Rust collector #58
Rust collector #58
Conversation
|
Hola @ping2A ! Thanks for this contribution. Would be great to hear more about this change proposal to understand why shifting to rust lang is a good idea considering that go lang works perfectly now and the binary is doing what it is intended to do. Thanks! |
|
Yes ! The main idea and feature is to bring the ability to use Yara directly on the phone for fast checking with known Yara rules, so it make more sense to use directly Yara-x as it is now a rust project. So at the same time I added some modification to speed up the collecting of information about files, and for process. I kept the current comparability with the go modules by using and exporting the same Json structure so it is perfectly transparent. I will not talk about how it is simple to compile for a new arch with rust, but it is also another benefit of this PR. |
|
Hey @ping2A , thanks very much for the PR To clarify where androidqf stands in the suite of MVT tools, it is intended for primary acquisition, and not for detections (this is where MVT comes in). It might be more appropriate to do something over on the MVT side, where For the collector itself I'm not sure that the change of language from Go to Rust makes sense here, given maintainability & toolchain concerns, but I want to thank you for the effort nonetheless. |
This PR contains multiples modifications of the original Go collector, and keep compatibility with the current Go modules (json output format is the same, so it should not break anything):
The Yara support is not yet supported in the Go binary, but it can be launched manually right now (I will send another PR with proper integration)