Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add parser for Android tombstone files #568

Merged
merged 8 commits into from
Feb 6, 2025
Merged

Add parser for Android tombstone files #568

merged 8 commits into from
Feb 6, 2025

Conversation

DonnchaC
Copy link
Collaborator

This PR is a WIP to implement an initial parser for Android crash reports which are stored in tombstone files. These can either be plaintext or in a serialized protobuf (proto: https://android.googlesource.com/platform/system/core/+/refs/heads/main/debuggerd/proto/tombstone.proto).

This WIP adds code to generating and running a protobuf parser based on the original schema using the betterproto library. This should be much more reliable than parsing the raw text file. I'm not sure yet which vendors or Android devices support generating .pb serialized tombstone files.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 28, 2024
edited
Loading

Coverage

Coverage Report
FileStmtsMissCoverMissing
src/mvt/android
   cli.py1575267%61, 69, 88–120, 156–180, 218–219, 280–281, 288, 344–345, 375–382, 390–391
   cmd_check_adb.py10370%26–37
   cmd_check_androidqf.py34585%57–60, 64
   cmd_check_backup.py631871%60, 69–70, 78–79, 85–88, 95–108, 112
   cmd_check_bugreport.py39782%51, 54–57, 70, 76
   cmd_download_apks.py866821%38–42, 51–53, 65–99, 105–112, 116–172, 175–177, 180–184
   utils.py16569%11–20
src/mvt/android/artifacts
   dumpsys_adb.py69691%45–46, 49–50, 116–117
   dumpsys_appops.py1061091%27, 69–71, 117–118, 155, 171–173, 179
   dumpsys_battery_daily.py42295%42–43
   dumpsys_battery_history.py48785%47–55, 68
   dumpsys_dbinfo.py42588%60–65
   dumpsys_package_activities.py40490%12, 64, 70–71
   dumpsys_packages.py121596%18–23, 160, 167
   dumpsys_platform_compat.py22195%31
   dumpsys_receivers.py57689%24, 29, 34, 97, 103–104
   getprop.py31390%40, 48, 51
   processes.py34974%20, 24–25, 31, 55, 59, 63–65
   tombstone_crashes.py1492385%79, 91, 94–118, 184, 204, 209, 214, 269
src/mvt/android/modules/adb
   base.py14711124%51–61, 66–73, 77–138, 142, 146–148, 157, 166–167, 171–172, 185, 198–200, 218–224, 234–269, 282–306, 309–351, 355
   chrome_history.py372435%30–38, 41, 50–56, 64–98, 101–110
   dumpsys_accessibility.py15847%26, 36–47
   dumpsys_activities.py14750%28–37, 40–45
   dumpsys_adbstate.py14750%26, 36–42
   dumpsys_appops.py14657%28, 38–44
   dumpsys_battery_daily.py13654%26, 36–42
   dumpsys_battery_history.py13654%26, 36–42
   dumpsys_dbinfo.py14657%28, 38–44
   dumpsys_full.py16944%25, 35–45
   dumpsys_receivers.py14750%26–35, 38–44
   files.py725721%37–45, 48–56, 59–70, 73–88, 93–121, 124–155
   getprop.py14750%26–35, 38–43
   logcat.py211433%25, 35–57
   packages.py16814812%39–47, 50–72, 75–108, 112–161, 165–175, 180–211, 214–311
   processes.py13654%26, 36–42
   root_binaries.py251828%24, 34–36, 39–70
   selinux_status.py171041%26–35, 38–48
   settings.py251828%26–35, 38–58
   sms.py796024%56–65, 68–69, 77–90, 98–127, 137–151, 154–179
   whatsapp.py533926%31, 41–42, 50–60, 68–103, 106–113
src/mvt/android/modules/androidqf
   dumpsys_packages.py24388%52–53, 56
   files.py672070%68, 77–79, 83, 87–96, 101–104, 113–118
   packages.py57689%46–51, 79, 84, 104
   settings.py24292%51–52
   sms.py491373%48, 51, 56–57, 73–78, 81, 85–91, 96–97
src/mvt/android/modules/backup
   base.py33294%64–65
   helpers.py22195%27
   sms.py33488%40, 44, 47–48
src/mvt/android/modules/bugreport
   accessibility.py17382%38–42, 51
   activities.py16288%42–46
   adb_state.py16381%38–42, 51
   appops.py15287%38–42
   base.py582164%48–49, 54–55, 62–67, 71, 86–93, 96–101
   battery_daily.py15287%38–42
   battery_history.py15287%38–42
   dbinfo.py16288%40–44
   getprop.py26773%40–44, 51–52, 57–60
   packages.py24388%39–43, 56
   platform_compat.py16288%38–42
   receivers.py16288%40–44
   tombstones.py241154%45–61
src/mvt/android/parsers
   backup.py109992%62, 102–103, 109, 129, 132, 175, 190–191
src/mvt/common
   artifact.py10280%22, 28
   cmd_check_iocs.py382924%26–36, 39–80
   command.py1334765%68–74, 80–98, 104–110, 119–147, 153–157, 160–162, 168, 202, 219, 223–224
   indicators.py3176579%39–41, 54–60, 139, 151, 157, 163, 169, 191, 205–210, 293, 305, 317, 359–362, 379, 404–422, 449, 471, 502, 521, 536–542, 555–563, 574, 598, 623, 632–639, 654, 679–692, 703, 706, 733, 780, 798
   logo.py403318%16–74, 78–85
   module.py1193670%71–75, 80–84, 99–119, 160, 169, 174, 184, 203–204, 220–221, 237–246
   options.py13377%27–33
   updates.py14411818%27–34, 39–52, 57–65, 68–70, 77–85, 88–90, 93–105, 108–123, 126–164, 171–200, 207–217, 220–250
   url.py25676%327, 366, 372–376
   utils.py1083766%49–51, 64, 96–97, 111, 125–126, 165–182, 197–198, 211–212, 219–228, 243, 253, 261
   virustotal.py231343%25–52
src/mvt/ios
   cli.py1396255%61, 69, 98–142, 161–184, 225–226, 259–280, 303–310, 318–319
   cmd_check_fs.py13469%28–40, 43
   decrypt.py1149219%33–36, 39, 48–56, 61–64, 73–123, 131–181, 192–221, 227–231, 244–255
   versions.py32391%21, 30, 48
src/mvt/ios/modules
   base.py902374%54, 64, 71–96, 114, 122, 129, 137–138, 157–160, 195–196
   net_base.py1234861%68–70, 100–101, 182–237, 252–263, 275, 320–321, 329–330, 334
src/mvt/ios/modules/backup
   backup_info.py29293%43, 79
   configuration_profiles.py674631%43–48, 58, 61–88, 103–178
   manifest.py81890%59, 66, 112–118, 123, 169–170
   profile_events.py513237%44, 55, 58–67, 71–97, 103–110, 113
src/mvt/ios/modules/fs
   analytics.py655023%34, 44, 52–77, 80–137, 140–143, 146–152
   analytics_ios_versions.py362628%30, 40, 48–86
   cache_files.py463524%24, 34–45, 48–62, 65–80, 92–99
   filesystem.py42881%52, 56–57, 61, 77–78, 89–90
   net_netusage.py181044%34, 44–57
   safari_favicon.py372630%31, 41, 50–60, 63–115, 118–124
   shutdownlog.py655417%30, 40, 49–69, 72–127, 130–133
   version_history.py20955%32, 42, 50–65
   webkit_base.py221627%17–24, 27–38
   webkit_indexeddb.py13469%34, 44, 53–54
   webkit_localstorage.py12467%32, 42, 51–52
   webkit_safariviewservice.py10370%32, 42–43
src/mvt/ios/modules/mixed
   applications.py754639%50–57, 61–97, 103–111, 117–122, 132–144, 150, 152–154
   calendar.py49296%75–78
   calls.py221055%41, 53–82
   chrome_favicon.py362336%42, 50–60, 66–104
   chrome_history.py301743%44, 54–61, 67–102
   contacts.py281739%45–75
   firefox_favicon.py321941%43, 52–62, 68–106
   firefox_history.py301743%47, 55–62, 68–101
   global_preferences.py25196%45
   idstatuscache.py563930%46, 55–72, 75–105, 110–120
   interactionc.py554027%251–275, 281–320
   locationd.py836522%58–70, 73–133, 136–155, 160–172
   osanalytics_addaily.py311745%45, 56–63, 70–98
   safari_browserstate.py732763%68, 71–75, 96–98, 112–132, 167, 173–180
   safari_history.py704437%48, 59–98, 107, 110–113, 116–151, 163–171
   shortcuts.py675025%47–55, 71–78, 84–153
   sms.py691381%74, 86, 110–127, 140, 154
   sms_attachments.py422443%44, 57–74, 97–128
   tcc.py802865%68, 85, 108–125, 140–143, 163–205
   webkit_resource_load_statistics.py521081%67–68, 93–94, 128–135
   webkit_session_resource_log.py755231%56–66, 70, 73–113, 119–149, 156–173
   whatsapp.py513825%43–48, 56–63, 69–135
TOTAL6482248862% 

Tests Skipped Failures Errors Time
110 1 💤 0 ❌ 0 🔥 8.538s ⏱️

@DonnchaC
Merge branch 'main' into feature/tombstone-parser
02c02ca
@DonnchaC
Add initial tombstone parser
b7595b6 
This supports parsing tombstone files from Android bugreports. The parser
can load both the legacy text format and the new binary protobuf format.
@DonnchaC
Fix generate-proto-parsers Makefile command
a2dabb4
@DonnchaC DonnchaC marked this pull request as ready for review February 6, 2025 19:13
@DonnchaC DonnchaC changed the title WIP: Add parser for Android tombstone files Add parser for Android tombstone files Feb 6, 2025
@DonnchaC DonnchaC merged commit e5865b1 into main Feb 6, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@DonnchaC