mirror of https://github.com/mvt-project/mvt.git
Adds support for MMS parsing in android backups
This commit is contained in:
parent
c4f91ba28b
commit
0622357a64
|
@ -34,5 +34,11 @@ class SMS(BackupExtraction):
|
||||||
self.log.info("Processing SMS backup file at %s", file)
|
self.log.info("Processing SMS backup file at %s", file)
|
||||||
data = self._get_file_content(file)
|
data = self._get_file_content(file)
|
||||||
self.results.extend(parse_sms_file(data))
|
self.results.extend(parse_sms_file(data))
|
||||||
self.log.info("Extracted a total of %d SMS messages containing links",
|
|
||||||
|
for file in self._get_files_by_pattern("apps/com.android.providers.telephony/d_f/*_mms_backup"):
|
||||||
|
self.log.info("Processing MMS backup file at %s", file)
|
||||||
|
data = self._get_file_content(file)
|
||||||
|
self.results.extend(parse_sms_file(data))
|
||||||
|
|
||||||
|
self.log.info("Extracted a total of %d SMS & MMS messages containing links",
|
||||||
len(self.results))
|
len(self.results))
|
||||||
|
|
|
@ -174,7 +174,8 @@ def parse_tar_for_sms(data):
|
||||||
tar = tarfile.open(fileobj=dbytes)
|
tar = tarfile.open(fileobj=dbytes)
|
||||||
res = []
|
res = []
|
||||||
for member in tar.getmembers():
|
for member in tar.getmembers():
|
||||||
if member.name.startswith("apps/com.android.providers.telephony/d_f/") and member.name.endswith("_sms_backup"):
|
if member.name.startswith("apps/com.android.providers.telephony/d_f/") and \
|
||||||
|
(member.name.endswith("_sms_backup") or member.name.endswith("_mms_backup")):
|
||||||
dhandler = tar.extractfile(member)
|
dhandler = tar.extractfile(member)
|
||||||
res.extend(parse_sms_file(dhandler.read()))
|
res.extend(parse_sms_file(dhandler.read()))
|
||||||
|
|
||||||
|
@ -183,15 +184,21 @@ def parse_tar_for_sms(data):
|
||||||
|
|
||||||
def parse_sms_file(data):
|
def parse_sms_file(data):
|
||||||
"""
|
"""
|
||||||
Parse an SMS file extracted from a folder
|
Parse an SMS or MMS file extracted from a backup
|
||||||
Returns a list of SMS entries
|
Returns a list of SMS or MMS entries
|
||||||
"""
|
"""
|
||||||
res = []
|
res = []
|
||||||
data = zlib.decompress(data)
|
data = zlib.decompress(data)
|
||||||
json_data = json.loads(data)
|
json_data = json.loads(data)
|
||||||
|
|
||||||
for entry in json_data:
|
for entry in json_data:
|
||||||
|
# Adapt MMS format to SMS format
|
||||||
|
if "mms_body" in entry:
|
||||||
|
entry["body"] = entry["mms_body"]
|
||||||
|
entry.pop("mms_body")
|
||||||
|
|
||||||
message_links = check_for_links(entry["body"])
|
message_links = check_for_links(entry["body"])
|
||||||
|
|
||||||
utc_timestamp = datetime.datetime.utcfromtimestamp(int(entry["date"]) / 1000)
|
utc_timestamp = datetime.datetime.utcfromtimestamp(int(entry["date"]) / 1000)
|
||||||
entry["isodate"] = convert_timestamp_to_iso(utc_timestamp)
|
entry["isodate"] = convert_timestamp_to_iso(utc_timestamp)
|
||||||
entry["direction"] = ("sent" if int(entry["date_sent"]) else "received")
|
entry["direction"] = ("sent" if int(entry["date_sent"]) else "received")
|
||||||
|
|
|
@ -26,7 +26,7 @@ class TestBackupModule:
|
||||||
files.append(os.path.relpath(os.path.join(root, fname), backup_path))
|
files.append(os.path.relpath(os.path.join(root, fname), backup_path))
|
||||||
mod.from_folder(backup_path, files)
|
mod.from_folder(backup_path, files)
|
||||||
run_module(mod)
|
run_module(mod)
|
||||||
assert len(mod.results) == 1
|
assert len(mod.results) == 2
|
||||||
assert len(mod.results[0]["links"]) == 1
|
assert len(mod.results[0]["links"]) == 1
|
||||||
assert mod.results[0]["links"][0] == "https://google.com/"
|
assert mod.results[0]["links"][0] == "https://google.com/"
|
||||||
|
|
||||||
|
@ -43,7 +43,7 @@ class TestBackupModule:
|
||||||
files.append(member.name)
|
files.append(member.name)
|
||||||
mod.from_ab(fpath, tar, files)
|
mod.from_ab(fpath, tar, files)
|
||||||
run_module(mod)
|
run_module(mod)
|
||||||
assert len(mod.results) == 1
|
assert len(mod.results) == 2
|
||||||
assert len(mod.results[0]["links"]) == 1
|
assert len(mod.results[0]["links"]) == 1
|
||||||
|
|
||||||
def test_module_file2(self):
|
def test_module_file2(self):
|
||||||
|
|
|
@ -20,12 +20,12 @@ class TestBackupParsing:
|
||||||
|
|
||||||
m = hashlib.sha256()
|
m = hashlib.sha256()
|
||||||
m.update(ddata)
|
m.update(ddata)
|
||||||
assert m.hexdigest() == "0799b583788908f06bccb854608cede375041ee878722703a39182edeb008324"
|
assert m.hexdigest() == "ce1ac5009fea5187a9f546b51e1446ba450243ae91d31dc779233ec0937b5d18"
|
||||||
sms = parse_tar_for_sms(ddata)
|
sms = parse_tar_for_sms(ddata)
|
||||||
assert isinstance(sms, list)
|
assert isinstance(sms, list)
|
||||||
assert len(sms) == 1
|
assert len(sms) == 2
|
||||||
assert len(sms[0]["links"]) == 1
|
assert len(sms[0]["links"]) == 1
|
||||||
assert sms[0]["links"][0] == "https://google.com/"
|
assert sms[0]["links"][0] == "http://google.com"
|
||||||
|
|
||||||
def test_parsing_encryption(self):
|
def test_parsing_encryption(self):
|
||||||
file = get_artifact("android_backup/backup2.ab")
|
file = get_artifact("android_backup/backup2.ab")
|
||||||
|
|
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue