crt0mega
/
mvt
mirror of https://github.com/mvt-project/mvt.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
134 Commits 22 Branches 67 Tags 6 MiB
Commit Graph

134 Commits

Author SHA1 Message Date
Nex f011fd19e8 More explicit copyright and licensing notes 2021-08-01 21:11:08 +02:00
Nex bc48dc2cf5 Fixed import order 2021-08-01 19:53:20 +02:00
Nex f3c0948283 Fixing exception name in Manifest module 2021-08-01 19:50:25 +02:00
Nex be24680046 Enforcing double quotes 2021-08-01 19:50:04 +02:00
Nex a3d10c1824
Merge pull request #140 from dkg/avoid-shell-True 
Avoid breakage with paths with unusual names
 2021-08-01 19:45:11 +02:00
Daniel Kahn Gillmor b2afce5c79 Avoid breakage with paths with unusual names 
If file_path has any whitespace or shell metacharacters in it, then
the invocation of subprocess.call would be likely to break (or even
accidentally execute code, depending on how perverse the pathnames
are).

It's generally a good plan to avoid shell=True for subprocess.call
where you can lay out the arguments deliberately in python.  This one
looks relatively straightforward (but note, i have not tested it,
sorry!)

Note that if a name has a `"` character in it, we still fail, out of
safety reasons.

in particular, we want to avoid command injection into the sqlite
binary with particularly malicious names that look something like the
following:

```
foo.db"; .shell touch should-not-exist; .nullvalue "
```
 2021-08-01 11:35:38 -04:00
Nex b2e210e91c Removed unused import 2021-08-01 14:16:28 +02:00
Nex 6f83bf5ae1 Removed duplicates 2021-08-01 14:05:21 +02:00
Nex a979b82ec6 Bumped version 2021-08-01 13:59:59 +02:00
Nex eaef75d931 Added iPhone models definitions 2021-08-01 13:59:30 +02:00
Nex 1650aea248 pip3 for clarity 2021-07-31 19:48:19 +02:00
Nex bc3634bf30 Specifying it is a password prompt 2021-07-31 10:27:44 +02:00
Nex 87ffd9e003 Bumped version 2021-07-31 10:23:38 +02:00
Nex 19f355810a Merge branch 'dkg-update-libimobiledevice-docs' 2021-07-31 10:19:46 +02:00
Nex 38b7aa6032 Updated doc on backup 2021-07-31 10:19:38 +02:00
Nex feb285015a Merge branch 'update-libimobiledevice-docs' of https://github.com/dkg/mvt into dkg-update-libimobiledevice-docs 2021-07-31 10:16:58 +02:00
Nex 933ee65897 Merge branch 'dkg-mvt_decrypt-backup_password_from_env' 2021-07-31 10:13:43 +02:00
Nex ad9ab1aeba Switched to using rich Prompt 2021-07-31 10:13:18 +02:00
Nex 4debee72cd Merge branch 'mvt_decrypt-backup_password_from_env' of https://github.com/dkg/mvt into dkg-mvt_decrypt-backup_password_from_env 2021-07-31 10:07:14 +02:00
Nex d7031bd25f Merge branch 'dkg-ioc-docs' 2021-07-31 10:05:55 +02:00
Nex 5b5b065bc4 Updated doc page on IOCs 2021-07-31 10:05:41 +02:00
Daniel Kahn Gillmor 59206fc450 Describe how to use and find IOCs 
This offers generic documentation, to show how MVT can be used with
arbitrary STIX-formatted IOCs, while still pointing users at some
known-to-be-useful sample files.
 2021-07-31 00:46:36 -04:00
Daniel Kahn Gillmor 7b1b31f7be Update libimobiledevice docs about backup password reset 
In this stage, the user is likely to want to run `idevicebackup2` in
interactive mode, so clearly specify the `-i` flag in the right place
(just dropping `-i` at the end of the command does not work as
expected -- i think `idevicebackup2 backup encryption on -i` tries to
set the password to `-i`).

More importantly, note that resetting the password by resetting all
the settings runs a risk of removing some of the forensic information.
Etienne identified a file that he thought was wiped as a result of
this in the call this morning, but I don't remember which file it was.

Maybe `id_status_cache.json` ?  If you have more concrete info, please
add it here too!
 2021-07-30 23:49:06 -04:00
Daniel Kahn Gillmor 270e002f1b mvt-ios extract-key: enable pulling password from the environment 
This enables automated use of extract-key without requiring a password
to be placed in the command line, where it might leak.
 2021-07-30 23:10:54 -04:00
Daniel Kahn Gillmor 53adc05338 mvt-ios decrypt-backup: Enable pulling password from the environment. 
Specifying the password on the command line with `--password XXX`
leaves the password itself visible to any process on the machine which
can scan the process table.

On some systems (including common GNU/Linux distributions) this
visibility is possible by default.

This change should make it possible to offer the password without
putting it into the process table; rather, the user puts the password
in the environment, and specifies the name of the environment
variable, like so:

```
$ export MVT_IOS_BACKUP_PASSWORD=WronglySconeRoundnessUnruffled
$ mvt-ios decrypt-backup -d /path/to/dest /path/to/data/XXXXXXXX-YYYYYYYYYYYYYYY/
$ unset MVT_IOS_BACKUP_PASSWORD
```

or you can do so using a prefixed env var, as described in the updated
check.md documentation.
 2021-07-30 23:10:54 -04:00
Nex d7f29a4e88 Updated README 2021-07-30 21:26:48 +02:00
Nex 444e70a6eb Merge branch 'pkirkovsky-extract-key' 2021-07-30 18:47:05 +02:00
Nex b264ae946d Refactored to include functionality in existing DecryptBackup class 2021-07-30 18:46:45 +02:00
Nex bfcfb3aa06 Merge branch 'extract-key' of https://github.com/pkirkovsky/mvt into pkirkovsky-extract-key 2021-07-30 18:29:47 +02:00
Nex 3e7d85039a Merge branch 'EmilienCourt-fix_SMS_PATH' 2021-07-30 18:09:13 +02:00
Nex 632409c81d Using consistent constant names 2021-07-30 18:08:52 +02:00
Nex 6df6064370 Merge branch 'fix_SMS_PATH' of https://github.com/EmilienCourt/mvt into EmilienCourt-fix_SMS_PATH 2021-07-30 18:04:16 +02:00
Nex 99e80fd942 Updated documentation links 2021-07-30 17:59:17 +02:00
Nex 9451da4514 Removed duplicate title 2021-07-30 17:56:05 +02:00
Tek 5ac0025470
Merge pull request #137 from opsec-infosec/main 
Update Dockerfile missing sqlite3
 2021-07-30 14:34:07 +02:00
opsec-infosec 9a6c4d251e
Update Dockerfile 
Add sqlite3 to Dockerfile for extraction of SMS messages
 2021-07-30 16:13:06 +04:00
Nex eda1976518 Added missing space in workflow file 2021-07-30 11:43:52 +02:00
Nex c966eea7e6 Sorted imports 2021-07-30 11:40:09 +02:00
Nex abcbefe359 Added safety checks to workflow 2021-07-30 11:39:43 +02:00
Nex 22d090569c Disabled pytest until unit tests are available 2021-07-30 11:20:59 +02:00
Nex d490344142 Removed lint 2021-07-30 11:19:51 +02:00
Nex 7f361fb600
Create python-package.yml 2021-07-30 11:19:20 +02:00
Nex 18ed58cbf9 Removed unused dependency 2021-07-30 11:19:15 +02:00
Nex 3a6f57502e Merge branch 'febrezo-master' 2021-07-30 11:08:47 +02:00
Nex 490fb12302 Refactored creation of output folders 2021-07-30 11:08:32 +02:00
Nex e2d82b0349 Merge branch 'master' of https://github.com/febrezo/mvt into febrezo-master 2021-07-30 10:48:34 +02:00
Nex 1bf7f54c72
Merge pull request #131 from macmade/main 
Chrome History - Cheking extracted URLs against indicators.
 2021-07-29 13:48:34 +02:00
Nex 60a2dbb860 Added module to parse WebKit ResourceLoadStatistics observations.db (ref: #133) 2021-07-29 13:46:58 +02:00
macmade 5e03c28dbd
Chrome History - Cheking extracted URLs against indicators. 2021-07-29 02:33:32 +02:00
Nex 4fb6e204d1 Ordered iOS versions 2021-07-28 08:33:33 +02:00