mirror of https://github.com/mvt-project/mvt.git
Adds support for MMS parsing in android backups
This commit is contained in:
parent
c4f91ba28b
commit
0622357a64
|
@ -34,5 +34,11 @@ class SMS(BackupExtraction):
|
|||
self.log.info("Processing SMS backup file at %s", file)
|
||||
data = self._get_file_content(file)
|
||||
self.results.extend(parse_sms_file(data))
|
||||
self.log.info("Extracted a total of %d SMS messages containing links",
|
||||
|
||||
for file in self._get_files_by_pattern("apps/com.android.providers.telephony/d_f/*_mms_backup"):
|
||||
self.log.info("Processing MMS backup file at %s", file)
|
||||
data = self._get_file_content(file)
|
||||
self.results.extend(parse_sms_file(data))
|
||||
|
||||
self.log.info("Extracted a total of %d SMS & MMS messages containing links",
|
||||
len(self.results))
|
||||
|
|
|
@ -174,7 +174,8 @@ def parse_tar_for_sms(data):
|
|||
tar = tarfile.open(fileobj=dbytes)
|
||||
res = []
|
||||
for member in tar.getmembers():
|
||||
if member.name.startswith("apps/com.android.providers.telephony/d_f/") and member.name.endswith("_sms_backup"):
|
||||
if member.name.startswith("apps/com.android.providers.telephony/d_f/") and \
|
||||
(member.name.endswith("_sms_backup") or member.name.endswith("_mms_backup")):
|
||||
dhandler = tar.extractfile(member)
|
||||
res.extend(parse_sms_file(dhandler.read()))
|
||||
|
||||
|
@ -183,15 +184,21 @@ def parse_tar_for_sms(data):
|
|||
|
||||
def parse_sms_file(data):
|
||||
"""
|
||||
Parse an SMS file extracted from a folder
|
||||
Returns a list of SMS entries
|
||||
Parse an SMS or MMS file extracted from a backup
|
||||
Returns a list of SMS or MMS entries
|
||||
"""
|
||||
res = []
|
||||
data = zlib.decompress(data)
|
||||
json_data = json.loads(data)
|
||||
|
||||
for entry in json_data:
|
||||
# Adapt MMS format to SMS format
|
||||
if "mms_body" in entry:
|
||||
entry["body"] = entry["mms_body"]
|
||||
entry.pop("mms_body")
|
||||
|
||||
message_links = check_for_links(entry["body"])
|
||||
|
||||
utc_timestamp = datetime.datetime.utcfromtimestamp(int(entry["date"]) / 1000)
|
||||
entry["isodate"] = convert_timestamp_to_iso(utc_timestamp)
|
||||
entry["direction"] = ("sent" if int(entry["date_sent"]) else "received")
|
||||
|
|
|
@ -26,7 +26,7 @@ class TestBackupModule:
|
|||
files.append(os.path.relpath(os.path.join(root, fname), backup_path))
|
||||
mod.from_folder(backup_path, files)
|
||||
run_module(mod)
|
||||
assert len(mod.results) == 1
|
||||
assert len(mod.results) == 2
|
||||
assert len(mod.results[0]["links"]) == 1
|
||||
assert mod.results[0]["links"][0] == "https://google.com/"
|
||||
|
||||
|
@ -43,7 +43,7 @@ class TestBackupModule:
|
|||
files.append(member.name)
|
||||
mod.from_ab(fpath, tar, files)
|
||||
run_module(mod)
|
||||
assert len(mod.results) == 1
|
||||
assert len(mod.results) == 2
|
||||
assert len(mod.results[0]["links"]) == 1
|
||||
|
||||
def test_module_file2(self):
|
||||
|
|
|
@ -20,12 +20,12 @@ class TestBackupParsing:
|
|||
|
||||
m = hashlib.sha256()
|
||||
m.update(ddata)
|
||||
assert m.hexdigest() == "0799b583788908f06bccb854608cede375041ee878722703a39182edeb008324"
|
||||
assert m.hexdigest() == "ce1ac5009fea5187a9f546b51e1446ba450243ae91d31dc779233ec0937b5d18"
|
||||
sms = parse_tar_for_sms(ddata)
|
||||
assert isinstance(sms, list)
|
||||
assert len(sms) == 1
|
||||
assert len(sms) == 2
|
||||
assert len(sms[0]["links"]) == 1
|
||||
assert sms[0]["links"][0] == "https://google.com/"
|
||||
assert sms[0]["links"][0] == "http://google.com"
|
||||
|
||||
def test_parsing_encryption(self):
|
||||
file = get_artifact("android_backup/backup2.ab")
|
||||
|
|
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue