From 89d31f32128b7be559b0348f8ee8b96b295f99b8 Mon Sep 17 00:00:00 2001 From: scribblemaniac Date: Fri, 28 Jun 2024 01:28:03 -0600 Subject: [PATCH 1/3] Refactor Dockerfile into tool-specific multi-stage builds Also made the following other changes: - The final image for the tool-specific Dockerfiles is based off of alpine instead of ubuntu - Add step to build libtatsu, which is a new dependency for libimobiledevice - Multithread make operations during build - Use ARG instead of ENV for build environment variables - Use apt-get instead of apt - Use non-dev library in the final image (except for manually built libraries) --- .dockerignore | 2 + Dockerfile | 169 ++++++++++++++++++++++++++++++++------------- Dockerfile.android | 29 ++++++++ Dockerfile.ios | 132 +++++++++++++++++++++++++++++++++++ 4 files changed, 283 insertions(+), 49 deletions(-) create mode 100644 .dockerignore create mode 100644 Dockerfile.android create mode 100644 Dockerfile.ios diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 000000000..65b326f76 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,2 @@ +# Ignore everything, the dockerfile always pulls from https://github.com/mvt-project/mvt.git@main +* diff --git a/Dockerfile b/Dockerfile index 266dc001d..70ca1027b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,79 +1,150 @@ -FROM ubuntu:22.04 +# Base image for building libraries +# --------------------------------- +FROM ubuntu:22.04 as build-base -# Ref. https://github.com/mvt-project/mvt +ARG DEBIAN_FRONTEND=noninteractive -LABEL url="https://mvt.re" -LABEL vcs-url="https://github.com/mvt-project/mvt" -LABEL description="MVT is a forensic tool to look for signs of infection in smartphone devices." - -ENV PIP_NO_CACHE_DIR=1 -ENV DEBIAN_FRONTEND=noninteractive - -# Fixing major OS dependencies -# ---------------------------- -RUN apt update \ - && apt install -y python3 python3-pip libusb-1.0-0-dev wget unzip default-jre-headless adb \ - -# Install build tools for libimobiledevice -# ---------------------------------------- +# Install build tools and dependencies +RUN apt-get update \ + && apt-get install -y \ build-essential \ - checkinstall \ git \ autoconf \ automake \ libtool-bin \ - libplist-dev \ - libusbmuxd-dev \ - libssl-dev \ - sqlite3 \ pkg-config \ + libcurl4-openssl-dev \ + libusb-1.0-0-dev \ + libssl-dev \ + udev \ + && rm -rf /var/lib/apt/lists/* -# Clean up + +# libplist # -------- - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* /var/cache/apt +FROM build-base as build-libplist + +# Build +RUN git clone https://github.com/libimobiledevice/libplist && cd libplist \ + && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \ + && cd .. && rm -rf libplist + + +# libimobiledevice-glue +# --------------------- +FROM build-base as build-libimobiledevice-glue +# Install dependencies +COPY --from=build-libplist /build / -# Build libimobiledevice -# ---------------------- -RUN git clone https://github.com/libimobiledevice/libplist \ - && git clone https://github.com/libimobiledevice/libimobiledevice-glue \ - && git clone https://github.com/libimobiledevice/libusbmuxd \ - && git clone https://github.com/libimobiledevice/libimobiledevice \ - && git clone https://github.com/libimobiledevice/usbmuxd \ +# Build +RUN git clone https://github.com/libimobiledevice/libimobiledevice-glue && cd libimobiledevice-glue \ + && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \ + && cd .. && rm -rf libimobiledevice-glue + + +# libtatsu +# -------- +FROM build-base as build-libtatsu - && cd libplist && ./autogen.sh && make && make install && ldconfig \ +# Install dependencies +COPY --from=build-libplist /build / - && cd ../libimobiledevice-glue && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --prefix=/usr && make && make install && ldconfig \ +# Build +RUN git clone https://github.com/libimobiledevice/libtatsu && cd libtatsu \ + && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \ + && cd .. && rm -rf libtatsu - && cd ../libusbmuxd && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh && make && make install && ldconfig \ - && cd ../libimobiledevice && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --enable-debug && make && make install && ldconfig \ +# libusbmuxd +# ---------- +FROM build-base as build-libusbmuxd - && cd ../usbmuxd && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --runstatedir=/run && make && make install \ +# Install dependencies +COPY --from=build-libplist /build / +COPY --from=build-libimobiledevice-glue /build / - # Clean up. - && cd .. && rm -rf libplist libimobiledevice-glue libusbmuxd libimobiledevice usbmuxd +# Build +RUN git clone https://github.com/libimobiledevice/libusbmuxd && cd libusbmuxd \ + && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \ + && cd .. && rm -rf libusbmuxd + + +# libimobiledevice +# ---------------- +FROM build-base as build-libimobiledevice + +# Install dependencies +COPY --from=build-libplist /build / +COPY --from=build-libtatsu /build / +COPY --from=build-libimobiledevice-glue /build / +COPY --from=build-libusbmuxd /build / + +# Build +RUN git clone https://github.com/libimobiledevice/libimobiledevice && cd libimobiledevice \ + && ./autogen.sh --enable-debug && make -j "$(nproc)" && make install DESTDIR=/build \ + && cd .. && rm -rf libimobiledevice + + +# usbmuxd +# ------- +FROM build-base as build-usbmuxd + +# Install dependencies +COPY --from=build-libplist /build / +COPY --from=build-libimobiledevice-glue /build / +COPY --from=build-libusbmuxd /build / +COPY --from=build-libimobiledevice /build / + +# Build +RUN git clone https://github.com/libimobiledevice/usbmuxd && cd usbmuxd \ + && ./autogen.sh --sysconfdir=/etc --localstatedir=/var --runstatedir=/run && make -j "$(nproc)" && make install DESTDIR=/build \ + && cd .. && rm -rf usbmuxd && mv /build/lib /build/usr/lib + + +# Create main image +FROM ubuntu:22.04 as main + +LABEL url="https://mvt.re" +LABEL vcs-url="https://github.com/mvt-project/mvt" +LABEL description="MVT is a forensic tool to look for signs of infection in smartphone devices." -# Installing MVT -# -------------- -RUN pip3 install git+https://github.com/mvt-project/mvt.git@main +# Install runtime dependencies +ARG DEBIAN_FRONTEND=noninteractive +RUN apt-get update \ + && apt-get install -y \ + adb \ + default-jre-headless \ + libcurl4 \ + libssl3 \ + libusb-1.0-0 \ + python3 \ + sqlite3 +COPY --from=build-libplist /build / +COPY --from=build-libimobiledevice-glue /build / +COPY --from=build-libtatsu /build / +COPY --from=build-libusbmuxd /build / +COPY --from=build-libimobiledevice /build / +COPY --from=build-usbmuxd /build / + +# Install mvt +RUN apt-get update \ + && apt-get install -y git python3-pip \ + && PIP_NO_CACHE_DIR=1 pip3 install git+https://github.com/mvt-project/mvt.git@main \ + && apt-get remove -y python3-pip git && apt-get autoremove -y \ + && rm -rf /var/lib/apt/lists/* # Installing ABE -# -------------- -RUN mkdir /opt/abe \ - && wget https://github.com/nelenkov/android-backup-extractor/releases/download/master-20221109063121-8fdfc5e/abe.jar -O /opt/abe/abe.jar \ +ADD https://github.com/nelenkov/android-backup-extractor/releases/download/master-20221109063121-8fdfc5e/abe.jar /opt/abe/abe.jar # Create alias for abe - && echo 'alias abe="java -jar /opt/abe/abe.jar"' >> ~/.bashrc +RUN echo 'alias abe="java -jar /opt/abe/abe.jar"' >> ~/.bashrc -# Generate adb key folder -# ------------------------------ +# Generate adb key folder RUN mkdir /root/.android && adb keygen /root/.android/adbkey # Setup investigations environment -# -------------------------------- RUN mkdir /home/cases -WORKDIR /home/cases +WORKDIR /home/cases RUN echo 'echo "Mobile Verification Toolkit @ Docker\n------------------------------------\n\nYou can find information about how to use this image for Android (https://github.com/mvt-project/mvt/tree/master/docs/android) and iOS (https://github.com/mvt-project/mvt/tree/master/docs/ios) in the official docs of the project.\n"' >> ~/.bashrc \ && echo 'echo "Note that to perform the debug via USB you might need to give the Docker image access to the USB using \"docker run -it --privileged -v /dev/bus/usb:/dev/bus/usb mvt\" or, preferably, the \"--device=\" parameter.\n"' >> ~/.bashrc diff --git a/Dockerfile.android b/Dockerfile.android new file mode 100644 index 000000000..1e432dddd --- /dev/null +++ b/Dockerfile.android @@ -0,0 +1,29 @@ +# Create main image +FROM python:3.10.14-alpine3.20 as main + +LABEL url="https://mvt.re" +LABEL vcs-url="https://github.com/mvt-project/mvt" +LABEL description="MVT is a forensic tool to look for signs of infection in smartphone devices." + +# Install runtime dependencies +RUN apk add --no-cache \ + android-tools \ + git \ + libusb \ + openjdk11-jre-headless \ + sqlite + +# Install mvt +RUN apk add --no-cache git \ + && PIP_NO_CACHE_DIR=1 pip3 install git+https://github.com/mvt-project/mvt.git@main \ + && apk del git + +# Installing ABE +ADD https://github.com/nelenkov/android-backup-extractor/releases/download/master-20221109063121-8fdfc5e/abe.jar /opt/abe/abe.jar +# Create alias for abe +RUN echo 'alias abe="java -jar /opt/abe/abe.jar"' >> ~/.bashrc + +# Generate adb key folder +RUN mkdir /root/.android && adb keygen /root/.android/adbkey + +ENTRYPOINT [ "/usr/local/bin/mvt-android" ] diff --git a/Dockerfile.ios b/Dockerfile.ios new file mode 100644 index 000000000..6ba18c86c --- /dev/null +++ b/Dockerfile.ios @@ -0,0 +1,132 @@ +# Base image for building libraries +# --------------------------------- +FROM ubuntu:22.04 as build-base + +ARG DEBIAN_FRONTEND=noninteractive + +# Install build tools and dependencies +RUN apt-get update \ + && apt-get install -y \ + build-essential \ + git \ + autoconf \ + automake \ + libtool-bin \ + pkg-config \ + libcurl4-openssl-dev \ + libusb-1.0-0-dev \ + libssl-dev \ + udev \ + && rm -rf /var/lib/apt/lists/* + + +# libplist +# -------- +FROM build-base as build-libplist + +# Build +RUN git clone https://github.com/libimobiledevice/libplist && cd libplist \ + && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \ + && cd .. && rm -rf libplist + + +# libimobiledevice-glue +# --------------------- +FROM build-base as build-libimobiledevice-glue + +# Install dependencies +COPY --from=build-libplist /build / + +# Build +RUN git clone https://github.com/libimobiledevice/libimobiledevice-glue && cd libimobiledevice-glue \ + && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \ + && cd .. && rm -rf libimobiledevice-glue + + +# libtatsu +# -------- +FROM build-base as build-libtatsu + +# Install dependencies +COPY --from=build-libplist /build / + +# Build +RUN git clone https://github.com/libimobiledevice/libtatsu && cd libtatsu \ + && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \ + && cd .. && rm -rf libtatsu + + +# libusbmuxd +# ---------- +FROM build-base as build-libusbmuxd + +# Install dependencies +COPY --from=build-libplist /build / +COPY --from=build-libimobiledevice-glue /build / + +# Build +RUN git clone https://github.com/libimobiledevice/libusbmuxd && cd libusbmuxd \ + && ./autogen.sh && make -j "$(nproc)" && make install DESTDIR=/build \ + && cd .. && rm -rf libusbmuxd + + +# libimobiledevice +# ---------------- +FROM build-base as build-libimobiledevice + +# Install dependencies +COPY --from=build-libplist /build / +COPY --from=build-libtatsu /build / +COPY --from=build-libimobiledevice-glue /build / +COPY --from=build-libusbmuxd /build / + +# Build +RUN git clone https://github.com/libimobiledevice/libimobiledevice && cd libimobiledevice \ + && ./autogen.sh --enable-debug && make -j "$(nproc)" && make install DESTDIR=/build \ + && cd .. && rm -rf libimobiledevice + + +# usbmuxd +# ------- +FROM build-base as build-usbmuxd + +# Install dependencies +COPY --from=build-libplist /build / +COPY --from=build-libimobiledevice-glue /build / +COPY --from=build-libusbmuxd /build / +COPY --from=build-libimobiledevice /build / + +# Build +RUN git clone https://github.com/libimobiledevice/usbmuxd && cd usbmuxd \ + && ./autogen.sh --sysconfdir=/etc --localstatedir=/var --runstatedir=/run && make -j "$(nproc)" && make install DESTDIR=/build \ + && cd .. && rm -rf usbmuxd && mv /build/lib /build/usr/lib + + +# Main image +# ---------- +FROM python:3.10.14-alpine3.20 as main + +LABEL url="https://mvt.re" +LABEL vcs-url="https://github.com/mvt-project/mvt" +LABEL description="MVT is a forensic tool to look for signs of infection in smartphone devices." + +# Install runtime dependencies +RUN apk add --no-cache \ + gcompat \ + libcurl \ + libssl3 \ + libusb \ + sqlite +COPY --from=build-libplist /build / +COPY --from=build-libimobiledevice-glue /build / +COPY --from=build-libtatsu /build / +COPY --from=build-libusbmuxd /build / +COPY --from=build-libimobiledevice /build / +COPY --from=build-usbmuxd /build / + +# Install mvt +RUN apk add --no-cache git \ + && PIP_NO_CACHE_DIR=1 pip3 install git+https://github.com/mvt-project/mvt.git@main \ + && apk del git + +ENTRYPOINT [ "/usr/local/bin/mvt-ios" ] From 79dbf999a9314af9eec05511142559b4933256f5 Mon Sep 17 00:00:00 2001 From: scribblemaniac Date: Fri, 28 Jun 2024 14:41:15 -0600 Subject: [PATCH 2/3] Use OCI standard labels for docker image --- Dockerfile | 9 ++++++--- Dockerfile.android | 9 ++++++--- Dockerfile.ios | 9 ++++++--- 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 70ca1027b..faa1c0fae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -105,9 +105,12 @@ RUN git clone https://github.com/libimobiledevice/usbmuxd && cd usbmuxd \ # Create main image FROM ubuntu:22.04 as main -LABEL url="https://mvt.re" -LABEL vcs-url="https://github.com/mvt-project/mvt" -LABEL description="MVT is a forensic tool to look for signs of infection in smartphone devices." +LABEL org.opencontainers.image.url="https://mvt.re" +LABEL org.opencontainers.image.documentation="https://docs.mvt.re" +LABEL org.opencontainers.image.source="https://github.com/mvt-project/mvt" +LABEL org.opencontainers.image.title="Mobile Verification Toolkit" +LABEL org.opencontainers.image.description="MVT is a forensic tool to look for signs of infection in smartphone devices." +LABEL org.opencontainers.image.base.name=docker.io/library/ubuntu:22.04 # Install runtime dependencies ARG DEBIAN_FRONTEND=noninteractive diff --git a/Dockerfile.android b/Dockerfile.android index 1e432dddd..be4416771 100644 --- a/Dockerfile.android +++ b/Dockerfile.android @@ -1,9 +1,12 @@ # Create main image FROM python:3.10.14-alpine3.20 as main -LABEL url="https://mvt.re" -LABEL vcs-url="https://github.com/mvt-project/mvt" -LABEL description="MVT is a forensic tool to look for signs of infection in smartphone devices." +LABEL org.opencontainers.image.url="https://mvt.re" +LABEL org.opencontainers.image.documentation="https://docs.mvt.re" +LABEL org.opencontainers.image.source="https://github.com/mvt-project/mvt" +LABEL org.opencontainers.image.title="Mobile Verification Toolkit (Android)" +LABEL org.opencontainers.image.description="MVT is a forensic tool to look for signs of infection in smartphone devices." +LABEL org.opencontainers.image.base.name=docker.io/library/python:3.10.14-alpine3.20 # Install runtime dependencies RUN apk add --no-cache \ diff --git a/Dockerfile.ios b/Dockerfile.ios index 6ba18c86c..ed3ec998d 100644 --- a/Dockerfile.ios +++ b/Dockerfile.ios @@ -106,9 +106,12 @@ RUN git clone https://github.com/libimobiledevice/usbmuxd && cd usbmuxd \ # ---------- FROM python:3.10.14-alpine3.20 as main -LABEL url="https://mvt.re" -LABEL vcs-url="https://github.com/mvt-project/mvt" -LABEL description="MVT is a forensic tool to look for signs of infection in smartphone devices." +LABEL org.opencontainers.image.url="https://mvt.re" +LABEL org.opencontainers.image.documentation="https://docs.mvt.re" +LABEL org.opencontainers.image.source="https://github.com/mvt-project/mvt" +LABEL org.opencontainers.image.title="Mobile Verification Toolkit (iOS)" +LABEL org.opencontainers.image.description="MVT is a forensic tool to look for signs of infection in smartphone devices." +LABEL org.opencontainers.image.base.name=docker.io/library/python:3.10.14-alpine3.20 # Install runtime dependencies RUN apk add --no-cache \ From e00895aa9d68bb12a12ead437760578dcd7156dc Mon Sep 17 00:00:00 2001 From: scribblemaniac Date: Wed, 3 Jul 2024 13:06:31 -0600 Subject: [PATCH 3/3] Explicitly install usb version of adb_shell This works without [usb] in Debian, but not in Alpine for some reason. --- setup.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.cfg b/setup.cfg index d3325f104..30bc9139e 100644 --- a/setup.cfg +++ b/setup.cfg @@ -29,7 +29,7 @@ install_requires = packaging >=21.3 appdirs >=1.4.4 iOSbackup >=0.9.923 - adb-shell >=0.4.3 + adb-shell[usb] >=0.4.3 libusb1 >=3.0.0 cryptography >=42.0.5 pyyaml >=6.0