crt0mega/mvt
1
0
Fork 0
mirror of https://github.com/mvt-project/mvt.git synced 2024-06-30 16:18:54 +00:00
Code Issues Projects Releases Wiki Activity

Refactored serial specification for ADB

Browse Source
This commit is contained in:
Nex 2021-08-12 18:21:21 +02:00
parent f78c671885
commit 8ca7030195
12 changed files with 47 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
mvt/android/cli.py
View File

@ -28,7 +28,7 @@ log = logging.getLogger(__name__)
# Help messages of repeating options. # Help messages of repeating options.
OUTPUT_HELP_MESSAGE = "Specify a path to a folder where you want to store JSON results" OUTPUT_HELP_MESSAGE = "Specify a path to a folder where you want to store JSON results"
SERIAL_HELP_MESSAGE = "Specify a device serial number or HOST:PORT connection string"
#============================================================================== #==============================================================================
# Main # Main
@ -42,6 +42,7 @@ def cli():
# Download APKs # Download APKs
#============================================================================== #==============================================================================
@cli.command("download-apks", help="Download all or non-safelisted installed APKs installed on the device") @cli.command("download-apks", help="Download all or non-safelisted installed APKs installed on the device")
@click.option("--serial", "-s", type=str, help=SERIAL_HELP_MESSAGE)
@click.option("--all-apks", "-a", is_flag=True, @click.option("--all-apks", "-a", is_flag=True,
help="Extract all packages installed on the phone, even those marked as safe") help="Extract all packages installed on the phone, even those marked as safe")
@click.option("--virustotal", "-v", is_flag=True, help="Check packages on VirusTotal") @click.option("--virustotal", "-v", is_flag=True, help="Check packages on VirusTotal")
@ -51,7 +52,6 @@ def cli():
help="Specify a path to a folder where you want to store the APKs") help="Specify a path to a folder where you want to store the APKs")
@click.option("--from-file", "-f", type=click.Path(exists=True), @click.option("--from-file", "-f", type=click.Path(exists=True),
help="Instead of acquiring from phone, load an existing packages.json file for lookups (mainly for debug purposes)") help="Instead of acquiring from phone, load an existing packages.json file for lookups (mainly for debug purposes)")
@click.option("--serial", "-s", type=str, help="Use the Android device with a given serial number")
def download_apks(all_apks, virustotal, koodous, all_checks, output, from_file, serial): def download_apks(all_apks, virustotal, koodous, all_checks, output, from_file, serial):
try: try:
if from_file: if from_file:
@ -64,7 +64,9 @@ def download_apks(all_apks, virustotal, koodous, all_checks, output, from_file,
log.critical("Unable to create output folder %s: %s", output, e) log.critical("Unable to create output folder %s: %s", output, e)
sys.exit(-1) sys.exit(-1)
download = DownloadAPKs(output_folder=output, all_apks=all_apks, serial=serial) download = DownloadAPKs(output_folder=output, all_apks=all_apks)
if serial:
download.serial = serial
download.run() download.run()
packages = download.packages packages = download.packages
@ -86,12 +88,12 @@ def download_apks(all_apks, virustotal, koodous, all_checks, output, from_file,
# Checks through ADB # Checks through ADB
#============================================================================== #==============================================================================
@cli.command("check-adb", help="Check an Android device over adb") @cli.command("check-adb", help="Check an Android device over adb")
@click.option("--serial", "-s", type=str, help=SERIAL_HELP_MESSAGE)
@click.option("--iocs", "-i", type=click.Path(exists=True), help="Path to indicators file") @click.option("--iocs", "-i", type=click.Path(exists=True), help="Path to indicators file")
@click.option("--output", "-o", type=click.Path(exists=False), @click.option("--output", "-o", type=click.Path(exists=False),
help="Specify a path to a folder where you want to store JSON results") help="Specify a path to a folder where you want to store JSON results")
@click.option("--list-modules", "-l", is_flag=True, help="Print list of available modules and exit") @click.option("--list-modules", "-l", is_flag=True, help="Print list of available modules and exit")
@click.option("--module", "-m", help="Name of a single module you would like to run instead of all") @click.option("--module", "-m", help="Name of a single module you would like to run instead of all")
@click.option("--serial", "-s", type=str, help="Use the Android device with a given serial")
def check_adb(iocs, output, list_modules, module, serial): def check_adb(iocs, output, list_modules, module, serial):
if list_modules: if list_modules:
log.info("Following is the list of available check-adb modules:") log.info("Following is the list of available check-adb modules:")
@ -120,7 +122,9 @@ def check_adb(iocs, output, list_modules, module, serial):
if module and adb_module.__name__ != module: if module and adb_module.__name__ != module:
continue continue
m = adb_module(output_folder=output, serial=serial, log=logging.getLogger(adb_module.__module__)) m = adb_module(output_folder=output, log=logging.getLogger(adb_module.__module__))
if serial:
m.serial = serial
if iocs: if iocs:
indicators.log = m.log indicators.log = m.log
@ -140,9 +144,9 @@ def check_adb(iocs, output, list_modules, module, serial):
# Check ADB backup # Check ADB backup
#============================================================================== #==============================================================================
@cli.command("check-backup", help="Check an Android Backup") @cli.command("check-backup", help="Check an Android Backup")
@click.option("--serial", "-s", type=str, help=SERIAL_HELP_MESSAGE)
@click.option("--iocs", "-i", type=click.Path(exists=True), help="Path to indicators file") @click.option("--iocs", "-i", type=click.Path(exists=True), help="Path to indicators file")
@click.option("--output", "-o", type=click.Path(exists=False), help=OUTPUT_HELP_MESSAGE) @click.option("--output", "-o", type=click.Path(exists=False), help=OUTPUT_HELP_MESSAGE)
@click.option("--serial", "-s", type=str, help="Use the Android device with a given serial")
@click.argument("BACKUP_PATH", type=click.Path(exists=True)) @click.argument("BACKUP_PATH", type=click.Path(exists=True))
def check_backup(iocs, output, backup_path, serial): def check_backup(iocs, output, backup_path, serial):
log.info("Checking ADB backup located at: %s", backup_path) log.info("Checking ADB backup located at: %s", backup_path)
@ -169,7 +173,10 @@ def check_backup(iocs, output, backup_path, serial):
for module in BACKUP_MODULES: for module in BACKUP_MODULES:
m = module(base_folder=backup_path, output_folder=output, m = module(base_folder=backup_path, output_folder=output,
serial=serial, log=logging.getLogger(module.__module__)) log=logging.getLogger(module.__module__))
if serial:
m.serial = serial
if iocs: if iocs:
indicators.log = m.log indicators.log = m.log

15
mvt/android/download_apks.py
View File

@ -40,16 +40,11 @@ class DownloadAPKs(AndroidExtraction):
"""DownloadAPKs is the main class operating the download of APKs """DownloadAPKs is the main class operating the download of APKs
from the device.""" from the device."""
def __init__(self, output_folder=None, all_apks=False, packages=None, serial=None): def __init__(self, file_path=None, base_folder=None, output_folder=None,
"""Initialize module. serial=None, fast_mode=False, log=None, results=[]):
:param output_folder: Path to the folder where data should be stored super().__init__(file_path=file_path, base_folder=base_folder,
:param all_apks: Boolean indicating whether to download all packages output_folder=output_folder, fast_mode=fast_mode,
or filter known-goods log=log, results=results)
:param packages: Provided list of packages, typically for JSON checks
:param serial: The USB device serial ID
"""
super().__init__(file_path=None, base_folder=None,
output_folder=output_folder, serial=serial)
self.output_folder_apk = None self.output_folder_apk = None
self.packages = packages or [] self.packages = packages or []

17
mvt/android/modules/adb/base.py
View File

@ -27,19 +27,19 @@ class AndroidExtraction(MVTModule):
"""This class provides a base for all Android extraction modules.""" """This class provides a base for all Android extraction modules."""
def __init__(self, file_path=None, base_folder=None, output_folder=None, def __init__(self, file_path=None, base_folder=None, output_folder=None,
serial=None, fast_mode=False, log=None, results=[]): fast_mode=False, log=None, results=[]):
"""Initialize Android extraction module. """Initialize Android extraction module.
:param file_path: Path to the database file to parse :param file_path: Path to the database file to parse
:param base_folder: Path to a base folder containing an Android dump :param base_folder: Path to a base folder containing an Android dump
:param output_folder: Path to the folder where to store extraction :param output_folder: Path to the folder where to store extraction
results results
:param serial: The USB device serial ID
""" """
super().__init__(file_path=file_path, base_folder=base_folder, super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, serial=serial, output_folder=output_folder, fast_mode=fast_mode,
fast_mode=fast_mode, log=log, results=results) log=log, results=results)
self.device = None self.device = None
self.serial = None
def _adb_check_keys(self): def _adb_check_keys(self):
"""Make sure Android adb keys exist. """Make sure Android adb keys exist.
@ -60,15 +60,18 @@ class AndroidExtraction(MVTModule):
signer = PythonRSASigner("", priv_key) signer = PythonRSASigner("", priv_key)
if self.serial is None or ":" not in self.serial: # If no serial was specified or if the serial does not seem to be
# a HOST:PORT definition, we use the USB transport.
if not self.serial or ":" not in self.serial:
self.device = AdbDeviceUsb(serial=self.serial) self.device = AdbDeviceUsb(serial=self.serial)
# Otherwise we try to use the TCP transport.
else: else:
addr = self.serial.split(":") addr = self.serial.split(":")
if len(addr) < 2: if len(addr) < 2:
raise ValueError("TCP serial number must follow the format: `address:port`") raise ValueError("TCP serial number must follow the format: `address:port`")
self.device = AdbDeviceTcp(addr[0], int(addr[1]), default_transport_timeout_s=9.) self.device = AdbDeviceTcp(addr[0], int(addr[1]),
default_transport_timeout_s=30.)
while True: while True:
try: try:

4
mvt/android/modules/adb/chrome_history.py
View File

@ -22,8 +22,8 @@ class ChromeHistory(AndroidExtraction):
def __init__(self, file_path=None, base_folder=None, output_folder=None, def __init__(self, file_path=None, base_folder=None, output_folder=None,
serial=None, fast_mode=False, log=None, results=[]): serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder, super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, serial=serial, output_folder=output_folder, fast_mode=fast_mode,
fast_mode=fast_mode, log=log, results=results) log=log, results=results)
def serialize(self, record): def serialize(self, record):
return { return {

4
mvt/android/modules/adb/dumpsys_batterystats.py
View File

@ -16,8 +16,8 @@ class DumpsysBatterystats(AndroidExtraction):
def __init__(self, file_path=None, base_folder=None, output_folder=None, def __init__(self, file_path=None, base_folder=None, output_folder=None,
serial=None, fast_mode=False, log=None, results=[]): serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder, super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, serial=serial, output_folder=output_folder, fast_mode=fast_mode,
fast_mode=fast_mode, log=log, results=results) log=log, results=results)
def run(self): def run(self):
self._adb_connect() self._adb_connect()

4
mvt/android/modules/adb/dumpsys_packages.py
View File

@ -16,8 +16,8 @@ class DumpsysPackages(AndroidExtraction):
def __init__(self, file_path=None, base_folder=None, output_folder=None, def __init__(self, file_path=None, base_folder=None, output_folder=None,
serial=None, fast_mode=False, log=None, results=[]): serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder, super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, serial=serial, output_folder=output_folder, fast_mode=fast_mode,
fast_mode=fast_mode, log=log, results=results) log=log, results=results)
def run(self): def run(self):
self._adb_connect() self._adb_connect()

4
mvt/android/modules/adb/dumpsys_procstats.py
View File

@ -16,8 +16,8 @@ class DumpsysProcstats(AndroidExtraction):
def __init__(self, file_path=None, base_folder=None, output_folder=None, def __init__(self, file_path=None, base_folder=None, output_folder=None,
serial=None, fast_mode=False, log=None, results=[]): serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder, super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, serial=serial, output_folder=output_folder, fast_mode=fast_mode,
fast_mode=fast_mode, log=log, results=results) log=log, results=results)
def run(self): def run(self):
self._adb_connect() self._adb_connect()

4
mvt/android/modules/adb/packages.py
View File

@ -18,8 +18,8 @@ class Packages(AndroidExtraction):
def __init__(self, file_path=None, base_folder=None, output_folder=None, def __init__(self, file_path=None, base_folder=None, output_folder=None,
serial=None, fast_mode=False, log=None, results=[]): serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder, super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, serial=serial, output_folder=output_folder, fast_mode=fast_mode,
fast_mode=fast_mode, log=log, results=results) log=log, results=results)
def serialize(self, record): def serialize(self, record):
records = [] records = []

4
mvt/android/modules/adb/processes.py
View File

@ -15,8 +15,8 @@ class Processes(AndroidExtraction):
def __init__(self, file_path=None, base_folder=None, output_folder=None, def __init__(self, file_path=None, base_folder=None, output_folder=None,
serial=None, fast_mode=False, log=None, results=[]): serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder, super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, serial=serial, output_folder=output_folder, fast_mode=fast_mode,
fast_mode=fast_mode, log=log, results=results) log=log, results=results)
def run(self): def run(self):
self._adb_connect() self._adb_connect()

4
mvt/android/modules/adb/rootbinaries.py
View File

@ -18,8 +18,8 @@ class RootBinaries(AndroidExtraction):
def __init__(self, file_path=None, base_folder=None, output_folder=None, def __init__(self, file_path=None, base_folder=None, output_folder=None,
serial=None, fast_mode=False, log=None, results=[]): serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder, super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, serial=serial, output_folder=output_folder, fast_mode=fast_mode,
fast_mode=fast_mode, log=log, results=results) log=log, results=results)
def run(self): def run(self):
root_binaries_path = os.path.join("..", "..", "data", "root_binaries.txt") root_binaries_path = os.path.join("..", "..", "data", "root_binaries.txt")

4
mvt/android/modules/adb/sms.py
View File

@ -45,8 +45,8 @@ class SMS(AndroidExtraction):
def __init__(self, file_path=None, base_folder=None, output_folder=None, def __init__(self, file_path=None, base_folder=None, output_folder=None,
serial=None, fast_mode=False, log=None, results=[]): serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder, super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, serial=serial, output_folder=output_folder, fast_mode=fast_mode,
fast_mode=fast_mode, log=log, results=results) log=log, results=results)
def serialize(self, record): def serialize(self, record):
text = record["text"].replace("\n", "\\n") text = record["text"].replace("\n", "\\n")

4
mvt/android/modules/adb/whatsapp.py
View File

@ -22,8 +22,8 @@ class Whatsapp(AndroidExtraction):
def __init__(self, file_path=None, base_folder=None, output_folder=None, def __init__(self, file_path=None, base_folder=None, output_folder=None,
serial=None, fast_mode=False, log=None, results=[]): serial=None, fast_mode=False, log=None, results=[]):
super().__init__(file_path=file_path, base_folder=base_folder, super().__init__(file_path=file_path, base_folder=base_folder,
output_folder=output_folder, serial=serial, output_folder=output_folder, fast_mode=fast_mode,
fast_mode=fast_mode, log=log, results=results) log=log, results=results)
def serialize(self, record): def serialize(self, record):
text = record["data"].replace("\n", "\\n") text = record["data"].replace("\n", "\\n")