MVT + Adb : how to use this consensual forensics tool to analyse whether your phone has been compromised by the pegasus/NSO discoveries. Forensics, long time no see !

Following pegasus revelations, I decided to play a bit with the tool provided by Amnesty International Security Lab in July 2021. 

Forensics, long time no see !

Sources : https://github.com/mvt-project/mvt

Doc : https://docs.mvt.re/en/latest/android/download_apks.html

Pretty strait-forward, once you have ADB installed on your computer.

the following steps are for and android phone + mac OS laptop

Step 0 : set your phone in "developper mode". For me I had to go to the settings and press 7 times on the release logo. 

Step 1 : plug your phone in USB, enabling USB debugging https://developer.android.com/studio/debug/dev-options#enable%3E

Step 2 : install ADB

brew install android-platform-tools

Check that you see your device, and then stop adb (not required after).

adb devices

adb kill-server

Step 3 : install mvt

pip3 install mvt
Step 4 : run mvt over your phone

mkdir output && mvt-android download-apks --output ./output --all-checks