From 7046ff80d1d4246921301b1e725b8bb39fe983eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Donncha=20=C3=93=20Cearbhaill?=
 <donncha.ocearbhaill@amnesty.org>
Date: Thu, 29 Jun 2023 18:55:39 +0200
Subject: [PATCH] Add SMS read time in the MVT logs

---
 mvt/ios/modules/mixed/sms.py | 23 ++++++++++++++++-------
 tests/ios_backup/test_sms.py |  2 +-
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/mvt/ios/modules/mixed/sms.py b/mvt/ios/modules/mixed/sms.py
index 78be325..1006cac 100644
--- a/mvt/ios/modules/mixed/sms.py
+++ b/mvt/ios/modules/mixed/sms.py
@@ -43,13 +43,21 @@ class SMS(IOSExtraction):
 
     def serialize(self, record: dict) -> Union[dict, list]:
         text = record["text"].replace("\n", "\\n")
-        return {
-            "timestamp": record["isodate"],
-            "module": self.__class__.__name__,
-            "event": "sms_received",
-            "data": f"{record['service']}: {record['guid']} \"{text}\" "
-            f"from {record['phone_number']} ({record['account']})",
-        }
+        sms_data = f"{record['service']}: {record['guid']} \"{text}\" from {record['phone_number']} ({record['account']})"
+        return [
+            {
+                "timestamp": record["isodate"],
+                "module": self.__class__.__name__,
+                "event": "sms_received",
+                "data": sms_data,
+            },
+            {
+                "timestamp": record["isodate_read"],
+                "module": self.__class__.__name__,
+                "event": "sms_read",
+                "data": sms_data,
+            },
+        ]
 
     def check_indicators(self) -> None:
         if not self.indicators:
@@ -120,6 +128,7 @@ class SMS(IOSExtraction):
 
             # We convert Mac's ridiculous timestamp format.
             message["isodate"] = convert_mactime_to_iso(message["date"])
+            message["isodate_read"] = convert_mactime_to_iso(message["date_read"])
             message["direction"] = (
                 "sent" if message.get("is_from_me", 0) == 1 else "received"
             )
diff --git a/tests/ios_backup/test_sms.py b/tests/ios_backup/test_sms.py
index 84ce374..112852f 100644
--- a/tests/ios_backup/test_sms.py
+++ b/tests/ios_backup/test_sms.py
@@ -17,7 +17,7 @@ class TestSMSModule:
         m = SMS(target_path=get_ios_backup_folder())
         run_module(m)
         assert len(m.results) == 1
-        assert len(m.timeline) == 1
+        assert len(m.timeline) == 2  # SMS received and read events.
         assert len(m.detected) == 0
 
     def test_detection(self, indicator_file):