Mark release 2.5.0 (#445 )

Add new iOS versions and build numbers (#439 )
Co-authored-by: DonnchaC <DonnchaC@users.noreply.github.com>
2026-02-15 18:02:44 +00:00 · 2024-01-04 20:08:42 +01:00 · 2024-01-03 19:08:15 +01:00 · 2024-01-03 18:59:06 +01:00 · 2024-01-03 18:55:32 +01:00 · 2023-12-28 11:44:38 +01:00
10 changed files with 38 additions and 13 deletions
--- a/mvt/android/modules/androidqf/dumpsys_accessibility.py
+++ b/mvt/android/modules/androidqf/dumpsys_accessibility.py
@@ -12,7 +12,7 @@ from .base import AndroidQFModule


 class DumpsysAccessibility(DumpsysAccessibilityArtifact, AndroidQFModule):
-    """This module analyse dumpsys accessbility"""
+    """This module analyses dumpsys accessibility"""

    def __init__(
        self,
--- a/mvt/common/logo.py
+++ b/mvt/common/logo.py
@@ -10,7 +10,7 @@ from .version import MVT_VERSION


 def check_updates() -> None:
-    # First we check for MVT version udpates.
+    # First we check for MVT version updates.
    mvt_updates = MVTUpdates()
    try:
        latest_version = mvt_updates.check()
--- a/mvt/common/version.py
+++ b/mvt/common/version.py
@@ -3,4 +3,4 @@
 # Use of this software is governed by the MVT License 1.1 that can be found at
 #   https://license.mvt.re/1.1/

-MVT_VERSION = "2.4.4"
+MVT_VERSION = "2.5.0"
--- a/mvt/ios/data/ios_models.json
+++ b/mvt/ios/data/ios_models.json
@@ -169,7 +169,7 @@
    },
    {
        "identifier": "iPhone14,8",
-        "decription": "iPhone 14 Plus"
+        "description": "iPhone 14 Plus"
    },
    {
        "identifier": "iPhone15,2",
--- a/mvt/ios/data/ios_versions.json
+++ b/mvt/ios/data/ios_versions.json
@@ -960,6 +960,14 @@
        "version": "16.7.2",
        "build": "20H115"
    },
+    {
+        "version": "16.7.3",
+        "build": "20H232"
+    },
+    {
+        "version": "16.7.4",
+        "build": "20H240"
+    },
    {
        "version": "17.0",
        "build": "21A327"
@@ -999,5 +1007,13 @@
    {
        "version": "17.1.2",
        "build": "21B101"
+    },
+    {
+        "version": "17.2",
+        "build": "21C62"
+    },
+    {
+        "version": "17.2.1",
+        "build": "21C66"
    }
 ]
--- a/mvt/ios/modules/base.py
+++ b/mvt/ios/modules/base.py
@@ -92,7 +92,7 @@ class IOSExtraction(MVTModule):
        self.log.info("Database at path %s recovered successfully!", file_path)

    def _open_sqlite_db(self, file_path: str) -> sqlite3.Connection:
-        return sqlite3.connect(f"file:{file_path}?immutable=1")
+        return sqlite3.connect(f"file:{file_path}?immutable=1", uri=True)

    def _get_backup_files_from_manifest(
        self, relative_path: Optional[str] = None, domain: Optional[str] = None
--- a/mvt/ios/modules/mixed/sms.py
+++ b/mvt/ios/modules/mixed/sms.py
@@ -44,20 +44,25 @@ class SMS(IOSExtraction):
    def serialize(self, record: dict) -> Union[dict, list]:
        text = record["text"].replace("\n", "\\n")
        sms_data = f"{record['service']}: {record['guid']} \"{text}\" from {record['phone_number']} ({record['account']})"
-        return [
+        records = [
            {
                "timestamp": record["isodate"],
                "module": self.__class__.__name__,
                "event": "sms_received",
                "data": sms_data,
            },
-            {
-                "timestamp": record["isodate_read"],
-                "module": self.__class__.__name__,
-                "event": "sms_read",
-                "data": sms_data,
-            },
        ]
+        # If the message was read, we add an extra event.
+        if record["isodate_read"]:
+            records.append(
+                {
+                    "timestamp": record["isodate_read"],
+                    "module": self.__class__.__name__,
+                    "event": "sms_read",
+                    "data": sms_data,
+                }
+            )
+        return records

    def check_indicators(self) -> None:
        for message in self.results:
--- a/mvt/ios/modules/mixed/sms_attachments.py
+++ b/mvt/ios/modules/mixed/sms_attachments.py
@@ -55,6 +55,10 @@ class SMSAttachments(IOSExtraction):

    def check_indicators(self) -> None:
        for attachment in self.results:
+            # Check for known malicious filenames.
+            if self.indicators.check_file_path(attachment["filename"]):
+                self.detected.append(attachment)
+
            if (
                attachment["filename"].startswith("/var/tmp/")
                and attachment["filename"].endswith("-1")
--- a/tests/artifacts/ios_backup/3d/3d0d7e5fb2ce288813306e4d4636395e047a3d28
+++ b/tests/artifacts/ios_backup/3d/3d0d7e5fb2ce288813306e4d4636395e047a3d28
--- a/tests/ios_backup/test_sms.py
+++ b/tests/ios_backup/test_sms.py
@@ -17,7 +17,7 @@ class TestSMSModule:
        m = SMS(target_path=get_ios_backup_folder())
        run_module(m)
        assert len(m.results) == 1
-        assert len(m.timeline) == 2  # SMS received and read events.
+        assert len(m.timeline) == 2
        assert len(m.detected) == 0

    def test_detection(self, indicator_file):
Author	SHA1	Message	Date
Rory Flynn	ad3bc3470e	Mark release 2.5.0 (#445 )	2024-01-04 20:08:42 +01:00
github-actions[bot]	2c5ae696b1	Add new iOS versions and build numbers (#439 ) Co-authored-by: DonnchaC <DonnchaC@users.noreply.github.com>	2024-01-03 19:08:15 +01:00
Christian Clauss	5d2ff32e3a	dumpsys_accessibility.py: Spell accessibility correctly (#441 ) * dumpsys_accessibility.py: Spell accessibility correctly * Fix typo	2024-01-03 18:59:06 +01:00
Rory Flynn	2838bac63f	Circular reference in SMS module serialization (#444 ) * Fix circular reference in SMS module serialization * Modify SMS test artifact to include date_read	2024-01-03 18:55:32 +01:00
msx98	b7df87a62f	add uri=True to sqlite3.connect args (#442 ) Co-authored-by: msx98 <msx98@xb.ax>	2023-12-28 11:44:38 +01:00
Donncha Ó Cearbhaill	013282dbba	Impovements for SMS module (#438 ) * Add indicator checking in the SMS module * Don't add SMS entries when read timestamp not set * Remove print() line	2023-12-17 12:59:35 +01:00
github-actions[bot]	ab33789f06	Add new iOS versions and build numbers (#437 ) Co-authored-by: DonnchaC <DonnchaC@users.noreply.github.com>	2023-12-12 08:40:32 +01:00
Rory Flynn	a1571c127d	Mark release 2.4.5 (#436 )	2023-12-11 11:10:36 +01:00
Rory Flynn	61f33f7ecb	Fix typo in ios_models.json (#435 )	2023-12-09 19:41:43 +01:00