crt0mega
/
mvt
mirror of https://github.com/mvt-project/mvt.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
612 Commits 22 Branches 67 Tags 6 MiB
Commit Graph

612 Commits

Author SHA1 Message Date
Nex 88324c7c42 Standardized to logging format 2021-08-12 12:48:29 +02:00
Daniel Kahn Gillmor ec93c3d8b8 Even friendlier behaviors when the user mis-specifies the backup path 
As discussed in #147
 2021-08-10 23:19:45 -04:00
Daniel Kahn Gillmor 1288f8ca53 handle error cases better 2021-08-10 22:57:15 -04:00
DL6ER 290776a286
Log if there was no detection made by the module 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2021-08-10 12:13:23 +02:00
Nex 44b677fdb2 Updated README 2021-08-09 16:14:48 +02:00
Nex 3ae822d3ac Updated README 2021-08-09 16:14:08 +02:00
Nex 7940fb2879 Updated README 2021-08-09 16:12:23 +02:00
Nex af7bc3ca31 Updated README 2021-08-09 16:12:10 +02:00
Nex d606f9570f Updated README 2021-08-09 16:10:42 +02:00
Hamza Z 15c0d71933 Fix merge conflicts 2021-08-08 20:05:50 +02:00
Nex 24c89183a3 Bumped version 2021-08-06 18:44:16 +02:00
Nex e5f7727c80 Fixed typo (closes: #157) 2021-08-06 18:40:09 +02:00
Nex 7b00f03f03 Bumped version 2021-08-05 09:04:22 +02:00
Nex 9f696dcb72 Added version 14.7.1 2021-08-05 09:03:02 +02:00
Nex ef139effdb Merge branch 'dkg-clearer-error-reporting' 2021-08-05 08:56:52 +02:00
Nex 2302c9fb1c Fixed language 2021-08-05 08:56:41 +02:00
Nex 9bb8ae5187 Merge branch 'clearer-error-reporting' of https://github.com/dkg/mvt into dkg-clearer-error-reporting 2021-08-05 08:54:29 +02:00
Nex 76e6138d77 Catching check if root exception more grafully (closes: #5) 2021-08-05 08:49:34 +02:00
Nex 0bc660a2b3 Updated documentation (closes: #3) 2021-08-04 19:14:06 +02:00
Nex 7ae9ecbf5a Removed newline 2021-08-03 17:25:16 +02:00
Nex 1e8278aeec Updated README 2021-08-03 15:51:58 +02:00
Nex 995ebc02cf Fixing language 2021-08-03 10:28:28 +02:00
Nex 12e0f14400 Added note on running MVT on Windows 2021-08-03 10:24:38 +02:00
Nex 6ef5b9d311
Merge pull request #148 from dkg/quotes 
mvt-ios sqlite3 db recovery: fix quoting sent to sqlite3 .clone
 2021-08-03 09:31:43 +02:00
Daniel Kahn Gillmor 33e90c1707 mvt-ios sqlite3 db recovery: fix quoting sent to sqlite3 .clone 
In b2afce5c79, the db filename is
wrapped in double-quotes when passing it to the sqlite3 tool's
`.clone` helper command.

For parsing safety, we avoid performing this cleanup if the filename
itself has a double-quote character in it.  Otherwise, a malformed
filename could lead to arbitrary injection into the sqlite3 command.

In be24680046, the sqlite3 wrapping
changes to single-quotes.  Either the safety check should be amended
to block pathnames with single-quotes, or the sqlite3 wrapping should
revert to double-quotes.

I opted for the latter here because i think single-quotes are more
likely than double-quotes to show up in pathnames (e.g. a folder named
"Daniel's files"), but either change would be fine, of course.
 2021-08-02 11:26:00 -04:00
Daniel Kahn Gillmor 706c429595 mvt-ios decrypt-backup: Improve error messages for known cases 
The two most common reasons that `mvt-ios decrypt-backup` can fail are
wrong passwords and not pointing to an actual backup.

We can distinguish these cases based on the kinds of errors thrown
from iOSbackup (at least for the current versions that i'm testing
with).

When we encounter those particular exceptions, just report a simple
summary and don't overwhelm the user with a backtrace.  If we
encounter an unexpected exception, leave the reporting as-is.

Closes: #28, #36
 2021-08-02 11:07:31 -04:00
Nex f011fd19e8 More explicit copyright and licensing notes 2021-08-01 21:11:08 +02:00
Nex bc48dc2cf5 Fixed import order 2021-08-01 19:53:20 +02:00
Nex f3c0948283 Fixing exception name in Manifest module 2021-08-01 19:50:25 +02:00
Nex be24680046 Enforcing double quotes 2021-08-01 19:50:04 +02:00
Nex a3d10c1824
Merge pull request #140 from dkg/avoid-shell-True 
Avoid breakage with paths with unusual names
 2021-08-01 19:45:11 +02:00
Daniel Kahn Gillmor b2afce5c79 Avoid breakage with paths with unusual names 
If file_path has any whitespace or shell metacharacters in it, then
the invocation of subprocess.call would be likely to break (or even
accidentally execute code, depending on how perverse the pathnames
are).

It's generally a good plan to avoid shell=True for subprocess.call
where you can lay out the arguments deliberately in python.  This one
looks relatively straightforward (but note, i have not tested it,
sorry!)

Note that if a name has a `"` character in it, we still fail, out of
safety reasons.

in particular, we want to avoid command injection into the sqlite
binary with particularly malicious names that look something like the
following:

```
foo.db"; .shell touch should-not-exist; .nullvalue "
```
 2021-08-01 11:35:38 -04:00
Nex b2e210e91c Removed unused import 2021-08-01 14:16:28 +02:00
Nex 6f83bf5ae1 Removed duplicates 2021-08-01 14:05:21 +02:00
Nex a979b82ec6 Bumped version 2021-08-01 13:59:59 +02:00
Nex eaef75d931 Added iPhone models definitions 2021-08-01 13:59:30 +02:00
Nex 1650aea248 pip3 for clarity 2021-07-31 19:48:19 +02:00
Nex bc3634bf30 Specifying it is a password prompt 2021-07-31 10:27:44 +02:00
Nex 87ffd9e003 Bumped version 2021-07-31 10:23:38 +02:00
Nex 19f355810a Merge branch 'dkg-update-libimobiledevice-docs' 2021-07-31 10:19:46 +02:00
Nex 38b7aa6032 Updated doc on backup 2021-07-31 10:19:38 +02:00
Nex feb285015a Merge branch 'update-libimobiledevice-docs' of https://github.com/dkg/mvt into dkg-update-libimobiledevice-docs 2021-07-31 10:16:58 +02:00
Nex 933ee65897 Merge branch 'dkg-mvt_decrypt-backup_password_from_env' 2021-07-31 10:13:43 +02:00
Nex ad9ab1aeba Switched to using rich Prompt 2021-07-31 10:13:18 +02:00
Nex 4debee72cd Merge branch 'mvt_decrypt-backup_password_from_env' of https://github.com/dkg/mvt into dkg-mvt_decrypt-backup_password_from_env 2021-07-31 10:07:14 +02:00
Nex d7031bd25f Merge branch 'dkg-ioc-docs' 2021-07-31 10:05:55 +02:00
Nex 5b5b065bc4 Updated doc page on IOCs 2021-07-31 10:05:41 +02:00
Daniel Kahn Gillmor 59206fc450 Describe how to use and find IOCs 
This offers generic documentation, to show how MVT can be used with
arbitrary STIX-formatted IOCs, while still pointing users at some
known-to-be-useful sample files.
 2021-07-31 00:46:36 -04:00
Daniel Kahn Gillmor 7b1b31f7be Update libimobiledevice docs about backup password reset 
In this stage, the user is likely to want to run `idevicebackup2` in
interactive mode, so clearly specify the `-i` flag in the right place
(just dropping `-i` at the end of the command does not work as
expected -- i think `idevicebackup2 backup encryption on -i` tries to
set the password to `-i`).

More importantly, note that resetting the password by resetting all
the settings runs a risk of removing some of the forensic information.
Etienne identified a file that he thought was wiped as a result of
this in the call this morning, but I don't remember which file it was.

Maybe `id_status_cache.json` ?  If you have more concrete info, please
add it here too!
 2021-07-30 23:49:06 -04:00
Daniel Kahn Gillmor 270e002f1b mvt-ios extract-key: enable pulling password from the environment 
This enables automated use of extract-key without requiring a password
to be placed in the command line, where it might leak.
 2021-07-30 23:10:54 -04:00