Reorganize code in iOS app module

.github/workflows/tests.yml

@@ -12,7 +12,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: ['3.10', '3.11', '3.12', '3.13']
+        python-version: ['3.8', '3.9', '3.10']  # , '3.11']
 
     steps:
       - uses: actions/checkout@v4
@@ -35,4 +35,4 @@ jobs:
         if: github.event_name == 'pull_request'
         with:
           pytest-coverage-path: ./pytest-coverage.txt
-          junitxml-path: ./pytest.xml
+          junitxml-path: ./pytest.xml

.github/workflows/update-ios-data.yml

@@ -21,7 +21,6 @@ jobs:
           title: '[auto] Update iOS releases and versions'
           commit-message: Add new iOS versions and build numbers
           branch: auto/add-new-ios-releases
-          draft: true
           body: |
             This is an automated pull request to update the iOS releases and version numbers.
           add-paths: |

Dockerfile

@@ -103,7 +103,7 @@ RUN git clone https://github.com/libimobiledevice/usbmuxd && cd usbmuxd \
 
 
 # Create main image
-FROM ubuntu:24.04 as main
+FROM ubuntu:22.04 as main
 
 LABEL org.opencontainers.image.url="https://mvt.re"
 LABEL org.opencontainers.image.documentation="https://docs.mvt.re"
@@ -135,7 +135,8 @@ COPY --from=build-usbmuxd /build /
 COPY . mvt/
 RUN apt-get update \
    && apt-get install -y git python3-pip \
-   && PIP_NO_CACHE_DIR=1 pip3 install --break-system-packages ./mvt \
+   && PIP_NO_CACHE_DIR=1 pip3 install --upgrade pip \
+   && PIP_NO_CACHE_DIR=1 pip3 install ./mvt \
    && apt-get remove -y python3-pip git && apt-get autoremove -y \
    && rm -rf /var/lib/apt/lists/* \
    && rm -rf mvt

Makefile

@@ -25,11 +25,6 @@ install:
 test-requirements:
 	python3 -m pip install --upgrade -r test-requirements.txt
 
-generate-proto-parsers:
-	# Generate python parsers for protobuf files
-	PROTO_FILES=$$(find src/mvt/android/parsers/proto/ -iname "*.proto"); \
-	protoc -Isrc/mvt/android/parsers/proto/ --python_betterproto_out=src/mvt/android/parsers/proto/ $$PROTO_FILES
-
 clean:
 	rm -rf $(PWD)/build $(PWD)/dist $(PWD)/src/mvt.egg-info
 

docs/command_completion.md

@@ -1,43 +0,0 @@
-# Command Completion 
-
-MVT utilizes the [Click](https://click.palletsprojects.com/en/stable/) library for creating its command line interface. 
-
-Click provides tab completion support for Bash (version 4.4 and up), Zsh, and Fish.
-
-To enable it, you need to manually register a special function with your shell, which varies depending on the shell you are using.
-
-The following describes how to generate the command completion scripts and add them to your shell configuration. 
-
-> **Note: You will need to start a new shell for the changes to take effect.**
-
-### For Bash
-
-```bash
-# Generates bash completion scripts
-echo "$(_MVT_IOS_COMPLETE=bash_source mvt-ios)" > ~/.mvt-ios-complete.bash &&
-echo "$(_MVT_ANDROID_COMPLETE=bash_source mvt-android)" > ~/.mvt-android-complete.bash
-```
-
-Add the following to `~/.bashrc`:
-```bash
-# source mvt completion scripts
-. ~/.mvt-ios-complete.bash && .  ~/.mvt-android-complete.bash
-```
-
-### For Zsh
-
-```bash
-# Generates zsh completion scripts
-echo "$(_MVT_IOS_COMPLETE=zsh_source mvt-ios)" >  ~/.mvt-ios-complete.zsh &&
-echo "$(_MVT_ANDROID_COMPLETE=zsh_source mvt-android)" > ~/.mvt-android-complete.zsh
-```
-
-Add the following to `~/.zshrc`:
-```bash
-# source mvt completion scripts
-.  ~/.mvt-ios-complete.zsh  && .  ~/.mvt-android-complete.zsh
-```
-
-For more information, visit the official [Click Docs](https://click.palletsprojects.com/en/stable/shell-completion/#enabling-completion).
-
-

docs/install.md

@@ -98,7 +98,3 @@ You now should have the `mvt-ios` and `mvt-android` utilities installed.
 **Notes:**
 1. The `--force` flag is necessary to force the reinstallation of the package.
 2. To revert to using a PyPI version, it will be necessary to `pipx uninstall mvt` first.
-
-## Setting up command completions
-
-See ["Command completions"](command_completion.md)

pyproject.toml

@@ -19,25 +19,21 @@ classifiers = [
     "Programming Language :: Python"
 ]
 dependencies = [
-    "click==8.2.1",
-    "rich==14.0.0",
-    "tld==0.13.1",
-    "requests==2.32.2",
-    "simplejson==3.20.1",
-    "packaging==25.0",
-    "appdirs==1.4.4",
-    "iOSbackup==0.9.925",
-    "adb-shell[usb]==0.4.4",
-    "libusb1==3.3.1",
-    "cryptography==45.0.3",
-    "PyYAML>=6.0.2",
-    "pyahocorasick==2.1.0",
-    "betterproto==1.2.5",
-    "pydantic==2.11.5",
-    "pydantic-settings==2.9.1",
-    "NSKeyedUnArchiver==1.5",
+    "click >=8.1.3",
+    "rich >=12.6.0",
+    "tld >=0.12.6",
+    "requests >=2.28.1",
+    "simplejson >=3.17.6",
+    "packaging >=21.3",
+    "appdirs >=1.4.4",
+    "iOSbackup >=0.9.923",
+    "adb-shell[usb] >=0.4.3",
+    "libusb1 >=3.0.0",
+    "cryptography >=42.0.5",
+    "pyyaml >=6.0",
+    "pyahocorasick >= 2.0.0",
 ]
-requires-python = ">= 3.10"
+requires-python = ">= 3.8"
 
 [project.urls]
 homepage = "https://docs.mvt.re/en/latest/"
@@ -103,4 +99,4 @@ where = ["src"]
 mvt = ["ios/data/*.json"]
 
 [tool.setuptools.dynamic]
-version = {attr = "mvt.common.version.MVT_VERSION"}
+version = {attr = "mvt.common.version.MVT_VERSION"}

src/mvt/android/artifacts/dumpsys_adb.py

@@ -4,14 +4,13 @@
 #   https://license.mvt.re/1.1/
 
 import base64
-import binascii
 import hashlib
 
 from .artifact import AndroidArtifact
 
 
 class DumpsysADBArtifact(AndroidArtifact):
-    multiline_fields = ["user_keys", "keystore"]
+    multiline_fields = ["user_keys"]
 
     def indented_dump_parser(self, dump_data):
         """
@@ -68,38 +67,14 @@ class DumpsysADBArtifact(AndroidArtifact):
 
         return res
 
-    def parse_xml(self, xml_data):
-        """
-        Parse XML data from dumpsys ADB output
-        """
-        import xml.etree.ElementTree as ET
-
-        keystore = []
-        keystore_root = ET.fromstring(xml_data)
-        for adb_key in keystore_root.findall("adbKey"):
-            key_info = self.calculate_key_info(adb_key.get("key").encode("utf-8"))
-            key_info["last_connected"] = adb_key.get("lastConnection")
-            keystore.append(key_info)
-
-        return keystore
-
     @staticmethod
     def calculate_key_info(user_key: bytes) -> str:
-        if b" " in user_key:
-            key_base64, user = user_key.split(b" ", 1)
-        else:
-            key_base64, user = user_key, b""
-
-        try:
-            key_raw = base64.b64decode(key_base64)
-            key_fingerprint = hashlib.md5(key_raw).hexdigest().upper()
-            key_fingerprint_colon = ":".join(
-                [key_fingerprint[i : i + 2] for i in range(0, len(key_fingerprint), 2)]
-            )
-        except binascii.Error:
-            # Impossible to parse base64
-            key_fingerprint_colon = ""
-
+        key_base64, user = user_key.split(b" ", 1)
+        key_raw = base64.b64decode(key_base64)
+        key_fingerprint = hashlib.md5(key_raw).hexdigest().upper()
+        key_fingerprint_colon = ":".join(
+            [key_fingerprint[i : i + 2] for i in range(0, len(key_fingerprint), 2)]
+        )
         return {
             "user": user.decode("utf-8"),
             "fingerprint": key_fingerprint_colon,
@@ -140,24 +115,8 @@ class DumpsysADBArtifact(AndroidArtifact):
         if parsed.get("debugging_manager") is None:
             self.log.error("Unable to find expected ADB entries in dumpsys output")  # noqa
             return
-
-        # Keystore can be in different levels, as the basic parser
-        # is not always consistent due to different dumpsys formats.
-        if parsed.get("keystore"):
-            keystore_data = b"\n".join(parsed["keystore"])
-        elif parsed["debugging_manager"].get("keystore"):
-            keystore_data = b"\n".join(parsed["debugging_manager"]["keystore"])
         else:
-            keystore_data = None
-
-        # Keystore is in XML format on some devices and we need to parse it
-        if keystore_data and keystore_data.startswith(b"<?xml"):
-            parsed["debugging_manager"]["keystore"] = self.parse_xml(keystore_data)
-        else:
-            # Keystore is not XML format
-            parsed["debugging_manager"]["keystore"] = keystore_data
-
-        parsed = parsed["debugging_manager"]
+            parsed = parsed["debugging_manager"]
 
         # Calculate key fingerprints for better readability
         key_info = []

src/mvt/android/artifacts/dumpsys_appops.py

@@ -11,10 +11,6 @@ from mvt.common.utils import convert_datetime_to_iso
 from .artifact import AndroidArtifact
 
 
-RISKY_PERMISSIONS = ["REQUEST_INSTALL_PACKAGES"]
-RISKY_PACKAGES = ["com.android.shell"]
-
-
 class DumpsysAppopsArtifact(AndroidArtifact):
     """
     Parser for dumpsys app ops info
@@ -49,39 +45,15 @@ class DumpsysAppopsArtifact(AndroidArtifact):
                     self.detected.append(result)
                     continue
 
-            detected_permissions = []
             for perm in result["permissions"]:
                 if (
-                    perm["name"] in RISKY_PERMISSIONS
-                    # and perm["access"] == "allow"
+                    perm["name"] == "REQUEST_INSTALL_PACKAGES"
+                    and perm["access"] == "allow"
                 ):
-                    detected_permissions.append(perm)
-                    for entry in sorted(perm["entries"], key=lambda x: x["timestamp"]):
-                        self.log.warning(
-                            "Package '%s' had risky permission '%s' set to '%s' at %s",
-                            result["package_name"],
-                            perm["name"],
-                            entry["access"],
-                            entry["timestamp"],
-                        )
-
-                elif result["package_name"] in RISKY_PACKAGES:
-                    detected_permissions.append(perm)
-                    for entry in sorted(perm["entries"], key=lambda x: x["timestamp"]):
-                        self.log.warning(
-                            "Risky package '%s' had '%s' permission set to '%s' at %s",
-                            result["package_name"],
-                            perm["name"],
-                            entry["access"],
-                            entry["timestamp"],
-                        )
-
-            if detected_permissions:
-                # We clean the result to only include the risky permission, otherwise the timeline
-                # will be polluted with all the other irrelevant permissions
-                cleaned_result = result.copy()
-                cleaned_result["permissions"] = detected_permissions
-                self.detected.append(cleaned_result)
+                    self.log.info(
+                        "Package %s with REQUEST_INSTALL_PACKAGES " "permission",
+                        result["package_name"],
+                    )
 
     def parse(self, output: str) -> None:
         self.results: List[Dict[str, Any]] = []
@@ -149,16 +121,11 @@ class DumpsysAppopsArtifact(AndroidArtifact):
             if line.startswith("          "):
                 # Permission entry like:
                 # Reject: [fg-s]2021-05-19 22:02:52.054 (-314d1h25m2s33ms)
-                access_type = line.split(":")[0].strip()
-                if access_type not in ["Access", "Reject"]:
-                    # Skipping invalid access type. Some entries are not in the format we expect
-                    continue
-
                 if entry:
                     perm["entries"].append(entry)
                     entry = {}
 
-                entry["access"] = access_type
+                entry["access"] = line.split(":")[0].strip()
                 entry["type"] = line[line.find("[") + 1 : line.find("]")]
 
                 try:

src/mvt/android/artifacts/dumpsys_packages.py

@@ -16,7 +16,8 @@ class DumpsysPackagesArtifact(AndroidArtifact):
         for result in self.results:
             if result["package_name"] in ROOT_PACKAGES:
                 self.log.warning(
-                    'Found an installed package related to rooting/jailbreaking: "%s"',
+                    "Found an installed package related to "
+                    'rooting/jailbreaking: "%s"',
                     result["package_name"],
                 )
                 self.detected.append(result)

src/mvt/android/artifacts/dumpsys_platform_compat.py

@@ -1,42 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-from .artifact import AndroidArtifact
-
-
-class DumpsysPlatformCompatArtifact(AndroidArtifact):
-    """
-    Parser for uninstalled apps listed in platform_compat section.
-    """
-
-    def check_indicators(self) -> None:
-        if not self.indicators:
-            return
-
-        for result in self.results:
-            ioc = self.indicators.check_app_id(result["package_name"])
-            if ioc:
-                result["matched_indicator"] = ioc
-                self.detected.append(result)
-                continue
-
-    def parse(self, data: str) -> None:
-        for line in data.splitlines():
-            if not line.startswith("ChangeId(168419799; name=DOWNSCALED;"):
-                continue
-
-            if line.strip() == "":
-                break
-
-            # Look for rawOverrides field
-            if "rawOverrides={" in line:
-                # Extract the content inside the braces for rawOverrides
-                overrides_field = line.split("rawOverrides={", 1)[1].split("};", 1)[0]
-
-                for entry in overrides_field.split(", "):
-                    # Extract app name
-                    uninstall_app = entry.split("=")[0].strip()
-
-                    self.results.append({"package_name": uninstall_app})

src/mvt/android/artifacts/file_timestamps.py

@@ -1,43 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-from typing import Union
-
-from .artifact import AndroidArtifact
-
-
-class FileTimestampsArtifact(AndroidArtifact):
-    def serialize(self, record: dict) -> Union[dict, list]:
-        records = []
-
-        for ts in set(
-            [
-                record.get("access_time"),
-                record.get("changed_time"),
-                record.get("modified_time"),
-            ]
-        ):
-            if not ts:
-                continue
-
-            macb = ""
-            macb += "M" if ts == record.get("modified_time") else "-"
-            macb += "A" if ts == record.get("access_time") else "-"
-            macb += "C" if ts == record.get("changed_time") else "-"
-            macb += "-"
-
-            msg = record["path"]
-            if record.get("context"):
-                msg += f" ({record['context']})"
-
-            records.append(
-                {
-                    "timestamp": ts,
-                    "module": self.__class__.__name__,
-                    "event": macb,
-                    "data": msg,
-                }
-            )
-
-        return records

src/mvt/android/artifacts/getprop.py

@@ -42,17 +42,6 @@ class GetProp(AndroidArtifact):
             entry = {"name": matches[0][0], "value": matches[0][1]}
             self.results.append(entry)
 
-    def get_device_timezone(self) -> str:
-        """
-        Get the device timezone from the getprop results
-
-        Used in other moduels to calculate the timezone offset
-        """
-        for entry in self.results:
-            if entry["name"] == "persist.sys.timezone":
-                return entry["value"]
-        return None
-
     def check_indicators(self) -> None:
         for entry in self.results:
             if entry["name"] in INTERESTING_PROPERTIES:

src/mvt/android/artifacts/settings.py

@@ -16,11 +16,6 @@ ANDROID_DANGEROUS_SETTINGS = [
         "key": "package_verifier_enable",
         "safe_value": "1",
     },
-    {
-        "description": "disabled APK package verification",
-        "key": "package_verifier_state",
-        "safe_value": "1",
-    },
     {
         "description": "disabled Google Play Protect",
         "key": "package_verifier_user_consent",

src/mvt/android/modules/adb/base.py

@@ -326,7 +326,8 @@ class AndroidExtraction(MVTModule):
 
         if not header["backup"]:
             self.log.error(
-                "Extracting SMS via Android backup failed. No valid backup data found."
+                "Extracting SMS via Android backup failed. "
+                "No valid backup data found."
             )
             return None
 

src/mvt/android/modules/adb/packages.py

@@ -75,7 +75,8 @@ class Packages(AndroidExtraction):
         for result in self.results:
             if result["package_name"] in ROOT_PACKAGES:
                 self.log.warning(
-                    'Found an installed package related to rooting/jailbreaking: "%s"',
+                    "Found an installed package related to "
+                    'rooting/jailbreaking: "%s"',
                     result["package_name"],
                 )
                 self.detected.append(result)

src/mvt/android/modules/adb/sms.py

@@ -70,7 +70,7 @@ class SMS(AndroidExtraction):
             "timestamp": record["isodate"],
             "module": self.__class__.__name__,
             "event": f"sms_{record['direction']}",
-            "data": f'{record.get("address", "unknown source")}: "{body}"',
+            "data": f"{record.get('address', 'unknown source')}: \"{body}\"",
         }
 
     def check_indicators(self) -> None:

src/mvt/android/modules/androidqf/__init__.py

@@ -14,7 +14,6 @@ from .dumpsys_receivers import DumpsysReceivers
 from .dumpsys_adb import DumpsysADBState
 from .getprop import Getprop
 from .packages import Packages
-from .dumpsys_platform_compat import DumpsysPlatformCompat
 from .processes import Processes
 from .settings import Settings
 from .sms import SMS
@@ -30,7 +29,6 @@ ANDROIDQF_MODULES = [
     DumpsysBatteryHistory,
     DumpsysADBState,
     Packages,
-    DumpsysPlatformCompat,
     Processes,
     Getprop,
     Settings,

src/mvt/android/modules/androidqf/base.py

@@ -48,37 +48,6 @@ class AndroidQFModule(MVTModule):
     def _get_files_by_pattern(self, pattern: str):
         return fnmatch.filter(self.files, pattern)
 
-    def _get_device_timezone(self):
-        """
-        Get the device timezone from the getprop.txt file.
-
-        This is needed to map local timestamps stored in some
-        Android log files to UTC/timezone-aware timestamps.
-        """
-        get_prop_files = self._get_files_by_pattern("*/getprop.txt")
-        if not get_prop_files:
-            self.log.warning(
-                "Could not find getprop.txt file. "
-                "Some timestamps and timeline data may be incorrect."
-            )
-            return None
-
-        from mvt.android.artifacts.getprop import GetProp
-
-        properties_artifact = GetProp()
-        prop_data = self._get_file_content(get_prop_files[0]).decode("utf-8")
-        properties_artifact.parse(prop_data)
-        timezone = properties_artifact.get_device_timezone()
-        if timezone:
-            self.log.debug("Identified local phone timezone: %s", timezone)
-            return timezone
-
-        self.log.warning(
-            "Could not find or determine local device timezone. "
-            "Some timestamps and timeline data may be incorrect."
-        )
-        return None
-
     def _get_file_content(self, file_path):
         if self.archive:
             handle = self.archive.open(file_path)

src/mvt/android/modules/androidqf/dumpsys_platform_compat.py

@@ -1,44 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_platform_compat import DumpsysPlatformCompatArtifact
-
-from .base import AndroidQFModule
-
-
-class DumpsysPlatformCompat(DumpsysPlatformCompatArtifact, AndroidQFModule):
-    """This module extracts details on uninstalled apps."""
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        dumpsys_file = self._get_files_by_pattern("*/dumpsys.txt")
-        if not dumpsys_file:
-            return
-
-        data = self._get_file_content(dumpsys_file[0]).decode("utf-8", errors="replace")
-        content = self.extract_dumpsys_section(data, "DUMP OF SERVICE platform_compat:")
-        self.parse(content)
-
-        self.log.info("Found %d uninstalled apps", len(self.results))

src/mvt/android/modules/androidqf/files.py

@@ -6,11 +6,6 @@
 import datetime
 import json
 import logging
-
-try:
-    import zoneinfo
-except ImportError:
-    from backports import zoneinfo
 from typing import Optional, Union
 
 from mvt.android.modules.androidqf.base import AndroidQFModule
@@ -111,12 +106,6 @@ class Files(AndroidQFModule):
             # TODO: adds SHA1 and MD5 when available in MVT
 
     def run(self) -> None:
-        if timezone := self._get_device_timezone():
-            device_timezone = zoneinfo.ZoneInfo(timezone)
-        else:
-            self.log.warning("Unable to determine device timezone, using UTC")
-            device_timezone = zoneinfo.ZoneInfo("UTC")
-
         for file in self._get_files_by_pattern("*/files.json"):
             rawdata = self._get_file_content(file).decode("utf-8", errors="ignore")
             try:
@@ -131,18 +120,11 @@ class Files(AndroidQFModule):
             for file_data in data:
                 for ts in ["access_time", "changed_time", "modified_time"]:
                     if ts in file_data:
-                        utc_timestamp = datetime.datetime.fromtimestamp(
-                            file_data[ts], tz=datetime.timezone.utc
+                        file_data[ts] = convert_datetime_to_iso(
+                            datetime.datetime.fromtimestamp(
+                                file_data[ts], tz=datetime.timezone.utc
+                            )
                         )
-                        # Convert the UTC timestamp to local tiem on Android device's local timezone
-                        local_timestamp = utc_timestamp.astimezone(device_timezone)
-
-                        # HACK: We only output the UTC timestamp in convert_datetime_to_iso, we
-                        # set the timestamp timezone to UTC, to avoid the timezone conversion again.
-                        local_timestamp = local_timestamp.replace(
-                            tzinfo=datetime.timezone.utc
-                        )
-                        file_data[ts] = convert_datetime_to_iso(local_timestamp)
 
                 self.results.append(file_data)
 

src/mvt/android/modules/androidqf/logfile_timestamps.py

@@ -1,65 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import os
-import datetime
-import logging
-from typing import Optional
-
-from mvt.common.utils import convert_datetime_to_iso
-from .base import AndroidQFModule
-from mvt.android.artifacts.file_timestamps import FileTimestampsArtifact
-
-
-class LogsFileTimestamps(FileTimestampsArtifact, AndroidQFModule):
-    """This module extracts records from battery daily updates."""
-
-    slug = "logfile_timestamps"
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def _get_file_modification_time(self, file_path: str) -> dict:
-        if self.archive:
-            file_timetuple = self.archive.getinfo(file_path).date_time
-            return datetime.datetime(*file_timetuple)
-        else:
-            file_stat = os.stat(os.path.join(self.parent_path, file_path))
-            return datetime.datetime.fromtimestamp(file_stat.st_mtime)
-
-    def run(self) -> None:
-        filesystem_files = self._get_files_by_pattern("*/logs/*")
-
-        self.results = []
-        for file in filesystem_files:
-            # Only the modification time is available in the zip file metadata.
-            # The timezone is the local timezone of the machine the phone.
-            modification_time = self._get_file_modification_time(file)
-            self.results.append(
-                {
-                    "path": file,
-                    "modified_time": convert_datetime_to_iso(modification_time),
-                }
-            )
-
-        self.log.info(
-            "Extracted a total of %d filesystem timestamps from AndroidQF logs directory.",
-            len(self.results),
-        )

src/mvt/android/modules/androidqf/packages.py

@@ -44,7 +44,8 @@ class Packages(AndroidQFModule):
         for result in self.results:
             if result["name"] in ROOT_PACKAGES:
                 self.log.warning(
-                    'Found an installed package related to rooting/jailbreaking: "%s"',
+                    "Found an installed package related to "
+                    'rooting/jailbreaking: "%s"',
                     result["name"],
                 )
                 self.detected.append(result)

src/mvt/android/modules/backup/helpers.py

@@ -3,11 +3,10 @@
 # Use of this software is governed by the MVT License 1.1 that can be found at
 #   https://license.mvt.re/1.1/
 
+import os
 
 from rich.prompt import Prompt
 
-from mvt.common.config import settings
-
 MVT_ANDROID_BACKUP_PASSWORD = "MVT_ANDROID_BACKUP_PASSWORD"
 
 
@@ -17,24 +16,24 @@ def cli_load_android_backup_password(log, backup_password):
 
     Used in MVT CLI command parsers.
     """
-    password_from_env_or_config = settings.ANDROID_BACKUP_PASSWORD
+    password_from_env = os.environ.get(MVT_ANDROID_BACKUP_PASSWORD, None)
     if backup_password:
         log.info(
             "Your password may be visible in the process table because it "
             "was supplied on the command line!"
         )
-        if password_from_env_or_config:
+        if password_from_env:
             log.info(
                 "Ignoring %s environment variable, using --backup-password argument instead",
-                "MVT_ANDROID_BACKUP_PASSWORD",
+                MVT_ANDROID_BACKUP_PASSWORD,
             )
         return backup_password
-    elif password_from_env_or_config:
+    elif password_from_env:
         log.info(
-            "Using backup password from %s environment variable or config file",
-            "MVT_ANDROID_BACKUP_PASSWORD",
+            "Using backup password from %s environment variable",
+            MVT_ANDROID_BACKUP_PASSWORD,
         )
-        return password_from_env_or_config
+        return password_from_env
 
 
 def prompt_or_load_android_backup_password(log, module_options):

src/mvt/android/modules/bugreport/__init__.py

@@ -11,11 +11,8 @@ from .battery_history import BatteryHistory
 from .dbinfo import DBInfo
 from .getprop import Getprop
 from .packages import Packages
-from .platform_compat import PlatformCompat
 from .receivers import Receivers
 from .adb_state import DumpsysADBState
-from .fs_timestamps import BugReportTimestamps
-from .tombstones import Tombstones
 
 BUGREPORT_MODULES = [
     Accessibility,
@@ -26,9 +23,6 @@ BUGREPORT_MODULES = [
     DBInfo,
     Getprop,
     Packages,
-    PlatformCompat,
     Receivers,
     DumpsysADBState,
-    BugReportTimestamps,
-    Tombstones,
 ]

src/mvt/android/modules/bugreport/base.py

@@ -2,11 +2,10 @@
 # Copyright (c) 2021-2023 The MVT Authors.
 # See the file 'LICENSE' for usage and copying permissions, or find a copy at
 #   https://github.com/mvt-project/mvt/blob/main/LICENSE
-import datetime
+
 import fnmatch
 import logging
 import os
-
 from typing import List, Optional
 from zipfile import ZipFile
 
@@ -92,11 +91,3 @@ class BugReportModule(MVTModule):
                 return None
 
             return self._get_file_content(dumpstate_logs[0])
-
-    def _get_file_modification_time(self, file_path: str) -> dict:
-        if self.zip_archive:
-            file_timetuple = self.zip_archive.getinfo(file_path).date_time
-            return datetime.datetime(*file_timetuple)
-        else:
-            file_stat = os.stat(os.path.join(self.extract_path, file_path))
-            return datetime.datetime.fromtimestamp(file_stat.st_mtime)

src/mvt/android/modules/bugreport/fs_timestamps.py

@@ -1,55 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.common.utils import convert_datetime_to_iso
-from .base import BugReportModule
-from mvt.android.artifacts.file_timestamps import FileTimestampsArtifact
-
-
-class BugReportTimestamps(FileTimestampsArtifact, BugReportModule):
-    """This module extracts records from battery daily updates."""
-
-    slug = "bugreport_timestamps"
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        filesystem_files = self._get_files_by_pattern("FS/*")
-
-        self.results = []
-        for file in filesystem_files:
-            # Only the modification time is available in the zip file metadata.
-            # The timezone is the local timezone of the machine the phone.
-            modification_time = self._get_file_modification_time(file)
-            self.results.append(
-                {
-                    "path": file,
-                    "modified_time": convert_datetime_to_iso(modification_time),
-                }
-            )
-
-        self.log.info(
-            "Extracted a total of %d filesystem timestamps from bugreport.",
-            len(self.results),
-        )

src/mvt/android/modules/bugreport/platform_compat.py

@@ -1,48 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.dumpsys_platform_compat import DumpsysPlatformCompatArtifact
-
-from mvt.android.modules.bugreport.base import BugReportModule
-
-
-class PlatformCompat(DumpsysPlatformCompatArtifact, BugReportModule):
-    """This module extracts details on uninstalled apps."""
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        data = self._get_dumpstate_file()
-        if not data:
-            self.log.error(
-                "Unable to find dumpstate file. "
-                "Did you provide a valid bug report archive?"
-            )
-            return
-
-        data = data.decode("utf-8", errors="replace")
-        content = self.extract_dumpsys_section(data, "DUMP OF SERVICE platform_compat:")
-        self.parse(content)
-
-        self.log.info("Found %d uninstalled apps", len(self.results))

src/mvt/android/modules/bugreport/tombstones.py

@@ -1,64 +0,0 @@
-# Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021-2023 The MVT Authors.
-# Use of this software is governed by the MVT License 1.1 that can be found at
-#   https://license.mvt.re/1.1/
-
-import logging
-from typing import Optional
-
-from mvt.android.artifacts.tombstone_crashes import TombstoneCrashArtifact
-from .base import BugReportModule
-
-
-class Tombstones(TombstoneCrashArtifact, BugReportModule):
-    """This module extracts records from battery daily updates."""
-
-    slug = "tombstones"
-
-    def __init__(
-        self,
-        file_path: Optional[str] = None,
-        target_path: Optional[str] = None,
-        results_path: Optional[str] = None,
-        module_options: Optional[dict] = None,
-        log: logging.Logger = logging.getLogger(__name__),
-        results: Optional[list] = None,
-    ) -> None:
-        super().__init__(
-            file_path=file_path,
-            target_path=target_path,
-            results_path=results_path,
-            module_options=module_options,
-            log=log,
-            results=results,
-        )
-
-    def run(self) -> None:
-        tombstone_files = self._get_files_by_pattern("*/tombstone_*")
-        if not tombstone_files:
-            self.log.error(
-                "Unable to find any tombstone files. "
-                "Did you provide a valid bugreport archive?"
-            )
-            return
-
-        for tombstone_file in sorted(tombstone_files):
-            tombstone_filename = tombstone_file.split("/")[-1]
-            modification_time = self._get_file_modification_time(tombstone_file)
-            tombstone_data = self._get_file_content(tombstone_file)
-
-            try:
-                if tombstone_file.endswith(".pb"):
-                    self.parse_protobuf(
-                        tombstone_filename, modification_time, tombstone_data
-                    )
-                else:
-                    self.parse(tombstone_filename, modification_time, tombstone_data)
-            except ValueError as e:
-                # Catch any exceptions raised during parsing or validation.
-                self.log.error(f"Error parsing tombstone file {tombstone_file}: {e}")
-
-        self.log.info(
-            "Extracted a total of %d tombstone files",
-            len(self.results),
-        )

src/mvt/android/parsers/proto/tombstone.proto

@@ -1,195 +0,0 @@
-// tombstone.proto file from Android source
-// Src: https://android.googlesource.com/platform/system/core/+/refs/heads/main/debuggerd/proto/tombstone.proto
-//
-// Protobuf definition for Android tombstones.
-//
-// An app can get hold of these for any `REASON_CRASH_NATIVE` instance of
-// `android.app.ApplicationExitInfo`.
-//
-// https://developer.android.com/reference/android/app/ApplicationExitInfo#getTraceInputStream()
-//
-syntax = "proto3";
-option java_package = "com.android.server.os";
-option java_outer_classname = "TombstoneProtos";
-// NOTE TO OEMS:
-// If you add custom fields to this proto, do not use numbers in the reserved range.
-message CrashDetail {
-  bytes name = 1;
-  bytes data = 2;
-  reserved 3 to 999;
-}
-message StackHistoryBufferEntry {
-  BacktraceFrame addr = 1;
-  uint64 fp = 2;
-  uint64 tag = 3;
-  reserved 4 to 999;
-}
-message StackHistoryBuffer {
-  uint64 tid = 1;
-  repeated StackHistoryBufferEntry entries = 2;
-  reserved 3 to 999;
-}
-message Tombstone {
-  Architecture arch = 1;
-  Architecture guest_arch = 24;
-  string build_fingerprint = 2;
-  string revision = 3;
-  string timestamp = 4;
-  uint32 pid = 5;
-  uint32 tid = 6;
-  uint32 uid = 7;
-  string selinux_label = 8;
-  repeated string command_line = 9;
-  // Process uptime in seconds.
-  uint32 process_uptime = 20;
-  Signal signal_info = 10;
-  string abort_message = 14;
-  repeated CrashDetail crash_details = 21;
-  repeated Cause causes = 15;
-  map<uint32, Thread> threads = 16;
-  map<uint32, Thread> guest_threads = 25;
-  repeated MemoryMapping memory_mappings = 17;
-  repeated LogBuffer log_buffers = 18;
-  repeated FD open_fds = 19;
-  uint32 page_size = 22;
-  bool has_been_16kb_mode = 23;
-  StackHistoryBuffer stack_history_buffer = 26;
-  reserved 27 to 999;
-}
-enum Architecture {
-  ARM32 = 0;
-  ARM64 = 1;
-  X86 = 2;
-  X86_64 = 3;
-  RISCV64 = 4;
-  NONE = 5;
-  reserved 6 to 999;
-}
-message Signal {
-  int32 number = 1;
-  string name = 2;
-  int32 code = 3;
-  string code_name = 4;
-  bool has_sender = 5;
-  int32 sender_uid = 6;
-  int32 sender_pid = 7;
-  bool has_fault_address = 8;
-  uint64 fault_address = 9;
-  // Note, may or may not contain the dump of the actual memory contents. Currently, on arm64, we
-  // only include metadata, and not the contents.
-  MemoryDump fault_adjacent_metadata = 10;
-  reserved 11 to 999;
-}
-message HeapObject {
-  uint64 address = 1;
-  uint64 size = 2;
-  uint64 allocation_tid = 3;
-  repeated BacktraceFrame allocation_backtrace = 4;
-  uint64 deallocation_tid = 5;
-  repeated BacktraceFrame deallocation_backtrace = 6;
-}
-message MemoryError {
-  enum Tool {
-    GWP_ASAN = 0;
-    SCUDO = 1;
-    reserved 2 to 999;
-  }
-  Tool tool = 1;
-  enum Type {
-    UNKNOWN = 0;
-    USE_AFTER_FREE = 1;
-    DOUBLE_FREE = 2;
-    INVALID_FREE = 3;
-    BUFFER_OVERFLOW = 4;
-    BUFFER_UNDERFLOW = 5;
-    reserved 6 to 999;
-  }
-  Type type = 2;
-  oneof location {
-    HeapObject heap = 3;
-  }
-  reserved 4 to 999;
-}
-message Cause {
-  string human_readable = 1;
-  oneof details {
-    MemoryError memory_error = 2;
-  }
-  reserved 3 to 999;
-}
-message Register {
-  string name = 1;
-  uint64 u64 = 2;
-  reserved 3 to 999;
-}
-message Thread {
-  int32 id = 1;
-  string name = 2;
-  repeated Register registers = 3;
-  repeated string backtrace_note = 7;
-  repeated string unreadable_elf_files = 9;
-  repeated BacktraceFrame current_backtrace = 4;
-  repeated MemoryDump memory_dump = 5;
-  int64 tagged_addr_ctrl = 6;
-  int64 pac_enabled_keys = 8;
-  reserved 10 to 999;
-}
-message BacktraceFrame {
-  uint64 rel_pc = 1;
-  uint64 pc = 2;
-  uint64 sp = 3;
-  string function_name = 4;
-  uint64 function_offset = 5;
-  string file_name = 6;
-  uint64 file_map_offset = 7;
-  string build_id = 8;
-  reserved 9 to 999;
-}
-message ArmMTEMetadata {
-  // One memory tag per granule (e.g. every 16 bytes) of regular memory.
-  bytes memory_tags = 1;
-  reserved 2 to 999;
-}
-message MemoryDump {
-  string register_name = 1;
-  string mapping_name = 2;
-  uint64 begin_address = 3;
-  bytes memory = 4;
-  oneof metadata {
-    ArmMTEMetadata arm_mte_metadata = 6;
-  }
-  reserved 5, 7 to 999;
-}
-message MemoryMapping {
-  uint64 begin_address = 1;
-  uint64 end_address = 2;
-  uint64 offset = 3;
-  bool read = 4;
-  bool write = 5;
-  bool execute = 6;
-  string mapping_name = 7;
-  string build_id = 8;
-  uint64 load_bias = 9;
-  reserved 10 to 999;
-}
-message FD {
-  int32 fd = 1;
-  string path = 2;
-  string owner = 3;
-  uint64 tag = 4;
-  reserved 5 to 999;
-}
-message LogBuffer {
-  string name = 1;
-  repeated LogMessage logs = 2;
-  reserved 3 to 999;
-}
-message LogMessage {
-  string timestamp = 1;
-  uint32 pid = 2;
-  uint32 tid = 3;
-  uint32 priority = 4;
-  string tag = 5;
-  string message = 6;
-  reserved 7 to 999;
-}