Update WIP for dumpstate parser

.github/workflows/black.yml

@@ -0,0 +1,11 @@
+name: Black
+on: [push]
+
+jobs:
+  black:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: psf/black@stable
+        with:
+          options: "--check"

.github/workflows/mypy.yml

@@ -1,23 +0,0 @@
-name: Mypy
-on: workflow_dispatch
-
-jobs:
-  mypy_py3:
-    name: Mypy check
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: 3.9
-          cache: 'pip'
-      - name: Checkout
-        uses: actions/checkout@master
-      - name: Install Dependencies
-        run: |
-          pip install mypy
-      - name: mypy
-        run: |
-          make mypy

.github/workflows/publish-release-docker.yml

@@ -1,61 +0,0 @@
-#
-name: Create and publish a Docker image
-
-# Configures this workflow to run every time a release is published.
-on:
-  workflow_dispatch:
-  release:
-    types: [published]
-
-# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
-env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}
-
-# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
-jobs:
-  build-and-push-image:
-    runs-on: ubuntu-latest
-    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
-    permissions:
-      contents: read
-      packages: write
-      attestations: write
-      id-token: write
-      #
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
-      - name: Log in to the Container registry
-        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
-      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
-      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
-      - name: Build and push Docker image
-        id: push
-        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
-        with:
-          context: .
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-
-      # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)."
-      - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@v1
-        with:
-          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
-          subject-digest: ${{ steps.push.outputs.digest }}
-          push-to-registry: true
-

.github/workflows/python-package.yml

@@ -0,0 +1,52 @@
+# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+
+name: CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ['3.8', '3.9', '3.10']  # , '3.11']
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v4
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade setuptools
+        python -m pip install --upgrade pip
+        python -m pip install flake8 pytest safety stix2 pytest-mock pytest-cov
+        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+        python -m pip install .
+    - name: Lint with flake8
+      run: |
+        # stop the build if there are Python syntax errors or undefined names
+        flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+        # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+        flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+    - name: Safety checks
+      run: safety check
+    - name: Test with pytest and coverage
+      run: |
+        set -o pipefail
+        pytest --junitxml=pytest.xml --cov-report=term-missing:skip-covered --cov=mvt tests/ | tee pytest-coverage.txt
+    - name: Pytest coverage comment
+      continue-on-error: true # Workflows running on a fork can't post comments
+      uses: MishaKav/pytest-coverage-comment@main
+      if: github.event_name == 'pull_request'
+      with:
+        pytest-coverage-path: ./pytest-coverage.txt
+        junitxml-path: ./pytest.xml

.github/workflows/ruff.yml

@@ -4,24 +4,16 @@ on:
     branches: [ main ]
   pull_request:
     branches: [ main ]
-
 jobs:
   ruff_py3:
     name: Ruff syntax check
     runs-on: ubuntu-latest
-
     steps:
-      - uses: actions/checkout@v4
-      - name: Setup Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: 3.9
-          cache: 'pip'
       - name: Checkout
         uses: actions/checkout@master
       - name: Install Dependencies
         run: |
-          pip install ruff
+          pip install --user ruff
       - name: ruff
         run: |
-          make ruff
+          ruff check --output-format github .

.github/workflows/scripts/update-ios-releases.py

@@ -54,7 +54,7 @@ def parse_latest_ios_versions(rss_feed_text):
 
 
 def update_mvt(mvt_checkout_path, latest_ios_versions):
-    version_path = os.path.join(mvt_checkout_path, "src/mvt/ios/data/ios_versions.json")
+    version_path = os.path.join(mvt_checkout_path, "mvt/ios/data/ios_versions.json")
     with open(version_path, "r") as version_file:
         current_versions = json.load(version_file)
 

.github/workflows/tests.yml

@@ -1,38 +0,0 @@
-name: Tests
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    branches: [ main ]
-
-jobs:
-  build:
-    name: Run Python Tests
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        python-version: ['3.8', '3.9', '3.10']  # , '3.11']
-
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
-        with:
-          python-version: ${{ matrix.python-version }}
-      - name: Install Python dependencies
-        run: |
-          make install
-          make test-requirements
-      - name: Test with pytest
-        run: |
-          set -o pipefail
-          make test-ci | tee pytest-coverage.txt
-
-      - name: Pytest coverage comment
-        continue-on-error: true # Workflows running on a fork can't post comments
-        uses: MishaKav/pytest-coverage-comment@main
-        if: github.event_name == 'pull_request'
-        with:
-          pytest-coverage-path: ./pytest-coverage.txt
-          junitxml-path: ./pytest.xml

Dockerfile

@@ -1,159 +1,79 @@
-# Base image for building libraries
-# ---------------------------------
-FROM ubuntu:22.04 as build-base
+FROM ubuntu:22.04
 
-ARG DEBIAN_FRONTEND=noninteractive
+# Ref. https://github.com/mvt-project/mvt
 
-# Install build tools and dependencies
-RUN apt-get update \
-  && apt-get install -y \
+LABEL url="https://mvt.re"
+LABEL vcs-url="https://github.com/mvt-project/mvt"
+LABEL description="MVT is a forensic tool to look for signs of infection in smartphone devices."
+
+ENV PIP_NO_CACHE_DIR=1
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Fixing major OS dependencies
+# ----------------------------
+RUN apt update \
+  && apt install -y python3 python3-pip libusb-1.0-0-dev wget unzip default-jre-headless adb \
+
+# Install build tools for libimobiledevice
+# ----------------------------------------
   build-essential \
+  checkinstall \
   git \
   autoconf \
   automake \
   libtool-bin \
-  pkg-config \
-  libcurl4-openssl-dev \
-  libusb-1.0-0-dev \
+  libplist-dev \
+  libusbmuxd-dev \
   libssl-dev \
-  udev \
-  && rm -rf /var/lib/apt/lists/*
+  sqlite3 \
+  pkg-config \
 
-
-# libplist
+# Clean up
 # --------
-FROM build-base as build-libplist
-
-# Build
-RUN git clone https://github.com/libimobiledevice/libplist && cd libplist \
-  && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \
-  && cd .. && rm -rf libplist
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/* /var/cache/apt
 
 
-# libimobiledevice-glue
-# ---------------------
-FROM build-base as build-libimobiledevice-glue
+# Build libimobiledevice
+# ----------------------
+RUN git clone https://github.com/libimobiledevice/libplist \
+  && git clone https://github.com/libimobiledevice/libimobiledevice-glue \
+  && git clone https://github.com/libimobiledevice/libusbmuxd \
+  && git clone https://github.com/libimobiledevice/libimobiledevice \
+  && git clone https://github.com/libimobiledevice/usbmuxd \
 
-# Install dependencies
-COPY --from=build-libplist /build /
+  && cd libplist && ./autogen.sh && make && make install && ldconfig \
 
-# Build
-RUN git clone https://github.com/libimobiledevice/libimobiledevice-glue && cd libimobiledevice-glue \
-  && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \
-  && cd .. && rm -rf libimobiledevice-glue
+  && cd ../libimobiledevice-glue && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --prefix=/usr && make && make install && ldconfig \
 
+  && cd ../libusbmuxd && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh && make && make install && ldconfig \
 
-# libtatsu
-# --------
-FROM build-base as build-libtatsu
+  && cd ../libimobiledevice && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --enable-debug && make && make install && ldconfig \
 
-# Install dependencies
-COPY --from=build-libplist /build /
+  && cd ../usbmuxd && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --runstatedir=/run && make && make install \
 
-# Build
-RUN git clone https://github.com/libimobiledevice/libtatsu && cd libtatsu \
-  && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \
-  && cd .. && rm -rf libtatsu
+  # Clean up.
+  && cd .. && rm -rf libplist libimobiledevice-glue libusbmuxd libimobiledevice usbmuxd
 
-
-# libusbmuxd
-# ----------
-FROM build-base as build-libusbmuxd
-
-# Install dependencies
-COPY --from=build-libplist /build /
-COPY --from=build-libimobiledevice-glue /build /
-
-# Build
-RUN git clone https://github.com/libimobiledevice/libusbmuxd && cd libusbmuxd \
-  && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \
-  && cd .. && rm -rf libusbmuxd
-
-
-# libimobiledevice
-# ----------------
-FROM build-base as build-libimobiledevice
-
-# Install dependencies
-COPY --from=build-libplist /build /
-COPY --from=build-libtatsu /build /
-COPY --from=build-libimobiledevice-glue /build /
-COPY --from=build-libusbmuxd /build /
-
-# Build
-RUN git clone https://github.com/libimobiledevice/libimobiledevice && cd libimobiledevice \
-  && ./autogen.sh --enable-debug && make -j "$(nproc)" && make install DESTDIR=/build \
-  && cd .. && rm -rf libimobiledevice
-
-
-# usbmuxd
-# -------
-FROM build-base as build-usbmuxd
-
-# Install dependencies
-COPY --from=build-libplist /build /
-COPY --from=build-libimobiledevice-glue /build /
-COPY --from=build-libusbmuxd /build /
-COPY --from=build-libimobiledevice /build /
-
-# Build
-RUN git clone https://github.com/libimobiledevice/usbmuxd && cd usbmuxd \
-  && ./autogen.sh --sysconfdir=/etc --localstatedir=/var --runstatedir=/run && make -j "$(nproc)" && make install DESTDIR=/build \
-  && cd .. && rm -rf usbmuxd && mv /build/lib /build/usr/lib
-
-
-# Create main image
-FROM ubuntu:22.04 as main
-
-LABEL org.opencontainers.image.url="https://mvt.re"
-LABEL org.opencontainers.image.documentation="https://docs.mvt.re"
-LABEL org.opencontainers.image.source="https://github.com/mvt-project/mvt"
-LABEL org.opencontainers.image.title="Mobile Verification Toolkit"
-LABEL org.opencontainers.image.description="MVT is a forensic tool to look for signs of infection in smartphone devices."
-LABEL org.opencontainers.image.licenses="MVT License 1.1"
-LABEL org.opencontainers.image.base.name=docker.io/library/ubuntu:22.04
-
-# Install runtime dependencies
-ARG DEBIAN_FRONTEND=noninteractive
-RUN apt-get update \
-  && apt-get install -y \
-  adb \
-  default-jre-headless \
-  libcurl4 \
-  libssl3 \
-  libusb-1.0-0 \
-  python3 \
-  sqlite3
-COPY --from=build-libplist /build /
-COPY --from=build-libimobiledevice-glue /build /
-COPY --from=build-libtatsu /build /
-COPY --from=build-libusbmuxd /build /
-COPY --from=build-libimobiledevice /build /
-COPY --from=build-usbmuxd /build /
-
-# Install mvt using the locally checked out source
-COPY . mvt/
-RUN apt-get update \
-   && apt-get install -y git python3-pip \
-   && PIP_NO_CACHE_DIR=1 pip3 install --upgrade pip \
-   && PIP_NO_CACHE_DIR=1 pip3 install ./mvt \
-   && apt-get remove -y python3-pip git && apt-get autoremove -y \
-   && rm -rf /var/lib/apt/lists/* \
-   && rm -rf mvt
+# Installing MVT
+# --------------
+RUN pip3 install git+https://github.com/mvt-project/mvt.git@main
 
 # Installing ABE
-ADD --checksum=sha256:a20e07f8b2ea47620aff0267f230c3f1f495f097081fd709eec51cf2a2e11632 \
-  https://github.com/nelenkov/android-backup-extractor/releases/download/master-20221109063121-8fdfc5e/abe.jar /opt/abe/abe.jar
+# --------------
+RUN mkdir /opt/abe \
+  && wget https://github.com/nelenkov/android-backup-extractor/releases/download/master-20221109063121-8fdfc5e/abe.jar -O /opt/abe/abe.jar \
 # Create alias for abe
-RUN echo 'alias abe="java -jar /opt/abe/abe.jar"' >> ~/.bashrc
+  && echo 'alias abe="java -jar /opt/abe/abe.jar"' >> ~/.bashrc
 
-# Generate adb key folder
-RUN echo 'if [ ! -f /root/.android/adbkey ]; then adb keygen /root/.android/adbkey 2&>1 > /dev/null; fi' >> ~/.bashrc
-RUN mkdir /root/.android
+# Generate adb key folder 
+# ------------------------------ 
+RUN mkdir /root/.android && adb keygen /root/.android/adbkey
 
 # Setup investigations environment
+# --------------------------------
 RUN mkdir /home/cases
-WORKDIR /home/cases
+WORKDIR /home/cases 
 RUN echo 'echo "Mobile Verification Toolkit @ Docker\n------------------------------------\n\nYou can find information about how to use this image for Android (https://github.com/mvt-project/mvt/tree/master/docs/android) and iOS (https://github.com/mvt-project/mvt/tree/master/docs/ios) in the official docs of the project.\n"' >> ~/.bashrc \
   && echo 'echo "Note that to perform the debug via USB you might need to give the Docker image access to the USB using \"docker run -it --privileged -v /dev/bus/usb:/dev/bus/usb mvt\" or, preferably, the \"--device=\" parameter.\n"' >> ~/.bashrc
 

Dockerfile.android

@@ -1,36 +0,0 @@
-# Create main image
-FROM python:3.10.14-alpine3.20 as main
-
-LABEL org.opencontainers.image.url="https://mvt.re"
-LABEL org.opencontainers.image.documentation="https://docs.mvt.re"
-LABEL org.opencontainers.image.source="https://github.com/mvt-project/mvt"
-LABEL org.opencontainers.image.title="Mobile Verification Toolkit (Android)"
-LABEL org.opencontainers.image.description="MVT is a forensic tool to look for signs of infection in smartphone devices."
-LABEL org.opencontainers.image.licenses="MVT License 1.1"
-LABEL org.opencontainers.image.base.name=docker.io/library/python:3.10.14-alpine3.20
-
-# Install runtime dependencies
-RUN apk add --no-cache \
-  android-tools \
-  git \
-  libusb \
-  openjdk11-jre-headless \
-  sqlite
-
-# Install mvt
-COPY ./ mvt
-RUN apk add --no-cache --virtual .build-deps gcc musl-dev \
-  && PIP_NO_CACHE_DIR=1 pip3 install ./mvt \
-  && apk del .build-deps gcc musl-dev && rm -rf ./mvt
-
-# Installing ABE
-ADD --checksum=sha256:a20e07f8b2ea47620aff0267f230c3f1f495f097081fd709eec51cf2a2e11632 \
-  https://github.com/nelenkov/android-backup-extractor/releases/download/master-20221109063121-8fdfc5e/abe.jar /opt/abe/abe.jar
-# Create alias for abe
-RUN echo 'alias abe="java -jar /opt/abe/abe.jar"' >> ~/.bashrc
-
-# Generate adb key folder
-RUN echo 'if [ ! -f /root/.android/adbkey ]; then adb keygen /root/.android/adbkey 2&>1 > /dev/null; fi' >> ~/.bashrc
-RUN mkdir /root/.android
-
-ENTRYPOINT [ "/usr/local/bin/mvt-android" ]

Dockerfile.ios

@@ -1,137 +0,0 @@
-# Base image for building libraries
-# ---------------------------------
-FROM ubuntu:22.04 as build-base
-
-ARG DEBIAN_FRONTEND=noninteractive
-
-# Install build tools and dependencies
-RUN apt-get update \
-  && apt-get install -y \
-  build-essential \
-  git \
-  autoconf \
-  automake \
-  libtool-bin \
-  pkg-config \
-  libcurl4-openssl-dev \
-  libusb-1.0-0-dev \
-  libssl-dev \
-  udev \
-  && rm -rf /var/lib/apt/lists/*
-
-
-# libplist
-# --------
-FROM build-base as build-libplist
-
-# Build
-RUN git clone https://github.com/libimobiledevice/libplist && cd libplist \
-  && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \
-  && cd .. && rm -rf libplist
-
-
-# libimobiledevice-glue
-# ---------------------
-FROM build-base as build-libimobiledevice-glue
-
-# Install dependencies
-COPY --from=build-libplist /build /
-
-# Build
-RUN git clone https://github.com/libimobiledevice/libimobiledevice-glue && cd libimobiledevice-glue \
-  && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \
-  && cd .. && rm -rf libimobiledevice-glue
-
-
-# libtatsu
-# --------
-FROM build-base as build-libtatsu
-
-# Install dependencies
-COPY --from=build-libplist /build /
-
-# Build
-RUN git clone https://github.com/libimobiledevice/libtatsu && cd libtatsu \
-  && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \
-  && cd .. && rm -rf libtatsu
-
-
-# libusbmuxd
-# ----------
-FROM build-base as build-libusbmuxd
-
-# Install dependencies
-COPY --from=build-libplist /build /
-COPY --from=build-libimobiledevice-glue /build /
-
-# Build
-RUN git clone https://github.com/libimobiledevice/libusbmuxd && cd libusbmuxd \
-  && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \
-  && cd .. && rm -rf libusbmuxd
-
-
-# libimobiledevice
-# ----------------
-FROM build-base as build-libimobiledevice
-
-# Install dependencies
-COPY --from=build-libplist /build /
-COPY --from=build-libtatsu /build /
-COPY --from=build-libimobiledevice-glue /build /
-COPY --from=build-libusbmuxd /build /
-
-# Build
-RUN git clone https://github.com/libimobiledevice/libimobiledevice && cd libimobiledevice \
-  && ./autogen.sh --enable-debug && make -j "$(nproc)" && make install DESTDIR=/build \
-  && cd .. && rm -rf libimobiledevice
-
-
-# usbmuxd
-# -------
-FROM build-base as build-usbmuxd
-
-# Install dependencies
-COPY --from=build-libplist /build /
-COPY --from=build-libimobiledevice-glue /build /
-COPY --from=build-libusbmuxd /build /
-COPY --from=build-libimobiledevice /build /
-
-# Build
-RUN git clone https://github.com/libimobiledevice/usbmuxd && cd usbmuxd \
-  && ./autogen.sh --sysconfdir=/etc --localstatedir=/var --runstatedir=/run && make -j "$(nproc)" && make install DESTDIR=/build \
-  && cd .. && rm -rf usbmuxd && mv /build/lib /build/usr/lib
-
-
-# Main image
-# ----------
-FROM python:3.10.14-alpine3.20 as main
-
-LABEL org.opencontainers.image.url="https://mvt.re"
-LABEL org.opencontainers.image.documentation="https://docs.mvt.re"
-LABEL org.opencontainers.image.source="https://github.com/mvt-project/mvt"
-LABEL org.opencontainers.image.title="Mobile Verification Toolkit (iOS)"
-LABEL org.opencontainers.image.description="MVT is a forensic tool to look for signs of infection in smartphone devices."
-LABEL org.opencontainers.image.licenses="MVT License 1.1"
-LABEL org.opencontainers.image.base.name=docker.io/library/python:3.10.14-alpine3.20
-
-# Install runtime dependencies
-RUN apk add --no-cache \
-  gcompat \
-  libcurl \
-  libssl3 \
-  libusb \
-  sqlite
-COPY --from=build-libplist /build /
-COPY --from=build-libimobiledevice-glue /build /
-COPY --from=build-libtatsu /build /
-COPY --from=build-libusbmuxd /build /
-COPY --from=build-libimobiledevice /build /
-COPY --from=build-usbmuxd /build /
-
-# Install mvt using the locally checked out source
-COPY ./ mvt
-RUN apk add --no-cache --virtual .build-deps git gcc musl-dev \
-  && PIP_NO_CACHE_DIR=1 pip3 install ./mvt \
-  && apk del .build-deps git gcc musl-dev && rm -rf ./mvt
-
-ENTRYPOINT [ "/usr/local/bin/mvt-ios" ]

Makefile

@@ -1,39 +1,23 @@
 PWD = $(shell pwd)
 
-autofix:
-	ruff format .
-	ruff check --fix .
-
-check: ruff mypy
-
-ruff:
-	ruff format --check .
+check:
+	flake8
 	ruff check -q .
+	black --check .
+	pytest -q
 
-mypy:
-	mypy
-
-test:
-	python3 -m pytest
-
-test-ci:
-	python3 -m pytest -v
-
-install:
-	python3 -m pip install --upgrade -e .
-
-test-requirements:
-	python3 -m pip install --upgrade -r test-requirements.txt
 
 clean:
-	rm -rf $(PWD)/build $(PWD)/dist $(PWD)/src/mvt.egg-info
+	rm -rf $(PWD)/build $(PWD)/dist $(PWD)/mvt.egg-info
 
 dist:
-	python3 -m pip install --upgrade build
-	python3 -m build
+	python3 setup.py sdist bdist_wheel
 
 upload:
 	python3 -m twine upload dist/*
 
 test-upload:
 	python3 -m twine upload --repository testpypi dist/*
+
+pylint:
+	pylint --rcfile=setup.cfg mvt

README.md

@@ -6,7 +6,7 @@
 
 [![](https://img.shields.io/pypi/v/mvt)](https://pypi.org/project/mvt/)
 [![Documentation Status](https://readthedocs.org/projects/mvt/badge/?version=latest)](https://docs.mvt.re/en/latest/?badge=latest)
-[![CI](https://github.com/mvt-project/mvt/actions/workflows/tests.yml/badge.svg)](https://github.com/mvt-project/mvt/actions/workflows/tests.yml)
+[![CI](https://github.com/mvt-project/mvt/actions/workflows/python-package.yml/badge.svg)](https://github.com/mvt-project/mvt/actions/workflows/python-package.yml)
 [![Downloads](https://pepy.tech/badge/mvt)](https://pepy.tech/project/mvt)
 
 Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.

dev/mvt-android

@@ -0,0 +1,14 @@
+#!/usr/bin/env python3
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2022 Claudio Guarnieri.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+import os
+import sys
+
+sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+
+from mvt import android
+
+android.cli()

dev/mvt-ios

@@ -0,0 +1,14 @@
+#!/usr/bin/env python3
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2022 Claudio Guarnieri.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+import os
+import sys
+
+sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+
+from mvt import ios
+
+ios.cli()

docs/android/download_apks.md

@@ -1,6 +1,6 @@
 # Downloading APKs from an Android phone
 
-MVT allows you to attempt to download all available installed packages (APKs) from a device in order to further inspect them and potentially identify any which might be malicious in nature.
+MVT allows to attempt to download all available installed packages (APKs) in order to further inspect them and potentially identify any which might be malicious in nature.
 
 You can do so by launching the following command:
 

docs/docker.md

@@ -2,22 +2,7 @@ Using Docker simplifies having all the required dependencies and tools (includin
 
 Install Docker following the [official documentation](https://docs.docker.com/get-docker/).
 
-Once Docker is installed, you can run MVT by downloading a prebuilt MVT Docker image, or by building a Docker image yourself from the MVT source repo.
-
-### Using the prebuilt Docker image
-
-```bash
-docker pull ghcr.io/mvt-project/mvt
-```
-
-You can then run the Docker container with:
-
-```
-docker run -it ghcr.io/mvt-project/mvt
-```
-
-
-### Build and run Docker image from source
+Once installed, you can clone MVT's repository and build its Docker image:
 
 ```bash
 git clone https://github.com/mvt-project/mvt.git
@@ -33,9 +18,6 @@ docker run -it mvt
 
 If a prompt is spawned successfully, you can close it with `exit`.
 
-
-## Docker usage with Android devices
-
 If you wish to use MVT to test an Android device you will need to enable the container's access to the host's USB devices. You can do so by enabling the `--privileged` flag and mounting the USB bus device as a volume:
 
 ```bash

docs/iocs.md

@@ -34,13 +34,6 @@ It is also possible to load STIX2 files automatically from the environment varia
 export MVT_STIX2="/home/user/IOC1.stix2:/home/user/IOC2.stix2"
 ```
 
-## STIX2 Support
-
-So far MVT implements only a subset of [STIX2 specifications](https://docs.oasis-open.org/cti/stix/v2.1/csprd01/stix-v2.1-csprd01.html):
-
-* It only supports checks for one value (such as `[domain-name:value='DOMAIN']`) and not boolean expressions over multiple comparisons
-* It only supports the following types: `domain-name:value`, `process:name`, `email-addr:value`, `file:name`, `file:path`, `file:hashes.md5`, `file:hashes.sha1`, `file:hashes.sha256`, `app:id`, `configuration-profile:id`, `android-property:name`, `url:value` (but each type will only be checked by a module if it is relevant to the type of data obtained)
-
 ## Known repositories of STIX2 IOCs
 
 - The [Amnesty International investigations repository](https://github.com/AmnestyTech/investigations) contains STIX-formatted IOCs for:
@@ -53,6 +46,3 @@ So far MVT implements only a subset of [STIX2 specifications](https://docs.oasis
 You can automaticallly download the latest public indicator files with the command `mvt-ios download-iocs` or `mvt-android download-iocs`. These commands download the list of indicators from the [mvt-indicators](https://github.com/mvt-project/mvt-indicators/blob/main/indicators.yaml) repository and store them in the [appdir](https://pypi.org/project/appdirs/) folder. They are then loaded automatically by MVT.
 
 Please [open an issue](https://github.com/mvt-project/mvt/issues/) to suggest new sources of STIX-formatted IOCs.
-
-
-

docs/requirements.txt

@@ -1,5 +1,5 @@
-mkdocs==1.6.1
-mkdocs-autorefs==1.2.0
-mkdocs-material==9.5.42
-mkdocs-material-extensions==1.3.1
-mkdocstrings==0.23.0
+mkdocs==1.2.3
+mkdocs-autorefs
+mkdocs-material
+mkdocs-material-extensions
+mkdocstrings

mkdocs.yml

@@ -7,8 +7,8 @@ markdown_extensions:
     - attr_list
     - admonition
     - pymdownx.emoji:
-        emoji_index: !!python/name:material.extensions.emoji.twemoji
-        emoji_generator: !!python/name:material.extensions.emoji.to_svg
+        emoji_index: !!python/name:materialx.emoji.twemoji
+        emoji_generator: !!python/name:materialx.emoji.to_svg
     - pymdownx.superfences
     - pymdownx.inlinehilite
     - pymdownx.highlight:

mvt/android/artifacts/artifact.py

@@ -0,0 +1,36 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+from mvt.common.artifact import Artifact
+
+
+class AndroidArtifact(Artifact):
+    @staticmethod
+    def extract_dumpsys_section(dumpsys: str, separator: str) -> str:
+        """
+        Extract a section from a full dumpsys file.
+
+        :param dumpsys: content of the full dumpsys file (string)
+        :param separator: content of the first line separator (string)
+        :return: section extracted (string)
+        """
+        lines = []
+        in_section = False
+        for line in dumpsys.splitlines():
+            if line.strip() == separator:
+                in_section = True
+                continue
+
+            if not in_section:
+                continue
+
+            if line.strip().startswith(
+                "------------------------------------------------------------------------------"
+            ):
+                break
+
+            lines.append(line)
+
+        return "\n".join(lines)

mvt/android/artifacts/dumpstate_artifact.py

@@ -0,0 +1,165 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2023 The MVT Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+import re
+
+from .artifact import AndroidArtifact
+
+
+# The AOSP dumpstate code is available at https://cs.android.com/android/platform/superproject/+/master:frameworks/native/cmds/dumpstate/
+# The dumpstate code is used to generate bugreports on Android devices. It looks like there are
+# bugs in the code that leave some sections with out ending lines. We need to handle these cases.
+#
+# The approach here is to flag probably broken section, and to search for plausible new section headers
+# to close the previous section. This is a heuristic approach, and may not work in all cases. We can't do
+# this for all sections as we will detect subsections as new sections.
+SECTION_BROKEN_TERMINATORS = [
+    b"VM TRACES AT LAST ANR",
+    b"DIGITAL_HALL",
+]
+
+
+class DumpStateArtifact(AndroidArtifact):
+    def __init__(self, *args, **kwargs):
+        self.dumpstate_sections = []
+        self.dumpstate_header = {}
+        self.unparsed_lines = []
+        super().__init__(*args, **kwargs)
+
+    def _parse_dumpstate_header(self, header_text):
+        """
+        Parse dumpstate header metadata
+        """
+        fields = {}
+        for line in header_text.splitlines():
+            if line.startswith(b"="):
+                continue
+
+            if b":" in line:
+                # Save line if it's a key-value pair.
+                key, value = line.split(b":", 1)
+                fields[key] = value[1:]
+
+            if not line and fields:
+                # Finish if we get an empty line and already parsed lines
+                break
+            else:
+                # Skip until we find lines
+                continue
+
+        self.dumpstate_header = fields
+        return fields
+
+    def _get_section_header(self, header_match):
+        """
+        Create internal dictionary to track dumpsys section.
+        """
+        section_full = header_match.group(0).strip(b"-").strip()
+        section_name = header_match.group(1).rstrip()
+
+        if header_match.group(2):
+            section_command = header_match.group(2).strip(b"()")
+        else:
+            # Some headers can missing the command
+            section_command = ""
+
+        has_broken_terminator = False
+        for broken_section in SECTION_BROKEN_TERMINATORS:
+            if broken_section in section_name:
+                has_broken_terminator = True
+                break
+
+        section = {
+            "section_name": section_name,
+            "section_command": section_command,
+            "section_full": section_full,
+            "missing_terminator": has_broken_terminator,
+            "lines": [],
+            "error": False,
+        }
+        self.dumpstate_sections.append(section)
+        return section
+
+    def parse_dumpstate(self, text: str) -> list:
+        """
+        Extract all sections from a full dumpstate file.
+
+        :param text: content of the full dumpstate file (string)
+        """
+        # Parse the header
+        self._parse_dumpstate_header(text)
+
+        header = b"------ "
+
+        # Regexes to parse headers
+        section_name_re = re.compile(rb"------ ([\w\d\s\-\/\&]+)(\(.*\))? ------")
+        end_of_section_re = re.compile(rb"------ End of .* ------")
+        missing_file_error_re = re.compile(rb"\*\*\* (.*): No such file or directory")
+        generic_error_re = re.compile(rb"\*\*\* (.*) (?<!\*\*\*)$")
+
+        section = None
+
+        # Parse each line in dumpstate and look for headers
+        for line in text.splitlines():
+            if not section:
+                # If we find an end section when not in a section, we can skip
+                # It's probably the trailing line of a section.
+                end_of_section_match = re.match(end_of_section_re, line)
+                if end_of_section_match:
+                    self.unparsed_lines.append(line)
+                    continue
+
+                possible_section_header = re.match(section_name_re, line)
+                if possible_section_header:
+                    section = self._get_section_header(possible_section_header)
+                    # print("found section", section)
+                    continue
+                else:
+                    # We continue to next line as we weren't already in a section
+                    self.unparsed_lines.append(line)
+                    continue
+
+            if line.lstrip().startswith(header):
+                # This may be an internal section, or the terminator for our current section
+                # Ending looks like: ------ 0.557s was the duration of 'DUMPSYS CRITICAL' ------
+
+                # Check that we have the end for the right command.
+                section_command_in_quotes = b"'" + section["section_name"] + b"'"
+                if (
+                    section_command_in_quotes in line
+                    or section["section_full"]
+                    in line  # Needed for 0.070s was the duration of 'KERNEL LOG (dmesg)'
+                ):
+                    # Add end line and finish up the section
+                    section["lines"].append(line)
+                    section = None
+                    continue
+
+                # If we haven't closed previous, but this matches a section header, we can try close.
+                # Probably a bug where not closed properly. We explicitly flag known broken fields.
+
+                # This fails on these blocks if we dont blacklist. Maybe we need to make a blacklist of badly closed items
+                # ------ DUMP BLOCK STAT ------
+                # ------ BLOCK STAT (/sys/block/dm-20) ------
+
+                possible_section_header = re.match(section_name_re, line)
+                if possible_section_header and section["missing_terminator"]:
+                    section = self._get_section_header(possible_section_header)
+                else:
+                    # Probably terminator for subsection, ignore and treat as a regular line.
+                    pass
+
+            # Handle lines with special meaning
+            # TODO: This is failing as sometime errors are followed by a terminator and sometimes not.
+            if re.match(missing_file_error_re, line) or re.match(
+                generic_error_re, line
+            ):
+                # The line in a failed file read which is dumped without an header end section.
+                section["failed"] = True
+                section["lines"].append(line)
+                section = None
+            else:
+                section["lines"].append(line)
+
+        return self.dumpstate_sections

mvt/android/artifacts/dumpsys_accessibility.py

@@ -3,9 +3,8 @@
 # Use of this software is governed by the MVT License 1.1 that can be found at
 #   https://license.mvt.re/1.1/
 
-import re
-
 from .artifact import AndroidArtifact
+import re
 
 
 class DumpsysAccessibilityArtifact(AndroidArtifact):