Bumped version

Standardizing base classes declarations
Sorted imports
2025-10-21 22:42:15 +02:00 · 2021-08-12 18:44:14 +02:00 · 2021-08-12 18:36:31 +02:00 · 2021-08-12 18:34:33 +02:00 · 2021-08-12 18:34:23 +02:00 · 2021-08-12 18:33:58 +02:00
69 changed files with 360 additions and 298 deletions
--- a/7
+++ b/7
@@ -0,0 +1,7 @@
+MVT was originally authored by Claudio Guarnieri <nex@nex.sx>.
+
+For an up-to-date list of all contributors visit:
+    https://github.com/mvt-project/mvt/graphs/contributors
+
+Or run:
+    git shortlog -s -n
--- a/README.md
+++ b/README.md
@@ -15,38 +15,20 @@ It has been developed and released by the [Amnesty International Security Lab](h

 ## Installation

-MVT can be installed from sources or conveniently using:
+MVT can be installed from sources or from [PyPi](https://pypi.org/project/mvt/) (you will need some dependencies, check the [documentation](https://docs.mvt.re/en/latest/install.html)):

 ```
 pip3 install mvt
 ```

-You will need some dependencies, so please check the [documentation](https://docs.mvt.re/en/latest/install.html).
-
 Alternatively, you can decide to run MVT and all relevant tools through a [Docker container](https://docs.mvt.re/en/latest/docker.html).

+**Please note:** MVT is best run on Linux or Mac systems. [It does not currently support running natively on Windows.](https://docs.mvt.re/en/latest/install.html#mvt-on-windows)

 ## Usage

-MVT provides two commands `mvt-ios` and `mvt-android` with the following subcommands available:
-
-* `mvt-ios`:
-    * `check-backup`: Extract artifacts from an iTunes backup
-    * `check-fs`: Extract artifacts from a full filesystem dump
-    * `check-iocs`: Compare stored JSON results to provided indicators
-    * `decrypt-backup`:  Decrypt an encrypted iTunes backup
-    * `extract-key`: Extract decryption key from an iTunes backup
-* `mvt-android`:
-    * `check-backup`: Check an Android Backup
-    * `download-apks`: Download all or non-safelisted installed APKs
-
-Check out [the documentation to see how to use them](https://docs.mvt.re/).
-
+MVT provides two commands `mvt-ios` and `mvt-android`. [Check out the documentation to learn how to use them!](https://docs.mvt.re/).

 ## License

-The purpose of MVT is to facilitate the ***consensual forensic analysis*** of devices of those who might be targets of sophisticated mobile spyware attacks, especially members of civil society and marginalized communities. We do not want MVT to enable privacy violations of non-consenting individuals. Therefore, the goal of this license is to prohibit the use of MVT (and any other software licensed the same) for the purpose of *adversarial forensics*.
-
-In order to achieve this, MVT is released under an adaptation of [Mozilla Public License v2.0](https://www.mozilla.org/MPL). This modified license includes a new clause 3.0, "Consensual Use Restriction" which permits the use of the licensed software (and any *"Larger Work"* derived from it) exclusively with the explicit consent of the person/s whose data is being extracted and/or analysed (*"Data Owner"*).
-
-[Read the LICENSE](https://github.com/mvt-project/mvt/blob/main/LICENSE)
+The purpose of MVT is to facilitate the ***consensual forensic analysis*** of devices of those who might be targets of sophisticated mobile spyware attacks, especially members of civil society and marginalized communities. We do not want MVT to enable privacy violations of non-consenting individuals.  In order to achieve this, MVT is released under its own license. [Read more here.](https://docs.mvt.re/en/latest/license.html)
--- a/dev/mvt-android
+++ b/dev/mvt-android
@@ -1,8 +1,8 @@
 #!/usr/bin/env python3
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import os
 import sys
--- a/dev/mvt-ios
+++ b/dev/mvt-ios
@@ -1,8 +1,8 @@
 #!/usr/bin/env python3
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import os
 import sys
--- a/docs/android/methodology.md
+++ b/docs/android/methodology.md
@@ -1,8 +1,3 @@
 # Methodology for Android forensic

-For different technical reasons, it is more complex to do a forensic analysis of an Android phone.
-
-Currently MVT allows to perform two different checks on an Android phone:
-
-* Download APKs installed in order to analyze them
-* Extract Android backup in order to look for suspicious SMS
+TODO
--- a/docs/install.md
+++ b/docs/install.md
@@ -12,6 +12,8 @@ sudo apt install python3 python3-pip libusb-1.0-0 sqlite3

 *libusb-1.0-0* is not required if you intend to only use `mvt-ios` and not `mvt-android`.

+When working with Android devices you should additionally install [Android SDK Platform Tools](https://developer.android.com/studio/releases/platform-tools). If you prefer to install a package made available by your distribution of choice, please make sure the version is recent to ensure compatibility with modern Android devices.
+
 ## Dependencies on Mac

 Running MVT on Mac requires Xcode and [homebrew](https://brew.sh) to be installed.
@@ -24,6 +26,20 @@ brew install python3 libusb sqlite3

 *libusb* is not required if you intend to only use `mvt-ios` and not `mvt-android`.

+When working with Android devices you should additionally install Android SDK Platform Tools:
+
+```bash
+brew install --cask android-platform-tools
+```
+
+Or by downloading the [official binary releases](https://developer.android.com/studio/releases/platform-tools).
+
+## MVT on Windows
+
+MVT does not currently officially support running natively on Windows. While most functionality should work out of the box, there are known issues especially with `mvt-android`.
+
+It is recommended to try installing and running MVT from [Windows Subsystem Linux (WSL)](https://docs.microsoft.com/en-us/windows/wsl/about) and follow Linux installation instructions for your distribution of choice.
+
 ## Installing MVT

 If you haven't done so, you can add this to your `.bashrc` or `.zshrc` file in order to add locally installed Pypi binaries to your `$PATH`:
--- a/mvt/init.py
+++ b/mvt/init.py
@@ -1,4 +1,4 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
--- a/mvt/android/init.py
+++ b/mvt/android/init.py
@@ -1,6 +1,6 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 from .cli import cli
--- a/mvt/android/cli.py
+++ b/mvt/android/cli.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import argparse
 import logging
@@ -28,7 +28,7 @@ log = logging.getLogger(__name__)

 # Help messages of repeating options.
 OUTPUT_HELP_MESSAGE = "Specify a path to a folder where you want to store JSON results"
-
+SERIAL_HELP_MESSAGE = "Specify a device serial number or HOST:PORT connection string"

 #==============================================================================
 # Main
@@ -42,6 +42,7 @@ def cli():
 # Download APKs
 #==============================================================================
@cli.command("download-apks", help="Download all or non-safelisted installed APKs installed on the device")
+@click.option("--serial", "-s", type=str, help=SERIAL_HELP_MESSAGE)
@click.option("--all-apks", "-a", is_flag=True,
              help="Extract all packages installed on the phone, even those marked as safe")
@click.option("--virustotal", "-v", is_flag=True, help="Check packages on VirusTotal")
@@ -51,7 +52,7 @@ def cli():
              help="Specify a path to a folder where you want to store the APKs")
@click.option("--from-file", "-f", type=click.Path(exists=True),
              help="Instead of acquiring from phone, load an existing packages.json file for lookups (mainly for debug purposes)")
-def download_apks(all_apks, virustotal, koodous, all_checks, output, from_file):
+def download_apks(all_apks, virustotal, koodous, all_checks, output, from_file, serial):
    try:
        if from_file:
            download = DownloadAPKs.from_json(from_file)
@@ -64,6 +65,8 @@ def download_apks(all_apks, virustotal, koodous, all_checks, output, from_file):
                    sys.exit(-1)

            download = DownloadAPKs(output_folder=output, all_apks=all_apks)
+            if serial:
+                download.serial = serial
            download.run()

        packages = download.packages
@@ -85,12 +88,13 @@ def download_apks(all_apks, virustotal, koodous, all_checks, output, from_file):
 # Checks through ADB
 #==============================================================================
@cli.command("check-adb", help="Check an Android device over adb")
+@click.option("--serial", "-s", type=str, help=SERIAL_HELP_MESSAGE)
@click.option("--iocs", "-i", type=click.Path(exists=True), help="Path to indicators file")
@click.option("--output", "-o", type=click.Path(exists=False),
              help="Specify a path to a folder where you want to store JSON results")
@click.option("--list-modules", "-l", is_flag=True, help="Print list of available modules and exit")
@click.option("--module", "-m", help="Name of a single module you would like to run instead of all")
-def check_adb(iocs, output, list_modules, module):
+def check_adb(iocs, output, list_modules, module, serial):
    if list_modules:
        log.info("Following is the list of available check-adb modules:")
        for adb_module in ADB_MODULES:
@@ -119,6 +123,8 @@ def check_adb(iocs, output, list_modules, module):
            continue

        m = adb_module(output_folder=output, log=logging.getLogger(adb_module.__module__))
+        if serial:
+            m.serial = serial

        if iocs:
            indicators.log = m.log
@@ -138,10 +144,11 @@ def check_adb(iocs, output, list_modules, module):
 # Check ADB backup
 #==============================================================================
@cli.command("check-backup", help="Check an Android Backup")
+@click.option("--serial", "-s", type=str, help=SERIAL_HELP_MESSAGE)
@click.option("--iocs", "-i", type=click.Path(exists=True), help="Path to indicators file")
@click.option("--output", "-o", type=click.Path(exists=False), help=OUTPUT_HELP_MESSAGE)
@click.argument("BACKUP_PATH", type=click.Path(exists=True))
-def check_backup(iocs, output, backup_path):
+def check_backup(iocs, output, backup_path, serial):
    log.info("Checking ADB backup located at: %s", backup_path)

    if output and not os.path.exists(output):
@@ -168,6 +175,9 @@ def check_backup(iocs, output, backup_path):
        m = module(base_folder=backup_path, output_folder=output,
                   log=logging.getLogger(module.__module__))

+        if serial:
+            m.serial = serial
+
        if iocs:
            indicators.log = m.log
            m.indicators = indicators
--- a/mvt/android/download_apks.py
+++ b/mvt/android/download_apks.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import json
 import logging
--- a/mvt/android/lookups/init.py
+++ b/mvt/android/lookups/init.py
@@ -1,4 +1,4 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
--- a/mvt/android/lookups/koodous.py
+++ b/mvt/android/lookups/koodous.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import logging

--- a/mvt/android/lookups/virustotal.py
+++ b/mvt/android/lookups/virustotal.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import logging

--- a/mvt/android/modules/init.py
+++ b/mvt/android/modules/init.py
@@ -1,4 +1,4 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
--- a/mvt/android/modules/adb/init.py
+++ b/mvt/android/modules/adb/init.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 from .chrome_history import ChromeHistory
 from .dumpsys_batterystats import DumpsysBatterystats
--- a/mvt/android/modules/adb/base.py
+++ b/mvt/android/modules/adb/base.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import logging
 import os
@@ -11,13 +11,13 @@ import sys
 import tempfile
 import time

-from adb_shell.adb_device import AdbDeviceUsb
+from adb_shell.adb_device import AdbDeviceTcp, AdbDeviceUsb
 from adb_shell.auth.keygen import keygen, write_public_keyfile
 from adb_shell.auth.sign_pythonrsa import PythonRSASigner
 from adb_shell.exceptions import AdbCommandFailureException, DeviceAuthError
 from usb1 import USBErrorAccess, USBErrorBusy

-from mvt.common.module import MVTModule
+from mvt.common.module import InsufficientPrivileges, MVTModule

 log = logging.getLogger(__name__)

@@ -29,17 +29,12 @@ class AndroidExtraction(MVTModule):

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
                 fast_mode=False, log=None, results=[]):
-        """Initialize Android extraction module.
-        :param file_path: Path to the database file to parse
-        :param base_folder: Path to a base folder containing an Android dump
-        :param output_folder: Path to the folder where to store extraction
-                              results
-        """
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)

        self.device = None
+        self.serial = None

    def _adb_check_keys(self):
        """Make sure Android adb keys exist.
@@ -59,7 +54,19 @@ class AndroidExtraction(MVTModule):
            priv_key = handle.read()

        signer = PythonRSASigner("", priv_key)
-        self.device = AdbDeviceUsb()
+
+        # If no serial was specified or if the serial does not seem to be
+        # a HOST:PORT definition, we use the USB transport.
+        if not self.serial or ":" not in self.serial:
+            self.device = AdbDeviceUsb(serial=self.serial)
+        # Otherwise we try to use the TCP transport.
+        else:
+            addr = self.serial.split(":")
+            if len(addr) < 2:
+                raise ValueError("TCP serial number must follow the format: `address:port`")
+
+            self.device = AdbDeviceTcp(addr[0], int(addr[1]),
+                                       default_transport_timeout_s=30.)

        while True:
            try:
@@ -105,7 +112,7 @@ class AndroidExtraction(MVTModule):
        """Check if we have a `su` binary, otherwise raise an Exception.
        """
        if not self._adb_check_if_root():
-            raise Exception("The Android device does not seem to have a `su` binary. Cannot run this module.")
+            raise InsufficientPrivileges("This module is optionally available in case the device is already rooted. Do NOT root your own device!")

    def _adb_command_as_root(self, command):
        """Execute an adb shell command.
@@ -120,6 +127,8 @@ class AndroidExtraction(MVTModule):
        :returns: Boolean indicating whether the file exists or not
        """

+        # TODO: Need to support checking files without root privileges as well.
+
        # Connect to the device over adb.
        self._adb_connect()
        # Check if we have root, if not raise an Exception.
--- a/mvt/android/modules/adb/chrome_history.py
+++ b/mvt/android/modules/adb/chrome_history.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import logging
 import os
@@ -20,7 +20,7 @@ class ChromeHistory(AndroidExtraction):
    """This module extracts records from Android's Chrome browsing history."""

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
-                 fast_mode=False, log=None, results=[]):
+                 serial=None, fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)
--- a/mvt/android/modules/adb/dumpsys_batterystats.py
+++ b/mvt/android/modules/adb/dumpsys_batterystats.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import logging
 import os
@@ -14,7 +14,7 @@ class DumpsysBatterystats(AndroidExtraction):
    """This module extracts stats on battery consumption by processes."""

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
-                 fast_mode=False, log=None, results=[]):
+                 serial=None, fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)
--- a/mvt/android/modules/adb/dumpsys_packages.py
+++ b/mvt/android/modules/adb/dumpsys_packages.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import logging
 import os
@@ -14,7 +14,7 @@ class DumpsysPackages(AndroidExtraction):
    """This module extracts stats on installed packages."""

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
-                 fast_mode=False, log=None, results=[]):
+                 serial=None, fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)
--- a/mvt/android/modules/adb/dumpsys_procstats.py
+++ b/mvt/android/modules/adb/dumpsys_procstats.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import logging
 import os
@@ -14,7 +14,7 @@ class DumpsysProcstats(AndroidExtraction):
    """This module extracts stats on memory consumption by processes."""

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
-                 fast_mode=False, log=None, results=[]):
+                 serial=None, fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)
--- a/mvt/android/modules/adb/packages.py
+++ b/mvt/android/modules/adb/packages.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import logging
 import os
@@ -16,7 +16,7 @@ class Packages(AndroidExtraction):
    """This module extracts the list of installed packages."""

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
-                 fast_mode=False, log=None, results=[]):
+                 serial=None, fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)
--- a/mvt/android/modules/adb/processes.py
+++ b/mvt/android/modules/adb/processes.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import logging

@@ -13,7 +13,7 @@ class Processes(AndroidExtraction):
    """This module extracts details on running processes."""

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
-                 fast_mode=False, log=None, results=[]):
+                 serial=None, fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)
@@ -21,7 +21,7 @@ class Processes(AndroidExtraction):
    def run(self):
        self._adb_connect()

-        output = self._adb_command("ps")
+        output = self._adb_command("ps -e")

        for line in output.split("\n")[1:]:
            line = line.strip()
--- a/mvt/android/modules/adb/rootbinaries.py
+++ b/mvt/android/modules/adb/rootbinaries.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import logging
 import os
@@ -16,7 +16,7 @@ class RootBinaries(AndroidExtraction):
    """This module extracts the list of installed packages."""

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
-                 fast_mode=False, log=None, results=[]):
+                 serial=None, fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)
--- a/mvt/android/modules/adb/sms.py
+++ b/mvt/android/modules/adb/sms.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import logging
 import os
@@ -43,7 +43,7 @@ class SMS(AndroidExtraction):
    """This module extracts all SMS messages containing links."""

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
-                 fast_mode=False, log=None, results=[]):
+                 serial=None, fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)
@@ -102,15 +102,11 @@ class SMS(AndroidExtraction):
        log.info("Extracted a total of %d SMS messages containing links", len(self.results))

    def run(self):
-        # Checking the SMS database path
-        try:
-            if (self._adb_check_file_exists(os.path.join("/", SMS_BUGLE_PATH))):
-                self.SMS_DB_TYPE = 1
-                self._adb_process_file(os.path.join("/", SMS_BUGLE_PATH), self._parse_db)
-            elif (self._adb_check_file_exists(os.path.join("/", SMS_MMSSMS_PATH))):
-                self.SMS_DB_TYPE = 2
-                self._adb_process_file(os.path.join("/", SMS_MMSSMS_PATH), self._parse_db)
-            else:
-                self.log.error("No SMS database found")
-        except Exception as e:
-            self.log.error(e)
+        if (self._adb_check_file_exists(os.path.join("/", SMS_BUGLE_PATH))):
+            self.SMS_DB_TYPE = 1
+            self._adb_process_file(os.path.join("/", SMS_BUGLE_PATH), self._parse_db)
+        elif (self._adb_check_file_exists(os.path.join("/", SMS_MMSSMS_PATH))):
+            self.SMS_DB_TYPE = 2
+            self._adb_process_file(os.path.join("/", SMS_MMSSMS_PATH), self._parse_db)
+        else:
+            self.log.error("No SMS database found")
--- a/mvt/android/modules/adb/whatsapp.py
+++ b/mvt/android/modules/adb/whatsapp.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import base64
 import logging
@@ -20,7 +20,7 @@ class Whatsapp(AndroidExtraction):
    """This module extracts all WhatsApp messages containing links."""

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
-                 fast_mode=False, log=None, results=[]):
+                 serial=None, fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)
@@ -82,7 +82,4 @@ class Whatsapp(AndroidExtraction):
        self.results = messages

    def run(self):
-        try:
-            self._adb_process_file(os.path.join("/", WHATSAPP_PATH), self._parse_db)
-        except Exception as e:
-            self.log.error(e)
+        self._adb_process_file(os.path.join("/", WHATSAPP_PATH), self._parse_db)
--- a/mvt/android/modules/backup/init.py
+++ b/mvt/android/modules/backup/init.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 from .sms import SMS

--- a/mvt/android/modules/backup/sms.py
+++ b/mvt/android/modules/backup/sms.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import json
 import os
--- a/mvt/common/init.py
+++ b/mvt/common/init.py
@@ -1,4 +1,4 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
--- a/mvt/common/indicators.py
+++ b/mvt/common/indicators.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import json
 import os
--- a/mvt/common/module.py
+++ b/mvt/common/module.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import csv
 import glob
@@ -21,6 +21,9 @@ class DatabaseNotFoundError(Exception):
 class DatabaseCorruptedError(Exception):
    pass

+class InsufficientPrivileges(Exception):
+    pass
+
 class MVTModule(object):
    """This class provides a base for all extraction modules."""

@@ -150,6 +153,8 @@ def run_module(module):
    except NotImplementedError:
        module.log.exception("The run() procedure of module %s was not implemented yet!",
                             module.__class__.__name__)
+    except InsufficientPrivileges as e:
+        module.log.info("Insufficient privileges for module %s: %s", module.__class__.__name__, e)
    except DatabaseNotFoundError as e:
        module.log.info("There might be no data to extract by module %s: %s",
                        module.__class__.__name__, e)
@@ -163,7 +168,13 @@ def run_module(module):
        try:
            module.check_indicators()
        except NotImplementedError:
+            module.log.info("The %s module does not support checking for indicators",
+                            module.__class__.__name__)
            pass
+        else:
+            if module.indicators and not module.detected:
+                module.log.info("The %s module produced no detections!",
+                                module.__class__.__name__)

        try:
            module.to_timeline()
--- a/mvt/common/options.py
+++ b/mvt/common/options.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 # From: https://gist.github.com/stanchan/bce1c2d030c76fe9223b5ff6ad0f03db

--- a/mvt/common/url.py
+++ b/mvt/common/url.py
@@ -1,7 +1,7 @@
 # Mobile Verification Toolkit (MVT)
-# Copyright (c) 2021 MVT Project Developers.
-# See the file 'LICENSE' for usage and copying permissions, or find a copy at
-#   https://github.com/mvt-project/mvt/blob/main/LICENSE
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/

 import requests
 from tld import get_tld
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Nex	bdbfe02315	Bumped version	2021-08-12 18:44:14 +02:00
Nex	54eaf046b0	Standardizing base classes declarations	2021-08-12 18:36:31 +02:00
Nex	23e4babbc9	Sorted imports	2021-08-12 18:34:33 +02:00
Nex	78b9fcd50c	Added super init to NetBase	2021-08-12 18:34:23 +02:00
Nex	4eb7a64614	Removed serial in declaration	2021-08-12 18:33:58 +02:00
Nex	e512e0b72f	Fixed download_apks init	2021-08-12 18:25:57 +02:00
Nex	7884c28253	Merge branch 'j0k2r-main'	2021-08-12 18:21:36 +02:00
Nex	8ca7030195	Refactored serial specification for ADB	2021-08-12 18:21:21 +02:00
Nex	f78c671885	Merge branch 'main' of https://github.com/j0k2r/mvt into j0k2r-main	2021-08-12 18:07:50 +02:00
Nex	411ac53522	Letting module handler catch any exception	2021-08-12 17:57:40 +02:00
Nex	8be60e8a04	Checking all processes	2021-08-12 17:53:19 +02:00
Nex	8a484b3b24	Added a more clear message regarding rooted Androids	2021-08-12 17:47:20 +02:00
Nex	0a7512cfb2	Checking for manipulated entries even when no indicators are provided	2021-08-12 12:57:27 +02:00
Nex	257f3732e3	Merge branch 'DL6ER-main'	2021-08-12 12:56:17 +02:00
Nex	8d93ab66c9	Improved logging around detection results	2021-08-12 12:56:12 +02:00
Nex	6e19d34700	Merge branch 'main' of https://github.com/DL6ER/mvt into DL6ER-main	2021-08-12 12:49:36 +02:00
Nex	271cdede0f	Merge branch 'dkg-error-cleanup'	2021-08-12 12:48:47 +02:00
Nex	88324c7c42	Standardized to logging format	2021-08-12 12:48:29 +02:00
Daniel Kahn Gillmor	ec93c3d8b8	Even friendlier behaviors when the user mis-specifies the backup path As discussed in #147	2021-08-10 23:19:45 -04:00
Daniel Kahn Gillmor	1288f8ca53	handle error cases better	2021-08-10 22:57:15 -04:00
DL6ER	290776a286	Log if there was no detection made by the module Signed-off-by: DL6ER <dl6er@dl6er.de>	2021-08-10 12:13:23 +02:00
Nex	44b677fdb2	Updated README	2021-08-09 16:14:48 +02:00
Nex	3ae822d3ac	Updated README	2021-08-09 16:14:08 +02:00
Nex	7940fb2879	Updated README	2021-08-09 16:12:23 +02:00
Nex	af7bc3ca31	Updated README	2021-08-09 16:12:10 +02:00
Nex	d606f9570f	Updated README	2021-08-09 16:10:42 +02:00
Hamza Z	15c0d71933	Fix merge conflicts	2021-08-08 20:05:50 +02:00
Nex	24c89183a3	Bumped version	2021-08-06 18:44:16 +02:00
Nex	e5f7727c80	Fixed typo (closes: #157 )	2021-08-06 18:40:09 +02:00
Nex	7b00f03f03	Bumped version	2021-08-05 09:04:22 +02:00
Nex	9f696dcb72	Added version 14.7.1	2021-08-05 09:03:02 +02:00
Nex	ef139effdb	Merge branch 'dkg-clearer-error-reporting'	2021-08-05 08:56:52 +02:00
Nex	2302c9fb1c	Fixed language	2021-08-05 08:56:41 +02:00
Nex	9bb8ae5187	Merge branch 'clearer-error-reporting' of https://github.com/dkg/mvt into dkg-clearer-error-reporting	2021-08-05 08:54:29 +02:00
Nex	76e6138d77	Catching check if root exception more grafully (closes: #5 )	2021-08-05 08:49:34 +02:00
Nex	0bc660a2b3	Updated documentation (closes: #3 )	2021-08-04 19:14:06 +02:00
Nex	7ae9ecbf5a	Removed newline	2021-08-03 17:25:16 +02:00
Nex	1e8278aeec	Updated README	2021-08-03 15:51:58 +02:00
Nex	995ebc02cf	Fixing language	2021-08-03 10:28:28 +02:00
Nex	12e0f14400	Added note on running MVT on Windows	2021-08-03 10:24:38 +02:00
Nex	6ef5b9d311	Merge pull request #148 from dkg/quotes mvt-ios sqlite3 db recovery: fix quoting sent to sqlite3 .clone	2021-08-03 09:31:43 +02:00
Daniel Kahn Gillmor	33e90c1707	mvt-ios sqlite3 db recovery: fix quoting sent to sqlite3 .clone In `b2afce5c79`, the db filename is wrapped in double-quotes when passing it to the sqlite3 tool's `.clone` helper command. For parsing safety, we avoid performing this cleanup if the filename itself has a double-quote character in it. Otherwise, a malformed filename could lead to arbitrary injection into the sqlite3 command. In `be24680046`, the sqlite3 wrapping changes to single-quotes. Either the safety check should be amended to block pathnames with single-quotes, or the sqlite3 wrapping should revert to double-quotes. I opted for the latter here because i think single-quotes are more likely than double-quotes to show up in pathnames (e.g. a folder named "Daniel's files"), but either change would be fine, of course.	2021-08-02 11:26:00 -04:00
Daniel Kahn Gillmor	706c429595	mvt-ios decrypt-backup: Improve error messages for known cases The two most common reasons that `mvt-ios decrypt-backup` can fail are wrong passwords and not pointing to an actual backup. We can distinguish these cases based on the kinds of errors thrown from iOSbackup (at least for the current versions that i'm testing with). When we encounter those particular exceptions, just report a simple summary and don't overwhelm the user with a backtrace. If we encounter an unexpected exception, leave the reporting as-is. Closes: #28, #36	2021-08-02 11:07:31 -04:00
Nex	f011fd19e8	More explicit copyright and licensing notes	2021-08-01 21:11:08 +02:00
Nex	bc48dc2cf5	Fixed import order	2021-08-01 19:53:20 +02:00
Nex	f3c0948283	Fixing exception name in Manifest module	2021-08-01 19:50:25 +02:00
Nex	be24680046	Enforcing double quotes	2021-08-01 19:50:04 +02:00
Nex	a3d10c1824	Merge pull request #140 from dkg/avoid-shell-True Avoid breakage with paths with unusual names	2021-08-01 19:45:11 +02:00
Daniel Kahn Gillmor	b2afce5c79	Avoid breakage with paths with unusual names If file_path has any whitespace or shell metacharacters in it, then the invocation of subprocess.call would be likely to break (or even accidentally execute code, depending on how perverse the pathnames are). It's generally a good plan to avoid shell=True for subprocess.call where you can lay out the arguments deliberately in python. This one looks relatively straightforward (but note, i have not tested it, sorry!) Note that if a name has a `"` character in it, we still fail, out of safety reasons. in particular, we want to avoid command injection into the sqlite binary with particularly malicious names that look something like the following: ``` foo.db"; .shell touch should-not-exist; .nullvalue " ```	2021-08-01 11:35:38 -04:00
Nex	b2e210e91c	Removed unused import	2021-08-01 14:16:28 +02:00
Nex	6f83bf5ae1	Removed duplicates	2021-08-01 14:05:21 +02:00
Hamza Z	2389d5e52d	Add Android TCP connection support	2021-07-21 13:35:46 +02:00
Hamza Z	ccf0f3f18e	Add Android device serial specification	2021-07-21 13:17:58 +02:00