Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Python KeyError while parsing Android SMS backup via adb - ERROR [mvt.android.modules.adb.sms] Error in running extraction from module SMS: 'body' #565

Open
joramokwaro opened this issue Oct 28, 2024 · 4 comments
Labels
android bug Something isn't working

Comments

@joramokwaro
Copy link

Laptop = Lenovo Thinkpad T490s
OS = Ubuntu 24.04.1 LTS
Terminal Emulator = Terminator 2.1.3
Shell = bash
Phone = OnePlus 8T (KB2003)
Android Verstion = 14

mvt-android version = 2.5.4
adb kill-server = done

The device is attached according to adb:

$ adb devices
List of devices attached
55df115f device

Backup prompted and initiated in device. The following error is then seen:

$ sudo mvt-android check-adb --output .

        MVT - Mobile Verification Toolkit
                https://mvt.re
                Version: 2.5.4
                Indicators updates checked recently, next automatic check in 12 hours


09:38:43 INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_intellex
                  a_predator_predator.stix2                                                                           
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2023-06_
                  01_operation_triangulation_operation_triangulation.stix2                                            
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_AmnestyTech_investigations_master_2024-0
                  5-02_wintego_helios_wintego_helios.stix2                                                            
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2022-06-
                  23_rcs_lab_rcs.stix2                                                                                
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_AssoEchap_stalkerware-indicators_master_
                  generated_stalkerware.stix2                                                                         
09:38:44 INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_AmnestyTech_investigations_master_2021-0
                  7-18_nso_pegasus.stix2                                                                              
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2023-04-
                  11_quadream_kingspawn.stix2                                                                         
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_AmnestyTech_investigations_master_2023-0
                  3-29_android_campaign_malware.stix2                                                                 
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2023-07-
                  25_wyrmspy_dragonegg_wyrmspy_dragonegg.stix2                                                        
         INFO     [mvt.android.cmd_check_adb] Loaded a total of 9985 unique indicators                                
         INFO     [mvt] Checking Android device over debug bridge                                                     
         INFO     [mvt.android.modules.adb.chrome_history] Running module ChromeHistory...                            
         ERROR    [mvt.android.modules.adb.chrome_history] This module is optionally available in case the device is  
                  already rooted. Do NOT root your own device!                                                        
         INFO     [mvt.android.modules.adb.chrome_history] The ChromeHistory module produced no detections!           
         INFO     [mvt.android.modules.adb.sms] Running module SMS...                                                 
09:38:45 INFO     [mvt.android.modules.adb.sms] No SMS database found. Trying extraction of SMS data using Android    
                  backup feature.                                                                                     
         INFO     [mvt.android.modules.adb.sms] Please check phone and accept Android backup prompt. You may need to  
                  set a backup password.                                                                              
09:39:17 ERROR    [mvt.android.modules.adb.sms] Error in running extraction from module SMS: 'body'                   
                  Traceback (most recent call last):                                                                  
                    File "/path/to/lib/python3.12/site-packages/mvt/common/module.py", line    
                  167, in run_module                                                                                  
                      exec_or_profile("module.run()", globals(), locals())                                            
                    File "/path/to/lib/python3.12/site-packages/mvt/common/utils.py", line 262,
                  in exec_or_profile                                                                                  
                      exec(module, globals, locals)                                                                   
                    File "<string>", line 1, in <module>                                                              
                    File                                                                                              
                  "/path/to/lib/python3.12/site-packages/mvt/android/modules/adb/sms.py", line 
                  174, in run                                                                                         
                      self._extract_sms_adb()                                                                         
                    File                                                                                              
                  "/path/to/lib/python3.12/site-packages/mvt/android/modules/adb/sms.py", line 
                  139, in _extract_sms_adb                                                                            
                      self.results = parse_tar_for_sms(backup_tar)                                                    
                                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                    
                    File "/path/to/lib/python3.12/site-packages/mvt/android/parsers/backup.py",
                  line 213, in parse_tar_for_sms                                                                      
                      res.extend(parse_sms_file(dhandler.read()))                                                     
                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                      
                    File "/path/to/lib/python3.12/site-packages/mvt/android/parsers/backup.py",
                  line 233, in parse_sms_file                                                                         
                      message_links = check_for_links(entry["body"])                                                  
                                                      ~~~~~^^^^^^^^                                                   
                  KeyError: 'body'                                                                                    
                                                                                  

@Te-k
Copy link
Contributor

Te-k commented Oct 28, 2024

Hi,
I think this issue has been solved in the github version, could you try installing the latest version from github and test?

@Te-k Te-k added bug Something isn't working android labels Oct 28, 2024
@joramokwaro
Copy link
Author

Thanks @Te-k I uninstalled the version I got via pip and installed the latest version via pipx:

pipx install --force git+https://github.com/mvt-project/mvt.git

Same issue:

INFO     [mvt.android.modules.adb.sms] Please check phone and accept Android backup prompt. You may need to  
                  set a backup password.                                                                              
14:33:11 ERROR    [mvt.android.modules.adb.sms] Error in running extraction from module SMS: 'body'                   
                  Traceback (most recent call last):                                                                  
                    File "/path/to/.local/share/pipx/venvs/mvt/lib/python3.12/site-packages/mvt/common/module.py", 
                  line 167, in run_module                                                                             
                      exec_or_profile("module.run()", globals(), locals())                                            
                    File "/path/to/.local/share/pipx/venvs/mvt/lib/python3.12/site-packages/mvt/common/utils.py",  
                  line 262, in exec_or_profile                                                                        
                      exec(module, globals, locals)                                                                   
                    File "<string>", line 1, in <module>                                                              
                    File                                                                                              
                  "/path/to/.local/share/pipx/venvs/mvt/lib/python3.12/site-packages/mvt/android/modules/adb/sms.py
                  ", line 177, in run                                                                                 
                      self._extract_sms_adb()                                                                         
                    File                                                                                              
                  "/path/to/.local/share/pipx/venvs/mvt/lib/python3.12/site-packages/mvt/android/modules/adb/sms.py
                  ", line 142, in _extract_sms_adb                                                                    
                      self.results = parse_tar_for_sms(backup_tar)                                                    
                                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                    
                    File                                                                                              
                  "/path/to/.local/share/pipx/venvs/mvt/lib/python3.12/site-packages/mvt/android/parsers/backup.py"
                  , line 213, in parse_tar_for_sms                                                                    
                      res.extend(parse_sms_file(dhandler.read()))                                                     
                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                      
                    File                                                                                              
                  "/path/to/.local/share/pipx/venvs/mvt/lib/python3.12/site-packages/mvt/android/parsers/backup.py"
                  , line 241, in parse_sms_file                                                                       
                      if message_links or entry["body"].strip() == "":                                                
                                          ~~~~~^^^^^^^^                                                               
                  KeyError: 'body' 

@enokseth
Copy link

enokseth commented Nov 1, 2024

Laptop = Lenovo Thinkpad T490s OS = Ubuntu 24.04.1 LTS Terminal Emulator = Terminator 2.1.3 Shell = bash Phone = OnePlus 8T (KB2003) Android Verstion = 14

mvt-android version = 2.5.4 adb kill-server = done

The device is attached according to adb:

$ adb devices List of devices attached 55df115f device

Backup prompted and initiated in device. The following error is then seen:

$ sudo mvt-android check-adb --output .

        MVT - Mobile Verification Toolkit
                https://mvt.re
                Version: 2.5.4
                Indicators updates checked recently, next automatic check in 12 hours


09:38:43 INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_intellex
                  a_predator_predator.stix2                                                                           
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2023-06_
                  01_operation_triangulation_operation_triangulation.stix2                                            
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_AmnestyTech_investigations_master_2024-0
                  5-02_wintego_helios_wintego_helios.stix2                                                            
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2022-06-
                  23_rcs_lab_rcs.stix2                                                                                
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_AssoEchap_stalkerware-indicators_master_
                  generated_stalkerware.stix2                                                                         
09:38:44 INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_AmnestyTech_investigations_master_2021-0
                  7-18_nso_pegasus.stix2                                                                              
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2023-04-
                  11_quadream_kingspawn.stix2                                                                         
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_AmnestyTech_investigations_master_2023-0
                  3-29_android_campaign_malware.stix2                                                                 
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                   
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2023-07-
                  25_wyrmspy_dragonegg_wyrmspy_dragonegg.stix2                                                        
         INFO     [mvt.android.cmd_check_adb] Loaded a total of 9985 unique indicators                                
         INFO     [mvt] Checking Android device over debug bridge                                                     
         INFO     [mvt.android.modules.adb.chrome_history] Running module ChromeHistory...                            
         ERROR    [mvt.android.modules.adb.chrome_history] This module is optionally available in case the device is  
                  already rooted. Do NOT root your own device!                                                        
         INFO     [mvt.android.modules.adb.chrome_history] The ChromeHistory module produced no detections!           
         INFO     [mvt.android.modules.adb.sms] Running module SMS...                                                 
09:38:45 INFO     [mvt.android.modules.adb.sms] No SMS database found. Trying extraction of SMS data using Android    
                  backup feature.                                                                                     
         INFO     [mvt.android.modules.adb.sms] Please check phone and accept Android backup prompt. You may need to  
                  set a backup password.                                                                              
09:39:17 ERROR    [mvt.android.modules.adb.sms] Error in running extraction from module SMS: 'body'                   
                  Traceback (most recent call last):                                                                  
                    File "/path/to/lib/python3.12/site-packages/mvt/common/module.py", line    
                  167, in run_module                                                                                  
                      exec_or_profile("module.run()", globals(), locals())                                            
                    File "/path/to/lib/python3.12/site-packages/mvt/common/utils.py", line 262,
                  in exec_or_profile                                                                                  
                      exec(module, globals, locals)                                                                   
                    File "<string>", line 1, in <module>                                                              
                    File                                                                                              
                  "/path/to/lib/python3.12/site-packages/mvt/android/modules/adb/sms.py", line 
                  174, in run                                                                                         
                      self._extract_sms_adb()                                                                         
                    File                                                                                              
                  "/path/to/lib/python3.12/site-packages/mvt/android/modules/adb/sms.py", line 
                  139, in _extract_sms_adb                                                                            
                      self.results = parse_tar_for_sms(backup_tar)                                                    
                                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                    
                    File "/path/to/lib/python3.12/site-packages/mvt/android/parsers/backup.py",
                  line 213, in parse_tar_for_sms                                                                      
                      res.extend(parse_sms_file(dhandler.read()))                                                     
                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                                      
                    File "/path/to/lib/python3.12/site-packages/mvt/android/parsers/backup.py",
                  line 233, in parse_sms_file                                                                         
                      message_links = check_for_links(entry["body"])                                                  
                                                      ~~~~~^^^^^^^^                                                   
                  KeyError: 'body'                                                                                    
                                                                                  

Simply Use python3 -m venv mymvtvenv
and source mymvtvenv/bin/activate
in end use pip3 install mvt
Retry !

┌──(enokseth㉿raccoon)-[~/mvvt]
└─$ cat /etc/os-release

PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
VERSION_ID="2024.3"
VERSION="2024.3"
VERSION_CODENAME=kali-rolling
ID=kali
ID_LIKE=debian
HOME_URL="https://www.kali.org/"
SUPPORT_URL="https://forums.kali.org/"
BUG_REPORT_URL="https://bugs.kali.org/"
ANSI_COLOR="1;31"

@joramokwaro
Copy link
Author

joramokwaro commented Nov 14, 2024

I built and run the docker image from source and still encountered this error:

blah@f3044d129725:/home/cases# mvt-android check-adb --module SMS          


        MVT - Mobile Verification Toolkit
                https://mvt.re
                Version: 2.5.4
                Indicators updates checked recently, next automatic check in 12 hours


11:31:40 INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_intellexa_predator_predator.stix2                             
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path                                                                                                                                                           
                  /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2023-06_01_operation_triangulation_operation_triangulation.stix2                                                                
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_AmnestyTech_investigations_master_2024-05-02_wintego_helios_wintego_helios.stix2              
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2022-06-23_rcs_lab_rcs.stix2                                  
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_AssoEchap_stalkerware-indicators_master_generated_stalkerware.stix2                           
11:31:44 INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_AmnestyTech_investigations_master_2021-07-18_nso_pegasus.stix2                                
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2023-04-11_quadream_kingspawn.stix2                           
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_AmnestyTech_investigations_master_2023-03-29_android_campaign_malware.stix2                   
         INFO     [mvt.android.cmd_check_adb] Parsing STIX2 indicators file at path /root/.local/share/mvt/indicators/raw.githubusercontent.com_mvt-project_mvt-indicators_main_2023-07-25_wyrmspy_dragonegg_wyrmspy_dragonegg.stix2          
         INFO     [mvt.android.cmd_check_adb] Loaded a total of 10460 unique indicators                                                                                                                                                       
         INFO     [mvt] Checking Android device over debug bridge                                                                                                                                                                             
         INFO     [mvt.android.modules.adb.sms] Running module SMS...                                                                                                                                                                         
         INFO     [mvt.android.modules.adb.sms] No SMS database found. Trying extraction of SMS data using Android backup feature.                                                                                                            
         INFO     [mvt.android.modules.adb.sms] Please check phone and accept Android backup prompt. You may need to set a backup password.                                                                                                   
11:32:25 ERROR    [mvt.android.modules.adb.sms] Error in running extraction from module SMS: 'body'                                                                                                                                           
                  Traceback (most recent call last):                                                                                                                                                                                          
                    File "/usr/local/lib/python3.10/dist-packages/mvt/common/module.py", line 167, in run_module                                                                                                                              
                      exec_or_profile("module.run()", globals(), locals())                                                                                                                                                                    
                    File "/usr/local/lib/python3.10/dist-packages/mvt/common/utils.py", line 262, in exec_or_profile                                                                                                                          
                      exec(module, globals, locals)                                                                                                                                                                                           
                    File "<string>", line 1, in <module>                                                                                                                                                                                      
                    File "/usr/local/lib/python3.10/dist-packages/mvt/android/modules/adb/sms.py", line 177, in run                                                                                                                           
                      self._extract_sms_adb()                                                                                                                                                                                                 
                    File "/usr/local/lib/python3.10/dist-packages/mvt/android/modules/adb/sms.py", line 142, in _extract_sms_adb                                                                                                              
                      self.results = parse_tar_for_sms(backup_tar)                                                                                                                                                                            
                    File "/usr/local/lib/python3.10/dist-packages/mvt/android/parsers/backup.py", line 213, in parse_tar_for_sms                                                                                                              
                      res.extend(parse_sms_file(dhandler.read()))                                                                                                                                                                             
                    File "/usr/local/lib/python3.10/dist-packages/mvt/android/parsers/backup.py", line 241, in parse_sms_file                                                                                                                 
                      if message_links or entry["body"].strip() == "":                                                                                                                                                                        
                  KeyError: 'body'                                                                                                                                                                                                            
         INFO     [mvt.android.cmd_check_adb] Please disable Developer Options and ADB (Android Debug Bridge) on the device once finished with the acquisition. ADB is a powerful tool which can allow unauthorized access to the device.     
         INFO      NOTE: Using MVT with public indicators of compromise (IOCs) WILL NOT automatically detect advanced attacks.                                                                                                                
                                                                                                                                                                                                                                              
                  Please seek reputable expert help if you have serious concerns about a possible spyware attack. Such support is available to human rights defenders and civil society through Amnesty International's Security Lab at       
                  https://securitylab.amnesty.org/get-help/?c=mvt  

@joramokwaro joramokwaro changed the title Python KeyError while parsing Android SMS backup - ERROR [mvt.android.modules.adb.sms] Error in running extraction from module SMS: 'body' Python KeyError while parsing Android SMS backup via adb - ERROR [mvt.android.modules.adb.sms] Error in running extraction from module SMS: 'body' Nov 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
android bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants