Te-k
commented
3 weeks ago Hi, I think this issue has been solved in the github version, could you try installing the latest version from github and test?
Open joramokwaro opened 3 weeks ago
Te-k
commented
3 weeks ago Hi, I think this issue has been solved in the github version, could you try installing the latest version from github and test?
joramokwaro
commented
3 weeks ago Thanks @Te-k I uninstalled the version I got via pip and installed the latest version via pipx:
pipx install --force git+https://github.com/mvt-project/mvt.git
Same issue:
INFO [mvt.android.modules.adb.sms] Please check phone and accept Android backup prompt. You may need to
set a backup password.
14:33:11 ERROR [mvt.android.modules.adb.sms] Error in running extraction from module SMS: 'body'
Traceback (most recent call last):
File "/path/to/.local/share/pipx/venvs/mvt/lib/python3.12/site-packages/mvt/common/module.py",
line 167, in run_module
exec_or_profile("module.run()", globals(), locals())
File "/path/to/.local/share/pipx/venvs/mvt/lib/python3.12/site-packages/mvt/common/utils.py",
line 262, in exec_or_profile
exec(module, globals, locals)
File "<string>", line 1, in <module>
File
"/path/to/.local/share/pipx/venvs/mvt/lib/python3.12/site-packages/mvt/android/modules/adb/sms.py
", line 177, in run
self._extract_sms_adb()
File
"/path/to/.local/share/pipx/venvs/mvt/lib/python3.12/site-packages/mvt/android/modules/adb/sms.py
", line 142, in _extract_sms_adb
self.results = parse_tar_for_sms(backup_tar)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File
"/path/to/.local/share/pipx/venvs/mvt/lib/python3.12/site-packages/mvt/android/parsers/backup.py"
, line 213, in parse_tar_for_sms
res.extend(parse_sms_file(dhandler.read()))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File
"/path/to/.local/share/pipx/venvs/mvt/lib/python3.12/site-packages/mvt/android/parsers/backup.py"
, line 241, in parse_sms_file
if message_links or entry["body"].strip() == "":
~~~~~^^^^^^^^
KeyError: 'body' 
enokseth
commented
2 weeks ago Laptop = Lenovo Thinkpad T490s OS = Ubuntu 24.04.1 LTS Terminal Emulator = Terminator 2.1.3 Shell = bash Phone = OnePlus 8T (KB2003) Android Verstion = 14
mvt-android version = 2.5.4 adb kill-server = done
The device is attached according to adb:
$ adb devices List of devices attached 55df115f device
Backup prompted and initiated in device. The following error is then seen:
$ sudo mvt-android check-adb --output . MVT - Mobile Verification Toolkit https://mvt.re Version: 2.5.4 Indicators updates checked recently, next automatic check in 12 hours 09:38:43 INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_intellex a_predator_predator.stix2 INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2023-06_ 01_operation_triangulation_operation_triangulation.stix2 INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_AmnestyTech_investigations_master_2024-0 5-02_wintego_helios_wintego_helios.stix2 INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2022-06- 23_rcs_lab_rcs.stix2 INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_AssoEchap_stalkerware-indicators_master_ generated_stalkerware.stix2 09:38:44 INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_AmnestyTech_investigations_master_2021-0 7-18_nso_pegasus.stix2 INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2023-04- 11_quadream_kingspawn.stix2 INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_AmnestyTech_investigations_master_2023-0 3-29_android_campaign_malware.stix2 INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2023-07- 25_wyrmspy_dragonegg_wyrmspy_dragonegg.stix2 INFO [mvt.android.cmd_check_adb] Loaded a total of 9985 unique indicators INFO [mvt] Checking Android device over debug bridge INFO [mvt.android.modules.adb.chrome_history] Running module ChromeHistory... ERROR [mvt.android.modules.adb.chrome_history] This module is optionally available in case the device is already rooted. Do NOT root your own device! INFO [mvt.android.modules.adb.chrome_history] The ChromeHistory module produced no detections! INFO [mvt.android.modules.adb.sms] Running module SMS... 09:38:45 INFO [mvt.android.modules.adb.sms] No SMS database found. Trying extraction of SMS data using Android backup feature. INFO [mvt.android.modules.adb.sms] Please check phone and accept Android backup prompt. You may need to set a backup password. 09:39:17 ERROR [mvt.android.modules.adb.sms] Error in running extraction from module SMS: 'body' Traceback (most recent call last): File "/path/to/lib/python3.12/site-packages/mvt/common/module.py", line 167, in run_module exec_or_profile("module.run()", globals(), locals()) File "/path/to/lib/python3.12/site-packages/mvt/common/utils.py", line 262, in exec_or_profile exec(module, globals, locals) File "<string>", line 1, in <module> File "/path/to/lib/python3.12/site-packages/mvt/android/modules/adb/sms.py", line 174, in run self._extract_sms_adb() File "/path/to/lib/python3.12/site-packages/mvt/android/modules/adb/sms.py", line 139, in _extract_sms_adb self.results = parse_tar_for_sms(backup_tar) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/path/to/lib/python3.12/site-packages/mvt/android/parsers/backup.py", line 213, in parse_tar_for_sms res.extend(parse_sms_file(dhandler.read())) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/path/to/lib/python3.12/site-packages/mvt/android/parsers/backup.py", line 233, in parse_sms_file message_links = check_for_links(entry["body"]) ~~~~~^^^^^^^^ KeyError: 'body'
Simply Use python3 -m venv mymvtvenv
and source mymvtvenv/bin/activate
in end use pip3 install mvt
Retry !
┌──(enokseth㉿raccoon)-[~/mvvt]
└─$ cat /etc/os-release
PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
VERSION_ID="2024.3"
VERSION="2024.3"
VERSION_CODENAME=kali-rolling
ID=kali
ID_LIKE=debian
HOME_URL="https://www.kali.org/"
SUPPORT_URL="https://forums.kali.org/"
BUG_REPORT_URL="https://bugs.kali.org/"
ANSI_COLOR="1;31"I built and run the docker image from source and still encountered this error:
blah@f3044d129725:/home/cases# mvt-android check-adb --module SMS
MVT - Mobile Verification Toolkit
https://mvt.re
Version: 2.5.4
Indicators updates checked recently, next automatic check in 12 hours
11:31:40 INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_intellexa_predator_predator.stix2
INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path
/root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2023-06_01_operation_triangulation_operation_triangulation.stix2
INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_AmnestyTech_investigations_master_2024-05-02_wintego_helios_wintego_helios.stix2
INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2022-06-23_rcs_lab_rcs.stix2
INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_AssoEchap_stalkerware-indicators_master_generated_stalkerware.stix2
11:31:44 INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_AmnestyTech_investigations_master_2021-07-18_nso_pegasus.stix2
INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2023-04-11_quadream_kingspawn.stix2
INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_AmnestyTech_investigations_master_2023-03-29_android_campaign_malware.stix2
INFO [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2023-07-25_wyrmspy_dragonegg_wyrmspy_dragonegg.stix2
INFO [mvt.android.cmd_check_adb] Loaded a total of 10460 unique indicators
INFO [mvt] Checking Android device over debug bridge
INFO [mvt.android.modules.adb.sms] Running module SMS...
INFO [mvt.android.modules.adb.sms] No SMS database found. Trying extraction of SMS data using Android backup feature.
INFO [mvt.android.modules.adb.sms] Please check phone and accept Android backup prompt. You may need to set a backup password.
11:32:25 ERROR [mvt.android.modules.adb.sms] Error in running extraction from module SMS: 'body'
Traceback (most recent call last):
File "/usr/local/lib/python3.10/dist-packages/mvt/common/module.py", line 167, in run_module
exec_or_profile("module.run()", globals(), locals())
File "/usr/local/lib/python3.10/dist-packages/mvt/common/utils.py", line 262, in exec_or_profile
exec(module, globals, locals)
File "<string>", line 1, in <module>
File "/usr/local/lib/python3.10/dist-packages/mvt/android/modules/adb/sms.py", line 177, in run
self._extract_sms_adb()
File "/usr/local/lib/python3.10/dist-packages/mvt/android/modules/adb/sms.py", line 142, in _extract_sms_adb
self.results = parse_tar_for_sms(backup_tar)
File "/usr/local/lib/python3.10/dist-packages/mvt/android/parsers/backup.py", line 213, in parse_tar_for_sms
res.extend(parse_sms_file(dhandler.read()))
File "/usr/local/lib/python3.10/dist-packages/mvt/android/parsers/backup.py", line 241, in parse_sms_file
if message_links or entry["body"].strip() == "":
KeyError: 'body'
INFO [mvt.android.cmd_check_adb] Please disable Developer Options and ADB (Android Debug Bridge) on the device once finished with the acquisition. ADB is a powerful tool which can allow unauthorized access to the device.
INFO NOTE: Using MVT with public indicators of compromise (IOCs) WILL NOT automatically detect advanced attacks.
Please seek reputable expert help if you have serious concerns about a possible spyware attack. Such support is available to human rights defenders and civil society through Amnesty International's Security Lab at
https://securitylab.amnesty.org/get-help/?c=mvt
Laptop = Lenovo Thinkpad T490s OS = Ubuntu 24.04.1 LTS Terminal Emulator = Terminator 2.1.3 Shell = bash Phone = OnePlus 8T (KB2003) Android Verstion = 14
mvt-android version = 2.5.4 adb kill-server = done
The device is attached according to adb:
$ adb devices List of devices attached 55df115f device
Backup prompted and initiated in device. The following error is then seen: