Nex
7b32ed3179
Compacted record data
2021-09-03 14:41:55 +02:00
Nex
3e679312d1
Renamed module
2021-09-03 13:35:27 +02:00
guitarsinger
be4f1afed6
add OSAnalyticsADDAILY
2021-09-03 11:59:44 +02:00
Nex
8f04c09b75
Removed duplicate
2021-09-02 15:28:17 +02:00
Nex
595b7e2066
Fixed typo
2021-09-02 15:27:00 +02:00
Nex
d3941bb5d3
Merge pull request #177 from harsaphes/main
...
Checking idstatuscache.plist in a dump for iOS>14.7
2021-09-01 22:00:51 +02:00
Nex
194c8a0ac1
Using new function to retrieve local db path
2021-09-01 21:59:12 +02:00
tek
cacf027051
Fixes a bug in retrieving the backup file path in webkit session resource logs
2021-09-01 15:49:23 -04:00
tek
da97f5ca30
Add db recovery to Safari history module
2021-09-01 15:40:45 -04:00
Nex
a774577940
Handling some exceptions more gracefully
2021-09-01 13:41:21 +02:00
harsaphes
c2ec26fd75
Checking idstatuscache.plist in a dump for iOS>14.7
2021-08-30 21:01:59 +02:00
Nex
856a6fb895
Cleaning up some classes
2021-08-28 12:33:27 +02:00
Nex
c859b43220
Adding logo to iOS cli
2021-08-26 12:40:45 +02:00
Nex
0005ad2abd
Removed unused imports
2021-08-21 15:50:12 +02:00
Nex
a16b0c12d2
Added shared help messages
2021-08-21 15:48:52 +02:00
Nex
e0a6608b9d
Logging which files error the manifest module
2021-08-20 17:15:35 +02:00
Nex
80a91bb2ad
Checking if the backup is actually encrypted before proceeding ( closes : #48 )
2021-08-20 15:18:08 +02:00
Nex
817aaab258
Indicate in help message that option can be invoked multiple times
2021-08-18 13:24:10 +02:00
Nex
27847bf16c
Added counter for loaded indicators
2021-08-18 13:18:34 +02:00
Nex
48810af83d
Fixed creation of Indicators instance
2021-08-18 13:12:37 +02:00
Nex
6a63256b5c
Added ability to import multiple STIX2 indicators files
2021-08-18 13:08:32 +02:00
Nex
96e4a9a4a4
Overhaul of mvt-ios modules
2021-08-16 10:50:35 +02:00
Nex
24d7187303
Fixed variable name
2021-08-15 20:02:17 +02:00
Nex
6af6c52f60
Renamed function for consistency
2021-08-15 20:01:33 +02:00
Nex
fdaf2fc760
Fixed WebkitSessionResourceLog module, still needs testing
2021-08-15 20:00:29 +02:00
Nex
fda621672d
Renamed webkit helper function
2021-08-15 19:50:55 +02:00
Nex
ce6cc771b4
Replaced leftover dicts
2021-08-15 19:20:41 +02:00
Nex
e1e4476bee
Standardizing Manifest results structure
2021-08-15 19:07:45 +02:00
Nex
9582778adf
Getting rid of dict()
2021-08-15 19:05:15 +02:00
Nex
5e6e4fa8d0
Added modules to extract details on configuration profiles from backup
2021-08-15 18:53:02 +02:00
Nex
9e5a412fe2
Creating helper function to locate files in Manifest.db
2021-08-15 17:39:14 +02:00
Nex
763cb6e06c
DeviceInfo module is now BackupInfo and only running on backups
2021-08-15 13:16:00 +02:00
Nex
cbdbf41e1e
Restructured modules folders
2021-08-15 13:14:18 +02:00
Nex
cf630f7c2b
Fixed unused imports
2021-08-14 18:56:33 +02:00
Nex
3d6e01179a
Fixed typo
2021-08-14 18:52:00 +02:00
Nex
8260bda308
Got rid of biplist, using standard plistlib
2021-08-14 18:50:11 +02:00
Nex
30e00e0707
Added module to extract information on device
2021-08-14 18:39:46 +02:00
Nex
88e2576334
Copying plist files too when decrypting a backup
2021-08-14 18:25:41 +02:00
Nex
8a91e64bb9
Catching gracefully if indicators file parse fails
2021-08-12 20:17:37 +02:00
Nex
54eaf046b0
Standardizing base classes declarations
2021-08-12 18:36:31 +02:00
Nex
23e4babbc9
Sorted imports
2021-08-12 18:34:33 +02:00
Nex
78b9fcd50c
Added super init to NetBase
2021-08-12 18:34:23 +02:00
Nex
0a7512cfb2
Checking for manipulated entries even when no indicators are provided
2021-08-12 12:57:27 +02:00
Nex
88324c7c42
Standardized to logging format
2021-08-12 12:48:29 +02:00
Daniel Kahn Gillmor
ec93c3d8b8
Even friendlier behaviors when the user mis-specifies the backup path
...
As discussed in #147
2021-08-10 23:19:45 -04:00
Daniel Kahn Gillmor
1288f8ca53
handle error cases better
2021-08-10 22:57:15 -04:00
Nex
9f696dcb72
Added version 14.7.1
2021-08-05 09:03:02 +02:00
Nex
2302c9fb1c
Fixed language
2021-08-05 08:56:41 +02:00
Nex
9bb8ae5187
Merge branch 'clearer-error-reporting' of https://github.com/dkg/mvt into dkg-clearer-error-reporting
2021-08-05 08:54:29 +02:00
Daniel Kahn Gillmor
33e90c1707
mvt-ios sqlite3 db recovery: fix quoting sent to sqlite3 .clone
...
In b2afce5c79
, the db filename is
wrapped in double-quotes when passing it to the sqlite3 tool's
`.clone` helper command.
For parsing safety, we avoid performing this cleanup if the filename
itself has a double-quote character in it. Otherwise, a malformed
filename could lead to arbitrary injection into the sqlite3 command.
In be24680046
, the sqlite3 wrapping
changes to single-quotes. Either the safety check should be amended
to block pathnames with single-quotes, or the sqlite3 wrapping should
revert to double-quotes.
I opted for the latter here because i think single-quotes are more
likely than double-quotes to show up in pathnames (e.g. a folder named
"Daniel's files"), but either change would be fine, of course.
2021-08-02 11:26:00 -04:00
Daniel Kahn Gillmor
706c429595
mvt-ios decrypt-backup: Improve error messages for known cases
...
The two most common reasons that `mvt-ios decrypt-backup` can fail are
wrong passwords and not pointing to an actual backup.
We can distinguish these cases based on the kinds of errors thrown
from iOSbackup (at least for the current versions that i'm testing
with).
When we encounter those particular exceptions, just report a simple
summary and don't overwhelm the user with a backtrace. If we
encounter an unexpected exception, leave the reporting as-is.
Closes : #28 , #36
2021-08-02 11:07:31 -04:00
Nex
f011fd19e8
More explicit copyright and licensing notes
2021-08-01 21:11:08 +02:00
Nex
bc48dc2cf5
Fixed import order
2021-08-01 19:53:20 +02:00
Nex
f3c0948283
Fixing exception name in Manifest module
2021-08-01 19:50:25 +02:00
Nex
be24680046
Enforcing double quotes
2021-08-01 19:50:04 +02:00
Daniel Kahn Gillmor
b2afce5c79
Avoid breakage with paths with unusual names
...
If file_path has any whitespace or shell metacharacters in it, then
the invocation of subprocess.call would be likely to break (or even
accidentally execute code, depending on how perverse the pathnames
are).
It's generally a good plan to avoid shell=True for subprocess.call
where you can lay out the arguments deliberately in python. This one
looks relatively straightforward (but note, i have not tested it,
sorry!)
Note that if a name has a `"` character in it, we still fail, out of
safety reasons.
in particular, we want to avoid command injection into the sqlite
binary with particularly malicious names that look something like the
following:
```
foo.db"; .shell touch should-not-exist; .nullvalue "
```
2021-08-01 11:35:38 -04:00
Nex
b2e210e91c
Removed unused import
2021-08-01 14:16:28 +02:00
Nex
6f83bf5ae1
Removed duplicates
2021-08-01 14:05:21 +02:00
Nex
eaef75d931
Added iPhone models definitions
2021-08-01 13:59:30 +02:00
Nex
bc3634bf30
Specifying it is a password prompt
2021-07-31 10:27:44 +02:00
Nex
ad9ab1aeba
Switched to using rich Prompt
2021-07-31 10:13:18 +02:00
Daniel Kahn Gillmor
270e002f1b
mvt-ios extract-key: enable pulling password from the environment
...
This enables automated use of extract-key without requiring a password
to be placed in the command line, where it might leak.
2021-07-30 23:10:54 -04:00
Daniel Kahn Gillmor
53adc05338
mvt-ios decrypt-backup: Enable pulling password from the environment.
...
Specifying the password on the command line with `--password XXX`
leaves the password itself visible to any process on the machine which
can scan the process table.
On some systems (including common GNU/Linux distributions) this
visibility is possible by default.
This change should make it possible to offer the password without
putting it into the process table; rather, the user puts the password
in the environment, and specifies the name of the environment
variable, like so:
```
$ export MVT_IOS_BACKUP_PASSWORD=WronglySconeRoundnessUnruffled
$ mvt-ios decrypt-backup -d /path/to/dest /path/to/data/XXXXXXXX-YYYYYYYYYYYYYYY/
$ unset MVT_IOS_BACKUP_PASSWORD
```
or you can do so using a prefixed env var, as described in the updated
check.md documentation.
2021-07-30 23:10:54 -04:00
Nex
b264ae946d
Refactored to include functionality in existing DecryptBackup class
2021-07-30 18:46:45 +02:00
Nex
bfcfb3aa06
Merge branch 'extract-key' of https://github.com/pkirkovsky/mvt into pkirkovsky-extract-key
2021-07-30 18:29:47 +02:00
Nex
c966eea7e6
Sorted imports
2021-07-30 11:40:09 +02:00
Nex
490fb12302
Refactored creation of output folders
2021-07-30 11:08:32 +02:00
Nex
e2d82b0349
Merge branch 'master' of https://github.com/febrezo/mvt into febrezo-master
2021-07-30 10:48:34 +02:00
Nex
1bf7f54c72
Merge pull request #131 from macmade/main
...
Chrome History - Cheking extracted URLs against indicators.
2021-07-29 13:48:34 +02:00
Nex
60a2dbb860
Added module to parse WebKit ResourceLoadStatistics observations.db (ref: #133 )
2021-07-29 13:46:58 +02:00
macmade
5e03c28dbd
Chrome History - Cheking extracted URLs against indicators.
2021-07-29 02:33:32 +02:00
Nex
4fb6e204d1
Ordered iOS versions
2021-07-28 08:33:33 +02:00
Pavel Kirkovsky
f4340bd4f9
Merge branch 'mvt-project:main' into extract-key
2021-07-27 17:15:37 -07:00
Nex
b1ae777621
Fixed variable name
2021-07-27 21:29:14 +02:00
Nex
404edfee9a
Merge branch 'main' of github.com:mvt-project/mvt
2021-07-27 21:28:36 +02:00
Nex
3bb0d5020c
Fixed variable name
2021-07-27 21:27:43 +02:00
tek
9e33ece3e9
Fixes issue with Manifest format
2021-07-27 01:23:22 +02:00
Nex
3dcc24acd5
Added build 18G69
2021-07-25 12:19:45 +02:00
Nex
d8310797ef
Merge pull request #109 from U039b/fix-#108
...
Fix #108
2021-07-25 11:49:12 +02:00
Nex
7fffef77ce
Automatically recover malformed sqlite3 databases ( closes : #25 #37 )
2021-07-25 11:47:05 +02:00
U039b
b7d65e6123
Fix #108
2021-07-25 11:03:28 +02:00
Pavel Kirkovsky
99640ac08c
Merge branch 'mvt-project:main' into extract-key
2021-07-23 12:02:02 -07:00
Nex
ba84b3c18d
Fixed variable name ( closes : #72 )
2021-07-23 18:05:51 +02:00
Nex
8e099e5985
Checking for valid indicators before continuing ( closes : #35 )
2021-07-23 18:04:41 +02:00
Pavel Kirkovsky
9fbcce4340
Add extract-key
command
2021-07-22 23:52:52 -07:00
Pavel Kirkovsky
ece88744ed
KeyUtils class for working with decryption keys
2021-07-22 23:52:39 -07:00
tek
e69449a2f0
Fixes typos
2021-07-22 23:21:31 +02:00
Nex
3004690fd1
Merge pull request #21 from pkirkovsky/prompt-password
...
Prompt for password if none is given
2021-07-21 11:20:24 +02:00
Tyler Kellogg
967eb75e7c
[iOS CLI] Remove non-existent SYSDIAGNOSE_MODULES reference
2021-07-20 15:01:09 -07:00
Pavel Kirkovsky
695555f26f
Prompt for password if none is given
2021-07-20 05:44:36 -07:00
febrezo
732db070f2
Add implicit creation of output folders
2021-07-20 03:09:53 +02:00
Nex
065a62cee1
First commit
2021-07-16 08:05:01 +02:00