forked from stopipv/isdi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
evidence_collection.py
179 lines (146 loc) · 6.22 KB
/
evidence_collection.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
"""
Author: Sophie Stephenson
Date: 2023-03-15
Collect evidence of IPS. Basic version collects this data from the phone:
1. All apps that might be dual-use or spyware and data about them (install
time, desc, etc.)
2. Permission usage in the last 7 days (or 28 days, if we can)
"""
import json
import os
from pprint import pprint
from flask import redirect, render_template, request, session, url_for
import config
from db import create_mult_appinfo, create_scan
from web import app
from web.view.index import get_device
from web.view.scan import first_element_or_none
def get_multiple_app_details(device, ser, apps):
filled_in_apps = []
for app in apps:
d = get_app_details(device, ser, app["id"])
d["flags"] = app["flags"]
filled_in_apps.append(d)
return filled_in_apps
def get_app_details(device, ser, appid):
sc = get_device(device)
d, info = sc.app_details(ser, appid)
d = d.fillna('')
d = d.to_dict(orient='index').get(0, {})
d['appId'] = appid
return d
def get_suspicious_apps(device, device_owner):
# The following code is adapted from web/view/scan.py
template_d = dict(
task="home",
title=config.TITLE,
device=device,
device_primary_user=config.DEVICE_PRIMARY_USER, # TODO: Why is this sent
apps={},
)
sc = get_device(device)
if not sc:
template_d["error"] = "Please choose one device to scan."
return render_template("main.html", **template_d), 201
if not device_owner:
template_d["error"] = "Please give the device a nickname."
return render_template("main.html", **template_d), 201
ser = sc.devices()
print("Devices: {}".format(ser))
if not ser:
# FIXME: add pkexec scripts/ios_mount_linux.sh workflow for iOS if
# needed.
error = "<b>A device wasn't detected. Please follow the "\
"<a href='/instruction' target='_blank' rel='noopener'>"\
"setup instructions here.</a></b>"
template_d["error"] = error
return render_template("main.html", **template_d), 201
ser = first_element_or_none(ser)
print(">>>scanning_device", device, ser, "<<<<<")
if device == "ios":
error = "If an iPhone is connected, open iTunes, click through the "\
"connection dialog and wait for the \"Trust this computer\" "\
"prompt to pop up in the iPhone, and then scan again."
else:
error = "If an Android device is connected, disconnect and reconnect "\
"the device, make sure developer options is activated and USB "\
"debugging is turned on on the device, and then scan again."
error += "{} <b>Please follow the <a href='/instruction' target='_blank'"\
" rel='noopener'>setup instructions here,</a> if needed.</b>"
if device == 'ios':
# go through pairing process and do not scan until it is successful.
isconnected, reason = sc.setup()
template_d["error"] = error.format(reason)
if not isconnected:
return render_template("main.html", **template_d), 201
# TODO: model for 'devices scanned so far:' device_name_map['model']
# and save it to scan_res along with device_primary_user.
device_name_print, device_name_map = sc.device_info(serial=ser)
# Finds all the apps in the device
# @apps have appid, title, flags, TODO: add icon
apps = sc.find_spyapps(serialno=ser).fillna('').to_dict(orient='index')
if len(apps) <= 0:
print("The scanning failed for some reason.")
error = "The scanning failed. This could be due to many reasons. Try"\
" rerunning the scan from the beginning. If the problem persists,"\
" please report it in the file. <code>report_failed.md</code> in the<code>"\
"phone_scanner/</code> directory. Checn the phone manually. Sorry for"\
" the inconvenience."
template_d["error"] = error
return render_template("main.html", **template_d), 201
scan_d = {
'clientid': session['clientid'],
'serial': config.hmac_serial(ser),
'device': device,
'device_model': device_name_map.get('model', '<Unknown>').strip(),
'device_version': device_name_map.get('version', '<Unknown>').strip(),
'device_primary_user': device_owner,
}
if device == 'ios':
scan_d['device_manufacturer'] = 'Apple'
scan_d['last_full_charge'] = 'unknown'
else:
scan_d['device_manufacturer'] = device_name_map.get(
'brand', "<Unknown>").strip()
scan_d['last_full_charge'] = device_name_map.get(
'last_full_charge', "<Unknown>")
rooted, rooted_reason = sc.isrooted(ser)
scan_d['is_rooted'] = rooted
scan_d['rooted_reasons'] = json.dumps(rooted_reason)
# TODO: here, adjust client session.
scanid = create_scan(scan_d)
if device == 'ios':
pii_fpath = sc.dump_path(ser, 'Device_Info')
print('Revelant info saved to db. Deleting {} now.'.format(pii_fpath))
cmd = os.unlink(pii_fpath)
# s = catch_err(run_command(cmd), msg="Delete pii failed", cmd=cmd)
print('iOS PII deleted.')
print("Creating appinfo...")
create_mult_appinfo([(scanid, appid, json.dumps(
info['flags']), '', '<new>') for appid, info in apps.items()])
template_d.update(dict(
isrooted=(
"<strong class='text-info'>Maybe (this is possibly just a bug with our scanning tool).</strong> Reason(s): {}"
.format(rooted_reason) if rooted
else "Don't know" if rooted is None
else "No"
),
device_name=device_name_print,
apps=apps,
scanid=scanid,
sysapps=set(), # sc.get_system_apps(serialno=ser)),
serial=ser,
# TODO: make this a map of model:link to display scan results for that
# scan.
error=config.error()
))
# new stuff from Sophie
pprint(apps)
suspicious_apps = []
for k in apps.keys():
app = apps[k]
if 'dual-use' in app["flags"] or 'spyware' in app["flags"]:
app["id"] = k
suspicious_apps.append(app)
detailed_apps = get_multiple_app_details(device, ser, suspicious_apps)
return detailed_apps