From 30e00e0707fd69f505356de4b9af5f012da750d1 Mon Sep 17 00:00:00 2001
From: Nex <nex@nex.sx>
Date: Sat, 14 Aug 2021 18:39:46 +0200
Subject: [PATCH] Added module to extract information on device

---
 mvt/ios/modules/fs/__init__.py    |  4 ++-
 mvt/ios/modules/fs/device_info.py | 50 +++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 mvt/ios/modules/fs/device_info.py

diff --git a/mvt/ios/modules/fs/__init__.py b/mvt/ios/modules/fs/__init__.py
index 7fec68e..b5b74da 100644
--- a/mvt/ios/modules/fs/__init__.py
+++ b/mvt/ios/modules/fs/__init__.py
@@ -8,6 +8,7 @@ from .calls import Calls
 from .chrome_favicon import ChromeFavicon
 from .chrome_history import ChromeHistory
 from .contacts import Contacts
+from .device_info import DeviceInfo
 from .filesystem import Filesystem
 from .firefox_favicon import FirefoxFavicon
 from .firefox_history import FirefoxHistory
@@ -33,7 +34,8 @@ from .whatsapp import Whatsapp
 BACKUP_MODULES = [SafariBrowserState, SafariHistory, Datausage, SMS, SMSAttachments,
                   ChromeHistory, ChromeFavicon, WebkitSessionResourceLog,
                   WebkitResourceLoadStatistics, Calls, IDStatusCache, LocationdClients,
-                  InteractionC, FirefoxHistory, FirefoxFavicon, Contacts, Manifest, Whatsapp]
+                  InteractionC, FirefoxHistory, FirefoxFavicon, Contacts, Manifest, Whatsapp,
+                  DeviceInfo]
 
 FS_MODULES = [IOSVersionHistory, SafariHistory, SafariFavicon, SafariBrowserState,
               WebkitIndexedDB, WebkitLocalStorage, WebkitSafariViewService,
diff --git a/mvt/ios/modules/fs/device_info.py b/mvt/ios/modules/fs/device_info.py
new file mode 100644
index 0000000..583839b
--- /dev/null
+++ b/mvt/ios/modules/fs/device_info.py
@@ -0,0 +1,50 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+import os
+import plistlib
+
+from mvt.common.module import DatabaseNotFoundError
+
+from .base import IOSExtraction
+
+
+class DeviceInfo(IOSExtraction):
+    """This module extracts information about the device."""
+
+    def __init__(self, file_path=None, base_folder=None, output_folder=None,
+                 fast_mode=False, log=None, results=[]):
+        super().__init__(file_path=file_path, base_folder=base_folder,
+                         output_folder=output_folder, fast_mode=fast_mode,
+                         log=log, results=results)
+
+        self.results = {}
+
+    def _get_info_from_backup(self):
+        info_path = os.path.join(self.base_folder, "Info.plist")
+        if not os.path.exists(info_path):
+            raise DatabaseNotFoundError("No Info.plist at backup path, unable to extract device information")
+
+        with open(info_path, "rb") as handle:
+            info = plistlib.load(handle)
+
+        fields = ["Build Version", "Device Name", "Display Name", "GUID",
+                  "GUID", "ICCID", "IMEI", "MEID", "Installed Applications",
+                  "Last Backup Data", "Phone Number", "Product Name",
+                  "Product Type", "Product Version", "Serial Number",
+                  "Target Identifier", "Target Type", "Unique Identifier",
+                  "iTunes Version"]
+
+        for field in fields:
+            value = info.get(field, None)
+            self.log.info("%s: %s", field, value)
+            self.results[field] = value
+
+    def run(self):
+        if self.is_backup:
+            self._get_info_from_backup()
+        elif self.is_fs_dump:
+            # TODO: Implement extraction of same details from a FS dump.
+            pass