Bug fixes for config profile and shortcut module

2021-12-16 22:58:36 +01:00 · 2021-12-16 22:58:36 +01:00 · 3215e797ec
parent e65a598903
commit 3215e797ec
2 changed files with 11 additions and 1 deletions
--- a/mvt/ios/modules/backup/configuration_profiles.py
+++ b/mvt/ios/modules/backup/configuration_profiles.py
@ -4,6 +4,7 @@
 # Use of this software is governed by the MVT License 1.1 that can be found at
 #   https://license.mvt.re/1.1/

+import os
 import plistlib
 from base64 import b64encode
 from mvt.common.utils import convert_timestamp_to_iso
@ -25,11 +26,14 @@ class ConfigurationProfiles(IOSExtraction):
    def serialize(self, record):
        if not record["install_date"]:
            return
+
+        payload_name = record['plist'].get('PayloadDisplayName')
+        payload_description = record['plist'].get('PayloadDescription')
        return {
            "timestamp": record["install_date"],
            "module": self.__class__.__name__,
            "event": "configuration_profile_install",
-            "data": f"{record['plist']['PayloadType']} installed: {record['plist']['PayloadUUID']} - {record['plist']['PayloadDisplayName']}: {record['plist']['PayloadDescription']}"
+            "data": f"{record['plist']['PayloadType']} installed: {record['plist']['PayloadUUID']} - {payload_name}: {payload_description}"
        }

    def check_indicators(self):
@ -54,6 +58,11 @@ class ConfigurationProfiles(IOSExtraction):

    def run(self):
        for conf_file in self._get_backup_files_from_manifest(domain=CONF_PROFILES_DOMAIN):
+            conf_rel_path = conf_file["relative_path"]
+            # Filter out all configuration files that are not configuration profiles.
+            if not conf_rel_path or not os.path.basename(conf_rel_path).startswith("profile-"):
+                continue
+
            conf_file_path = self._get_backup_file_from_id(conf_file["file_id"])
            if not conf_file_path:
                continue
--- a/mvt/ios/modules/mixed/shortcuts.py
+++ b/mvt/ios/modules/mixed/shortcuts.py
@ -55,6 +55,7 @@ class Shortcuts(IOSExtraction):
        self.log.info("Found Shortcuts database at path: %s", self.file_path)

        conn = sqlite3.connect(self.file_path)
+        conn.text_factory = bytes
        cur = conn.cursor()
        cur.execute("""
              SELECT