Restructured modules folders

mvt/ios/cli.py

@@ -15,7 +15,9 @@ from mvt.common.module import run_module, save_timeline
 from mvt.common.options import MutuallyExclusiveOption
 
 from .decrypt import DecryptBackup
-from .modules.fs import BACKUP_MODULES, FS_MODULES
+from .modules.backup import BACKUP_MODULES
+from .modules.fs import FS_MODULES
+from .modules.mixed import MIXED_MODULES
 
 # Setup logging using Rich.
 LOG_FORMAT = "[%(name)s] %(message)s"
@@ -129,7 +131,7 @@ def extract_key(password, backup_path, key_file):
 def check_backup(ctx, iocs, output, fast, backup_path, list_modules, module):
     if list_modules:
         log.info("Following is the list of available check-backup modules:")
-        for backup_module in BACKUP_MODULES:
+        for backup_module in BACKUP_MODULES + MIXED_MODULES:
             log.info(" - %s", backup_module.__name__)
 
         return
@@ -154,7 +156,7 @@ def check_backup(ctx, iocs, output, fast, backup_path, list_modules, module):
 
     timeline = []
     timeline_detected = []
-    for backup_module in BACKUP_MODULES:
+    for backup_module in BACKUP_MODULES + MIXED_MODULES:
         if module and backup_module.__name__ != module:
             continue
 
@@ -191,7 +193,7 @@ def check_backup(ctx, iocs, output, fast, backup_path, list_modules, module):
 def check_fs(ctx, iocs, output, fast, dump_path, list_modules, module):
     if list_modules:
         log.info("Following is the list of available check-fs modules:")
-        for fs_module in FS_MODULES:
+        for fs_module in FS_MODULES + MIXED_MODULES:
             log.info(" - %s", fs_module.__name__)
 
         return
@@ -216,7 +218,7 @@ def check_fs(ctx, iocs, output, fast, dump_path, list_modules, module):
 
     timeline = []
     timeline_detected = []
-    for fs_module in FS_MODULES:
+    for fs_module in FS_MODULES + MIXED_MODULES:
         if module and fs_module.__name__ != module:
             continue
 

mvt/ios/modules/backup/__init__.py

@@ -0,0 +1,9 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+from .backup_info import BackupInfo
+from .manifest import Manifest
+
+BACKUP_MODULES = [BackupInfo, Manifest,]

mvt/ios/modules/backup/backup_info.py

@@ -8,10 +8,10 @@ import plistlib
 
 from mvt.common.module import DatabaseNotFoundError
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 
-class DeviceInfo(IOSExtraction):
+class BackupInfo(IOSExtraction):
     """This module extracts information about the device."""
 
     def __init__(self, file_path=None, base_folder=None, output_folder=None,

mvt/ios/modules/backup/manifest.py

@@ -12,7 +12,7 @@ import sqlite3
 from mvt.common.module import DatabaseNotFoundError
 from mvt.common.utils import convert_timestamp_to_iso
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 
 class Manifest(IOSExtraction):

mvt/ios/modules/fs/__init__.py

@@ -4,43 +4,13 @@
 #   https://license.mvt.re/1.1/
 
 from .cache_files import CacheFiles
-from .calls import Calls
-from .chrome_favicon import ChromeFavicon
-from .chrome_history import ChromeHistory
-from .contacts import Contacts
-from .device_info import DeviceInfo
 from .filesystem import Filesystem
-from .firefox_favicon import FirefoxFavicon
-from .firefox_history import FirefoxHistory
-from .idstatuscache import IDStatusCache
-from .interactionc import InteractionC
-from .locationd import LocationdClients
-from .manifest import Manifest
-from .net_datausage import Datausage
 from .net_netusage import Netusage
-from .safari_browserstate import SafariBrowserState
 from .safari_favicon import SafariFavicon
-from .safari_history import SafariHistory
-from .sms import SMS
-from .sms_attachments import SMSAttachments
 from .version_history import IOSVersionHistory
 from .webkit_indexeddb import WebkitIndexedDB
 from .webkit_localstorage import WebkitLocalStorage
-from .webkit_resource_load_statistics import WebkitResourceLoadStatistics
 from .webkit_safariviewservice import WebkitSafariViewService
-from .webkit_session_resource_log import WebkitSessionResourceLog
-from .whatsapp import Whatsapp
 
-BACKUP_MODULES = [SafariBrowserState, SafariHistory, Datausage, SMS, SMSAttachments,
-                  ChromeHistory, ChromeFavicon, WebkitSessionResourceLog,
-                  WebkitResourceLoadStatistics, Calls, IDStatusCache, LocationdClients,
-                  InteractionC, FirefoxHistory, FirefoxFavicon, Contacts, Manifest, Whatsapp,
-                  DeviceInfo]
-
-FS_MODULES = [IOSVersionHistory, SafariHistory, SafariFavicon, SafariBrowserState,
-              WebkitIndexedDB, WebkitLocalStorage, WebkitSafariViewService,
-              WebkitResourceLoadStatistics, WebkitSessionResourceLog,
-              Datausage, Netusage, ChromeHistory,
-              ChromeFavicon, Calls, IDStatusCache, SMS, SMSAttachments,
-              LocationdClients, InteractionC, FirefoxHistory, FirefoxFavicon,
-              Contacts, CacheFiles, Whatsapp, Filesystem]
+FS_MODULES = [CacheFiles, Filesystem, Netusage, SafariFavicon, IOSVersionHistory,
+              WebkitIndexedDB, WebkitLocalStorage, WebkitSafariViewService,]

mvt/ios/modules/fs/cache_files.py

@@ -6,7 +6,7 @@
 import os
 import sqlite3
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 
 class CacheFiles(IOSExtraction):

mvt/ios/modules/fs/filesystem.py

@@ -8,7 +8,7 @@ import os
 
 from mvt.common.utils import convert_timestamp_to_iso
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 
 class Filesystem(IOSExtraction):

mvt/ios/modules/fs/net_netusage.py

@@ -3,7 +3,7 @@
 # Use of this software is governed by the MVT License 1.1 that can be found at
 #   https://license.mvt.re/1.1/
 
-from .net_base import NetBase
+from ..net_base import NetBase
 
 NETUSAGE_ROOT_PATHS = [
     "private/var/networkd/netusage.sqlite",

mvt/ios/modules/fs/safari_favicon.py

@@ -7,7 +7,7 @@ import sqlite3
 
 from mvt.common.utils import convert_mactime_to_unix, convert_timestamp_to_iso
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 SAFARI_FAVICON_ROOT_PATHS = [
     "private/var/mobile/Library/Image Cache/Favicons/Favicons.db",

mvt/ios/modules/fs/version_history.py

@@ -8,7 +8,7 @@ import json
 
 from mvt.common.utils import convert_timestamp_to_iso
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 IOS_ANALYTICS_JOURNAL_PATHS = [
     "private/var/db/analyticsd/Analytics-Journal-*.ips",

mvt/ios/modules/fs/webkit_base.py

@@ -8,7 +8,7 @@ import os
 
 from mvt.common.utils import convert_timestamp_to_iso
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 
 class WebkitBase(IOSExtraction):

mvt/ios/modules/mixed/__init__.py

@@ -0,0 +1,27 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021 The MVT Project Authors.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+from .calls import Calls
+from .chrome_favicon import ChromeFavicon
+from .chrome_history import ChromeHistory
+from .contacts import Contacts
+from .firefox_favicon import FirefoxFavicon
+from .firefox_history import FirefoxHistory
+from .idstatuscache import IDStatusCache
+from .interactionc import InteractionC
+from .locationd import LocationdClients
+from .net_datausage import Datausage
+from .safari_browserstate import SafariBrowserState
+from .safari_history import SafariHistory
+from .sms import SMS
+from .sms_attachments import SMSAttachments
+from .webkit_resource_load_statistics import WebkitResourceLoadStatistics
+from .webkit_session_resource_log import WebkitSessionResourceLog
+from .whatsapp import Whatsapp
+
+MIXED_MODULES = [Calls, ChromeFavicon, ChromeHistory, Contacts, FirefoxFavicon,
+                 FirefoxHistory, IDStatusCache, InteractionC, LocationdClients,
+                 Datausage, SafariBrowserState, SafariHistory, SMS, SMSAttachments,
+                 WebkitResourceLoadStatistics, WebkitSessionResourceLog, Whatsapp,]

mvt/ios/modules/mixed/calls.py

@@ -7,7 +7,7 @@ import sqlite3
 
 from mvt.common.utils import convert_mactime_to_unix, convert_timestamp_to_iso
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 CALLS_BACKUP_IDS = [
     "5a4935c78a5255723f707230a451d79c540d2741",

mvt/ios/modules/mixed/chrome_favicon.py

@@ -8,7 +8,7 @@ import sqlite3
 from mvt.common.utils import (convert_chrometime_to_unix,
                               convert_timestamp_to_iso)
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 CHROME_FAVICON_BACKUP_IDS = [
     "55680ab883d0fdcffd94f959b1632e5fbbb18c5b"

mvt/ios/modules/mixed/chrome_history.py

@@ -8,7 +8,7 @@ import sqlite3
 from mvt.common.utils import (convert_chrometime_to_unix,
                               convert_timestamp_to_iso)
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 CHROME_HISTORY_BACKUP_IDS = [
     "faf971ce92c3ac508c018dce1bef2a8b8e9838f1",

mvt/ios/modules/mixed/contacts.py

@@ -5,7 +5,7 @@
 
 import sqlite3
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 CONTACTS_BACKUP_IDS = [
     "31bb7ba8914766d4ba40d6dfb6113c8b614be442",

mvt/ios/modules/mixed/firefox_favicon.py

@@ -8,7 +8,7 @@ from datetime import datetime
 
 from mvt.common.utils import convert_timestamp_to_iso
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 FIREFOX_HISTORY_BACKUP_IDS = [
     "2e57c396a35b0d1bcbc624725002d98bd61d142b",

mvt/ios/modules/mixed/firefox_history.py

@@ -8,7 +8,7 @@ from datetime import datetime
 
 from mvt.common.utils import convert_timestamp_to_iso
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 FIREFOX_HISTORY_BACKUP_IDS = [
     "2e57c396a35b0d1bcbc624725002d98bd61d142b",

mvt/ios/modules/mixed/idstatuscache.py

@@ -8,7 +8,7 @@ import plistlib
 
 from mvt.common.utils import convert_mactime_to_unix, convert_timestamp_to_iso
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 IDSTATUSCACHE_BACKUP_IDS = [
     "6b97989189901ceaa4e5be9b7f05fb584120e27b",

mvt/ios/modules/mixed/interactionc.py

@@ -7,7 +7,7 @@ import sqlite3
 
 from mvt.common.utils import convert_mactime_to_unix, convert_timestamp_to_iso
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 INTERACTIONC_BACKUP_IDS = [
     "1f5a521220a3ad80ebfdc196978df8e7a2e49dee",

mvt/ios/modules/mixed/locationd.py

@@ -7,7 +7,7 @@ import plistlib
 
 from mvt.common.utils import convert_mactime_to_unix, convert_timestamp_to_iso
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 LOCATIOND_BACKUP_IDS = [
     "a690d7769cce8904ca2b67320b107c8fe5f79412",

mvt/ios/modules/mixed/net_datausage.py

@@ -3,7 +3,7 @@
 # Use of this software is governed by the MVT License 1.1 that can be found at
 #   https://license.mvt.re/1.1/
 
-from .net_base import NetBase
+from ..net_base import NetBase
 
 DATAUSAGE_BACKUP_IDS = [
     "0d609c54856a9bb2d56729df1d68f2958a88426b",

mvt/ios/modules/mixed/safari_browserstate.py

@@ -10,7 +10,7 @@ import sqlite3
 from mvt.common.utils import (convert_mactime_to_unix,
                               convert_timestamp_to_iso, keys_bytes_to_string)
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 SAFARI_BROWSER_STATE_BACKUP_IDS = [
     "3a47b0981ed7c10f3e2800aa66bac96a3b5db28e",

mvt/ios/modules/mixed/safari_history.py

@@ -8,7 +8,7 @@ import sqlite3
 from mvt.common.url import URL
 from mvt.common.utils import convert_mactime_to_unix, convert_timestamp_to_iso
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 SAFARI_HISTORY_BACKUP_IDS = [
     "e74113c185fd8297e140cfcf9c99436c5cc06b57",

mvt/ios/modules/mixed/sms.py

@@ -9,7 +9,7 @@ from base64 import b64encode
 from mvt.common.utils import (check_for_links, convert_mactime_to_unix,
                               convert_timestamp_to_iso)
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 SMS_BACKUP_IDS = [
     "3d0d7e5fb2ce288813306e4d4636395e047a3d28",

mvt/ios/modules/mixed/sms_attachments.py

@@ -8,7 +8,7 @@ from base64 import b64encode
 
 from mvt.common.utils import convert_mactime_to_unix, convert_timestamp_to_iso
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 SMS_BACKUP_IDS = [
     "3d0d7e5fb2ce288813306e4d4636395e047a3d28",

mvt/ios/modules/mixed/webkit_resource_load_statistics.py

@@ -9,7 +9,7 @@ import sqlite3
 
 from mvt.common.utils import convert_timestamp_to_iso
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 WEBKIT_RESOURCELOADSTATICS_BACKUP_RELPATH = "Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db"
 WEBKIT_RESOURCELOADSTATICS_ROOT_PATHS = [

mvt/ios/modules/mixed/webkit_session_resource_log.py

@@ -9,7 +9,7 @@ import plistlib
 
 from mvt.common.utils import convert_timestamp_to_iso
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 WEBKIT_SESSION_RESOURCE_LOG_BACKUP_IDS = [
     "a500ee38053454a02e990957be8a251935e28d3f",

mvt/ios/modules/mixed/whatsapp.py

@@ -9,7 +9,7 @@ import sqlite3
 from mvt.common.utils import (check_for_links, convert_mactime_to_unix,
                               convert_timestamp_to_iso)
 
-from .base import IOSExtraction
+from ..base import IOSExtraction
 
 log = logging.getLogger(__name__)