mirror of
https://github.com/mvt-project/mvt.git
synced 2024-06-28 23:28:55 +00:00
Compare commits
3 Commits
68337cdd42
...
b2e25e56c5
| Author | SHA1 | Date | |
|---|---|---|---|
|
b2e25e56c5 | ||
|
013282dbba | ||
|
|
4b89887f4b |
|
|
@ -13,7 +13,6 @@ ENV DEBIAN_FRONTEND=noninteractive
|
|||
# ----------------------------
|
||||
RUN apt update \
|
||||
&& apt install -y python3 python3-pip libusb-1.0-0-dev wget unzip default-jre-headless adb \
|
||||
|
||||
# Install build tools for libimobiledevice
|
||||
# ----------------------------------------
|
||||
build-essential \
|
||||
|
|
@ -27,7 +26,6 @@ RUN apt update \
|
|||
libssl-dev \
|
||||
sqlite3 \
|
||||
pkg-config \
|
||||
|
||||
# Clean up
|
||||
# --------
|
||||
&& apt-get clean \
|
||||
|
|
@ -41,17 +39,11 @@ RUN git clone https://github.com/libimobiledevice/libplist \
|
|||
&& git clone https://github.com/libimobiledevice/libusbmuxd \
|
||||
&& git clone https://github.com/libimobiledevice/libimobiledevice \
|
||||
&& git clone https://github.com/libimobiledevice/usbmuxd \
|
||||
|
||||
&& cd libplist && ./autogen.sh && make && make install && ldconfig \
|
||||
|
||||
&& cd ../libimobiledevice-glue && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --prefix=/usr && make && make install && ldconfig \
|
||||
|
||||
&& cd ../libusbmuxd && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh && make && make install && ldconfig \
|
||||
|
||||
&& cd ../libimobiledevice && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --enable-debug && make && make install && ldconfig \
|
||||
|
||||
&& cd ../usbmuxd && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --runstatedir=/run && make && make install \
|
||||
|
||||
# Clean up.
|
||||
&& cd .. && rm -rf libplist libimobiledevice-glue libusbmuxd libimobiledevice usbmuxd
|
||||
|
||||
|
|
|
|||
|
|
@ -44,20 +44,25 @@ class SMS(IOSExtraction):
|
|||
def serialize(self, record: dict) -> Union[dict, list]:
|
||||
text = record["text"].replace("\n", "\\n")
|
||||
sms_data = f"{record['service']}: {record['guid']} \"{text}\" from {record['phone_number']} ({record['account']})"
|
||||
return [
|
||||
sms_data = [
|
||||
{
|
||||
"timestamp": record["isodate"],
|
||||
"module": self.__class__.__name__,
|
||||
"event": "sms_received",
|
||||
"data": sms_data,
|
||||
},
|
||||
{
|
||||
"timestamp": record["isodate_read"],
|
||||
"module": self.__class__.__name__,
|
||||
"event": "sms_read",
|
||||
"data": sms_data,
|
||||
},
|
||||
]
|
||||
# If the message was read, we add an extra event.
|
||||
if record["isodate_read"]:
|
||||
sms_data.append(
|
||||
{
|
||||
"timestamp": record["isodate_read"],
|
||||
"module": self.__class__.__name__,
|
||||
"event": "sms_read",
|
||||
"data": sms_data,
|
||||
}
|
||||
)
|
||||
return sms_data
|
||||
|
||||
def check_indicators(self) -> None:
|
||||
for message in self.results:
|
||||
|
|
|
|||
|
|
@ -55,6 +55,10 @@ class SMSAttachments(IOSExtraction):
|
|||
|
||||
def check_indicators(self) -> None:
|
||||
for attachment in self.results:
|
||||
# Check for known malicious filenames.
|
||||
if self.indicators.check_file_path(attachment["filename"]):
|
||||
self.detected.append(attachment)
|
||||
|
||||
if (
|
||||
attachment["filename"].startswith("/var/tmp/")
|
||||
and attachment["filename"].endswith("-1")
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ class TestSMSModule:
|
|||
m = SMS(target_path=get_ios_backup_folder())
|
||||
run_module(m)
|
||||
assert len(m.results) == 1
|
||||
assert len(m.timeline) == 2 # SMS received and read events.
|
||||
assert len(m.timeline) == 1
|
||||
assert len(m.detected) == 0
|
||||
|
||||
def test_detection(self, indicator_file):
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user