]
+testpaths = ["tests"]
 
 [tool.ruff.lint]
-select = ["C90", "E", "F", "W"]  # flake8 default set
+select = ["C90", "E", "F", "W"] # flake8 default set
 ignore = [
-    "E501",  # don't enforce line length violations
-    "C901",  # complex-structure
+    "E501", # don't enforce line length violations
+    "C901", # complex-structure
 
     # These were previously ignored but don't seem to be required:
     # "E265",  # no-space-after-block-comment
@@ -83,14 +96,14 @@ ignore = [
 ]
 
 [tool.ruff.lint.per-file-ignores]
-"__init__.py" = ["F401"]  # unused-import
+"__init__.py" = ["F401"] # unused-import
 
 [tool.ruff.lint.mccabe]
 max-complexity = 10
 
 [tool.setuptools]
 include-package-data = true
-package-dir = {"" = "src"}
+package-dir = { "" = "src" }
 
 [tool.setuptools.packages.find]
 where = ["src"]
@@ -99,4 +112,4 @@ where = ["src"]
 mvt = ["ios/data/*.json"]
 
 [tool.setuptools.dynamic]
-version = {attr = "mvt.common.version.MVT_VERSION"}
+version = { attr = "mvt.common.version.MVT_VERSION" }

src/mvt/android/artifacts/dumpsys_adb.py

@@ -4,13 +4,14 @@
 #   https://license.mvt.re/1.1/
 
 import base64
+import binascii
 import hashlib
 
 from .artifact import AndroidArtifact
 
 
 class DumpsysADBArtifact(AndroidArtifact):
-    multiline_fields = ["user_keys"]
+    multiline_fields = ["user_keys", "keystore"]
 
     def indented_dump_parser(self, dump_data):
         """
@@ -67,14 +68,38 @@ class DumpsysADBArtifact(AndroidArtifact):
 
         return res
 
+    def parse_xml(self, xml_data):
+        """
+        Parse XML data from dumpsys ADB output
+        """
+        import xml.etree.ElementTree as ET
+
+        keystore = []
+        keystore_root = ET.fromstring(xml_data)
+        for adb_key in keystore_root.findall("adbKey"):
+            key_info = self.calculate_key_info(adb_key.get("key").encode("utf-8"))
+            key_info["last_connected"] = adb_key.get("lastConnection")
+            keystore.append(key_info)
+
+        return keystore
+
     @staticmethod
     def calculate_key_info(user_key: bytes) -> str:
-        key_base64, user = user_key.split(b" ", 1)
-        key_raw = base64.b64decode(key_base64)
-        key_fingerprint = hashlib.md5(key_raw).hexdigest().upper()
-        key_fingerprint_colon = ":".join(
-            [key_fingerprint[i : i + 2] for i in range(0, len(key_fingerprint), 2)]
-        )
+        if b" " in user_key:
+            key_base64, user = user_key.split(b" ", 1)
+        else:
+            key_base64, user = user_key, b""
+
+        try:
+            key_raw = base64.b64decode(key_base64)
+            key_fingerprint = hashlib.md5(key_raw).hexdigest().upper()
+            key_fingerprint_colon = ":".join(
+                [key_fingerprint[i : i + 2] for i in range(0, len(key_fingerprint), 2)]
+            )
+        except binascii.Error:
+            # Impossible to parse base64
+            key_fingerprint_colon = ""
+
         return {
             "user": user.decode("utf-8"),
             "fingerprint": key_fingerprint_colon,
@@ -115,8 +140,24 @@ class DumpsysADBArtifact(AndroidArtifact):
         if parsed.get("debugging_manager") is None:
             self.log.error("Unable to find expected ADB entries in dumpsys output")  # noqa
             return
+
+        # Keystore can be in different levels, as the basic parser
+        # is not always consistent due to different dumpsys formats.
+        if parsed.get("keystore"):
+            keystore_data = b"\n".join(parsed["keystore"])
+        elif parsed["debugging_manager"].get("keystore"):
+            keystore_data = b"\n".join(parsed["debugging_manager"]["keystore"])
         else:
-            parsed = parsed["debugging_manager"]
+            keystore_data = None
+
+        # Keystore is in XML format on some devices and we need to parse it
+        if keystore_data and keystore_data.startswith(b"<?xml"):
+            parsed["debugging_manager"]["keystore"] = self.parse_xml(keystore_data)
+        else:
+            # Keystore is not XML format
+            parsed["debugging_manager"]["keystore"] = keystore_data
+
+        parsed = parsed["debugging_manager"]
 
         # Calculate key fingerprints for better readability
         key_info = []

src/mvt/android/artifacts/dumpsys_appops.py

@@ -11,6 +11,10 @@ from mvt.common.utils import convert_datetime_to_iso
 from .artifact import AndroidArtifact
 
 
+RISKY_PERMISSIONS = ["REQUEST_INSTALL_PACKAGES"]
+RISKY_PACKAGES = ["com.android.shell"]
+
+
 class DumpsysAppopsArtifact(AndroidArtifact):
     """
     Parser for dumpsys app ops info
@@ -45,15 +49,39 @@ class DumpsysAppopsArtifact(AndroidArtifact):
                     self.detected.append(result)
                     continue
 
+            detected_permissions = []
             for perm in result["permissions"]:
                 if (
-                    perm["name"] == "REQUEST_INSTALL_PACKAGES"
-                    and perm["access"] == "allow"
+                    perm["name"] in RISKY_PERMISSIONS
+                    # and perm["access"] == "allow"
                 ):
-                    self.log.info(
-                        "Package %s with REQUEST_INSTALL_PACKAGES " "permission",
-                        result["package_name"],
-                    )
+                    detected_permissions.append(perm)
+                    for entry in sorted(perm["entries"], key=lambda x: x["timestamp"]):
+                        self.log.warning(
+                            "Package '%s' had risky permission '%s' set to '%s' at %s",
+                            result["package_name"],
+                            perm["name"],
+                            entry["access"],
+                            entry["timestamp"],
+                        )
+
+                elif result["package_name"] in RISKY_PACKAGES:
+                    detected_permissions.append(perm)
+                    for entry in sorted(perm["entries"], key=lambda x: x["timestamp"]):
+                        self.log.warning(
+                            "Risky package '%s' had '%s' permission set to '%s' at %s",
+                            result["package_name"],
+                            perm["name"],
+                            entry["access"],
+                            entry["timestamp"],
+                        )
+
+            if detected_permissions:
+                # We clean the result to only include the risky permission, otherwise the timeline
+                # will be polluted with all the other irrelevant permissions
+                cleaned_result = result.copy()
+                cleaned_result["permissions"] = detected_permissions
+                self.detected.append(cleaned_result)
 
     def parse(self, output: str) -> None:
         self.results: List[Dict[str, Any]] = []
@@ -121,11 +149,16 @@ class DumpsysAppopsArtifact(AndroidArtifact):
             if line.startswith("          "):
                 # Permission entry like:
                 # Reject: [fg-s]2021-05-19 22:02:52.054 (-314d1h25m2s33ms)
+                access_type = line.split(":")[0].strip()
+                if access_type not in ["Access", "Reject"]:
+                    # Skipping invalid access type. Some entries are not in the format we expect
+                    continue
+
                 if entry:
                     perm["entries"].append(entry)
                     entry = {}
 
-                entry["access"] = line.split(":")[0].strip()
+                entry["access"] = access_type
                 entry["type"] = line[line.find("[") + 1 : line.find("]")]
 
                 try:

src/mvt/android/artifacts/dumpsys_packages.py

@@ -16,8 +16,7 @@ class DumpsysPackagesArtifact(AndroidArtifact):
         for result in self.results:
             if result["package_name"] in ROOT_PACKAGES:
                 self.log.warning(
-                    "Found an installed package related to "
-                    'rooting/jailbreaking: "%s"',
+                    'Found an installed package related to rooting/jailbreaking: "%s"',
                     result["package_name"],
                 )
                 self.detected.append(result)

src/mvt/android/artifacts/dumpsys_platform_compat.py

@@ -0,0 +1,42 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+from .artifact import AndroidArtifact
+
+
+class DumpsysPlatformCompatArtifact(AndroidArtifact):
+    """
+    Parser for uninstalled apps listed in platform_compat section.
+    """
+
+    def check_indicators(self) -> None:
+        if not self.indicators:
+            return
+
+        for result in self.results:
+            ioc = self.indicators.check_app_id(result["package_name"])
+            if ioc:
+                result["matched_indicator"] = ioc
+                self.detected.append(result)
+                continue
+
+    def parse(self, data: str) -> None:
+        for line in data.splitlines():
+            if not line.startswith("ChangeId(168419799; name=DOWNSCALED;"):
+                continue
+
+            if line.strip() == "":
+                break
+
+            # Look for rawOverrides field
+            if "rawOverrides={" in line:
+                # Extract the content inside the braces for rawOverrides
+                overrides_field = line.split("rawOverrides={", 1)[1].split("};", 1)[0]
+
+                for entry in overrides_field.split(", "):
+                    # Extract app name
+                    uninstall_app = entry.split("=")[0].strip()
+
+                    self.results.append({"package_name": uninstall_app})

src/mvt/android/artifacts/file_timestamps.py

@@ -0,0 +1,43 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+from typing import Union
+
+from .artifact import AndroidArtifact
+
+
+class FileTimestampsArtifact(AndroidArtifact):
+    def serialize(self, record: dict) -> Union[dict, list]:
+        records = []
+
+        for ts in set(
+            [
+                record.get("access_time"),
+                record.get("changed_time"),
+                record.get("modified_time"),
+            ]
+        ):
+            if not ts:
+                continue
+
+            macb = ""
+            macb += "M" if ts == record.get("modified_time") else "-"
+            macb += "A" if ts == record.get("access_time") else "-"
+            macb += "C" if ts == record.get("changed_time") else "-"
+            macb += "-"
+
+            msg = record["path"]
+            if record.get("context"):
+                msg += f" ({record['context']})"
+
+            records.append(
+                {
+                    "timestamp": ts,
+                    "module": self.__class__.__name__,
+                    "event": macb,
+                    "data": msg,
+                }
+            )
+
+        return records

src/mvt/android/artifacts/getprop.py

@@ -42,6 +42,17 @@ class GetProp(AndroidArtifact):
             entry = {"name": matches[0][0], "value": matches[0][1]}
             self.results.append(entry)
 
+    def get_device_timezone(self) -> str:
+        """
+        Get the device timezone from the getprop results
+
+        Used in other moduels to calculate the timezone offset
+        """
+        for entry in self.results:
+            if entry["name"] == "persist.sys.timezone":
+                return entry["value"]
+        return None
+
     def check_indicators(self) -> None:
         for entry in self.results:
             if entry["name"] in INTERESTING_PROPERTIES:

src/mvt/android/artifacts/mounts.py

@@ -0,0 +1,186 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+from typing import Any
+
+from .artifact import AndroidArtifact
+
+SUSPICIOUS_MOUNT_POINTS = [
+    "/system",
+    "/vendor",
+    "/product",
+    "/system_ext",
+]
+
+SUSPICIOUS_OPTIONS = [
+    "rw",
+    "remount",
+    "noatime",
+    "nodiratime",
+]
+
+ALLOWLIST_NOATIME = [
+    "/system_dlkm",
+    "/system_ext",
+    "/product",
+    "/vendor",
+    "/vendor_dlkm",
+]
+
+
+class Mounts(AndroidArtifact):
+    """
+    This artifact parses mount information from /proc/mounts or similar mount data.
+    It can detect potentially suspicious mount configurations that may indicate
+    a rooted or compromised device.
+    """
+
+    def parse(self, entry: str) -> None:
+        """
+        Parse mount information from the provided entry.
+
+        Examples:
+        /dev/block/bootdevice/by-name/system /system ext4 ro,seclabel,relatime 0 0
+        /dev/block/dm-12 on / type ext4 (ro,seclabel,noatime)
+        """
+        self.results: list[dict[str, Any]] = []
+
+        for line in entry.splitlines():
+            line = line.strip()
+            if not line:
+                continue
+
+            device = None
+            mount_point = None
+            filesystem_type = None
+            mount_options = ""
+
+            if " on " in line and " type " in line:
+                try:
+                    # Format: device on mount_point type filesystem_type (options)
+                    device_part, rest = line.split(" on ", 1)
+                    device = device_part.strip()
+
+                    # Split by 'type' to get mount_point and filesystem info
+                    mount_part, fs_part = rest.split(" type ", 1)
+                    mount_point = mount_part.strip()
+
+                    # Parse filesystem and options
+                    if "(" in fs_part and fs_part.endswith(")"):
+                        # Format: filesystem_type (options)
+                        fs_and_opts = fs_part.strip()
+                        paren_idx = fs_and_opts.find("(")
+                        filesystem_type = fs_and_opts[:paren_idx].strip()
+                        mount_options = fs_and_opts[paren_idx + 1 : -1].strip()
+                    else:
+                        # No options in parentheses, just filesystem type
+                        filesystem_type = fs_part.strip()
+                        mount_options = ""
+
+                    # Skip if we don't have essential info
+                    if not device or not mount_point or not filesystem_type:
+                        continue
+
+                    # Parse options into list
+                    options_list = (
+                        [opt.strip() for opt in mount_options.split(",") if opt.strip()]
+                        if mount_options
+                        else []
+                    )
+
+                    # Check if it's a system partition
+                    is_system_partition = mount_point in SUSPICIOUS_MOUNT_POINTS or any(
+                        mount_point.startswith(sp) for sp in SUSPICIOUS_MOUNT_POINTS
+                    )
+
+                    # Check if it's mounted read-write
+                    is_read_write = "rw" in options_list
+
+                    mount_entry = {
+                        "device": device,
+                        "mount_point": mount_point,
+                        "filesystem_type": filesystem_type,
+                        "mount_options": mount_options,
+                        "options_list": options_list,
+                        "is_system_partition": is_system_partition,
+                        "is_read_write": is_read_write,
+                    }
+
+                    self.results.append(mount_entry)
+
+                except ValueError:
+                    # If parsing fails, skip this line
+                    continue
+            else:
+                # Skip lines that don't match expected format
+                continue
+
+    def check_indicators(self) -> None:
+        """
+        Check for suspicious mount configurations that may indicate root access
+        or other security concerns.
+        """
+        system_rw_mounts = []
+        suspicious_mounts = []
+
+        for mount in self.results:
+            mount_point = mount["mount_point"]
+            options = mount["options_list"]
+
+            # Check for system partitions mounted as read-write
+            if mount["is_system_partition"] and mount["is_read_write"]:
+                system_rw_mounts.append(mount)
+                if mount_point == "/system":
+                    self.log.warning(
+                        "Root detected /system partition is mounted as read-write (rw). "
+                    )
+                else:
+                    self.log.warning(
+                        "System partition %s is mounted as read-write (rw). This may indicate system modifications.",
+                        mount_point,
+                    )
+
+            # Check for other suspicious mount options
+            suspicious_opts = [opt for opt in options if opt in SUSPICIOUS_OPTIONS]
+            if suspicious_opts and mount["is_system_partition"]:
+                if (
+                    "noatime" in mount["mount_options"]
+                    and mount["mount_point"] in ALLOWLIST_NOATIME
+                ):
+                    continue
+                suspicious_mounts.append(mount)
+                self.log.warning(
+                    "Suspicious mount options found for %s: %s",
+                    mount_point,
+                    ", ".join(suspicious_opts),
+                )
+
+            # Log interesting mount information
+            if mount_point == "/data" or mount_point.startswith("/sdcard"):
+                self.log.info(
+                    "Data partition: %s mounted as %s with options: %s",
+                    mount_point,
+                    mount["filesystem_type"],
+                    mount["mount_options"],
+                )
+
+        self.log.info("Parsed %d mount entries", len(self.results))
+
+        # Check indicators if available
+        if not self.indicators:
+            return
+
+        for mount in self.results:
+            # Check if any mount points match indicators
+            ioc = self.indicators.check_file_path(mount.get("mount_point", ""))
+            if ioc:
+                mount["matched_indicator"] = ioc
+                self.detected.append(mount)
+
+            # Check device paths for indicators
+            ioc = self.indicators.check_file_path(mount.get("device", ""))
+            if ioc:
+                mount["matched_indicator"] = ioc
+                self.detected.append(mount)

src/mvt/android/artifacts/settings.py

@@ -16,6 +16,11 @@ ANDROID_DANGEROUS_SETTINGS = [
         "key": "package_verifier_enable",
         "safe_value": "1",
     },
+    {
+        "description": "disabled APK package verification",
+        "key": "package_verifier_state",
+        "safe_value": "1",
+    },
     {
         "description": "disabled Google Play Protect",
         "key": "package_verifier_user_consent",
@@ -46,11 +51,6 @@ ANDROID_DANGEROUS_SETTINGS = [
         "key": "send_action_app_error",
         "safe_value": "1",
     },
-    {
-        "description": "enabled installation of non Google Play apps",
-        "key": "install_non_market_apps",
-        "safe_value": "0",
-    },
     {
         "description": "enabled accessibility services",
         "key": "accessibility_enabled",

src/mvt/android/artifacts/tombstone_crashes.py

@@ -0,0 +1,268 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+import datetime
+from typing import List, Optional, Union
+
+import pydantic
+import betterproto
+from dateutil import parser
+
+from mvt.common.utils import convert_datetime_to_iso
+from mvt.android.parsers.proto.tombstone import Tombstone
+from .artifact import AndroidArtifact
+
+
+TOMBSTONE_DELIMITER = "*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***"
+
+# Map the legacy crash file keys to the new format.
+TOMBSTONE_TEXT_KEY_MAPPINGS = {
+    "Build fingerprint": "build_fingerprint",
+    "Revision": "revision",
+    "ABI": "arch",
+    "Timestamp": "timestamp",
+    "Process uptime": "process_uptime",
+    "Cmdline": "command_line",
+    "pid": "pid",
+    "tid": "tid",
+    "name": "process_name",
+    "binary_path": "binary_path",
+    "uid": "uid",
+    "signal": "signal_info",
+    "code": "code",
+    "Cause": "cause",
+}
+
+
+class SignalInfo(pydantic.BaseModel):
+    code: int
+    code_name: str
+    name: str
+    number: Optional[int] = None
+
+
+class TombstoneCrashResult(pydantic.BaseModel):
+    """
+    MVT Result model for a tombstone crash result.
+
+    Needed for validation and serialization, and consistency between text and protobuf tombstones.
+    """
+
+    file_name: str
+    file_timestamp: str  # We store the timestamp as a string to avoid timezone issues
+    build_fingerprint: str
+    revision: str
+    arch: Optional[str] = None
+    timestamp: str  # We store the timestamp as a string to avoid timezone issues
+    process_uptime: Optional[int] = None
+    command_line: Optional[List[str]] = None
+    pid: int
+    tid: int
+    process_name: Optional[str] = None
+    binary_path: Optional[str] = None
+    selinux_label: Optional[str] = None
+    uid: int
+    signal_info: SignalInfo
+    cause: Optional[str] = None
+    extra: Optional[str] = None
+
+
+class TombstoneCrashArtifact(AndroidArtifact):
+    """
+    Parser for Android tombstone crash files.
+
+    This parser can parse both text and protobuf tombstone crash files.
+    """
+
+    def serialize(self, record: dict) -> Union[dict, list]:
+        return {
+            "timestamp": record["timestamp"],
+            "module": self.__class__.__name__,
+            "event": "Tombstone",
+            "data": (
+                f"Crash in '{record['process_name']}' process running as UID '{record['uid']}' in file '{record['file_name']}' "
+                f"Crash type '{record['signal_info']['name']}' with code '{record['signal_info']['code_name']}'"
+            ),
+        }
+
+    def check_indicators(self) -> None:
+        if not self.indicators:
+            return
+
+        for result in self.results:
+            ioc = self.indicators.check_process(result["process_name"])
+            if ioc:
+                result["matched_indicator"] = ioc
+                self.detected.append(result)
+                continue
+
+            if result.get("command_line", []):
+                command_name = result.get("command_line")[0].split("/")[-1]
+                ioc = self.indicators.check_process(command_name)
+                if ioc:
+                    result["matched_indicator"] = ioc
+                    self.detected.append(result)
+                    continue
+
+            SUSPICIOUS_UIDS = [
+                0,  # root
+                1000,  # system
+                2000,  # shell
+            ]
+            if result["uid"] in SUSPICIOUS_UIDS:
+                self.log.warning(
+                    f"Potentially suspicious crash in process '{result['process_name']}' "
+                    f"running as UID '{result['uid']}' in tombstone '{result['file_name']}' at {result['timestamp']}"
+                )
+                self.detected.append(result)
+
+    def parse_protobuf(
+        self, file_name: str, file_timestamp: datetime.datetime, data: bytes
+    ) -> None:
+        """Parse Android tombstone crash files from a protobuf object."""
+        tombstone_pb = Tombstone().parse(data)
+        tombstone_dict = tombstone_pb.to_dict(
+            betterproto.Casing.SNAKE, include_default_values=True
+        )
+
+        # Add some extra metadata
+        tombstone_dict["timestamp"] = self._parse_timestamp_string(
+            tombstone_pb.timestamp
+        )
+        tombstone_dict["file_name"] = file_name
+        tombstone_dict["file_timestamp"] = convert_datetime_to_iso(file_timestamp)
+        tombstone_dict["process_name"] = self._proccess_name_from_thread(tombstone_dict)
+
+        # Confirm the tombstone is valid, and matches the output model
+        tombstone = TombstoneCrashResult.model_validate(tombstone_dict)
+        self.results.append(tombstone.model_dump())
+
+    def parse(
+        self, file_name: str, file_timestamp: datetime.datetime, content: bytes
+    ) -> None:
+        """Parse text Android tombstone crash files."""
+        tombstone_dict = {
+            "file_name": file_name,
+            "file_timestamp": convert_datetime_to_iso(file_timestamp),
+        }
+        lines = content.decode("utf-8").splitlines()
+        for line_num, line in enumerate(lines, 1):
+            if not line.strip() or TOMBSTONE_DELIMITER in line:
+                continue
+            try:
+                for key, destination_key in TOMBSTONE_TEXT_KEY_MAPPINGS.items():
+                    if self._parse_tombstone_line(
+                        line, key, destination_key, tombstone_dict
+                    ):
+                        break
+            except Exception as e:
+                raise ValueError(f"Error parsing line {line_num}: {str(e)}")
+
+        # Validate the tombstone and add it to the results
+        tombstone = TombstoneCrashResult.model_validate(tombstone_dict)
+        self.results.append(tombstone.model_dump())
+
+    def _parse_tombstone_line(
+        self, line: str, key: str, destination_key: str, tombstone: dict
+    ) -> bool:
+        if not line.startswith(f"{key}"):
+            return False
+
+        if key == "pid":
+            return self._load_pid_line(line, tombstone)
+        elif key == "signal":
+            return self._load_signal_line(line, tombstone)
+        elif key == "Timestamp":
+            return self._load_timestamp_line(line, tombstone)
+        else:
+            return self._load_key_value_line(line, key, destination_key, tombstone)
+
+    def _load_key_value_line(
+        self, line: str, key: str, destination_key: str, tombstone: dict
+    ) -> bool:
+        line_key, value = line.split(":", 1)
+        if line_key != key:
+            raise ValueError(f"Expected key {key}, got {line_key}")
+
+        value_clean = value.strip().strip("'")
+        if destination_key == "uid":
+            tombstone[destination_key] = int(value_clean)
+        elif destination_key == "process_uptime":
+            # eg. "Process uptime: 40s"
+            tombstone[destination_key] = int(value_clean.rstrip("s"))
+        elif destination_key == "command_line":
+            # XXX: Check if command line should be a single string in a list, or a list of strings.
+            tombstone[destination_key] = [value_clean]
+        else:
+            tombstone[destination_key] = value_clean
+        return True
+
+    def _load_pid_line(self, line: str, tombstone: dict) -> bool:
+        try:
+            parts = line.split(" >>> ") if " >>> " in line else line.split(">>>")
+            process_info = parts[0]
+
+            # Parse pid, tid, name from process info
+            info_parts = [p.strip() for p in process_info.split(",")]
+            for info in info_parts:
+                key, value = info.split(":", 1)
+                key = key.strip()
+                value = value.strip()
+
+                if key == "pid":
+                    tombstone["pid"] = int(value)
+                elif key == "tid":
+                    tombstone["tid"] = int(value)
+                elif key == "name":
+                    tombstone["process_name"] = value
+
+            # Extract binary path if it exists
+            if len(parts) > 1:
+                tombstone["binary_path"] = parts[1].strip().rstrip(" <")
+
+            return True
+
+        except Exception as e:
+            raise ValueError(f"Failed to parse PID line: {str(e)}")
+
+    def _load_signal_line(self, line: str, tombstone: dict) -> bool:
+        signal_part, code_part = map(str.strip, line.split(",")[:2])
+
+        def parse_part(part: str, prefix: str) -> tuple[int, str]:
+            match = part.split(prefix)[1]
+            number = int(match.split()[0])
+            name = match.split("(")[1].split(")")[0] if "(" in match else "UNKNOWN"
+            return number, name
+
+        signal_number, signal_name = parse_part(signal_part, "signal ")
+        code_number, code_name = parse_part(code_part, "code ")
+
+        tombstone["signal_info"] = {
+            "code": code_number,
+            "code_name": code_name,
+            "name": signal_name,
+            "number": signal_number,
+        }
+        return True
+
+    def _load_timestamp_line(self, line: str, tombstone: dict) -> bool:
+        timestamp = line.split(":", 1)[1].strip()
+        tombstone["timestamp"] = self._parse_timestamp_string(timestamp)
+        return True
+
+    @staticmethod
+    def _parse_timestamp_string(timestamp: str) -> str:
+        timestamp_parsed = parser.parse(timestamp)
+        # HACK: Swap the local timestamp to UTC, so keep the original time and avoid timezone conversion.
+        local_timestamp = timestamp_parsed.replace(tzinfo=datetime.timezone.utc)
+        return convert_datetime_to_iso(local_timestamp)
+
+    @staticmethod
+    def _proccess_name_from_thread(tombstone_dict: dict) -> str:
+        if tombstone_dict.get("threads"):
+            for thread in tombstone_dict["threads"].values():
+                if thread.get("id") == tombstone_dict["tid"] and thread.get("name"):
+                    return thread["name"]
+        return "Unknown"

src/mvt/android/cli.py

@@ -31,6 +31,8 @@ from mvt.common.help import (
     HELP_MSG_HASHES,
     HELP_MSG_CHECK_IOCS,
     HELP_MSG_STIX2,
+    HELP_MSG_DISABLE_UPDATE_CHECK,
+    HELP_MSG_DISABLE_INDICATOR_UPDATE_CHECK,
 )
 from mvt.common.logo import logo
 from mvt.common.updates import IndicatorsUpdates
@@ -53,12 +55,37 @@ log = logging.getLogger("mvt")
 CONTEXT_SETTINGS = dict(help_option_names=["-h", "--help"])
 
 
+def _get_disable_flags(ctx):
+    """Helper function to safely get disable flags from context."""
+    if ctx.obj is None:
+        return False, False
+    return (
+        ctx.obj.get("disable_version_check", False),
+        ctx.obj.get("disable_indicator_check", False),
+    )
+
+
 # ==============================================================================
 # Main
 # ==============================================================================
 @click.group(invoke_without_command=False)
-def cli():
-    logo()
+@click.option(
+    "--disable-update-check", is_flag=True, help=HELP_MSG_DISABLE_UPDATE_CHECK
+)
+@click.option(
+    "--disable-indicator-update-check",
+    is_flag=True,
+    help=HELP_MSG_DISABLE_INDICATOR_UPDATE_CHECK,
+)
+@click.pass_context
+def cli(ctx, disable_update_check, disable_indicator_update_check):
+    ctx.ensure_object(dict)
+    ctx.obj["disable_version_check"] = disable_update_check
+    ctx.obj["disable_indicator_check"] = disable_indicator_update_check
+    logo(
+        disable_version_check=disable_update_check,
+        disable_indicator_check=disable_indicator_update_check,
+    )
 
 
 # ==============================================================================
@@ -166,6 +193,8 @@ def check_adb(
         module_name=module,
         serial=serial,
         module_options=module_options,
+        disable_version_check=_get_disable_flags(ctx)[0],
+        disable_indicator_check=_get_disable_flags(ctx)[1],
     )
 
     if list_modules:
@@ -212,6 +241,8 @@ def check_bugreport(ctx, iocs, output, list_modules, module, verbose, bugreport_
         ioc_files=iocs,
         module_name=module,
         hashes=True,
+        disable_version_check=_get_disable_flags(ctx)[0],
+        disable_indicator_check=_get_disable_flags(ctx)[1],
     )
 
     if list_modules:
@@ -274,6 +305,8 @@ def check_backup(
             "interactive": not non_interactive,
             "backup_password": cli_load_android_backup_password(log, backup_password),
         },
+        disable_version_check=_get_disable_flags(ctx)[0],
+        disable_indicator_check=_get_disable_flags(ctx)[1],
     )
 
     if list_modules:
@@ -338,6 +371,8 @@ def check_androidqf(
             "interactive": not non_interactive,
             "backup_password": cli_load_android_backup_password(log, backup_password),
         },
+        disable_version_check=_get_disable_flags(ctx)[0],
+        disable_indicator_check=_get_disable_flags(ctx)[1],
     )
 
     if list_modules:
@@ -372,7 +407,13 @@ def check_androidqf(
 @click.argument("FOLDER", type=click.Path(exists=True))
 @click.pass_context
 def check_iocs(ctx, iocs, list_modules, module, folder):
-    cmd = CmdCheckIOCS(target_path=folder, ioc_files=iocs, module_name=module)
+    cmd = CmdCheckIOCS(
+        target_path=folder,
+        ioc_files=iocs,
+        module_name=module,
+        disable_version_check=_get_disable_flags(ctx)[0],
+        disable_indicator_check=_get_disable_flags(ctx)[1],
+    )
     cmd.modules = BACKUP_MODULES + ADB_MODULES + BUGREPORT_MODULES
 
     if list_modules:

src/mvt/android/cmd_check_adb.py

@@ -22,6 +22,8 @@ class CmdAndroidCheckADB(Command):
         module_name: Optional[str] = None,
         serial: Optional[str] = None,
         module_options: Optional[dict] = None,
+        disable_version_check: bool = False,
+        disable_indicator_check: bool = False,
     ) -> None:
         super().__init__(
             target_path=target_path,
@@ -31,6 +33,8 @@ class CmdAndroidCheckADB(Command):
             serial=serial,
             module_options=module_options,
             log=log,
+            disable_version_check=disable_version_check,
+            disable_indicator_check=disable_indicator_check,
         )
 
         self.name = "check-adb"

src/mvt/android/cmd_check_androidqf.py

@@ -26,6 +26,8 @@ class CmdAndroidCheckAndroidQF(Command):
         serial: Optional[str] = None,
         module_options: Optional[dict] = None,
         hashes: bool = False,
+        disable_version_check: bool = False,
+        disable_indicator_check: bool = False,
     ) -> None:
         super().__init__(
             target_path=target_path,
@@ -36,6 +38,8 @@ class CmdAndroidCheckAndroidQF(Command):
             module_options=module_options,
             hashes=hashes,
             log=log,
+            disable_version_check=disable_version_check,
+            disable_indicator_check=disable_indicator_check,
         )
 
         self.name = "check-androidqf"

src/mvt/android/cmd_check_backup.py

@@ -36,6 +36,8 @@ class CmdAndroidCheckBackup(Command):
         serial: Optional[str] = None,
         module_options: Optional[dict] = None,
         hashes: bool = False,
+        disable_version_check: bool = False,
+        disable_indicator_check: bool = False,
     ) -> None:
         super().__init__(
             target_path=target_path,
@@ -46,6 +48,8 @@ class CmdAndroidCheckBackup(Command):
             module_options=module_options,
             hashes=hashes,
             log=log,
+            disable_version_check=disable_version_check,
+            disable_indicator_check=disable_indicator_check,
         )
 
         self.name = "check-backup"

src/mvt/android/cmd_check_bugreport.py

@@ -27,6 +27,8 @@ class CmdAndroidCheckBugreport(Command):
         serial: Optional[str] = None,
         module_options: Optional[dict] = None,
         hashes: bool = False,
+        disable_version_check: bool = False,
+        disable_indicator_check: bool = False,
     ) -> None:
         super().__init__(
             target_path=target_path,
@@ -37,6 +39,8 @@ class CmdAndroidCheckBugreport(Command):
             module_options=module_options,
             hashes=hashes,
             log=log,
+            disable_version_check=disable_version_check,
+            disable_indicator_check=disable_indicator_check,
         )
 
         self.name = "check-bugreport"

src/mvt/android/modules/adb/base.py

@@ -326,8 +326,7 @@ class AndroidExtraction(MVTModule):
 
         if not header["backup"]:
             self.log.error(
-                "Extracting SMS via Android backup failed. "
-                "No valid backup data found."
+                "Extracting SMS via Android backup failed. No valid backup data found."
             )
             return None
 

src/mvt/android/modules/adb/packages.py

@@ -75,8 +75,7 @@ class Packages(AndroidExtraction):
         for result in self.results:
             if result["package_name"] in ROOT_PACKAGES:
                 self.log.warning(
-                    "Found an installed package related to "
-                    'rooting/jailbreaking: "%s"',
+                    'Found an installed package related to rooting/jailbreaking: "%s"',
                     result["package_name"],
                 )
                 self.detected.append(result)
@@ -108,8 +107,7 @@ class Packages(AndroidExtraction):
                     result["matched_indicator"] = ioc
                     self.detected.append(result)
 
-    @staticmethod
-    def check_virustotal(packages: list) -> None:
+    def check_virustotal(self, packages: list) -> None:
         hashes = []
         for package in packages:
             for file in package.get("files", []):
@@ -144,8 +142,15 @@ class Packages(AndroidExtraction):
 
         for package in packages:
             for file in package.get("files", []):
-                row = [package["package_name"], file["path"]]
-
+                if "package_name" in package:
+                    row = [package["package_name"], file["path"]]
+                elif "name" in package:
+                    row = [package["name"], file["path"]]
+                else:
+                    self.log.error(
+                        f"Package {package} has no name or package_name. packages.json or apks.json is malformed"
+                    )
+                    continue
                 if file["sha256"] in detections:
                     detection = detections[file["sha256"]]
                     positives = detection.split("/")[0]

src/mvt/android/modules/adb/sms.py

@@ -70,7 +70,7 @@ class SMS(AndroidExtraction):
             "timestamp": record["isodate"],
             "module": self.__class__.__name__,
             "event": f"sms_{record['direction']}",
-            "data": f"{record.get('address', 'unknown source')}: \"{body}\"",
+            "data": f'{record.get("address", "unknown source")}: "{body}"',
         }
 
     def check_indicators(self) -> None:

src/mvt/android/modules/androidqf/__init__.py

@@ -14,10 +14,13 @@ from .dumpsys_receivers import DumpsysReceivers
 from .dumpsys_adb import DumpsysADBState
 from .getprop import Getprop
 from .packages import Packages
+from .dumpsys_platform_compat import DumpsysPlatformCompat
 from .processes import Processes
 from .settings import Settings
 from .sms import SMS
 from .files import Files
+from .root_binaries import RootBinaries
+from .mounts import Mounts
 
 ANDROIDQF_MODULES = [
     DumpsysActivities,
@@ -29,10 +32,13 @@ ANDROIDQF_MODULES = [
     DumpsysBatteryHistory,
     DumpsysADBState,
     Packages,
+    DumpsysPlatformCompat,
     Processes,
     Getprop,
     Settings,
     SMS,
     DumpsysPackages,
     Files,
+    RootBinaries,
+    Mounts,
 ]

src/mvt/android/modules/androidqf/base.py

@@ -48,6 +48,37 @@ class AndroidQFModule(MVTModule):
     def _get_files_by_pattern(self, pattern: str):
         return fnmatch.filter(self.files, pattern)
 
+    def _get_device_timezone(self):
+        """
+        Get the device timezone from the getprop.txt file.
+
+        This is needed to map local timestamps stored in some
+        Android log files to UTC/timezone-aware timestamps.
+        """
+        get_prop_files = self._get_files_by_pattern("*/getprop.txt")
+        if not get_prop_files:
+            self.log.warning(
+                "Could not find getprop.txt file. "
+                "Some timestamps and timeline data may be incorrect."
+            )
+            return None
+
+        from mvt.android.artifacts.getprop import GetProp
+
+        properties_artifact = GetProp()
+        prop_data = self._get_file_content(get_prop_files[0]).decode("utf-8")
+        properties_artifact.parse(prop_data)
+        timezone = properties_artifact.get_device_timezone()
+        if timezone:
+            self.log.debug("Identified local phone timezone: %s", timezone)
+            return timezone
+
+        self.log.warning(
+            "Could not find or determine local device timezone. "
+            "Some timestamps and timeline data may be incorrect."
+        )
+        return None
+
     def _get_file_content(self, file_path):
         if self.archive:
             handle = self.archive.open(file_path)

src/mvt/android/modules/androidqf/dumpsys_platform_compat.py

@@ -0,0 +1,44 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+import logging
+from typing import Optional
+
+from mvt.android.artifacts.dumpsys_platform_compat import DumpsysPlatformCompatArtifact
+
+from .base import AndroidQFModule
+
+
+class DumpsysPlatformCompat(DumpsysPlatformCompatArtifact, AndroidQFModule):
+    """This module extracts details on uninstalled apps."""
+
+    def __init__(
+        self,
+        file_path: Optional[str] = None,
+        target_path: Optional[str] = None,
+        results_path: Optional[str] = None,
+        module_options: Optional[dict] = None,
+        log: logging.Logger = logging.getLogger(__name__),
+        results: Optional[list] = None,
+    ) -> None:
+        super().__init__(
+            file_path=file_path,
+            target_path=target_path,
+            results_path=results_path,
+            module_options=module_options,
+            log=log,
+            results=results,
+        )
+
+    def run(self) -> None:
+        dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt")
+        if not dumpsys_file:
+            return
+
+        data = self._get_file_content(dumpsys_file[0]).decode("utf-8", errors="replace")
+        content = self.extract_dumpsys_section(data, "DUMP OF SERVICE platform_compat:")
+        self.parse(content)
+
+        self.log.info("Found %d uninstalled apps", len(self.results))

src/mvt/android/modules/androidqf/files.py

@@ -6,6 +6,11 @@
 import datetime
 import json
 import logging
+
+try:
+    import zoneinfo
+except ImportError:
+    from backports import zoneinfo
 from typing import Optional, Union
 
 from mvt.android.modules.androidqf.base import AndroidQFModule
@@ -74,7 +79,7 @@ class Files(AndroidQFModule):
         for result in self.results:
             ioc = self.indicators.check_file_path(result["path"])
             if ioc:
-                result["matched_indicator"] == ioc
+                result["matched_indicator"] = ioc
                 self.detected.append(result)
                 continue
 
@@ -106,6 +111,12 @@ class Files(AndroidQFModule):
             # TODO: adds SHA1 and MD5 when available in MVT
 
     def run(self) -> None:
+        if timezone := self._get_device_timezone():
+            device_timezone = zoneinfo.ZoneInfo(timezone)
+        else:
+            self.log.warning("Unable to determine device timezone, using UTC")
+            device_timezone = zoneinfo.ZoneInfo("UTC")
+
         for file in self._get_files_by_pattern("*/files.json"):
             rawdata = self._get_file_content(file).decode("utf-8", errors="ignore")
             try:
@@ -120,11 +131,18 @@ class Files(AndroidQFModule):
             for file_data in data:
                 for ts in ["access_time", "changed_time", "modified_time"]:
                     if ts in file_data:
-                        file_data[ts] = convert_datetime_to_iso(
-                            datetime.datetime.fromtimestamp(
-                                file_data[ts], tz=datetime.timezone.utc
-                            )
+                        utc_timestamp = datetime.datetime.fromtimestamp(
+                            file_data[ts], tz=datetime.timezone.utc
                         )
+                        # Convert the UTC timestamp to local tiem on Android device's local timezone
+                        local_timestamp = utc_timestamp.astimezone(device_timezone)
+
+                        # HACK: We only output the UTC timestamp in convert_datetime_to_iso, we
+                        # set the timestamp timezone to UTC, to avoid the timezone conversion again.
+                        local_timestamp = local_timestamp.replace(
+                            tzinfo=datetime.timezone.utc
+                        )
+                        file_data[ts] = convert_datetime_to_iso(local_timestamp)
 
                 self.results.append(file_data)
 

src/mvt/android/modules/androidqf/logfile_timestamps.py

@@ -0,0 +1,65 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+import os
+import datetime
+import logging
+from typing import Optional
+
+from mvt.common.utils import convert_datetime_to_iso
+from .base import AndroidQFModule
+from mvt.android.artifacts.file_timestamps import FileTimestampsArtifact
+
+
+class LogsFileTimestamps(FileTimestampsArtifact, AndroidQFModule):
+    """This module extracts records from battery daily updates."""
+
+    slug = "logfile_timestamps"
+
+    def __init__(
+        self,
+        file_path: Optional[str] = None,
+        target_path: Optional[str] = None,
+        results_path: Optional[str] = None,
+        module_options: Optional[dict] = None,
+        log: logging.Logger = logging.getLogger(__name__),
+        results: Optional[list] = None,
+    ) -> None:
+        super().__init__(
+            file_path=file_path,
+            target_path=target_path,
+            results_path=results_path,
+            module_options=module_options,
+            log=log,
+            results=results,
+        )
+
+    def _get_file_modification_time(self, file_path: str) -> dict:
+        if self.archive:
+            file_timetuple = self.archive.getinfo(file_path).date_time
+            return datetime.datetime(*file_timetuple)
+        else:
+            file_stat = os.stat(os.path.join(self.parent_path, file_path))
+            return datetime.datetime.fromtimestamp(file_stat.st_mtime)
+
+    def run(self) -> None:
+        filesystem_files = self._get_files_by_pattern("*/logs/*")
+
+        self.results = []
+        for file in filesystem_files:
+            # Only the modification time is available in the zip file metadata.
+            # The timezone is the local timezone of the machine the phone.
+            modification_time = self._get_file_modification_time(file)
+            self.results.append(
+                {
+                    "path": file,
+                    "modified_time": convert_datetime_to_iso(modification_time),
+                }
+            )
+
+        self.log.info(
+            "Extracted a total of %d filesystem timestamps from AndroidQF logs directory.",
+            len(self.results),
+        )

src/mvt/android/modules/androidqf/mounts.py

@@ -0,0 +1,74 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+import logging
+import json
+from typing import Optional
+
+from mvt.android.artifacts.mounts import Mounts as MountsArtifact
+
+from .base import AndroidQFModule
+
+
+class Mounts(MountsArtifact, AndroidQFModule):
+    """This module extracts and analyzes mount information from AndroidQF acquisitions."""
+
+    def __init__(
+        self,
+        file_path: Optional[str] = None,
+        target_path: Optional[str] = None,
+        results_path: Optional[str] = None,
+        module_options: Optional[dict] = None,
+        log: logging.Logger = logging.getLogger(__name__),
+        results: Optional[list] = None,
+    ) -> None:
+        super().__init__(
+            file_path=file_path,
+            target_path=target_path,
+            results_path=results_path,
+            module_options=module_options,
+            log=log,
+            results=results,
+        )
+        self.results = []
+
+    def run(self) -> None:
+        """
+        Run the mounts analysis module.
+
+        This module looks for mount information files collected by androidqf
+        and analyzes them for suspicious configurations, particularly focusing
+        on detecting root access indicators like /system mounted as read-write.
+        """
+        mount_files = self._get_files_by_pattern("*/mounts.json")
+
+        if not mount_files:
+            self.log.info("No mount information file found")
+            return
+
+        self.log.info("Found mount information file: %s", mount_files[0])
+
+        try:
+            data = self._get_file_content(mount_files[0]).decode(
+                "utf-8", errors="replace"
+            )
+        except Exception as exc:
+            self.log.error("Failed to read mount information file: %s", exc)
+            return
+
+        # Parse the mount data
+        try:
+            json_data = json.loads(data)
+
+            if isinstance(json_data, list):
+                # AndroidQF format: array of strings like
+                # "/dev/block/dm-12 on / type ext4 (ro,seclabel,noatime)"
+                mount_content = "\n".join(json_data)
+            self.parse(mount_content)
+        except Exception as exc:
+            self.log.error("Failed to parse mount information: %s", exc)
+            return
+
+        self.log.info("Extracted a total of %d mount entries", len(self.results))

src/mvt/android/modules/androidqf/packages.py

@@ -44,8 +44,7 @@ class Packages(AndroidQFModule):
         for result in self.results:
             if result["name"] in ROOT_PACKAGES:
                 self.log.warning(
-                    "Found an installed package related to "
-                    'rooting/jailbreaking: "%s"',
+                    'Found an installed package related to rooting/jailbreaking: "%s"',
                     result["name"],
                 )
                 self.detected.append(result)

src/mvt/android/modules/androidqf/root_binaries.py

@@ -0,0 +1,121 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+import json
+import logging
+from typing import Optional
+
+from .base import AndroidQFModule
+
+
+class RootBinaries(AndroidQFModule):
+    """This module analyzes root_binaries.json for root binaries found by androidqf."""
+
+    def __init__(
+        self,
+        file_path: Optional[str] = None,
+        target_path: Optional[str] = None,
+        results_path: Optional[str] = None,
+        module_options: Optional[dict] = None,
+        log: logging.Logger = logging.getLogger(__name__),
+        results: Optional[list] = None,
+    ) -> None:
+        super().__init__(
+            file_path=file_path,
+            target_path=target_path,
+            results_path=results_path,
+            module_options=module_options,
+            log=log,
+            results=results,
+        )
+
+    def serialize(self, record: dict) -> dict:
+        return {
+            "timestamp": record.get("timestamp"),
+            "module": self.__class__.__name__,
+            "event": "root_binary_found",
+            "data": f"Root binary found: {record['path']} (binary: {record['binary_name']})",
+        }
+
+    def check_indicators(self) -> None:
+        """Check for indicators of device rooting."""
+        if not self.results:
+            return
+
+        # All found root binaries are considered indicators of rooting
+        for result in self.results:
+            self.log.warning(
+                'Found root binary "%s" at path "%s"',
+                result["binary_name"],
+                result["path"],
+            )
+            self.detected.append(result)
+
+        if self.detected:
+            self.log.warning(
+                "Device shows signs of rooting with %d root binaries found",
+                len(self.detected),
+            )
+
+    def run(self) -> None:
+        """Run the root binaries analysis."""
+        root_binaries_files = self._get_files_by_pattern("*/root_binaries.json")
+
+        if not root_binaries_files:
+            self.log.info("No root_binaries.json file found")
+            return
+
+        rawdata = self._get_file_content(root_binaries_files[0]).decode(
+            "utf-8", errors="ignore"
+        )
+
+        try:
+            root_binary_paths = json.loads(rawdata)
+        except json.JSONDecodeError as e:
+            self.log.error("Failed to parse root_binaries.json: %s", e)
+            return
+
+        if not isinstance(root_binary_paths, list):
+            self.log.error("Expected root_binaries.json to contain a list of paths")
+            return
+
+        # Known root binary names that might be found and their descriptions
+        # This maps the binary name to a human-readable description
+        known_root_binaries = {
+            "su": "SuperUser binary",
+            "busybox": "BusyBox utilities",
+            "supersu": "SuperSU root management",
+            "Superuser.apk": "Superuser app",
+            "KingoUser.apk": "KingRoot app",
+            "SuperSu.apk": "SuperSU app",
+            "magisk": "Magisk root framework",
+            "magiskhide": "Magisk hide utility",
+            "magiskinit": "Magisk init binary",
+            "magiskpolicy": "Magisk policy binary",
+        }
+
+        for path in root_binary_paths:
+            if not path or not isinstance(path, str):
+                continue
+
+            # Extract binary name from path
+            binary_name = path.split("/")[-1].lower()
+
+            # Check if this matches a known root binary by exact name match
+            description = "Unknown root binary"
+            for known_binary in known_root_binaries:
+                if binary_name == known_binary.lower():
+                    description = known_root_binaries[known_binary]
+                    break
+
+            result = {
+                "path": path.strip(),
+                "binary_name": binary_name,
+                "description": description,
+            }
+
+            self.results.append(result)
+
+        self.log.info("Found %d root binaries", len(self.results))

src/mvt/android/modules/backup/helpers.py

@@ -3,10 +3,11 @@
 # Use of this software is governed by the MVT License 1.1 that can be found at
 #   https://license.mvt.re/1.1/
 
-import os
 
 from rich.prompt import Prompt
 
+from mvt.common.config import settings
+
 MVT_ANDROID_BACKUP_PASSWORD = "MVT_ANDROID_BACKUP_PASSWORD"
 
 
@@ -16,24 +17,24 @@ def cli_load_android_backup_password(log, backup_password):
 
     Used in MVT CLI command parsers.
     """
-    password_from_env = os.environ.get(MVT_ANDROID_BACKUP_PASSWORD, None)
+    password_from_env_or_config = settings.ANDROID_BACKUP_PASSWORD
     if backup_password:
         log.info(
             "Your password may be visible in the process table because it "
             "was supplied on the command line!"
         )
-        if password_from_env:
+        if password_from_env_or_config:
             log.info(
                 "Ignoring %s environment variable, using --backup-password argument instead",
-                MVT_ANDROID_BACKUP_PASSWORD,
+                "MVT_ANDROID_BACKUP_PASSWORD",
             )
         return backup_password
-    elif password_from_env:
+    elif password_from_env_or_config:
         log.info(
-            "Using backup password from %s environment variable",
-            MVT_ANDROID_BACKUP_PASSWORD,
+            "Using backup password from %s environment variable or config file",
+            "MVT_ANDROID_BACKUP_PASSWORD",
         )
-        return password_from_env
+        return password_from_env_or_config
 
 
 def prompt_or_load_android_backup_password(log, module_options):

src/mvt/android/modules/bugreport/__init__.py

@@ -11,8 +11,11 @@ from .battery_history import BatteryHistory
 from .dbinfo import DBInfo
 from .getprop import Getprop
 from .packages import Packages
+from .platform_compat import PlatformCompat
 from .receivers import Receivers
 from .adb_state import DumpsysADBState
+from .fs_timestamps import BugReportTimestamps
+from .tombstones import Tombstones
 
 BUGREPORT_MODULES = [
     Accessibility,
@@ -23,6 +26,9 @@ BUGREPORT_MODULES = [
     DBInfo,
     Getprop,
     Packages,
+    PlatformCompat,
     Receivers,
     DumpsysADBState,
+    BugReportTimestamps,
+    Tombstones,
 ]

src/mvt/android/modules/bugreport/base.py

@@ -2,10 +2,11 @@
 # Copyright (c) 2021-2023 The MVT Authors.
 # See the file 'LICENSE' for usage and copying permissions, or find a copy at
 #   https://github.com/mvt-project/mvt/blob/main/LICENSE
-
+import datetime
 import fnmatch
 import logging
 import os
+
 from typing import List, Optional
 from zipfile import ZipFile
 
@@ -91,3 +92,11 @@ class BugReportModule(MVTModule):
                 return None
 
             return self._get_file_content(dumpstate_logs[0])
+
+    def _get_file_modification_time(self, file_path: str) -> dict:
+        if self.zip_archive:
+            file_timetuple = self.zip_archive.getinfo(file_path).date_time
+            return datetime.datetime(*file_timetuple)
+        else:
+            file_stat = os.stat(os.path.join(self.extract_path, file_path))
+            return datetime.datetime.fromtimestamp(file_stat.st_mtime)

src/mvt/android/modules/bugreport/fs_timestamps.py

@@ -0,0 +1,55 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+import logging
+from typing import Optional
+
+from mvt.common.utils import convert_datetime_to_iso
+from .base import BugReportModule
+from mvt.android.artifacts.file_timestamps import FileTimestampsArtifact
+
+
+class BugReportTimestamps(FileTimestampsArtifact, BugReportModule):
+    """This module extracts records from battery daily updates."""
+
+    slug = "bugreport_timestamps"
+
+    def __init__(
+        self,
+        file_path: Optional[str] = None,
+        target_path: Optional[str] = None,
+        results_path: Optional[str] = None,
+        module_options: Optional[dict] = None,
+        log: logging.Logger = logging.getLogger(__name__),
+        results: Optional[list] = None,
+    ) -> None:
+        super().__init__(
+            file_path=file_path,
+            target_path=target_path,
+            results_path=results_path,
+            module_options=module_options,
+            log=log,
+            results=results,
+        )
+
+    def run(self) -> None:
+        filesystem_files = self._get_files_by_pattern("FS/*")
+
+        self.results = []
+        for file in filesystem_files:
+            # Only the modification time is available in the zip file metadata.
+            # The timezone is the local timezone of the machine the phone.
+            modification_time = self._get_file_modification_time(file)
+            self.results.append(
+                {
+                    "path": file,
+                    "modified_time": convert_datetime_to_iso(modification_time),
+                }
+            )
+
+        self.log.info(
+            "Extracted a total of %d filesystem timestamps from bugreport.",
+            len(self.results),
+        )

src/mvt/android/modules/bugreport/platform_compat.py

@@ -0,0 +1,48 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+import logging
+from typing import Optional
+
+from mvt.android.artifacts.dumpsys_platform_compat import DumpsysPlatformCompatArtifact
+
+from mvt.android.modules.bugreport.base import BugReportModule
+
+
+class PlatformCompat(DumpsysPlatformCompatArtifact, BugReportModule):
+    """This module extracts details on uninstalled apps."""
+
+    def __init__(
+        self,
+        file_path: Optional[str] = None,
+        target_path: Optional[str] = None,
+        results_path: Optional[str] = None,
+        module_options: Optional[dict] = None,
+        log: logging.Logger = logging.getLogger(__name__),
+        results: Optional[list] = None,
+    ) -> None:
+        super().__init__(
+            file_path=file_path,
+            target_path=target_path,
+            results_path=results_path,
+            module_options=module_options,
+            log=log,
+            results=results,
+        )
+
+    def run(self) -> None:
+        data = self._get_dumpstate_file()
+        if not data:
+            self.log.error(
+                "Unable to find dumpstate file. "
+                "Did you provide a valid bug report archive?"
+            )
+            return
+
+        data = data.decode("utf-8", errors="replace")
+        content = self.extract_dumpsys_section(data, "DUMP OF SERVICE platform_compat:")
+        self.parse(content)
+
+        self.log.info("Found %d uninstalled apps", len(self.results))

src/mvt/android/modules/bugreport/tombstones.py

@@ -0,0 +1,64 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+import logging
+from typing import Optional
+
+from mvt.android.artifacts.tombstone_crashes import TombstoneCrashArtifact
+from .base import BugReportModule
+
+
+class Tombstones(TombstoneCrashArtifact, BugReportModule):
+    """This module extracts records from battery daily updates."""
+
+    slug = "tombstones"
+
+    def __init__(
+        self,
+        file_path: Optional[str] = None,
+        target_path: Optional[str] = None,
+        results_path: Optional[str] = None,
+        module_options: Optional[dict] = None,
+        log: logging.Logger = logging.getLogger(__name__),
+        results: Optional[list] = None,
+    ) -> None:
+        super().__init__(
+            file_path=file_path,
+            target_path=target_path,
+            results_path=results_path,
+            module_options=module_options,
+            log=log,
+            results=results,
+        )
+
+    def run(self) -> None:
+        tombstone_files = self._get_files_by_pattern("*/tombstone_*")
+        if not tombstone_files:
+            self.log.error(
+                "Unable to find any tombstone files. "
+                "Did you provide a valid bugreport archive?"
+            )
+            return
+
+        for tombstone_file in sorted(tombstone_files):
+            tombstone_filename = tombstone_file.split("/")[-1]
+            modification_time = self._get_file_modification_time(tombstone_file)
+            tombstone_data = self._get_file_content(tombstone_file)
+
+            try:
+                if tombstone_file.endswith(".pb"):
+                    self.parse_protobuf(
+                        tombstone_filename, modification_time, tombstone_data
+                    )
+                else:
+                    self.parse(tombstone_filename, modification_time, tombstone_data)
+            except ValueError as e:
+                # Catch any exceptions raised during parsing or validation.
+                self.log.error(f"Error parsing tombstone file {tombstone_file}: {e}")
+
+        self.log.info(
+            "Extracted a total of %d tombstone files",
+            len(self.results),
+        )

src/mvt/android/parsers/backup.py

@@ -231,6 +231,7 @@ def parse_sms_file(data):
             entry.pop("mms_body")
 
         body = entry.get("body", None)
+        message_links = None
         if body:
             message_links = check_for_links(entry["body"])
 

src/mvt/android/parsers/proto/tombstone.proto

@@ -0,0 +1,195 @@
+// tombstone.proto file from Android source
+// Src: https://android.googlesource.com/platform/system/core/+/refs/heads/main/debuggerd/proto/tombstone.proto
+//
+// Protobuf definition for Android tombstones.
+//
+// An app can get hold of these for any `REASON_CRASH_NATIVE` instance of
+// `android.app.ApplicationExitInfo`.
+//
+// https://developer.android.com/reference/android/app/ApplicationExitInfo#getTraceInputStream()
+//
+syntax = "proto3";
+option java_package = "com.android.server.os";
+option java_outer_classname = "TombstoneProtos";
+// NOTE TO OEMS:
+// If you add custom fields to this proto, do not use numbers in the reserved range.
+message CrashDetail {
+  bytes name = 1;
+  bytes data = 2;
+  reserved 3 to 999;
+}
+message StackHistoryBufferEntry {
+  BacktraceFrame addr = 1;
+  uint64 fp = 2;
+  uint64 tag = 3;
+  reserved 4 to 999;
+}
+message StackHistoryBuffer {
+  uint64 tid = 1;
+  repeated StackHistoryBufferEntry entries = 2;
+  reserved 3 to 999;
+}
+message Tombstone {
+  Architecture arch = 1;
+  Architecture guest_arch = 24;
+  string build_fingerprint = 2;
+  string revision = 3;
+  string timestamp = 4;
+  uint32 pid = 5;
+  uint32 tid = 6;
+  uint32 uid = 7;
+  string selinux_label = 8;
+  repeated string command_line = 9;
+  // Process uptime in seconds.
+  uint32 process_uptime = 20;
+  Signal signal_info = 10;
+  string abort_message = 14;
+  repeated CrashDetail crash_details = 21;
+  repeated Cause causes = 15;
+  map<uint32, Thread> threads = 16;
+  map<uint32, Thread> guest_threads = 25;
+  repeated MemoryMapping memory_mappings = 17;
+  repeated LogBuffer log_buffers = 18;
+  repeated FD open_fds = 19;
+  uint32 page_size = 22;
+  bool has_been_16kb_mode = 23;
+  StackHistoryBuffer stack_history_buffer = 26;
+  reserved 27 to 999;
+}
+enum Architecture {
+  ARM32 = 0;
+  ARM64 = 1;
+  X86 = 2;
+  X86_64 = 3;
+  RISCV64 = 4;
+  NONE = 5;
+  reserved 6 to 999;
+}
+message Signal {
+  int32 number = 1;
+  string name = 2;
+  int32 code = 3;
+  string code_name = 4;
+  bool has_sender = 5;
+  int32 sender_uid = 6;
+  int32 sender_pid = 7;
+  bool has_fault_address = 8;
+  uint64 fault_address = 9;
+  // Note, may or may not contain the dump of the actual memory contents. Currently, on arm64, we
+  // only include metadata, and not the contents.
+  MemoryDump fault_adjacent_metadata = 10;
+  reserved 11 to 999;
+}
+message HeapObject {
+  uint64 address = 1;
+  uint64 size = 2;
+  uint64 allocation_tid = 3;
+  repeated BacktraceFrame allocation_backtrace = 4;
+  uint64 deallocation_tid = 5;
+  repeated BacktraceFrame deallocation_backtrace = 6;
+}
+message MemoryError {
+  enum Tool {
+    GWP_ASAN = 0;
+    SCUDO = 1;
+    reserved 2 to 999;
+  }
+  Tool tool = 1;
+  enum Type {
+    UNKNOWN = 0;
+    USE_AFTER_FREE = 1;
+    DOUBLE_FREE = 2;
+    INVALID_FREE = 3;
+    BUFFER_OVERFLOW = 4;
+    BUFFER_UNDERFLOW = 5;
+    reserved 6 to 999;
+  }
+  Type type = 2;
+  oneof location {
+    HeapObject heap = 3;
+  }
+  reserved 4 to 999;
+}
+message Cause {
+  string human_readable = 1;
+  oneof details {
+    MemoryError memory_error = 2;
+  }
+  reserved 3 to 999;
+}
+message Register {
+  string name = 1;
+  uint64 u64 = 2;
+  reserved 3 to 999;
+}
+message Thread {
+  int32 id = 1;
+  string name = 2;
+  repeated Register registers = 3;
+  repeated string backtrace_note = 7;
+  repeated string unreadable_elf_files = 9;
+  repeated BacktraceFrame current_backtrace = 4;
+  repeated MemoryDump memory_dump = 5;
+  int64 tagged_addr_ctrl = 6;
+  int64 pac_enabled_keys = 8;
+  reserved 10 to 999;
+}
+message BacktraceFrame {
+  uint64 rel_pc = 1;
+  uint64 pc = 2;
+  uint64 sp = 3;
+  string function_name = 4;
+  uint64 function_offset = 5;
+  string file_name = 6;
+  uint64 file_map_offset = 7;
+  string build_id = 8;
+  reserved 9 to 999;
+}
+message ArmMTEMetadata {
+  // One memory tag per granule (e.g. every 16 bytes) of regular memory.
+  bytes memory_tags = 1;
+  reserved 2 to 999;
+}
+message MemoryDump {
+  string register_name = 1;
+  string mapping_name = 2;
+  uint64 begin_address = 3;
+  bytes memory = 4;
+  oneof metadata {
+    ArmMTEMetadata arm_mte_metadata = 6;
+  }
+  reserved 5, 7 to 999;
+}
+message MemoryMapping {
+  uint64 begin_address = 1;
+  uint64 end_address = 2;
+  uint64 offset = 3;
+  bool read = 4;
+  bool write = 5;
+  bool execute = 6;
+  string mapping_name = 7;
+  string build_id = 8;
+  uint64 load_bias = 9;
+  reserved 10 to 999;
+}
+message FD {
+  int32 fd = 1;
+  string path = 2;
+  string owner = 3;
+  uint64 tag = 4;
+  reserved 5 to 999;
+}
+message LogBuffer {
+  string name = 1;
+  repeated LogMessage logs = 2;
+  reserved 3 to 999;
+}
+message LogMessage {
+  string timestamp = 1;
+  uint32 pid = 2;
+  uint32 tid = 3;
+  uint32 priority = 4;
+  string tag = 5;
+  string message = 6;
+  reserved 7 to 999;
+}

src/mvt/android/parsers/proto/tombstone.py

@@ -0,0 +1,208 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# sources: tombstone.proto
+# plugin: python-betterproto
+from dataclasses import dataclass
+from typing import Dict, List
+
+import betterproto
+
+
+class Architecture(betterproto.Enum):
+    ARM32 = 0
+    ARM64 = 1
+    X86 = 2
+    X86_64 = 3
+    RISCV64 = 4
+    NONE = 5
+
+
+class MemoryErrorTool(betterproto.Enum):
+    GWP_ASAN = 0
+    SCUDO = 1
+
+
+class MemoryErrorType(betterproto.Enum):
+    UNKNOWN = 0
+    USE_AFTER_FREE = 1
+    DOUBLE_FREE = 2
+    INVALID_FREE = 3
+    BUFFER_OVERFLOW = 4
+    BUFFER_UNDERFLOW = 5
+
+
+@dataclass
+class CrashDetail(betterproto.Message):
+    """
+    NOTE TO OEMS: If you add custom fields to this proto, do not use numbers in
+    the reserved range.
+    """
+
+    name: bytes = betterproto.bytes_field(1)
+    data: bytes = betterproto.bytes_field(2)
+
+
+@dataclass
+class StackHistoryBufferEntry(betterproto.Message):
+    addr: "BacktraceFrame" = betterproto.message_field(1)
+    fp: int = betterproto.uint64_field(2)
+    tag: int = betterproto.uint64_field(3)
+
+
+@dataclass
+class StackHistoryBuffer(betterproto.Message):
+    tid: int = betterproto.uint64_field(1)
+    entries: List["StackHistoryBufferEntry"] = betterproto.message_field(2)
+
+
+@dataclass
+class Tombstone(betterproto.Message):
+    arch: "Architecture" = betterproto.enum_field(1)
+    guest_arch: "Architecture" = betterproto.enum_field(24)
+    build_fingerprint: str = betterproto.string_field(2)
+    revision: str = betterproto.string_field(3)
+    timestamp: str = betterproto.string_field(4)
+    pid: int = betterproto.uint32_field(5)
+    tid: int = betterproto.uint32_field(6)
+    uid: int = betterproto.uint32_field(7)
+    selinux_label: str = betterproto.string_field(8)
+    command_line: List[str] = betterproto.string_field(9)
+    # Process uptime in seconds.
+    process_uptime: int = betterproto.uint32_field(20)
+    signal_info: "Signal" = betterproto.message_field(10)
+    abort_message: str = betterproto.string_field(14)
+    crash_details: List["CrashDetail"] = betterproto.message_field(21)
+    causes: List["Cause"] = betterproto.message_field(15)
+    threads: Dict[int, "Thread"] = betterproto.map_field(
+        16, betterproto.TYPE_UINT32, betterproto.TYPE_MESSAGE
+    )
+    guest_threads: Dict[int, "Thread"] = betterproto.map_field(
+        25, betterproto.TYPE_UINT32, betterproto.TYPE_MESSAGE
+    )
+    memory_mappings: List["MemoryMapping"] = betterproto.message_field(17)
+    log_buffers: List["LogBuffer"] = betterproto.message_field(18)
+    open_fds: List["FD"] = betterproto.message_field(19)
+    page_size: int = betterproto.uint32_field(22)
+    has_been_16kb_mode: bool = betterproto.bool_field(23)
+    stack_history_buffer: "StackHistoryBuffer" = betterproto.message_field(26)
+
+
+@dataclass
+class Signal(betterproto.Message):
+    number: int = betterproto.int32_field(1)
+    name: str = betterproto.string_field(2)
+    code: int = betterproto.int32_field(3)
+    code_name: str = betterproto.string_field(4)
+    has_sender: bool = betterproto.bool_field(5)
+    sender_uid: int = betterproto.int32_field(6)
+    sender_pid: int = betterproto.int32_field(7)
+    has_fault_address: bool = betterproto.bool_field(8)
+    fault_address: int = betterproto.uint64_field(9)
+    # Note, may or may not contain the dump of the actual memory contents.
+    # Currently, on arm64, we only include metadata, and not the contents.
+    fault_adjacent_metadata: "MemoryDump" = betterproto.message_field(10)
+
+
+@dataclass
+class HeapObject(betterproto.Message):
+    address: int = betterproto.uint64_field(1)
+    size: int = betterproto.uint64_field(2)
+    allocation_tid: int = betterproto.uint64_field(3)
+    allocation_backtrace: List["BacktraceFrame"] = betterproto.message_field(4)
+    deallocation_tid: int = betterproto.uint64_field(5)
+    deallocation_backtrace: List["BacktraceFrame"] = betterproto.message_field(6)
+
+
+@dataclass
+class MemoryError(betterproto.Message):
+    tool: "MemoryErrorTool" = betterproto.enum_field(1)
+    type: "MemoryErrorType" = betterproto.enum_field(2)
+    heap: "HeapObject" = betterproto.message_field(3, group="location")
+
+
+@dataclass
+class Cause(betterproto.Message):
+    human_readable: str = betterproto.string_field(1)
+    memory_error: "MemoryError" = betterproto.message_field(2, group="details")
+
+
+@dataclass
+class Register(betterproto.Message):
+    name: str = betterproto.string_field(1)
+    u64: int = betterproto.uint64_field(2)
+
+
+@dataclass
+class Thread(betterproto.Message):
+    id: int = betterproto.int32_field(1)
+    name: str = betterproto.string_field(2)
+    registers: List["Register"] = betterproto.message_field(3)
+    backtrace_note: List[str] = betterproto.string_field(7)
+    unreadable_elf_files: List[str] = betterproto.string_field(9)
+    current_backtrace: List["BacktraceFrame"] = betterproto.message_field(4)
+    memory_dump: List["MemoryDump"] = betterproto.message_field(5)
+    tagged_addr_ctrl: int = betterproto.int64_field(6)
+    pac_enabled_keys: int = betterproto.int64_field(8)
+
+
+@dataclass
+class BacktraceFrame(betterproto.Message):
+    rel_pc: int = betterproto.uint64_field(1)
+    pc: int = betterproto.uint64_field(2)
+    sp: int = betterproto.uint64_field(3)
+    function_name: str = betterproto.string_field(4)
+    function_offset: int = betterproto.uint64_field(5)
+    file_name: str = betterproto.string_field(6)
+    file_map_offset: int = betterproto.uint64_field(7)
+    build_id: str = betterproto.string_field(8)
+
+
+@dataclass
+class ArmMTEMetadata(betterproto.Message):
+    # One memory tag per granule (e.g. every 16 bytes) of regular memory.
+    memory_tags: bytes = betterproto.bytes_field(1)
+
+
+@dataclass
+class MemoryDump(betterproto.Message):
+    register_name: str = betterproto.string_field(1)
+    mapping_name: str = betterproto.string_field(2)
+    begin_address: int = betterproto.uint64_field(3)
+    memory: bytes = betterproto.bytes_field(4)
+    arm_mte_metadata: "ArmMTEMetadata" = betterproto.message_field(6, group="metadata")
+
+
+@dataclass
+class MemoryMapping(betterproto.Message):
+    begin_address: int = betterproto.uint64_field(1)
+    end_address: int = betterproto.uint64_field(2)
+    offset: int = betterproto.uint64_field(3)
+    read: bool = betterproto.bool_field(4)
+    write: bool = betterproto.bool_field(5)
+    execute: bool = betterproto.bool_field(6)
+    mapping_name: str = betterproto.string_field(7)
+    build_id: str = betterproto.string_field(8)
+    load_bias: int = betterproto.uint64_field(9)
+
+
+@dataclass
+class FD(betterproto.Message):
+    fd: int = betterproto.int32_field(1)
+    path: str = betterproto.string_field(2)
+    owner: str = betterproto.string_field(3)
+    tag: int = betterproto.uint64_field(4)
+
+
+@dataclass
+class LogBuffer(betterproto.Message):
+    name: str = betterproto.string_field(1)
+    logs: List["LogMessage"] = betterproto.message_field(2)
+
+
+@dataclass
+class LogMessage(betterproto.Message):
+    timestamp: str = betterproto.string_field(1)
+    pid: int = betterproto.uint32_field(2)
+    tid: int = betterproto.uint32_field(3)
+    priority: int = betterproto.uint32_field(4)
+    tag: str = betterproto.string_field(5)
+    message: str = betterproto.string_field(6)

src/mvt/common/cmd_check_iocs.py

@@ -22,6 +22,8 @@ class CmdCheckIOCS(Command):
         module_name: Optional[str] = None,
         serial: Optional[str] = None,
         module_options: Optional[dict] = None,
+        disable_version_check: bool = False,
+        disable_indicator_check: bool = False,
     ) -> None:
         super().__init__(
             target_path=target_path,
@@ -31,6 +33,8 @@ class CmdCheckIOCS(Command):
             serial=serial,
             module_options=module_options,
             log=log,
+            disable_version_check=disable_version_check,
+            disable_indicator_check=disable_indicator_check,
         )
 
         self.name = "check-iocs"
@@ -65,6 +69,10 @@ class CmdCheckIOCS(Command):
                 m = iocs_module.from_json(
                     file_path, log=logging.getLogger(iocs_module.__module__)
                 )
+                if not m:
+                    log.warning("No result from this module, skipping it")
+                    continue
+
                 if self.iocs.total_ioc_count > 0:
                     m.indicators = self.iocs
                     m.indicators.log = m.log

src/mvt/common/command.py

@@ -17,6 +17,7 @@ from mvt.common.utils import (
     generate_hashes_from_path,
     get_sha256_from_file_path,
 )
+from mvt.common.config import settings
 from mvt.common.version import MVT_VERSION
 
 
@@ -31,6 +32,8 @@ class Command:
         module_options: Optional[dict] = None,
         hashes: bool = False,
         log: logging.Logger = logging.getLogger(__name__),
+        disable_version_check: bool = False,
+        disable_indicator_check: bool = False,
     ) -> None:
         self.name = ""
         self.modules = []
@@ -41,6 +44,8 @@ class Command:
         self.module_name = module_name
         self.serial = serial
         self.log = log
+        self.disable_version_check = disable_version_check
+        self.disable_indicator_check = disable_indicator_check
 
         # This dictionary can contain options that will be passed down from
         # the Command to all modules. This can for example be used to pass
@@ -81,7 +86,7 @@ class Command:
             os.path.join(self.results_path, "command.log")
         )
         formatter = logging.Formatter(
-            "%(asctime)s - %(name)s - " "%(levelname)s - %(message)s"
+            "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
         )
         file_handler.setLevel(logging.DEBUG)
         file_handler.setFormatter(formatter)
@@ -100,15 +105,25 @@ class Command:
         if not self.results_path:
             return
 
+        # We use local timestamps in the timeline on Android as many
+        # logs do not contain timezone information.
+        if type(self).__name__.startswith("CmdAndroid"):
+            is_utc = False
+        else:
+            is_utc = True
+
         if len(self.timeline) > 0:
             save_timeline(
-                self.timeline, os.path.join(self.results_path, "timeline.csv")
+                self.timeline,
+                os.path.join(self.results_path, "timeline.csv"),
+                is_utc=is_utc,
             )
 
         if len(self.timeline_detected) > 0:
             save_timeline(
                 self.timeline_detected,
                 os.path.join(self.results_path, "timeline_detected.csv"),
+                is_utc=is_utc,
             )
 
     def _store_info(self) -> None:
@@ -132,7 +147,7 @@ class Command:
             if ioc_file_path and ioc_file_path not in info["ioc_files"]:
                 info["ioc_files"].append(ioc_file_path)
 
-        if self.target_path and (os.environ.get("MVT_HASH_FILES") or self.hashes):
+        if self.target_path and (settings.HASH_FILES or self.hashes):
             self.generate_hashes()
 
         info["hashes"] = self.hash_values
@@ -141,7 +156,7 @@ class Command:
         with open(info_path, "w+", encoding="utf-8") as handle:
             json.dump(info, handle, indent=4)
 
-        if self.target_path and (os.environ.get("MVT_HASH_FILES") or self.hashes):
+        if self.target_path and (settings.HASH_FILES or self.hashes):
             info_hash = get_sha256_from_file_path(info_path)
             self.log.info('Reference hash of the info.json file: "%s"', info_hash)
 

src/mvt/common/config.py

@@ -0,0 +1,105 @@
+import os
+import yaml
+import json
+
+from typing import Tuple, Type, Optional
+from appdirs import user_config_dir
+from pydantic import AnyHttpUrl, Field
+from pydantic_settings import (
+    BaseSettings,
+    InitSettingsSource,
+    PydanticBaseSettingsSource,
+    SettingsConfigDict,
+    YamlConfigSettingsSource,
+)
+
+MVT_CONFIG_FOLDER = user_config_dir("mvt")
+MVT_CONFIG_PATH = os.path.join(MVT_CONFIG_FOLDER, "config.yaml")
+
+
+class MVTSettings(BaseSettings):
+    model_config = SettingsConfigDict(
+        env_prefix="MVT_",
+        env_nested_delimiter="_",
+        extra="ignore",
+        nested_model_default_partial_updates=True,
+    )
+    # Allow to decided if want to load environment variables
+    load_env: bool = Field(True, exclude=True)
+
+    # General settings
+    PYPI_UPDATE_URL: AnyHttpUrl = Field(
+        "https://pypi.org/pypi/mvt/json",
+        validate_default=False,
+    )
+    NETWORK_ACCESS_ALLOWED: bool = True
+    NETWORK_TIMEOUT: int = 15
+
+    # Command default settings, all can be specified by MVT_ prefixed environment variables too.
+    IOS_BACKUP_PASSWORD: Optional[str] = Field(
+        None, description="Default password to use to decrypt iOS backups"
+    )
+    ANDROID_BACKUP_PASSWORD: Optional[str] = Field(
+        None, description="Default password to use to decrypt Android backups"
+    )
+    STIX2: Optional[str] = Field(
+        None, description="List of directories where STIX2 files are stored"
+    )
+    VT_API_KEY: Optional[str] = Field(
+        None, description="API key to use for VirusTotal lookups"
+    )
+    PROFILE: bool = Field(False, description="Profile the execution of MVT modules")
+    HASH_FILES: bool = Field(False, description="Should MVT hash output files")
+
+    @classmethod
+    def settings_customise_sources(
+        cls,
+        settings_cls: Type[BaseSettings],
+        init_settings: InitSettingsSource,
+        env_settings: PydanticBaseSettingsSource,
+        dotenv_settings: PydanticBaseSettingsSource,
+        file_secret_settings: PydanticBaseSettingsSource,
+    ) -> Tuple[PydanticBaseSettingsSource, ...]:
+        sources = (
+            YamlConfigSettingsSource(settings_cls, MVT_CONFIG_PATH),
+            init_settings,
+        )
+        # Load env variables if enabled
+        if init_settings.init_kwargs.get("load_env", True):
+            sources = (env_settings,) + sources
+        return sources
+
+    def save_settings(
+        self,
+    ) -> None:
+        """
+        Save the current settings to a file.
+        """
+        if not os.path.isdir(MVT_CONFIG_FOLDER):
+            os.makedirs(MVT_CONFIG_FOLDER)
+
+        # Dump the settings to the YAML file
+        model_serializable = json.loads(self.model_dump_json(exclude_defaults=True))
+        with open(MVT_CONFIG_PATH, "w") as config_file:
+            config_file.write(yaml.dump(model_serializable, default_flow_style=False))
+
+    @classmethod
+    def initialise(cls) -> "MVTSettings":
+        """
+        Initialise the settings file.
+
+        We first initialise the settings (without env variable) and then persist
+        them to file. This way we can update the config file with the default values.
+
+        Afterwards we load the settings again, this time including the env variables.
+        """
+        # Set invalid env prefix to avoid loading env variables.
+        settings = MVTSettings(load_env=False)
+        settings.save_settings()
+
+        # Load the settings again with any ENV variables.
+        settings = MVTSettings(load_env=True)
+        return settings
+
+
+settings = MVTSettings.initialise()

src/mvt/common/help.py

@@ -15,6 +15,8 @@ HELP_MSG_HASHES = "Generate hashes of all the files analyzed"
 HELP_MSG_VERBOSE = "Verbose mode"
 HELP_MSG_CHECK_IOCS = "Compare stored JSON results to provided indicators"
 HELP_MSG_STIX2 = "Download public STIX2 indicators"
+HELP_MSG_DISABLE_UPDATE_CHECK = "Disable MVT version update check"
+HELP_MSG_DISABLE_INDICATOR_UPDATE_CHECK = "Disable indicators update check"
 
 # IOS Specific
 HELP_MSG_DECRYPT_BACKUP = "Decrypt an encrypted iTunes backup"

src/mvt/common/indicators.py

@@ -14,6 +14,7 @@ import ahocorasick
 from appdirs import user_data_dir
 
 from .url import URL
+from .config import settings
 
 MVT_DATA_FOLDER = user_data_dir("mvt")
 MVT_INDICATORS_FOLDER = os.path.join(MVT_DATA_FOLDER, "indicators")
@@ -41,12 +42,12 @@ class Indicators:
 
     def _check_stix2_env_variable(self) -> None:
         """
-        Checks if a variable MVT_STIX2 contains path to a STIX file. Also recursively searches through dirs in MVT_STIX2
+        Checks if MVT_STIX2 setting or environment variable contains path to a STIX file. Also recursively searches through dirs in MVT_STIX2
         """
-        if "MVT_STIX2" not in os.environ:
+        if not settings.STIX2:
             return
 
-        paths = os.environ["MVT_STIX2"].split(":")
+        paths = settings.STIX2.split(":")
         for path in paths:
             if os.path.isfile(path) and path.lower().endswith(".stix2"):
                 self.parse_stix2(path)
@@ -383,8 +384,7 @@ class Indicators:
         for ioc in self.get_iocs("urls"):
             if ioc["value"] == url:
                 self.log.warning(
-                    "Found a known suspicious URL %s "
-                    'matching indicator "%s" from "%s"',
+                    'Found a known suspicious URL %s matching indicator "%s" from "%s"',
                     url,
                     ioc["value"],
                     ioc["name"],

src/mvt/common/logo.py

@@ -12,74 +12,85 @@ from .updates import IndicatorsUpdates, MVTUpdates
 from .version import MVT_VERSION
 
 
-def check_updates() -> None:
+def check_updates(
+    disable_version_check: bool = False, disable_indicator_check: bool = False
+) -> None:
     log = logging.getLogger("mvt")
+
     # First we check for MVT version updates.
-    try:
-        mvt_updates = MVTUpdates()
-        latest_version = mvt_updates.check()
-    except (requests.exceptions.ConnectionError, requests.exceptions.Timeout):
-        rich_print(
-            "\t\t[bold]Note: Could not check for MVT updates.[/bold] "
-            "You may be working offline. Please update MVT regularly."
-        )
-    except Exception as e:
-        log.error("Error encountered when trying to check latest MVT version: %s", e)
-    else:
-        if latest_version:
+    if not disable_version_check:
+        try:
+            mvt_updates = MVTUpdates()
+            latest_version = mvt_updates.check()
+        except (requests.exceptions.ConnectionError, requests.exceptions.Timeout):
             rich_print(
-                f"\t\t[bold]Version {latest_version} is available! "
-                "Upgrade mvt with `pip3 install -U mvt`[/bold]"
+                "\t\t[bold]Note: Could not check for MVT updates.[/bold] "
+                "You may be working offline. Please update MVT regularly."
             )
-
-    # Then we check for indicators files updates.
-    ioc_updates = IndicatorsUpdates()
-
-    # Before proceeding, we check if we have downloaded an indicators index.
-    # If not, there's no point in proceeding with the updates check.
-    if ioc_updates.get_latest_update() == 0:
-        rich_print(
-            "\t\t[bold]You have not yet downloaded any indicators, check "
-            "the `download-iocs` command![/bold]"
-        )
-        return
-
-    # We only perform this check at a fixed frequency, in order to not
-    # overburden the user with too many lookups if the command is being run
-    # multiple times.
-    should_check, hours = ioc_updates.should_check()
-    if not should_check:
-        rich_print(
-            f"\t\tIndicators updates checked recently, next automatic check "
-            f"in {int(hours)} hours"
-        )
-        return
-
-    try:
-        ioc_to_update = ioc_updates.check()
-    except (requests.exceptions.ConnectionError, requests.exceptions.Timeout):
-        rich_print(
-            "\t\t[bold]Note: Could not check for indicator updates.[/bold] "
-            "You may be working offline. Please update MVT indicators regularly."
-        )
-    except Exception as e:
-        log.error("Error encountered when trying to check latest MVT indicators: %s", e)
-    else:
-        if ioc_to_update:
-            rich_print(
-                "\t\t[bold]There are updates to your indicators files! "
-                "Run the `download-iocs` command to update![/bold]"
+        except Exception as e:
+            log.error(
+                "Error encountered when trying to check latest MVT version: %s", e
             )
         else:
-            rich_print("\t\tYour indicators files seem to be up to date.")
+            if latest_version:
+                rich_print(
+                    f"\t\t[bold]Version {latest_version} is available! "
+                    "Upgrade mvt with `pip3 install -U mvt` or with `pipx upgrade mvt`[/bold]"
+                )
+
+    # Then we check for indicators files updates.
+    if not disable_indicator_check:
+        ioc_updates = IndicatorsUpdates()
+
+        # Before proceeding, we check if we have downloaded an indicators index.
+        # If not, there's no point in proceeding with the updates check.
+        if ioc_updates.get_latest_update() == 0:
+            rich_print(
+                "\t\t[bold]You have not yet downloaded any indicators, check "
+                "the `download-iocs` command![/bold]"
+            )
+            return
+
+        # We only perform this check at a fixed frequency, in order to not
+        # overburden the user with too many lookups if the command is being run
+        # multiple times.
+        should_check, hours = ioc_updates.should_check()
+        if not should_check:
+            rich_print(
+                f"\t\tIndicators updates checked recently, next automatic check "
+                f"in {int(hours)} hours"
+            )
+            return
+
+        try:
+            ioc_to_update = ioc_updates.check()
+        except (requests.exceptions.ConnectionError, requests.exceptions.Timeout):
+            rich_print(
+                "\t\t[bold]Note: Could not check for indicator updates.[/bold] "
+                "You may be working offline. Please update MVT indicators regularly."
+            )
+        except Exception as e:
+            log.error(
+                "Error encountered when trying to check latest MVT indicators: %s", e
+            )
+        else:
+            if ioc_to_update:
+                rich_print(
+                    "\t\t[bold]There are updates to your indicators files! "
+                    "Run the `download-iocs` command to update![/bold]"
+                )
+            else:
+                rich_print("\t\tYour indicators files seem to be up to date.")
 
 
-def logo() -> None:
+def logo(
+    disable_version_check: bool = False, disable_indicator_check: bool = False
+) -> None:
     rich_print("\n")
     rich_print("\t[bold]MVT[/bold] - Mobile Verification Toolkit")
     rich_print("\t\thttps://mvt.re")
     rich_print(f"\t\tVersion: {MVT_VERSION}")
 
-    check_updates()
+    check_updates(disable_version_check, disable_indicator_check)
 
     rich_print("\n")

src/mvt/common/module.py

@@ -69,10 +69,14 @@ class MVTModule:
     @classmethod
     def from_json(cls, json_path: str, log: logging.Logger):
         with open(json_path, "r", encoding="utf-8") as handle:
-            results = json.load(handle)
-            if log:
-                log.info('Loaded %d results from "%s"', len(results), json_path)
-            return cls(results=results, log=log)
+            try:
+                results = json.load(handle)
+                if log:
+                    log.info('Loaded %d results from "%s"', len(results), json_path)
+                return cls(results=results, log=log)
+            except json.decoder.JSONDecodeError as err:
+                log.error('Error to decode the json "%s" file: "%s"', json_path, err)
+                return None
 
     @classmethod
     def get_slug(cls) -> str:
@@ -227,7 +231,7 @@ def run_module(module: MVTModule) -> None:
         module.save_to_json()
 
 
-def save_timeline(timeline: list, timeline_path: str) -> None:
+def save_timeline(timeline: list, timeline_path: str, is_utc: bool = True) -> None:
     """Save the timeline in a csv file.
 
     :param timeline: List of records to order and store
@@ -238,7 +242,12 @@ def save_timeline(timeline: list, timeline_path: str) -> None:
         csvoutput = csv.writer(
             handle, delimiter=",", quotechar='"', quoting=csv.QUOTE_ALL, escapechar="\\"
         )
-        csvoutput.writerow(["UTC Timestamp", "Plugin", "Event", "Description"])
+
+        if is_utc:
+            timestamp_header = "UTC Timestamp"
+        else:
+            timestamp_header = "Device Local Timestamp"
+        csvoutput.writerow([timestamp_header, "Plugin", "Event", "Description"])
 
         for event in sorted(
             timeline, key=lambda x: x["timestamp"] if x["timestamp"] is not None else ""

src/mvt/common/updates.py

@@ -14,6 +14,7 @@ from packaging import version
 
 from .indicators import MVT_DATA_FOLDER, MVT_INDICATORS_FOLDER
 from .version import MVT_VERSION
+from .config import settings
 
 log = logging.getLogger(__name__)
 
@@ -23,7 +24,11 @@ INDICATORS_CHECK_FREQUENCY = 12
 
 class MVTUpdates:
     def check(self) -> str:
-        res = requests.get("https://pypi.org/pypi/mvt/json", timeout=15)
+        try:
+            res = requests.get(settings.PYPI_UPDATE_URL, timeout=5)
+        except requests.exceptions.RequestException as e:
+            log.error("Failed to check for updates, skipping updates: %s", e)
+            return ""
         data = res.json()
         latest_version = data.get("info", {}).get("version", "")
 
@@ -92,7 +97,12 @@ class IndicatorsUpdates:
         url = self.github_raw_url.format(
             self.index_owner, self.index_repo, self.index_branch, self.index_path
         )
-        res = requests.get(url, timeout=15)
+        try:
+            res = requests.get(url, timeout=5)
+        except requests.exceptions.RequestException as e:
+            log.error("Failed to retrieve indicators index from %s: %s", url, e)
+            return None
+
         if res.status_code != 200:
             log.error(
                 "Failed to retrieve indicators index located at %s (error %d)",
@@ -104,7 +114,12 @@ class IndicatorsUpdates:
         return yaml.safe_load(res.content)
 
     def download_remote_ioc(self, ioc_url: str) -> Optional[str]:
-        res = requests.get(ioc_url, timeout=15)
+        try:
+            res = requests.get(ioc_url, timeout=15)
+        except requests.exceptions.RequestException as e:
+            log.error("Failed to download indicators file from %s: %s", ioc_url, e)
+            return None
+
         if res.status_code != 200:
             log.error(
                 "Failed to download indicators file from %s (error %d)",
@@ -170,7 +185,12 @@ class IndicatorsUpdates:
         file_commit_url = (
             f"https://api.github.com/repos/{owner}/{repo}/commits?path={path}"
         )
-        res = requests.get(file_commit_url, timeout=15)
+        try:
+            res = requests.get(file_commit_url, timeout=5)
+        except requests.exceptions.RequestException as e:
+            log.error("Failed to get details about file %s: %s", file_commit_url, e)
+            return -1
+
         if res.status_code != 200:
             log.error(
                 "Failed to get details about file %s (error %d)",

src/mvt/common/utils.py

@@ -13,6 +13,7 @@ import re
 from typing import Any, Iterator, Union
 
 from rich.logging import RichHandler
+from mvt.common.config import settings
 
 
 class CustomJSONEncoder(json.JSONEncoder):
@@ -256,7 +257,7 @@ def set_verbose_logging(verbose: bool = False):
 
 def exec_or_profile(module, globals, locals):
     """Hook for profiling MVT modules"""
-    if int(os.environ.get("MVT_PROFILE", False)):
+    if settings.PROFILE:
         cProfile.runctx(module, globals, locals)
     else:
         exec(module, globals, locals)

src/mvt/common/version.py

@@ -3,4 +3,4 @@
 # Use of this software is governed by the MVT License 1.1 that can be found at
 #   https://license.mvt.re/1.1/
 
-MVT_VERSION = "2.5.4"
+MVT_VERSION = "2.6.1"

src/mvt/ios/cli.py

@@ -37,6 +37,8 @@ from mvt.common.help import (
     HELP_MSG_CHECK_IOCS,
     HELP_MSG_STIX2,
     HELP_MSG_CHECK_IOS_BACKUP,
+    HELP_MSG_DISABLE_UPDATE_CHECK,
+    HELP_MSG_DISABLE_INDICATOR_UPDATE_CHECK,
 )
 from .cmd_check_backup import CmdIOSCheckBackup
 from .cmd_check_fs import CmdIOSCheckFS
@@ -53,12 +55,37 @@ MVT_IOS_BACKUP_PASSWORD = "MVT_IOS_BACKUP_PASSWORD"
 CONTEXT_SETTINGS = dict(help_option_names=["-h", "--help"])
 
 
+def _get_disable_flags(ctx):
+    """Helper function to safely get disable flags from context."""
+    if ctx.obj is None:
+        return False, False
+    return (
+        ctx.obj.get("disable_version_check", False),
+        ctx.obj.get("disable_indicator_check", False),
+    )
+
+
 # ==============================================================================
 # Main
 # ==============================================================================
 @click.group(invoke_without_command=False)
-def cli():
-    logo()
+@click.option(
+    "--disable-update-check", is_flag=True, help=HELP_MSG_DISABLE_UPDATE_CHECK
+)
+@click.option(
+    "--disable-indicator-update-check",
+    is_flag=True,
+    help=HELP_MSG_DISABLE_INDICATOR_UPDATE_CHECK,
+)
+@click.pass_context
+def cli(ctx, disable_update_check, disable_indicator_update_check):
+    ctx.ensure_object(dict)
+    ctx.obj["disable_version_check"] = disable_update_check
+    ctx.obj["disable_indicator_check"] = disable_indicator_update_check
+    logo(
+        disable_version_check=disable_update_check,
+        disable_indicator_check=disable_indicator_update_check,
+    )
 
 
 # ==============================================================================
@@ -100,7 +127,7 @@ def decrypt_backup(ctx, destination, password, key_file, hashes, backup_path):
     if key_file:
         if MVT_IOS_BACKUP_PASSWORD in os.environ:
             log.info(
-                "Ignoring %s environment variable, using --key-file" "'%s' instead",
+                "Ignoring %s environment variable, using --key-file'%s' instead",
                 MVT_IOS_BACKUP_PASSWORD,
                 key_file,
             )
@@ -114,7 +141,7 @@ def decrypt_backup(ctx, destination, password, key_file, hashes, backup_path):
 
         if MVT_IOS_BACKUP_PASSWORD in os.environ:
             log.info(
-                "Ignoring %s environment variable, using --password" "argument instead",
+                "Ignoring %s environment variable, using --passwordargument instead",
                 MVT_IOS_BACKUP_PASSWORD,
             )
 
@@ -168,8 +195,7 @@ def extract_key(password, key_file, backup_path):
 
         if MVT_IOS_BACKUP_PASSWORD in os.environ:
             log.info(
-                "Ignoring %s environment variable, using --password "
-                "argument instead",
+                "Ignoring %s environment variable, using --password argument instead",
                 MVT_IOS_BACKUP_PASSWORD,
             )
     elif MVT_IOS_BACKUP_PASSWORD in os.environ:
@@ -220,6 +246,8 @@ def check_backup(
         module_name=module,
         module_options=module_options,
         hashes=hashes,
+        disable_version_check=_get_disable_flags(ctx)[0],
+        disable_indicator_check=_get_disable_flags(ctx)[1],
     )
 
     if list_modules:
@@ -267,6 +295,8 @@ def check_fs(ctx, iocs, output, fast, list_modules, module, hashes, verbose, dum
         module_name=module,
         module_options=module_options,
         hashes=hashes,
+        disable_version_check=_get_disable_flags(ctx)[0],
+        disable_indicator_check=_get_disable_flags(ctx)[1],
     )
 
     if list_modules:
@@ -301,7 +331,13 @@ def check_fs(ctx, iocs, output, fast, list_modules, module, hashes, verbose, dum
 @click.argument("FOLDER", type=click.Path(exists=True))
 @click.pass_context
 def check_iocs(ctx, iocs, list_modules, module, folder):
-    cmd = CmdCheckIOCS(target_path=folder, ioc_files=iocs, module_name=module)
+    cmd = CmdCheckIOCS(
+        target_path=folder,
+        ioc_files=iocs,
+        module_name=module,
+        disable_version_check=_get_disable_flags(ctx)[0],
+        disable_indicator_check=_get_disable_flags(ctx)[1],
+    )
     cmd.modules = BACKUP_MODULES + FS_MODULES + MIXED_MODULES
 
     if list_modules:

src/mvt/ios/cmd_check_backup.py

@@ -24,6 +24,8 @@ class CmdIOSCheckBackup(Command):
         serial: Optional[str] = None,
         module_options: Optional[dict] = None,
         hashes: bool = False,
+        disable_version_check: bool = False,
+        disable_indicator_check: bool = False,
     ) -> None:
         super().__init__(
             target_path=target_path,
@@ -34,6 +36,8 @@ class CmdIOSCheckBackup(Command):
             module_options=module_options,
             hashes=hashes,
             log=log,
+            disable_version_check=disable_version_check,
+            disable_indicator_check=disable_indicator_check,
         )
 
         self.name = "check-backup"

src/mvt/ios/cmd_check_fs.py

@@ -24,16 +24,19 @@ class CmdIOSCheckFS(Command):
         serial: Optional[str] = None,
         module_options: Optional[dict] = None,
         hashes: bool = False,
+        disable_version_check: bool = False,
+        disable_indicator_check: bool = False,
     ) -> None:
         super().__init__(
             target_path=target_path,
             results_path=results_path,
             ioc_files=ioc_files,
             module_name=module_name,
-            serial=serial,
             module_options=module_options,
             hashes=hashes,
             log=log,
+            disable_version_check=disable_version_check,
+            disable_indicator_check=disable_indicator_check,
         )
 
         self.name = "check-fs"

src/mvt/ios/data/ios_versions.json

@@ -891,6 +891,14 @@
         "version": "15.8.2",
         "build": "19H384"
     },
+    {
+        "version": "15.8.4",
+        "build": "19H390"
+    },
+    {
+        "version": "15.8.5",
+        "build": "19H394"
+    },
     {
         "build": "20A362",
         "version": "16.0"
@@ -992,6 +1000,14 @@
         "version": "16.7.8",
         "build": "20H343"
     },
+    {
+        "version": "16.7.11",
+        "build": "20H360"
+    },
+    {
+        "version": "16.7.12",
+        "build": "20H364"
+    },
     {
         "version": "17.0",
         "build": "21A327"
@@ -1076,6 +1092,10 @@
         "version": "17.6.1",
         "build": "21G101"
     },
+    {
+        "version": "17.7.7",
+        "build": "21H433"
+    },
     {
         "version": "18",
         "build": "22A3354"
@@ -1083,5 +1103,65 @@
     {
         "version": "18.0.1",
         "build": "22A3370"
+    },
+    {
+        "version": "18.1",
+        "build": "22B83"
+    },
+    {
+        "version": "18.1.1",
+        "build": "22B91"
+    },
+    {
+        "version": "18.2",
+        "build": "22C152"
+    },
+    {
+        "version": "18.2.1",
+        "build": "22C161"
+    },
+    {
+        "version": "18.3",
+        "build": "22D63"
+    },
+    {
+        "version": "18.3.1",
+        "build": "22D72"
+    },
+    {
+        "version": "18.4",
+        "build": "22E240"
+    },
+    {
+        "version": "18.4.1",
+        "build": "22E252"
+    },
+    {
+        "version": "18.5",
+        "build": "22F76"
+    },
+    {
+        "version": "18.6",
+        "build": "22G86"
+    },
+    {
+        "version": "18.6.1",
+        "build": "22G90"
+    },
+    {
+        "version": "18.6.2",
+        "build": "22G100"
+    },
+    {
+        "version": "18.7",
+        "build": "22H20"
+    },
+    {
+        "version": "26",
+        "build": "23A341"
+    },
+    {
+        "version": "26.0.1",
+        "build": "23A355"
     }
 ]

src/mvt/ios/modules/backup/backup_info.py

@@ -41,7 +41,7 @@ class BackupInfo(IOSExtraction):
         info_path = os.path.join(self.target_path, "Info.plist")
         if not os.path.exists(info_path):
             raise DatabaseNotFoundError(
-                "No Info.plist at backup path, unable to extract device " "information"
+                "No Info.plist at backup path, unable to extract device information"
             )
 
         with open(info_path, "rb") as handle:

src/mvt/ios/modules/backup/manifest.py

@@ -110,8 +110,7 @@ class Manifest(IOSExtraction):
                 ioc = self.indicators.check_url(part)
                 if ioc:
                     self.log.warning(
-                        'Found mention of domain "%s" in a backup file with '
-                        "path: %s",
+                        'Found mention of domain "%s" in a backup file with path: %s',
                         ioc["value"],
                         rel_path,
                     )

src/mvt/ios/modules/base.py

@@ -74,7 +74,7 @@ class IOSExtraction(MVTModule):
 
         if not shutil.which("sqlite3"):
             raise DatabaseCorruptedError(
-                "failed to recover without sqlite3 binary: please install " "sqlite3!"
+                "failed to recover without sqlite3 binary: please install sqlite3!"
             )
         if '"' in file_path:
             raise DatabaseCorruptedError(

src/mvt/ios/modules/mixed/applications.py

@@ -17,6 +17,12 @@ from mvt.ios.modules.base import IOSExtraction
 APPLICATIONS_DB_PATH = [
     "private/var/containers/Bundle/Application/*/iTunesMetadata.plist"
 ]
+KNOWN_APP_INSTALLERS = [
+    "com.apple.AppStore",
+    "com.apple.AppStore.ProductPageExtension",
+    "com.apple.dmd",
+    "dmd",
+]
 
 
 class Applications(IOSExtraction):
@@ -80,12 +86,10 @@ class Applications(IOSExtraction):
                     self.detected.append(result)
                     continue
             # Some apps installed from apple store with sourceApp "com.apple.AppStore.ProductPageExtension"
-            if result.get("sourceApp", "com.apple.AppStore") not in [
-                "com.apple.AppStore",
-                "com.apple.AppStore.ProductPageExtension",
-                "com.apple.dmd",
-                "dmd",
-            ]:
+            if (
+                result.get("sourceApp", "com.apple.AppStore")
+                not in KNOWN_APP_INSTALLERS
+            ):
                 self.log.warning(
                     "Suspicious app not installed from the App Store or MDM: %s",
                     result["softwareVersionBundleId"],

src/mvt/ios/modules/mixed/global_preferences.py

@@ -43,6 +43,8 @@ class GlobalPreferences(IOSExtraction):
                     self.log.warning("Lockdown mode enabled")
                 else:
                     self.log.warning("Lockdown mode disabled")
+                return
+        self.log.warning("Lockdown mode disabled")
 
     def process_file(self, file_path: str) -> None:
         with open(file_path, "rb") as handle:

src/mvt/ios/modules/mixed/safari_browserstate.py

@@ -95,14 +95,17 @@ class SafariBrowserState(IOSExtraction):
             )
         except sqlite3.OperationalError:
             # Old version iOS <12 likely
-            cur.execute(
+            try:
+                cur.execute(
+                    """
+                    SELECT
+                        title, url, user_visible_url, last_viewed_time, session_data
+                    FROM tabs
+                    ORDER BY last_viewed_time;
                 """
-                SELECT
-                    title, url, user_visible_url, last_viewed_time, session_data
-                FROM tabs
-                ORDER BY last_viewed_time;
-            """
-            )
+                )
+            except sqlite3.OperationalError as e:
+                self.log.error(f"Error executing query: {e}")
 
         for row in cur:
             session_entries = []

src/mvt/ios/modules/mixed/sms.py

@@ -43,7 +43,7 @@ class SMS(IOSExtraction):
 
     def serialize(self, record: dict) -> Union[dict, list]:
         text = record["text"].replace("\n", "\\n")
-        sms_data = f"{record['service']}: {record['guid']} \"{text}\" from {record['phone_number']} ({record['account']})"
+        sms_data = f'{record["service"]}: {record["guid"]} "{text}" from {record["phone_number"]} ({record["account"]})'
         records = [
             {
                 "timestamp": record["isodate"],

src/mvt/ios/modules/mixed/tcc.py

@@ -116,13 +116,16 @@ class TCC(IOSExtraction):
                 )
                 db_version = "v2"
             except sqlite3.OperationalError:
-                cur.execute(
-                    """SELECT
-                    service, client, client_type, allowed,
-                    prompt_count
-                    FROM access;"""
-                )
-                db_version = "v1"
+                try:
+                    cur.execute(
+                        """SELECT
+                        service, client, client_type, allowed,
+                        prompt_count
+                        FROM access;"""
+                    )
+                    db_version = "v1"
+                except sqlite3.OperationalError as e:
+                    self.log.error(f"Error parsing TCC database: {e}")
 
         for row in cur:
             service = row[0]

src/mvt/ios/modules/mixed/webkit_session_resource_log.py

@@ -100,7 +100,7 @@ class WebkitSessionResourceLog(IOSExtraction):
                         redirect_path += ", ".join(source_domains)
                         redirect_path += " -> "
 
-                    redirect_path += f"ORIGIN: \"{entry['origin']}\""
+                    redirect_path += f'ORIGIN: "{entry["origin"]}"'
 
                     if len(destination_domains) > 0:
                         redirect_path += " -> "
@@ -127,6 +127,24 @@ class WebkitSessionResourceLog(IOSExtraction):
         browsing_stats = file_plist["browsingStatistics"]
 
         for item in browsing_stats:
+            most_recent_interaction, last_seen = None, None
+            if "mostRecentUserInteraction" in item:
+                try:
+                    most_recent_interaction = convert_datetime_to_iso(
+                        item["mostRecentUserInteraction"]
+                    )
+                except Exception:
+                    self.log.error(
+                        f'Error converting date of Safari resource"most recent interaction": {item["mostRecentUserInteraction"]}'
+                    )
+            if "lastSeen" in item:
+                try:
+                    last_seen = convert_datetime_to_iso(item["lastSeen"])
+                except Exception:
+                    self.log.error(
+                        f'Error converting date of Safari resource"last seen": {item["lastSeen"]}'
+                    )
+
             items.append(
                 {
                     "origin": item.get("PrevalentResourceOrigin", ""),
@@ -139,10 +157,8 @@ class WebkitSessionResourceLog(IOSExtraction):
                         "subresourceUnderTopFrameOrigins", ""
                     ),
                     "user_interaction": item.get("hadUserInteraction"),
-                    "most_recent_interaction": convert_datetime_to_iso(
-                        item["mostRecentUserInteraction"]
-                    ),
-                    "last_seen": convert_datetime_to_iso(item["lastSeen"]),
+                    "most_recent_interaction": most_recent_interaction,
+                    "last_seen": last_seen,
                 }
             )
 

src/mvt/ios/modules/net_base.py

@@ -38,44 +38,70 @@ class NetBase(IOSExtraction):
 
     def _extract_net_data(self):
         conn = sqlite3.connect(self.file_path)
+        conn.row_factory = sqlite3.Row
         cur = conn.cursor()
-        cur.execute(
+        try:
+            cur.execute(
+                """
+                SELECT
+                    ZPROCESS.ZFIRSTTIMESTAMP,
+                    ZPROCESS.ZTIMESTAMP,
+                    ZPROCESS.ZPROCNAME,
+                    ZPROCESS.ZBUNDLENAME,
+                    ZPROCESS.Z_PK AS ZPROCESS_PK,
+                    ZLIVEUSAGE.ZWIFIIN,
+                    ZLIVEUSAGE.ZWIFIOUT,
+                    ZLIVEUSAGE.ZWWANIN,
+                    ZLIVEUSAGE.ZWWANOUT,
+                    ZLIVEUSAGE.Z_PK AS ZLIVEUSAGE_PK,
+                    ZLIVEUSAGE.ZHASPROCESS,
+                    ZLIVEUSAGE.ZTIMESTAMP AS ZL_TIMESTAMP
+                FROM ZLIVEUSAGE
+                LEFT JOIN ZPROCESS ON ZLIVEUSAGE.ZHASPROCESS = ZPROCESS.Z_PK
+                UNION
+                SELECT ZFIRSTTIMESTAMP, ZTIMESTAMP, ZPROCNAME, ZBUNDLENAME, Z_PK,
+                    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+                FROM ZPROCESS WHERE Z_PK NOT IN
+                    (SELECT ZHASPROCESS FROM ZLIVEUSAGE);
             """
-            SELECT
-                ZPROCESS.ZFIRSTTIMESTAMP,
-                ZPROCESS.ZTIMESTAMP,
-                ZPROCESS.ZPROCNAME,
-                ZPROCESS.ZBUNDLENAME,
-                ZPROCESS.Z_PK,
-                ZLIVEUSAGE.ZWIFIIN,
-                ZLIVEUSAGE.ZWIFIOUT,
-                ZLIVEUSAGE.ZWWANIN,
-                ZLIVEUSAGE.ZWWANOUT,
-                ZLIVEUSAGE.Z_PK,
-                ZLIVEUSAGE.ZHASPROCESS,
-                ZLIVEUSAGE.ZTIMESTAMP
-            FROM ZLIVEUSAGE
-            LEFT JOIN ZPROCESS ON ZLIVEUSAGE.ZHASPROCESS = ZPROCESS.Z_PK
-            UNION
-            SELECT ZFIRSTTIMESTAMP, ZTIMESTAMP, ZPROCNAME, ZBUNDLENAME, Z_PK,
-                   NULL, NULL, NULL, NULL, NULL, NULL, NULL
-            FROM ZPROCESS WHERE Z_PK NOT IN
-                (SELECT ZHASPROCESS FROM ZLIVEUSAGE);
-        """
-        )
+            )
+        except sqlite3.OperationalError:
+            # Recent phones don't have ZWIFIIN and ZWIFIOUT columns
+            cur.execute(
+                """
+                SELECT
+                    ZPROCESS.ZFIRSTTIMESTAMP,
+                    ZPROCESS.ZTIMESTAMP,
+                    ZPROCESS.ZPROCNAME,
+                    ZPROCESS.ZBUNDLENAME,
+                    ZPROCESS.Z_PK AS ZPROCESS_PK,
+                    ZLIVEUSAGE.ZWWANIN,
+                    ZLIVEUSAGE.ZWWANOUT,
+                    ZLIVEUSAGE.Z_PK AS ZLIVEUSAGE_PK,
+                    ZLIVEUSAGE.ZHASPROCESS,
+                    ZLIVEUSAGE.ZTIMESTAMP AS ZL_TIMESTAMP
+                FROM ZLIVEUSAGE
+                LEFT JOIN ZPROCESS ON ZLIVEUSAGE.ZHASPROCESS = ZPROCESS.Z_PK
+                UNION
+                SELECT ZFIRSTTIMESTAMP, ZTIMESTAMP, ZPROCNAME, ZBUNDLENAME, Z_PK,
+                    NULL, NULL, NULL, NULL, NULL
+                FROM ZPROCESS WHERE Z_PK NOT IN
+                    (SELECT ZHASPROCESS FROM ZLIVEUSAGE);
+            """
+            )
 
         for row in cur:
             # ZPROCESS records can be missing after the JOIN.
             # Handle NULL timestamps.
-            if row[0] and row[1]:
-                first_isodate = convert_mactime_to_iso(row[0])
-                isodate = convert_mactime_to_iso(row[1])
+            if row["ZFIRSTTIMESTAMP"] and row["ZTIMESTAMP"]:
+                first_isodate = convert_mactime_to_iso(row["ZFIRSTTIMESTAMP"])
+                isodate = convert_mactime_to_iso(row["ZTIMESTAMP"])
             else:
-                first_isodate = row[0]
-                isodate = row[1]
+                first_isodate = row["ZFIRSTTIMESTAMP"]
+                isodate = row["ZTIMESTAMP"]
 
-            if row[11]:
-                live_timestamp = convert_mactime_to_iso(row[11])
+            if row["ZL_TIMESTAMP"]:
+                live_timestamp = convert_mactime_to_iso(row["ZL_TIMESTAMP"])
             else:
                 live_timestamp = ""
 
@@ -83,16 +109,18 @@ class NetBase(IOSExtraction):
                 {
                     "first_isodate": first_isodate,
                     "isodate": isodate,
-                    "proc_name": row[2],
-                    "bundle_id": row[3],
-                    "proc_id": row[4],
-                    "wifi_in": row[5],
-                    "wifi_out": row[6],
-                    "wwan_in": row[7],
-                    "wwan_out": row[8],
-                    "live_id": row[9],
-                    "live_proc_id": row[10],
-                    "live_isodate": live_timestamp if row[11] else first_isodate,
+                    "proc_name": row["ZPROCNAME"],
+                    "bundle_id": row["ZBUNDLENAME"],
+                    "proc_id": row["ZPROCESS_PK"],
+                    "wifi_in": row["ZWIFIIN"] if "ZWIFIIN" in row.keys() else None,
+                    "wifi_out": row["ZWIFIOUT"] if "ZWIFIOUT" in row.keys() else None,
+                    "wwan_in": row["ZWWANIN"],
+                    "wwan_out": row["ZWWANOUT"],
+                    "live_id": row["ZLIVEUSAGE_PK"],
+                    "live_proc_id": row["ZHASPROCESS"],
+                    "live_isodate": live_timestamp
+                    if row["ZL_TIMESTAMP"]
+                    else first_isodate,
                 }
             )
 
@@ -108,8 +136,6 @@ class NetBase(IOSExtraction):
         )
         record_data_usage = (
             record_data + " "
-            f"WIFI IN: {record['wifi_in']}, "
-            f"WIFI OUT: {record['wifi_out']} - "
             f"WWAN IN: {record['wwan_in']}, "
             f"WWAN OUT: {record['wwan_out']}"
         )

test-requirements.txt

@@ -1,8 +0,0 @@
-requests>=2.31.0
-pytest>=7.4.3
-pytest-cov>=4.1.0
-pytest-github-actions-annotate-failures>=0.2.0
-pytest-mock>=3.14.0
-stix2>=3.0.1
-ruff>=0.1.6
-mypy>=1.7.1

tests/android/test_artifact_dumpsys_adb.py

@@ -29,3 +29,28 @@ class TestDumpsysADBArtifact:
             user_key["fingerprint"] == "F0:A1:3D:8C:B3:F4:7B:09:9F:EE:8B:D8:38:2E:BD:C6"
         )
         assert user_key["user"] == "user@linux"
+
+    def test_parsing_adb_xml(self):
+        da_adb = DumpsysADBArtifact()
+        file = get_artifact("android_data/dumpsys_adb_xml.txt")
+        with open(file, "rb") as f:
+            data = f.read()
+
+        da_adb.parse(data)
+
+        assert len(da_adb.results) == 1
+
+        adb_data = da_adb.results[0]
+        assert "user_keys" in adb_data
+        assert len(adb_data["user_keys"]) == 1
+
+        # Check key and fingerprint parsed successfully.
+        expected_fingerprint = "F0:0B:27:08:E3:68:7B:FA:4C:79:A2:B4:BF:0E:CF:70"
+        user_key = adb_data["user_keys"][0]
+        user_key["fingerprint"] == expected_fingerprint
+        assert user_key["user"] == "user@laptop"
+
+        key_store_entry = adb_data["keystore"][0]
+        assert key_store_entry["user"] == "user@laptop"
+        assert key_store_entry["fingerprint"] == expected_fingerprint
+        assert key_store_entry["last_connected"] == "1628501829898"

tests/android/test_artifact_dumpsys_appops.py

@@ -43,5 +43,21 @@ class TestDumpsysAppopsArtifact:
         ind.ioc_collections[0]["app_ids"].append("com.facebook.katana")
         da.indicators = ind
         assert len(da.detected) == 0
+
         da.check_indicators()
-        assert len(da.detected) == 1
+        detected_by_ioc = [
+            detected for detected in da.detected if detected.get("matched_indicator")
+        ]
+        detected_by_permission_heuristic = [
+            detected
+            for detected in da.detected
+            if all(
+                [
+                    perm["name"] == "REQUEST_INSTALL_PACKAGES"
+                    for perm in detected["permissions"]
+                ]
+            )
+        ]
+        assert len(da.detected) == 3
+        assert len(detected_by_ioc) == 1
+        assert len(detected_by_permission_heuristic) == 2

tests/android/test_artifact_dumpsys_platform_compat.py

@@ -0,0 +1,40 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+import logging
+
+from mvt.android.artifacts.dumpsys_platform_compat import DumpsysPlatformCompatArtifact
+from mvt.common.indicators import Indicators
+
+from ..utils import get_artifact
+
+
+class TestDumpsysPlatformCompatArtifact:
+    def test_parsing(self):
+        dbi = DumpsysPlatformCompatArtifact()
+        file = get_artifact("android_data/dumpsys_platform_compat.txt")
+        with open(file) as f:
+            data = f.read()
+
+        assert len(dbi.results) == 0
+        dbi.parse(data)
+        assert len(dbi.results) == 2
+        assert dbi.results[0]["package_name"] == "org.torproject.torbrowser"
+        assert dbi.results[1]["package_name"] == "org.article19.circulo.next"
+
+    def test_ioc_check(self, indicator_file):
+        dbi = DumpsysPlatformCompatArtifact()
+        file = get_artifact("android_data/dumpsys_platform_compat.txt")
+        with open(file) as f:
+            data = f.read()
+        dbi.parse(data)
+
+        ind = Indicators(log=logging.getLogger())
+        ind.parse_stix2(indicator_file)
+        ind.ioc_collections[0]["app_ids"].append("org.torproject.torbrowser")
+        ind.ioc_collections[0]["app_ids"].append("org.article19.circulo.next")
+        dbi.indicators = ind
+        assert len(dbi.detected) == 0
+        dbi.check_indicators()
+        assert len(dbi.detected) == 2

tests/android/test_artifact_tombstones.py

@@ -0,0 +1,67 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+import os
+import datetime
+
+import pytest
+
+from mvt.android.artifacts.tombstone_crashes import TombstoneCrashArtifact
+
+from ..utils import get_artifact
+
+
+class TestTombstoneCrashArtifact:
+    def test_tombtone_process_parsing(self):
+        tombstone_artifact = TombstoneCrashArtifact()
+        artifact_path = "android_data/tombstone_process.txt"
+        file = get_artifact(artifact_path)
+        with open(file, "rb") as f:
+            data = f.read()
+
+        # Pass the file name and timestamp to the parse method
+        file_name = os.path.basename(artifact_path)
+        file_timestamp = datetime.datetime(2023, 4, 12, 12, 32, 40, 518290)
+        tombstone_artifact.parse(file_name, file_timestamp, data)
+
+        assert len(tombstone_artifact.results) == 1
+        self.validate_tombstone_result(tombstone_artifact.results[0])
+
+    def test_tombstone_pb_process_parsing(self):
+        tombstone_artifact = TombstoneCrashArtifact()
+        artifact_path = "android_data/tombstone_process.pb"
+        file = get_artifact(artifact_path)
+        with open(file, "rb") as f:
+            data = f.read()
+
+        file_name = os.path.basename(artifact_path)
+        file_timestamp = datetime.datetime(2023, 4, 12, 12, 32, 40, 518290)
+        tombstone_artifact.parse_protobuf(file_name, file_timestamp, data)
+
+        assert len(tombstone_artifact.results) == 1
+        self.validate_tombstone_result(tombstone_artifact.results[0])
+
+    @pytest.mark.skip(reason="Not implemented yet")
+    def test_tombtone_kernel_parsing(self):
+        tombstone_artifact = TombstoneCrashArtifact()
+        file = get_artifact("android_data/tombstone_kernel.txt")
+        with open(file, "rb") as f:
+            data = f.read()
+
+        tombstone_artifact.parse_text(data)
+        assert len(tombstone_artifact.results) == 1
+
+    def validate_tombstone_result(self, tombstone_result: dict):
+        assert tombstone_result.get("command_line") == [
+            "/vendor/bin/hw/android.hardware.media.c2@1.2-mediatek"
+        ]
+        assert tombstone_result.get("uid") == 1046
+        assert tombstone_result.get("pid") == 25541
+        assert tombstone_result.get("process_name") == "mtk.ape.decoder"
+
+        # With Android logs we want to keep timestamps as device local time for consistency.
+        # We often don't know the time offset for a log entry and so can't convert everything to UTC.
+        # MVT should output the local time only:
+        # So original 2023-04-12 12:32:40.518290770+0200 -> 2023-04-12 12:32:40.000000
+        assert tombstone_result.get("timestamp") == "2023-04-12 12:32:40.518290"

tests/android_androidqf/test_dumpsys_platform_compat.py

@@ -0,0 +1,23 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+from pathlib import Path
+
+from mvt.android.modules.androidqf.dumpsys_platform_compat import DumpsysPlatformCompat
+from mvt.common.module import run_module
+
+from ..utils import get_android_androidqf, list_files
+
+
+class TestDumpsysPlatformCompatModule:
+    def test_parsing(self):
+        data_path = get_android_androidqf()
+        m = DumpsysPlatformCompat(target_path=data_path)
+        files = list_files(data_path)
+        parent_path = Path(data_path).absolute().parent.as_posix()
+        m.from_folder(parent_path, files)
+        run_module(m)
+        assert len(m.results) == 2
+        assert len(m.detected) == 0

tests/android_androidqf/test_dumpsysappops.py

@@ -21,4 +21,9 @@ class TestDumpsysAppOpsModule:
         run_module(m)
         assert len(m.results) == 12
         assert len(m.timeline) == 16
-        assert len(m.detected) == 0
+
+        detected_by_ioc = [
+            detected for detected in m.detected if detected.get("matched_indicator")
+        ]
+        assert len(m.detected) == 1
+        assert len(detected_by_ioc) == 0

tests/android_androidqf/test_mounts.py

@@ -0,0 +1,97 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+import logging
+from pathlib import Path
+
+from mvt.common.module import run_module
+
+from ..utils import get_android_androidqf, list_files
+
+
+class TestAndroidqfMountsArtifact:
+    def test_parse_mounts_token_checks(self):
+        """
+        Test the artifact-level `parse` method using tolerant token checks.
+
+        Different parser variants may place mount tokens into different dict
+        keys (for example `mount_options`, `pass_num`, `dump_freq`, etc.). To
+        avoid brittle assertions we concatenate each parsed entry's values and
+        look for expected tokens (device names, mount points, options) somewhere
+        in the combined representation.
+        """
+        from mvt.android.artifacts.mounts import Mounts as MountsArtifact
+
+        m = MountsArtifact()
+
+        mount_lines = [
+            "/dev/block/dm-12 on / type ext4 (ro,seclabel,noatime)",
+            "/dev/block/by-name/system on /system type ext4 (rw,seclabel,noatime)",
+            "/dev/block/by-name/data on /data type f2fs (rw,nosuid,nodev,noatime)",
+        ]
+        mount_content = "\n".join(mount_lines)
+
+        # Parse the mount lines (artifact-level)
+        m.parse(mount_content)
+
+        # Basic sanity: parser should return one entry per input line
+        assert len(m.results) == 3, f"Expected 3 parsed mounts, got: {m.results}"
+
+        # Concatenate each entry's values into a single string so token checks
+        # are tolerant to which dict keys were used by the parser.
+        def concat_values(entry):
+            parts = []
+            for v in entry.values():
+                try:
+                    parts.append(str(v))
+                except Exception:
+                    # Skip values that can't be stringified
+                    continue
+            return " ".join(parts)
+
+        concatenated = [concat_values(e) for e in m.results]
+
+        # Token expectations (tolerant):
+        # - Root line should include 'dm-12' and 'noatime' (and typically 'ro')
+        assert any("dm-12" in s and "noatime" in s for s in concatenated), (
+            f"No root-like tokens (dm-12 + noatime) found in parsed results: {concatenated}"
+        )
+
+        # - System line should include '/system' or 'by-name/system' and 'rw'
+        assert any(
+            (("by-name/system" in s or "/system" in s) and "rw" in s)
+            for s in concatenated
+        ), (
+            f"No system-like tokens (system + rw) found in parsed results: {concatenated}"
+        )
+
+        # - Data line should include '/data' or 'by-name/data' and 'rw'
+        assert any(
+            (("by-name/data" in s or "/data" in s) and "rw" in s) for s in concatenated
+        ), f"No data-like tokens (data + rw) found in parsed results: {concatenated}"
+
+
+class TestAndroidqfMountsModule:
+    def test_androidqf_module_no_mounts_file(self):
+        """
+        When no `mounts.json` is present in the androidqf dataset, the module
+        should not produce results nor detections.
+        """
+        from mvt.android.modules.androidqf.mounts import Mounts
+
+        data_path = get_android_androidqf()
+        m = Mounts(target_path=data_path, log=logging)
+        files = list_files(data_path)
+        parent_path = Path(data_path).absolute().parent.as_posix()
+        m.from_folder(parent_path, files)
+
+        run_module(m)
+
+        # The provided androidqf test dataset does not include mounts.json, so
+        # results should remain empty.
+        assert len(m.results) == 0, (
+            f"Expected no results when mounts.json is absent, got: {m.results}"
+        )
+        assert len(m.detected) == 0, f"Expected no detections, got: {m.detected}"

tests/android_androidqf/test_root_binaries.py

@@ -0,0 +1,116 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+import logging
+from pathlib import Path
+
+import pytest
+
+from mvt.android.modules.androidqf.root_binaries import RootBinaries
+from mvt.common.module import run_module
+
+from ..utils import get_android_androidqf, list_files
+
+
+@pytest.fixture()
+def data_path():
+    return get_android_androidqf()
+
+
+@pytest.fixture()
+def parent_data_path(data_path):
+    return Path(data_path).absolute().parent.as_posix()
+
+
+@pytest.fixture()
+def file_list(data_path):
+    return list_files(data_path)
+
+
+@pytest.fixture()
+def module(parent_data_path, file_list):
+    m = RootBinaries(target_path=parent_data_path, log=logging)
+    m.from_folder(parent_data_path, file_list)
+    return m
+
+
+class TestAndroidqfRootBinaries:
+    def test_root_binaries_detection(self, module):
+        run_module(module)
+
+        # Should find 4 root binaries from the test file
+        assert len(module.results) == 4
+        assert len(module.detected) == 4
+
+        # Check that all results are detected as indicators
+        binary_paths = [result["path"] for result in module.results]
+        assert "/system/bin/su" in binary_paths
+        assert "/system/xbin/busybox" in binary_paths
+        assert "/data/local/tmp/magisk" in binary_paths
+        assert "/system/bin/magiskhide" in binary_paths
+
+    def test_root_binaries_descriptions(self, module):
+        run_module(module)
+
+        # Check that binary descriptions are correctly identified
+        su_result = next((r for r in module.results if "su" in r["binary_name"]), None)
+        assert su_result is not None
+        assert "SuperUser binary" in su_result["description"]
+
+        busybox_result = next(
+            (r for r in module.results if "busybox" in r["binary_name"]), None
+        )
+        assert busybox_result is not None
+        assert "BusyBox utilities" in busybox_result["description"]
+
+        magisk_result = next(
+            (r for r in module.results if r["binary_name"] == "magisk"), None
+        )
+        assert magisk_result is not None
+        assert "Magisk root framework" in magisk_result["description"]
+
+        magiskhide_result = next(
+            (r for r in module.results if "magiskhide" in r["binary_name"]), None
+        )
+        assert magiskhide_result is not None
+        assert "Magisk hide utility" in magiskhide_result["description"]
+
+    def test_root_binaries_warnings(self, caplog, module):
+        run_module(module)
+
+        # Check that warnings are logged for each root binary found
+        assert 'Found root binary "su" at path "/system/bin/su"' in caplog.text
+        assert (
+            'Found root binary "busybox" at path "/system/xbin/busybox"' in caplog.text
+        )
+        assert (
+            'Found root binary "magisk" at path "/data/local/tmp/magisk"' in caplog.text
+        )
+        assert (
+            'Found root binary "magiskhide" at path "/system/bin/magiskhide"'
+            in caplog.text
+        )
+        assert "Device shows signs of rooting with 4 root binaries found" in caplog.text
+
+    def test_serialize_method(self, module):
+        run_module(module)
+
+        # Test that serialize method works correctly
+        if module.results:
+            serialized = module.serialize(module.results[0])
+            assert serialized["module"] == "RootBinaries"
+            assert serialized["event"] == "root_binary_found"
+            assert "Root binary found:" in serialized["data"]
+
+    def test_no_root_binaries_file(self, parent_data_path):
+        # Test behavior when no root_binaries.json file is present
+        empty_file_list = []
+        m = RootBinaries(target_path=parent_data_path, log=logging)
+        m.from_folder(parent_data_path, empty_file_list)
+
+        run_module(m)
+
+        assert len(m.results) == 0
+        assert len(m.detected) == 0

tests/android_bugreport/test_bugreport.py

@@ -9,6 +9,7 @@ from pathlib import Path
 from mvt.android.modules.bugreport.appops import Appops
 from mvt.android.modules.bugreport.getprop import Getprop
 from mvt.android.modules.bugreport.packages import Packages
+from mvt.android.modules.bugreport.tombstones import Tombstones
 from mvt.common.module import run_module
 
 from ..utils import get_artifact_folder
@@ -33,7 +34,12 @@ class TestBugreportAnalysis:
         m = self.launch_bug_report_module(Appops)
         assert len(m.results) == 12
         assert len(m.timeline) == 16
-        assert len(m.detected) == 0
+
+        detected_by_ioc = [
+            detected for detected in m.detected if detected.get("matched_indicator")
+        ]
+        assert len(m.detected) == 1  # Hueristic detection for suspicious permissions
+        assert len(detected_by_ioc) == 0
 
     def test_packages_module(self):
         m = self.launch_bug_report_module(Packages)
@@ -49,3 +55,8 @@ class TestBugreportAnalysis:
     def test_getprop_module(self):
         m = self.launch_bug_report_module(Getprop)
         assert len(m.results) == 0
+
+    def test_tombstones_modules(self):
+        m = self.launch_bug_report_module(Tombstones)
+        assert len(m.results) == 2
+        assert m.results[1]["pid"] == 3559

tests/artifacts/android_data/bugreport/FS/data/tombstones/tombstone_00

@@ -0,0 +1,27 @@
+*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
+Build fingerprint: 'samsung/a10eea/a10:10/.190711.020/A105:user/release-keys'
+Revision: '5'
+ABI: 'arm'
+Timestamp: 2021-09-29 17:43:49+0200
+pid: 9850, tid: 9893, name: UsbFfs-worker  >>> /system/bin/adbd <<<
+uid: 2000
+signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
+Abort message: 'Check failed: payload.size() <= bytes_left (payload.size()=99, bytes_left=51) '
+    r0  00000000  r1  000026a5  r2  00000006  r3  f11fad98
+    r4  f11fadac  r5  f11fad90  r6  0000267a  r7  0000016b
+    r8  f11fada8  r9  f11fad98  r10 f11fadc8  r11 f11fadb8
+    ip  000026a5  sp  f11fad68  lr  f20c23b7  pc  f20c23ca
+
+backtrace:
+      #00 pc 000603ca  /apex/com.android.runtime/lib/bionic/libc.so (abort+166) (BuildId: 320fbdc2a1289fadd7dacae7f2eb77a3)
+      #01 pc 00007e23  /system/lib/libbase.so (android::base::DefaultAborter(char const*)+6) (BuildId: a28585ee446ea17e3e6fcf9c907fff2a)
+      #02 pc 0000855f  /system/lib/libbase.so (android::base::LogMessage::~LogMessage()+406) (BuildId: a28585ee446ea17e3e6fcf9c907fff2a)
+      #03 pc 000309cf  /system/lib/libadbd.so (UsbFfsConnection::ProcessRead(IoBlock*)+814) (BuildId: 3645b175977ae210c156a57b25dfa599)
+      #04 pc 00030459  /system/lib/libadbd.so (UsbFfsConnection::HandleRead(TransferId, long long)+84) (BuildId: 3645b175977ae210c156a57b25dfa599)
+      #05 pc 00030349  /system/lib/libadbd.so (UsbFfsConnection::ReadEvents()+92) (BuildId: 3645b175977ae210c156a57b25dfa599)
+      #06 pc 00030169  /system/lib/libadbd.so (_ZZN16UsbFfsConnection11StartWorkerEvENKUlvE_clEv+504) (BuildId: 3645b175977ae210c156a57b25dfa599)
+      #07 pc 0002ff53  /system/lib/libadbd.so (_ZNSt3__114__thread_proxyINS_5tupleIJNS_10unique_ptrINS_15__thread_structENS_14default_deleteIS3_EEEEZN16UsbFfsConnection11StartWorkerEvEUlvE_EEEEEPvSA_+26) (BuildId: 3645b175977ae210c156a57b25dfa599)
+      #08 pc 000a75b3  /apex/com.android.runtime/lib/bionic/libc.so (__pthread_start(void*)+20) (BuildId: 320fbdc2a1289fadd7dacae7f2eb77a3)
+      #09 pc 00061b33  /apex/com.android.runtime/lib/bionic/libc.so (__start_thread+30) (BuildId: 320fbdc2a1289fadd7dacae7f2eb77a3)
+
+

tests/artifacts/android_data/bugreport/FS/data/tombstones/tombstone_01

@@ -0,0 +1,38 @@
+*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
+Build fingerprint: 'samsung/a10eea/a10:11/RP1A.200720.012/A105:user/release-keys'
+Revision: '5'
+ABI: 'arm'
+Timestamp: 2023-08-21 23:28:59-0400
+pid: 3559, tid: 3568, name: tzts_daemon  >>> /vendor/bin/tzts_daemon <<<
+uid: 1000
+signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xe8b4d14c
+    r0  e8b4d14c  r1  e8b4d14c  r2  0000002b  r3  00000004
+    r4  00000000  r5  e8b4d14c  r6  00000000  r7  00000000
+    r8  e7ef78b0  r9  0000002b  r10 e7ef7dad  r11 e7ef7400
+    ip  00000000  sp  e7ef7208  lr  e89f4b01  pc  e89c273a
+
+backtrace:
+      #00 pc 0005f73a  /apex/com.android.runtime/lib/bionic/libc.so (strlen_a15+54) (BuildId: fef5b751123147ea65bf3f4f798c9518)
+      #01 pc 00091afd  /apex/com.android.runtime/lib/bionic/libc.so (__vfprintf+3364) (BuildId: fef5b751123147ea65bf3f4f798c9518)
+      #02 pc 000a68e5  /apex/com.android.runtime/lib/bionic/libc.so (vsnprintf+152) (BuildId: fef5b751123147ea65bf3f4f798c9518)
+      #03 pc 000051cf  /system/lib/liblog.so (__android_log_vprint+74) (BuildId: 3fcead474cd0ecbdafb529ff176b0d13)
+      #04 pc 000012e8  /vendor/bin/tzts_daemon
+
+memory near r0:
+    e8b4d12c -------- -------- -------- --------  ................
+    e8b4d13c -------- -------- -------- --------  ................
+    e8b4d14c -------- -------- -------- --------  ................
+    e8b4d15c -------- -------- -------- --------  ................
+    e8b4d16c -------- -------- -------- --------  ................
+    e8b4d17c -------- -------- -------- --------  ................
+    e8b4d18c -------- -------- -------- --------  ................
+    e8b4d19c -------- -------- -------- --------  ................
+    e8b4d1ac -------- -------- -------- --------  ................
+    e8b4d1bc -------- -------- -------- --------  ................
+    e8b4d1cc -------- -------- -------- --------  ................
+    e8b4d1dc -------- -------- -------- --------  ................
+    e8b4d1ec -------- -------- -------- --------  ................
+    e8b4d1fc -------- -------- -------- --------  ................
+    e8b4d20c -------- -------- -------- --------  ................
+    e8b4d21c -------- -------- -------- --------  ................
+

tests/artifacts/android_data/bugreport/dumpstate.txt

@@ -246,6 +246,23 @@ Packages:
         com.instagram.direct.share.handler.DirectMultipleExternalMediaShareActivity
         com.instagram.share.handleractivity.ClipsShareHandlerActivity
         com.instagram.direct.share.handler.DirectMultipleExternalMediaShareActivityInterop
-
+--------- 0.053s was the duration of dumpsys appops, ending at: 2022-03-29 23:14:27
+-------------------------------------------------------------------------------
+DUMP OF SERVICE platform_compat:
+ChangeId(180326845; name=OVERRIDE_MIN_ASPECT_RATIO_MEDIUM; disabled; overridable)
+ChangeId(189969744; name=DOWNSCALE_65; disabled; overridable)
+ChangeId(183372781; name=ENABLE_RAW_SYSTEM_GALLERY_ACCESS; enableSinceTargetSdk=30)
+ChangeId(150939131; name=ADD_CONTENT_OBSERVER_FLAGS; enableSinceTargetSdk=30)
+ChangeId(226439802; name=SCHEDULE_EXACT_ALARM_DENIED_BY_DEFAULT; disabled)
+ChangeId(270674727; name=ENABLE_STRICT_FORMATTER_VALIDATION; enableSinceTargetSdk=35)
+ChangeId(183155436; name=ALWAYS_USE_CONTEXT_USER; enableSinceTargetSdk=33)
+ChangeId(303742236; name=ROLE_MANAGER_USER_HANDLE_AWARE; enableSinceTargetSdk=35)
+ChangeId(203800354; name=MEDIA_CONTROL_SESSION_ACTIONS; enableSinceTargetSdk=33)
+ChangeId(144027538; name=BLOCK_GPS_STATUS_USAGE; enableSinceTargetSdk=31)
+ChangeId(189969749; name=DOWNSCALE_35; disabled; overridable)
+ChangeId(143539591; name=SELINUX_LATEST_CHANGES; disabled)
+ChangeId(247079863; name=DISALLOW_INVALID_GROUP_REFERENCE; enableSinceTargetSdk=34)
+ChangeId(174227820; name=FORCE_DISABLE_HEVC_SUPPORT; disabled)
+ChangeId(168419799; name=DOWNSCALED; disabled; packageOverrides={com.google.android.apps.tachyon=false, org.torproject.torbrowser=false}; rawOverrides={org.torproject.torbrowser=false, org.article19.circulo.next=false}; overridable)
 
 

tests/artifacts/android_data/dumpsys_adb_xml.txt

@@ -0,0 +1,16 @@
+-------------------------------------------------------------------------------
+DUMP OF SERVICE adb:
+ADB MANAGER STATE (dumpsys adb):
+{
+  debugging_manager={
+    connected_to_adb=true
+    user_keys=QAAAAAcgbytJst31DsaSP7hn8QcBXKR9NPVPK9MZssFVSNIP user@laptop
+
+    keystore=<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
+    <keyStore version="1">
+    <adbKey key="QAAAAAcgbytJst31DsaSP7hn8QcBXKR9NPVPK9MZssFVSNIP user@laptop" lastConnection="1628501829898" />
+    </keyStore>
+
+  }
+}
+--------- 0.012s was the duration of dumpsys adb, ending at: 2025-02-04 20:25:58

tests/artifacts/android_data/dumpsys_platform_compat.txt

@@ -0,0 +1,16 @@
+DUMP OF SERVICE platform_compat:
+ChangeId(180326845; name=OVERRIDE_MIN_ASPECT_RATIO_MEDIUM; disabled; overridable)
+ChangeId(189969744; name=DOWNSCALE_65; disabled; overridable)
+ChangeId(183372781; name=ENABLE_RAW_SYSTEM_GALLERY_ACCESS; enableSinceTargetSdk=30)
+ChangeId(150939131; name=ADD_CONTENT_OBSERVER_FLAGS; enableSinceTargetSdk=30)
+ChangeId(226439802; name=SCHEDULE_EXACT_ALARM_DENIED_BY_DEFAULT; disabled)
+ChangeId(270674727; name=ENABLE_STRICT_FORMATTER_VALIDATION; enableSinceTargetSdk=35)
+ChangeId(183155436; name=ALWAYS_USE_CONTEXT_USER; enableSinceTargetSdk=33)
+ChangeId(303742236; name=ROLE_MANAGER_USER_HANDLE_AWARE; enableSinceTargetSdk=35)
+ChangeId(203800354; name=MEDIA_CONTROL_SESSION_ACTIONS; enableSinceTargetSdk=33)
+ChangeId(144027538; name=BLOCK_GPS_STATUS_USAGE; enableSinceTargetSdk=31)
+ChangeId(189969749; name=DOWNSCALE_35; disabled; overridable)
+ChangeId(143539591; name=SELINUX_LATEST_CHANGES; disabled)
+ChangeId(247079863; name=DISALLOW_INVALID_GROUP_REFERENCE; enableSinceTargetSdk=34)
+ChangeId(174227820; name=FORCE_DISABLE_HEVC_SUPPORT; disabled)
+ChangeId(168419799; name=DOWNSCALED; disabled; packageOverrides={com.google.android.apps.tachyon=false, org.torproject.torbrowser=false}; rawOverrides={org.torproject.torbrowser=false, org.article19.circulo.next=false}; overridable)

tests/artifacts/android_data/tombstone_process.txt

@@ -0,0 +1,987 @@
+*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
+Build fingerprint: 'Redmi/rosemary_global/rosemary:12/SP1A.210812.016/V13.0.13.0.SKLMIXM:user/release-keys'
+Revision: '0'
+ABI: 'arm'
+Timestamp: 2023-04-12 12:32:40.518290770+0200
+Process uptime: 0s
+Cmdline: /vendor/bin/hw/android.hardware.media.c2@1.2-mediatek
+pid: 25541, tid: 21307, name: mtk.ape.decoder  >>> /vendor/bin/hw/android.hardware.media.c2@1.2-mediatek <<<
+uid: 1046
+signal 0 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr --------
+Cause: null pointer dereference
+    r0  0006ba86  r1  00000000  r2  00000000  r3  00000000
+    r4  f21d7508  r5  00000000  r6  00000000  r7  00000000
+    r8  f1f0a274  r9  00000006  r10 00000000  r11 00000000
+    ip  f21d75e4  sp  ee10de60  lr  f1e84cff  pc  f1e9bd80
+
+backtrace:
+      #00 pc 0004bd80  /apex/com.android.runtime/lib/bionic/libc.so (je_large_dalloc+32) (BuildId: c3f479705b82c55801158aefde571341)
+      #01 pc 00034cfb  /apex/com.android.runtime/lib/bionic/libc.so (arena_dalloc_no_tcache+394) (BuildId: c3f479705b82c55801158aefde571341)
+      #02 pc 00031f89  /apex/com.android.runtime/lib/bionic/libc.so (je_free+1096) (BuildId: c3f479705b82c55801158aefde571341)
+      #03 pc 00005bad  /vendor/lib/libcodec2_soft_mtk_apedec.so (android::C2SoftMtkApeDec::onRelease()+26) (BuildId: fe23de7ba01754c96011abbc14b8c520)
+      #04 pc 000067bf  /vendor/lib/libcodec2_soft_common.so (android::SimpleC2Component::WorkHandler::onMessageReceived(android::sp<android::AMessage> const&)+806) (BuildId: 397c93a3912eca6ed50a7a7c7bfafa49)
+      #05 pc 0000f6e1  /apex/com.android.vndk.v31/lib/libstagefright_foundation.so (android::AHandler::deliverMessage(android::sp<android::AMessage> const&)+24) (BuildId: 855584cfc266442e6cd47e4665f4b072)
+      #06 pc 00011fa7  /apex/com.android.vndk.v31/lib/libstagefright_foundation.so (android::AMessage::deliver()+86) (BuildId: 855584cfc266442e6cd47e4665f4b072)
+      #07 pc 0000fe71  /apex/com.android.vndk.v31/lib/libstagefright_foundation.so (android::ALooper::loop()+516) (BuildId: 855584cfc266442e6cd47e4665f4b072)
+      #08 pc 0000d3af  /apex/com.android.vndk.v31/lib/libutils.so (android::Thread::_threadLoop(void*)+302) (BuildId: 01cc528c610468531ef44927a06cdeb9)
+      #09 pc 0000ce67  /apex/com.android.vndk.v31/lib/libutils.so (thread_data_t::trampoline(thread_data_t const*)+254) (BuildId: 01cc528c610468531ef44927a06cdeb9)
+      #10 pc 000a8cc7  /apex/com.android.runtime/lib/bionic/libc.so (__pthread_start(void*)+40) (BuildId: c3f479705b82c55801158aefde571341)
+      #11 pc 00061ee5  /apex/com.android.runtime/lib/bionic/libc.so (__start_thread+30) (BuildId: c3f479705b82c55801158aefde571341)
+
+memory near r4 ([anon:libc_malloc]):
+    f21d74e0 00000000 00000000 00000000 00000000  ................
+    f21d74f0 00000000 00000000 00000000 00000000  ................
+    f21d7500 00000001 00000000 01010002 00000000  ................
+    f21d7510 00000000 00000000 00000000 00000000  ................
+    f21d7520 00000078 00000000 00000000 00000001  x...............
+    f21d7530 00000000 00000001 00000000 00000001  ................
+    f21d7540 00000000 00000001 00000000 00000001  ................
+    f21d7550 00000000 00000001 00000000 00000001  ................
+    f21d7560 00000000 f1c00000 efb11040 f2000000  ........@.......
+    f21d7570 efb0bd40 f2400000 efb03f40 00000001  @.....@.@?......
+    f21d7580 00000000 00000001 00000000 00000001  ................
+    f21d7590 00000000 00000001 00000000 00000001  ................
+    f21d75a0 00000000 00000001 00000000 00000001  ................
+    f21d75b0 00000000 00000001 00000000 00000001  ................
+    f21d75c0 00000000 00000001 00000000 00000001  ................
+    f21d75d0 00000000 00000001 00000000 00000001  ................
+
+memory near r8 ([anon:.bss]):
+    f1f0a250 00000000 00000000 00000000 00000000  ................
+    f1f0a260 00000000 00000000 ff8bc15b 00000000  ........[.......
+    f1f0a270 00000000 38b4f3d9 00000000 00000000  .......8........
+    f1f0a280 00000000 80000001 000063c5 00000000  .........c......
+    f1f0a290 00000000 efb00080 00000001 00000000  ................
+    f1f0a2a0 00000000 00000000 00000000 ff8bb84c  ............L...
+    f1f0a2b0 00000000 00000000 00000000 00000000  ................
+    f1f0a2c0 00000000 00000000 00000000 00000000  ................
+    f1f0a2d0 00000000 00000000 00000003 00000000  ................
+    f1f0a2e0 00000000 00000002 00000002 00000030  ............0...
+    f1f0a2f0 00000000 efb002c0 00010000 00000000  ................
+    f1f0a300 80000000 00000000 00000001 f2371c00  ..............7.
+    f1f0a310 00000000 00000000 00000000 00000000  ................
+    f1f0a320 00000000 00000000 00000000 f294a000  ................
+    f1f0a330 f294a008 00000000 00000000 00000000  ................
+    f1f0a340 0000027c 00000000 00000000 00000000  |...............
+
+memory near ip ([anon:libc_malloc]):
+    f21d75c0 00000000 00000001 00000000 00000001  ................
+    f21d75d0 00000000 00000001 00000000 00000001  ................
+    f21d75e0 00000000 00000001 00000000 00000000  ................
+    f21d75f0 00000000 00000000 00000000 00000000  ................
+    f21d7600 00000000 00000000 00000000 00000000  ................
+    f21d7610 00000000 00000000 00000000 00000000  ................
+    f21d7620 00000000 00000000 00000000 00000000  ................
+    f21d7630 00000000 00000000 00000000 00000000  ................
+    f21d7640 00000000 00000000 00000000 00000000  ................
+    f21d7650 00000000 00000000 00000000 00000000  ................
+    f21d7660 00000000 00000000 00000000 00000000  ................
+    f21d7670 00000000 00000000 00000000 00000000  ................
+    f21d7680 00000000 00000000 00000000 00000000  ................
+    f21d7690 00000000 00000000 00000000 00000000  ................
+    f21d76a0 00000000 00000000 00000000 00000000  ................
+    f21d76b0 00000000 00000000 00000000 00000000  ................
+
+memory near sp ([anon:stack_and_tls:21307]):
+    ee10de40 00000000 00000000 00000000 00000000  ................
+    ee10de50 00000000 00000000 00000000 f21d7508  .............u..
+    ee10de60 00000000 38b4f3d9 f21d7508 00000000  .......8.u......
+    ee10de70 f21d752c 00000000 f1f0a274 f1e84cff  ,u......t....L..
+    ee10de80 00000001 00000000 00000000 00000000  ................
+    ee10de90 00000000 00000000 00000000 00000000  ................
+    ee10dea0 00000000 00000000 00000000 00000000  ................
+    ee10deb0 00000000 00000000 00000000 00000000  ................
+    ee10dec0 00000000 00000000 00000000 00000000  ................
+    ee10ded0 00000000 00000000 00000000 00000000  ................
+    ee10dee0 00000000 00000000 00000000 00000000  ................
+    ee10def0 00000000 00000000 00000000 00000000  ................
+    ee10df00 00000000 00000000 00000000 00000000  ................
+    ee10df10 00000000 00000000 00000000 00000000  ................
+    ee10df20 00000000 00000000 00000000 00000000  ................
+    ee10df30 00000000 00000000 00000000 00000000  ................
+
+memory near lr (/apex/com.android.runtime/lib/bionic/libc.so):
+    f1e84cd0 1f84f853 e9d2b179 f8cc0e1e f8c30000  S...y...........
+    f1e84ce0 f856e000 67900037 00c7eb06 5037f846  ..V.7..g....F.7P
+    f1e84cf0 67d36843 2100e7db f0174620 f8d8f831  Ch.g...! F..1...
+    f1e84d00 99620000 d1024288 e8bdb063 f07c83f0  ..b..B..c.....|.
+    f1e84d10 46b4ed08 0f90f85c d10842a8 e77c2102  ...F\....B...!|.
+    f1e84d20 f85c46b4 42a80f90 2102d108 46b4e7cd  .F\....B...!...F
+    f1e84d30 0f98f85c d10842a8 e76e2103 f85c46b4  \....B...!n..F\.
+    f1e84d40 42a80f98 2103d108 46b4e7bf 0fa0f85c  ...B...!...F\...
+    f1e84d50 d10842a8 e7602104 f85c46b4 42a80fa0  .B...!`..F\....B
+    f1e84d60 2104d108 46b4e7b1 0fa8f85c d10842a8  ...!...F\....B..
+    f1e84d70 e7522105 f85c46b4 42a80fa8 2105d108  .!R..F\....B...!
+    f1e84d80 46b4e7a3 0fb0f85c d10842a8 e7442106  ...F\....B...!D.
+    f1e84d90 f85c46b4 42a80fb0 2106d108 46b4e795  .F\....B...!...F
+    f1e84da0 0fb8f85c d10842a8 e7362107 f85c46b4  \....B...!6..F\.
+    f1e84db0 42a80fb8 2107d10e 2000e787 46322101  ...B...!... .!2F
+    f1e84dc0 e9cd464b 480b1000 68014478 f01a4620  KF.....HxD.h F..
+
+memory near pc (/apex/com.android.runtime/lib/bionic/libc.so):
+    f1e9bd60 41f0e92d 4604b082 460e4826 27002300  -..A...F&H.F.#.'
+    f1e9bd70 44784632 8000f8d0 0000f8d8 48229001  2FxD.........."H
+    f1e9bd80 44786809 311ff36f eb006800 e8d00081  .hxDo..1.h......
+    f1e9bd90 46205faf f7ff4629 466aff51 46294620  ._ F)F..Q.jF F)F
+    f1e9bda0 97004633 ff60f7e9 f643b19c 58283030  3F....`...C.00(X
+    f1e9bdb0 f8d46801 280000ec 6862bf18 428abf18  .h.....(..bh...B
+    f1e9bdc0 eb00d90f b12000c1 1e4a6801 60022900  ...... ..hJ..).`
+    f1e9bdd0 f8d8dd0d 99010000 d1114288 e8bdb002  .........B......
+    f1e9bde0 462081f0 f846f7e4 d1ed2800 6841e7f1  .. F..F..(....Ah
+    f1e9bdf0 23002200 46206001 f7ea4629 e7e8fb35  .".#.` F)F..5...
+    f1e9be00 ec8ef065 0006b9c2 0006ba86 4604b510  e..............F
+    f1e9be10 4478480a 68026800 2000b122 e8bd4621  .HxD.h.h".. !F..
+    f1e9be20 47104010 f0654620 4603eed4 21022004  .@.G Fe....F. .!
+    f1e9be30 e8bd4622 f0644010 bf00bfc9 0006ba1e  "F...@d.........
+    f1e9be40 4608b510 f065460c 4603eec4 21022004  ...F.Fe....F. .!
+    f1e9be50 e8bd4622 f0644010 b5b0bfb9 460d4614  "F...@d......F.F
+
+memory map (848 entries):
+    0995b000-0995bfff r--         0      1000  /vendor/bin/hw/android.hardware.media.c2@1.2-mediatek (BuildId: 5dbc68c83b1d3265cede20080038aa06) (load bias 0x1000)
+    0995c000-0995dfff r-x         0      2000  /vendor/bin/hw/android.hardware.media.c2@1.2-mediatek (BuildId: 5dbc68c83b1d3265cede20080038aa06) (load bias 0x1000)
+    0995e000-0995efff r--      1000      1000  /vendor/bin/hw/android.hardware.media.c2@1.2-mediatek (BuildId: 5dbc68c83b1d3265cede20080038aa06) (load bias 0x1000)
+    e80c0000-e80c0fff ---         0      1000
+    e80c1000-e81bffff rw-         0     ff000  [anon:stack_and_tls:29601]
+    e81c0000-e81c0fff ---         0      1000
+    e8559000-e8559fff ---         0      1000
+    e855a000-e8658fff rw-         0     ff000  [anon:stack_and_tls:29597]
+    e8659000-e8659fff ---         0      1000
+    eaed1000-eb0acfff rw-         0    1dc000  /dev/ashmem/AshmemAllocator_hidl (deleted)
+    eb470000-eb472fff r--         0      3000  /apex/com.android.vndk.v31/lib/hw/android.hidl.memory@1.0-impl.so (BuildId: 0e17e52cdc75b1a3cc5007d93398d50f) (load bias 0x1000)
+    eb473000-eb473fff r-x      2000      1000  /apex/com.android.vndk.v31/lib/hw/android.hidl.memory@1.0-impl.so (BuildId: 0e17e52cdc75b1a3cc5007d93398d50f) (load bias 0x1000)
+    eb474000-eb474fff r--      2000      1000  /apex/com.android.vndk.v31/lib/hw/android.hidl.memory@1.0-impl.so (BuildId: 0e17e52cdc75b1a3cc5007d93398d50f) (load bias 0x1000)
+    ee011000-ee011fff ---         0      1000
+    ee012000-ee110fff rw-         0     ff000  [anon:stack_and_tls:21307]
+    ee111000-ee112fff ---         0      2000
+    ee113000-ee211fff rw-         0     ff000  [anon:stack_and_tls:20061]
+    ee212000-ee213fff ---         0      2000
+    ee214000-ee312fff rw-         0     ff000  [anon:stack_and_tls:20060]
+    ee313000-ee313fff ---         0      1000
+    ee314000-ee411fff r--         0     fe000  /dev/binderfs/hwbinder
+    ee412000-ee412fff r--         0      1000  /vendor/lib/libgralloc_metadata.so (BuildId: 0833a1b445a2c1e4e4ad2155e1394f25) (load bias 0x1000)
+    ee413000-ee413fff r-x         0      1000  /vendor/lib/libgralloc_metadata.so (BuildId: 0833a1b445a2c1e4e4ad2155e1394f25) (load bias 0x1000)
+    ee414000-ee414fff r--         0      1000  /vendor/lib/libgralloc_metadata.so (BuildId: 0833a1b445a2c1e4e4ad2155e1394f25) (load bias 0x1000)
+    ee466000-ee466fff r--         0      1000  /vendor/lib/libgralloctypes_mtk.so (BuildId: 877fa14a4454824f05fd56de58681156) (load bias 0x1000)
+    ee467000-ee468fff r-x         0      2000  /vendor/lib/libgralloctypes_mtk.so (BuildId: 877fa14a4454824f05fd56de58681156) (load bias 0x1000)
+    ee469000-ee469fff r--      1000      1000  /vendor/lib/libgralloctypes_mtk.so (BuildId: 877fa14a4454824f05fd56de58681156) (load bias 0x1000)
+    ee46a000-ee46afff rw-      1000      1000  /vendor/lib/libgralloctypes_mtk.so (BuildId: 877fa14a4454824f05fd56de58681156) (load bias 0x1000)
+    ee49b000-ee4a4fff r--         0      a000  /vendor/lib/hw/android.hardware.graphics.mapper@4.0-impl-mediatek.so (BuildId: f1ce0a1b93768e58ee2fb0af96ed270e) (load bias 0x1000)
+    ee4a5000-ee4b4fff r-x      9000     10000  /vendor/lib/hw/android.hardware.graphics.mapper@4.0-impl-mediatek.so (BuildId: f1ce0a1b93768e58ee2fb0af96ed270e) (load bias 0x1000)
+    ee4b5000-ee4b6fff r--     18000      2000  /vendor/lib/hw/android.hardware.graphics.mapper@4.0-impl-mediatek.so (BuildId: f1ce0a1b93768e58ee2fb0af96ed270e) (load bias 0x1000)
+    ee4b7000-ee4b7fff rw-     19000      1000  /vendor/lib/hw/android.hardware.graphics.mapper@4.0-impl-mediatek.so (BuildId: f1ce0a1b93768e58ee2fb0af96ed270e) (load bias 0x1000)
+    ee4b8000-ee4b8fff rw-         0      1000  [anon:.bss]
+    ee4c5000-ee4cdfff r--         0      9000  /vendor/lib/libgpud.so (BuildId: 62ee606284f8c3a37467a82dfed2cac3) (load bias 0x1000)
+    ee4ce000-ee4ddfff r-x      8000     10000  /vendor/lib/libgpud.so (BuildId: 62ee606284f8c3a37467a82dfed2cac3) (load bias 0x1000)
+    ee4de000-ee4defff r--     17000      1000  /vendor/lib/libgpud.so (BuildId: 62ee606284f8c3a37467a82dfed2cac3) (load bias 0x1000)
+    ee4df000-ee4dffff rw-     17000      1000  /vendor/lib/libgpud.so (BuildId: 62ee606284f8c3a37467a82dfed2cac3) (load bias 0x1000)
+    ee4e0000-ee4e1fff rw-         0      2000  [anon:.bss]
+    ee52f000-ee52ffff r--         0      1000  /vendor/lib/arm.graphics-V1-ndk_platform.so (BuildId: deb42628674cf90140167feb2307b9d2) (load bias 0x1000)
+    ee530000-ee530fff r-x         0      1000  /vendor/lib/arm.graphics-V1-ndk_platform.so (BuildId: deb42628674cf90140167feb2307b9d2) (load bias 0x1000)
+    ee531000-ee531fff r--         0      1000  /vendor/lib/arm.graphics-V1-ndk_platform.so (BuildId: deb42628674cf90140167feb2307b9d2) (load bias 0x1000)
+    ee55f000-ee562fff r--         0      4000  /vendor/lib/libdrm.so (BuildId: e5cace60877c55e023ff6eea7ce02cd3) (load bias 0x1000)
+    ee563000-ee56cfff r-x      3000      a000  /vendor/lib/libdrm.so (BuildId: e5cace60877c55e023ff6eea7ce02cd3) (load bias 0x1000)
+    ee56d000-ee56dfff r--      c000      1000  /vendor/lib/libdrm.so (BuildId: e5cace60877c55e023ff6eea7ce02cd3) (load bias 0x1000)
+    ee56e000-ee56efff rw-      c000      1000  /vendor/lib/libdrm.so (BuildId: e5cace60877c55e023ff6eea7ce02cd3) (load bias 0x1000)
+    ee657000-ee6f7fff rw-         0     a1000  /dev/ashmem/MessageQueue (deleted)
+    ee6f8000-ee6f8fff ---         0      1000
+    ee6f9000-ee7f7fff rw-         0     ff000  [anon:stack_and_tls:20059]
+    ee7f8000-ee7f9fff ---         0      2000
+    ee7fa000-ee8f8fff rw-         0     ff000  [anon:stack_and_tls:20058]
+    ee8f9000-ee8fafff ---         0      2000
+    ee8fb000-ee9f9fff rw-         0     ff000  [anon:stack_and_tls:20057]
+    ee9fa000-ee9fbfff ---         0      2000
+    ee9fc000-eeafafff rw-         0     ff000  [anon:stack_and_tls:20056]
+    eeafb000-eeafcfff ---         0      2000
+    eeafd000-eebfbfff rw-         0     ff000  [anon:stack_and_tls:20054]
+    eebfc000-eebfdfff ---         0      2000
+    eebfe000-eecfcfff rw-         0     ff000  [anon:stack_and_tls:29123]
+    eecfd000-eecfefff ---         0      2000
+    eecff000-eedfdfff rw-         0     ff000  [anon:stack_and_tls:25615]
+    eedfe000-eedfffff ---         0      2000
+    eee00000-eeefefff rw-         0     ff000  [anon:stack_and_tls:25604]
+    eeeff000-eef00fff ---         0      2000
+    eef01000-eeffffff rw-         0     ff000  [anon:stack_and_tls:25591]
+    ef000000-ef000fff ---         0      1000
+    ef001000-ef005fff r--         0      5000  /vendor/lib/libmp3dec_mtk.so (BuildId: d6d750c085527778ece5ecef41168b4f) (load bias 0x1000)
+    ef006000-ef011fff r-x      4000      c000  /vendor/lib/libmp3dec_mtk.so (BuildId: d6d750c085527778ece5ecef41168b4f) (load bias 0x1000)
+    ef012000-ef012fff r--      f000      1000  /vendor/lib/libmp3dec_mtk.so (BuildId: d6d750c085527778ece5ecef41168b4f) (load bias 0x1000)
+    ef013000-ef013fff rw-      f000      1000  /vendor/lib/libmp3dec_mtk.so (BuildId: d6d750c085527778ece5ecef41168b4f) (load bias 0x1000)
+    ef06a000-ef06dfff r--         0      4000  /vendor/lib/libcodec2_soft_mtk_mp3dec.so (BuildId: 1ea78408b42962cdea86653745898aa9) (load bias 0x1000)
+    ef06e000-ef075fff r-x      3000      8000  /vendor/lib/libcodec2_soft_mtk_mp3dec.so (BuildId: 1ea78408b42962cdea86653745898aa9) (load bias 0x1000)
+    ef076000-ef076fff r--      a000      1000  /vendor/lib/libcodec2_soft_mtk_mp3dec.so (BuildId: 1ea78408b42962cdea86653745898aa9) (load bias 0x1000)
+    ef0a2000-ef0a2fff r--         0      1000  /apex/com.android.vndk.v31/lib/libspeexresampler.so (BuildId: a326bfaa143ffac2c7e5a7c72ac8c9a2) (load bias 0x1000)
+    ef0a3000-ef0a5fff r-x         0      3000  /apex/com.android.vndk.v31/lib/libspeexresampler.so (BuildId: a326bfaa143ffac2c7e5a7c72ac8c9a2) (load bias 0x1000)
+    ef0a6000-ef0a6fff r--      2000      1000  /apex/com.android.vndk.v31/lib/libspeexresampler.so (BuildId: a326bfaa143ffac2c7e5a7c72ac8c9a2) (load bias 0x1000)
+    ef0cf000-ef0d7fff r--         0      9000  /apex/com.android.vndk.v31/lib/libaudioutils.so (BuildId: 71041aa8deee651dbef93c1786fc1b9e) (load bias 0x1000)
+    ef0d8000-ef0e6fff r-x      8000      f000  /apex/com.android.vndk.v31/lib/libaudioutils.so (BuildId: 71041aa8deee651dbef93c1786fc1b9e) (load bias 0x1000)
+    ef0e7000-ef0e8fff r--     16000      2000  /apex/com.android.vndk.v31/lib/libaudioutils.so (BuildId: 71041aa8deee651dbef93c1786fc1b9e) (load bias 0x1000)
+    ef12a000-ef12dfff r--         0      4000  /vendor/lib/libcodec2_soft_mtk_apedec.so (BuildId: fe23de7ba01754c96011abbc14b8c520) (load bias 0x1000)
+    ef12e000-ef137fff r-x      3000      a000  /vendor/lib/libcodec2_soft_mtk_apedec.so (BuildId: fe23de7ba01754c96011abbc14b8c520) (load bias 0x1000)
+    ef138000-ef139fff r--      c000      2000  /vendor/lib/libcodec2_soft_mtk_apedec.so (BuildId: fe23de7ba01754c96011abbc14b8c520) (load bias 0x1000)
+    ef13a000-ef13afff rw-      d000      1000  /vendor/lib/libcodec2_soft_mtk_apedec.so (BuildId: fe23de7ba01754c96011abbc14b8c520) (load bias 0x1000)
+    ef166000-ef169fff r--         0      4000  /vendor/lib/libcodec2_soft_mtk_alacdec.so (BuildId: 61e6f42f630304572124ec8e851c5036) (load bias 0x1000)
+    ef16a000-ef16efff r-x      3000      5000  /vendor/lib/libcodec2_soft_mtk_alacdec.so (BuildId: 61e6f42f630304572124ec8e851c5036) (load bias 0x1000)
+    ef16f000-ef16ffff r--      7000      1000  /vendor/lib/libcodec2_soft_mtk_alacdec.so (BuildId: 61e6f42f630304572124ec8e851c5036) (load bias 0x1000)
+    ef188000-ef188fff r--         0      1000  /vendor/lib/libalacdec_mtk.so (BuildId: bcf8351dadf2339a50d2ff00e03053d2) (load bias 0x1000)
+    ef189000-ef18cfff r-x         0      4000  /vendor/lib/libalacdec_mtk.so (BuildId: bcf8351dadf2339a50d2ff00e03053d2) (load bias 0x1000)
+    ef18d000-ef18dfff r--      3000      1000  /vendor/lib/libalacdec_mtk.so (BuildId: bcf8351dadf2339a50d2ff00e03053d2) (load bias 0x1000)
+    ef18e000-ef18efff rw-      3000      1000  /vendor/lib/libalacdec_mtk.so (BuildId: bcf8351dadf2339a50d2ff00e03053d2) (load bias 0x1000)
+    ef1db000-ef1defff r--         0      4000  /vendor/lib/libcodec2_soft_mtk_msadpcmdec.so (BuildId: bc16f62abc6b5f1ed858e45addcd7fe6) (load bias 0x1000)
+    ef1df000-ef1e3fff r-x      3000      5000  /vendor/lib/libcodec2_soft_mtk_msadpcmdec.so (BuildId: bc16f62abc6b5f1ed858e45addcd7fe6) (load bias 0x1000)
+    ef1e4000-ef1e5fff r--      7000      2000  /vendor/lib/libcodec2_soft_mtk_msadpcmdec.so (BuildId: bc16f62abc6b5f1ed858e45addcd7fe6) (load bias 0x1000)
+    ef222000-ef222fff r--         0      1000  /vendor/lib/libadpcmdec_mtk.so (BuildId: af5e5ca7acb222e78a7b3d51ea60f8b4) (load bias 0x1000)
+    ef223000-ef225fff r-x         0      3000  /vendor/lib/libadpcmdec_mtk.so (BuildId: af5e5ca7acb222e78a7b3d51ea60f8b4) (load bias 0x1000)
+    ef226000-ef226fff r--      2000      1000  /vendor/lib/libadpcmdec_mtk.so (BuildId: af5e5ca7acb222e78a7b3d51ea60f8b4) (load bias 0x1000)
+    ef227000-ef227fff rw-      2000      1000  /vendor/lib/libadpcmdec_mtk.so (BuildId: af5e5ca7acb222e78a7b3d51ea60f8b4) (load bias 0x1000)
+    ef256000-ef259fff r--         0      4000  /vendor/lib/libcodec2_soft_mtk_imaadpcmdec.so (BuildId: 8ad1e4b42e098cb7797a7473b1bfc6c4) (load bias 0x1000)
+    ef25a000-ef25efff r-x      3000      5000  /vendor/lib/libcodec2_soft_mtk_imaadpcmdec.so (BuildId: 8ad1e4b42e098cb7797a7473b1bfc6c4) (load bias 0x1000)
+    ef25f000-ef260fff r--      7000      2000  /vendor/lib/libcodec2_soft_mtk_imaadpcmdec.so (BuildId: 8ad1e4b42e098cb7797a7473b1bfc6c4) (load bias 0x1000)
+    ef299000-ef29dfff r-x         0      5000  /vendor/lib/mt6785/libmtk_drvb.so (BuildId: 2f3b6044979d21c0f18afbe026f98d30)
+    ef29e000-ef29efff r--      4000      1000  /vendor/lib/mt6785/libmtk_drvb.so (BuildId: 2f3b6044979d21c0f18afbe026f98d30)
+    ef29f000-ef29ffff rw-      5000      1000  /vendor/lib/mt6785/libmtk_drvb.so (BuildId: 2f3b6044979d21c0f18afbe026f98d30)
+    ef2fb000-ef2fbfff ---         0      1000
+    ef2fc000-ef3fafff rw-         0     ff000  [anon:stack_and_tls:25554]
+    ef3fb000-ef3fcfff ---         0      2000
+    ef3fd000-ef4fbfff rw-         0     ff000  [anon:stack_and_tls:25553]
+    ef4fc000-ef4fdfff ---         0      2000
+    ef4fe000-ef5fcfff rw-         0     ff000  [anon:stack_and_tls:25552]
+    ef5fd000-ef5fefff ---         0      2000
+    ef5ff000-ef6fdfff rw-         0     ff000  [anon:stack_and_tls:25551]
+    ef6fe000-ef6fffff ---         0      2000
+    ef700000-ef7fefff rw-         0     ff000  [anon:stack_and_tls:25550]
+    ef7ff000-ef7fffff ---         0      1000
+    ef800000-ef8fffff rw-         0    100000  [anon:libc_malloc]
+    ef901000-ef9fefff r--         0     fe000  /dev/binderfs/hwbinder
+    ef9ff000-ef9fffff ---         0      1000
+    efa00000-efafefff rw-         0     ff000  [anon:stack_and_tls:25549]
+    efaff000-efafffff ---         0      1000
+    efb00000-efbfffff rw-         0    100000  [anon:libc_malloc]
+    efc53000-efc5efff r--         0      c000  /apex/com.android.vndk.v31/lib/libbase.so (BuildId: 077de0f972981146907fdc52c210f51a) (load bias 0x1000)
+    efc5f000-efc7bfff r-x      b000     1d000  /apex/com.android.vndk.v31/lib/libbase.so (BuildId: 077de0f972981146907fdc52c210f51a) (load bias 0x1000)
+    efc7c000-efc7cfff r--     27000      1000  /apex/com.android.vndk.v31/lib/libbase.so (BuildId: 077de0f972981146907fdc52c210f51a) (load bias 0x1000)
+    efc7d000-efc7dfff rw-     27000      1000  /apex/com.android.vndk.v31/lib/libbase.so (BuildId: 077de0f972981146907fdc52c210f51a) (load bias 0x1000)
+    efc86000-efc8bfff r--         0      6000  /apex/com.android.vndk.v31/lib/libdmabufheap.so (BuildId: c132e381ef25a89be190f554e84341b8) (load bias 0x1000)
+    efc8c000-efc93fff r-x      5000      8000  /apex/com.android.vndk.v31/lib/libdmabufheap.so (BuildId: c132e381ef25a89be190f554e84341b8) (load bias 0x1000)
+    efc94000-efc95fff r--      c000      2000  /apex/com.android.vndk.v31/lib/libdmabufheap.so (BuildId: c132e381ef25a89be190f554e84341b8) (load bias 0x1000)
+    efc96000-efc96fff rw-      d000      1000  /apex/com.android.vndk.v31/lib/libdmabufheap.so (BuildId: c132e381ef25a89be190f554e84341b8) (load bias 0x1000)
+    efcdb000-efcdffff r--         0      5000  /apex/com.android.vndk.v31/lib/libcutils.so (BuildId: a47920c3c1f4947ac82ab996472d136e) (load bias 0x1000)
+    efce0000-efce5fff r-x      4000      6000  /apex/com.android.vndk.v31/lib/libcutils.so (BuildId: a47920c3c1f4947ac82ab996472d136e) (load bias 0x1000)
+    efce6000-efce7fff r--      9000      2000  /apex/com.android.vndk.v31/lib/libcutils.so (BuildId: a47920c3c1f4947ac82ab996472d136e) (load bias 0x1000)
+    efce8000-efce8fff rw-      a000      1000  /apex/com.android.vndk.v31/lib/libcutils.so (BuildId: a47920c3c1f4947ac82ab996472d136e) (load bias 0x1000)
+    efd1e000-efd1efff r--         0      1000  /system/lib/android.hardware.graphics.common@1.2.so (BuildId: 16f78bc81a3f75bcbe145e7a9f76731c) (load bias 0x1000)
+    efd1f000-efd1ffff r-x         0      1000  /system/lib/android.hardware.graphics.common@1.2.so (BuildId: 16f78bc81a3f75bcbe145e7a9f76731c) (load bias 0x1000)
+    efd20000-efd20fff r--         0      1000  /system/lib/android.hardware.graphics.common@1.2.so (BuildId: 16f78bc81a3f75bcbe145e7a9f76731c) (load bias 0x1000)
+    efd44000-efd47fff r--         0      4000  /apex/com.android.vndk.v31/lib/liblzma.so (BuildId: a649e13518a708b65d5b9588a58083f7) (load bias 0x1000)
+    efd48000-efd5ffff r-x      3000     18000  /apex/com.android.vndk.v31/lib/liblzma.so (BuildId: a649e13518a708b65d5b9588a58083f7) (load bias 0x1000)
+    efd60000-efd60fff r--     1a000      1000  /apex/com.android.vndk.v31/lib/liblzma.so (BuildId: a649e13518a708b65d5b9588a58083f7) (load bias 0x1000)
+    efd61000-efd61fff rw-     1a000      1000  /apex/com.android.vndk.v31/lib/liblzma.so (BuildId: a649e13518a708b65d5b9588a58083f7) (load bias 0x1000)
+    efd62000-efd67fff rw-         0      6000  [anon:.bss]
+    efd84000-efd93fff r--         0     10000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.bufferqueue@1.0.so (BuildId: 4bd02db89147f7503c5a42a83aa2f831) (load bias 0x1000)
+    efd94000-efda4fff r-x      f000     11000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.bufferqueue@1.0.so (BuildId: 4bd02db89147f7503c5a42a83aa2f831) (load bias 0x1000)
+    efda5000-efda7fff r--     1f000      3000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.bufferqueue@1.0.so (BuildId: 4bd02db89147f7503c5a42a83aa2f831) (load bias 0x1000)
+    efda8000-efda8fff rw-     21000      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.bufferqueue@1.0.so (BuildId: 4bd02db89147f7503c5a42a83aa2f831) (load bias 0x1000)
+    efdc4000-efdc4fff r--         0      1000  /system/lib/libhardware.so (BuildId: 684a6337e9065d5348bb8b19c0cfa2af) (load bias 0x1000)
+    efdc5000-efdc5fff r-x         0      1000  /system/lib/libhardware.so (BuildId: 684a6337e9065d5348bb8b19c0cfa2af) (load bias 0x1000)
+    efdc6000-efdc6fff r--         0      1000  /system/lib/libhardware.so (BuildId: 684a6337e9065d5348bb8b19c0cfa2af) (load bias 0x1000)
+    efe0e000-efe0ffff r--         0      2000  /apex/com.android.vndk.v31/lib/libutilscallstack.so (BuildId: f22f5ac5f221726f964940f8f7cbe4a6) (load bias 0x1000)
+    efe10000-efe11fff r-x      1000      2000  /apex/com.android.vndk.v31/lib/libutilscallstack.so (BuildId: f22f5ac5f221726f964940f8f7cbe4a6) (load bias 0x1000)
+    efe12000-efe13fff r--      2000      2000  /apex/com.android.vndk.v31/lib/libutilscallstack.so (BuildId: f22f5ac5f221726f964940f8f7cbe4a6) (load bias 0x1000)
+    efe42000-efe42fff r--         0      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.common@1.1.so (BuildId: fe6c1dc151bddb7060f4a75fffe6406a) (load bias 0x1000)
+    efe43000-efe43fff r-x         0      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.common@1.1.so (BuildId: fe6c1dc151bddb7060f4a75fffe6406a) (load bias 0x1000)
+    efe44000-efe44fff r--         0      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.common@1.1.so (BuildId: fe6c1dc151bddb7060f4a75fffe6406a) (load bias 0x1000)
+    efe8d000-efe95fff r--         0      9000  /system/lib/android.hardware.graphics.mapper@3.0.so (BuildId: 5247242e66ddb79805edd15b6651ad0f) (load bias 0x1000)
+    efe96000-efe9cfff r-x      8000      7000  /system/lib/android.hardware.graphics.mapper@3.0.so (BuildId: 5247242e66ddb79805edd15b6651ad0f) (load bias 0x1000)
+    efe9d000-efe9efff r--      e000      2000  /system/lib/android.hardware.graphics.mapper@3.0.so (BuildId: 5247242e66ddb79805edd15b6651ad0f) (load bias 0x1000)
+    efe9f000-efe9ffff rw-      f000      1000  /system/lib/android.hardware.graphics.mapper@3.0.so (BuildId: 5247242e66ddb79805edd15b6651ad0f) (load bias 0x1000)
+    efee5000-efeeefff r--         0      a000  /system/lib/android.hardware.graphics.mapper@4.0.so (BuildId: a11ee104e9afa89420442871d9be77c5) (load bias 0x1000)
+    efeef000-efef9fff r-x      9000      b000  /system/lib/android.hardware.graphics.mapper@4.0.so (BuildId: a11ee104e9afa89420442871d9be77c5) (load bias 0x1000)
+    efefa000-efefafff r--     13000      1000  /system/lib/android.hardware.graphics.mapper@4.0.so (BuildId: a11ee104e9afa89420442871d9be77c5) (load bias 0x1000)
+    efefb000-efefbfff rw-     13000      1000  /system/lib/android.hardware.graphics.mapper@4.0.so (BuildId: a11ee104e9afa89420442871d9be77c5) (load bias 0x1000)
+    eff04000-eff4ffff r--         0     4c000  /vendor/lib/mt6785/libpq_prot.so (BuildId: aa2093cf2dbe7ef979ab15ebca4dd0de) (load bias 0x1000)
+    eff50000-effacfff r-x     4b000     5d000  /vendor/lib/mt6785/libpq_prot.so (BuildId: aa2093cf2dbe7ef979ab15ebca4dd0de) (load bias 0x1000)
+    effad000-effadfff r--     a7000      1000  /vendor/lib/mt6785/libpq_prot.so (BuildId: aa2093cf2dbe7ef979ab15ebca4dd0de) (load bias 0x1000)
+    effae000-effbcfff rw-     a7000      f000  /vendor/lib/mt6785/libpq_prot.so (BuildId: aa2093cf2dbe7ef979ab15ebca4dd0de) (load bias 0x1000)
+    effbd000-effbdfff rw-         0      1000  [anon:.bss]
+    effc1000-effc1fff r--         0      1000  /apex/com.android.vndk.v31/lib/libion.so (BuildId: 672a2ec90024e96d5cc17a18a69803fe) (load bias 0x1000)
+    effc2000-effc3fff r-x         0      2000  /apex/com.android.vndk.v31/lib/libion.so (BuildId: 672a2ec90024e96d5cc17a18a69803fe) (load bias 0x1000)
+    effc4000-effc4fff r--      1000      1000  /apex/com.android.vndk.v31/lib/libion.so (BuildId: 672a2ec90024e96d5cc17a18a69803fe) (load bias 0x1000)
+    effc5000-effc5fff rw-      1000      1000  /apex/com.android.vndk.v31/lib/libion.so (BuildId: 672a2ec90024e96d5cc17a18a69803fe) (load bias 0x1000)
+    f001a000-f0020fff r--         0      7000  /apex/com.android.vndk.v31/lib/android.hidl.token@1.0.so (BuildId: 79c6991fa5050d55685fb0bd80ec06c1) (load bias 0x1000)
+    f0021000-f0027fff r-x      6000      7000  /apex/com.android.vndk.v31/lib/android.hidl.token@1.0.so (BuildId: 79c6991fa5050d55685fb0bd80ec06c1) (load bias 0x1000)
+    f0028000-f0029fff r--      c000      2000  /apex/com.android.vndk.v31/lib/android.hidl.token@1.0.so (BuildId: 79c6991fa5050d55685fb0bd80ec06c1) (load bias 0x1000)
+    f002a000-f002afff rw-      d000      1000  /apex/com.android.vndk.v31/lib/android.hidl.token@1.0.so (BuildId: 79c6991fa5050d55685fb0bd80ec06c1) (load bias 0x1000)
+    f004e000-f0054fff r--         0      7000  /system/lib/android.hardware.graphics.allocator@3.0.so (BuildId: 66a869222216e5dae788e1b8de0d463d) (load bias 0x1000)
+    f0055000-f005afff r-x      6000      6000  /system/lib/android.hardware.graphics.allocator@3.0.so (BuildId: 66a869222216e5dae788e1b8de0d463d) (load bias 0x1000)
+    f005b000-f005cfff r--      b000      2000  /system/lib/android.hardware.graphics.allocator@3.0.so (BuildId: 66a869222216e5dae788e1b8de0d463d) (load bias 0x1000)
+    f005d000-f005dfff rw-      c000      1000  /system/lib/android.hardware.graphics.allocator@3.0.so (BuildId: 66a869222216e5dae788e1b8de0d463d) (load bias 0x1000)
+    f009e000-f00a4fff r--         0      7000  /system/lib/android.hardware.graphics.allocator@4.0.so (BuildId: 9c8645d41e7010461cb60fa3a9df61fa) (load bias 0x1000)
+    f00a5000-f00aafff r-x      6000      6000  /system/lib/android.hardware.graphics.allocator@4.0.so (BuildId: 9c8645d41e7010461cb60fa3a9df61fa) (load bias 0x1000)
+    f00ab000-f00abfff r--      b000      1000  /system/lib/android.hardware.graphics.allocator@4.0.so (BuildId: 9c8645d41e7010461cb60fa3a9df61fa) (load bias 0x1000)
+    f00ac000-f00acfff rw-      b000      1000  /system/lib/android.hardware.graphics.allocator@4.0.so (BuildId: 9c8645d41e7010461cb60fa3a9df61fa) (load bias 0x1000)
+    f00c2000-f00d5fff r--         0     14000  /apex/com.android.vndk.v31/lib/libprocessgroup.so (BuildId: 841663472c44879a70bcd2400381e28d) (load bias 0x1000)
+    f00d6000-f00fafff r-x     13000     25000  /apex/com.android.vndk.v31/lib/libprocessgroup.so (BuildId: 841663472c44879a70bcd2400381e28d) (load bias 0x1000)
+    f00fb000-f00fcfff r--     37000      2000  /apex/com.android.vndk.v31/lib/libprocessgroup.so (BuildId: 841663472c44879a70bcd2400381e28d) (load bias 0x1000)
+    f00fd000-f00fdfff rw-     38000      1000  /apex/com.android.vndk.v31/lib/libprocessgroup.so (BuildId: 841663472c44879a70bcd2400381e28d) (load bias 0x1000)
+    f0117000-f0125fff r--         0      f000  /vendor/lib/vendor.mediatek.hardware.pq@2.0.so (BuildId: b7a87717a545d08155545bb4e24a9ec0) (load bias 0x1000)
+    f0126000-f0138fff r-x      e000     13000  /vendor/lib/vendor.mediatek.hardware.pq@2.0.so (BuildId: b7a87717a545d08155545bb4e24a9ec0) (load bias 0x1000)
+    f0139000-f013bfff r--     20000      3000  /vendor/lib/vendor.mediatek.hardware.pq@2.0.so (BuildId: b7a87717a545d08155545bb4e24a9ec0) (load bias 0x1000)
+    f013c000-f013cfff rw-     22000      1000  /vendor/lib/vendor.mediatek.hardware.pq@2.0.so (BuildId: b7a87717a545d08155545bb4e24a9ec0) (load bias 0x1000)
+    f0142000-f0148fff r--         0      7000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.allocator@2.0.so (BuildId: c3d72ca1dbd14c94b1f1164999583362) (load bias 0x1000)
+    f0149000-f014efff r-x      6000      6000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.allocator@2.0.so (BuildId: c3d72ca1dbd14c94b1f1164999583362) (load bias 0x1000)
+    f014f000-f0150fff r--      b000      2000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.allocator@2.0.so (BuildId: c3d72ca1dbd14c94b1f1164999583362) (load bias 0x1000)
+    f0151000-f0151fff rw-      c000      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.allocator@2.0.so (BuildId: c3d72ca1dbd14c94b1f1164999583362) (load bias 0x1000)
+    f019d000-f019dfff r--         0      1000  /apex/com.android.vndk.v31/lib/libcodec2.so (BuildId: e0b490a23913956d3eced28104de1af8) (load bias 0x1000)
+    f019e000-f019efff r-x         0      1000  /apex/com.android.vndk.v31/lib/libcodec2.so (BuildId: e0b490a23913956d3eced28104de1af8) (load bias 0x1000)
+    f019f000-f019ffff r--         0      1000  /apex/com.android.vndk.v31/lib/libcodec2.so (BuildId: e0b490a23913956d3eced28104de1af8) (load bias 0x1000)
+    f01d7000-f01defff r--         0      8000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.mapper@2.0.so (BuildId: 2e058cf9aaab3135b277c42edb2ac4fa) (load bias 0x1000)
+    f01df000-f01e5fff r-x      7000      7000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.mapper@2.0.so (BuildId: 2e058cf9aaab3135b277c42edb2ac4fa) (load bias 0x1000)
+    f01e6000-f01e7fff r--      d000      2000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.mapper@2.0.so (BuildId: 2e058cf9aaab3135b277c42edb2ac4fa) (load bias 0x1000)
+    f01e8000-f01e8fff rw-      e000      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.mapper@2.0.so (BuildId: 2e058cf9aaab3135b277c42edb2ac4fa) (load bias 0x1000)
+    f0224000-f0224fff r--         0      1000  /system/lib/android.hardware.common-V2-ndk_platform.so (BuildId: dddd954762dec153364dea7f48c800fc) (load bias 0x1000)
+    f0225000-f0226fff r-x         0      2000  /system/lib/android.hardware.common-V2-ndk_platform.so (BuildId: dddd954762dec153364dea7f48c800fc) (load bias 0x1000)
+    f0227000-f0227fff r--      1000      1000  /system/lib/android.hardware.common-V2-ndk_platform.so (BuildId: dddd954762dec153364dea7f48c800fc) (load bias 0x1000)
+    f0228000-f0228fff rw-      1000      1000  /system/lib/android.hardware.common-V2-ndk_platform.so (BuildId: dddd954762dec153364dea7f48c800fc) (load bias 0x1000)
+    f0257000-f0259fff r--         0      3000  /apex/com.android.vndk.v31/lib/libexpat.so (BuildId: f27a1db6faf7e8c6130133e70b9a54d7) (load bias 0x1000)
+    f025a000-f026cfff r-x      2000     13000  /apex/com.android.vndk.v31/lib/libexpat.so (BuildId: f27a1db6faf7e8c6130133e70b9a54d7) (load bias 0x1000)
+    f026d000-f026ffff r--     14000      3000  /apex/com.android.vndk.v31/lib/libexpat.so (BuildId: f27a1db6faf7e8c6130133e70b9a54d7) (load bias 0x1000)
+    f0299000-f029cfff r--         0      4000  /system/lib/libged_sys.so (BuildId: dca176754ba09601dffe95611e32343a) (load bias 0x1000)
+    f029d000-f02a5fff r-x      3000      9000  /system/lib/libged_sys.so (BuildId: dca176754ba09601dffe95611e32343a) (load bias 0x1000)
+    f02a6000-f02a6fff r--      b000      1000  /system/lib/libged_sys.so (BuildId: dca176754ba09601dffe95611e32343a) (load bias 0x1000)
+    f02a7000-f02a7fff rw-      b000      1000  /system/lib/libged_sys.so (BuildId: dca176754ba09601dffe95611e32343a) (load bias 0x1000)
+    f02c3000-f02ddfff r--         0     1b000  /apex/com.android.vndk.v31/lib/libui.so (BuildId: 6bd3b842db09f15f41f1d8f59edf7d58) (load bias 0x1000)
+    f02de000-f02f7fff r-x     1a000     1a000  /apex/com.android.vndk.v31/lib/libui.so (BuildId: 6bd3b842db09f15f41f1d8f59edf7d58) (load bias 0x1000)
+    f02f8000-f02f9fff r--     33000      2000  /apex/com.android.vndk.v31/lib/libui.so (BuildId: 6bd3b842db09f15f41f1d8f59edf7d58) (load bias 0x1000)
+    f02fa000-f02fafff rw-     34000      1000  /apex/com.android.vndk.v31/lib/libui.so (BuildId: 6bd3b842db09f15f41f1d8f59edf7d58) (load bias 0x1000)
+    f02fb000-f02fcfff rw-         0      2000  [anon:.bss]
+    f031c000-f0323fff r--         0      8000  /system/lib/libSurfaceFlingerProp.so (BuildId: 4119e4792f50701f53452518718264ae) (load bias 0x1000)
+    f0324000-f032afff r-x      7000      7000  /system/lib/libSurfaceFlingerProp.so (BuildId: 4119e4792f50701f53452518718264ae) (load bias 0x1000)
+    f032b000-f032bfff r--      d000      1000  /system/lib/libSurfaceFlingerProp.so (BuildId: 4119e4792f50701f53452518718264ae) (load bias 0x1000)
+    f032c000-f032cfff rw-      d000      1000  /system/lib/libSurfaceFlingerProp.so (BuildId: 4119e4792f50701f53452518718264ae) (load bias 0x1000)
+    f0341000-f0341fff r--         0      1000  /vendor/lib/libion_ulit.so (BuildId: 6d79d36cc592580b44c4ed2df7b434cf) (load bias 0x1000)
+    f0342000-f0342fff r-x         0      1000  /vendor/lib/libion_ulit.so (BuildId: 6d79d36cc592580b44c4ed2df7b434cf) (load bias 0x1000)
+    f0343000-f0343fff r--         0      1000  /vendor/lib/libion_ulit.so (BuildId: 6d79d36cc592580b44c4ed2df7b434cf) (load bias 0x1000)
+    f038a000-f038ffff r--         0      6000  /vendor/lib/libcodec2_mtk_c2store.so (BuildId: d49f65bc9b9c43666d803668b3fdf30d) (load bias 0x1000)
+    f0390000-f0395fff r-x      5000      6000  /vendor/lib/libcodec2_mtk_c2store.so (BuildId: d49f65bc9b9c43666d803668b3fdf30d) (load bias 0x1000)
+    f0396000-f0396fff r--      a000      1000  /vendor/lib/libcodec2_mtk_c2store.so (BuildId: d49f65bc9b9c43666d803668b3fdf30d) (load bias 0x1000)
+    f0397000-f0397fff rw-      a000      1000  /vendor/lib/libcodec2_mtk_c2store.so (BuildId: d49f65bc9b9c43666d803668b3fdf30d) (load bias 0x1000)
+    f03db000-f03dffff r--         0      5000  /vendor/lib/libged.so (BuildId: 7aa62de899bdfe3c7fcf713cbf3fe1e6) (load bias 0x1000)
+    f03e0000-f03e7fff r-x      4000      8000  /vendor/lib/libged.so (BuildId: 7aa62de899bdfe3c7fcf713cbf3fe1e6) (load bias 0x1000)
+    f03e8000-f03e8fff r--      b000      1000  /vendor/lib/libged.so (BuildId: 7aa62de899bdfe3c7fcf713cbf3fe1e6) (load bias 0x1000)
+    f03e9000-f03e9fff rw-      b000      1000  /vendor/lib/libged.so (BuildId: 7aa62de899bdfe3c7fcf713cbf3fe1e6) (load bias 0x1000)
+    f03ea000-f03eafff rw-         0      1000  [anon:.bss]
+    f0409000-f0409fff r--         0      1000  /apex/com.android.runtime/lib/bionic/libdl.so (BuildId: 63546a18da41b6c5e841b99b30ec4228) (load bias 0x1000)
+    f040a000-f040afff r-x         0      1000  /apex/com.android.runtime/lib/bionic/libdl.so (BuildId: 63546a18da41b6c5e841b99b30ec4228) (load bias 0x1000)
+    f040b000-f040bfff r--         0      1000  /apex/com.android.runtime/lib/bionic/libdl.so (BuildId: 63546a18da41b6c5e841b99b30ec4228) (load bias 0x1000)
+    f040c000-f040cfff ---         0      1000
+    f040d000-f040dfff r--         0      1000  [anon:.bss]
+    f0469000-f046afff r--         0      2000  /apex/com.android.vndk.v31/lib/libcap.so (BuildId: d53347c9cf06c4a6ebca59fb2c38b071) (load bias 0x1000)
+    f046b000-f046efff r-x      1000      4000  /apex/com.android.vndk.v31/lib/libcap.so (BuildId: d53347c9cf06c4a6ebca59fb2c38b071) (load bias 0x1000)
+    f046f000-f046ffff r--      4000      1000  /apex/com.android.vndk.v31/lib/libcap.so (BuildId: d53347c9cf06c4a6ebca59fb2c38b071) (load bias 0x1000)
+    f0470000-f0470fff rw-      4000      1000  /apex/com.android.vndk.v31/lib/libcap.so (BuildId: d53347c9cf06c4a6ebca59fb2c38b071) (load bias 0x1000)
+    f04a3000-f04abfff r--         0      9000  /system/lib/libutils.so (BuildId: 32b80ccb1972fc1d4674ac2cb7671100) (load bias 0x1000)
+    f04ac000-f04b5fff r-x      8000      a000  /system/lib/libutils.so (BuildId: 32b80ccb1972fc1d4674ac2cb7671100) (load bias 0x1000)
+    f04b6000-f04b6fff r--     11000      1000  /system/lib/libutils.so (BuildId: 32b80ccb1972fc1d4674ac2cb7671100) (load bias 0x1000)
+    f04b7000-f04b7fff rw-     11000      1000  /system/lib/libutils.so (BuildId: 32b80ccb1972fc1d4674ac2cb7671100) (load bias 0x1000)
+    f04cc000-f04ccfff r--         0      1000  /vendor/lib/libhwbinder.so (BuildId: b7c3a56f256871cfe83e11ce7b22d82b) (load bias 0x1000)
+    f04cd000-f04cdfff r-x         0      1000  /vendor/lib/libhwbinder.so (BuildId: b7c3a56f256871cfe83e11ce7b22d82b) (load bias 0x1000)
+    f04ce000-f04cefff r--         0      1000  /vendor/lib/libhwbinder.so (BuildId: b7c3a56f256871cfe83e11ce7b22d82b) (load bias 0x1000)
+    f04d2000-f0535fff rw-         0     64000  [anon:linker_alloc]
+    f0536000-f0550fff r--         0     1b000  /vendor/lib/libcodec2_mtk_vdec.so (BuildId: 27b2bf5d7a6d3ea2918241b56c135bcd) (load bias 0x1000)
+    f0551000-f05f3fff r-x     1a000     a3000  /vendor/lib/libcodec2_mtk_vdec.so (BuildId: 27b2bf5d7a6d3ea2918241b56c135bcd) (load bias 0x1000)
+    f05f4000-f05f9fff r--     bc000      6000  /vendor/lib/libcodec2_mtk_vdec.so (BuildId: 27b2bf5d7a6d3ea2918241b56c135bcd) (load bias 0x1000)
+    f05fa000-f05fafff rw-     c1000      1000  /vendor/lib/libcodec2_mtk_vdec.so (BuildId: 27b2bf5d7a6d3ea2918241b56c135bcd) (load bias 0x1000)
+    f0618000-f0618fff r--         0      1000  /system/lib/libvndksupport.so (BuildId: eaf42f51aacaeb07eed2148794ac77bf) (load bias 0x1000)
+    f0619000-f0619fff r-x         0      1000  /system/lib/libvndksupport.so (BuildId: eaf42f51aacaeb07eed2148794ac77bf) (load bias 0x1000)
+    f061a000-f061afff r--         0      1000  /system/lib/libvndksupport.so (BuildId: eaf42f51aacaeb07eed2148794ac77bf) (load bias 0x1000)
+    f061b000-f061bfff rw-         0      1000  /system/lib/libvndksupport.so (BuildId: eaf42f51aacaeb07eed2148794ac77bf) (load bias 0x1000)
+    f0641000-f0641fff r--         0      1000  /vendor/lib/libcodec2_vpp_qt_plugin.so (BuildId: 6d21c8326db0e5c91570fce793cbabb7) (load bias 0x1000)
+    f0642000-f0643fff r-x         0      2000  /vendor/lib/libcodec2_vpp_qt_plugin.so (BuildId: 6d21c8326db0e5c91570fce793cbabb7) (load bias 0x1000)
+    f0644000-f0644fff r--      1000      1000  /vendor/lib/libcodec2_vpp_qt_plugin.so (BuildId: 6d21c8326db0e5c91570fce793cbabb7) (load bias 0x1000)
+    f0693000-f0693fff r--         0      1000  /apex/com.android.vndk.v31/lib/libhardware.so (BuildId: 173fed737b56de17d76c089e26aec941) (load bias 0x1000)
+    f0694000-f0694fff r-x         0      1000  /apex/com.android.vndk.v31/lib/libhardware.so (BuildId: 173fed737b56de17d76c089e26aec941) (load bias 0x1000)
+    f0695000-f0695fff r--         0      1000  /apex/com.android.vndk.v31/lib/libhardware.so (BuildId: 173fed737b56de17d76c089e26aec941) (load bias 0x1000)
+    f06d6000-f06d6fff r--         0      1000  /system/lib/libcgrouprc.so (BuildId: d817d4194366dd20322f705c40bcd322) (load bias 0x1000)
+    f06d7000-f06d8fff r-x         0      2000  /system/lib/libcgrouprc.so (BuildId: d817d4194366dd20322f705c40bcd322) (load bias 0x1000)
+    f06d9000-f06d9fff r--      1000      1000  /system/lib/libcgrouprc.so (BuildId: d817d4194366dd20322f705c40bcd322) (load bias 0x1000)
+    f06da000-f06dafff rw-      1000      1000  /system/lib/libcgrouprc.so (BuildId: d817d4194366dd20322f705c40bcd322) (load bias 0x1000)
+    f070a000-f070afff r--         0      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.common@1.2.so (BuildId: 1563ce55a8657c24f6e7ee82ece8888c) (load bias 0x1000)
+    f070b000-f070bfff r-x         0      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.common@1.2.so (BuildId: 1563ce55a8657c24f6e7ee82ece8888c) (load bias 0x1000)
+    f070c000-f070cfff r--         0      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.common@1.2.so (BuildId: 1563ce55a8657c24f6e7ee82ece8888c) (load bias 0x1000)
+    f0743000-f0761fff r--         0     1f000  /system/lib/libunwindstack.so (BuildId: 52d4ab661da46a0fab1c998e876c021a) (load bias 0x1000)
+    f0762000-f07a2fff r-x     1e000     41000  /system/lib/libunwindstack.so (BuildId: 52d4ab661da46a0fab1c998e876c021a) (load bias 0x1000)
+    f07a3000-f07a5fff r--     5e000      3000  /system/lib/libunwindstack.so (BuildId: 52d4ab661da46a0fab1c998e876c021a) (load bias 0x1000)
+    f07a6000-f07a6fff rw-     60000      1000  /system/lib/libunwindstack.so (BuildId: 52d4ab661da46a0fab1c998e876c021a) (load bias 0x1000)
+    f07c5000-f07cefff r--         0      a000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.mapper@4.0.so (BuildId: 0ab509a8c4ba62e9325fba673a88a956) (load bias 0x1000)
+    f07cf000-f07d9fff r-x      9000      b000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.mapper@4.0.so (BuildId: 0ab509a8c4ba62e9325fba673a88a956) (load bias 0x1000)
+    f07da000-f07dafff r--     13000      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.mapper@4.0.so (BuildId: 0ab509a8c4ba62e9325fba673a88a956) (load bias 0x1000)
+    f07db000-f07dbfff rw-     13000      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.mapper@4.0.so (BuildId: 0ab509a8c4ba62e9325fba673a88a956) (load bias 0x1000)
+    f081f000-f081ffff r--         0      1000  /system/lib/libandroid_runtime_lazy.so (BuildId: 5711bc078aed0ab14530690e901ca890) (load bias 0x1000)
+    f0820000-f0820fff r-x         0      1000  /system/lib/libandroid_runtime_lazy.so (BuildId: 5711bc078aed0ab14530690e901ca890) (load bias 0x1000)
+    f0821000-f0821fff r--         0      1000  /system/lib/libandroid_runtime_lazy.so (BuildId: 5711bc078aed0ab14530690e901ca890) (load bias 0x1000)
+    f0822000-f0822fff rw-         0      1000  /system/lib/libandroid_runtime_lazy.so (BuildId: 5711bc078aed0ab14530690e901ca890) (load bias 0x1000)
+    f086c000-f08a5fff r--         0     3a000  /vendor/lib/mt6785/libdpframework.so (BuildId: 16f7f5c344b9f4c715cf1b5f47531f80) (load bias 0x1000)
+    f08a6000-f0962fff r-x     39000     bd000  /vendor/lib/mt6785/libdpframework.so (BuildId: 16f7f5c344b9f4c715cf1b5f47531f80) (load bias 0x1000)
+    f0963000-f0965fff r--     f5000      3000  /vendor/lib/mt6785/libdpframework.so (BuildId: 16f7f5c344b9f4c715cf1b5f47531f80) (load bias 0x1000)
+    f0966000-f0966fff rw-     f7000      1000  /vendor/lib/mt6785/libdpframework.so (BuildId: 16f7f5c344b9f4c715cf1b5f47531f80) (load bias 0x1000)
+    f0967000-f0970fff rw-         0      a000  [anon:.bss]
+    f0998000-f0998fff r--         0      1000  /system/lib/libnativeloader_lazy.so (BuildId: 02ecfe605a095c97c3ac0b9e6013a6f8) (load bias 0x1000)
+    f0999000-f0999fff r-x         0      1000  /system/lib/libnativeloader_lazy.so (BuildId: 02ecfe605a095c97c3ac0b9e6013a6f8) (load bias 0x1000)
+    f099a000-f099afff r--         0      1000  /system/lib/libnativeloader_lazy.so (BuildId: 02ecfe605a095c97c3ac0b9e6013a6f8) (load bias 0x1000)
+    f099b000-f099bfff rw-         0      1000  /system/lib/libnativeloader_lazy.so (BuildId: 02ecfe605a095c97c3ac0b9e6013a6f8) (load bias 0x1000)
+    f09c1000-f09c6fff r--         0      6000  /system/lib/libdmabufheap.so (BuildId: 36d27745e31462131db5b1beddd9b754) (load bias 0x1000)
+    f09c7000-f09cefff r-x      5000      8000  /system/lib/libdmabufheap.so (BuildId: 36d27745e31462131db5b1beddd9b754) (load bias 0x1000)
+    f09cf000-f09d0fff r--      c000      2000  /system/lib/libdmabufheap.so (BuildId: 36d27745e31462131db5b1beddd9b754) (load bias 0x1000)
+    f09d1000-f09d1fff rw-      d000      1000  /system/lib/libdmabufheap.so (BuildId: 36d27745e31462131db5b1beddd9b754) (load bias 0x1000)
+    f0a32000-f0a32fff r--         0      1000  /apex/com.android.vndk.v31/lib/android.hidl.token@1.0-utils.so (BuildId: 11557b980fb81122769a51c74233c262) (load bias 0x1000)
+    f0a33000-f0a34fff r-x         0      2000  /apex/com.android.vndk.v31/lib/android.hidl.token@1.0-utils.so (BuildId: 11557b980fb81122769a51c74233c262) (load bias 0x1000)
+    f0a35000-f0a35fff r--      1000      1000  /apex/com.android.vndk.v31/lib/android.hidl.token@1.0-utils.so (BuildId: 11557b980fb81122769a51c74233c262) (load bias 0x1000)
+    f0a36000-f0a36fff rw-      1000      1000  /apex/com.android.vndk.v31/lib/android.hidl.token@1.0-utils.so (BuildId: 11557b980fb81122769a51c74233c262) (load bias 0x1000)
+    f0a59000-f0a66fff r--         0      e000  /apex/com.android.vndk.v31/lib/libstagefright_foundation.so (BuildId: 855584cfc266442e6cd47e4665f4b072) (load bias 0x1000)
+    f0a67000-f0a75fff r-x      d000      f000  /apex/com.android.vndk.v31/lib/libstagefright_foundation.so (BuildId: 855584cfc266442e6cd47e4665f4b072) (load bias 0x1000)
+    f0a76000-f0a77fff r--     1b000      2000  /apex/com.android.vndk.v31/lib/libstagefright_foundation.so (BuildId: 855584cfc266442e6cd47e4665f4b072) (load bias 0x1000)
+    f0a78000-f0a78fff rw-     1c000      1000  /apex/com.android.vndk.v31/lib/libstagefright_foundation.so (BuildId: 855584cfc266442e6cd47e4665f4b072) (load bias 0x1000)
+    f0a84000-f0a84fff r--         0      1000  /system/lib/libsync.so (BuildId: 3052b35194b382c39f269902180cc23c) (load bias 0x1000)
+    f0a85000-f0a85fff r-x         0      1000  /system/lib/libsync.so (BuildId: 3052b35194b382c39f269902180cc23c) (load bias 0x1000)
+    f0a86000-f0a86fff r--         0      1000  /system/lib/libsync.so (BuildId: 3052b35194b382c39f269902180cc23c) (load bias 0x1000)
+    f0a87000-f0a87fff rw-         0      1000  /system/lib/libsync.so (BuildId: 3052b35194b382c39f269902180cc23c) (load bias 0x1000)
+    f0adf000-f0aecfff r--         0      e000  /apex/com.android.vndk.v31/lib/libminijail.so (BuildId: 9b1b4e90dc9d48359039581e34596a54) (load bias 0x1000)
+    f0aed000-f0af5fff r-x      d000      9000  /apex/com.android.vndk.v31/lib/libminijail.so (BuildId: 9b1b4e90dc9d48359039581e34596a54) (load bias 0x1000)
+    f0af6000-f0afbfff r--     15000      6000  /apex/com.android.vndk.v31/lib/libminijail.so (BuildId: 9b1b4e90dc9d48359039581e34596a54) (load bias 0x1000)
+    f0afc000-f0afcfff rw-     1a000      1000  /apex/com.android.vndk.v31/lib/libminijail.so (BuildId: 9b1b4e90dc9d48359039581e34596a54) (load bias 0x1000)
+    f0b20000-f0b20fff r--         0      1000  /system/lib/android.hardware.graphics.common@1.1.so (BuildId: bfd6ed96e452b60795fc1964758ed346) (load bias 0x1000)
+    f0b21000-f0b21fff r-x         0      1000  /system/lib/android.hardware.graphics.common@1.1.so (BuildId: bfd6ed96e452b60795fc1964758ed346) (load bias 0x1000)
+    f0b22000-f0b22fff r--         0      1000  /system/lib/android.hardware.graphics.common@1.1.so (BuildId: bfd6ed96e452b60795fc1964758ed346) (load bias 0x1000)
+    f0b70000-f0b75fff r--         0      6000  /system/lib/libgralloctypes.so (BuildId: dcdab6c7c2ffb18aaccacd051edbab3a) (load bias 0x1000)
+    f0b76000-f0b7cfff r-x      5000      7000  /system/lib/libgralloctypes.so (BuildId: dcdab6c7c2ffb18aaccacd051edbab3a) (load bias 0x1000)
+    f0b7d000-f0b7dfff r--      b000      1000  /system/lib/libgralloctypes.so (BuildId: dcdab6c7c2ffb18aaccacd051edbab3a) (load bias 0x1000)
+    f0b7e000-f0b7efff rw-      b000      1000  /system/lib/libgralloctypes.so (BuildId: dcdab6c7c2ffb18aaccacd051edbab3a) (load bias 0x1000)
+    f0b7f000-f0b7ffff rw-         0      1000  [anon:.bss]
+    f0b96000-f0b9bfff r--         0      6000  /system/lib/libbinder_ndk.so (BuildId: 709e4c8dfe5a260ea2685814c8e43ce3) (load bias 0x1000)
+    f0b9c000-f0ba2fff r-x      5000      7000  /system/lib/libbinder_ndk.so (BuildId: 709e4c8dfe5a260ea2685814c8e43ce3) (load bias 0x1000)
+    f0ba3000-f0ba4fff r--      b000      2000  /system/lib/libbinder_ndk.so (BuildId: 709e4c8dfe5a260ea2685814c8e43ce3) (load bias 0x1000)
+    f0ba5000-f0ba5fff rw-      c000      1000  /system/lib/libbinder_ndk.so (BuildId: 709e4c8dfe5a260ea2685814c8e43ce3) (load bias 0x1000)
+    f0bc0000-f0bc1fff r--         0      2000  /system/lib/android.hardware.graphics.common-V2-ndk_platform.so (BuildId: 59036969c5d3603ec08df4b76f13b742) (load bias 0x1000)
+    f0bc2000-f0bc3fff r-x      1000      2000  /system/lib/android.hardware.graphics.common-V2-ndk_platform.so (BuildId: 59036969c5d3603ec08df4b76f13b742) (load bias 0x1000)
+    f0bc4000-f0bc4fff r--      2000      1000  /system/lib/android.hardware.graphics.common-V2-ndk_platform.so (BuildId: 59036969c5d3603ec08df4b76f13b742) (load bias 0x1000)
+    f0bc5000-f0bc5fff rw-      2000      1000  /system/lib/android.hardware.graphics.common-V2-ndk_platform.so (BuildId: 59036969c5d3603ec08df4b76f13b742) (load bias 0x1000)
+    f0c1e000-f0c27fff r--         0      a000  /apex/com.android.vndk.v31/lib/android.hidl.memory@1.0.so (BuildId: 103536444c111e54c4e983ccad43c256) (load bias 0x1000)
+    f0c28000-f0c31fff r-x      9000      a000  /apex/com.android.vndk.v31/lib/android.hidl.memory@1.0.so (BuildId: 103536444c111e54c4e983ccad43c256) (load bias 0x1000)
+    f0c32000-f0c33fff r--     12000      2000  /apex/com.android.vndk.v31/lib/android.hidl.memory@1.0.so (BuildId: 103536444c111e54c4e983ccad43c256) (load bias 0x1000)
+    f0c34000-f0c34fff rw-     13000      1000  /apex/com.android.vndk.v31/lib/android.hidl.memory@1.0.so (BuildId: 103536444c111e54c4e983ccad43c256) (load bias 0x1000)
+    f0c68000-f0c82fff r--         0     1b000  /apex/com.android.vndk.v31/lib/android.hardware.media.omx@1.0.so (BuildId: a0667cb7857e3661b155c8b1c666b038) (load bias 0x1000)
+    f0c83000-f0ca6fff r-x     1a000     24000  /apex/com.android.vndk.v31/lib/android.hardware.media.omx@1.0.so (BuildId: a0667cb7857e3661b155c8b1c666b038) (load bias 0x1000)
+    f0ca7000-f0cabfff r--     3d000      5000  /apex/com.android.vndk.v31/lib/android.hardware.media.omx@1.0.so (BuildId: a0667cb7857e3661b155c8b1c666b038) (load bias 0x1000)
+    f0cac000-f0cacfff rw-     41000      1000  /apex/com.android.vndk.v31/lib/android.hardware.media.omx@1.0.so (BuildId: a0667cb7857e3661b155c8b1c666b038) (load bias 0x1000)
+    f0ceb000-f0cf3fff r--         0      9000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.mapper@3.0.so (BuildId: 9507e56e1e5de7206eaa97a371aa7bfc) (load bias 0x1000)
+    f0cf4000-f0cfafff r-x      8000      7000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.mapper@3.0.so (BuildId: 9507e56e1e5de7206eaa97a371aa7bfc) (load bias 0x1000)
+    f0cfb000-f0cfcfff r--      e000      2000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.mapper@3.0.so (BuildId: 9507e56e1e5de7206eaa97a371aa7bfc) (load bias 0x1000)
+    f0cfd000-f0cfdfff rw-      f000      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.mapper@3.0.so (BuildId: 9507e56e1e5de7206eaa97a371aa7bfc) (load bias 0x1000)
+    f0d02000-f0d30fff r--         0     2f000  /apex/com.android.vndk.v31/lib/libhidlbase.so (BuildId: 50f50cc38a6cdc062be70a1bbbb0bad1) (load bias 0x1000)
+    f0d31000-f0d71fff r-x     2e000     41000  /apex/com.android.vndk.v31/lib/libhidlbase.so (BuildId: 50f50cc38a6cdc062be70a1bbbb0bad1) (load bias 0x1000)
+    f0d72000-f0d77fff r--     6e000      6000  /apex/com.android.vndk.v31/lib/libhidlbase.so (BuildId: 50f50cc38a6cdc062be70a1bbbb0bad1) (load bias 0x1000)
+    f0d78000-f0d78fff rw-     73000      1000  /apex/com.android.vndk.v31/lib/libhidlbase.so (BuildId: 50f50cc38a6cdc062be70a1bbbb0bad1) (load bias 0x1000)
+    f0d80000-f0d86fff r--         0      7000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.allocator@4.0.so (BuildId: d65303a62cdfc79c178c1d1dad4edc38) (load bias 0x1000)
+    f0d87000-f0d8cfff r-x      6000      6000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.allocator@4.0.so (BuildId: d65303a62cdfc79c178c1d1dad4edc38) (load bias 0x1000)
+    f0d8d000-f0d8dfff r--      b000      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.allocator@4.0.so (BuildId: d65303a62cdfc79c178c1d1dad4edc38) (load bias 0x1000)
+    f0d8e000-f0d8efff rw-      b000      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.allocator@4.0.so (BuildId: d65303a62cdfc79c178c1d1dad4edc38) (load bias 0x1000)
+    f0dc6000-f0de0fff r--         0     1b000  /system/lib/libui.so (BuildId: bc002a1e36a3b21a6290509b34b72e43) (load bias 0x1000)
+    f0de1000-f0dfafff r-x     1a000     1a000  /system/lib/libui.so (BuildId: bc002a1e36a3b21a6290509b34b72e43) (load bias 0x1000)
+    f0dfb000-f0dfcfff r--     33000      2000  /system/lib/libui.so (BuildId: bc002a1e36a3b21a6290509b34b72e43) (load bias 0x1000)
+    f0dfd000-f0dfdfff rw-     34000      1000  /system/lib/libui.so (BuildId: bc002a1e36a3b21a6290509b34b72e43) (load bias 0x1000)
+    f0dfe000-f0dfffff rw-         0      2000  [anon:.bss]
+    f0e29000-f0e29fff r--         0      1000  /vendor/lib/libavservices_minijail_vendor.so (BuildId: 90984a862fb24c970398e435cfaa52d6) (load bias 0x1000)
+    f0e2a000-f0e2bfff r-x         0      2000  /vendor/lib/libavservices_minijail_vendor.so (BuildId: 90984a862fb24c970398e435cfaa52d6) (load bias 0x1000)
+    f0e2c000-f0e2cfff r--      1000      1000  /vendor/lib/libavservices_minijail_vendor.so (BuildId: 90984a862fb24c970398e435cfaa52d6) (load bias 0x1000)
+    f0e49000-f0e5ffff r--         0     17000  /apex/com.android.vndk.v31/lib/libstagefright_bufferqueue_helper.so (BuildId: d8f0aa4644493ed3f4016de6a8e65b57) (load bias 0x1000)
+    f0e60000-f0e79fff r-x     16000     1a000  /apex/com.android.vndk.v31/lib/libstagefright_bufferqueue_helper.so (BuildId: d8f0aa4644493ed3f4016de6a8e65b57) (load bias 0x1000)
+    f0e7a000-f0e7bfff r--     2f000      2000  /apex/com.android.vndk.v31/lib/libstagefright_bufferqueue_helper.so (BuildId: d8f0aa4644493ed3f4016de6a8e65b57) (load bias 0x1000)
+    f0e7c000-f0e7cfff rw-     30000      1000  /apex/com.android.vndk.v31/lib/libstagefright_bufferqueue_helper.so (BuildId: d8f0aa4644493ed3f4016de6a8e65b57) (load bias 0x1000)
+    f0e90000-f0e90fff r--         0      1000  /apex/com.android.runtime/lib/bionic/libdl_android.so (BuildId: 4feb419626be6300efdf3fe134d0e343) (load bias 0x1000)
+    f0e91000-f0e91fff r-x         0      1000  /apex/com.android.runtime/lib/bionic/libdl_android.so (BuildId: 4feb419626be6300efdf3fe134d0e343) (load bias 0x1000)
+    f0e92000-f0e92fff r--         0      1000  /apex/com.android.runtime/lib/bionic/libdl_android.so (BuildId: 4feb419626be6300efdf3fe134d0e343) (load bias 0x1000)
+    f0ec6000-f0ecbfff r--         0      6000  /system/lib/libbacktrace.so (BuildId: d73074cfc1f46e1eb37d368ef6501137) (load bias 0x1000)
+    f0ecc000-f0edefff r-x      5000     13000  /system/lib/libbacktrace.so (BuildId: d73074cfc1f46e1eb37d368ef6501137) (load bias 0x1000)
+    f0edf000-f0ee0fff r--     17000      2000  /system/lib/libbacktrace.so (BuildId: d73074cfc1f46e1eb37d368ef6501137) (load bias 0x1000)
+    f0ee1000-f0ee1fff rw-     18000      1000  /system/lib/libbacktrace.so (BuildId: d73074cfc1f46e1eb37d368ef6501137) (load bias 0x1000)
+    f0f05000-f0f0afff r--         0      6000  /apex/com.android.vndk.v31/lib/libbacktrace.so (BuildId: 05c52eac8be1ded3bdc57feccbc824c8) (load bias 0x1000)
+    f0f0b000-f0f1dfff r-x      5000     13000  /apex/com.android.vndk.v31/lib/libbacktrace.so (BuildId: 05c52eac8be1ded3bdc57feccbc824c8) (load bias 0x1000)
+    f0f1e000-f0f1ffff r--     17000      2000  /apex/com.android.vndk.v31/lib/libbacktrace.so (BuildId: 05c52eac8be1ded3bdc57feccbc824c8) (load bias 0x1000)
+    f0f20000-f0f20fff rw-     18000      1000  /apex/com.android.vndk.v31/lib/libbacktrace.so (BuildId: 05c52eac8be1ded3bdc57feccbc824c8) (load bias 0x1000)
+    f0f45000-f0f77fff r--         0     33000  /system/lib/libc++.so (BuildId: 3fa832c317b4e924cf0d0a5779adb44a) (load bias 0x1000)
+    f0f78000-f0fb6fff r-x     32000     3f000  /system/lib/libc++.so (BuildId: 3fa832c317b4e924cf0d0a5779adb44a) (load bias 0x1000)
+    f0fb7000-f0fbafff r--     70000      4000  /system/lib/libc++.so (BuildId: 3fa832c317b4e924cf0d0a5779adb44a) (load bias 0x1000)
+    f0fbb000-f0fbbfff rw-     73000      1000  /system/lib/libc++.so (BuildId: 3fa832c317b4e924cf0d0a5779adb44a) (load bias 0x1000)
+    f0fbc000-f0fbcfff rw-         0      1000  [anon:.bss]
+    f0fc5000-f0fcefff r--         0      a000  /system/lib/android.hardware.configstore@1.1.so (BuildId: 868af8878e0d3f261a633df589d2e1a0) (load bias 0x1000)
+    f0fcf000-f0fd5fff r-x      9000      7000  /system/lib/android.hardware.configstore@1.1.so (BuildId: 868af8878e0d3f261a633df589d2e1a0) (load bias 0x1000)
+    f0fd6000-f0fd6fff r--      f000      1000  /system/lib/android.hardware.configstore@1.1.so (BuildId: 868af8878e0d3f261a633df589d2e1a0) (load bias 0x1000)
+    f0fd7000-f0fd7fff rw-      f000      1000  /system/lib/android.hardware.configstore@1.1.so (BuildId: 868af8878e0d3f261a633df589d2e1a0) (load bias 0x1000)
+    f101e000-f1020fff r--         0      3000  /vendor/lib/libcodec2_hidl_plugin.so (BuildId: aa7fdbbd510c1c7e9f0448513c976f7e) (load bias 0x1000)
+    f1021000-f1029fff r-x      2000      9000  /vendor/lib/libcodec2_hidl_plugin.so (BuildId: aa7fdbbd510c1c7e9f0448513c976f7e) (load bias 0x1000)
+    f102a000-f102afff r--      a000      1000  /vendor/lib/libcodec2_hidl_plugin.so (BuildId: aa7fdbbd510c1c7e9f0448513c976f7e) (load bias 0x1000)
+    f1061000-f1062fff r--         0      2000  /vendor/lib/libladder.so (BuildId: 4945bd755b414cbd71459db0449c96a9) (load bias 0x1000)
+    f1063000-f1064fff r-x      1000      2000  /vendor/lib/libladder.so (BuildId: 4945bd755b414cbd71459db0449c96a9) (load bias 0x1000)
+    f1065000-f1065fff r--      2000      1000  /vendor/lib/libladder.so (BuildId: 4945bd755b414cbd71459db0449c96a9) (load bias 0x1000)
+    f1066000-f1066fff rw-      2000      1000  /vendor/lib/libladder.so (BuildId: 4945bd755b414cbd71459db0449c96a9) (load bias 0x1000)
+    f10a5000-f10adfff r--         0      9000  /system/lib/android.hardware.graphics.mapper@2.1.so (BuildId: 26ff3d3ef9c03edb1ada0881769718fc) (load bias 0x1000)
+    f10ae000-f10b3fff r-x      8000      6000  /system/lib/android.hardware.graphics.mapper@2.1.so (BuildId: 26ff3d3ef9c03edb1ada0881769718fc) (load bias 0x1000)
+    f10b4000-f10b5fff r--      d000      2000  /system/lib/android.hardware.graphics.mapper@2.1.so (BuildId: 26ff3d3ef9c03edb1ada0881769718fc) (load bias 0x1000)
+    f10b6000-f10b6fff rw-      e000      1000  /system/lib/android.hardware.graphics.mapper@2.1.so (BuildId: 26ff3d3ef9c03edb1ada0881769718fc) (load bias 0x1000)
+    f10cb000-f10cbfff r--         0      1000  /vendor/lib/libgralloc_extra.so (BuildId: 2ea61a840bf2a980b2b4b1ef16bf53c9) (load bias 0x1000)
+    f10cc000-f10cffff r-x         0      4000  /vendor/lib/libgralloc_extra.so (BuildId: 2ea61a840bf2a980b2b4b1ef16bf53c9) (load bias 0x1000)
+    f10d0000-f10d0fff r--      3000      1000  /vendor/lib/libgralloc_extra.so (BuildId: 2ea61a840bf2a980b2b4b1ef16bf53c9) (load bias 0x1000)
+    f10d1000-f10d1fff rw-      3000      1000  /vendor/lib/libgralloc_extra.so (BuildId: 2ea61a840bf2a980b2b4b1ef16bf53c9) (load bias 0x1000)
+    f110e000-f1117fff r--         0      a000  /vendor/lib/libcodec2_hidl@1.2.so (BuildId: 5d44590e71aebaeaad739febea0103e9) (load bias 0x1000)
+    f1118000-f1121fff r-x      9000      a000  /vendor/lib/libcodec2_hidl@1.2.so (BuildId: 5d44590e71aebaeaad739febea0103e9) (load bias 0x1000)
+    f1122000-f1122fff r--     12000      1000  /vendor/lib/libcodec2_hidl@1.2.so (BuildId: 5d44590e71aebaeaad739febea0103e9) (load bias 0x1000)
+    f1123000-f1123fff rw-     12000      1000  /vendor/lib/libcodec2_hidl@1.2.so (BuildId: 5d44590e71aebaeaad739febea0103e9) (load bias 0x1000)
+    f1159000-f1167fff r--         0      f000  /apex/com.android.vndk.v31/lib/android.hardware.media.bufferpool@2.0.so (BuildId: 4429de32da7357bdabd96500ec34f019) (load bias 0x1000)
+    f1168000-f1177fff r-x      e000     10000  /apex/com.android.vndk.v31/lib/android.hardware.media.bufferpool@2.0.so (BuildId: 4429de32da7357bdabd96500ec34f019) (load bias 0x1000)
+    f1178000-f117bfff r--     1d000      4000  /apex/com.android.vndk.v31/lib/android.hardware.media.bufferpool@2.0.so (BuildId: 4429de32da7357bdabd96500ec34f019) (load bias 0x1000)
+    f117c000-f117cfff rw-     20000      1000  /apex/com.android.vndk.v31/lib/android.hardware.media.bufferpool@2.0.so (BuildId: 4429de32da7357bdabd96500ec34f019) (load bias 0x1000)
+    f11ab000-f11abfff r--         0      1000  /apex/com.android.vndk.v31/lib/android.hardware.media@1.0.so (BuildId: 5dfb13a1b4c49c5281dfc0e5e402882b) (load bias 0x1000)
+    f11ac000-f11acfff r-x         0      1000  /apex/com.android.vndk.v31/lib/android.hardware.media@1.0.so (BuildId: 5dfb13a1b4c49c5281dfc0e5e402882b) (load bias 0x1000)
+    f11ad000-f11adfff r--         0      1000  /apex/com.android.vndk.v31/lib/android.hardware.media@1.0.so (BuildId: 5dfb13a1b4c49c5281dfc0e5e402882b) (load bias 0x1000)
+    f11c2000-f11c2fff r--         0      1000  /system/lib/libgralloc_extra_sys.so (BuildId: cb2f5d0304cb8a3d45ed05567bf8a65b) (load bias 0x1000)
+    f11c3000-f11c4fff r-x         0      2000  /system/lib/libgralloc_extra_sys.so (BuildId: cb2f5d0304cb8a3d45ed05567bf8a65b) (load bias 0x1000)
+    f11c5000-f11c5fff r--      1000      1000  /system/lib/libgralloc_extra_sys.so (BuildId: cb2f5d0304cb8a3d45ed05567bf8a65b) (load bias 0x1000)
+    f11c6000-f11c6fff rw-      1000      1000  /system/lib/libgralloc_extra_sys.so (BuildId: cb2f5d0304cb8a3d45ed05567bf8a65b) (load bias 0x1000)
+    f1201000-f1231fff r--         0     31000  /vendor/lib/libcodec2_vndk.so (BuildId: c379917546800a010bb9013f5446ad06) (load bias 0x1000)
+    f1232000-f1273fff r-x     30000     42000  /vendor/lib/libcodec2_vndk.so (BuildId: c379917546800a010bb9013f5446ad06) (load bias 0x1000)
+    f1274000-f1276fff r--     71000      3000  /vendor/lib/libcodec2_vndk.so (BuildId: c379917546800a010bb9013f5446ad06) (load bias 0x1000)
+    f1277000-f1277fff rw-     73000      1000  /vendor/lib/libcodec2_vndk.so (BuildId: c379917546800a010bb9013f5446ad06) (load bias 0x1000)
+    f129d000-f12a5fff r--         0      9000  /vendor/lib/libformatter.so (BuildId: cf5efaad0b100dd3ee1df60ab27545d4) (load bias 0x1000)
+    f12a6000-f12b7fff r-x      8000     12000  /vendor/lib/libformatter.so (BuildId: cf5efaad0b100dd3ee1df60ab27545d4) (load bias 0x1000)
+    f12b8000-f12b8fff r--     19000      1000  /vendor/lib/libformatter.so (BuildId: cf5efaad0b100dd3ee1df60ab27545d4) (load bias 0x1000)
+    f12b9000-f12b9fff rw-     19000      1000  /vendor/lib/libformatter.so (BuildId: cf5efaad0b100dd3ee1df60ab27545d4) (load bias 0x1000)
+    f12ec000-f12ecfff r--         0      1000  /vendor/lib/libcodec2_vpp_rs_plugin.so (BuildId: f24275b8a9d211e4f110719378751e44) (load bias 0x1000)
+    f12ed000-f12eefff r-x         0      2000  /vendor/lib/libcodec2_vpp_rs_plugin.so (BuildId: f24275b8a9d211e4f110719378751e44) (load bias 0x1000)
+    f12ef000-f12effff r--      1000      1000  /vendor/lib/libcodec2_vpp_rs_plugin.so (BuildId: f24275b8a9d211e4f110719378751e44) (load bias 0x1000)
+    f130b000-f131efff r--         0     14000  /vendor/lib/libcodec2_hidl@1.0.so (BuildId: bf14d41fed7e1a61dac9101f5957fa82) (load bias 0x1000)
+    f131f000-f1338fff r-x     13000     1a000  /vendor/lib/libcodec2_hidl@1.0.so (BuildId: bf14d41fed7e1a61dac9101f5957fa82) (load bias 0x1000)
+    f1339000-f133bfff r--     2c000      3000  /vendor/lib/libcodec2_hidl@1.0.so (BuildId: bf14d41fed7e1a61dac9101f5957fa82) (load bias 0x1000)
+    f133c000-f133cfff rw-     2e000      1000  /vendor/lib/libcodec2_hidl@1.0.so (BuildId: bf14d41fed7e1a61dac9101f5957fa82) (load bias 0x1000)
+    f134e000-f134efff r--         0      1000  /vendor/lib/libfmq.so (BuildId: 48fa3a48ede37cc11701fe37dcd7dd60) (load bias 0x1000)
+    f134f000-f1351fff r-x         0      3000  /vendor/lib/libfmq.so (BuildId: 48fa3a48ede37cc11701fe37dcd7dd60) (load bias 0x1000)
+    f1352000-f1352fff r--      2000      1000  /vendor/lib/libfmq.so (BuildId: 48fa3a48ede37cc11701fe37dcd7dd60) (load bias 0x1000)
+    f1395000-f13a0fff r--         0      c000  /system/lib/libbase.so (BuildId: f0df3e21334e7c65f09a04aca7f681f9) (load bias 0x1000)
+    f13a1000-f13bdfff r-x      b000     1d000  /system/lib/libbase.so (BuildId: f0df3e21334e7c65f09a04aca7f681f9) (load bias 0x1000)
+    f13be000-f13befff r--     27000      1000  /system/lib/libbase.so (BuildId: f0df3e21334e7c65f09a04aca7f681f9) (load bias 0x1000)
+    f13bf000-f13bffff rw-     27000      1000  /system/lib/libbase.so (BuildId: f0df3e21334e7c65f09a04aca7f681f9) (load bias 0x1000)
+    f13e5000-f13e7fff r--         0      3000  /system/lib/liblog.so (BuildId: 87e72dace62234e57df1e1227bce5a6f) (load bias 0x1000)
+    f13e8000-f13effff r-x      2000      8000  /system/lib/liblog.so (BuildId: 87e72dace62234e57df1e1227bce5a6f) (load bias 0x1000)
+    f13f0000-f13f0fff r--      9000      1000  /system/lib/liblog.so (BuildId: 87e72dace62234e57df1e1227bce5a6f) (load bias 0x1000)
+    f13f1000-f13f1fff rw-      9000      1000  /system/lib/liblog.so (BuildId: 87e72dace62234e57df1e1227bce5a6f) (load bias 0x1000)
+    f1403000-f1408fff r--         0      6000  /apex/com.android.vndk.v31/lib/libgralloctypes.so (BuildId: f1b5787ad5ebfd1cdd1456b20621891d) (load bias 0x1000)
+    f1409000-f140ffff r-x      5000      7000  /apex/com.android.vndk.v31/lib/libgralloctypes.so (BuildId: f1b5787ad5ebfd1cdd1456b20621891d) (load bias 0x1000)
+    f1410000-f1410fff r--      b000      1000  /apex/com.android.vndk.v31/lib/libgralloctypes.so (BuildId: f1b5787ad5ebfd1cdd1456b20621891d) (load bias 0x1000)
+    f1411000-f1411fff rw-      b000      1000  /apex/com.android.vndk.v31/lib/libgralloctypes.so (BuildId: f1b5787ad5ebfd1cdd1456b20621891d) (load bias 0x1000)
+    f1412000-f1412fff rw-         0      1000  [anon:.bss]
+    f1445000-f1473fff r--         0     2f000  /system/lib/libhidlbase.so (BuildId: d08a58361af836ff75aa90cc31fa003e) (load bias 0x1000)
+    f1474000-f14b4fff r-x     2e000     41000  /system/lib/libhidlbase.so (BuildId: d08a58361af836ff75aa90cc31fa003e) (load bias 0x1000)
+    f14b5000-f14bafff r--     6e000      6000  /system/lib/libhidlbase.so (BuildId: d08a58361af836ff75aa90cc31fa003e) (load bias 0x1000)
+    f14bb000-f14bbfff rw-     73000      1000  /system/lib/libhidlbase.so (BuildId: d08a58361af836ff75aa90cc31fa003e) (load bias 0x1000)
+    f14c6000-f14f8fff r--         0     33000  /apex/com.android.vndk.v31/lib/libc++.so (BuildId: 9269734603b2809fe2849fcd2abf689c) (load bias 0x1000)
+    f14f9000-f1537fff r-x     32000     3f000  /apex/com.android.vndk.v31/lib/libc++.so (BuildId: 9269734603b2809fe2849fcd2abf689c) (load bias 0x1000)
+    f1538000-f153bfff r--     70000      4000  /apex/com.android.vndk.v31/lib/libc++.so (BuildId: 9269734603b2809fe2849fcd2abf689c) (load bias 0x1000)
+    f153c000-f153cfff rw-     73000      1000  /apex/com.android.vndk.v31/lib/libc++.so (BuildId: 9269734603b2809fe2849fcd2abf689c) (load bias 0x1000)
+    f153d000-f153dfff rw-         0      1000  [anon:.bss]
+    f156e000-f1574fff r--         0      7000  /apex/com.android.vndk.v31/lib/android.hidl.memory.token@1.0.so (BuildId: 4d159e0dc344fa801086ab21a7a50f38) (load bias 0x1000)
+    f1575000-f1579fff r-x      6000      5000  /apex/com.android.vndk.v31/lib/android.hidl.memory.token@1.0.so (BuildId: 4d159e0dc344fa801086ab21a7a50f38) (load bias 0x1000)
+    f157a000-f157bfff r--      a000      2000  /apex/com.android.vndk.v31/lib/android.hidl.memory.token@1.0.so (BuildId: 4d159e0dc344fa801086ab21a7a50f38) (load bias 0x1000)
+    f157c000-f157cfff rw-      b000      1000  /apex/com.android.vndk.v31/lib/android.hidl.memory.token@1.0.so (BuildId: 4d159e0dc344fa801086ab21a7a50f38) (load bias 0x1000)
+    f1580000-f1584fff rw-         0      5000  [anon:libc_malloc]
+    f158f000-f159cfff r--         0      e000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.bufferqueue@2.0.so (BuildId: 334f52f097fd3c3c0e5e239223647e3f) (load bias 0x1000)
+    f159d000-f15acfff r-x      d000     10000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.bufferqueue@2.0.so (BuildId: 334f52f097fd3c3c0e5e239223647e3f) (load bias 0x1000)
+    f15ad000-f15aefff r--     1c000      2000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.bufferqueue@2.0.so (BuildId: 334f52f097fd3c3c0e5e239223647e3f) (load bias 0x1000)
+    f15af000-f15affff rw-     1d000      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.bufferqueue@2.0.so (BuildId: 334f52f097fd3c3c0e5e239223647e3f) (load bias 0x1000)
+    f15d3000-f15d3fff r--         0      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.common@1.0.so (BuildId: b72217b6ef1130517e637ccd580b2c4f) (load bias 0x1000)
+    f15d4000-f15d4fff r-x         0      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.common@1.0.so (BuildId: b72217b6ef1130517e637ccd580b2c4f) (load bias 0x1000)
+    f15d5000-f15d5fff r--         0      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.common@1.0.so (BuildId: b72217b6ef1130517e637ccd580b2c4f) (load bias 0x1000)
+    f15d7000-f15d9fff rw-         0      3000  [anon:libc_malloc]
+    f161f000-f1627fff r--         0      9000  /apex/com.android.vndk.v31/lib/libutils.so (BuildId: 01cc528c610468531ef44927a06cdeb9) (load bias 0x1000)
+    f1628000-f1631fff r-x      8000      a000  /apex/com.android.vndk.v31/lib/libutils.so (BuildId: 01cc528c610468531ef44927a06cdeb9) (load bias 0x1000)
+    f1632000-f1632fff r--     11000      1000  /apex/com.android.vndk.v31/lib/libutils.so (BuildId: 01cc528c610468531ef44927a06cdeb9) (load bias 0x1000)
+    f1633000-f1633fff rw-     11000      1000  /apex/com.android.vndk.v31/lib/libutils.so (BuildId: 01cc528c610468531ef44927a06cdeb9) (load bias 0x1000)
+    f165b000-f165cfff r--         0      2000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.common-V2-ndk_platform.so (BuildId: 2696a119806aba230483bb259013380d) (load bias 0x1000)
+    f165d000-f165efff r-x      1000      2000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.common-V2-ndk_platform.so (BuildId: 2696a119806aba230483bb259013380d) (load bias 0x1000)
+    f165f000-f165ffff r--      2000      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.common-V2-ndk_platform.so (BuildId: 2696a119806aba230483bb259013380d) (load bias 0x1000)
+    f1660000-f1660fff rw-      2000      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.common-V2-ndk_platform.so (BuildId: 2696a119806aba230483bb259013380d) (load bias 0x1000)
+    f1661000-f1666fff rw-         0      6000  [anon:libc_malloc]
+    f16a5000-f16a9fff r--         0      5000  /system/lib/libcutils.so (BuildId: 4b492fe1ed424cc321c63f65e7fc4718) (load bias 0x1000)
+    f16aa000-f16b0fff r-x      4000      7000  /system/lib/libcutils.so (BuildId: 4b492fe1ed424cc321c63f65e7fc4718) (load bias 0x1000)
+    f16b1000-f16b2fff r--      a000      2000  /system/lib/libcutils.so (BuildId: 4b492fe1ed424cc321c63f65e7fc4718) (load bias 0x1000)
+    f16b3000-f16b3fff rw-      b000      1000  /system/lib/libcutils.so (BuildId: 4b492fe1ed424cc321c63f65e7fc4718) (load bias 0x1000)
+    f16b4000-f16b4fff rw-         0      1000  [anon:libc_malloc]
+    f16ca000-f16cafff r--         0      1000  /apex/com.android.vndk.v31/lib/android.hidl.safe_union@1.0.so (BuildId: a224ed3b39e02e3db9579fe15c0a53a9) (load bias 0x1000)
+    f16cb000-f16cbfff r-x         0      1000  /apex/com.android.vndk.v31/lib/android.hidl.safe_union@1.0.so (BuildId: a224ed3b39e02e3db9579fe15c0a53a9) (load bias 0x1000)
+    f16cc000-f16ccfff r--         0      1000  /apex/com.android.vndk.v31/lib/android.hidl.safe_union@1.0.so (BuildId: a224ed3b39e02e3db9579fe15c0a53a9) (load bias 0x1000)
+    f172e000-f1736fff r--         0      9000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.mapper@2.1.so (BuildId: be13a9c60140b86da4e3c6ca55ae2055) (load bias 0x1000)
+    f1737000-f173cfff r-x      8000      6000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.mapper@2.1.so (BuildId: be13a9c60140b86da4e3c6ca55ae2055) (load bias 0x1000)
+    f173d000-f173efff r--      d000      2000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.mapper@2.1.so (BuildId: be13a9c60140b86da4e3c6ca55ae2055) (load bias 0x1000)
+    f173f000-f173ffff rw-      e000      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.mapper@2.1.so (BuildId: be13a9c60140b86da4e3c6ca55ae2055) (load bias 0x1000)
+    f1747000-f1753fff r--         0      d000  /system/lib/libEGL.so (BuildId: 939a23e8565c0ac2943ded27ca01c92f) (load bias 0x1000)
+    f1754000-f1764fff r-x      c000     11000  /system/lib/libEGL.so (BuildId: 939a23e8565c0ac2943ded27ca01c92f) (load bias 0x1000)
+    f1765000-f1767fff r--     1c000      3000  /system/lib/libEGL.so (BuildId: 939a23e8565c0ac2943ded27ca01c92f) (load bias 0x1000)
+    f1768000-f1768fff rw-     1e000      1000  /system/lib/libEGL.so (BuildId: 939a23e8565c0ac2943ded27ca01c92f) (load bias 0x1000)
+    f1769000-f176cfff rw-         0      4000  [anon:.bss]
+    f176e000-f1770fff rw-         0      3000  [anon:libc_malloc]
+    f1796000-f1798fff r--         0      3000  /system/lib/libnativewindow.so (BuildId: 3e550f405850757ef344911e5b3c89f4) (load bias 0x1000)
+    f1799000-f179afff r-x      2000      2000  /system/lib/libnativewindow.so (BuildId: 3e550f405850757ef344911e5b3c89f4) (load bias 0x1000)
+    f179b000-f179bfff r--      3000      1000  /system/lib/libnativewindow.so (BuildId: 3e550f405850757ef344911e5b3c89f4) (load bias 0x1000)
+    f17cf000-f17defff r--         0     10000  /vendor/lib/android.hardware.media.c2@1.2.so (BuildId: ab2610687e6088d535041493a3cd0c72) (load bias 0x1000)
+    f17df000-f17edfff r-x      f000      f000  /vendor/lib/android.hardware.media.c2@1.2.so (BuildId: ab2610687e6088d535041493a3cd0c72) (load bias 0x1000)
+    f17ee000-f17f0fff r--     1d000      3000  /vendor/lib/android.hardware.media.c2@1.2.so (BuildId: ab2610687e6088d535041493a3cd0c72) (load bias 0x1000)
+    f17f1000-f17f1fff rw-     1f000      1000  /vendor/lib/android.hardware.media.c2@1.2.so (BuildId: ab2610687e6088d535041493a3cd0c72) (load bias 0x1000)
+    f180e000-f1817fff r--         0      a000  /system/lib/android.hardware.configstore@1.0.so (BuildId: 32bf0026f4737c143b9b18805d59989e) (load bias 0x1000)
+    f1818000-f1820fff r-x      9000      9000  /system/lib/android.hardware.configstore@1.0.so (BuildId: 32bf0026f4737c143b9b18805d59989e) (load bias 0x1000)
+    f1821000-f1822fff r--     11000      2000  /system/lib/android.hardware.configstore@1.0.so (BuildId: 32bf0026f4737c143b9b18805d59989e) (load bias 0x1000)
+    f1823000-f1823fff rw-     12000      1000  /system/lib/android.hardware.configstore@1.0.so (BuildId: 32bf0026f4737c143b9b18805d59989e) (load bias 0x1000)
+    f1860000-f1861fff r--         0      2000  /system/lib/libutilscallstack.so (BuildId: 584eb30d288c02735ceea0d216abfa87) (load bias 0x1000)
+    f1862000-f1863fff r-x      1000      2000  /system/lib/libutilscallstack.so (BuildId: 584eb30d288c02735ceea0d216abfa87) (load bias 0x1000)
+    f1864000-f1865fff r--      2000      2000  /system/lib/libutilscallstack.so (BuildId: 584eb30d288c02735ceea0d216abfa87) (load bias 0x1000)
+    f1868000-f186afff rw-         0      3000  [anon:libc_malloc]
+    f1899000-f189cfff r--         0      4000  /system/lib/liblzma.so (BuildId: 93d004e182e7a6c2e1cafb08c4f1efdb) (load bias 0x1000)
+    f189d000-f18b4fff r-x      3000     18000  /system/lib/liblzma.so (BuildId: 93d004e182e7a6c2e1cafb08c4f1efdb) (load bias 0x1000)
+    f18b5000-f18b5fff r--     1a000      1000  /system/lib/liblzma.so (BuildId: 93d004e182e7a6c2e1cafb08c4f1efdb) (load bias 0x1000)
+    f18b6000-f18b6fff rw-     1a000      1000  /system/lib/liblzma.so (BuildId: 93d004e182e7a6c2e1cafb08c4f1efdb) (load bias 0x1000)
+    f18b7000-f18bcfff rw-         0      6000  [anon:.bss]
+    f18d1000-f18d7fff r--         0      7000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.allocator@3.0.so (BuildId: dc8a6447810fff91e0b98edd7260d44e) (load bias 0x1000)
+    f18d8000-f18ddfff r-x      6000      6000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.allocator@3.0.so (BuildId: dc8a6447810fff91e0b98edd7260d44e) (load bias 0x1000)
+    f18de000-f18dffff r--      b000      2000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.allocator@3.0.so (BuildId: dc8a6447810fff91e0b98edd7260d44e) (load bias 0x1000)
+    f18e0000-f18e0fff rw-      c000      1000  /apex/com.android.vndk.v31/lib/android.hardware.graphics.allocator@3.0.so (BuildId: dc8a6447810fff91e0b98edd7260d44e) (load bias 0x1000)
+    f1923000-f1923fff r--         0      1000  /system/lib/libnativebridge_lazy.so (BuildId: eba545eac959f1cedf025174f3ff1962) (load bias 0x1000)
+    f1924000-f1924fff r-x         0      1000  /system/lib/libnativebridge_lazy.so (BuildId: eba545eac959f1cedf025174f3ff1962) (load bias 0x1000)
+    f1925000-f1925fff r--         0      1000  /system/lib/libnativebridge_lazy.so (BuildId: eba545eac959f1cedf025174f3ff1962) (load bias 0x1000)
+    f1926000-f1926fff rw-         0      1000  /system/lib/libnativebridge_lazy.so (BuildId: eba545eac959f1cedf025174f3ff1962) (load bias 0x1000)
+    f1930000-f1934fff rw-         0      5000  [anon:libc_malloc]
+    f1942000-f1942fff rw-         0      1000  [anon:libc_malloc]
+    f1948000-f1961fff r--         0     1a000  /vendor/lib/libcodec2_mtk_venc.so (BuildId: dd576886813fc12c08aa38bf1b882f9d) (load bias 0x1000)
+    f1962000-f1a08fff r-x     19000     a7000  /vendor/lib/libcodec2_mtk_venc.so (BuildId: dd576886813fc12c08aa38bf1b882f9d) (load bias 0x1000)
+    f1a09000-f1a0dfff r--     bf000      5000  /vendor/lib/libcodec2_mtk_venc.so (BuildId: dd576886813fc12c08aa38bf1b882f9d) (load bias 0x1000)
+    f1a0e000-f1a0efff rw-     c3000      1000  /vendor/lib/libcodec2_mtk_venc.so (BuildId: dd576886813fc12c08aa38bf1b882f9d) (load bias 0x1000)
+    f1a0f000-f1a0ffff rw-         0      1000  [anon:.bss]
+    f1a14000-f1a14fff rw-         0      1000  [anon:libc_malloc]
+    f1a2b000-f1a4afff r--         0     20000  /dev/__properties__/u:object_r:use_memfd_prop:s0
+    f1a4b000-f1a53fff r--         0      9000  /apex/com.android.runtime/lib/bionic/libm.so (BuildId: 472ab5cba2223997f46fd7548a6bd73d) (load bias 0x1000)
+    f1a54000-f1a68fff r-x      8000     15000  /apex/com.android.runtime/lib/bionic/libm.so (BuildId: 472ab5cba2223997f46fd7548a6bd73d) (load bias 0x1000)
+    f1a69000-f1a69fff r--     1c000      1000  /apex/com.android.runtime/lib/bionic/libm.so (BuildId: 472ab5cba2223997f46fd7548a6bd73d) (load bias 0x1000)
+    f1a6a000-f1a6afff rw-     1c000      1000  /apex/com.android.runtime/lib/bionic/libm.so (BuildId: 472ab5cba2223997f46fd7548a6bd73d) (load bias 0x1000)
+    f1a79000-f1a7dfff rw-         0      5000  [anon:libc_malloc]
+    f1a8d000-f1ab4fff r--         0     28000  /system/lib/libbinder.so (BuildId: 7c601ac21493e365aafc5c0fd5215523) (load bias 0x1000)
+    f1ab5000-f1ae6fff r-x     27000     32000  /system/lib/libbinder.so (BuildId: 7c601ac21493e365aafc5c0fd5215523) (load bias 0x1000)
+    f1ae7000-f1aedfff r--     58000      7000  /system/lib/libbinder.so (BuildId: 7c601ac21493e365aafc5c0fd5215523) (load bias 0x1000)
+    f1aee000-f1aeffff rw-     5e000      2000  /system/lib/libbinder.so (BuildId: 7c601ac21493e365aafc5c0fd5215523) (load bias 0x1000)
+    f1af9000-f1b12fff rw-         0     1a000  [anon:libc_malloc]
+    f1b13000-f1b21fff r--         0      f000  /vendor/lib/android.hardware.media.c2@1.1.so (BuildId: d78731aafc9bee774886b68cfac9e856) (load bias 0x1000)
+    f1b22000-f1b2ffff r-x      e000      e000  /vendor/lib/android.hardware.media.c2@1.1.so (BuildId: d78731aafc9bee774886b68cfac9e856) (load bias 0x1000)
+    f1b30000-f1b31fff r--     1b000      2000  /vendor/lib/android.hardware.media.c2@1.1.so (BuildId: d78731aafc9bee774886b68cfac9e856) (load bias 0x1000)
+    f1b32000-f1b32fff rw-     1c000      1000  /vendor/lib/android.hardware.media.c2@1.1.so (BuildId: d78731aafc9bee774886b68cfac9e856) (load bias 0x1000)
+    f1b35000-f1b35fff rw-         0      1000  [anon:libc_malloc]
+    f1b4b000-f1b6afff r--         0     20000  /dev/__properties__/u:object_r:codec2_config_prop:s0
+    f1b6b000-f1b6bfff r--         0      1000  /system/lib/android.hardware.graphics.common@1.0.so (BuildId: 9bb22b0fcf6189e7432d88a132c5858b) (load bias 0x1000)
+    f1b6c000-f1b6cfff r-x         0      1000  /system/lib/android.hardware.graphics.common@1.0.so (BuildId: 9bb22b0fcf6189e7432d88a132c5858b) (load bias 0x1000)
+    f1b6d000-f1b6dfff r--         0      1000  /system/lib/android.hardware.graphics.common@1.0.so (BuildId: 9bb22b0fcf6189e7432d88a132c5858b) (load bias 0x1000)
+    f1b6e000-f1b6efff rw-         0      1000  [anon:libc_malloc]
+    f1b73000-f1b73fff rw-         0      1000  [anon:libc_malloc]
+    f1b77000-f1b82fff rw-         0      c000  [anon:libc_malloc]
+    f1b83000-f1b89fff r--         0      7000  /system/lib/android.hardware.graphics.allocator@2.0.so (BuildId: e279cd21d6cb10fde1af1486279f9c8a) (load bias 0x1000)
+    f1b8a000-f1b8ffff r-x      6000      6000  /system/lib/android.hardware.graphics.allocator@2.0.so (BuildId: e279cd21d6cb10fde1af1486279f9c8a) (load bias 0x1000)
+    f1b90000-f1b91fff r--      b000      2000  /system/lib/android.hardware.graphics.allocator@2.0.so (BuildId: e279cd21d6cb10fde1af1486279f9c8a) (load bias 0x1000)
+    f1b92000-f1b92fff rw-      c000      1000  /system/lib/android.hardware.graphics.allocator@2.0.so (BuildId: e279cd21d6cb10fde1af1486279f9c8a) (load bias 0x1000)
+    f1ba4000-f1baafff rw-         0      7000  [anon:libc_malloc]
+    f1bc4000-f1bd7fff r--         0     14000  /system/lib/libprocessgroup.so (BuildId: 6493cfd1a222de5bf78a3ab82a45c7fb) (load bias 0x1000)
+    f1bd8000-f1bfcfff r-x     13000     25000  /system/lib/libprocessgroup.so (BuildId: 6493cfd1a222de5bf78a3ab82a45c7fb) (load bias 0x1000)
+    f1bfd000-f1bfdfff r--     37000      1000  /system/lib/libprocessgroup.so (BuildId: 6493cfd1a222de5bf78a3ab82a45c7fb) (load bias 0x1000)
+    f1bfe000-f1bfefff ---         0      1000
+    f1bff000-f1bfffff rw-         0      1000  [anon:.bss]
+    f1c05000-f1c0ffff r--         0      b000  /vendor/lib/libsfplugin_ccodec_utils.so (BuildId: 875e6f5aabe6a893269b9a789e6e68b9) (load bias 0x1000)
+    f1c10000-f1c10fff ---         0      1000
+    f1c11000-f1c38fff r-x      b000     28000  /vendor/lib/libsfplugin_ccodec_utils.so (BuildId: 875e6f5aabe6a893269b9a789e6e68b9) (load bias 0x1000)
+    f1c39000-f1c39fff r--     32000      1000  /vendor/lib/libsfplugin_ccodec_utils.so (BuildId: 875e6f5aabe6a893269b9a789e6e68b9) (load bias 0x1000)
+    f1c3a000-f1c3afff rw-     32000      1000  /vendor/lib/libsfplugin_ccodec_utils.so (BuildId: 875e6f5aabe6a893269b9a789e6e68b9) (load bias 0x1000)
+    f1c3b000-f1c3bfff rw-         0      1000  [anon:.bss]
+    f1c3c000-f1c3efff rw-         0      3000  [anon:libc_malloc]
+    f1c51000-f1c76fff r--         0     26000  /apex/com.android.vndk.v31/lib/libbinder.so (BuildId: e8283d1fcdb5131aac09bc61b03b567d) (load bias 0x1000)
+    f1c77000-f1ca6fff r-x     25000     30000  /apex/com.android.vndk.v31/lib/libbinder.so (BuildId: e8283d1fcdb5131aac09bc61b03b567d) (load bias 0x1000)
+    f1ca7000-f1cadfff r--     54000      7000  /apex/com.android.vndk.v31/lib/libbinder.so (BuildId: e8283d1fcdb5131aac09bc61b03b567d) (load bias 0x1000)
+    f1cae000-f1caefff rw-     5a000      1000  /apex/com.android.vndk.v31/lib/libbinder.so (BuildId: e8283d1fcdb5131aac09bc61b03b567d) (load bias 0x1000)
+    f1cb0000-f1cb2fff rw-         0      3000  [anon:libc_malloc]
+    f1cb3000-f1ce3fff rw-         0     31000  /dev/ashmem/MessageQueue (deleted)
+    f1ce4000-f1ce8fff r--         0      5000  /vendor/lib/libcodec2_soft_common.so (BuildId: 397c93a3912eca6ed50a7a7c7bfafa49) (load bias 0x1000)
+    f1ce9000-f1ce9fff ---         0      1000
+    f1cea000-f1cfdfff r-x      5000     14000  /vendor/lib/libcodec2_soft_common.so (BuildId: 397c93a3912eca6ed50a7a7c7bfafa49) (load bias 0x1000)
+    f1cfe000-f1cfffff r--     18000      2000  /vendor/lib/libcodec2_soft_common.so (BuildId: 397c93a3912eca6ed50a7a7c7bfafa49) (load bias 0x1000)
+    f1d00000-f1d00fff rw-         0      1000  [anon:libc_malloc]
+    f1d03000-f1d09fff rw-         0      7000  [anon:libc_malloc]
+    f1d0d000-f1d2ffff r--         0     23000  /vendor/lib/android.hardware.media.c2@1.0.so (BuildId: d56a8cfe262ccabc2ed09bc51f7fe8bd) (load bias 0x1000)
+    f1d30000-f1d5ffff r-x     22000     30000  /vendor/lib/android.hardware.media.c2@1.0.so (BuildId: d56a8cfe262ccabc2ed09bc51f7fe8bd) (load bias 0x1000)
+    f1d60000-f1d65fff r--     51000      6000  /vendor/lib/android.hardware.media.c2@1.0.so (BuildId: d56a8cfe262ccabc2ed09bc51f7fe8bd) (load bias 0x1000)
+    f1d66000-f1d66fff rw-     56000      1000  /vendor/lib/android.hardware.media.c2@1.0.so (BuildId: d56a8cfe262ccabc2ed09bc51f7fe8bd) (load bias 0x1000)
+    f1d68000-f1d68fff ---         0      1000
+    f1d69000-f1d6cfff rw-         0      4000  [anon:thread signal stack]
+    f1d6e000-f1d6ffff rw-         0      2000  [anon:libc_malloc]
+    f1d72000-f1d72fff rw-         0      1000  [anon:libc_malloc]
+    f1d7b000-f1d7efff rw-         0      4000  [anon:libc_malloc]
+    f1d80000-f1d82fff rw-         0      3000  [anon:libc_malloc]
+    f1d86000-f1d88fff rw-         0      3000  [anon:libc_malloc]
+    f1d90000-f1d97fff rw-         0      8000  [anon:libc_malloc]
+    f1d99000-f1d9bfff rw-         0      3000  [anon:libc_malloc]
+    f1d9f000-f1da6fff r--         0      8000  /system/lib/android.hardware.graphics.mapper@2.0.so (BuildId: c9c4756cbe22d8a6a650144f920f3768) (load bias 0x1000)
+    f1da7000-f1dadfff r-x      7000      7000  /system/lib/android.hardware.graphics.mapper@2.0.so (BuildId: c9c4756cbe22d8a6a650144f920f3768) (load bias 0x1000)
+    f1dae000-f1daffff r--      d000      2000  /system/lib/android.hardware.graphics.mapper@2.0.so (BuildId: c9c4756cbe22d8a6a650144f920f3768) (load bias 0x1000)
+    f1db0000-f1db0fff rw-      e000      1000  /system/lib/android.hardware.graphics.mapper@2.0.so (BuildId: c9c4756cbe22d8a6a650144f920f3768) (load bias 0x1000)
+    f1db9000-f1dbbfff rw-         0      3000  [anon:libc_malloc]
+    f1dc3000-f1dc7fff rw-         0      5000  [anon:libc_malloc]
+    f1dd7000-f1de6fff r--         0     10000  /vendor/lib/libstagefright_bufferpool@2.0.1.so (BuildId: fe5e46c7b6588cd75ef96d653af29f3f) (load bias 0x1000)
+    f1de7000-f1df6fff r-x      f000     10000  /vendor/lib/libstagefright_bufferpool@2.0.1.so (BuildId: fe5e46c7b6588cd75ef96d653af29f3f) (load bias 0x1000)
+    f1df7000-f1df8fff r--     1e000      2000  /vendor/lib/libstagefright_bufferpool@2.0.1.so (BuildId: fe5e46c7b6588cd75ef96d653af29f3f) (load bias 0x1000)
+    f1df9000-f1df9fff rw-     1f000      1000  /vendor/lib/libstagefright_bufferpool@2.0.1.so (BuildId: fe5e46c7b6588cd75ef96d653af29f3f) (load bias 0x1000)
+    f1dfa000-f1e03fff rw-         0      a000  [anon:libc_malloc]
+    f1e05000-f1e07fff rw-         0      3000  [anon:libc_malloc]
+    f1e09000-f1e0ffff rw-         0      7000  [anon:libc_malloc]
+    f1e10000-f1e10fff rw-         0      1000  [anon:libc_malloc]
+    f1e15000-f1e19fff rw-         0      5000  [anon:libc_malloc]
+    f1e26000-f1e26fff r--         0      1000  /vendor/lib/libion_mtk.so (BuildId: eec64901961c742d4a46f407e8971a27) (load bias 0x1000)
+    f1e27000-f1e28fff r-x         0      2000  /vendor/lib/libion_mtk.so (BuildId: eec64901961c742d4a46f407e8971a27) (load bias 0x1000)
+    f1e29000-f1e29fff r--      1000      1000  /vendor/lib/libion_mtk.so (BuildId: eec64901961c742d4a46f407e8971a27) (load bias 0x1000)
+    f1e30000-f1e4ffff r--         0     20000  /dev/__properties__/u:object_r:vendor_mtk_pq_prop:s0
+    f1e50000-f1e7bfff r--         0     2c000  /apex/com.android.runtime/lib/bionic/libc.so (BuildId: c3f479705b82c55801158aefde571341) (load bias 0x1000)
+    f1e7c000-f1f03fff r-x     2b000     88000  /apex/com.android.runtime/lib/bionic/libc.so (BuildId: c3f479705b82c55801158aefde571341) (load bias 0x1000)
+    f1f04000-f1f08fff r--     b2000      5000  /apex/com.android.runtime/lib/bionic/libc.so (BuildId: c3f479705b82c55801158aefde571341) (load bias 0x1000)
+    f1f09000-f1f09fff rw-     b6000      1000  /apex/com.android.runtime/lib/bionic/libc.so (BuildId: c3f479705b82c55801158aefde571341) (load bias 0x1000)
+    f1f0a000-f1f0dfff rw-         0      4000  [anon:.bss]
+    f1f0e000-f1f0efff r--         0      1000  [anon:.bss]
+    f1f0f000-f1f1afff rw-         0      c000  [anon:.bss]
+    f1f1c000-f1f1cfff rw-         0      1000  [anon:libc_malloc]
+    f1f1f000-f1f21fff rw-         0      3000  [anon:libc_malloc]
+    f1f29000-f1f68fff rw-         0     40000
+    f1f69000-f1f6bfff r--         0      3000  /apex/com.android.vndk.v31/lib/libhidlmemory.so (BuildId: 48cf79675f47885a448bc9bbbd51f669) (load bias 0x1000)
+    f1f6c000-f1f6cfff r-x      2000      1000  /apex/com.android.vndk.v31/lib/libhidlmemory.so (BuildId: 48cf79675f47885a448bc9bbbd51f669) (load bias 0x1000)
+    f1f6d000-f1f6efff r--      2000      2000  /apex/com.android.vndk.v31/lib/libhidlmemory.so (BuildId: 48cf79675f47885a448bc9bbbd51f669) (load bias 0x1000)
+    f1f6f000-f1f6ffff rw-      3000      1000  /apex/com.android.vndk.v31/lib/libhidlmemory.so (BuildId: 48cf79675f47885a448bc9bbbd51f669) (load bias 0x1000)
+    f1f73000-f1f74fff rw-         0      2000  [anon:libc_malloc]
+    f1f76000-f1f76fff rw-         0      1000  [anon:libc_malloc]
+    f1f7b000-f1f7bfff rw-         0      1000  [anon:libc_malloc]
+    f1f81000-f1f9dfff r--         0     1d000  /apex/com.android.vndk.v31/lib/libunwindstack.so (BuildId: 2af854a1987d4aaaee465804b868491a) (load bias 0x1000)
+    f1f9e000-f1fdafff r-x     1c000     3d000  /apex/com.android.vndk.v31/lib/libunwindstack.so (BuildId: 2af854a1987d4aaaee465804b868491a) (load bias 0x1000)
+    f1fdb000-f1fdefff r--     58000      4000  /apex/com.android.vndk.v31/lib/libunwindstack.so (BuildId: 2af854a1987d4aaaee465804b868491a) (load bias 0x1000)
+    f1fdf000-f1fdffff rw-     5b000      1000  /apex/com.android.vndk.v31/lib/libunwindstack.so (BuildId: 2af854a1987d4aaaee465804b868491a) (load bias 0x1000)
+    f1fe0000-f1fe3fff rw-         0      4000  [anon:libc_malloc]
+    f1fe6000-f1feafff rw-         0      5000  [anon:libc_malloc]
+    f1ff0000-f1ff0fff rw-         0      1000  [anon:libc_malloc]
+    f1ff5000-f1ff5fff ---         0      1000
+    f1ff6000-f1ff9fff rw-         0      4000  [anon:thread signal stack]
+    f1ffb000-f2000fff rw-         0      6000  [anon:libc_malloc]
+    f2002000-f2009fff rw-         0      8000  [anon:libc_malloc]
+    f2010000-f202ffff r--         0     20000  /dev/__properties__/u:object_r:vendor_mtk_pq_ro_prop:s0
+    f2030000-f2030fff r--         0      1000  /system/lib/libion.so (BuildId: 3b1873e14719ce13b1d5b3cae5f6bb6f) (load bias 0x1000)
+    f2031000-f2032fff r-x         0      2000  /system/lib/libion.so (BuildId: 3b1873e14719ce13b1d5b3cae5f6bb6f) (load bias 0x1000)
+    f2033000-f2033fff r--      1000      1000  /system/lib/libion.so (BuildId: 3b1873e14719ce13b1d5b3cae5f6bb6f) (load bias 0x1000)
+    f2034000-f2034fff rw-      1000      1000  /system/lib/libion.so (BuildId: 3b1873e14719ce13b1d5b3cae5f6bb6f) (load bias 0x1000)
+    f203f000-f2051fff rw-         0     13000  [anon:libc_malloc]
+    f2052000-f2052fff rw-         0      1000  [anon:libc_malloc]
+    f2056000-f2061fff rw-         0      c000  [anon:libc_malloc]
+    f2067000-f2067fff r--         0      1000  /apex/com.android.vndk.v31/lib/android.hardware.common-V2-ndk_platform.so (BuildId: ff1e31e052b1aed6b1a3b1a39f33233a) (load bias 0x1000)
+    f2068000-f2069fff r-x         0      2000  /apex/com.android.vndk.v31/lib/android.hardware.common-V2-ndk_platform.so (BuildId: ff1e31e052b1aed6b1a3b1a39f33233a) (load bias 0x1000)
+    f206a000-f206afff r--      1000      1000  /apex/com.android.vndk.v31/lib/android.hardware.common-V2-ndk_platform.so (BuildId: ff1e31e052b1aed6b1a3b1a39f33233a) (load bias 0x1000)
+    f206b000-f206bfff rw-      1000      1000  /apex/com.android.vndk.v31/lib/android.hardware.common-V2-ndk_platform.so (BuildId: ff1e31e052b1aed6b1a3b1a39f33233a) (load bias 0x1000)
+    f206c000-f206cfff rw-         0      1000  [anon:libc_malloc]
+    f206e000-f206efff rw-         0      1000  [anon:libc_malloc]
+    f2072000-f2091fff r--         0     20000  /dev/__properties__/u:object_r:vendor_mtk_mdp_debug_log_prop:s0
+    f2092000-f20b1fff r--         0     20000  /dev/__properties__/u:object_r:vendor_mtk_gpu_prop:s0
+    f20b2000-f20b2fff r--         0      1000  /system/lib/android.hardware.configstore-utils.so (BuildId: c770a70e76a5f5bbf97d99c6de39d781) (load bias 0x1000)
+    f20b3000-f20b3fff r-x         0      1000  /system/lib/android.hardware.configstore-utils.so (BuildId: c770a70e76a5f5bbf97d99c6de39d781) (load bias 0x1000)
+    f20b4000-f20b4fff r--         0      1000  /system/lib/android.hardware.configstore-utils.so (BuildId: c770a70e76a5f5bbf97d99c6de39d781) (load bias 0x1000)
+    f20b6000-f20bafff rw-         0      5000  [anon:libc_malloc]
+    f20c2000-f20cbfff r--         0      a000  /vendor/lib/libcodec2_hidl@1.1.so (BuildId: 4bb8f80e10ab578ec9ac362679ec6f8f) (load bias 0x1000)
+    f20cc000-f20d3fff r-x      9000      8000  /vendor/lib/libcodec2_hidl@1.1.so (BuildId: 4bb8f80e10ab578ec9ac362679ec6f8f) (load bias 0x1000)
+    f20d4000-f20d5fff r--     10000      2000  /vendor/lib/libcodec2_hidl@1.1.so (BuildId: 4bb8f80e10ab578ec9ac362679ec6f8f) (load bias 0x1000)
+    f20d6000-f20d6fff rw-     11000      1000  /vendor/lib/libcodec2_hidl@1.1.so (BuildId: 4bb8f80e10ab578ec9ac362679ec6f8f) (load bias 0x1000)
+    f20d7000-f20d8fff rw-         0      2000  [anon:libc_malloc]
+    f20da000-f20ddfff rw-         0      4000  [anon:libc_malloc]
+    f20df000-f20dffff rw-         0      1000  [anon:libc_malloc]
+    f20e3000-f20e5fff rw-         0      3000  [anon:libc_malloc]
+    f20e6000-f2105fff r--         0     20000  /dev/__properties__/u:object_r:vndk_prop:s0
+    f2106000-f2125fff r--         0     20000  /dev/__properties__/u:object_r:vendor_default_prop:s0
+    f2126000-f212afff r--         0      5000  /system/lib/libgraphicsenv.so (BuildId: c2b8b0009ccf2b4a204d23bc82505789) (load bias 0x1000)
+    f212b000-f212efff r-x      4000      4000  /system/lib/libgraphicsenv.so (BuildId: c2b8b0009ccf2b4a204d23bc82505789) (load bias 0x1000)
+    f212f000-f2130fff r--      7000      2000  /system/lib/libgraphicsenv.so (BuildId: c2b8b0009ccf2b4a204d23bc82505789) (load bias 0x1000)
+    f2131000-f2131fff rw-      8000      1000  /system/lib/libgraphicsenv.so (BuildId: c2b8b0009ccf2b4a204d23bc82505789) (load bias 0x1000)
+    f2134000-f2134fff rw-         0      1000  [anon:libc_malloc]
+    f2139000-f2139fff rw-         0      1000  [anon:libc_malloc]
+    f213c000-f213cfff rw-         0      1000  [anon:libc_malloc]
+    f2143000-f2143fff rw-         0      1000  [anon:libc_malloc]
+    f214a000-f214efff rw-         0      5000  [anon:libc_malloc]
+    f214f000-f214ffff rw-         0      1000  [anon:bionic_alloc_small_objects]
+    f2150000-f2151fff rw-         0      2000  [anon:libc_malloc]
+    f2164000-f2164fff rw-         0      1000  [anon:libc_malloc]
+    f216a000-f216efff rw-         0      5000  [anon:libc_malloc]
+    f2175000-f217bfff rw-         0      7000  [anon:libc_malloc]
+    f217c000-f217cfff ---         0      1000
+    f217d000-f2180fff rw-         0      4000  [anon:thread signal stack]
+    f218a000-f218efff rw-         0      5000  [anon:libc_malloc]
+    f2195000-f2195fff rw-         0      1000  [anon:libc_malloc]
+    f2199000-f219ffff rw-         0      7000  [anon:libc_malloc]
+    f21a5000-f21a5fff rw-         0      1000  [anon:libc_malloc]
+    f21a7000-f21a8fff rw-         0      2000  [anon:libc_malloc]
+    f21aa000-f21aefff rw-         0      5000  [anon:libc_malloc]
+    f21b3000-f21b3fff ---         0      1000
+    f21b4000-f21b7fff rw-         0      4000  [anon:thread signal stack]
+    f21b8000-f21b8fff ---         0      1000
+    f21b9000-f21bcfff rw-         0      4000  [anon:thread signal stack]
+    f21bd000-f21bdfff ---         0      1000
+    f21be000-f21c1fff rw-         0      4000  [anon:thread signal stack]
+    f21c2000-f21ccfff rw-         0      b000  [anon:libc_malloc]
+    f21ce000-f21dcfff rw-         0      f000  [anon:libc_malloc]
+    f21de000-f21e6fff rw-         0      9000  [anon:libc_malloc]
+    f21e8000-f21e8fff ---         0      1000
+    f21e9000-f21ecfff rw-         0      4000  [anon:thread signal stack]
+    f21ed000-f21effff rw-         0      3000  [anon:libc_malloc]
+    f21f1000-f21f6fff rw-         0      6000  [anon:libc_malloc]
+    f21f7000-f21f7fff rw-         0      1000  [anon:libc_malloc]
+    f21f9000-f21f9fff ---         0      1000
+    f21fa000-f21fdfff rw-         0      4000  [anon:thread signal stack]
+    f21fe000-f21fefff ---         0      1000
+    f21ff000-f2202fff rw-         0      4000  [anon:thread signal stack]
+    f2203000-f2215fff rw-         0     13000  [anon:libc_malloc]
+    f2216000-f2216fff rw-         0      1000  [anon:bionic_alloc_small_objects]
+    f2219000-f221cfff rw-         0      4000  [anon:libc_malloc]
+    f221e000-f2228fff rw-         0      b000  [anon:libc_malloc]
+    f222d000-f222dfff ---         0      1000
+    f222e000-f2231fff rw-         0      4000  [anon:thread signal stack]
+    f2232000-f2232fff ---         0      1000
+    f2233000-f2236fff rw-         0      4000  [anon:thread signal stack]
+    f223a000-f223cfff rw-         0      3000  [anon:libc_malloc]
+    f223d000-f223dfff rw-         0      1000  [anon:libc_malloc]
+    f223f000-f224afff rw-         0      c000  [anon:libc_malloc]
+    f224b000-f224bfff rw-         0      1000  [anon:libc_malloc]
+    f224d000-f224efff rw-         0      2000  [anon:libc_malloc]
+    f2250000-f2250fff rw-         0      1000  [anon:libc_malloc]
+    f2252000-f2252fff ---         0      1000
+    f2253000-f2256fff rw-         0      4000  [anon:thread signal stack]
+    f2257000-f2354fff r--         0     fe000  /dev/binderfs/vndbinder
+    f2355000-f2355fff rw-         0      1000  [anon:bionic_alloc_small_objects]
+    f2357000-f235efff rw-         0      8000  [anon:libc_malloc]
+    f2361000-f2365fff rw-         0      5000  [anon:libc_malloc]
+    f2367000-f2368fff rw-         0      2000  [anon:libc_malloc]
+    f236a000-f236cfff rw-         0      3000  [anon:libc_malloc]
+    f2371000-f2375fff rw-         0      5000  [anon:libc_malloc]
+    f2376000-f2395fff r--         0     20000  /dev/__properties__/u:object_r:exported_system_prop:s0
+    f2396000-f239efff rw-         0      9000  [anon:libc_malloc]
+    f23a0000-f23a7fff rw-         0      8000  [anon:libc_malloc]
+    f23a9000-f23a9fff rw-         0      1000  [anon:libc_malloc]
+    f23aa000-f23aafff rw-         0      1000  [anon:bionic_alloc_small_objects]
+    f23ab000-f23abfff rw-         0      1000  [anon:libc_malloc]
+    f23ae000-f23affff rw-         0      2000  [anon:libc_malloc]
+    f23b1000-f23b8fff rw-         0      8000  [anon:libc_malloc]
+    f23b9000-f23d8fff r--         0     20000  /dev/__properties__/u:object_r:vendor_mtk_sec_video_path_support_prop:s0
+    f23d9000-f23dffff rw-         0      7000  [anon:libc_malloc]
+    f23e0000-f23e0fff ---         0      1000
+    f23e1000-f23e4fff rw-         0      4000  [anon:thread signal stack]
+    f23e6000-f23e7fff rw-         0      2000  [anon:bionic_alloc_small_objects]
+    f23e8000-f23ecfff rw-         0      5000  [anon:libc_malloc]
+    f23ed000-f23edfff rw-         0      1000  [anon:bionic_alloc_small_objects]
+    f23ee000-f23effff rw-         0      2000  [anon:libc_malloc]
+    f23f0000-f23f0fff rw-         0      1000  [anon:bionic_alloc_small_objects]
+    f23f1000-f23f1fff ---         0      1000
+    f23f2000-f23f5fff rw-         0      4000  [anon:thread signal stack]
+    f23f6000-f23f6fff ---         0      1000
+    f23f7000-f23fafff rw-         0      4000  [anon:thread signal stack]
+    f23fb000-f23fbfff ---         0      1000
+    f23fc000-f23fffff rw-         0      4000  [anon:thread signal stack]
+    f2400000-f240cfff rw-         0      d000  [anon:libc_malloc]
+    f240d000-f240dfff ---         0      1000
+    f240e000-f2411fff rw-         0      4000  [anon:thread signal stack]
+    f2412000-f2412fff ---         0      1000
+    f2413000-f2416fff rw-         0      4000  [anon:thread signal stack]
+    f2417000-f2436fff r--         0     20000  /dev/__properties__/u:object_r:hwservicemanager_prop:s0
+    f2437000-f243dfff rw-         0      7000  [anon:libc_malloc]
+    f243e000-f243efff ---         0      1000
+    f243f000-f2442fff rw-         0      4000  [anon:thread signal stack]
+    f2443000-f244afff rw-         0      8000  [anon:libc_malloc]
+    f244b000-f2467fff r--         0     1d000  /vendor/lib/libpq_cust_base.so (BuildId: f45ecc2a1026af4f08ee7e181dce566a) (load bias 0x1000)
+    f2468000-f2468fff r-x     1c000      1000  /vendor/lib/libpq_cust_base.so (BuildId: f45ecc2a1026af4f08ee7e181dce566a) (load bias 0x1000)
+    f2469000-f2469fff r--     1c000      1000  /vendor/lib/libpq_cust_base.so (BuildId: f45ecc2a1026af4f08ee7e181dce566a) (load bias 0x1000)
+    f246a000-f247cfff rw-     1c000     13000  /vendor/lib/libpq_cust_base.so (BuildId: f45ecc2a1026af4f08ee7e181dce566a) (load bias 0x1000)
+    f247d000-f2480fff rw-         0      4000  [anon:libc_malloc]
+    f2481000-f2481fff rw-         0      1000  [anon:bionic_alloc_small_objects]
+    f2482000-f2483fff rw-         0      2000  [anon:libc_malloc]
+    f2484000-f2484fff rw-     30000      1000  /dev/ashmem/MessageQueue (deleted)
+    f2485000-f2485fff rw-         0      1000  /dev/ashmem/MessageQueue (deleted)
+    f2486000-f24a2fff rw-         0     1d000  [anon:libc_malloc]
+    f24a3000-f24c2fff r--         0     20000  /dev/__properties__/u:object_r:vendor_mtk_c2_log_prop:s0
+    f24c3000-f24e2fff r--         0     20000  /dev/__properties__/u:object_r:vendor_mtk_app_prop:s0
+    f24e3000-f2502fff r--         0     20000  /dev/__properties__/u:object_r:log_tag_prop:s0
+    f2503000-f2522fff r--         0     20000  /dev/__properties__/u:object_r:bootloader_prop:s0
+    f2523000-f2542fff r--         0     20000  /dev/__properties__/u:object_r:exported_default_prop:s0
+    f2543000-f2546fff r--         0      4000  [anon:atexit handlers]
+    f2547000-f2566fff r--         0     20000  /dev/__properties__/u:object_r:bq_config_prop:s0
+    f2567000-f256efff rw-         0      8000  [anon:libc_malloc]
+    f256f000-f256ffff rw-         0      1000  /dev/ashmem/MessageQueue (deleted)
+    f2570000-f2570fff rw-         0      1000  [anon:libc_malloc]
+    f2571000-f2571fff rw-         0      1000  /dev/ashmem/MessageQueue (deleted)
+    f2572000-f2575fff rw-         0      4000  [anon:libc_malloc]
+    f2576000-f2576fff ---         0      1000
+    f2577000-f257afff rw-         0      4000  [anon:thread signal stack]
+    f257b000-f2580fff rw-         0      6000  [anon:libc_malloc]
+    f2581000-f2582fff r--         0      2000  /system/lib/libnetd_client.so (BuildId: c61c6549f6d81aa56f3b72fca3f5a14b) (load bias 0x1000)
+    f2583000-f2583fff ---         0      1000
+    f2584000-f2588fff r-x      2000      5000  /system/lib/libnetd_client.so (BuildId: c61c6549f6d81aa56f3b72fca3f5a14b) (load bias 0x1000)
+    f2589000-f2589fff r--      6000      1000  /system/lib/libnetd_client.so (BuildId: c61c6549f6d81aa56f3b72fca3f5a14b) (load bias 0x1000)
+    f258a000-f258afff rw-      6000      1000  /system/lib/libnetd_client.so (BuildId: c61c6549f6d81aa56f3b72fca3f5a14b) (load bias 0x1000)
+    f258b000-f25aafff rw-         0     20000  [anon:.bss]
+    f25ab000-f25cafff r--         0     20000  /dev/__properties__/u:object_r:build_prop:s0
+    f25cb000-f25d9fff rw-         0      f000  [anon:libc_malloc]
+    f25da000-f25f9fff r--         0     20000  /dev/__properties__/u:object_r:heapprofd_prop:s0
+    f25fa000-f2619fff r--         0     20000  /dev/__properties__/u:object_r:libc_debug_prop:s0
+    f261a000-f2639fff r--         0     20000  /dev/__properties__/u:object_r:debug_prop:s0
+    f263a000-f2659fff r--         0     20000  /dev/__properties__/properties_serial
+    f265a000-f265dfff rw-         0      4000  [anon:System property context nodes]
+    f265e000-f267cfff r--         0     1f000  /dev/__properties__/property_info
+    f267d000-f267dfff r--         0      1000  [anon:cfi shadow]
+    f267e000-f2683fff ---         0      6000  [anon:cfi shadow]
+    f2684000-f2684fff r--         0      1000  [anon:cfi shadow]
+    f2685000-f2685fff ---         0      1000
+    f2686000-f2688fff rw-         0      3000  [anon:stack_and_tls:main]
+    f2689000-f2689fff ---         0      1000
+    f268a000-f2697fff rw-         0      e000  [anon:libc_malloc]
+    f2698000-f26cdfff rw-         0     36000  [anon:libc_malloc]
+    f26ce000-f26edfff r--         0     20000  /dev/__properties__/u:object_r:vendor_socket_hook_prop:s0
+    f26ee000-f27b5fff r--         0     c8000  [anon:linker_alloc]
+    f27b6000-f27bafff rw-         0      5000  [anon:bionic_alloc_small_objects]
+    f27bb000-f27bbfff rw-         0      1000  [anon:libc_malloc]
+    f27bc000-f27c0fff rw-         0      5000  [anon:bionic_alloc_small_objects]
+    f27c1000-f27c2fff rw-         0      2000  [anon:libc_malloc]
+    f27c3000-f27c4fff rw-         0      2000  [anon:bionic_alloc_small_objects]
+    f27c5000-f27c5fff rw-         0      1000  [anon:bionic_alloc_lob]
+    f27c6000-f27c7fff rw-         0      2000  [anon:bionic_alloc_small_objects]
+    f27c8000-f27e7fff r--         0     20000  /dev/__properties__/u:object_r:vndk_prop:s0
+    f27e8000-f27e8fff rw-         0      1000  [anon:bionic_alloc_small_objects]
+    f27e9000-f284cfff r--         0     64000  [anon:linker_alloc]
+    f284d000-f284dfff rw-         0      1000  [anon:bionic_alloc_small_objects]
+    f284e000-f286dfff r--         0     20000  /dev/__properties__/u:object_r:debug_prop:s0
+    f286e000-f288dfff r--         0     20000  /dev/__properties__/u:object_r:build_prop:s0
+    f288e000-f288efff ---         0      1000
+    f288f000-f2896fff rw-         0      8000
+    f2897000-f2897fff ---         0      1000
+    f2898000-f28b7fff r--         0     20000  /dev/__properties__/properties_serial
+    f28b8000-f28bbfff rw-         0      4000  [anon:System property context nodes]
+    f28bc000-f28dafff r--         0     1f000  /dev/__properties__/property_info
+    f28db000-f293efff r--         0     64000  [anon:linker_alloc]
+    f293f000-f2940fff rw-         0      2000  [anon:bionic_alloc_small_objects]
+    f2941000-f2941fff r--         0      1000  [anon:atexit handlers]
+    f2942000-f2942fff ---         0      1000
+    f2943000-f2946fff rw-         0      4000  [anon:thread signal stack]
+    f2947000-f2947fff rw-         0      1000  [anon:arc4random data]
+    f2948000-f2949fff rw-         0      2000  [anon:libc_malloc]
+    f294a000-f294afff rw-         0      1000  [anon:arc4random data]
+    f294b000-f2966fff r--         0     1c000  /apex/com.android.runtime/bin/linker (BuildId: b55971db965c409080102b2369efcd68) (load bias 0x1000)
+    f2967000-f2a0bfff r-x     1b000     a5000  /apex/com.android.runtime/bin/linker (BuildId: b55971db965c409080102b2369efcd68) (load bias 0x1000)
+    f2a0c000-f2a10fff r--     bf000      5000  /apex/com.android.runtime/bin/linker (BuildId: b55971db965c409080102b2369efcd68) (load bias 0x1000)
+    f2a11000-f2a11fff rw-     c3000      1000  /apex/com.android.runtime/bin/linker (BuildId: b55971db965c409080102b2369efcd68) (load bias 0x1000)
+    f2a12000-f2a14fff rw-         0      3000  [anon:.bss]
+    f2a15000-f2a15fff r--         0      1000  [anon:.bss]
+    f2a16000-f2a1bfff rw-         0      6000  [anon:.bss]
+    ff89c000-ff8bcfff rw-         0     21000  [stack]
+    ffff0000-ffff0fff r-x         0      1000  [vectors]

tests/artifacts/androidqf/dumpsys.txt

@@ -379,4 +379,22 @@ Daily stats:
       Update com.google.android.projection.gearhead vers=99632623
       Update com.google.android.projection.gearhead vers=99632623
       Update com.google.android.projection.gearhead vers=99632623
+--------- 0.053s was the duration of dumpsys batterystats, ending at: 2024-03-21 11:07:22
+-------------------------------------------------------------------------------
+DUMP OF SERVICE platform_compat:
+ChangeId(180326845; name=OVERRIDE_MIN_ASPECT_RATIO_MEDIUM; disabled; overridable)
+ChangeId(189969744; name=DOWNSCALE_65; disabled; overridable)
+ChangeId(183372781; name=ENABLE_RAW_SYSTEM_GALLERY_ACCESS; enableSinceTargetSdk=30)
+ChangeId(150939131; name=ADD_CONTENT_OBSERVER_FLAGS; enableSinceTargetSdk=30)
+ChangeId(226439802; name=SCHEDULE_EXACT_ALARM_DENIED_BY_DEFAULT; disabled)
+ChangeId(270674727; name=ENABLE_STRICT_FORMATTER_VALIDATION; enableSinceTargetSdk=35)
+ChangeId(183155436; name=ALWAYS_USE_CONTEXT_USER; enableSinceTargetSdk=33)
+ChangeId(303742236; name=ROLE_MANAGER_USER_HANDLE_AWARE; enableSinceTargetSdk=35)
+ChangeId(203800354; name=MEDIA_CONTROL_SESSION_ACTIONS; enableSinceTargetSdk=33)
+ChangeId(144027538; name=BLOCK_GPS_STATUS_USAGE; enableSinceTargetSdk=31)
+ChangeId(189969749; name=DOWNSCALE_35; disabled; overridable)
+ChangeId(143539591; name=SELINUX_LATEST_CHANGES; disabled)
+ChangeId(247079863; name=DISALLOW_INVALID_GROUP_REFERENCE; enableSinceTargetSdk=34)
+ChangeId(174227820; name=FORCE_DISABLE_HEVC_SUPPORT; disabled)
+ChangeId(168419799; name=DOWNSCALED; disabled; packageOverrides={com.google.android.apps.tachyon=false, org.torproject.torbrowser=false}; rawOverrides={org.torproject.torbrowser=false, org.article19.circulo.next=false}; overridable)
 

tests/artifacts/androidqf/root_binaries.json

@@ -0,0 +1,6 @@
+[
+    "/system/bin/su",
+    "/system/xbin/busybox",
+    "/data/local/tmp/magisk",
+    "/system/bin/magiskhide"
+]

tests/common/test_indicators.py

@@ -6,6 +6,8 @@
 import logging
 import os
 
+
+from mvt.common.config import settings
 from mvt.common.indicators import Indicators
 from ..utils import get_artifact_folder
 
@@ -100,6 +102,8 @@ class TestIndicators:
 
     def test_env_stix(self, indicator_file):
         os.environ["MVT_STIX2"] = indicator_file
+        settings.__init__()  # Reset settings
+
         ind = Indicators(log=logging)
         ind.load_indicators_files([], load_default=False)
         assert ind.total_ioc_count == 9

tests/common/test_utils.py

@@ -62,7 +62,7 @@ class TestHashes:
     def test_hash_from_folder(self):
         path = os.path.join(get_artifact_folder(), "androidqf")
         hashes = list(generate_hashes_from_path(path, logging))
-        assert len(hashes) == 7
+        assert len(hashes) == 8
         # Sort the files to have reliable order for tests.
         hashes = sorted(hashes, key=lambda x: x["file_path"])
         assert hashes[0]["file_path"] == os.path.join(path, "backup.ab")
@@ -75,7 +75,7 @@ class TestHashes:
         # This needs to be updated when we add or edit files in AndroidQF folder
         assert (
             hashes[1]["sha256"]
-            == "1bd255f656a7f9d5647a730f0f0cc47053115576f11532d41bf28c16635b193d"
+            == "9fb6396b64cfff30e2a459a64496d3c1386926d09edd68be2d878de45fa7b3a9"
         )
 
 

tests/test_check_android_androidqf.py

@@ -8,6 +8,7 @@ import os
 from click.testing import CliRunner
 
 from mvt.android.cli import check_androidqf
+from mvt.common.config import settings
 
 from .utils import get_artifact_folder
 
@@ -56,6 +57,8 @@ class TestCheckAndroidqfCommand:
         )
 
         os.environ["MVT_ANDROID_BACKUP_PASSWORD"] = TEST_BACKUP_PASSWORD
+        settings.__init__()  # Reset settings
+
         runner = CliRunner()
         path = os.path.join(get_artifact_folder(), "androidqf_encrypted")
         result = runner.invoke(check_androidqf, [path])
@@ -63,3 +66,4 @@ class TestCheckAndroidqfCommand:
         assert prompt_mock.call_count == 0
         assert result.exit_code == 0
         del os.environ["MVT_ANDROID_BACKUP_PASSWORD"]
+        settings.__init__()  # Reset settings

tests/test_check_android_backup.py

@@ -9,6 +9,7 @@ import os
 from click.testing import CliRunner
 
 from mvt.android.cli import check_backup
+from mvt.common.config import settings
 
 from .utils import get_artifact_folder
 
@@ -63,6 +64,8 @@ class TestCheckAndroidBackupCommand:
         )
 
         os.environ["MVT_ANDROID_BACKUP_PASSWORD"] = TEST_BACKUP_PASSWORD
+        settings.__init__()  # Reset settings
+
         runner = CliRunner()
         path = os.path.join(get_artifact_folder(), "androidqf_encrypted/backup.ab")
         result = runner.invoke(check_backup, [path])
@@ -70,3 +73,4 @@ class TestCheckAndroidBackupCommand:
         assert prompt_mock.call_count == 0
         assert result.exit_code == 0
         del os.environ["MVT_ANDROID_BACKUP_PASSWORD"]
+        settings.__init__()  # Reset settings