Bumped version

Search for entries in ZPROCESS but not in ZLIVEUSAGE

README.md

@@ -15,15 +15,15 @@ It has been developed and released by the [Amnesty International Security Lab](h
 
 ## Installation
 
-MVT can be installed from sources or from [PyPi](https://pypi.org/project/mvt/) (you will need some dependencies, check the [documentation](https://docs.mvt.re/en/latest/install.html)):
+MVT can be installed from sources or from [PyPi](https://pypi.org/project/mvt/) (you will need some dependencies, check the [documentation](https://docs.mvt.re/en/latest/install/)):
 
 ```
 pip3 install mvt
 ```
 
-Alternatively, you can decide to run MVT and all relevant tools through a [Docker container](https://docs.mvt.re/en/latest/docker.html).
+Alternatively, you can decide to run MVT and all relevant tools through a [Docker container](https://docs.mvt.re/en/latest/docker/).
 
-**Please note:** MVT is best run on Linux or Mac systems. [It does not currently support running natively on Windows.](https://docs.mvt.re/en/latest/install.html#mvt-on-windows)
+**Please note:** MVT is best run on Linux or Mac systems. [It does not currently support running natively on Windows.](https://docs.mvt.re/en/latest/install/#mvt-on-windows)
 
 ## Usage
 
@@ -31,4 +31,4 @@ MVT provides two commands `mvt-ios` and `mvt-android`. [Check out the documentat
 
 ## License
 
-The purpose of MVT is to facilitate the ***consensual forensic analysis*** of devices of those who might be targets of sophisticated mobile spyware attacks, especially members of civil society and marginalized communities. We do not want MVT to enable privacy violations of non-consenting individuals.  In order to achieve this, MVT is released under its own license. [Read more here.](https://docs.mvt.re/en/latest/license.html)
+The purpose of MVT is to facilitate the ***consensual forensic analysis*** of devices of those who might be targets of sophisticated mobile spyware attacks, especially members of civil society and marginalized communities. We do not want MVT to enable privacy violations of non-consenting individuals.  In order to achieve this, MVT is released under its own license. [Read more here.](https://docs.mvt.re/en/latest/license/)

docs/requirements.txt

@@ -1,4 +1,4 @@
-mkdocs==1.2.1
+mkdocs==1.2.3
 mkdocs-autorefs
 mkdocs-material
 mkdocs-material-extensions

mvt/common/version.py

@@ -6,7 +6,7 @@
 import requests
 from packaging import version
 
-MVT_VERSION = "1.2.13"
+MVT_VERSION = "1.2.14"
 
 def check_for_updates():
     res = requests.get("https://pypi.org/pypi/mvt/json")

mvt/ios/modules/net_base.py

@@ -39,7 +39,9 @@ class NetBase(IOSExtraction):
                 ZLIVEUSAGE.ZHASPROCESS,
                 ZLIVEUSAGE.ZTIMESTAMP
             FROM ZLIVEUSAGE
-            LEFT JOIN ZPROCESS ON ZLIVEUSAGE.ZHASPROCESS = ZPROCESS.Z_PK;
+            LEFT JOIN ZPROCESS ON ZLIVEUSAGE.ZHASPROCESS = ZPROCESS.Z_PK
+            UNION
+            SELECT ZFIRSTTIMESTAMP, ZTIMESTAMP, ZPROCNAME, ZBUNDLENAME, Z_PK, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM ZPROCESS WHERE Z_PK NOT IN (SELECT ZHASPROCESS FROM ZLIVEUSAGE);
         """)
 
         for row in cur:
@@ -68,7 +70,7 @@ class NetBase(IOSExtraction):
                 "wwan_out": row[8],
                 "live_id": row[9],
                 "live_proc_id": row[10],
-                "live_isodate": live_timestamp,
+                "live_isodate": live_timestamp if row[10] else first_isodate,
             })
 
         cur.close()
@@ -89,7 +91,7 @@ class NetBase(IOSExtraction):
         }]
 
         # Only included first_usage and current_usage records when a ZPROCESS entry exists.
-        if "MANIPULATED" not in record["proc_name"] and "MISSING" not in record["proc_name"]:
+        if "MANIPULATED" not in record["proc_name"] and "MISSING" not in record["proc_name"] and record["live_proc_id"] is not None:
             records.extend([
                 {
                     "timestamp": record["first_isodate"],
@@ -151,6 +153,8 @@ class NetBase(IOSExtraction):
                         msg = msg + " (However, the process name might have been truncated in the database)"
 
                     self.log.warning(msg)
+            if not proc["live_proc_id"]:
+                self.log.info(f"Found process entry in ZPROCESS but not in ZLIVEUSAGE : {proc['proc_name']} at {proc['live_isodate']}")
 
     def check_manipulated(self):
         """Check for missing or manipulate DB entries"""

mvt/ios/versions.py

@@ -38,6 +38,10 @@ IPHONE_MODELS = [
     {"identifier": "iPhone13,2", "description": "iPhone 12"},
     {"identifier": "iPhone13,3", "description": "iPhone 12 Pro"},
     {"identifier": "iPhone13,4", "description": "iPhone 12 Pro Max"},
+    {"identifier": "iPhone14,4", "description": "iPhone 13 Mini"},
+    {"identifier": "iPhone14,5", "description": "iPhone 13"},
+    {"identifier": "iPhone14,2", "description": "iPhone 13 Pro"},
+    {"identifier": "iPhone14,3", "description": "iPhone 13 Pro Max"},
 ]
 
 IPHONE_IOS_VERSIONS = [
@@ -225,7 +229,8 @@ IPHONE_IOS_VERSIONS = [
     {"build": "18H17", "version": "14.8"},
     {"build": "19A346", "version": "15.0"},
     {"build": "19A348", "version": "15.0.1"},
-    {"build": "19A404", "version": "15.0.2"}
+    {"build": "19A404", "version": "15.0.2"},
+    {"build": "19B74", "version": "15.1"},
 ]
 
 def get_device_desc_from_id(identifier, devices_list=IPHONE_MODELS):