Added module to extract information on device

2024-06-25 22:08:55 +00:00 · 2021-08-14 18:39:46 +02:00 · 2021-08-14 18:39:46 +02:00 · 30e00e0707
commit 30e00e0707
parent 88e2576334
2 changed files with 53 additions and 1 deletions
--- a/mvt/ios/modules/fs/init.py
+++ b/mvt/ios/modules/fs/init.py
@ -8,6 +8,7 @@ from .calls import Calls
 from .chrome_favicon import ChromeFavicon
 from .chrome_history import ChromeHistory
 from .contacts import Contacts
+from .device_info import DeviceInfo
 from .filesystem import Filesystem
 from .firefox_favicon import FirefoxFavicon
 from .firefox_history import FirefoxHistory
@ -33,7 +34,8 @@ from .whatsapp import Whatsapp
 BACKUP_MODULES = [SafariBrowserState, SafariHistory, Datausage, SMS, SMSAttachments,
                  ChromeHistory, ChromeFavicon, WebkitSessionResourceLog,
                  WebkitResourceLoadStatistics, Calls, IDStatusCache, LocationdClients,
-                  InteractionC, FirefoxHistory, FirefoxFavicon, Contacts, Manifest, Whatsapp]
+                  InteractionC, FirefoxHistory, FirefoxFavicon, Contacts, Manifest, Whatsapp,
+                  DeviceInfo]

 FS_MODULES = [IOSVersionHistory, SafariHistory, SafariFavicon, SafariBrowserState,
              WebkitIndexedDB, WebkitLocalStorage, WebkitSafariViewService,
--- a/mvt/ios/modules/fs/device_info.py
+++ b/mvt/ios/modules/fs/device_info.py
@ -0,0 +1,50 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+import os
+import plistlib
+
+from mvt.common.module import DatabaseNotFoundError
+
+from .base import IOSExtraction
+
+
+class DeviceInfo(IOSExtraction):
+    """This module extracts information about the device."""
+
+    def __init__(self, file_path=None, base_folder=None, output_folder=None,
+                 fast_mode=False, log=None, results=[]):
+        super().__init__(file_path=file_path, base_folder=base_folder,
+                         output_folder=output_folder, fast_mode=fast_mode,
+                         log=log, results=results)
+
+        self.results = {}
+
+    def _get_info_from_backup(self):
+        info_path = os.path.join(self.base_folder, "Info.plist")
+        if not os.path.exists(info_path):
+            raise DatabaseNotFoundError("No Info.plist at backup path, unable to extract device information")
+
+        with open(info_path, "rb") as handle:
+            info = plistlib.load(handle)
+
+        fields = ["Build Version", "Device Name", "Display Name", "GUID",
+                  "GUID", "ICCID", "IMEI", "MEID", "Installed Applications",
+                  "Last Backup Data", "Phone Number", "Product Name",
+                  "Product Type", "Product Version", "Serial Number",
+                  "Target Identifier", "Target Type", "Unique Identifier",
+                  "iTunes Version"]
+
+        for field in fields:
+            value = info.get(field, None)
+            self.log.info("%s: %s", field, value)
+            self.results[field] = value
+
+    def run(self):
+        if self.is_backup:
+            self._get_info_from_backup()
+        elif self.is_fs_dump:
+            # TODO: Implement extraction of same details from a FS dump.
+            pass