Sorry, this site doesn't work properly without JavaScript.

Mobile Verification Toolkit For Pegasus Infection

by Admin

on 22:02

Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.

It has been developed and released by the Amnesty International Security Lab in July 2021 in the context of the Pegasus project along with a technical forensic methodology and forensic evidence.

Warning: this tool has been released as a forensic tool for a technical audience. Using it requires some technical skills such as understanding the basics of forensic analysis and using command-line tools.

Installation

First, you need to install dependencies, on Linux sudo apt install python3 python3-pip libusb-1.0-0 or on MacOS brew install python3 libusb.

Then you can install mvt from pypi with pip3 install mvt, or directly from sources:

git clone https://github.com/mvt-project/mvt.git
cd mvt
pip3 install.

Usage

MVT provides two commands mvt-ios and mvt-android with the following subcommands available:

mvt-ios:

check-backup: Extract artifacts from an iTunes backup

check-fs: Extract artifacts from a full filesystem dump

check-iocs: Compare stored JSON results to provided indicators

decrypt-backup: Decrypt an encrypted iTunes backup

mvt-android:

check-backup: Check an Android Backup

download-apks: Download all or non-safelisted installed APKs

Check out the documentation to see how to use them.

GET MVK ToolKit

Newer Posts Older Posts


      
      <script type='text/javascript'>
  setTimeout(function() {
    var headID = document.getElementsByTagName("head")[0];

    // External JavaScript files
    var externalScripts = [
      'https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1618281995222563',
      'https://www.googletagmanager.com/gtag/js?id=UA-43857487-1',
      'https://tools.cyberkendra.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js'
      'https://www.google-analytics.com/analytics.js'
      'https://tools.cyberkendra.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js'
    ];

    for (var i = 0; i < externalScripts.length; i++) {
      var newScript = document.createElement('script');
      newScript.type = 'text/javascript';
      newScript.src = externalScripts[i];
      headID.appendChild(newScript);
    }

    // External CSS files
    var externalStyles = [
	'https://www.google.com/cse/static/element/8435450f13508ca1/default_v5+en.css'
    ];

    for (var j = 0; j < externalStyles.length; j++) {
      var newLink = document.createElement('link');
      newLink.rel = 'stylesheet';
      newLink.type = 'text/css';
      newLink.href = externalStyles[j];
      headID.appendChild(newLink);
    }

    // Google Fonts
    var googleFonts = [
      'https://fonts.gstatic.com/s/rubik/v20/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFV0U1.woff2',
      'https://fonts.gstatic.com/s/rubik/v20/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FV0U1.woff2'
      'https://fonts.gstatic.com/s/rubik/v20/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0U1.woff2'
    ];

    for (var k = 0; k < googleFonts.length; k++) {
      var newLink = document.createElement('link');
      newLink.rel = 'stylesheet';
      newLink.type = 'text/css';
      newLink.href = googleFonts[k];
      headID.appendChild(newLink);
    }
  }, 5000);
</script>
    
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/848617736-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY5KDD1QbMaYR3msCFJoRq5-ROK6bw:1713868550228';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d3163889773480073810','//tools.cyberkendra.com/2021/07/mobile-verification-toolkit-for-pegasus.html','3163889773480073810');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '3163889773480073810', 'title': 'Hack Tools', 'url': 'https://tools.cyberkendra.com/2021/07/mobile-verification-toolkit-for-pegasus.html', 'canonicalUrl': 'https://tools.cyberkendra.com/2021/07/mobile-verification-toolkit-for-pegasus.html', 'homepageUrl': 'https://tools.cyberkendra.com/', 'searchUrl': 'https://tools.cyberkendra.com/search', 'canonicalHomepageUrl': 'https://tools.cyberkendra.com/', 'blogspotFaviconUrl': 'https://tools.cyberkendra.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': 'UA-43857487-1', 'encoding': 'UTF-8', 'locale': 'en-GB', 'localeUnderscoreDelimited': 'en_gb', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Hack Tools - Atom\x22 href\x3d\x22https://tools.cyberkendra.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Hack Tools - RSS\x22 href\x3d\x22https://tools.cyberkendra.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Hack Tools - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/3163889773480073810/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Hack Tools - Atom\x22 href\x3d\x22https://tools.cyberkendra.com/feeds/6345311964280523725/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-1618281995222563', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': false, 'adsenseAutoAds': false, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/32178a08698b1e6b', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Share to Twitter', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en_GB\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': true, 'jumpLinkMessage': 'Learn more \xbb', 'pageType': 'item', 'postId': '6345311964280523725', 'postImageThumbnailUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwSnsohEJpg-AzYNw0RYz2kfUNkNxSCu4t_Ut0ngebmxU8zYwm3Nn0IN0cHhmJIfUBooWpEOqEu5ACBTyHxEHfUzql6swKij7PNs6yKSnDY2XO8RW_JEm2NpEDOuymRoEV65PCAtN2TlKA/s72-w640-c-h392/mvt.png', 'postImageUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwSnsohEJpg-AzYNw0RYz2kfUNkNxSCu4t_Ut0ngebmxU8zYwm3Nn0IN0cHhmJIfUBooWpEOqEu5ACBTyHxEHfUzql6swKij7PNs6yKSnDY2XO8RW_JEm2NpEDOuymRoEV65PCAtN2TlKA/w640-h392/mvt.png', 'pageName': 'Mobile Verification Toolkit For Pegasus Infection', 'pageTitle': 'Hack Tools: Mobile Verification Toolkit For Pegasus Infection', 'metaDescription': ''}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard', 'ok': 'Ok', 'postLink': 'Post link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Mobile Verification Toolkit For Pegasus Infection', 'description': '', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwSnsohEJpg-AzYNw0RYz2kfUNkNxSCu4t_Ut0ngebmxU8zYwm3Nn0IN0cHhmJIfUBooWpEOqEu5ACBTyHxEHfUzql6swKij7PNs6yKSnDY2XO8RW_JEm2NpEDOuymRoEV65PCAtN2TlKA/w640-h392/mvt.png', 'url': 'https://tools.cyberkendra.com/2021/07/mobile-verification-toolkit-for-pegasus.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 6345311964280523725}}, {'name': 'widgets', 'data': [{'title': 'JavaScript Variables', 'type': 'LinkList', 'sectionId': 'elcreative_panel_top', 'id': 'LinkList995'}, {'title': 'CSS Options', 'type': 'LinkList', 'sectionId': 'elcreative_panel_top', 'id': 'LinkList996'}, {'title': 'Custom SVG Pack (SVG Sprites)', 'type': 'HTML', 'sectionId': 'elcreative_panel_top', 'id': 'HTML994'}, {'title': 'Hack Tools (Header)', 'type': 'Header', 'sectionId': 'section_app_bar', 'id': 'Header1'}, {'title': 'Navigation Drawer Menu', 'type': 'LinkList', 'sectionId': 'section_navigation', 'id': 'LinkList999'}, {'title': 'More Menu', 'type': 'PageList', 'sectionId': 'section_navigation', 'id': 'PageList999'}, {'title': 'Post Ad Slot (Top)', 'type': 'HTML', 'sectionId': 'section_main_widget', 'id': 'HTML996'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'section_main_widget', 'id': 'Blog1', 'posts': [{'id': '6345311964280523725', 'title': 'Mobile Verification Toolkit For Pegasus Infection', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwSnsohEJpg-AzYNw0RYz2kfUNkNxSCu4t_Ut0ngebmxU8zYwm3Nn0IN0cHhmJIfUBooWpEOqEu5ACBTyHxEHfUzql6swKij7PNs6yKSnDY2XO8RW_JEm2NpEDOuymRoEV65PCAtN2TlKA/w640-h392/mvt.png', 'showInlineAds': false}], 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'on'}, {'name': 'comments', 'label': 'Post a Comment'}, {'name': 'share', 'label': ''}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': ''}]}], 'allBylineItems': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'on'}, {'name': 'comments', 'label': 'Post a Comment'}, {'name': 'share', 'label': ''}, {'name': 'labels', 'label': ''}]}, {'title': 'Between Post Ad Slot', 'type': 'HTML', 'sectionId': 'section_main_widget', 'id': 'HTML995'}, {'title': 'Post Ad Slot (Bottom)', 'type': 'HTML', 'sectionId': 'section_main_widget', 'id': 'HTML997'}, {'title': '', 'type': 'HTML', 'sectionId': 'section_aside_widget', 'id': 'HTML1'}, {'title': 'Custom Vanilla JavaScript', 'type': 'HTML', 'sectionId': 'elcreative_panel_bottom', 'id': 'HTML998'}, {'title': 'Custom jQuery Script', 'type': 'HTML', 'sectionId': 'elcreative_panel_bottom', 'id': 'HTML999'}, {'title': 'Contact Form', 'type': 'ContactForm', 'sectionId': 'hidden', 'id': 'ContactForm1'}]}]);
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList995', 'elcreative_panel_top', document.getElementById('LinkList995'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList996', 'elcreative_panel_top', document.getElementById('LinkList996'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML994', 'elcreative_panel_top', document.getElementById('HTML994'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'section_app_bar', document.getElementById('Header1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList999', 'section_navigation', document.getElementById('LinkList999'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PageListView', new _WidgetInfo('PageList999', 'section_navigation', document.getElementById('PageList999'), {'title': 'More Menu', 'links': [{'isCurrentPage': false, 'href': 'https://tools.cyberkendra.com/', 'title': 'Home'}], 'mobile': false, 'showPlaceholder': true, 'hasCurrentPage': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML996', 'section_main_widget', document.getElementById('HTML996'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'section_main_widget', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML995', 'section_main_widget', document.getElementById('HTML995'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML997', 'section_main_widget', document.getElementById('HTML997'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML1', 'section_aside_widget', document.getElementById('HTML1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML998', 'elcreative_panel_bottom', document.getElementById('HTML998'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML999', 'elcreative_panel_bottom', document.getElementById('HTML999'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ContactFormView', new _WidgetInfo('ContactForm1', 'hidden', document.getElementById('ContactForm1'), {'contactFormMessageSendingMsg': 'Sending...', 'contactFormMessageSentMsg': 'Your message has been sent.', 'contactFormMessageNotSentMsg': 'Message could not be sent. Please try again later.', 'contactFormInvalidEmailMsg': 'A valid email address is required.', 'contactFormEmptyMessageMsg': 'Message field cannot be empty.', 'title': 'Contact Form', 'blogId': '3163889773480073810', 'contactFormNameMsg': 'Name', 'contactFormEmailMsg': 'Email', 'contactFormMessageMsg': 'Message', 'contactFormSendMsg': 'Send', 'contactFormToken': 'AOuZoY5uIA3FTQPL24m103PpYGJGRYtaLw:1713868550229', 'submitUrl': 'https://www.blogger.com/contact-form.do'}, 'displayModeFull'));
</script>
</body>