mvt-project / mvt Goto Github PK
View Code? Open in Web Editor NEWMVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
Home Page: https://mvt.re
License: Other
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
Home Page: https://mvt.re
License: Other
hi, this is not an issue, is an advice for user running debian buster,
mvt was throwing me errors (on Debian Buster) that I couldn't debug, until I finally read that the adb
error was due to the version, so I downloaded the latest version to successfully run the software
actual adb version:
Android Debug Bridge version 1.0.41
Version 31.0.2-7242960
thanks for this tool
See https://github.com/mvt-project/mvt/blob/main/LICENSE#L385
This Source Code Form is subject to the terms of the MVT License,
v. 1.0. If a copy of the MVT License was not distributed with this
file, You can obtain one at TODO.
Hi, i just cloned the repo and installed MVT v 1.0.11.
Sadly, I get following error
Traceback (most recent call last):
File "/home/user/.local/bin/mvt-ios", line 5, in <module>
from mvt.ios import cli
File "/home/user/.local/lib/python3.8/site-packages/mvt/ios/__init__.py", line 6, in <module>
from .cli import cli
File "/home/user/.local/lib/python3.8/site-packages/mvt/ios/cli.py", line 53, in <module>
def decrypt_backup(destination, password, key_file, backup_path):
File "/usr/lib/python3/dist-packages/click/decorators.py", line 173, in decorator
_param_memo(f, OptionClass(param_decls, **option_attrs))
File "/home/user/.local/lib/python3.8/site-packages/mvt/common/options.py", line 23, in __init__
super(MutuallyExclusiveOption, self).__init__(*args, **kwargs)
File "/usr/lib/python3/dist-packages/click/core.py", line 1547, in __init__
Parameter.__init__(self, param_decls, type=type, **attrs)
TypeError: __init__() got an unexpected keyword argument 'prompt_required'
has anyone got an idea how to fix that or how to get it running?
Using mvt-android download-apks
, a user is able to download the APKs on an android phone. However, the documentation does not point users to any useful tools to subsequently analyze the APKs once they have been downloaded.
Any information would be helpful.
The given instructions only indicate how to use VirusTotal, Koodous or "All Checks" while downloading, without specifying how to run those after downloading, or what All Checks include.
Hi,
first and foremost great work.
I cloned the repo and did everything to install it properly. Debug mode is on and connected via usb. I executetd the following command:
The endresult is the following:
There is nothing that should block it. I even checked if i can access my phone.
Any clues here ?
Thanks in advance
Running the check-adb command fails because of missing su
binary on the device.
$ mvt-android check-adb
11:06:01 INFO [mvt.android.cli] Checking Android through adb bridge
INFO [mvt.android.modules.adb.chrome_history] Running module ChromeHistory...
11:06:02 ERROR [mvt.android.modules.adb.chrome_history] Error in running extraction from
module ChromeHistory: The Android device does not seem to have a `su`
binary. Cannot run this module.
Traceback (most recent call last):
File "/tmp/mvt/mvt/common/module.py", line 134, in run_module
module.run()
File "/tmp/mvt/mvt/android/modules/adb/chrome_history.py", line 69, in run
self._adb_process_file(os.path.join("/", CHROME_HISTORY_PATH),
File "/tmp/mvt/mvt/android/modules/adb/base.py", line 135, in
_adb_process_file
self._adb_root_or_die()
File "/tmp/mvt/mvt/android/modules/adb/base.py", line 105, in
_adb_root_or_die
raise Exception("The Android device does not seem to have a `su` binary.
Cannot run this module.")
Exception: The Android device does not seem to have a `su` binary. Cannot
run this module.
INFO [mvt.android.modules.adb.sms] Running module SMS...
11:06:03 ERROR [mvt.android.modules.adb.sms] The Android device does not seem to have a
`su` binary. Cannot run this module.
INFO [mvt.android.modules.adb.whatsapp] Running module Whatsapp...
11:06:04 ERROR [mvt.android.modules.adb.whatsapp] The Android device does not seem to have
a `su` binary. Cannot run this module.
INFO [mvt.android.modules.adb.processes] Running module Processes...
INFO [mvt.android.modules.adb.processes] Extracted records on a total of 1
processes
INFO [mvt.android.modules.adb.dumpsys_batterystats] Running module
DumpsysBatterystats...
11:06:05 INFO [mvt.android.modules.adb.dumpsys_procstats] Running module
DumpsysProcstats...
11:06:06 INFO [mvt.android.modules.adb.dumpsys_packages] Running module DumpsysPackages...
11:06:07 INFO [mvt.android.modules.adb.packages] Running module Packages...
11:06:21 INFO [mvt.android.modules.adb.packages] Extracted at total of 256 installed
package names
INFO [mvt.android.modules.adb.rootbinaries] Running module RootBinaries...
I am running the following command:
mvt-ios decrypt-backup -p {password-placeholder} -d ./mvt-backup ~/Library/Application\ Support/MobileSync/Backup/{device-id}
The command above fails and produces the log below
Traceback (most recent call last):
File "/usr/local/bin/mvt-ios", line 8, in <module>
sys.exit(cli())
File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1137, in __call__
return self.main(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1062, in main
rv = self.invoke(ctx)
File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1668, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/local/lib/python3.9/site-packages/click/core.py", line 763, in invoke
return __callback(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/mvt/ios/cli.py", line 56, in decrypt_backup
backup.decrypt_with_password(password)
File "/usr/local/lib/python3.9/site-packages/mvt/ios/decrypt.py", line 83, in decrypt_with_password
self._process_backup()
File "/usr/local/lib/python3.9/site-packages/mvt/ios/decrypt.py", line 36, in _process_backup
for item in self._backup.getBackupFilesList():
File "/usr/local/lib/python3.9/site-packages/iOSbackup/__init__.py", line 399, in getBackupFilesList
backupFiles = catalog.cursor().execute(f"SELECT * FROM Files ORDER BY domain,relativePath").fetchall()
sqlite3.DatabaseError: file is not a database
mvt-ios check-backup
on a new backup created with idevicebackup2 backup --full
and decrypted with mvt-ios decrypt-backup
returns the following error:
INFO [mvt.ios.cli] Checking iTunes backup located at: ./decrypted INFO [mvt.ios.modules.fs.safari_browserstate] Running module SafariBrowserState... INFO [mvt.ios.modules.fs.safari_browserstate] Found Safari browser state database at path: ./decrypted/3a/3a47b0981ed7c10f3e2800aa66bac96a3b5db28e ERROR [mvt.ios.modules.fs.safari_browserstate] Error in running extraction from module SafariBrowserState: unable to open database file Traceback (most recent call last): File "/usr/local/lib/python3.9/site-packages/mvt/common/module.py", line 134, in run_module module.run() File "/usr/local/lib/python3.9/site-packages/mvt/ios/modules/fs/safari_browserstate.py", line 65, in run cur.execute("""SELECT sqlite3.OperationalError: unable to open database file
Of course I tried proposed solution with .clone sqlite command
I am testing mvt on my laptop and I am getting the following error:
$ mvt-android download-apks --output ./download-apks --virustotal
18:07:38 CRITICAL [mvt.android.modules.adb.base] Device is busy, maybe run `adb kill-server` and try again.
I think adb is working ok, because afterwards I can run a complex command such as:
# see installed applications:
$ adb shell "pm list packages -u -3" | cut -f 2 -d ":" | sort > installed-applications-$(date +%Y%m%d).info
and it works ok.
I 've also tried
$ adb kill-server
$ adb devices
# make sure permissions are given so that adb can see the device
but I got the error again.
I am running this on Fedora Silverblue 34 with the latest platform-tools 31.0.2 provided from Google.
My phone is a Le eco le pro 3 (zl1) running Lineage OS 18.1 with Gapps and Magisk.
To reproduce run the command on an ios backup.
mvt-ios check-iocs --iocs iocs.stix2 ./bkp-folder
on line 175 of mvt/ios/cli.py I see BACKUP_MODULES + FS_MODULES + SYSDIAGNOSE_MODULES
where the first two are imported from modules.fs and SYSDIAGNOSE_MODULES is not defined anywhere.
Path for su
binary is hardcoded in _adb_check_if_root()
(in the file android/modules/adb/base.py) as /sbin/su
. It's not the only possible location of this binary. On my device running Android 11 rooted with Magisk the path is /system/bin/su
. According this StackOverflow answer you should check about 40 paths where su
binary can be placed by different root providers, or find some other way to check the device is rooted.
Ubuntu 20.02 LTS - installed mvt from source. Enabled backup encryption and set password, took full backup. When I try to decrypt, it fails. If I change the password, it succeeds, so I know it's the right password.
mvt-ios decrypt-backup -p password -d ~/Documents/iphone/00008101-0002*************/ ~/Documents/iphone/output"
``forensics@forensics:~/mvt$ mvt-ios decrypt-backup -p ******** -d ~/Documents/iphone/00008101-************/ ~/Documents/iphone/output
15:31:48 INFO [mvt.ios.decrypt] Decrypting iOS backup at path
/home/forensics/Documents/iphone/output with password
ERROR [mvt.ios.decrypt] [Errno 2] No such file or directory:
'/home/forensics/Documents/iphone/output/Manifest.plist'
Traceback (most recent call last):
File "/home/forensics/.local/lib/python3.8/site-packages/mv
t/ios/decrypt.py", line 75, in decrypt_with_password
self._backup =
iOSbackup(udid=os.path.basename(self.backup_path),
File "/home/forensics/.local/lib/python3.8/site-packages/iO
Sbackup/__init__.py", line 172, in __init__
self.loadManifest()
File "/home/forensics/.local/lib/python3.8/site-packages/iO
Sbackup/__init__.py", line 1055, in loadManifest
self.date=iOSbackup.convertTime(os.path.getmtime(manifest
File), since2001=False)
File "/usr/lib/python3.8/genericpath.py", line 55, in
getmtime
return os.stat(filename).st_mtime
FileNotFoundError: [Errno 2] No such file or directory:
'/home/forensics/Documents/iphone/output/Manifest.plist'
CRITICAL [mvt.ios.decrypt] Failed to decrypt backup. Did you provide
the correct password?
Most people use windows as their main OS and find linux confusing. If you want the most people possible to check their devices for this stuff you need a tool that works on the operating system they use.
I was just curious to check this out since I was reading about the Pegasus story just yesterday.
I did enable developper mode and went through the different steps, though it seems that even after installing mvt with python doesn't git access to mvt-android nor mvt-ios.
It doesn't seem to detect it or to recognize the commands (I have a backup of android to anaylyze).
"'mvt' n’est pas reconnu en tant que commande interne
ou externe, un programme exécutable ou un fichier de commandes."
I may have forgotten something but I don't see what...
Feel free to answer.
When running mvt-android download-apks --output /path/to/folder --all-checks
I get this output on some apks (all the juicy preinstalled system ones) :
ERROR [mvt.android.download_apks] Failed to pull package file from
/vendor/app/CACertService/CACertService.apk: Unable to download file
/vendor/app/CACertService/CACertService.apk: Command failed: open failed:
Permission denied
Traceback (most recent call last):
File "/tmp/mvt/mvt/android/modules/adb/base.py", line 121, in
_adb_download
self.device.pull(remote_path, local_path, progress_callback)
File "/run/user/1000/tmp.VgD6fU9ccG/lib/python3.8/site-packages/adb_shell/
adb_device.py", line 893, in pull
self._pull(device_path, stream, progress_callback, adb_info,
filesync_info)
File "/run/user/1000/tmp.VgD6fU9ccG/lib/python3.8/site-packages/adb_shell/
adb_device.py", line 918, in _pull
for cmd_id, _, data in self._filesync_read_until([constants.DATA],
[constants.DONE], adb_info, filesync_info):
File "/run/user/1000/tmp.VgD6fU9ccG/lib/python3.8/site-packages/adb_shell/
adb_device.py", line 1381, in _filesync_read_until
cmd_id, header, data = self._filesync_read(expected_ids + finish_ids,
adb_info, filesync_info)
File "/run/user/1000/tmp.VgD6fU9ccG/lib/python3.8/site-packages/adb_shell/
adb_device.py", line 1320, in _filesync_read
raise exceptions.AdbCommandFailureException('Command failed:
{}'.format(reason))
adb_shell.exceptions.AdbCommandFailureException: Command failed: open
failed: Permission denied
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/tmp/mvt/mvt/android/download_apks.py", line 138, in
pull_package_file
self._adb_download(remote_path, local_path,
File "/tmp/mvt/mvt/android/modules/adb/base.py", line 123, in
_adb_download
raise Exception(f"Unable to download file {remote_path}: {e}")
Exception: Unable to download file
/vendor/app/CACertService/CACertService.apk: Command failed: open failed:
Permission denied
This might be a dumb thing but I don't know how to do it.
How do I grab the dump from my iphone to be able to run mvt-ios properly?
I have installed your program and adb and synced adb with my phone to generate key so device is enabled in adb. But I still get following error:
eugene@ubuntu:~$ mvt-android download-apks --output /home/eugene/Downloads
Traceback (most recent call last):
File "/home/eugene/.local/bin/mvt-android", line 8, in
sys.exit(cli())
File "/usr/lib/python3/dist-packages/click/core.py", line 764, in call
return self.main(*args, **kwargs)
File "/usr/lib/python3/dist-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/home/eugene/.local/lib/python3.8/site-packages/mvt/android/cli.py", line 62, in download_apks
download.run()
File "/home/eugene/.local/lib/python3.8/site-packages/mvt/android/download_apks.py", line 208, in run
self._adb_connect()
File "/home/eugene/.local/lib/python3.8/site-packages/mvt/android/modules/adb/base.py", line 53, in _adb_connect
self._adb_check_keys()
File "/home/eugene/.local/lib/python3.8/site-packages/mvt/android/modules/adb/base.py", line 45, in _adb_check_keys
keygen(ADB_KEY_PATH)
File "/home/eugene/.local/lib/python3.8/site-packages/adb_shell/auth/keygen.py", line 248, in keygen
with open(filepath, 'wb') as private_key_file:
FileNotFoundError: [Errno 2] No such file or directory: '/home/eugene/.android/adbkey'
16:29:01 INFO [mvt.android.cli] Checking Android through adb bridge
INFO [mvt.android.modules.adb.chrome_history] Running module
ChromeHistory...
16:29:06 CRITICAL [mvt.android.modules.adb.base] Could not receive data from
first 961AX0GH0L (timeout 5000ms): LIBUSB_ERROR_TIMEOUT [-7]
Common problem in backups, see #25
url = f"https://www.virustotal.com/partners/sysinternals/file-reports?apikey={apikey}"
Is that f supposed to be there before the open quote for that string?
Hi, So I need a list of malicious indicators to make use of this app? If so, where can I find one.
Hello,
I believe it is an error to hardcode the apikey for virustotal api requests (see https://github.com/mvt-project/mvt/blob/main/mvt/android/lookups/virustotal.py#L16).
You might want to let the end user provide one through a config option instead.
Hello, when I executed this command 'mvt-android download-apks --output apks', I got this error:
FileNotFoundError: [Errno 2] No such file or directory: '/home/username/.android/adbkey'
Do you know how to solve that bug?
Hi,
mvt-ios check-backup --output /Users/user/Desktop/mvt_out /Users/user/Library/Application\ Support/MobileSync/Backup/<udid>
creates files in /Users/user/Desktop/mvt_out
chrome_favicon.json
chrome_history.json
contacts.json
datausage.json
id_status_cache.json
manifest.json
sms_attachments.json
sms.json
timeline.csv
whatsapp.json
mvt-ios check-iocs --iocs /Users/user/Desktop/mvt_out
returns an error:
Usage: mvt-ios check-iocs [OPTIONS] FOLDER
Try 'mvt-ios check-iocs --help' for help.
Error: Missing argument 'FOLDER'.
mvt-ios check-iocs --help
:
Usage: mvt-ios check-iocs [OPTIONS] FOLDER
Compare stored JSON results to provided indicators
Options:
-i, --iocs PATH Path to indicators file [required]
-l, --list-modules Print list of available modules and exit
-m, --module TEXT Name of a single module you would like to run instead of
all
--help Show this message and exit.
What am I doing wrong?
Ubuntu 20.04 Python 3.8.10
forensics@forensics-XPS-13-9365:~/mvt$ mvt-ios check-backup --output ~/Documents/iphone/output ~/Documents/iphone/00008020-001D54200101002E/
15:41:59 INFO [mvt.ios.cli] Checking iTunes backup located at:
/home/forensics/Documents/iphone/00008020-001D54200101002E/
INFO [mvt.ios.modules.fs.safari_browserstate] Running module
SafariBrowserState...
ERROR [mvt.ios.modules.fs.safari_browserstate] There might be no
data to extract by module SafariBrowserState: Unable to find
the module's database file
INFO [mvt.ios.modules.fs.safari_history] Running module
SafariHistory...
ERROR [mvt.ios.modules.fs.safari_history] There might be no data to
extract by module SafariHistory: Unable to find the module's
database file
INFO [mvt.ios.modules.fs.net_datausage] Running module
Datausage...
INFO [mvt.ios.modules.fs.net_datausage] Found DataUsage database
at path: /home/forensics/Documents/iphone/00008020-001D542001
01002E/0d/0d609c54856a9bb2d56729df1d68f2958a88426b
INFO [mvt.ios.modules.fs.net_datausage] Extracted information on
7133 processes
15:42:00 INFO [mvt.ios.modules.fs.sms] Running module SMS...
INFO [mvt.ios.modules.fs.sms] Found SMS database at path: /home/fo
rensics/Documents/iphone/00008020-001D54200101002E/3d/3d0d7e5
fb2ce288813306e4d4636395e047a3d28
15:42:01 INFO [mvt.ios.modules.fs.sms] Extracted a total of 745 SMS
messages containing links
INFO [mvt.ios.modules.fs.sms_attachments] Running module
SMSAttachments...
INFO [mvt.ios.modules.fs.sms_attachments] Found SMS database at
path: /home/forensics/Documents/iphone/00008020-001D542001010
02E/3d/3d0d7e5fb2ce288813306e4d4636395e047a3d28
INFO [mvt.ios.modules.fs.sms_attachments] Extracted a total of
3483 SMS attachments
INFO [mvt.ios.modules.fs.chrome_history] Running module
ChromeHistory...
INFO [mvt.ios.modules.fs.chrome_history] Found Chrome history
database at path: /home/forensics/Documents/iphone/00008020-0
01D54200101002E/fa/faf971ce92c3ac508c018dce1bef2a8b8e9838f1
INFO [mvt.ios.modules.fs.chrome_history] Extracted a total of 60
history items
INFO [mvt.ios.modules.fs.chrome_favicon] Running module
ChromeFavicon...
INFO [mvt.ios.modules.fs.chrome_favicon] Found Chrome favicon
cache database at path: /home/forensics/Documents/iphone/0000
8020-001D54200101002E/55/55680ab883d0fdcffd94f959b1632e5fbbb1
8c5b
INFO [mvt.ios.modules.fs.chrome_favicon] Extracted a total of 42
favicon records
INFO [mvt.ios.modules.fs.webkit_session_resource_log] Running
module WebkitSessionResourceLog...
Traceback (most recent call last):
File "/home/forensics/.local/bin/mvt-ios", line 8, in <module>
sys.exit(cli())
File "/usr/lib/python3/dist-packages/click/core.py", line 764, in __call__
return self.main(*args, **kwargs)
File "/usr/lib/python3/dist-packages/click/core.py", line 717, in main
rv = self.invoke(ctx)
File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke
return callback(*args, **kwargs)
File "/home/forensics/.local/lib/python3.8/site-packages/mvt/ios/cli.py", line 102, in check_backup
run_module(m)
File "/home/forensics/.local/lib/python3.8/site-packages/mvt/common/module.py", line 146, in run_module
module.check_indicators()
File "/home/forensics/.local/lib/python3.8/site-packages/mvt/ios/modules/fs/webkit_session_resource_log.py", line 84, in check_indicators
if self.indicators.check_domains(all_origins):
AttributeError: 'NoneType' object has no attribute 'check_domains'
I have copied my encrypted backup file from ~/library/Applicationsupport/mobilesync/Backup
to desktop.
then i'm typing this command to decrypt the file mvt-ios decrypt-backup -p PASSWORD -d ~/Desktop/Backup
and i'm getting this error:
`Usage: mvt-ios decrypt-backup [OPTIONS] BACKUP_PATH
Try 'mvt-ios decrypt-backup --help' for help.
Error: Missing argument 'BACKUP_PATH'.
I'm really struggling with this error, I cannot see anything wrong with the path I'm using (Mac Catalina, iPhone 8) I've substituted and underscore for the space in the Application Support directory as it does not like the space. Backup was made non-encrypted.
mvt-ios check-backup --output /Users/myusername/Downloads/ /Users/myusername/Library/Application_Support/MobileSync/Backup/9991553689f396bfc931039407d593096102ff4b/
Error: Invalid value for 'BACKUP_PATH': Path '/Users/myusername/Library/Application_Support/MobileSync/Backup/9991553689f396bfc931039407d593096102ff4b/' does not exist.
Do we need a GUI?
What problems would we try to solve with it?
What exactly would we want to see in such a GUI? Would it only bee a graphical representation of the same outputs of the CLI, or, for example, a browsable view of the produced JSON results? Or something else entirely?
Your views and suggestions are very much welcome!
mvt-android download-apks --output /path/to/folder
returns a CRITICAL error message:
CRITICAL [mvt.android.modules.adb.base] Could not receive data from
first ########## (timeout 5000ms): LIBUSB_ERROR_TIMEOUT [-7]
same error message with mvt-android check-adb
command
Ubuntu 20.10
The SMS Module is erroring out for me. The backup was created with iTunes:
21:44:00 INFO [mvt.ios.cli] Checking iTunes backup located at: **REDACTED**
INFO [mvt.ios.modules.fs.sms] Running module SMS...
INFO [mvt.ios.modules.fs.sms] Found SMS database at path: **REDACTED**
21:44:02 INFO [mvt.ios.modules.fs.sms] Extracted a total of 1710 SMS messages containing links
Traceback (most recent call last):
File "C:\Python39\Scripts\mvt-ios-script.py", line 33, in <module>
sys.exit(load_entry_point('mvt==1.0.11', 'console_scripts', 'mvt-ios')())
File "c:\python39\lib\site-packages\click\core.py", line 1137, in __call__
return self.main(*args, **kwargs)
File "c:\python39\lib\site-packages\click\core.py", line 1062, in main
rv = self.invoke(ctx)
File "c:\python39\lib\site-packages\click\core.py", line 1668, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "c:\python39\lib\site-packages\click\core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "c:\python39\lib\site-packages\click\core.py", line 763, in invoke
return __callback(*args, **kwargs)
File "c:\python39\lib\site-packages\mvt\ios\cli.py", line 108, in check_backup
save_timeline(timeline, os.path.join(output, "timeline.csv"))
File "c:\python39\lib\site-packages\mvt\common\module.py", line 167, in save_timeline
csvoutput.writerow([
File "c:\python39\lib\encodings\cp1252.py", line 19, in encode
return codecs.charmap_encode(input,self.errors,encoding_table)[0]
UnicodeEncodeError: 'charmap' codec can't encode characters in position 320-321: character maps to <undefined>
When using mvt-ios decrypt-backup, an exception error arise stopping the process
Exception ignored in: <function iOSbackup.del at 0x110652820>
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/iOSbackup/init.py", line 132, in del
self.close()
File "/usr/local/lib/python3.9/site-packages/iOSbackup/init.py", line 138, in close
os.remove(self.manifestDB)
TypeError: remove: path should be string, bytes or os.PathLike, not NoneType
In the example shown on the documentation the destination folder is sms
for the command mvt-android check-backup --output sms .
but instead it should be apps
, which consequently the correct command would be mvt-android check-backup --output apps .
... Although you can always rename the folder if you want, in my opinion it is more appropriate to recommend the correct destination in the documentation.
Getting this error trying to use stix file from Amnesty, what am I doing wrong.
mvt-ios check-iocs --iocs /mnt/c/Users/bucks/Desktop/MVT/pegasus.stix2 /mnt/c/Users/bucks/Desktop/MVT/output
1st arg location of stix file
2nd arg directory for output
ITunes output JSON files all in /mnt/c/Users/bucks/Desktop/MVT
This is not an issue.
Not sure if 'requires' are wrong or if I mixed up between local and system python packages but I had to manually upgrade rich module from git.
The error you get if rich logging is too is in cli.py (at the very start). "unexpected keyword argument 'log_time_format'"
alain@server2:~/dev/git.cloned/mvt/dev/mvt/2021-07-19$ mvt-android download-apks --output .
Traceback (most recent call last):
File "/home1/alain/.local/bin/mvt-android", line 5, in
from mvt.android import cli
File "/home1/alain/.local/lib/python3.8/site-packages/mvt/android/init.py", line 6, in
from .cli import cli
File "/home1/alain/.local/lib/python3.8/site-packages/mvt/android/cli.py", line 24, in
RichHandler(show_path=False, log_time_format="%X")])
TypeError: init() got an unexpected keyword argument 'log_time_format'
Then during rich install.
Installing collected packages: rich
Attempting uninstall: rich
Found existing installation: rich 9.8.2
Uninstalling rich-9.8.2:
Successfully uninstalled rich-9.8.2
Successfully installed rich-10.6.0
I found an error message when I want to decrypt the encrypted iTunes backup:
ERROR [mvt.ios.decrypt] Failed to decrypt file XYZ/XYZ/XYZ: module 'mmap' has no attribute 'PROT_READ'
I experienced this error on a Windows machine. After some digging I found this relevant stackoverflow post:
https://stackoverflow.com/questions/13500434/loading-file-in-memory-using-python
After changes in the getFileEncryptedCopy function of the iOSbackup module, decryption works beautifully.
iOSbackup repo
From:
mappedInFile = mmap.mmap(inFile.fileno(), length=0, prot=mmap.PROT_READ)
To:
mappedInFile = mmap.mmap(inFile.fileno(), length=0, access=mmap.ACCESS_READ)
Hope I could help you with this information. 😃
Running mvt-ios check-backup
on a backup newly created idevicebackup2 backup --full
and decrypted with mvt-ios decrypt-backup
produced the following error:
INFO [mvt.ios.modules.fs.sms] Found SMS database at path: Backup/3d/3d0d7e5fb2ce288813306e4d4636395e047a3d28
ERROR [mvt.ios.modules.fs.sms] Error in running extraction from module SMS: database disk image is malformed
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/mvt/common/module.py", line 134, in run_module
module.run()
File "/usr/local/lib/python3.9/site-packages/mvt/ios/modules/fs/sms.py", line 57, in run
cur.execute("""
sqlite3.DatabaseError: database disk image is malformed
Analysis on other payloads works as expected (calls, chrome_favicon etc.).
The device in question has a history that goes back to 2009, so perhaps this is caused by an older attachment format?
(idevicebackup2 1.3.1, mvt at 425d83e).
Any reason you haven't put this under https://github.com/amnesty? Think that would be a good idea really just as an example;
https://twitter.com/Hammered_Glass/status/1416828070804271105?s=20
And
https://twitter.com/danielyang92/status/1416876353794813962?s=20
I know some people will never be happy but seems like starting a whole new org is maybe unhelpful...
In the manifest.json
file from iOS backup, contains values with domain as ProtectedDomain
. Any tips on what are these domains/files? the relativePath
value is empty in some of these.
Hi,
It throws this:
○ → mvt-android check-backup --output apps/com.android.providers.telephony/d_f/000000_sms_backup .
14:21:10 INFO [mvt.android.cli] Checking ADB backup located at: .
INFO [mvt.android.modules.backup.sms] Running module SMS...
INFO [mvt.android.modules.backup.sms] Processing SMS backup file at
./apps/com.android.providers.telephony/d_f/000000_sms_backup
INFO [mvt.android.modules.backup.sms] Extracted a total of 168 SMS messages containing links
Traceback (most recent call last):
File "/home/user/.local/bin/mvt-android", line 8, in <module>
sys.exit(cli())
File "/home/user/.local/lib/python3.9/site-packages/click/core.py", line 1137, in __call__
return self.main(*args, **kwargs)
File "/home/user/.local/lib/python3.9/site-packages/click/core.py", line 1062, in main
rv = self.invoke(ctx)
File "/home/user/.local/lib/python3.9/site-packages/click/core.py", line 1668, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/home/user/.local/lib/python3.9/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/home/user/.local/lib/python3.9/site-packages/click/core.py", line 763, in invoke
return __callback(*args, **kwargs)
File "/home/user/.local/lib/python3.9/site-packages/mvt/android/cli.py", line 156, in check_backup
run_module(m)
File "/home/user/.local/lib/python3.9/site-packages/mvt/common/module.py", line 155, in run_module
module.save_to_json()
File "/home/user/.local/lib/python3.9/site-packages/mvt/common/module.py", line 84, in save_to_json
with open(results_json_path, "w") as handle:
NotADirectoryError: [Errno 20] Not a directory: 'apps/com.android.providers.telephony/d_f/000000_sms_backup/sms.json'
Also when I try to make the folder myself:
○ → mkdir apps/com.android.providers.telephony/d_f/000000_sms_backup
mkdir: no se puede crear el directorio «apps/com.android.providers.telephony/d_f/000000_sms_backup»: El fichero ya existe
(File already exists)
It's making the folder with same name of the file.
Update:
My bad.
I changed folders; output and source.
This helped to solve: #32 (comment)
When I write:
"$ sudo apt install python3"
The Termux says that:
"superuser binary detected.
Are you rooted?"
Is it mandatory to root to run this program??
Running on BigSur, when executing mvt-ios decrypt-backup, python errors are generated when specifying passwords trailing with the 'bang' aka '!' character. Let me know if you want an screen shots etc. Thanks!
It is confusing, see #28
Hello,
So I'm not a develop and I need some help trying to debug my phone. I currently have my android in developer mode with USB debugging enabled. I downloaded Xcode and Homebrew on my MacBook Pro using the terminal and everything was fine until I tried to run the mvt-android code. When I try to run this code
mvt-android download-apks --output /path/to/folder
I just see" quote " in the terminal and I don't know what it's asking me to enter. I keep checking the folder that I created to store the APKs but nothing has been added to it.
What am I doing wrong?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.