7b1b31f7be
In this stage, the user is likely to want to run `idevicebackup2` in interactive mode, so clearly specify the `-i` flag in the right place (just dropping `-i` at the end of the command does not work as expected -- i think `idevicebackup2 backup encryption on -i` tries to set the password to `-i`). More importantly, note that resetting the password by resetting all the settings runs a risk of removing some of the forensic information. Etienne identified a file that he thought was wiped as a result of this in the call this morning, but I don't remember which file it was. Maybe `id_status_cache.json` ? If you have more concrete info, please add it here too! |
||
|---|---|---|
| .github/workflows | ||
| dev | ||
| docs | ||
| mvt | ||
| .gitignore | ||
| .readthedocs.yaml | ||
| Dockerfile | ||
| LICENSE | ||
| Makefile | ||
| mkdocs.yml | ||
| README.md | ||
| setup.py | ||
Mobile Verification Toolkit
Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.
It has been developed and released by the Amnesty International Security Lab in July 2021 in the context of the Pegasus project along with a technical forensic methodology and forensic evidence.
Warning: MVT is a forensic research tool intended for technologists and investigators. Using it requires understanding the basics of forensic analysis and using command-line tools. This is not intended for end-user self-assessment. If you are concerned with the security of your device please seek expert assistance.
Installation
MVT can be installed from sources or conveniently using:
pip3 install mvt
You will need some dependencies, so please check the documentation.
Alternatively, you can decide to run MVT and all relevant tools through a Docker container.
Usage
MVT provides two commands mvt-ios and mvt-android with the following subcommands available:
mvt-ios:check-backup: Extract artifacts from an iTunes backupcheck-fs: Extract artifacts from a full filesystem dumpcheck-iocs: Compare stored JSON results to provided indicatorsdecrypt-backup: Decrypt an encrypted iTunes backupextract-key: Extract decryption key from an iTunes backup
mvt-android:check-backup: Check an Android Backupdownload-apks: Download all or non-safelisted installed APKs
Check out the documentation to see how to use them.
License
The purpose of MVT is to facilitate the consensual forensic analysis of devices of those who might be targets of sophisticated mobile spyware attacks, especially members of civil society and marginalized communities. We do not want MVT to enable privacy violations of non-consenting individuals. Therefore, the goal of this license is to prohibit the use of MVT (and any other software licensed the same) for the purpose of adversarial forensics.
In order to achieve this, MVT is released under an adaptation of Mozilla Public License v2.0. This modified license includes a new clause 3.0, "Consensual Use Restriction" which permits the use of the licensed software (and any "Larger Work" derived from it) exclusively with the explicit consent of the person/s whose data is being extracted and/or analysed ("Data Owner").