{"id":109867,"date":"2023-06-02T12:16:15","date_gmt":"2023-06-02T12:16:15","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/securelist\/?p=109867"},"modified":"2023-06-20T15:57:59","modified_gmt":"2023-06-20T15:57:59","slug":"find-the-triangulation-utility","status":"publish","type":"post","link":"https:\/\/securelist.com\/find-the-triangulation-utility\/109867\/","title":{"rendered":"In search of the Triangulation: triangle_check utility"},"content":{"rendered":"
In our initial blogpost<\/a> about “Operation Triangulation”, we published a comprehensive guide on how to manually check iOS device backups for possible indicators of compromise using MVT. This process takes time and requires manual search for several types of indicators. To automate this process, we developed a dedicated utility to scan the backups and run all the checks. For Windows and Linux, this tool can be downloaded as a binary build<\/a>, and for MacOS it can be simply installed as a Python package<\/a>.<\/p>\n On Windows, the easiest way to do a backup is via iTunes:<\/p>\n Window asking to trust the computer<\/p><\/div><\/li>\n If your macOS version is lower than Catalina (10.15), you can create a backup using iTunes, using instructions for Windows. Starting from Catalina, backups can be created through Finder:<\/p>\n To create a backup on Linux, you will need to install the libimobiledevice library. In order to create backups of devices with the latest versions of iOS installed, you will need to compile this library from source code<\/a> (you can find the build instructions in the Installation\/Getting Started section). After you do a backup of your device using the instructions above, you will need to install and launch our triangle_check utility.<\/p>\n No matter what operating system you have, you can install the triangle_check Python package that we have published to the Python Package Index (PyPi). To do that, you need to have internet access as well as have the pip utility<\/a> installed.How to back up your device<\/h2>\n
Windows<\/h3>\n
\n
<\/a>
\n<\/a><\/li>\n
macOS<\/h3>\n
\n
Linux<\/h3>\n
\nAfter you install the library and connect your device to the computer, you can create a backup using the idevicebackup2 backup --full <\/code> command.
\nDuring the backup process, you may need to enter your device passcode multiple times.<\/p>\nHow to use our triangle_check utility<\/h2>\n
The triangle_check Python package<\/h3>\n
\nYou can install the utility using two methods:<\/p>\n\n
\nRun the python -m pip install triangle_check<\/code> command.<\/li>\n
\nRun the following commands:
\ngit clone https:\/\/github.com\/KasperskyLab\/triangle_check
\ncd triangle_check
\npython -m build
\npython -m pip install dist\/triangle_check-1.0-py3-none-any.whl<\/code><\/li>\n<\/ul>\n