Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- # Refer to https://arkadiyt.com/2021/07/25/scanning-your-iphone-for-nso-group-pegasus-malware/
- # Install Mobile VerificationToolkit
- git clone https://github.com/mvt-project/mvt.git
- cd mvt
- docker build -t mvt .
- #Install latest libimobiledevice, backup tool
- brew install --HEAD libimobiledevice
- # Make a working directory
- mkdir -p ~/Desktop/mvt
- # Please plug your iPhone
- # Enable backup encryption - you'll be prompted for a password
- idevicebackup2 -i backup encryption on
- # Backup the device
- idevicebackup2 backup --full ~/Desktop/mvt/
- # run MVT container
- docker run -v ~/Desktop/mvt:/home/cases/mvt -it mvt
- # commands below is run under the MVT container
- # Download Amnesty International's indicators of compromise
- wget https://raw.githubusercontent.com/AmnestyTech/investigations/master/2021-07-18_nso/pegasus.stix2 -O pegasus.stix2
- # We'll save our results here
- mkdir mvt/results
- # Decrypt the backup
- mvt-ios decrypt-backup -p '<password>' -d mvt/decrypted mvt/00008101-0018545E26F1003A/
- # Scan the decrypted backup
- mvt-ios check-backup --iocs pegasus.stix2 --output mvt/results mvt/decrypted
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement