mvt-project
"Unable to connect to the device over USB. Try to unplug, plug the device and start again."
I'm not sure if this is a problem with my phone, my computer, this software, the way I use the software or multiple of those:
I always get "ERROR [mvt.android.modules.adb.base] Unable to connect to the device over USB. Try to unplug, plug the device and start again." when running mvt-android check-adb with the phone connected.
More details can be found in my question about it here (no answer so far).
How to get the scan to work?
Hi
I have similar issues with the command.
what does the output say for the below command
adb devices -l
I tried it again a few times after trying to fully upgrade (fully upgrading didn't work, it still displays v1.2.11). It ran a lot of tests now but I haven't seen any results. Should it display them in the console?
I had a lot of prompts about trusting the RSA key of the computer which I always confirmed after unchecking "always trust this computer". Earlier it was just two prompts or so. I had to try a few times until it ran these tests.
The first outputs are:
[mvt.android.cli] Checking Android through adb bridge
INFO [mvt.android.cli] Loaded a total of 0 indicators
INFO [mvt.android.modules.adb.chrome_history] Running module ChromeHistory...
ERROR [mvt.android.modules.adb.chrome_history] Error in running extraction from module ChromeHistory: Could not receive data from first
id (timeout 10000ms): LIBUSB_ERROR_TIMEOUT [-7]
Traceback (most recent call last):
File "/home/username/.local/lib/python3.6/site-packages/adb_shell/transport/usb_transport.py", line 283, in bulk_read
return bytes(self._transport.bulkRead(self._read_endpoint, numbytes, timeout=self._timeout_ms(transport_timeout_s)))
File "/home/username/.local/lib/python3.6/site-packages/usb1/__init__.py", line 1429, in bulkRead
transferred = self._bulkTransfer(endpoint, data, length, timeout)
File "/home/username/.local/lib/python3.6/site-packages/usb1/__init__.py", line 1378, in _bulkTransfer
self.__handle, endpoint, data, length, byref(transferred), timeout,
File "/home/username/.local/lib/python3.6/site-packages/usb1/__init__.py", line 127, in mayRaiseUSBError
__raiseUSBError(value)
File "/home/username/.local/lib/python3.6/site-packages/usb1/__init__.py", line 119, in raiseUSBError
raise __STATUS_TO_EXCEPTION_DICT.get(value, __USBError)(value)
usb1.USBErrorTimeout: LIBUSB_ERROR_TIMEOUT [-7]
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/username/.local/lib/python3.6/site-packages/mvt/common/module.py", line 152, in run_module
module.run()
File "/home/username/.local/lib/python3.6/site-packages/mvt/android/modules/adb/chrome_history.py", line 81, in run
self._parse_db)
File "/home/username/.local/lib/python3.6/site-packages/mvt/android/modules/adb/base.py", line 213, in _adb_process_file
self._adb_root_or_die()
File "/home/username/.local/lib/python3.6/site-packages/mvt/android/modules/adb/base.py", line 127, in _adb_root_or_die
if not self._adb_check_if_root():
File "/home/username/.local/lib/python3.6/site-packages/mvt/android/modules/adb/base.py", line 123, in _adb_check_if_root
return bool(self._adb_command("command -v su"))
File "/home/username/.local/lib/python3.6/site-packages/mvt/android/modules/adb/base.py", line 114, in _adb_command
return self.device.shell(command)
File "/home/username/.local/lib/python3.6/site-packages/adb_shell/adb_device.py", line 816, in shell
return self._service(b'shell', command.encode('utf8'), transport_timeout_s, read_timeout_s, timeout_s, decode)
File "/home/username/.local/lib/python3.6/site-packages/adb_shell/adb_device.py", line 684, in _service
return b''.join(self._streaming_command(service, command, transport_timeout_s, read_timeout_s, timeout_s)).decode('utf8',
_DECODE_ERRORS)
File "/home/username/.local/lib/python3.6/site-packages/adb_shell/adb_device.py", line 1260, in _streaming_command
adb_info = self._open(b'%s:%s' % (service, command), transport_timeout_s, read_timeout_s, timeout_s)
File "/home/username/.local/lib/python3.6/site-packages/adb_shell/adb_device.py", line 1158, in _open
_, adb_info.remote_id, _, _ = self._io_manager.read([constants.OKAY], adb_info)
File "/home/username/.local/lib/python3.6/site-packages/adb_shell/adb_device.py", line 313, in read
cmd, arg0, arg1, data = self._read_packet_from_device(adb_info)
File "/home/username/.local/lib/python3.6/site-packages/adb_shell/adb_device.py", line 460, in _read_packet_from_device
msg = self._read_bytes_from_device(constants.MESSAGE_SIZE, adb_info)
File "/home/username/.local/lib/python3.6/site-packages/adb_shell/adb_device.py", line 416, in _read_bytes_from_device
temp = self._transport.bulk_read(length, adb_info.transport_timeout_s)
File "/home/username/.local/lib/python3.6/site-packages/adb_shell/transport/usb_transport.py", line 285, in bulk_read
raise exceptions.UsbReadFailedError('Could not receive data from %s (timeout %sms)' % (self.usb_info,
self._timeout_ms(transport_timeout_s)), e)
adb_shell.exceptions.UsbReadFailedError: Could not receive data from first id (timeout 10000ms): LIBUSB_ERROR_TIMEOUT [-7]
INFO [mvt.android.modules.adb.sms] Running module SMS...
I think this error can be solved in part by increasing the timeout for confirming the RSA key prompt/s.
After this error no more errors occur (but around 10 RSA key prompts).
It just finishes with these lines at the end:
INFO [mvt.android.modules.adb.files] List of visible files stored at ./resultsdirectory/files.txt
INFO [mvt.android.modules.adb.files] The Files module does not support checking for indicators
Except for the ERROR above there are also INFO outputs. So it seems like many tests didn't run and it could not create a results report.
adb devices -l shows the device {id} unauthorized usb:... before confirming prompts then after running adb kill-server and mvt-android check-adb --output ./resultsdirectory it shows {id} device usb:... and more info about the device.
This is on Debian11/KDE.
USB connection problem may be related to KDE or the Dolphin file manager - if I want to browse files on my phone I have to close the Dolphin file manager (installed from the Debian repos) and connect the phone only afterwards and mount it with Dolphin (if Dolphin is already open it often doesn't work, sometimes it takes a few tries).
Edit: this has occurred for >1 years on >1 phones with different Android versions and >1 Debian11/KDE computers but it looks like it's not necessary to do this anymore. For a long time I didn't notice that closing Dolphin before mounting helps. I tested it again and now mounting and browsing files with the popup in the bottom right works even if Dolphin is open (and has several tabs open). I will try it again at another time, and this recently still occurred. Maybe an update solved it. If it occurs again I'll create a bug report for Dolphin which may be related to 1 and 2. This may be unrelated to mvt.
It did complete a scan now with v 1.4.7 (without updating MVT). I have some result files now, I guess if it had found something it would have displayed that in the console right? I also ran a scan with v 2.2 (I updated with pip3 install --upgrade mvt and this command should be in the docs and in the man page) which did run through too.
It finished with INFO [mvt.android.modules.adb.files] List of visible files stored in files.json (v 1.4.7) and INFO [mvt.android.modules.adb.files] Found {nr} total files (v 2.2). I hope that's fine and as intended, I would have expected a message like "Scan completed, nothing suspicious found"...it would be good if you could add such.
The best explanation for why it works now is that I have updated some stock apps. I also checked "always trust this computer" at the prompt on Android when connecting the USB but I think I tried this earlier and it didn't help (that this should or doesn't need to be checked should also be in the docs!).
This can probably get closed now if the results are fine and if you change the docs to add these infos.
Thank you for your feedback. Bear in mind, mvt is not a detection tool. It's an extract/analysis tool with support for indicators check. If no indicators matched, it does not mean automatically that there is nothing suspicious at all with the device, so we don't want to mislead users with a message giving some false sense of security. We want to make sure instead users understand that in order to use this tool effectively, they need to be practical and familiar with forensics.
