mac_apt
mac_apt copied to clipboard
ydkhatri
Feature Request: Zip folder support for ios_apt
I have no idea how difficult it would be but would love to see it, as we see more FFS extractions.
It shouldn't be too hard but need to find the time to do so. I'll put it on the list of things to do.
On Fri, Oct 1, 2021, 2:07 AM stark4n6 @.***> wrote:
I have no idea how difficult it would be but would love to see it, as we see more FFS extractions.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ydkhatri/mac_apt/issues/75, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADFCHUHROL25TU67OS2WGHDUESDLVANCNFSM5FCWE54A . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
Do you have specific samples for this that you can share? I support reading AXIOM ZIPS in mac_apt, however it won't work for just about any zip file. The reason being that unlike ileapp/aleapp or Axiom, mac_apt does not glob through the folder structure to identify files. It needs to know the structure of the image. Also zip images were not built to be forensic containers, so some part of storing forensic data in them is programmer dependent, and will be different as per the implementation. Let me give you an example. Axiom stores folders as empty entries in the zip with a trailing slash to identify it as such. Some other implementation may just skip folders altogether and just store files (which is how its supposed to be in zips).
So I really need samples from vendor implementations to support reading zips created by different programs.
I'll have to check but I think the main ones I had for testing were from CTF's like Cellebrite's or Magnet's or Josh Hickman's images. If you want links I can send them.