Nex
59b069f006
Added lookups for non-system packages on check-adb too
2022-01-28 12:25:50 +01:00
Nex
28e1348aa7
Added check-iocs command to mvt-android
2022-01-27 18:23:19 +01:00
Nex
034338d1f4
Added iOS 15.3
2022-01-27 17:04:48 +01:00
Nex
09d5eabf2f
Changing check logic for Android settings
2022-01-27 15:24:17 +01:00
Nex
a425d6c511
Added missing comma and ordered imports
2022-01-27 14:56:02 +01:00
Nex
f8897a4f8c
Added more dangerous settings
2022-01-27 14:54:31 +01:00
Nex
86eae68bdb
Added Android settings module
2022-01-27 13:33:06 +01:00
Nex
d2bf348b03
Merge branch 'main' of github.com:mvt-project/mvt
2022-01-27 12:51:14 +01:00
Nex
25c6c03075
Added Getprop module and cleaned Files and Packages Android modules
2022-01-27 12:50:37 +01:00
tek
cf88740f6a
Fixes bugs in SafariBrowserState module and add tests
2022-01-26 14:50:34 +01:00
tek
eb4810b0ad
Fixes bug in parsing of configuration profiles
2022-01-25 20:32:27 +01:00
Nex
cce9159eda
Adding indicator to matched results
2022-01-23 15:01:49 +01:00
Nex
e1211991aa
Bumped version
2022-01-23 14:17:43 +01:00
Nex
8ae9ca328c
Added log line at the end to highlight number of detections
2022-01-21 16:50:32 +01:00
Nex
0e2eb51732
Fixed checking of indicators in filesystem module
2022-01-21 16:30:34 +01:00
Nex
b35cd4bc73
Added support for context-aware indicators.
...
This way when a detection is logged, the user can know which STIX2
file was matched by the module
2022-01-21 16:26:58 +01:00
Nex
1b4f99a31d
Trying to catch missing argument error (ref: #211 )
2022-01-21 12:20:22 +01:00
tek
e4e1716729
Bumped version
2022-01-20 15:28:42 +01:00
tek
083bc12351
Merge branch 'feature/check-file-path'
2022-01-20 15:19:37 +01:00
tek
95205d8e17
Adds indicators check to iOS TCC module
2022-01-18 17:12:20 +01:00
Nex
a6fd5fe1f3
Bumped version
2022-01-18 16:06:14 +01:00
Nex
3e0ef20fcd
.
2022-01-18 16:05:01 +01:00
Donncha Ó Cearbhaill
6fcd40f6b6
Fix use of global list instance as self.results variable
2022-01-18 15:53:05 +01:00
tek
38bb583a9e
Improves management of file path indicators
2022-01-18 15:50:31 +01:00
Donncha Ó Cearbhaill
48ec2d8fa8
Merge branch 'main' into tests
2022-01-18 15:30:40 +01:00
tek
798805c583
Improves Shortcut output
2022-01-18 13:06:35 +01:00
Nex
24be9e9570
Use default list of indicators files now that some default ones are automatically loaded
2022-01-14 16:26:14 +01:00
Nex
adbd95c559
Dots
2022-01-14 02:01:59 +01:00
Nex
8a707c288a
Bumped version
2022-01-14 01:53:10 +01:00
Nex
4c906ad52e
Renamed download iocs function
2022-01-14 01:52:57 +01:00
Nex
a2f8030cce
Added new iOS versions
2022-01-14 01:41:48 +01:00
Nex
737007afdb
Bumped version
2022-01-12 16:18:13 +01:00
Nex
33efeda90a
Added TODO note
2022-01-12 16:10:15 +01:00
Nex
146f2ae57d
Renaming check function for consistency
2022-01-12 16:02:13 +01:00
Nex
11bc916854
Sorted imports
2022-01-11 16:02:44 +01:00
Nex
3084876f31
Removing unused imports, fixing conditions, new lines
2022-01-11 16:02:01 +01:00
Nex
f63cb585b2
Shortened command to download-iocs
2022-01-11 15:59:01 +01:00
Nex
637aebcd89
Small cleanup
2022-01-11 15:53:10 +01:00
Nex
16a0de3af4
Added new module to highlight installed accessibility services
2022-01-11 15:16:26 +01:00
tek
15fbedccc9
Fixes a minor bug in WebkitResourceLoadStatistics
2022-01-10 18:09:31 +01:00
tek
e0514b20dd
Catches exception in Shortcuts module if the table does not exist
2022-01-10 16:58:12 +01:00
Donncha Ó Cearbhaill
54963b0b59
Update test PR to work with latest code, fix flake8
2022-01-07 17:03:53 +01:00
tek
28d57e7178
Add command to download latest public indicators
...
Squashed commit of the following:
commit c0d9e8d5d188c13e7e5ec0612e99bfb7e25f47d4
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date: Fri Jan 7 16:05:12 2022 +0100
Update name of indicators JSON file
commit f719e49c5f942cef64931ecf422b6a6e7b8c9f17
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date: Fri Jan 7 15:38:03 2022 +0100
Do not set indicators option on module if no indicators were loaded
commit a289eb8de936f7d74c6c787cbb8daf5c5bec015c
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date: Fri Jan 7 14:43:00 2022 +0100
Simplify code for loading IoCs
commit 0804563415ee80d76c13d3b38ffe639fa14caa14
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date: Fri Jan 7 13:43:47 2022 +0100
Add metadata to IoC entries
commit 97d0e893c1a0736c4931363ff40f09a030b90cf6
Author: tek <tek@randhome.io>
Date: Fri Dec 17 16:43:09 2021 +0100
Implements automated loading of indicators
commit c381e14df92ae4d7d846a1c97bcf6639cc526082
Author: tek <tek@randhome.io>
Date: Fri Dec 17 12:41:15 2021 +0100
Improves download-indicators
commit b938e02ddfd0b916fd883f510b467491a4a84e5f
Author: tek <tek@randhome.io>
Date: Fri Dec 17 01:44:26 2021 +0100
Adds download-indicators for mvt-ios and mvt-android
2022-01-07 16:38:04 +01:00
Nicolai Søborg
c282d4341d
Bump adb read timeout
...
Some adb commands (like `dumpsys`) are very slow and the default timeout is "only" 10s.
A timeout of 200 seconds is chosen completely at random - works on my phone 🤷
Fixes https://github.com/mvt-project/mvt/issues/113
Fixes https://github.com/mvt-project/mvt/issues/228
2021-12-28 13:56:04 +01:00
tek
681bae2f66
Bump version to v1.4.1
2021-12-27 16:19:25 +01:00
tek
82b57f1997
Fixes IOC issue in android CLI
2021-12-22 00:19:16 +01:00
Donncha Ó Cearbhaill
8f88f872df
Bump to 1.4.0 to skip previously used PyPi versions
2021-12-17 12:52:06 +01:00
Donncha Ó Cearbhaill
2d16218489
Bump version to v1.3.2
2021-12-17 12:24:41 +01:00
Donncha Ó Cearbhaill
3215e797ec
Bug fixes for config profile and shortcut module
2021-12-16 22:58:36 +01:00
Donncha Ó Cearbhaill
e80c02451c
Bump version to 1.3.1. Skipping 1.3 as a tag already exists
2021-12-16 19:27:58 +01:00
Donncha Ó Cearbhaill
5df50f864c
Merge branch 'main' into main
2021-12-16 19:21:18 +01:00
Donncha Ó Cearbhaill
45b31bb718
Add support for indentifying known malicious file paths over ADB
2021-12-16 19:16:24 +01:00
Donncha Ó Cearbhaill
e10f1767e6
Update WhatsApp module to search for links in attachments
2021-12-16 18:46:31 +01:00
tek
d64277c0bf
Adds missing iOS version
2021-12-16 18:39:22 +01:00
Donncha Ó Cearbhaill
3f3261511a
Add module to search for known malicious or suspicious configuration profiles
2021-12-16 17:57:26 +01:00
Donncha Ó Cearbhaill
4cfe75e2d4
Add module to parse iOS Shortcuts and search for malicious actions
2021-12-16 17:47:08 +01:00
tek
cdd90332f7
Adds timeline support to TCC iOS module
2021-12-16 13:57:44 +01:00
tek
d9b29b3739
Fixes indicator issue in the android cli
2021-12-16 12:51:57 +01:00
tek
79bb7d1d4b
Fixes indiator parsing bug
2021-12-13 18:37:05 +01:00
tek
a653cb3cfc
Implements loading STIX files from env variable MVT_STIX2
2021-12-10 16:11:59 +01:00
tek
b25cc48be0
Fixes issue in Safari Browser State for older iOS versions
2021-12-06 15:04:52 +01:00
tek
40bd9ddc1d
Fixes issue with different TCC database versions
2021-12-03 20:31:12 +01:00
Tek
deb95297da
Merge pull request #219 from workingreact/main
...
Fix ConfigurationProfiles
2021-12-03 19:56:43 +01:00
tek
02014b414b
Add warning for apple notification
2021-12-03 19:42:35 +01:00
tek
7dd5fe7831
Catch and recover malformed SMS database
2021-12-03 17:46:41 +01:00
workingreact
11d1a3dcee
fix typo
2021-12-02 18:31:07 +01:00
workingreact
74f9db2bf2
fix ConfigurationProfiles
2021-12-02 16:55:14 +01:00
tek
356bddc3af
Adds new iOS versions
2021-11-28 17:43:50 +01:00
Nex
512f40dcb4
Standardized code with flake8
2021-11-19 15:27:51 +01:00
Nex
b3a464ba58
Removed unused imports
2021-11-19 14:54:53 +01:00
Nex
529df85f0f
Sorted imports
2021-11-04 12:58:35 +01:00
panelmix
34c997f923
Replace NetworkingAnalytics with Analytics
2021-11-02 13:29:12 +01:00
Nex
02bf903411
Bumped version
2021-10-30 13:40:25 +02:00
Nex
7019375767
Merge pull request #210 from hurtcrushing/main
...
Search for entries in ZPROCESS but not in ZLIVEUSAGE
2021-10-27 14:22:40 +02:00
Nex
34dd27c5d2
Added iPhone 13
2021-10-26 18:33:07 +02:00
Nex
a4d6a08a8b
Added iOS 15.1
2021-10-26 18:09:31 +02:00
hurtcrushing
635d3a392d
change warning to info
2021-10-25 14:54:03 +02:00
hurtcrushing
2d78bddbba
Search for entries in ZPROCESS but not in ZLIVEUSAGE
2021-10-25 14:34:18 +02:00
Nex
6d8de5b461
Bumped version
2021-10-23 13:51:44 +02:00
tek
e0c9a44b10
Merge branch 'main' of github.com:mvt-project/mvt
2021-10-21 21:17:31 +02:00
tek
ef8c1ae895
Adds recent iOS versions
2021-10-21 21:17:09 +02:00
Nex
3165801e2b
Bumped version
2021-10-18 13:40:30 +02:00
Nex
f8e380baa1
Minor style fixes
2021-10-18 12:51:20 +02:00
Nex
35559b09a8
Merge pull request #206 from colossalzippy/main
...
improve Filesystem module
2021-10-18 12:48:58 +02:00
colossalzippy
f601db2174
improve Filesystem
2021-10-15 14:58:50 +02:00
witchbuild
3ce9641c23
add NetworkingAnalytics
2021-10-15 11:53:06 +02:00
Nex
9be393e3f6
Bumped version
2021-10-14 19:59:09 +02:00
Nex
169f5fbc26
Pyment to reST
2021-10-12 18:06:58 +02:00
vin01
40b0da9885
Specify public key for PythonRSASigner
2021-10-08 21:36:49 +02:00
tek
94a8d9dd91
Fixes bug in adb handling
2021-09-29 18:16:33 +02:00
tek
963d3db51a
Fixes a bug in android packages module
2021-09-29 17:59:50 +02:00
Nex
660e208473
Bumped version
2021-09-28 15:40:26 +02:00
Nex
01e68ccc6a
Fixed dict decl
2021-09-28 12:45:15 +02:00
Nex
fba0fa1f2c
Removed newline
2021-09-28 12:44:15 +02:00
Nex
8fcc79ebfa
Adapted for better support
2021-09-28 12:42:57 +02:00
Nex
423462395a
Merge branch 'main' of https://github.com/pungentsneak/mvt into pungentsneak-main
2021-09-28 12:33:14 +02:00
Nex
1f08572a6a
Bumped version
2021-09-22 17:32:22 +02:00
Nex
94e3c0ce7b
Added iOS 15.0
2021-09-22 17:27:29 +02:00
pungentsneak
904daad935
add ShutdownLog
2021-09-22 13:24:17 +02:00
Nex
60a17381a2
Standardized code
2021-09-21 22:27:35 +02:00
tek
ef2bb93dc4
Adds indicator check for android package name and file hash
2021-09-21 19:43:02 +02:00
Nex
f68b7e7089
Pull file hashes fom Packages module directly
2021-09-20 19:15:39 +02:00
Nex
a22241ec32
Added version commands
2021-09-17 14:19:03 +02:00
Nex
8ad1bc7a2b
Bumped version
2021-09-16 10:45:26 +02:00
Nex
75b5b296a5
Added check for indicators ( closes : #189 )
2021-09-16 10:44:39 +02:00
Nex
f1d039346d
Bumped version
2021-09-14 14:33:17 +02:00
Nex
ccdfd92d4a
Merge branch 'dozenfossil-main'
2021-09-14 14:29:21 +02:00
Nex
032b229eb8
Minor changes for consistency
2021-09-14 14:29:04 +02:00
Nex
93936976c7
Merge branch 'main' of https://github.com/dozenfossil/mvt into dozenfossil-main
2021-09-14 14:26:37 +02:00
Nex
f3a4e9d108
Merge pull request #186 from beneficentboast/main
...
fix error for manipulated entries in DataUsage/NetUsage
2021-09-14 14:26:00 +02:00
Nex
93a9735b5e
Reordering
2021-09-14 14:21:54 +02:00
Nex
7b0e2d4564
Added version
2021-09-14 14:20:54 +02:00
beneficentboast
725a99bcd5
fix error for manipulated entries in DataUsage
2021-09-13 20:13:43 +02:00
dozenfossil
35a6f6ec9a
fix multi path/file issue
2021-09-13 20:02:48 +02:00
Nex
3f9809f36c
Formatting docstrings
2021-09-11 02:39:33 +02:00
Nex
6da6595108
More docstrings
2021-09-10 20:09:37 +02:00
Nex
35dfeaccee
Re-ordered list of shortener domains
2021-09-10 15:21:02 +02:00
Nex
e5f2aa3c3d
Standardizing reST docstrings
2021-09-10 15:18:13 +02:00
Nex
3236c1b390
Added new TCC module
2021-09-09 12:00:48 +02:00
Nex
80a670273d
Added additional locationd path
2021-09-07 15:18:00 +02:00
Nex
969b5cc506
Fixed bug in locationd module
2021-09-07 15:06:19 +02:00
Nex
ef8622d4c3
Changed event name
2021-09-03 14:49:04 +02:00
Nex
e39e9e6f92
Cleaned up and simplified module
2021-09-03 14:48:24 +02:00
Nex
7b32ed3179
Compacted record data
2021-09-03 14:41:55 +02:00
Nex
3e679312d1
Renamed module
2021-09-03 13:35:27 +02:00
guitarsinger
be4f1afed6
add OSAnalyticsADDAILY
2021-09-03 11:59:44 +02:00
Nex
0dea25d86e
Reverted version number to minor
2021-09-02 15:33:36 +02:00
Nex
505d3c7e60
Bumped version
2021-09-02 15:31:25 +02:00
Nex
8f04c09b75
Removed duplicate
2021-09-02 15:28:17 +02:00
Nex
595b7e2066
Fixed typo
2021-09-02 15:27:00 +02:00
Nex
d3941bb5d3
Merge pull request #177 from harsaphes/main
...
Checking idstatuscache.plist in a dump for iOS>14.7
2021-09-01 22:00:51 +02:00
Nex
194c8a0ac1
Using new function to retrieve local db path
2021-09-01 21:59:12 +02:00
tek
cacf027051
Fixes a bug in retrieving the backup file path in webkit session resource logs
2021-09-01 15:49:23 -04:00
tek
da97f5ca30
Add db recovery to Safari history module
2021-09-01 15:40:45 -04:00
Nex
a774577940
Handling some exceptions more gracefully
2021-09-01 13:41:21 +02:00
Nex
7252cc82a7
Added module to dump full output of dumpsys
2021-08-30 22:20:05 +02:00
Nex
b34d80fd11
Logging module completed
2021-08-30 22:19:28 +02:00
Nex
0347dfa3c9
Added module Files to pull list of visible file pathso
2021-08-30 22:11:07 +02:00
Nex
28647b8493
Fixed is_dir() to isdir()
2021-08-30 22:08:29 +02:00
harsaphes
c2ec26fd75
Checking idstatuscache.plist in a dump for iOS>14.7
2021-08-30 21:01:59 +02:00
Nex
856a6fb895
Cleaning up some classes
2021-08-28 12:33:27 +02:00
Jeff Irion
34c64af815
Fix _adb_check_keys
method
2021-08-27 23:26:50 -07:00
Nex
ea4da71277
Creating android home folder if missing
2021-08-27 19:12:09 +02:00
Nex
94fe3c90e0
Added logcat modules
2021-08-26 15:23:54 +02:00
Nex
f78332aa71
Split receivers into a new package
2021-08-26 14:51:56 +02:00
Nex
0c4eb0bb34
Added discovery of Android packages with potentially abusive receivers
2021-08-26 14:08:39 +02:00
Nex
e70054d0c2
Bumped version
2021-08-26 12:48:09 +02:00
Nex
c859b43220
Adding logo to iOS cli
2021-08-26 12:40:45 +02:00
Nex
75ee2db02e
Upgrading version
2021-08-26 12:36:37 +02:00
Nex
b27047ed27
Updated lookup modules to new format ( closes : #175 )
2021-08-25 21:58:03 +02:00
Nex
79f313827f
Changed mvt-android download-apks to only fetch non-system packages
2021-08-25 13:35:21 +02:00
Nex
0005ad2abd
Removed unused imports
2021-08-21 15:50:12 +02:00
Nex
a16b0c12d2
Added shared help messages
2021-08-21 15:48:52 +02:00
Nex
e0a6608b9d
Logging which files error the manifest module
2021-08-20 17:15:35 +02:00
Nex
80a91bb2ad
Checking if the backup is actually encrypted before proceeding ( closes : #48 )
2021-08-20 15:18:08 +02:00
Nex
2d277d2d14
Catching in case uid field is not present
2021-08-18 23:11:18 +02:00
Nex
817aaab258
Indicate in help message that option can be invoked multiple times
2021-08-18 13:24:10 +02:00
Nex
4d8d91846c
Added missing import of IndicatorsFileBadFormat
2021-08-18 13:21:54 +02:00
Nex
e31e08e710
Added multiple indicators to Android cli
2021-08-18 13:19:34 +02:00
Nex
27847bf16c
Added counter for loaded indicators
2021-08-18 13:18:34 +02:00
Nex
f2b1311ff7
Sorted imports
2021-08-18 13:18:28 +02:00
Nex
48810af83d
Fixed creation of Indicators instance
2021-08-18 13:12:37 +02:00
Nex
6a63256b5c
Added ability to import multiple STIX2 indicators files
2021-08-18 13:08:32 +02:00
Nex
d77809060f
Added newline
2021-08-17 22:54:33 +02:00
Nex
99d539b040
Renamed packages.json to apks.json to avoid conflicts with other module
2021-08-17 13:26:26 +02:00
Nex
7edf147112
Better handling of package parsing and more logging ( closes : #102 )
2021-08-17 13:26:04 +02:00
Nex
39b81214c2
Catching exception when unable to connect to device over TCP
2021-08-17 13:10:36 +02:00
Nex
94fd6b5208
Catching errors more gracefully when downloading apks ( closes : #158 )
2021-08-17 13:06:31 +02:00
Nex
96e4a9a4a4
Overhaul of mvt-ios modules
2021-08-16 10:50:35 +02:00
Nex
24d7187303
Fixed variable name
2021-08-15 20:02:17 +02:00
Nex
6af6c52f60
Renamed function for consistency
2021-08-15 20:01:33 +02:00
Nex
fdaf2fc760
Fixed WebkitSessionResourceLog module, still needs testing
2021-08-15 20:00:29 +02:00
Nex
fda621672d
Renamed webkit helper function
2021-08-15 19:50:55 +02:00
Nex
ce6cc771b4
Replaced leftover dicts
2021-08-15 19:20:41 +02:00
Nex
e1e4476bee
Standardizing Manifest results structure
2021-08-15 19:07:45 +02:00
Nex
9582778adf
Getting rid of dict()
2021-08-15 19:05:15 +02:00
Nex
5e6e4fa8d0
Added modules to extract details on configuration profiles from backup
2021-08-15 18:53:02 +02:00
Nex
9e5a412fe2
Creating helper function to locate files in Manifest.db
2021-08-15 17:39:14 +02:00
Nex
763cb6e06c
DeviceInfo module is now BackupInfo and only running on backups
2021-08-15 13:16:00 +02:00
Nex
cbdbf41e1e
Restructured modules folders
2021-08-15 13:14:18 +02:00
Nex
cf630f7c2b
Fixed unused imports
2021-08-14 18:56:33 +02:00
Nex
3d6e01179a
Fixed typo
2021-08-14 18:52:00 +02:00
Nex
8260bda308
Got rid of biplist, using standard plistlib
2021-08-14 18:50:11 +02:00
Nex
30e00e0707
Added module to extract information on device
2021-08-14 18:39:46 +02:00
Nex
88e2576334
Copying plist files too when decrypting a backup
2021-08-14 18:25:41 +02:00
Nex
076930c2c9
Added newline
2021-08-14 18:06:30 +02:00
Nex
8a91e64bb9
Catching gracefully if indicators file parse fails
2021-08-12 20:17:37 +02:00
Nex
54eaf046b0
Standardizing base classes declarations
2021-08-12 18:36:31 +02:00
Nex
23e4babbc9
Sorted imports
2021-08-12 18:34:33 +02:00
Nex
78b9fcd50c
Added super init to NetBase
2021-08-12 18:34:23 +02:00
Nex
4eb7a64614
Removed serial in declaration
2021-08-12 18:33:58 +02:00
Nex
e512e0b72f
Fixed download_apks init
2021-08-12 18:25:57 +02:00
Nex
8ca7030195
Refactored serial specification for ADB
2021-08-12 18:21:21 +02:00
Nex
f78c671885
Merge branch 'main' of https://github.com/j0k2r/mvt into j0k2r-main
2021-08-12 18:07:50 +02:00
Nex
411ac53522
Letting module handler catch any exception
2021-08-12 17:57:40 +02:00
Nex
8be60e8a04
Checking all processes
2021-08-12 17:53:19 +02:00
Nex
8a484b3b24
Added a more clear message regarding rooted Androids
2021-08-12 17:47:20 +02:00
Nex
0a7512cfb2
Checking for manipulated entries even when no indicators are provided
2021-08-12 12:57:27 +02:00
Nex
8d93ab66c9
Improved logging around detection results
2021-08-12 12:56:12 +02:00
Nex
6e19d34700
Merge branch 'main' of https://github.com/DL6ER/mvt into DL6ER-main
2021-08-12 12:49:36 +02:00
Nex
88324c7c42
Standardized to logging format
2021-08-12 12:48:29 +02:00
Daniel Kahn Gillmor
ec93c3d8b8
Even friendlier behaviors when the user mis-specifies the backup path
...
As discussed in #147
2021-08-10 23:19:45 -04:00
Daniel Kahn Gillmor
1288f8ca53
handle error cases better
2021-08-10 22:57:15 -04:00
DL6ER
290776a286
Log if there was no detection made by the module
...
Signed-off-by: DL6ER <dl6er@dl6er.de>
2021-08-10 12:13:23 +02:00
Hamza Z
15c0d71933
Fix merge conflicts
2021-08-08 20:05:50 +02:00
Nex
e5f7727c80
Fixed typo ( closes : #157 )
2021-08-06 18:40:09 +02:00
Nex
9f696dcb72
Added version 14.7.1
2021-08-05 09:03:02 +02:00
Nex
2302c9fb1c
Fixed language
2021-08-05 08:56:41 +02:00
Nex
9bb8ae5187
Merge branch 'clearer-error-reporting' of https://github.com/dkg/mvt into dkg-clearer-error-reporting
2021-08-05 08:54:29 +02:00
Nex
76e6138d77
Catching check if root exception more grafully ( closes : #5 )
2021-08-05 08:49:34 +02:00
Daniel Kahn Gillmor
33e90c1707
mvt-ios sqlite3 db recovery: fix quoting sent to sqlite3 .clone
...
In b2afce5c79
, the db filename is
wrapped in double-quotes when passing it to the sqlite3 tool's
`.clone` helper command.
For parsing safety, we avoid performing this cleanup if the filename
itself has a double-quote character in it. Otherwise, a malformed
filename could lead to arbitrary injection into the sqlite3 command.
In be24680046
, the sqlite3 wrapping
changes to single-quotes. Either the safety check should be amended
to block pathnames with single-quotes, or the sqlite3 wrapping should
revert to double-quotes.
I opted for the latter here because i think single-quotes are more
likely than double-quotes to show up in pathnames (e.g. a folder named
"Daniel's files"), but either change would be fine, of course.
2021-08-02 11:26:00 -04:00
Daniel Kahn Gillmor
706c429595
mvt-ios decrypt-backup: Improve error messages for known cases
...
The two most common reasons that `mvt-ios decrypt-backup` can fail are
wrong passwords and not pointing to an actual backup.
We can distinguish these cases based on the kinds of errors thrown
from iOSbackup (at least for the current versions that i'm testing
with).
When we encounter those particular exceptions, just report a simple
summary and don't overwhelm the user with a backtrace. If we
encounter an unexpected exception, leave the reporting as-is.
Closes : #28 , #36
2021-08-02 11:07:31 -04:00
Nex
f011fd19e8
More explicit copyright and licensing notes
2021-08-01 21:11:08 +02:00
Nex
bc48dc2cf5
Fixed import order
2021-08-01 19:53:20 +02:00
Nex
f3c0948283
Fixing exception name in Manifest module
2021-08-01 19:50:25 +02:00
Nex
be24680046
Enforcing double quotes
2021-08-01 19:50:04 +02:00
Daniel Kahn Gillmor
b2afce5c79
Avoid breakage with paths with unusual names
...
If file_path has any whitespace or shell metacharacters in it, then
the invocation of subprocess.call would be likely to break (or even
accidentally execute code, depending on how perverse the pathnames
are).
It's generally a good plan to avoid shell=True for subprocess.call
where you can lay out the arguments deliberately in python. This one
looks relatively straightforward (but note, i have not tested it,
sorry!)
Note that if a name has a `"` character in it, we still fail, out of
safety reasons.
in particular, we want to avoid command injection into the sqlite
binary with particularly malicious names that look something like the
following:
```
foo.db"; .shell touch should-not-exist; .nullvalue "
```
2021-08-01 11:35:38 -04:00
Nex
b2e210e91c
Removed unused import
2021-08-01 14:16:28 +02:00
Nex
6f83bf5ae1
Removed duplicates
2021-08-01 14:05:21 +02:00
Nex
eaef75d931
Added iPhone models definitions
2021-08-01 13:59:30 +02:00
Nex
bc3634bf30
Specifying it is a password prompt
2021-07-31 10:27:44 +02:00
Nex
ad9ab1aeba
Switched to using rich Prompt
2021-07-31 10:13:18 +02:00
Daniel Kahn Gillmor
270e002f1b
mvt-ios extract-key: enable pulling password from the environment
...
This enables automated use of extract-key without requiring a password
to be placed in the command line, where it might leak.
2021-07-30 23:10:54 -04:00
Daniel Kahn Gillmor
53adc05338
mvt-ios decrypt-backup: Enable pulling password from the environment.
...
Specifying the password on the command line with `--password XXX`
leaves the password itself visible to any process on the machine which
can scan the process table.
On some systems (including common GNU/Linux distributions) this
visibility is possible by default.
This change should make it possible to offer the password without
putting it into the process table; rather, the user puts the password
in the environment, and specifies the name of the environment
variable, like so:
```
$ export MVT_IOS_BACKUP_PASSWORD=WronglySconeRoundnessUnruffled
$ mvt-ios decrypt-backup -d /path/to/dest /path/to/data/XXXXXXXX-YYYYYYYYYYYYYYY/
$ unset MVT_IOS_BACKUP_PASSWORD
```
or you can do so using a prefixed env var, as described in the updated
check.md documentation.
2021-07-30 23:10:54 -04:00
Nex
b264ae946d
Refactored to include functionality in existing DecryptBackup class
2021-07-30 18:46:45 +02:00
Nex
bfcfb3aa06
Merge branch 'extract-key' of https://github.com/pkirkovsky/mvt into pkirkovsky-extract-key
2021-07-30 18:29:47 +02:00
Nex
632409c81d
Using consistent constant names
2021-07-30 18:08:52 +02:00
Nex
6df6064370
Merge branch 'fix_SMS_PATH' of https://github.com/EmilienCourt/mvt into EmilienCourt-fix_SMS_PATH
2021-07-30 18:04:16 +02:00
Nex
c966eea7e6
Sorted imports
2021-07-30 11:40:09 +02:00
Nex
18ed58cbf9
Removed unused dependency
2021-07-30 11:19:15 +02:00
Nex
490fb12302
Refactored creation of output folders
2021-07-30 11:08:32 +02:00
Nex
e2d82b0349
Merge branch 'master' of https://github.com/febrezo/mvt into febrezo-master
2021-07-30 10:48:34 +02:00
Nex
1bf7f54c72
Merge pull request #131 from macmade/main
...
Chrome History - Cheking extracted URLs against indicators.
2021-07-29 13:48:34 +02:00
Nex
60a2dbb860
Added module to parse WebKit ResourceLoadStatistics observations.db (ref: #133 )
2021-07-29 13:46:58 +02:00
macmade
5e03c28dbd
Chrome History - Cheking extracted URLs against indicators.
2021-07-29 02:33:32 +02:00
Nex
4fb6e204d1
Ordered iOS versions
2021-07-28 08:33:33 +02:00
Pavel Kirkovsky
f4340bd4f9
Merge branch 'mvt-project:main' into extract-key
2021-07-27 17:15:37 -07:00
Nex
b1ae777621
Fixed variable name
2021-07-27 21:29:14 +02:00
Nex
404edfee9a
Merge branch 'main' of github.com:mvt-project/mvt
2021-07-27 21:28:36 +02:00
Nex
3bb0d5020c
Fixed variable name
2021-07-27 21:27:43 +02:00
tek
9e33ece3e9
Fixes issue with Manifest format
2021-07-27 01:23:22 +02:00
Nex
13ce55f4ac
Added some context to error message
2021-07-25 15:51:24 +02:00
emilien
47df94fa12
fix typo
2021-07-25 15:13:23 +02:00
emilien
e5003b6490
Handle SMS bases in mmssms.db instead of bugle_db
2021-07-25 15:06:22 +02:00
emilien
3d9574682c
Fix WhatsApp thumb image
2021-07-25 14:13:10 +02:00
Nex
3dcc24acd5
Added build 18G69
2021-07-25 12:19:45 +02:00
Nex
d8310797ef
Merge pull request #109 from U039b/fix-#108
...
Fix #108
2021-07-25 11:49:12 +02:00
Nex
7fffef77ce
Automatically recover malformed sqlite3 databases ( closes : #25 #37 )
2021-07-25 11:47:05 +02:00
U039b
b7d65e6123
Fix #108
2021-07-25 11:03:28 +02:00
Nex
9d9b77e02e
Changing error message to info, to avoid confusion
2021-07-25 10:46:10 +02:00