2022-06-15 15:41:19 +00:00
|
|
|
# Mobile Verification Toolkit (MVT)
|
2023-09-09 15:55:27 +00:00
|
|
|
# Copyright (c) 2021-2023 The MVT Authors.
|
2022-06-15 15:41:19 +00:00
|
|
|
# Use of this software is governed by the MVT License 1.1 that can be found at
|
|
|
|
# https://license.mvt.re/1.1/
|
|
|
|
|
|
|
|
import io
|
|
|
|
import logging
|
|
|
|
import os
|
|
|
|
import sys
|
|
|
|
import tarfile
|
|
|
|
from pathlib import Path
|
2023-03-01 21:43:08 +00:00
|
|
|
from typing import List, Optional
|
2022-06-15 15:41:19 +00:00
|
|
|
|
2023-03-01 21:43:08 +00:00
|
|
|
from mvt.android.modules.backup.base import BackupExtraction
|
2023-07-26 11:53:54 +00:00
|
|
|
from mvt.android.modules.backup.helpers import prompt_or_load_android_backup_password
|
2023-06-01 21:40:26 +00:00
|
|
|
from mvt.android.parsers.backup import (
|
|
|
|
AndroidBackupParsingError,
|
|
|
|
InvalidBackupPassword,
|
|
|
|
parse_ab_header,
|
|
|
|
parse_backup_file,
|
|
|
|
)
|
2022-06-15 15:41:19 +00:00
|
|
|
from mvt.common.command import Command
|
|
|
|
|
|
|
|
from .modules.backup import BACKUP_MODULES
|
|
|
|
|
|
|
|
log = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
|
|
|
class CmdAndroidCheckBackup(Command):
|
2022-08-16 11:39:55 +00:00
|
|
|
def __init__(
|
|
|
|
self,
|
2022-08-17 13:52:17 +00:00
|
|
|
target_path: Optional[str] = None,
|
|
|
|
results_path: Optional[str] = None,
|
2022-08-17 13:37:12 +00:00
|
|
|
ioc_files: Optional[list] = None,
|
2022-08-17 13:52:17 +00:00
|
|
|
module_name: Optional[str] = None,
|
|
|
|
serial: Optional[str] = None,
|
2023-07-17 16:29:43 +00:00
|
|
|
module_options: Optional[dict] = None,
|
2023-06-01 21:40:26 +00:00
|
|
|
hashes: bool = False,
|
2022-08-16 11:39:55 +00:00
|
|
|
) -> None:
|
2023-06-01 21:40:26 +00:00
|
|
|
super().__init__(
|
|
|
|
target_path=target_path,
|
|
|
|
results_path=results_path,
|
|
|
|
ioc_files=ioc_files,
|
|
|
|
module_name=module_name,
|
|
|
|
serial=serial,
|
2023-07-17 16:29:43 +00:00
|
|
|
module_options=module_options,
|
2023-06-01 21:40:26 +00:00
|
|
|
hashes=hashes,
|
|
|
|
log=log,
|
|
|
|
)
|
2022-06-15 15:41:19 +00:00
|
|
|
|
2022-08-12 14:20:16 +00:00
|
|
|
self.name = "check-backup"
|
|
|
|
self.modules = BACKUP_MODULES
|
|
|
|
|
2023-02-21 20:18:36 +00:00
|
|
|
self.backup_type: str = ""
|
|
|
|
self.backup_archive: Optional[tarfile.TarFile] = None
|
|
|
|
self.backup_files: List[str] = []
|
2022-06-15 15:41:19 +00:00
|
|
|
|
2022-07-06 16:38:16 +00:00
|
|
|
def init(self) -> None:
|
2023-02-21 20:18:36 +00:00
|
|
|
if not self.target_path:
|
|
|
|
return
|
|
|
|
|
2022-06-15 15:41:19 +00:00
|
|
|
if os.path.isfile(self.target_path):
|
|
|
|
self.backup_type = "ab"
|
|
|
|
with open(self.target_path, "rb") as handle:
|
|
|
|
data = handle.read()
|
|
|
|
|
|
|
|
header = parse_ab_header(data)
|
|
|
|
if not header["backup"]:
|
|
|
|
log.critical("Invalid backup format, file should be in .ab format")
|
|
|
|
sys.exit(1)
|
|
|
|
|
|
|
|
password = None
|
|
|
|
if header["encryption"] != "none":
|
2023-07-22 17:17:27 +00:00
|
|
|
password = prompt_or_load_android_backup_password(
|
|
|
|
log, self.module_options
|
|
|
|
)
|
|
|
|
if not password:
|
|
|
|
log.critical("No backup password provided.")
|
2023-07-22 18:16:23 +00:00
|
|
|
sys.exit(1)
|
2022-06-15 15:41:19 +00:00
|
|
|
try:
|
|
|
|
tardata = parse_backup_file(data, password=password)
|
|
|
|
except InvalidBackupPassword:
|
|
|
|
log.critical("Invalid backup password")
|
|
|
|
sys.exit(1)
|
2022-08-13 00:14:24 +00:00
|
|
|
except AndroidBackupParsingError as exc:
|
|
|
|
log.critical("Impossible to parse this backup file: %s", exc)
|
2022-06-15 15:41:19 +00:00
|
|
|
log.critical("Please use Android Backup Extractor (ABE) instead")
|
|
|
|
sys.exit(1)
|
|
|
|
|
|
|
|
dbytes = io.BytesIO(tardata)
|
|
|
|
self.backup_archive = tarfile.open(fileobj=dbytes)
|
|
|
|
for member in self.backup_archive:
|
|
|
|
self.backup_files.append(member.name)
|
|
|
|
|
|
|
|
elif os.path.isdir(self.target_path):
|
|
|
|
self.backup_type = "folder"
|
|
|
|
self.target_path = Path(self.target_path).absolute().as_posix()
|
|
|
|
for root, subdirs, subfiles in os.walk(os.path.abspath(self.target_path)):
|
|
|
|
for fname in subfiles:
|
2023-06-01 21:40:26 +00:00
|
|
|
self.backup_files.append(
|
|
|
|
os.path.relpath(os.path.join(root, fname), self.target_path)
|
|
|
|
)
|
2022-06-15 15:41:19 +00:00
|
|
|
else:
|
2023-06-01 21:40:26 +00:00
|
|
|
log.critical(
|
|
|
|
"Invalid backup path, path should be a folder or an "
|
|
|
|
"Android Backup (.ab) file"
|
|
|
|
)
|
2022-06-15 15:41:19 +00:00
|
|
|
sys.exit(1)
|
|
|
|
|
2023-02-21 20:18:36 +00:00
|
|
|
def module_init(self, module: BackupExtraction) -> None: # type: ignore[override]
|
2022-06-15 15:41:19 +00:00
|
|
|
if self.backup_type == "folder":
|
|
|
|
module.from_folder(self.target_path, self.backup_files)
|
|
|
|
else:
|
2023-06-01 21:40:26 +00:00
|
|
|
module.from_ab(self.target_path, self.backup_archive, self.backup_files)
|