2021-07-16 06:05:01 +00:00
# Mobile Verification Toolkit (MVT)
2022-01-30 19:15:01 +00:00
# Copyright (c) 2021-2022 The MVT Project Authors.
2021-08-01 19:11:08 +00:00
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
2021-07-16 06:05:01 +00:00
2021-07-30 09:40:09 +00:00
import os
2022-02-23 14:07:13 +00:00
import getpass
2021-07-16 06:05:01 +00:00
from mvt . common . module import MVTModule
2021-08-14 16:56:33 +00:00
from mvt . common . utils import check_for_links
2022-02-23 15:18:45 +00:00
from mvt . android . parsers . backup import parse_sms_file , parse_sms_backup , parse_ab_header , InvalidBackupPassword , AndroidBackupParsingError
2021-07-30 09:40:09 +00:00
2021-07-16 06:05:01 +00:00
class SMS ( MVTModule ) :
def __init__ ( self , file_path = None , base_folder = None , output_folder = None ,
fast_mode = False , log = None , results = [ ] ) :
super ( ) . __init__ ( file_path = file_path , base_folder = base_folder ,
output_folder = output_folder , fast_mode = fast_mode ,
log = log , results = results )
def check_indicators ( self ) :
if not self . indicators :
return
for message in self . results :
2021-11-19 14:27:51 +00:00
if " body " not in message :
2021-07-16 06:05:01 +00:00
continue
message_links = check_for_links ( message [ " body " ] )
if self . indicators . check_domains ( message_links ) :
self . detected . append ( message )
def _process_sms_file ( self , file_path ) :
self . log . info ( " Processing SMS backup file at %s " , file_path )
with open ( file_path , " rb " ) as handle :
2022-02-23 14:07:13 +00:00
data = handle . read ( )
2021-07-16 06:05:01 +00:00
2022-02-23 14:07:13 +00:00
self . results = parse_sms_file ( data )
2021-07-16 06:05:01 +00:00
def run ( self ) :
2022-02-23 14:07:13 +00:00
# FIXME: this should be done in the Module code if there are other modules on backups
if os . path . isfile ( self . base_folder ) :
# ab file
with open ( self . base_folder , " rb " ) as handle :
data = handle . read ( )
header = parse_ab_header ( data )
if not header [ " backup " ] :
self . log . info ( " Not a valid Android Backup file, quitting... " )
return
2022-02-23 15:18:45 +00:00
2022-02-23 14:07:13 +00:00
pwd = None
if header [ " encryption " ] != " none " :
pwd = getpass . getpass ( prompt = " Backup Password: " , stream = None )
try :
messages = parse_sms_backup ( data , password = pwd )
except InvalidBackupPassword :
self . log . info ( " Invalid password, impossible de decrypt the backup, quitting... " )
return
2022-02-23 15:18:45 +00:00
except AndroidBackupParsingError :
self . log . info ( " Impossible to extract data from this Android Backup, please regenerate the backup using the -nocompress option or extract it using Android Backup Extractor instead. " )
self . log . info ( " Quitting... " )
return
2022-02-23 14:07:13 +00:00
self . results = messages
else :
app_folder = os . path . join ( self . base_folder ,
" apps " ,
" com.android.providers.telephony " ,
" d_f " )
if not os . path . exists ( app_folder ) :
self . log . info ( " Unable to find the SMS backup folder " )
return
for file_name in os . listdir ( app_folder ) :
if not file_name . endswith ( " _sms_backup " ) :
continue
file_path = os . path . join ( app_folder , file_name )
self . _process_sms_file ( file_path )
2021-07-16 06:05:01 +00:00
self . log . info ( " Extracted a total of %d SMS messages containing links " ,
len ( self . results ) )