mvt/mvt/android/modules/backup/sms.py

# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021-2022 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
#   https://license.mvt.re/1.1/

import os
import getpass

from mvt.common.module import MVTModule
from mvt.common.utils import check_for_links
from mvt.android.parsers.backup import parse_sms_file, parse_sms_backup, parse_ab_header, InvalidBackupPassword, AndroidBackupParsingError


class SMS(MVTModule):
    def __init__(self, file_path=None, base_folder=None, output_folder=None,
                 fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)

    def check_indicators(self):
        if not self.indicators:
            return

        for message in self.results:
            if "body" not in message:
                continue

            message_links = check_for_links(message["body"])
            if self.indicators.check_domains(message_links):
                self.detected.append(message)

    def _process_sms_file(self, file_path):
        self.log.info("Processing SMS backup file at %s", file_path)

        with open(file_path, "rb") as handle:
            data = handle.read()

        self.results = parse_sms_file(data)

    def run(self):
        # FIXME: this should be done in the Module code if there are other modules on backups
        if os.path.isfile(self.base_folder):
            # ab file
            with open(self.base_folder, "rb") as handle:
                data = handle.read()
            header = parse_ab_header(data)
            if not header["backup"]:
                self.log.info("Not a valid Android Backup file, quitting...")
                return

            pwd = None
            if header["encryption"] != "none":
                pwd = getpass.getpass(prompt="Backup Password: ", stream=None)

            try:
                messages = parse_sms_backup(data, password=pwd)
            except InvalidBackupPassword:
                self.log.info("Invalid password, impossible de decrypt the backup, quitting...")
                return
            except AndroidBackupParsingError:
                self.log.info("Impossible to extract data from this Android Backup, please regenerate the backup using the -nocompress option or extract it using Android Backup Extractor instead.")
                self.log.info("Quitting...")
                return

            self.results = messages
        else:
            app_folder = os.path.join(self.base_folder,
                                      "apps",
                                      "com.android.providers.telephony",
                                      "d_f")
            if not os.path.exists(app_folder):
                self.log.info("Unable to find the SMS backup folder")
                return

            for file_name in os.listdir(app_folder):
                if not file_name.endswith("_sms_backup"):
                    continue

                file_path = os.path.join(app_folder, file_name)
                self._process_sms_file(file_path)

        self.log.info("Extracted a total of %d SMS messages containing links",
                      len(self.results))
-												First commit

											
										
										
											2021-07-16 06:05:01 +00:00
+								# Mobile Verification Toolkit (MVT)
-												Updated copyright notice

											
										
										
											2022-01-30 19:15:01 +00:00
+								# Copyright (c) 2021-2022 The MVT Project Authors.
-												More explicit copyright and licensing notes

											
										
										
											2021-08-01 19:11:08 +00:00
+								# Use of this software is governed by the MVT License 1.1 that can be found at
 								#   https://license.mvt.re/1.1/
-												First commit

											
										
										
											2021-07-16 06:05:01 +00:00
-												Sorted imports

											
										
										
											2021-07-30 09:40:09 +00:00
+								import os
-												Improves android backup parsing for check-backup and check-adb

											
										
										
											2022-02-23 14:07:13 +00:00
+								import getpass
-												First commit

											
										
										
											2021-07-16 06:05:01 +00:00
 								from mvt.common.module import MVTModule
-												Fixed unused imports

											
										
										
											2021-08-14 16:56:33 +00:00
+								from mvt.common.utils import check_for_links
-												Adds partial compression support in Android Backup parsing

											
										
										
											2022-02-23 15:18:45 +00:00
+								from mvt.android.parsers.backup import parse_sms_file, parse_sms_backup, parse_ab_header, InvalidBackupPassword, AndroidBackupParsingError
-												Sorted imports

											
										
										
											2021-07-30 09:40:09 +00:00
-												First commit

											
										
										
											2021-07-16 06:05:01 +00:00
 								class SMS(MVTModule):
 								    def __init__(self, file_path=None, base_folder=None, output_folder=None,
 								                 fast_mode=False, log=None, results=[]):
 								        super().__init__(file_path=file_path, base_folder=base_folder,
 								                         output_folder=output_folder, fast_mode=fast_mode,
 								                         log=log, results=results)
 								    def check_indicators(self):
 								        if not self.indicators:
 								            return
 								        for message in self.results:
-												Standardized code with flake8

											
										
										
											2021-11-19 14:27:51 +00:00
+								            if "body" not in message:
-												First commit

											
										
										
											2021-07-16 06:05:01 +00:00
+								                continue
 								            message_links = check_for_links(message["body"])
 								            if self.indicators.check_domains(message_links):
 								                self.detected.append(message)
 								    def _process_sms_file(self, file_path):
 								        self.log.info("Processing SMS backup file at %s", file_path)
 								        with open(file_path, "rb") as handle:
-												Improves android backup parsing for check-backup and check-adb

											
										
										
											2022-02-23 14:07:13 +00:00
+								            data = handle.read()
-												First commit

											
										
										
											2021-07-16 06:05:01 +00:00
-												Improves android backup parsing for check-backup and check-adb

											
										
										
											2022-02-23 14:07:13 +00:00
+								        self.results = parse_sms_file(data)
-												First commit

											
										
										
											2021-07-16 06:05:01 +00:00
 								    def run(self):
-												Improves android backup parsing for check-backup and check-adb

											
										
										
											2022-02-23 14:07:13 +00:00
+								        # FIXME: this should be done in the Module code if there are other modules on backups
 								        if os.path.isfile(self.base_folder):
 								            # ab file
 								            with open(self.base_folder, "rb") as handle:
 								                data = handle.read()
 								            header = parse_ab_header(data)
 								            if not header["backup"]:
 								                self.log.info("Not a valid Android Backup file, quitting...")
 								                return
-												Adds partial compression support in Android Backup parsing

											
										
										
											2022-02-23 15:18:45 +00:00
-												Improves android backup parsing for check-backup and check-adb

											
										
										
											2022-02-23 14:07:13 +00:00
+								            pwd = None
 								            if header["encryption"] != "none":
 								                pwd = getpass.getpass(prompt="Backup Password: ", stream=None)
 								            try:
 								                messages = parse_sms_backup(data, password=pwd)
 								            except InvalidBackupPassword:
 								                self.log.info("Invalid password, impossible de decrypt the backup, quitting...")
 								                return
-												Adds partial compression support in Android Backup parsing

											
										
										
											2022-02-23 15:18:45 +00:00
+								            except AndroidBackupParsingError:
 								                self.log.info("Impossible to extract data from this Android Backup, please regenerate the backup using the -nocompress option or extract it using Android Backup Extractor instead.")
 								                self.log.info("Quitting...")
 								                return
-												Improves android backup parsing for check-backup and check-adb

											
										
										
											2022-02-23 14:07:13 +00:00
+								            self.results = messages
 								        else:
 								            app_folder = os.path.join(self.base_folder,
 								                                      "apps",
 								                                      "com.android.providers.telephony",
 								                                      "d_f")
 								            if not os.path.exists(app_folder):
 								                self.log.info("Unable to find the SMS backup folder")
 								                return
 								            for file_name in os.listdir(app_folder):
 								                if not file_name.endswith("_sms_backup"):
 								                    continue
 								                file_path = os.path.join(app_folder, file_name)
 								                self._process_sms_file(file_path)
-												First commit

											
										
										
											2021-07-16 06:05:01 +00:00
 								        self.log.info("Extracted a total of %d SMS messages containing links",
 								                      len(self.results))