Merge branch 'main' into feature/deduplicate-adb-aqf-modules

add missing import
2025-10-21 22:42:15 +02:00 · 2025-10-21 15:14:26 +02:00 · 2025-10-05 18:13:31 +02:00 · 2025-10-05 18:04:01 +02:00 · 2025-02-11 15:04:48 +01:00 · 2025-02-10 20:32:51 +01:00
69 changed files with 359 additions and 1297 deletions
--- a/src/mvt/android/cmd_check_adb.py
+++ b/src/mvt/android/cmd_check_adb.py
@@ -7,6 +7,7 @@ import logging
 from typing import Optional

 from mvt.common.command import Command
+from mvt.common.indicators import Indicators

 from .modules.adb import ADB_MODULES

@@ -19,17 +20,23 @@ class CmdAndroidCheckADB(Command):
        target_path: Optional[str] = None,
        results_path: Optional[str] = None,
        ioc_files: Optional[list] = None,
+        iocs: Optional[Indicators] = None,
        module_name: Optional[str] = None,
        serial: Optional[str] = None,
        module_options: Optional[dict] = None,
+        hashes: Optional[bool] = False,
+        sub_command: Optional[bool] = False,
    ) -> None:
        super().__init__(
            target_path=target_path,
            results_path=results_path,
            ioc_files=ioc_files,
+            iocs=iocs,
            module_name=module_name,
            serial=serial,
            module_options=module_options,
+            hashes=hashes,
+            sub_command=sub_command,
            log=log,
        )

--- a/src/mvt/android/cmd_check_androidqf.py
+++ b/src/mvt/android/cmd_check_androidqf.py
@@ -10,58 +10,182 @@ from pathlib import Path
 from typing import List, Optional

 from mvt.common.command import Command
+from mvt.common.indicators import Indicators
+
+from mvt.android.cmd_check_bugreport import CmdAndroidCheckBugreport
+from mvt.android.cmd_check_backup import CmdAndroidCheckBackup

 from .modules.androidqf import ANDROIDQF_MODULES
+from .modules.androidqf.base import AndroidQFModule

 log = logging.getLogger(__name__)


+class NoAndroidQFTargetPath(Exception):
+    pass
+
+
+class NoAndroidQFBugReport(Exception):
+    pass
+
+
+class NoAndroidQFBackup(Exception):
+    pass
+
+
 class CmdAndroidCheckAndroidQF(Command):
    def __init__(
        self,
        target_path: Optional[str] = None,
        results_path: Optional[str] = None,
        ioc_files: Optional[list] = None,
+        iocs: Optional[Indicators] = None,
        module_name: Optional[str] = None,
        serial: Optional[str] = None,
        module_options: Optional[dict] = None,
-        hashes: bool = False,
+        hashes: Optional[bool] = False,
+        sub_command: Optional[bool] = False,
    ) -> None:
        super().__init__(
            target_path=target_path,
            results_path=results_path,
            ioc_files=ioc_files,
+            iocs=iocs,
            module_name=module_name,
            serial=serial,
            module_options=module_options,
            hashes=hashes,
+            sub_command=sub_command,
            log=log,
        )

        self.name = "check-androidqf"
        self.modules = ANDROIDQF_MODULES

-        self.format: Optional[str] = None
-        self.archive: Optional[zipfile.ZipFile] = None
-        self.files: List[str] = []
+        self.__format: Optional[str] = None
+        self.__zip: Optional[zipfile.ZipFile] = None
+        self.__files: List[str] = []

    def init(self):
        if os.path.isdir(self.target_path):
-            self.format = "dir"
+            self.__format = "dir"
            parent_path = Path(self.target_path).absolute().parent.as_posix()
            target_abs_path = os.path.abspath(self.target_path)
            for root, subdirs, subfiles in os.walk(target_abs_path):
                for fname in subfiles:
                    file_path = os.path.relpath(os.path.join(root, fname), parent_path)
-                    self.files.append(file_path)
+                    self.__files.append(file_path)
        elif os.path.isfile(self.target_path):
-            self.format = "zip"
-            self.archive = zipfile.ZipFile(self.target_path)
-            self.files = self.archive.namelist()
+            self.__format = "zip"
+            self.__zip = zipfile.ZipFile(self.target_path)
+            self.__files = self.__zip.namelist()

-    def module_init(self, module):
-        if self.format == "zip":
-            module.from_zip_file(self.archive, self.files)
+    def module_init(self, module: AndroidQFModule) -> None:  # type: ignore[override]
+        if self.__format == "zip" and self.__zip:
+            module.from_zip(self.__zip, self.__files)
+            return
+
+        if not self.target_path:
+            raise NoAndroidQFTargetPath
+
+        parent_path = Path(self.target_path).absolute().parent.as_posix()
+        module.from_dir(parent_path, self.__files)
+
+    def load_bugreport(self) -> zipfile.ZipFile:
+        bugreport_zip_path = None
+        for file_name in self.__files:
+            if file_name.endswith("bugreport.zip"):
+                bugreport_zip_path = file_name
+                break
        else:
+            raise NoAndroidQFBugReport
+
+        if self.__format == "zip" and self.__zip:
+            handle = self.__zip.open(bugreport_zip_path)
+            return zipfile.ZipFile(handle)
+
+        if self.__format == "dir" and self.target_path:
            parent_path = Path(self.target_path).absolute().parent.as_posix()
-            module.from_folder(parent_path, self.files)
+            bug_report_path = os.path.join(parent_path, bugreport_zip_path)
+            return zipfile.ZipFile(bug_report_path)
+
+        raise NoAndroidQFBugReport
+
+    def load_backup(self) -> bytes:
+        backup_ab_path = None
+        for file_name in self.__files:
+            if file_name.endswith("backup.ab"):
+                backup_ab_path = file_name
+                break
+        else:
+            raise NoAndroidQFBackup
+
+        if self.__format == "zip" and self.__zip:
+            backup_file_handle = self.__zip.open(backup_ab_path)
+            return backup_file_handle.read()
+
+        if self.__format == "dir" and self.target_path:
+            parent_path = Path(self.target_path).absolute().parent.as_posix()
+            backup_path = os.path.join(parent_path, backup_ab_path)
+            with open(backup_path, "rb") as backup_file:
+                backup_ab_data = backup_file.read()
+            return backup_ab_data
+
+        raise NoAndroidQFBackup
+
+    def run_bugreport_cmd(self) -> bool:
+        try:
+            bugreport = self.load_bugreport()
+        except NoAndroidQFBugReport:
+            self.log.warning(
+                "Skipping bugreport modules as no bugreport.zip found in AndroidQF data."
+            )
+            return False
+        else:
+            cmd = CmdAndroidCheckBugreport(
+                target_path=None,
+                results_path=self.results_path,
+                ioc_files=self.ioc_files,
+                iocs=self.iocs,
+                module_options=self.module_options,
+                hashes=self.hashes,
+                sub_command=True,
+            )
+            cmd.from_zip(bugreport)
+            cmd.run()
+
+            self.detected_count += cmd.detected_count
+            self.timeline.extend(cmd.timeline)
+            self.timeline_detected.extend(cmd.timeline_detected)
+
+    def run_backup_cmd(self) -> bool:
+        try:
+            backup = self.load_backup()
+        except NoAndroidQFBackup:
+            self.log.warning(
+                "Skipping backup modules as no backup.ab found in AndroidQF data."
+            )
+            return False
+        else:
+            cmd = CmdAndroidCheckBackup(
+                target_path=None,
+                results_path=self.results_path,
+                ioc_files=self.ioc_files,
+                iocs=self.iocs,
+                module_options=self.module_options,
+                hashes=self.hashes,
+                sub_command=True,
+            )
+            cmd.from_ab(backup)
+            cmd.run()
+
+            self.detected_count += cmd.detected_count
+            self.timeline.extend(cmd.timeline)
+            self.timeline_detected.extend(cmd.timeline_detected)
+
+    def finish(self) -> None:
+        """
+        Run the bugreport and backup modules if the respective files are found in the AndroidQF data.
+        """
+        self.run_bugreport_cmd()
+        self.run_backup_cmd()
--- a/src/mvt/android/cmd_check_backup.py
+++ b/src/mvt/android/cmd_check_backup.py
@@ -20,6 +20,7 @@ from mvt.android.parsers.backup import (
    parse_backup_file,
 )
 from mvt.common.command import Command
+from mvt.common.indicators import Indicators

 from .modules.backup import BACKUP_MODULES

@@ -32,19 +33,23 @@ class CmdAndroidCheckBackup(Command):
        target_path: Optional[str] = None,
        results_path: Optional[str] = None,
        ioc_files: Optional[list] = None,
+        iocs: Optional[Indicators] = None,
        module_name: Optional[str] = None,
        serial: Optional[str] = None,
        module_options: Optional[dict] = None,
-        hashes: bool = False,
+        hashes: Optional[bool] = False,
+        sub_command: Optional[bool] = False,
    ) -> None:
        super().__init__(
            target_path=target_path,
            results_path=results_path,
            ioc_files=ioc_files,
+            iocs=iocs,
            module_name=module_name,
            serial=serial,
            module_options=module_options,
            hashes=hashes,
+            sub_command=sub_command,
            log=log,
        )

@@ -55,6 +60,34 @@ class CmdAndroidCheckBackup(Command):
        self.backup_archive: Optional[tarfile.TarFile] = None
        self.backup_files: List[str] = []

+    def from_ab(self, ab_file_bytes: bytes) -> None:
+        self.backup_type = "ab"
+        header = parse_ab_header(ab_file_bytes)
+        if not header["backup"]:
+            log.critical("Invalid backup format, file should be in .ab format")
+            sys.exit(1)
+
+        password = None
+        if header["encryption"] != "none":
+            password = prompt_or_load_android_backup_password(log, self.module_options)
+            if not password:
+                log.critical("No backup password provided.")
+                sys.exit(1)
+        try:
+            tardata = parse_backup_file(ab_file_bytes, password=password)
+        except InvalidBackupPassword:
+            log.critical("Invalid backup password")
+            sys.exit(1)
+        except AndroidBackupParsingError as exc:
+            log.critical("Impossible to parse this backup file: %s", exc)
+            log.critical("Please use Android Backup Extractor (ABE) instead")
+            sys.exit(1)
+
+        dbytes = io.BytesIO(tardata)
+        self.backup_archive = tarfile.open(fileobj=dbytes)
+        for member in self.backup_archive:
+            self.backup_files.append(member.name)
+
    def init(self) -> None:
        if not self.target_path:
            return
@@ -62,35 +95,8 @@ class CmdAndroidCheckBackup(Command):
        if os.path.isfile(self.target_path):
            self.backup_type = "ab"
            with open(self.target_path, "rb") as handle:
-                data = handle.read()
-
-            header = parse_ab_header(data)
-            if not header["backup"]:
-                log.critical("Invalid backup format, file should be in .ab format")
-                sys.exit(1)
-
-            password = None
-            if header["encryption"] != "none":
-                password = prompt_or_load_android_backup_password(
-                    log, self.module_options
-                )
-                if not password:
-                    log.critical("No backup password provided.")
-                    sys.exit(1)
-            try:
-                tardata = parse_backup_file(data, password=password)
-            except InvalidBackupPassword:
-                log.critical("Invalid backup password")
-                sys.exit(1)
-            except AndroidBackupParsingError as exc:
-                log.critical("Impossible to parse this backup file: %s", exc)
-                log.critical("Please use Android Backup Extractor (ABE) instead")
-                sys.exit(1)
-
-            dbytes = io.BytesIO(tardata)
-            self.backup_archive = tarfile.open(fileobj=dbytes)
-            for member in self.backup_archive:
-                self.backup_files.append(member.name)
+                ab_file_bytes = handle.read()
+            self.from_ab(ab_file_bytes)

        elif os.path.isdir(self.target_path):
            self.backup_type = "folder"
@@ -109,6 +115,6 @@ class CmdAndroidCheckBackup(Command):

    def module_init(self, module: BackupExtraction) -> None:  # type: ignore[override]
        if self.backup_type == "folder":
-            module.from_folder(self.target_path, self.backup_files)
+            module.from_dir(self.target_path, self.backup_files)
        else:
            module.from_ab(self.target_path, self.backup_archive, self.backup_files)
--- a/src/mvt/android/cmd_check_bugreport.py
+++ b/src/mvt/android/cmd_check_bugreport.py
@@ -11,6 +11,7 @@ from zipfile import ZipFile

 from mvt.android.modules.bugreport.base import BugReportModule
 from mvt.common.command import Command
+from mvt.common.indicators import Indicators

 from .modules.bugreport import BUGREPORT_MODULES

@@ -23,54 +24,76 @@ class CmdAndroidCheckBugreport(Command):
        target_path: Optional[str] = None,
        results_path: Optional[str] = None,
        ioc_files: Optional[list] = None,
+        iocs: Optional[Indicators] = None,
        module_name: Optional[str] = None,
        serial: Optional[str] = None,
        module_options: Optional[dict] = None,
-        hashes: bool = False,
+        hashes: Optional[bool] = False,
+        sub_command: Optional[bool] = False,
    ) -> None:
        super().__init__(
            target_path=target_path,
            results_path=results_path,
            ioc_files=ioc_files,
+            iocs=iocs,
            module_name=module_name,
            serial=serial,
            module_options=module_options,
            hashes=hashes,
+            sub_command=sub_command,
            log=log,
        )

        self.name = "check-bugreport"
        self.modules = BUGREPORT_MODULES

-        self.bugreport_format: str = ""
-        self.bugreport_archive: Optional[ZipFile] = None
-        self.bugreport_files: List[str] = []
+        self.__format: str = ""
+        self.__zip: Optional[ZipFile] = None
+        self.__files: List[str] = []
+
+    def from_dir(self, dir_path: str) -> None:
+        """This method is used to initialize the bug report analysis from an
+        uncompressed directory.
+        """
+        self.__format = "dir"
+        self.target_path = dir_path
+        parent_path = Path(dir_path).absolute().as_posix()
+        for root, _, subfiles in os.walk(os.path.abspath(dir_path)):
+            for file_name in subfiles:
+                file_path = os.path.relpath(os.path.join(root, file_name), parent_path)
+                self.__files.append(file_path)
+
+    def from_zip(self, bugreport_zip: ZipFile) -> None:
+        """This method is used to initialize the bug report analysis from a
+        compressed archive.
+        """
+        # NOTE: This will be invoked either by the CLI directly,or by the
+        # check-androidqf command. We need this because we want to support
+        # check-androidqf to analyse compressed archives itself too.
+        # So, we'll need to extract bugreport.zip from a 'androidqf.zip', and
+        # since nothing is written on disk, we need to be able to pass this
+        # command a ZipFile instance in memory.
+
+        self.__format = "zip"
+        self.__zip = bugreport_zip
+        for file_name in self.__zip.namelist():
+            self.__files.append(file_name)

    def init(self) -> None:
        if not self.target_path:
            return

        if os.path.isfile(self.target_path):
-            self.bugreport_format = "zip"
-            self.bugreport_archive = ZipFile(self.target_path)
-            for file_name in self.bugreport_archive.namelist():
-                self.bugreport_files.append(file_name)
+            self.from_zip(ZipFile(self.target_path))
        elif os.path.isdir(self.target_path):
-            self.bugreport_format = "dir"
-            parent_path = Path(self.target_path).absolute().as_posix()
-            for root, _, subfiles in os.walk(os.path.abspath(self.target_path)):
-                for file_name in subfiles:
-                    file_path = os.path.relpath(
-                        os.path.join(root, file_name), parent_path
-                    )
-                    self.bugreport_files.append(file_path)
+            self.from_dir(self.target_path)

    def module_init(self, module: BugReportModule) -> None:  # type: ignore[override]
-        if self.bugreport_format == "zip":
-            module.from_zip(self.bugreport_archive, self.bugreport_files)
+        if self.__format == "zip":
+            module.from_zip(self.__zip, self.__files)
        else:
-            module.from_folder(self.target_path, self.bugreport_files)
+            module.from_dir(self.target_path, self.__files)

    def finish(self) -> None:
-        if self.bugreport_archive:
-            self.bugreport_archive.close()
+        if self.__zip:
+            self.__zip.close()
--- a/src/mvt/android/modules/adb/init.py
+++ b/src/mvt/android/modules/adb/init.py
@@ -4,15 +4,7 @@
 #   https://license.mvt.re/1.1/

 from .chrome_history import ChromeHistory
-from .dumpsys_accessibility import DumpsysAccessibility
-from .dumpsys_activities import DumpsysActivities
-from .dumpsys_appops import DumpsysAppOps
-from .dumpsys_battery_daily import DumpsysBatteryDaily
-from .dumpsys_battery_history import DumpsysBatteryHistory
-from .dumpsys_dbinfo import DumpsysDBInfo
-from .dumpsys_adbstate import DumpsysADBState
 from .dumpsys_full import DumpsysFull
-from .dumpsys_receivers import DumpsysReceivers
 from .files import Files
 from .getprop import Getprop
 from .logcat import Logcat
@@ -32,15 +24,7 @@ ADB_MODULES = [
    Getprop,
    Settings,
    SELinuxStatus,
-    DumpsysBatteryHistory,
-    DumpsysBatteryDaily,
-    DumpsysReceivers,
-    DumpsysActivities,
-    DumpsysAccessibility,
-    DumpsysDBInfo,
-    DumpsysADBState,
    DumpsysFull,
-    DumpsysAppOps,
    Packages,
    Logcat,
    RootBinaries,
--- a/src/mvt/android/modules/adb/dumpsys_accessibility.py
+++ b/src/mvt/android/modules/adb/dumpsys_accessibility.py
@@ -1,49 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_accessibility import DumpsysAccessibilityArtifact
-
-from .base import AndroidExtraction
-
-
-class DumpsysAccessibility(DumpsysAccessibilityArtifact, AndroidExtraction):
-    """This module extracts stats on accessibility."""
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        self._adb_connect()
-        output = self._adb_command("dumpsys accessibility")
-        self._adb_disconnect()
-
-        self.parse(output)
-
-        for result in self.results:
-            self.log.info(
-                'Found installed accessibility service "%s"', result.get("service")
-            )
-
-        self.log.info(
-            "Identified a total of %d accessibility services", len(self.results)
-        )
--- a/src/mvt/android/modules/adb/dumpsys_activities.py
+++ b/src/mvt/android/modules/adb/dumpsys_activities.py
@@ -1,45 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_package_activities import (
-    DumpsysPackageActivitiesArtifact,
-)
-
-from .base import AndroidExtraction
-
-
-class DumpsysActivities(DumpsysPackageActivitiesArtifact, AndroidExtraction):
-    """This module extracts details on receivers for risky activities."""
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-        self.results = results if results else []
-
-    def run(self) -> None:
-        self._adb_connect()
-        output = self._adb_command("dumpsys package")
-        self._adb_disconnect()
-        self.parse(output)
-
-        self.log.info("Extracted %d package activities", len(self.results))
--- a/src/mvt/android/modules/adb/dumpsys_adbstate.py
+++ b/src/mvt/android/modules/adb/dumpsys_adbstate.py
@@ -1,45 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_adb import DumpsysADBArtifact
-
-from .base import AndroidExtraction
-
-
-class DumpsysADBState(DumpsysADBArtifact, AndroidExtraction):
-    """This module extracts ADB keystore state."""
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        self._adb_connect()
-        output = self._adb_command("dumpsys adb", decode=False)
-        self._adb_disconnect()
-
-        self.parse(output)
-        if self.results:
-            self.log.info(
-                "Identified a total of %d trusted ADB keys",
-                len(self.results[0].get("user_keys", [])),
-            )
--- a/src/mvt/android/modules/adb/dumpsys_appops.py
+++ b/src/mvt/android/modules/adb/dumpsys_appops.py
@@ -1,46 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_appops import DumpsysAppopsArtifact
-
-from .base import AndroidExtraction
-
-
-class DumpsysAppOps(DumpsysAppopsArtifact, AndroidExtraction):
-    """This module extracts records from App-op Manager."""
-
-    slug = "dumpsys_appops"
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        self._adb_connect()
-        output = self._adb_command("dumpsys appops")
-        self._adb_disconnect()
-
-        self.parse(output)
-
-        self.log.info(
-            "Extracted a total of %d records from app-ops manager", len(self.results)
-        )
--- a/src/mvt/android/modules/adb/dumpsys_battery_daily.py
+++ b/src/mvt/android/modules/adb/dumpsys_battery_daily.py
@@ -1,44 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_battery_daily import DumpsysBatteryDailyArtifact
-
-from .base import AndroidExtraction
-
-
-class DumpsysBatteryDaily(DumpsysBatteryDailyArtifact, AndroidExtraction):
-    """This module extracts records from battery daily updates."""
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        self._adb_connect()
-        output = self._adb_command("dumpsys batterystats --daily")
-        self._adb_disconnect()
-
-        self.parse(output)
-
-        self.log.info(
-            "Extracted %d records from battery daily stats", len(self.results)
-        )
--- a/src/mvt/android/modules/adb/dumpsys_battery_history.py
+++ b/src/mvt/android/modules/adb/dumpsys_battery_history.py
@@ -1,42 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_battery_history import DumpsysBatteryHistoryArtifact
-
-from .base import AndroidExtraction
-
-
-class DumpsysBatteryHistory(DumpsysBatteryHistoryArtifact, AndroidExtraction):
-    """This module extracts records from battery history events."""
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        self._adb_connect()
-        output = self._adb_command("dumpsys batterystats --history")
-        self._adb_disconnect()
-
-        self.parse(output)
-
-        self.log.info("Extracted %d records from battery history", len(self.results))
--- a/src/mvt/android/modules/adb/dumpsys_dbinfo.py
+++ b/src/mvt/android/modules/adb/dumpsys_dbinfo.py
@@ -1,47 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_dbinfo import DumpsysDBInfoArtifact
-
-from .base import AndroidExtraction
-
-
-class DumpsysDBInfo(DumpsysDBInfoArtifact, AndroidExtraction):
-    """This module extracts records from battery daily updates."""
-
-    slug = "dumpsys_dbinfo"
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        self._adb_connect()
-        output = self._adb_command("dumpsys dbinfo")
-        self._adb_disconnect()
-
-        self.parse(output)
-
-        self.log.info(
-            "Extracted a total of %d records from database information",
-            len(self.results),
-        )
--- a/src/mvt/android/modules/adb/dumpsys_receivers.py
+++ b/src/mvt/android/modules/adb/dumpsys_receivers.py
@@ -1,44 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_receivers import DumpsysReceiversArtifact
-
-from .base import AndroidExtraction
-
-
-class DumpsysReceivers(DumpsysReceiversArtifact, AndroidExtraction):
-    """This module extracts details on receivers for risky activities."""
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-        self.results = results if results else {}
-
-    def run(self) -> None:
-        self._adb_connect()
-
-        output = self._adb_command("dumpsys package")
-        self.parse(output)
-
-        self._adb_disconnect()
-        self.log.info("Extracted receivers for %d intents", len(self.results))
--- a/src/mvt/android/modules/androidqf/init.py
+++ b/src/mvt/android/modules/androidqf/init.py
@@ -3,38 +3,18 @@
 # Use of this software is governed by the MVT License 1.1 that can be found at
 #   https://license.mvt.re/1.1/

-from .dumpsys_accessibility import DumpsysAccessibility
-from .dumpsys_activities import DumpsysActivities
-from .dumpsys_appops import DumpsysAppops
-from .dumpsys_battery_daily import DumpsysBatteryDaily
-from .dumpsys_battery_history import DumpsysBatteryHistory
-from .dumpsys_dbinfo import DumpsysDBInfo
-from .dumpsys_packages import DumpsysPackages
-from .dumpsys_receivers import DumpsysReceivers
-from .dumpsys_adb import DumpsysADBState
-from .getprop import Getprop
-from .packages import Packages
-from .dumpsys_platform_compat import DumpsysPlatformCompat
-from .processes import Processes
-from .settings import Settings
+from .aqf_getprop import AQFGetProp
+from .aqf_packages import AQFPackages
+from .aqf_processes import AQFProcesses
+from .aqf_settings import AQFSettings
+from .aqf_files import AQFFiles
 from .sms import SMS
-from .files import Files

 ANDROIDQF_MODULES = [
-    DumpsysActivities,
-    DumpsysReceivers,
-    DumpsysAccessibility,
-    DumpsysAppops,
-    DumpsysDBInfo,
-    DumpsysBatteryDaily,
-    DumpsysBatteryHistory,
-    DumpsysADBState,
-    Packages,
-    DumpsysPlatformCompat,
-    Processes,
-    Getprop,
-    Settings,
+    AQFPackages,
+    AQFProcesses,
+    AQFGetProp,
+    AQFSettings,
+    AQFFiles,
    SMS,
-    DumpsysPackages,
-    Files,
 ]
--- a/src/mvt/android/modules/androidqf/aqf_files.py
+++ b/src/mvt/android/modules/androidqf/aqf_files.py
@@ -21,8 +21,13 @@ SUSPICIOUS_PATHS = [
 ]


-class Files(AndroidQFModule):
-    """This module analyse list of files"""
+class AQFFiles(AndroidQFModule):
+    """
+    This module analyzes the files.json dump generated by AndroidQF.
+
+    The format needs to be kept in sync with the AndroidQF module code.
+    https://github.com/mvt-project/androidqf/blob/main/android-collector/cmd/find.go#L28
+    """

    def __init__(
        self,
--- a/src/mvt/android/modules/androidqf/aqf_getprop.py
+++ b/src/mvt/android/modules/androidqf/aqf_getprop.py
@@ -11,7 +11,7 @@ from mvt.android.artifacts.getprop import GetProp as GetPropArtifact
 from .base import AndroidQFModule


-class Getprop(GetPropArtifact, AndroidQFModule):
+class AQFGetProp(GetPropArtifact, AndroidQFModule):
    """This module extracts data from get properties."""

    def __init__(
--- a/src/mvt/android/modules/androidqf/aqf_log_timestamps.py
+++ b/src/mvt/android/modules/androidqf/aqf_log_timestamps.py
@@ -13,10 +13,10 @@ from .base import AndroidQFModule
 from mvt.android.artifacts.file_timestamps import FileTimestampsArtifact


-class LogsFileTimestamps(FileTimestampsArtifact, AndroidQFModule):
-    """This module extracts records from battery daily updates."""
+class AQFLogTimestamps(FileTimestampsArtifact, AndroidQFModule):
+    """This module creates timeline for log files extracted by AQF."""

-    slug = "logfile_timestamps"
+    slug = "aqf_log_timestamps"

    def __init__(
        self,
--- a/src/mvt/android/modules/androidqf/aqf_packages.py
+++ b/src/mvt/android/modules/androidqf/aqf_packages.py
@@ -19,7 +19,7 @@ from mvt.android.utils import (
 from .base import AndroidQFModule


-class Packages(AndroidQFModule):
+class AQFPackages(AndroidQFModule):
    """This module examines the installed packages in packages.json"""

    def __init__(
--- a/src/mvt/android/modules/androidqf/aqf_processes.py
+++ b/src/mvt/android/modules/androidqf/aqf_processes.py
@@ -11,7 +11,7 @@ from mvt.android.artifacts.processes import Processes as ProcessesArtifact
 from .base import AndroidQFModule


-class Processes(ProcessesArtifact, AndroidQFModule):
+class AQFProcesses(ProcessesArtifact, AndroidQFModule):
    """This module analyse running processes"""

    def __init__(
--- a/src/mvt/android/modules/androidqf/aqf_settings.py
+++ b/src/mvt/android/modules/androidqf/aqf_settings.py
@@ -11,7 +11,7 @@ from mvt.android.artifacts.settings import Settings as SettingsArtifact
 from .base import AndroidQFModule


-class Settings(SettingsArtifact, AndroidQFModule):
+class AQFSettings(SettingsArtifact, AndroidQFModule):
    """This module analyse setting files"""

    def __init__(
--- a/src/mvt/android/modules/androidqf/base.py
+++ b/src/mvt/android/modules/androidqf/base.py
@@ -37,11 +37,11 @@ class AndroidQFModule(MVTModule):
        self.files: List[str] = []
        self.archive: Optional[zipfile.ZipFile] = None

-    def from_folder(self, parent_path: str, files: List[str]):
+    def from_dir(self, parent_path: str, files: List[str]) -> None:
        self.parent_path = parent_path
        self.files = files

-    def from_zip_file(self, archive: zipfile.ZipFile, files: List[str]):
+    def from_zip(self, archive: zipfile.ZipFile, files: List[str]) -> None:
        self.archive = archive
        self.files = files

--- a/src/mvt/android/modules/androidqf/dumpsys_accessibility.py
+++ b/src/mvt/android/modules/androidqf/dumpsys_accessibility.py
@@ -1,51 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_accessibility import DumpsysAccessibilityArtifact
-
-from .base import AndroidQFModule
-
-
-class DumpsysAccessibility(DumpsysAccessibilityArtifact, AndroidQFModule):
-    """This module analyses dumpsys accessibility"""
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt")
-        if not dumpsys_file:
-            return
-
-        data = self._get_file_content(dumpsys_file[0]).decode("utf-8", errors="replace")
-        content = self.extract_dumpsys_section(data, "DUMP OF SERVICE accessibility:")
-        self.parse(content)
-
-        for result in self.results:
-            self.log.info(
-                'Found installed accessibility service "%s"', result.get("service")
-            )
-
-        self.log.info(
-            "Identified a total of %d accessibility services", len(self.results)
-        )
--- a/src/mvt/android/modules/androidqf/dumpsys_activities.py
+++ b/src/mvt/android/modules/androidqf/dumpsys_activities.py
@@ -1,50 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_package_activities import (
-    DumpsysPackageActivitiesArtifact,
-)
-
-from .base import AndroidQFModule
-
-
-class DumpsysActivities(DumpsysPackageActivitiesArtifact, AndroidQFModule):
-    """This module extracts details on receivers for risky activities."""
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-        self.results = results if results else []
-
-    def run(self) -> None:
-        dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt")
-        if not dumpsys_file:
-            return
-
-        # Get data and extract the dumpsys section
-        data = self._get_file_content(dumpsys_file[0]).decode("utf-8", errors="replace")
-        content = self.extract_dumpsys_section(data, "DUMP OF SERVICE package:")
-        # Parse it
-        self.parse(content)
-
-        self.log.info("Extracted %d package activities", len(self.results))
--- a/src/mvt/android/modules/androidqf/dumpsys_adb.py
+++ b/src/mvt/android/modules/androidqf/dumpsys_adb.py
@@ -1,51 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_adb import DumpsysADBArtifact
-
-from .base import AndroidQFModule
-
-
-class DumpsysADBState(DumpsysADBArtifact, AndroidQFModule):
-    """This module extracts ADB keystore state."""
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt")
-        if not dumpsys_file:
-            return
-
-        full_dumpsys = self._get_file_content(dumpsys_file[0])
-        content = self.extract_dumpsys_section(
-            full_dumpsys,
-            b"DUMP OF SERVICE adb:",
-            binary=True,
-        )
-        self.parse(content)
-        if self.results:
-            self.log.info(
-                "Identified a total of %d trusted ADB keys",
-                len(self.results[0].get("user_keys", [])),
-            )
--- a/src/mvt/android/modules/androidqf/dumpsys_appops.py
+++ b/src/mvt/android/modules/androidqf/dumpsys_appops.py
@@ -1,46 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_appops import DumpsysAppopsArtifact
-
-from .base import AndroidQFModule
-
-
-class DumpsysAppops(DumpsysAppopsArtifact, AndroidQFModule):
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt")
-        if not dumpsys_file:
-            return
-
-        # Extract section
-        data = self._get_file_content(dumpsys_file[0])
-        section = self.extract_dumpsys_section(
-            data.decode("utf-8", errors="replace"), "DUMP OF SERVICE appops:"
-        )
-
-        # Parse it
-        self.parse(section)
-        self.log.info("Identified %d applications in AppOps Manager", len(self.results))
--- a/src/mvt/android/modules/androidqf/dumpsys_battery_daily.py
+++ b/src/mvt/android/modules/androidqf/dumpsys_battery_daily.py
@@ -1,46 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_battery_daily import DumpsysBatteryDailyArtifact
-
-from .base import AndroidQFModule
-
-
-class DumpsysBatteryDaily(DumpsysBatteryDailyArtifact, AndroidQFModule):
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt")
-        if not dumpsys_file:
-            return
-
-        # Extract section
-        data = self._get_file_content(dumpsys_file[0])
-        section = self.extract_dumpsys_section(
-            data.decode("utf-8", errors="replace"), "DUMP OF SERVICE batterystats:"
-        )
-
-        # Parse it
-        self.parse(section)
-        self.log.info("Extracted a total of %d battery daily stats", len(self.results))
--- a/src/mvt/android/modules/androidqf/dumpsys_battery_history.py
+++ b/src/mvt/android/modules/androidqf/dumpsys_battery_history.py
@@ -1,46 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_battery_history import DumpsysBatteryHistoryArtifact
-
-from .base import AndroidQFModule
-
-
-class DumpsysBatteryHistory(DumpsysBatteryHistoryArtifact, AndroidQFModule):
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt")
-        if not dumpsys_file:
-            return
-
-        # Extract section
-        data = self._get_file_content(dumpsys_file[0])
-        section = self.extract_dumpsys_section(
-            data.decode("utf-8", errors="replace"), "DUMP OF SERVICE batterystats:"
-        )
-
-        # Parse it
-        self.parse(section)
-        self.log.info("Extracted a total of %d battery daily stats", len(self.results))
--- a/src/mvt/android/modules/androidqf/dumpsys_dbinfo.py
+++ b/src/mvt/android/modules/androidqf/dumpsys_dbinfo.py
@@ -1,46 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_dbinfo import DumpsysDBInfoArtifact
-
-from .base import AndroidQFModule
-
-
-class DumpsysDBInfo(DumpsysDBInfoArtifact, AndroidQFModule):
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt")
-        if not dumpsys_file:
-            return
-
-        # Extract dumpsys DBInfo section
-        data = self._get_file_content(dumpsys_file[0])
-        section = self.extract_dumpsys_section(
-            data.decode("utf-8", errors="replace"), "DUMP OF SERVICE dbinfo:"
-        )
-
-        # Parse it
-        self.parse(section)
-        self.log.info("Identified %d DB Info entries", len(self.results))
--- a/src/mvt/android/modules/androidqf/dumpsys_packages.py
+++ b/src/mvt/android/modules/androidqf/dumpsys_packages.py
@@ -1,62 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Any, Dict, List, Optional
-
-from mvt.android.artifacts.dumpsys_packages import DumpsysPackagesArtifact
-from mvt.android.modules.adb.packages import (
-    DANGEROUS_PERMISSIONS,
-    DANGEROUS_PERMISSIONS_THRESHOLD,
-)
-
-from .base import AndroidQFModule
-
-
-class DumpsysPackages(DumpsysPackagesArtifact, AndroidQFModule):
-    """This module analyse dumpsys packages"""
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[List[Dict[str, Any]]] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt")
-        if len(dumpsys_file) != 1:
-            self.log.info("Dumpsys file not found")
-            return
-
-        data = self._get_file_content(dumpsys_file[0]).decode("utf-8", errors="replace")
-        content = self.extract_dumpsys_section(data, "DUMP OF SERVICE package:")
-        self.parse(content)
-
-        for result in self.results:
-            dangerous_permissions_count = 0
-            for perm in result["permissions"]:
-                if perm["name"] in DANGEROUS_PERMISSIONS:
-                    dangerous_permissions_count += 1
-
-            if dangerous_permissions_count >= DANGEROUS_PERMISSIONS_THRESHOLD:
-                self.log.info(
-                    'Found package "%s" requested %d potentially dangerous permissions',
-                    result["package_name"],
-                    dangerous_permissions_count,
-                )
-
-        self.log.info("Extracted details on %d packages", len(self.results))
--- a/src/mvt/android/modules/androidqf/dumpsys_platform_compat.py
+++ b/src/mvt/android/modules/androidqf/dumpsys_platform_compat.py
@@ -1,44 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_platform_compat import DumpsysPlatformCompatArtifact
-
-from .base import AndroidQFModule
-
-
-class DumpsysPlatformCompat(DumpsysPlatformCompatArtifact, AndroidQFModule):
-    """This module extracts details on uninstalled apps."""
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt")
-        if not dumpsys_file:
-            return
-
-        data = self._get_file_content(dumpsys_file[0]).decode("utf-8", errors="replace")
-        content = self.extract_dumpsys_section(data, "DUMP OF SERVICE platform_compat:")
-        self.parse(content)
-
-        self.log.info("Found %d uninstalled apps", len(self.results))
--- a/src/mvt/android/modules/androidqf/dumpsys_receivers.py
+++ b/src/mvt/android/modules/androidqf/dumpsys_receivers.py
@@ -1,49 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Any, Dict, List, Optional, Union
-
-from mvt.android.artifacts.dumpsys_receivers import DumpsysReceiversArtifact
-
-from .base import AndroidQFModule
-
-
-class DumpsysReceivers(DumpsysReceiversArtifact, AndroidQFModule):
-    """This module analyse dumpsys receivers"""
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Union[List[Any], Dict[str, Any], None] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-        self.results = results if results else {}
-
-    def run(self) -> None:
-        dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt")
-        if not dumpsys_file:
-            return
-        data = self._get_file_content(dumpsys_file[0])
-
-        dumpsys_section = self.extract_dumpsys_section(
-            data.decode("utf-8", errors="replace"), "DUMP OF SERVICE package:"
-        )
-
-        self.parse(dumpsys_section)
-
-        self.log.info("Extracted receivers for %d intents", len(self.results))
--- a/src/mvt/android/modules/androidqf/sms.py
+++ b/src/mvt/android/modules/androidqf/sms.py
@@ -19,7 +19,13 @@ from .base import AndroidQFModule


 class SMS(AndroidQFModule):
-    """This module analyse SMS file in backup"""
+    """
+    This module analyse SMS file in backup
+
+    XXX: We should also de-duplicate this AQF module, but first we
+    need to add tests for loading encrypted SMS backups through the backup
+    sub-module.
+    """

    def __init__(
        self,
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Donncha Ó Cearbhaill	67863d8f8d	Merge branch 'main' into feature/deduplicate-adb-aqf-modules	2025-10-21 15:14:26 +02:00
Janik Besendorf	5bf71e2268	add missing import	2025-10-05 18:13:31 +02:00
besendorf	caaffc8988	Merge branch 'main' into feature/deduplicate-adb-aqf-modules	2025-10-05 18:04:01 +02:00
Donncha Ó Cearbhaill	4c1cdf5129	Raise the proper NoAndroidQFBackup exception when a back-up isn't found	2025-02-11 15:04:48 +01:00
Donncha Ó Cearbhaill	a08c24b02a	Deduplicate modules which are run by the sub-commands.	2025-02-10 20:32:51 +01:00
Donncha Ó Cearbhaill	5d696350dc	Run bugreport and backup modules during check-androidqf Adding support to automatically run ADB backup and bugreport modules automatically when running the check-androidqf command. This is a first step to deduplicate the code for Android modules.	2025-02-10 19:28:20 +01:00