mirror of
https://github.com/mvt-project/mvt.git
synced 2024-06-01 18:55:31 +00:00
Added check for indicators to dumpsys modules
This commit is contained in:
parent
883fbaeb88
commit
5e7c5727af
|
@ -20,6 +20,14 @@ class DumpsysAccessibility(AndroidExtraction):
|
||||||
output_folder=output_folder, fast_mode=fast_mode,
|
output_folder=output_folder, fast_mode=fast_mode,
|
||||||
log=log, results=results)
|
log=log, results=results)
|
||||||
|
|
||||||
|
def check_indicators(self):
|
||||||
|
for result in self.results:
|
||||||
|
ioc = self.indicators.check_app_id(result["package"])
|
||||||
|
if ioc:
|
||||||
|
result["matched_indicators"] = ioc
|
||||||
|
self.detected.append(result)
|
||||||
|
continue
|
||||||
|
|
||||||
def run(self):
|
def run(self):
|
||||||
self._adb_connect()
|
self._adb_connect()
|
||||||
|
|
||||||
|
@ -40,7 +48,10 @@ class DumpsysAccessibility(AndroidExtraction):
|
||||||
service = line.split(":")[1].strip()
|
service = line.split(":")[1].strip()
|
||||||
log.info("Found installed accessibility service \"%s\"", service)
|
log.info("Found installed accessibility service \"%s\"", service)
|
||||||
|
|
||||||
self.results.append(service)
|
self.results.append({
|
||||||
|
"package": service.split("/")[0],
|
||||||
|
"service": service,
|
||||||
|
})
|
||||||
|
|
||||||
log.info("Identified a total of %d accessibility services", len(self.results))
|
log.info("Identified a total of %d accessibility services", len(self.results))
|
||||||
|
|
||||||
|
|
|
@ -21,6 +21,15 @@ class DumpsysActivities(AndroidExtraction):
|
||||||
|
|
||||||
self.results = results if results else {}
|
self.results = results if results else {}
|
||||||
|
|
||||||
|
def check_indicators(self):
|
||||||
|
for intent, activities in self.results.items():
|
||||||
|
for activity in activities:
|
||||||
|
ioc = self.indicators.check_app_id(activity["package"])
|
||||||
|
if ioc:
|
||||||
|
activity["matched_indicators"] = ioc
|
||||||
|
self.detected.append({intent: activity})
|
||||||
|
continue
|
||||||
|
|
||||||
def parse_activity_resolver_table(self, data):
|
def parse_activity_resolver_table(self, data):
|
||||||
"""Parse output of dumpsys package.
|
"""Parse output of dumpsys package.
|
||||||
|
|
||||||
|
@ -72,10 +81,10 @@ class DumpsysActivities(AndroidExtraction):
|
||||||
# If we got this far, we are processing receivers for the
|
# If we got this far, we are processing receivers for the
|
||||||
# activities we are interested in.
|
# activities we are interested in.
|
||||||
activity = line.strip().split(" ")[1]
|
activity = line.strip().split(" ")[1]
|
||||||
package_name = activity.split("/")[0]
|
package = activity.split("/")[0]
|
||||||
|
|
||||||
self.results[intent].append({
|
self.results[intent].append({
|
||||||
"package_name": package_name,
|
"package": package,
|
||||||
"activity": activity,
|
"activity": activity,
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
@ -46,6 +46,12 @@ class DumpsysReceivers(AndroidExtraction):
|
||||||
self.log.info("Found a receiver monitoring outgoing calls: \"%s\"",
|
self.log.info("Found a receiver monitoring outgoing calls: \"%s\"",
|
||||||
receiver["receiver"])
|
receiver["receiver"])
|
||||||
|
|
||||||
|
ioc = self.indicators.check_app_id(receiver["package"])
|
||||||
|
if ioc:
|
||||||
|
receiver["matched_indicators"] = ioc
|
||||||
|
self.detected.append({intent: receiver})
|
||||||
|
continue
|
||||||
|
|
||||||
def parse_receiver_resolver_table(self, data):
|
def parse_receiver_resolver_table(self, data):
|
||||||
"""Parse output of dumpsys package.
|
"""Parse output of dumpsys package.
|
||||||
|
|
||||||
|
@ -96,10 +102,10 @@ class DumpsysReceivers(AndroidExtraction):
|
||||||
# If we got this far, we are processing receivers for the
|
# If we got this far, we are processing receivers for the
|
||||||
# activities we are interested in.
|
# activities we are interested in.
|
||||||
receiver = line.strip().split(" ")[1]
|
receiver = line.strip().split(" ")[1]
|
||||||
package_name = receiver.split("/")[0]
|
package = receiver.split("/")[0]
|
||||||
|
|
||||||
self.results[intent].append({
|
self.results[intent].append({
|
||||||
"package_name": package_name,
|
"package": package,
|
||||||
"receiver": receiver,
|
"receiver": receiver,
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user