diff --git a/mvt/android/modules/adb/__init__.py b/mvt/android/modules/adb/__init__.py index e6f975b..0d889e0 100644 --- a/mvt/android/modules/adb/__init__.py +++ b/mvt/android/modules/adb/__init__.py @@ -15,11 +15,12 @@ from .logcat import Logcat from .packages import Packages from .getprop import Getprop from .processes import Processes +from .settings import Settings from .root_binaries import RootBinaries from .sms import SMS from .whatsapp import Whatsapp -ADB_MODULES = [ChromeHistory, SMS, Whatsapp, Processes, Getprop, +ADB_MODULES = [ChromeHistory, SMS, Whatsapp, Processes, Getprop, Settings, DumpsysAccessibility, DumpsysBatterystats, DumpsysProcstats, DumpsysPackages, DumpsysReceivers, DumpsysFull, Packages, RootBinaries, Logcat, Files] diff --git a/mvt/android/modules/adb/getprop.py b/mvt/android/modules/adb/getprop.py index 449dbf7..5ca32cd 100644 --- a/mvt/android/modules/adb/getprop.py +++ b/mvt/android/modules/adb/getprop.py @@ -28,7 +28,7 @@ class Getprop(AndroidExtraction): rxp = re.compile("\\[(.+?)\\]: \\[(.+?)\\]") out = self._adb_command("getprop") - for line in out.split("\n"): + for line in out.splitlines(): line = line.strip() if line == "": continue diff --git a/mvt/android/modules/adb/settings.py b/mvt/android/modules/adb/settings.py new file mode 100644 index 0000000..969d4ee --- /dev/null +++ b/mvt/android/modules/adb/settings.py @@ -0,0 +1,90 @@ +# Mobile Verification Toolkit (MVT) +# Copyright (c) 2021 The MVT Project Authors. +# Use of this software is governed by the MVT License 1.1 that can be found at +# https://license.mvt.re/1.1/ + +import re +import logging +import os + +from .base import AndroidExtraction + +log = logging.getLogger(__name__) + + +class Settings(AndroidExtraction): + """This module extracts Android system settings.""" + + def __init__(self, file_path=None, base_folder=None, output_folder=None, + serial=None, fast_mode=False, log=None, results=[]): + super().__init__(file_path=file_path, base_folder=base_folder, + output_folder=output_folder, fast_mode=fast_mode, + log=log, results=results) + + self.results = {} + + def run(self): + self._adb_connect() + + dangerous = [ + { + "description": "disabled Google Play Protect", + "key": "package_verifier_enable", + "value": "-1", + }, + { + "description": "disabled Google Play Protect", + "key": "package_verifier_user_consent", + "value": "-1", + }, + { + "description": "disabled Google Play Protect", + "key": "upload_apk_enable", + "value": "0", + }, + { + "description": "enabled installation of non-market apps", + "key": "install_non_market_apps", + "value": "1", + }, + { + "description": "disabled sharing of security reports", + "key": "send_security_reports", + "value": "0", + }, + { + "description": "disabled sharing of crash logs with manufacturer", + "key": "samsung_errorlog_agree", + "value": "0", + }, + { + "description": "disabled applications errors reports", + "key": "send_action_app_error", + "value": "0", + }, + ] + + for namespace in ["system", "secure", "global"]: + out = self._adb_command(f"cmd settings list {namespace}") + if not out: + continue + + self.results[namespace] = {} + + for line in out.splitlines(): + line = line.strip() + if line == "": + continue + + fields = line.split("=", 1) + try: + self.results[namespace][fields[0]] = fields[1] + except IndexError: + continue + + for danger in dangerous: + if danger["key"] == fields[0] and danger["value"] == fields[1]: + self.log.warning("Found suspicious setting \"%s = %s\" (%s)", + fields[0], fields[1], danger["description"]) + + self._adb_disconnect()