CalvinBackup/mvt
1
0
Fork 0
mirror of https://github.com/mvt-project/mvt.git synced 2026-02-15 10:02:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: CalvinBackup:v1.4.9
Branches Tags
CalvinBackup:main CalvinBackup:auto/add-new-ios-releases CalvinBackup:v2 CalvinBackup:fix_tombstone CalvinBackup:feature/updates_downgrades CalvinBackup:dependabot/pip/mkdocstrings-1.0.0 CalvinBackup:dependabot/pip/click-8.3.1 CalvinBackup:dependabot/pip/rich-14.2.0 CalvinBackup:dependabot/pip/pydantic-2.12.5 CalvinBackup:dependabot/pip/tzdata-2025.3 CalvinBackup:release/v2.7.0 CalvinBackup:fix/ruff-config CalvinBackup:fix/add-python3-14-tests CalvinBackup:feature/anonymous-metrics CalvinBackup:feature/deduplicate-adb-aqf-modules CalvinBackup:fix/webkit_session_resource_error_handling CalvinBackup:update-check CalvinBackup:root_binaries CalvinBackup:mounts CalvinBackup:fix/tombstone_values CalvinBackup:refactor/structured-alerting CalvinBackup:fix/tombstone-int CalvinBackup:tzdata-dependency CalvinBackup:fix/vt CalvinBackup:dev_deps CalvinBackup:ios-version CalvinBackup:fix_tests CalvinBackup:fix/install_non_market_apps CalvinBackup:fix/tcc CalvinBackup:fix/safari_browserstate CalvinBackup:fix-mms CalvinBackup:Te-k-patch-1 CalvinBackup:makitos666-patch-1 CalvinBackup:bugfix/tombstones CalvinBackup:fix/tombstone-defaults CalvinBackup:fix/create-auto-pr-as-draft-yaml CalvinBackup:feature/android-sub-module-loading CalvinBackup:feature/command_completion_docs CalvinBackup:feature/ios-app CalvinBackup:tmp/timeline-improvements CalvinBackup:feature/add-package-detections CalvinBackup:wip/android-dumpstate-parser CalvinBackup:feature/structured-alerting CalvinBackup:feature/post-run-detections CalvinBackup:feature/network-interface-parser CalvinBackup:ios_lockdown CalvinBackup:Te-k-feature/ios-check-usb
CalvinBackup:v2.7.0 CalvinBackup:v2.6.1 CalvinBackup:v2.6.0 CalvinBackup:v2.5.4 CalvinBackup:v2.5.3 CalvinBackup:v2.5.2 CalvinBackup:v2.5.1 CalvinBackup:v2.5.0 CalvinBackup:v2.4.5 CalvinBackup:v2.4.4 CalvinBackup:v2.4.3 CalvinBackup:v2.4.2 CalvinBackup:v2.4.1 CalvinBackup:v2.4.0 CalvinBackup:v2.3.0 CalvinBackup:v2.2.6 CalvinBackup:v2.2.5 CalvinBackup:v2.2.4 CalvinBackup:v2.2.3 CalvinBackup:v2.2.2 CalvinBackup:v2.2.1 CalvinBackup:v2.2 CalvinBackup:v2.1.6 CalvinBackup:v2.1.5 CalvinBackup:v2.1.4 CalvinBackup:v2.1.3 CalvinBackup:v2.1.2 CalvinBackup:v2.1.1 CalvinBackup:v2.1 CalvinBackup:v2.0 CalvinBackup:v1.5.5 CalvinBackup:v1.5.4 CalvinBackup:v1.5.3 CalvinBackup:v1.5.2 CalvinBackup:v1.5.1 CalvinBackup:v1.4.11 CalvinBackup:v1.4.10 CalvinBackup:v1.4.9 CalvinBackup:v1.4.8 CalvinBackup:v1.4.7 CalvinBackup:v1.4.6 CalvinBackup:v1.4.5 CalvinBackup:v1.4.4 CalvinBackup:v1.4.3 CalvinBackup:v1.4.2 CalvinBackup:v1.4.1 CalvinBackup:v1.4.0 CalvinBackup:v1.3.2 CalvinBackup:v1.3.1 CalvinBackup:v1.2.14 CalvinBackup:v1.2.10 CalvinBackup:v1.2.13 CalvinBackup:v1.2.12 CalvinBackup:v1.2.11 CalvinBackup:v1.2.9 CalvinBackup:v1.2.8 CalvinBackup:v1.2.7 CalvinBackup:v1.2.6 CalvinBackup:v1.3 CalvinBackup:v1.2.5 CalvinBackup:v1.2.3 CalvinBackup:v1.2.2 CalvinBackup:v1.2.1 CalvinBackup:v1.2.0 CalvinBackup:v1.1.0 CalvinBackup:v1.0.17 CalvinBackup:v1.0.16 CalvinBackup:v1.0.15 CalvinBackup:v1.0.14 CalvinBackup:v1.0.13 CalvinBackup:v1.0.11
..
compare: CalvinBackup:v1.4.11
Branches Tags
CalvinBackup:auto/add-new-ios-releases CalvinBackup:main CalvinBackup:v2 CalvinBackup:fix_tombstone CalvinBackup:feature/updates_downgrades CalvinBackup:dependabot/pip/mkdocstrings-1.0.0 CalvinBackup:dependabot/pip/click-8.3.1 CalvinBackup:dependabot/pip/rich-14.2.0 CalvinBackup:dependabot/pip/pydantic-2.12.5 CalvinBackup:dependabot/pip/tzdata-2025.3 CalvinBackup:release/v2.7.0 CalvinBackup:fix/ruff-config CalvinBackup:fix/add-python3-14-tests CalvinBackup:feature/anonymous-metrics CalvinBackup:feature/deduplicate-adb-aqf-modules CalvinBackup:fix/webkit_session_resource_error_handling CalvinBackup:update-check CalvinBackup:root_binaries CalvinBackup:mounts CalvinBackup:fix/tombstone_values CalvinBackup:refactor/structured-alerting CalvinBackup:fix/tombstone-int CalvinBackup:tzdata-dependency CalvinBackup:fix/vt CalvinBackup:dev_deps CalvinBackup:ios-version CalvinBackup:fix_tests CalvinBackup:fix/install_non_market_apps CalvinBackup:fix/tcc CalvinBackup:fix/safari_browserstate CalvinBackup:fix-mms CalvinBackup:Te-k-patch-1 CalvinBackup:makitos666-patch-1 CalvinBackup:bugfix/tombstones CalvinBackup:fix/tombstone-defaults CalvinBackup:fix/create-auto-pr-as-draft-yaml CalvinBackup:feature/android-sub-module-loading CalvinBackup:feature/command_completion_docs CalvinBackup:feature/ios-app CalvinBackup:tmp/timeline-improvements CalvinBackup:feature/add-package-detections CalvinBackup:wip/android-dumpstate-parser CalvinBackup:feature/structured-alerting CalvinBackup:feature/post-run-detections CalvinBackup:feature/network-interface-parser CalvinBackup:ios_lockdown CalvinBackup:Te-k-feature/ios-check-usb
CalvinBackup:v2.7.0 CalvinBackup:v2.6.1 CalvinBackup:v2.6.0 CalvinBackup:v2.5.4 CalvinBackup:v2.5.3 CalvinBackup:v2.5.2 CalvinBackup:v2.5.1 CalvinBackup:v2.5.0 CalvinBackup:v2.4.5 CalvinBackup:v2.4.4 CalvinBackup:v2.4.3 CalvinBackup:v2.4.2 CalvinBackup:v2.4.1 CalvinBackup:v2.4.0 CalvinBackup:v2.3.0 CalvinBackup:v2.2.6 CalvinBackup:v2.2.5 CalvinBackup:v2.2.4 CalvinBackup:v2.2.3 CalvinBackup:v2.2.2 CalvinBackup:v2.2.1 CalvinBackup:v2.2 CalvinBackup:v2.1.6 CalvinBackup:v2.1.5 CalvinBackup:v2.1.4 CalvinBackup:v2.1.3 CalvinBackup:v2.1.2 CalvinBackup:v2.1.1 CalvinBackup:v2.1 CalvinBackup:v2.0 CalvinBackup:v1.5.5 CalvinBackup:v1.5.4 CalvinBackup:v1.5.3 CalvinBackup:v1.5.2 CalvinBackup:v1.5.1 CalvinBackup:v1.4.11 CalvinBackup:v1.4.10 CalvinBackup:v1.4.9 CalvinBackup:v1.4.8 CalvinBackup:v1.4.7 CalvinBackup:v1.4.6 CalvinBackup:v1.4.5 CalvinBackup:v1.4.4 CalvinBackup:v1.4.3 CalvinBackup:v1.4.2 CalvinBackup:v1.4.1 CalvinBackup:v1.4.0 CalvinBackup:v1.3.2 CalvinBackup:v1.3.1 CalvinBackup:v1.2.14 CalvinBackup:v1.2.10 CalvinBackup:v1.2.13 CalvinBackup:v1.2.12 CalvinBackup:v1.2.11 CalvinBackup:v1.2.9 CalvinBackup:v1.2.8 CalvinBackup:v1.2.7 CalvinBackup:v1.2.6 CalvinBackup:v1.3 CalvinBackup:v1.2.5 CalvinBackup:v1.2.3 CalvinBackup:v1.2.2 CalvinBackup:v1.2.1 CalvinBackup:v1.2.0 CalvinBackup:v1.1.0 CalvinBackup:v1.0.17 CalvinBackup:v1.0.16 CalvinBackup:v1.0.15 CalvinBackup:v1.0.14 CalvinBackup:v1.0.13 CalvinBackup:v1.0.11

32 Commits
v1.4.9 ... v1.4.11

Author SHA1 Message Date
Nex
7b107edf1f Bumped version 2022-02-01 17:54:01 +01:00
Nex
b97ce7651a Fixed missing checks for indicators instance (ref: #245) 2022-02-01 17:48:19 +01:00
Nex
52a204cab6 Obtaining permissions for installed packages 2022-02-01 15:33:19 +01:00
Nex
1b335fda1d Renamed function argument to more descriptive 2022-02-01 15:07:43 +01:00
Nex
2ad175eae2 Renamed package to package_name for consistency 2022-02-01 14:27:00 +01:00
Nex
2d00dca5bd Bumped version 2022-02-01 12:46:31 +01:00
Nex
c8e50eb958 Merge pull request #244 from dangaffey/patch-1 
Update docker.md
 2022-02-01 11:54:04 +01:00
Dan Gaffey
1f049fc8ba Update docker.md 
Had to run an additional Docker flag to get it building on the new M1 chip from Apple. Figured it would be helpful to point that out in the Docs for the less initiated users.
 2022-01-31 20:22:54 -05:00
Nex
434738a306 Better regexp formatting 2022-01-31 13:05:03 +01:00
Nex
06cd640c5e Using static methods 2022-01-31 12:58:33 +01:00
Nex
fb8a7ca104 Enforce consistency in Android modules 2022-01-31 11:30:49 +01:00
Nex
8d15ff58dd Renamed matched field name to singular 2022-01-30 20:29:09 +01:00
Nex
eb5f07a75d Updated copyright notice 2022-01-30 20:15:01 +01:00
Nex
ececf1a6b2 Added module to extract db queries 2022-01-30 19:43:09 +01:00
Nex
851cd52602 Ordering and clean-up 2022-01-30 16:41:32 +01:00
Nex
8db04fc991 Added module to parse battery daily stats package updates 2022-01-30 16:02:24 +01:00
Nex
3d0ba56e1f Fixed parsing of wake events 2022-01-30 15:20:03 +01:00
Nex
c48a4e8f50 Fixed variable name 2022-01-30 04:12:19 +01:00
Nex
001c2998a5 Removed unnecessary newlines 2022-01-30 04:11:46 +01:00
Nex
5e7c5727af Added check for indicators to dumpsys modules 2022-01-30 04:08:48 +01:00
Nex
883fbaeb88 Parsing records from accessibility and battery history 2022-01-30 03:44:41 +01:00
Nex
6f0012cede Removed modules which are only duplicated outputs from dumpsys full 2022-01-30 03:39:26 +01:00
Nex
458e80ccbb Adding module to process battery history 2022-01-30 03:34:16 +01:00
Nex
c8185fdbd8 Small code clean-ups 2022-01-29 15:13:35 +01:00
Nex
67eea3edec Merge pull request #241 from yallxe/main 
Make utf-8 as a default for open()
 2022-01-29 14:44:16 +01:00
Yallxe
bc86d159b8 Clear 'debugging' things 2022-01-29 12:28:22 +01:00
Yallxe
43b1612dfe Set utf-8 as an encoding for open() 
Not every system uses 'utf-8' as a default encoding for opening files in Python.

Before you say that there must be a way to set default encoding in one line, no, there is not. At least, I didn't found a way to do this.
 2022-01-29 12:18:18 +01:00
Yallxe
156f1084f1 Add IDEA to gitignore 2022-01-29 12:03:00 +01:00
Nex
49e34f6299 Better parsing of dumpsys package and added parsing of Activities too 2022-01-29 03:50:33 +01:00
Nex
d88a66dd54 Fixed typo 2022-01-29 01:13:52 +01:00
Nex
d3ed778ae4 Fixed comment stylling 2022-01-29 01:13:29 +01:00
tek
4c3306c272 Separate receivers parsing in DumpsysReceivers 2022-01-29 01:06:32 +01:00
100 changed files with 685 additions and 334 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -131,3 +131,6 @@ dmypy.json
# Temporal files
*~
# IDEA Dev Environment
.idea

2
dev/mvt-android
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env python3
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
dev/mvt-ios
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env python3
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

5
docs/docker.md
View File

@@ -10,6 +10,11 @@ cd mvt
docker build -t mvt .
```
Optionally, you may need to specify your platform to Docker in order to build successfully (Apple M1)
```bash
docker build --platform amd64 -t mvt .
```
Test if the image was created successfully:
```bash

2
mvt/__init__.py
View File

@@ -1,4 +1,4 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/android/__init__.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/android/cli.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

6
mvt/android/download_apks.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
@@ -57,7 +57,7 @@ class DownloadAPKs(AndroidExtraction):
:param json_path: Path to the apks.json file to parse.
"""
with open(json_path, "r") as handle:
with open(json_path, "r", encoding="utf-8") as handle:
packages = json.load(handle)
return cls(packages=packages)
@@ -173,7 +173,7 @@ class DownloadAPKs(AndroidExtraction):
def save_json(self):
"""Save the results to the package.json file."""
json_path = os.path.join(self.output_folder, "apks.json")
with open(json_path, "w") as handle:
with open(json_path, "w", encoding="utf-8") as handle:
json.dump(self.packages, handle, indent=4)
def run(self):

2
mvt/android/lookups/__init__.py
View File

@@ -1,4 +1,4 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/android/lookups/koodous.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/android/lookups/virustotal.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/android/modules/__init__.py
View File

@@ -1,4 +1,4 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

15
mvt/android/modules/adb/__init__.py
View File

@@ -1,14 +1,15 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
from .chrome_history import ChromeHistory
from .dumpsys_accessibility import DumpsysAccessibility
from .dumpsys_batterystats import DumpsysBatterystats
from .dumpsys_activities import DumpsysActivities
from .dumpsys_battery_daily import DumpsysBatteryDaily
from .dumpsys_battery_history import DumpsysBatteryHistory
from .dumpsys_dbinfo import DumpsysDBInfo
from .dumpsys_full import DumpsysFull
from .dumpsys_packages import DumpsysPackages
from .dumpsys_procstats import DumpsysProcstats
from .dumpsys_receivers import DumpsysReceivers
from .files import Files
from .getprop import Getprop
@@ -21,6 +22,6 @@ from .sms import SMS
from .whatsapp import Whatsapp
ADB_MODULES = [ChromeHistory, SMS, Whatsapp, Processes, Getprop, Settings,
DumpsysAccessibility, DumpsysBatterystats, DumpsysProcstats,
DumpsysPackages, DumpsysReceivers, DumpsysFull,
Packages, RootBinaries, Logcat, Files]
DumpsysBatteryHistory, DumpsysBatteryDaily, DumpsysReceivers,
DumpsysActivities, DumpsysAccessibility, DumpsysDBInfo,
DumpsysFull, Packages, RootBinaries, Logcat, Files]

2
mvt/android/modules/adb/base.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/android/modules/adb/chrome_history.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

42
mvt/android/modules/adb/dumpsys_accessibility.py
View File

@@ -1,11 +1,9 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
import io
import logging
import os
from .base import AndroidExtraction
@@ -21,13 +19,23 @@ class DumpsysAccessibility(AndroidExtraction):
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
def run(self):
self._adb_connect()
def check_indicators(self):
if not self.indicators:
return
stats = self._adb_command("dumpsys accessibility")
for result in self.results:
ioc = self.indicators.check_app_id(result["package_name"])
if ioc:
result["matched_indicator"] = ioc
self.detected.append(result)
continue
@staticmethod
def parse_accessibility(output):
results = []
in_services = False
for line in stats.split("\n"):
for line in output.split("\n"):
if line.strip().startswith("installed services:"):
in_services = True
continue
@@ -41,13 +49,19 @@ class DumpsysAccessibility(AndroidExtraction):
service = line.split(":")[1].strip()
log.info("Found installed accessibility service \"%s\"", service)
if self.output_folder:
acc_path = os.path.join(self.output_folder,
"dumpsys_accessibility.txt")
with io.open(acc_path, "w", encoding="utf-8") as handle:
handle.write(stats)
results.append({
"package_name": service.split("/")[0],
"service": service,
})
log.info("Records from dumpsys accessibility stored at %s",
acc_path)
return results
def run(self):
self._adb_connect()
output = self._adb_command("dumpsys accessibility")
self.results = self.parse_accessibility(output)
self.log.info("Identified a total of %d accessibility services", len(self.results))
self._adb_disconnect()

98
mvt/android/modules/adb/dumpsys_activities.py Normal file
View File

@@ -0,0 +1,98 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
import logging
from .base import AndroidExtraction
log = logging.getLogger(__name__)
class DumpsysActivities(AndroidExtraction):
"""This module extracts details on receivers for risky activities."""
def __init__(self, file_path=None, base_folder=None, output_folder=None,
serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
self.results = results if results else {}
def check_indicators(self):
if not self.indicators:
return
for intent, activities in self.results.items():
for activity in activities:
ioc = self.indicators.check_app_id(activity["package_name"])
if ioc:
activity["matched_indicator"] = ioc
self.detected.append({intent: activity})
continue
@staticmethod
def parse_activity_resolver_table(output):
results = {}
in_activity_resolver_table = False
in_non_data_actions = False
intent = None
for line in output.split("\n"):
if line.startswith("Activity Resolver Table:"):
in_activity_resolver_table = True
continue
if not in_activity_resolver_table:
continue
if line.startswith(" Non-Data Actions:"):
in_non_data_actions = True
continue
if not in_non_data_actions:
continue
# If we hit an empty line, the Non-Data Actions section should be
# finished.
if line.strip() == "":
break
# We detect the action name.
if line.startswith(" " * 6) and not line.startswith(" " * 8) and ":" in line:
intent = line.strip().replace(":", "")
results[intent] = []
continue
# If we are not in an intent block yet, skip.
if not intent:
continue
# If we are in a block but the line does not start with 8 spaces
# it means the block ended a new one started, so we reset and
# continue.
if not line.startswith(" " * 8):
intent = None
continue
# If we got this far, we are processing receivers for the
# activities we are interested in.
activity = line.strip().split(" ")[1]
package_name = activity.split("/")[0]
results[intent].append({
"package_name": package_name,
"activity": activity,
})
return results
def run(self):
self._adb_connect()
output = self._adb_command("dumpsys package")
self.results = self.parse_activity_resolver_table(output)
self._adb_disconnect()

93
mvt/android/modules/adb/dumpsys_battery_daily.py Normal file
View File

@@ -0,0 +1,93 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
import logging
from .base import AndroidExtraction
log = logging.getLogger(__name__)
class DumpsysBatteryDaily(AndroidExtraction):
"""This module extracts records from battery daily updates."""
def __init__(self, file_path=None, base_folder=None, output_folder=None,
serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
def serialize(self, record):
return {
"timestamp": record["from"],
"module": self.__class__.__name__,
"event": "battery_daily",
"data": f"Recorded update of package {record['package_name']} with vers {record['vers']}"
}
def check_indicators(self):
if not self.indicators:
return
for result in self.results:
ioc = self.indicators.check_app_id(result["package_name"])
if ioc:
result["matched_indicator"] = ioc
self.detected.append(result)
continue
@staticmethod
def parse_battery_history(output):
results = []
daily = None
daily_updates = []
for line in output.split("\n")[1:]:
if line.startswith(" Daily from "):
timeframe = line[13:].strip()
date_from, date_to = timeframe.strip(":").split(" to ", 1)
daily = {"from": date_from[0:10], "to": date_to[0:10]}
if not daily:
continue
if line.strip() == "":
results.extend(daily_updates)
daily = None
daily_updates = []
continue
if not line.strip().startswith("Update "):
continue
line = line.strip().replace("Update ", "")
package_name, vers = line.split(" ", 1)
vers_nr = vers.split("=", 1)[1]
already_seen = False
for update in daily_updates:
if package_name == update["package_name"] and vers_nr == update["vers"]:
already_seen = True
break
if not already_seen:
daily_updates.append({
"action": "update",
"from": daily["from"],
"to": daily["to"],
"package_name": package_name,
"vers": vers_nr,
})
return results
def run(self):
self._adb_connect()
output = self._adb_command("dumpsys batterystats --daily")
self.results = self.parse_battery_history(output)
self.log.info("Extracted %d records from battery daily stats", len(self.results))
self._adb_disconnect()

91
mvt/android/modules/adb/dumpsys_battery_history.py Normal file
View File

@@ -0,0 +1,91 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
import logging
from .base import AndroidExtraction
log = logging.getLogger(__name__)
class DumpsysBatteryHistory(AndroidExtraction):
"""This module extracts records from battery history events."""
def __init__(self, file_path=None, base_folder=None, output_folder=None,
serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
def check_indicators(self):
if not self.indicators:
return
for result in self.results:
ioc = self.indicators.check_app_id(result["package_name"])
if ioc:
result["matched_indicator"] = ioc
self.detected.append(result)
continue
@staticmethod
def parse_battery_history(output):
results = []
for line in output.split("\n")[1:]:
if line.strip() == "":
break
time_elapsed, rest = line.strip().split(" ", 1)
start = line.find(" 100 ")
if start == -1:
continue
line = line[start+5:]
event = ""
if line.startswith("+job"):
event = "start_job"
elif line.startswith("-job"):
event = "end_job"
elif line.startswith("+running +wake_lock="):
event = "wake"
else:
continue
if event in ["start_job", "end_job"]:
uid = line[line.find("=")+1:line.find(":")]
service = line[line.find(":")+1:].strip('"')
package_name = service.split("/")[0]
elif event == "wake":
uid = line[line.find("=")+1:line.find(":")]
service = line[line.find("*walarm*:")+9:].split(" ")[0].strip('"').strip()
if service == "" or "/" not in service:
continue
package_name = service.split("/")[0]
else:
continue
results.append({
"time_elapsed": time_elapsed,
"event": event,
"uid": uid,
"package_name": package_name,
"service": service,
})
return results
def run(self):
self._adb_connect()
output = self._adb_command("dumpsys batterystats --history")
self.results = self.parse_battery_history(output)
self.log.info("Extracted %d records from battery history", len(self.results))
self._adb_disconnect()

46
mvt/android/modules/adb/dumpsys_batterystats.py
View File

@@ -1,46 +0,0 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
import logging
import os
from .base import AndroidExtraction
log = logging.getLogger(__name__)
class DumpsysBatterystats(AndroidExtraction):
"""This module extracts stats on battery consumption by processes."""
def __init__(self, file_path=None, base_folder=None, output_folder=None,
serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
def run(self):
self._adb_connect()
stats = self._adb_command("dumpsys batterystats")
if self.output_folder:
stats_path = os.path.join(self.output_folder,
"dumpsys_batterystats.txt")
with open(stats_path, "w") as handle:
handle.write(stats)
log.info("Records from dumpsys batterystats stored at %s",
stats_path)
history = self._adb_command("dumpsys batterystats --history")
if self.output_folder:
history_path = os.path.join(self.output_folder,
"dumpsys_batterystats_history.txt")
with open(history_path, "w") as handle:
handle.write(history)
log.info("History records from dumpsys batterystats stored at %s",
history_path)
self._adb_disconnect()

81
mvt/android/modules/adb/dumpsys_dbinfo.py Normal file
View File

@@ -0,0 +1,81 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
import logging
import re
from .base import AndroidExtraction
log = logging.getLogger(__name__)
class DumpsysDBInfo(AndroidExtraction):
"""This module extracts records from battery daily updates."""
slug = "dumpsys_dbinfo"
def __init__(self, file_path=None, base_folder=None, output_folder=None,
serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
def check_indicators(self):
if not self.indicators:
return
for result in self.results:
path = result.get("path", "")
for part in path.split("/"):
ioc = self.indicators.check_app_id(part)
if ioc:
result["matched_indicator"] = ioc
self.detected.append(result)
continue
@staticmethod
def parse_dbinfo(output):
results = []
rxp = re.compile(r'.*\[([0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3})\].*\[Pid:\((\d+)\)\](\w+).*sql\=\"(.+?)\".*path\=(.*?$)')
in_operations = False
for line in output.split("\n"):
if line.strip() == "Most recently executed operations:":
in_operations = True
continue
if not in_operations:
continue
if not line.startswith(" "):
in_operations = False
continue
matches = rxp.findall(line)
if not matches:
continue
match = matches[0]
results.append({
"isodate": match[0],
"pid": match[1],
"action": match[2],
"sql": match[3],
"path": match[4],
})
return results
def run(self):
self._adb_connect()
output = self._adb_command("dumpsys dbinfo")
self.results = self.parse_dbinfo(output)
self.log.info("Extracted a total of %d records from database information",
len(self.results))
self._adb_disconnect()

14
mvt/android/modules/adb/dumpsys_full.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
@@ -23,14 +23,12 @@ class DumpsysFull(AndroidExtraction):
def run(self):
self._adb_connect()
stats = self._adb_command("dumpsys")
output = self._adb_command("dumpsys")
if self.output_folder:
stats_path = os.path.join(self.output_folder,
"dumpsys.txt")
with open(stats_path, "w") as handle:
handle.write(stats)
output_path = os.path.join(self.output_folder, "dumpsys.txt")
with open(output_path, "w", encoding="utf-8") as handle:
handle.write(output)
log.info("Full dumpsys output stored at %s",
stats_path)
log.info("Full dumpsys output stored at %s", output_path)
self._adb_disconnect()

37
mvt/android/modules/adb/dumpsys_packages.py
View File

@@ -1,37 +0,0 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
import logging
import os
from .base import AndroidExtraction
log = logging.getLogger(__name__)
class DumpsysPackages(AndroidExtraction):
"""This module extracts details on installed packages."""
def __init__(self, file_path=None, base_folder=None, output_folder=None,
serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
def run(self):
self._adb_connect()
output = self._adb_command("dumpsys package")
if self.output_folder:
packages_path = os.path.join(self.output_folder,
"dumpsys_packages.txt")
with open(packages_path, "w") as handle:
handle.write(output)
log.info("Records from dumpsys package stored at %s",
packages_path)
self._adb_disconnect()

36
mvt/android/modules/adb/dumpsys_procstats.py
View File

@@ -1,36 +0,0 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
import logging
import os
from .base import AndroidExtraction
log = logging.getLogger(__name__)
class DumpsysProcstats(AndroidExtraction):
"""This module extracts stats on memory consumption by processes."""
def __init__(self, file_path=None, base_folder=None, output_folder=None,
serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
def run(self):
self._adb_connect()
output = self._adb_command("dumpsys procstats")
if self.output_folder:
procstats_path = os.path.join(self.output_folder,
"dumpsys_procstats.txt")
with open(procstats_path, "w") as handle:
handle.write(output)
log.info("Records from dumpsys procstats stored at %s",
procstats_path)
self._adb_disconnect()

118
mvt/android/modules/adb/dumpsys_receivers.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
@@ -25,72 +25,96 @@ class DumpsysReceivers(AndroidExtraction):
output_folder=output_folder, fast_mode=fast_mode,
log=log, results=results)
self.results = results if results else {}
def check_indicators(self):
for result in self.results:
if result["activity"] == INTENT_NEW_OUTGOING_SMS:
self.log.info("Found a receiver to intercept outgoing SMS messages: \"%s\"",
result["receiver"])
elif result["activity"] == INTENT_SMS_RECEIVED:
self.log.info("Found a receiver to intercept incoming SMS messages: \"%s\"",
result["receiver"])
elif result["activity"] == INTENT_DATA_SMS_RECEIVED:
self.log.info("Found a receiver to intercept incoming data SMS message: \"%s\"",
result["receiver"])
elif result["activity"] == INTENT_PHONE_STATE:
self.log.info("Found a receiver monitoring telephony state/incoming calls: \"%s\"",
result["receiver"])
elif result["activity"] == INTENT_NEW_OUTGOING_CALL:
self.log.info("Found a receiver monitoring outgoing calls: \"%s\"",
result["receiver"])
def run(self):
self._adb_connect()
output = self._adb_command("dumpsys package")
if not output:
if not self.indicators:
return
activity = None
for line in output.split("\n"):
# Find activity block markers.
if line.strip().startswith(INTENT_NEW_OUTGOING_SMS):
activity = INTENT_NEW_OUTGOING_SMS
continue
elif line.strip().startswith(INTENT_SMS_RECEIVED):
activity = INTENT_SMS_RECEIVED
continue
elif line.strip().startswith(INTENT_PHONE_STATE):
activity = INTENT_PHONE_STATE
continue
elif line.strip().startswith(INTENT_DATA_SMS_RECEIVED):
activity = INTENT_DATA_SMS_RECEIVED
continue
elif line.strip().startswith(INTENT_NEW_OUTGOING_CALL):
activity = INTENT_NEW_OUTGOING_CALL
for intent, receivers in self.results.items():
for receiver in receivers:
if intent == INTENT_NEW_OUTGOING_SMS:
self.log.info("Found a receiver to intercept outgoing SMS messages: \"%s\"",
receiver["receiver"])
elif intent == INTENT_SMS_RECEIVED:
self.log.info("Found a receiver to intercept incoming SMS messages: \"%s\"",
receiver["receiver"])
elif intent == INTENT_DATA_SMS_RECEIVED:
self.log.info("Found a receiver to intercept incoming data SMS message: \"%s\"",
receiver["receiver"])
elif intent == INTENT_PHONE_STATE:
self.log.info("Found a receiver monitoring telephony state/incoming calls: \"%s\"",
receiver["receiver"])
elif intent == INTENT_NEW_OUTGOING_CALL:
self.log.info("Found a receiver monitoring outgoing calls: \"%s\"",
receiver["receiver"])
ioc = self.indicators.check_app_id(receiver["package_name"])
if ioc:
receiver["matched_indicator"] = ioc
self.detected.append({intent: receiver})
continue
# If we are not in an activity block yet, skip.
if not activity:
@staticmethod
def parse_receiver_resolver_table(output):
results = {}
in_receiver_resolver_table = False
in_non_data_actions = False
intent = None
for line in output.split("\n"):
if line.startswith("Receiver Resolver Table:"):
in_receiver_resolver_table = True
continue
if not in_receiver_resolver_table:
continue
if line.startswith(" Non-Data Actions:"):
in_non_data_actions = True
continue
if not in_non_data_actions:
continue
# If we hit an empty line, the Non-Data Actions section should be
# finished.
if line.strip() == "":
break
# We detect the action name.
if line.startswith(" " * 6) and not line.startswith(" " * 8) and ":" in line:
intent = line.strip().replace(":", "")
results[intent] = []
continue
# If we are not in an intent block yet, skip.
if not intent:
continue
# If we are in a block but the line does not start with 8 spaces
# it means the block ended a new one started, so we reset and
# continue.
if not line.startswith(" " * 8):
activity = None
intent = None
continue
# If we got this far, we are processing receivers for the
# activities we are interested in.
receiver = line.strip().split(" ")[1]
package_name = receiver.split("/")[0]
if package_name == "com.google.android.gms":
continue
self.results.append({
"activity": activity,
results[intent].append({
"package_name": package_name,
"receiver": receiver,
})
return results
def run(self):
self._adb_connect()
output = self._adb_command("dumpsys package")
self.results = self.parse_receiver_resolver_table(output)
self._adb_disconnect()

8
mvt/android/modules/adb/files.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
@@ -24,9 +24,9 @@ class Files(AndroidExtraction):
log=log, results=results)
self.full_find = False
def find_files(self, file_path):
def find_files(self, folder):
if self.full_find:
output = self._adb_command(f"find '{file_path}' -printf '%T@ %m %s %u %g %p\n' 2> /dev/null")
output = self._adb_command(f"find '{folder}' -printf '%T@ %m %s %u %g %p\n' 2> /dev/null")
for file_line in output.splitlines():
[unix_timestamp, mode, size, owner, group, full_path] = file_line.rstrip().split(" ", 5)
@@ -42,7 +42,7 @@ class Files(AndroidExtraction):
"group": group,
})
else:
output = self._adb_command(f"find '{file_path}' 2> /dev/null")
output = self._adb_command(f"find '{folder}' 2> /dev/null")
for file_line in output.splitlines():
self.results.append({"path": file_line.rstrip()})

5
mvt/android/modules/adb/getprop.py
View File

@@ -1,10 +1,9 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
import logging
import os
import re
from .base import AndroidExtraction
@@ -26,7 +25,7 @@ class Getprop(AndroidExtraction):
def run(self):
self._adb_connect()
rxp = re.compile("\\[(.+?)\\]: \\[(.+?)\\]")
rxp = re.compile(r"\[(.+?)\]: \[(.+?)\]")
out = self._adb_command("getprop")
for line in out.splitlines():
line = line.strip()

6
mvt/android/modules/adb/logcat.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
@@ -31,7 +31,7 @@ class Logcat(AndroidExtraction):
if self.output_folder:
logcat_path = os.path.join(self.output_folder,
"logcat.txt")
with open(logcat_path, "w") as handle:
with open(logcat_path, "w", encoding="utf-8") as handle:
handle.write(output)
log.info("Current logcat logs stored at %s",
@@ -39,7 +39,7 @@ class Logcat(AndroidExtraction):
logcat_last_path = os.path.join(self.output_folder,
"logcat_last.txt")
with open(logcat_last_path, "w") as handle:
with open(logcat_last_path, "w", encoding="utf-8") as handle:
handle.write(last_output)
log.info("Logcat logs prior to last reboot stored at %s",

112
mvt/android/modules/adb/packages.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
@@ -15,6 +15,29 @@ from .base import AndroidExtraction
log = logging.getLogger(__name__)
DANGEROUS_PERMISSIONS_THRESHOLD = 10
DANGEROUS_PERMISSIONS = [
"android.permission.ACCESS_COARSE_LOCATION",
"android.permission.ACCESS_FINE_LOCATION",
"android.permission.AUTHENTICATE_ACCOUNTS",
"android.permission.CAMERA",
"android.permission.DISABLE_KEYGUARD",
"android.permission.PROCESS_OUTGOING_CALLS",
"android.permission.READ_CALENDAR",
"android.permission.READ_CALL_LOG",
"android.permission.READ_CONTACTS",
"android.permission.READ_PHONE_STATE",
"android.permission.READ_SMS",
"android.permission.RECEIVE_MMS",
"android.permission.RECEIVE_SMS",
"android.permission.RECEIVE_WAP_PUSH",
"android.permission.RECORD_AUDIO",
"android.permission.SEND_SMS",
"android.permission.SYSTEM_ALERT_WINDOW",
"android.permission.USE_CREDENTIALS",
"android.permission.USE_SIP",
"com.android.browser.permission.READ_HISTORY_BOOKMARKS",
]
class Packages(AndroidExtraction):
"""This module extracts the list of installed packages."""
@@ -57,18 +80,60 @@ class Packages(AndroidExtraction):
self.detected.append(result)
continue
if not self.indicators:
continue
ioc = self.indicators.check_app_id(result.get("package_name"))
if ioc:
result["matched_indicators"] = ioc
result["matched_indicator"] = ioc
self.detected.append(result)
continue
for package_file in result["files"]:
ioc = self.indicators.check_file_hash(package_file["sha256"])
if ioc:
result["matched_indicators"] = ioc
result["matched_indicator"] = ioc
self.detected.append(result)
def _get_package_details(self, package_name):
details = {
"uid": "",
"version_name": "",
"version_code": "",
"timestamp": "",
"first_install_time": "",
"last_update_time": "",
"requested_permissions": [],
}
in_permissions = False
for line in self._adb_command(f"dumpsys package {package_name}").split("\n"):
if in_permissions:
if line.startswith(" " * 4) and not line.startswith(" " * 6):
in_permissions = False
continue
permission = line.strip().split(":")[0]
details["requested_permissions"].append(permission)
if line.strip().startswith("userId="):
details["uid"] = line.split("=")[1].strip()
elif line.strip().startswith("versionName="):
details["version_name"] = line.split("=")[1].strip()
elif line.strip().startswith("versionCode="):
details["version_code"] = line.split("=", 1)[1].strip()
elif line.strip().startswith("timeStamp="):
details["timestamp"] = line.split("=")[1].strip()
elif line.strip().startswith("firstInstallTime="):
details["first_install_time"] = line.split("=")[1].strip()
elif line.strip().startswith("lastUpdateTime="):
details["last_update_time"] = line.split("=")[1].strip()
elif line.strip() == "requested permissions:":
in_permissions = True
continue
return details
def _get_files_for_package(self, package_name):
output = self._adb_command(f"pm path {package_name}")
output = output.strip().replace("package:", "")
@@ -97,9 +162,7 @@ class Packages(AndroidExtraction):
def run(self):
self._adb_connect()
packages = self._adb_command("pm list packages -U -u -i -f")
if packages.strip() == "Error: Unknown option: -U":
packages = self._adb_command("pm list packages -u -i -f")
packages = self._adb_command("pm list packages -u -i -f")
for line in packages.split("\n"):
line = line.strip()
@@ -117,31 +180,21 @@ class Packages(AndroidExtraction):
if installer == "null":
installer = None
try:
uid = fields[2].split(":")[1].strip()
except IndexError:
uid = None
dumpsys = self._adb_command(f"dumpsys package {package_name} | grep -A2 timeStamp").split("\n")
timestamp = dumpsys[0].split("=")[1].strip()
first_install = dumpsys[1].split("=")[1].strip()
last_update = dumpsys[2].split("=")[1].strip()
package_files = self._get_files_for_package(package_name)
self.results.append({
new_package = {
"package_name": package_name,
"file_name": file_name,
"installer": installer,
"timestamp": timestamp,
"first_install_time": first_install,
"last_update_time": last_update,
"uid": uid,
"disabled": False,
"system": False,
"third_party": False,
"files": package_files,
})
}
package_details = self._get_package_details(package_name)
new_package.update(package_details)
self.results.append(new_package)
cmds = [
{"field": "disabled", "arg": "-d"},
@@ -160,6 +213,19 @@ class Packages(AndroidExtraction):
if result["package_name"] == package_name:
self.results[i][cmd["field"]] = True
for result in self.results:
if not result["third_party"]:
continue
dangerous_permissions_count = 0
for perm in result["requested_permissions"]:
if perm in DANGEROUS_PERMISSIONS:
dangerous_permissions_count += 1
if dangerous_permissions_count >= DANGEROUS_PERMISSIONS_THRESHOLD:
self.log.info("Third-party package \"%s\" requested %d potentially dangerous permissions",
result["package_name"], dangerous_permissions_count)
packages_to_lookup = []
for result in self.results:
if result["system"]:

2
mvt/android/modules/adb/processes.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/android/modules/adb/root_binaries.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

5
mvt/android/modules/adb/settings.py
View File

@@ -1,11 +1,9 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
import logging
import os
import re
from .base import AndroidExtraction
@@ -60,6 +58,7 @@ ANDROID_DANGEROUS_SETTINGS = [
},
]
class Settings(AndroidExtraction):
"""This module extracts Android system settings."""

2
mvt/android/modules/adb/sms.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/android/modules/adb/whatsapp.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/android/modules/backup/__init__.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/android/modules/backup/sms.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/common/__init__.py
View File

@@ -1,4 +1,4 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/common/help.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

7
mvt/common/indicators.py
View File

@@ -1,9 +1,8 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
import io
import json
import os
@@ -82,7 +81,7 @@ class Indicators:
ioc_file["file_path"] = file_path
ioc_file["file_name"] = os.path.basename(file_path)
with open(file_path, "r") as handle:
with open(file_path, "r", encoding="utf-8") as handle:
try:
data = json.load(handle)
except json.decoder.JSONDecodeError:
@@ -436,7 +435,7 @@ def download_indicators_files(log):
ioc_path = os.path.join(data_dir, clean_file_name)
# Write file to disk. This will overwrite any older version of the STIX2 file.
with io.open(ioc_path, "w") as f:
with open(ioc_path, "w", encoding="utf-8") as f:
f.write(res.text)
log.info("Saved indicator file to '%s'", os.path.basename(ioc_path))

2
mvt/common/logo.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

11
mvt/common/module.py
View File

@@ -1,10 +1,9 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
import csv
import io
import os
import re
@@ -58,7 +57,7 @@ class MVTModule(object):
@classmethod
def from_json(cls, json_path, log=None):
with open(json_path, "r") as handle:
with open(json_path, "r", encoding="utf-8") as handle:
results = json.load(handle)
if log:
log.info("Loaded %d results from \"%s\"",
@@ -91,7 +90,7 @@ class MVTModule(object):
if self.results:
results_file_name = f"{name}.json"
results_json_path = os.path.join(self.output_folder, results_file_name)
with io.open(results_json_path, "w", encoding="utf-8") as handle:
with open(results_json_path, "w", encoding="utf-8") as handle:
try:
json.dump(self.results, handle, indent=4, default=str)
except Exception as e:
@@ -101,7 +100,7 @@ class MVTModule(object):
if self.detected:
detected_file_name = f"{name}_detected.json"
detected_json_path = os.path.join(self.output_folder, detected_file_name)
with io.open(detected_json_path, "w", encoding="utf-8") as handle:
with open(detected_json_path, "w", encoding="utf-8") as handle:
json.dump(self.detected, handle, indent=4, default=str)
def serialize(self, record):
@@ -192,7 +191,7 @@ def save_timeline(timeline, timeline_path):
:param timeline_path: Path to the csv file to store the timeline to
"""
with io.open(timeline_path, "a+", encoding="utf-8") as handle:
with open(timeline_path, "a+", encoding="utf-8") as handle:
csvoutput = csv.writer(handle, delimiter=",", quotechar="\"")
csvoutput.writerow(["UTC Timestamp", "Plugin", "Event", "Description"])
for event in sorted(timeline, key=lambda x: x["timestamp"] if x["timestamp"] is not None else ""):

2
mvt/common/options.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/common/url.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/common/utils.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

4
mvt/common/version.py
View File

@@ -1,12 +1,12 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
import requests
from packaging import version
MVT_VERSION = "1.4.9"
MVT_VERSION = "1.4.11"
def check_for_updates():

2
mvt/ios/__init__.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

5
mvt/ios/cli.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
@@ -184,7 +184,7 @@ def check_backup(ctx, iocs, output, fast, backup_path, list_modules, module):
if len(timeline_detected) > 0:
log.warning("The analysis of the backup produced %d detections!",
len(timeline_detected))
len(timeline_detected))
#==============================================================================
@@ -247,6 +247,7 @@ def check_fs(ctx, iocs, output, fast, dump_path, list_modules, module):
log.warning("The analysis of the filesystem produced %d detections!",
len(timeline_detected))
#==============================================================================
# Command: check-iocs
#==============================================================================

4
mvt/ios/decrypt.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
@@ -185,7 +185,7 @@ class DecryptBackup:
return
try:
with open(key_path, 'w') as handle:
with open(key_path, 'w', encoding="utf-8") as handle:
handle.write(self._decryption_key)
except Exception as e:
log.exception(e)

2
mvt/ios/modules/__init__.py
View File

@@ -1,4 +1,4 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/backup/__init__.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/backup/backup_info.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/backup/configuration_profiles.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/backup/manifest.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/backup/profile_events.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/base.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/fs/__init__.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/fs/analytics.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/fs/cache_files.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/fs/filesystem.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/fs/net_netusage.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/fs/safari_favicon.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

4
mvt/ios/modules/fs/shutdownlog.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
@@ -86,5 +86,5 @@ class ShutdownLog(IOSExtraction):
def run(self):
self._find_ios_database(root_paths=SHUTDOWN_LOG_PATH)
self.log.info("Found shutdown log at path: %s", self.file_path)
with open(self.file_path, "r") as handle:
with open(self.file_path, "r", encoding="utf-8") as handle:
self.process_shutdownlog(handle.read())

4
mvt/ios/modules/fs/version_history.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
@@ -34,7 +34,7 @@ class IOSVersionHistory(IOSExtraction):
def run(self):
for found_path in self._get_fs_files_from_patterns(IOS_ANALYTICS_JOURNAL_PATHS):
with open(found_path, "r") as analytics_log:
with open(found_path, "r", encoding="utf-8") as analytics_log:
log_line = json.loads(analytics_log.readline().strip())
timestamp = datetime.datetime.strptime(log_line["timestamp"],

2
mvt/ios/modules/fs/webkit_base.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/fs/webkit_indexeddb.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/fs/webkit_localstorage.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/fs/webkit_safariviewservice.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/__init__.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/calls.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/chrome_favicon.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/chrome_history.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/contacts.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/firefox_favicon.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/firefox_history.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/idstatuscache.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/interactionc.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/locationd.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/net_datausage.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/osanalytics_addaily.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/safari_browserstate.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/safari_history.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/shortcuts.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/sms.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/sms_attachments.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

9
mvt/ios/modules/mixed/tcc.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
@@ -97,7 +97,6 @@ class TCC(IOSExtraction):
FROM access;""")
db_version = "v1"
for row in cur:
service = row[0]
client = row[1]
@@ -113,7 +112,7 @@ class TCC(IOSExtraction):
if service in ["kTCCServiceMicrophone", "kTCCServiceCamera"]:
device = "microphone" if service == "kTCCServiceMicrophone" else "camera"
self.log.info("Found client \"%s\" with access %s to %s on %s by %s",
client, auth_value_desc, device, last_modified, auth_reason_desc)
client, auth_value_desc, device, last_modified, auth_reason_desc)
self.results.append({
"service": service,
@@ -132,7 +131,7 @@ class TCC(IOSExtraction):
if service in ["kTCCServiceMicrophone", "kTCCServiceCamera"]:
device = "microphone" if service == "kTCCServiceMicrophone" else "camera"
self.log.info("Found client \"%s\" with access %s to %s at %s",
client, allowed_desc, device, last_modified)
client, allowed_desc, device, last_modified)
self.results.append({
"service": service,
"client": client,
@@ -145,7 +144,7 @@ class TCC(IOSExtraction):
if service in ["kTCCServiceMicrophone", "kTCCServiceCamera"]:
device = "microphone" if service == "kTCCServiceMicrophone" else "camera"
self.log.info("Found client \"%s\" with access %s to %s",
client, allowed_desc, device)
client, allowed_desc, device)
self.results.append({
"service": service,
"client": client,

2
mvt/ios/modules/mixed/webkit_resource_load_statistics.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/webkit_session_resource_log.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/mixed/whatsapp.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/modules/net_base.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
mvt/ios/versions.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
setup.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

4
tests/artifacts/generate_stix.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
@@ -41,7 +41,7 @@ def generate_test_stix_file(file_path):
res.append(Relationship(i, "indicates", malware))
bundle = Bundle(objects=res)
with open(file_path, "w+") as f:
with open(file_path, "w+", encoding="utf-8") as f:
f.write(bundle.serialize(pretty=True))

2
tests/common/test_indicators.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
tests/conftest.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
tests/ios/test_backup_info.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
tests/ios/test_datausage.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
tests/ios/test_manifest.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

4
tests/ios/test_safari_browserstate.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
@@ -17,7 +17,7 @@ class TestSafariBrowserStateModule:
m = SafariBrowserState(base_folder=get_backup_folder(), log=logging, results=[])
m.is_backup = True
run_module(m)
assert m.file_path != None
assert m.file_path is not None
assert len(m.results) == 1
assert len(m.timeline) == 1
assert len(m.detected) == 0

2
tests/ios/test_tcc.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/

2
tests/utils.py
View File

@@ -1,5 +1,5 @@
# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/