Check fails with error: KeyError: 'netUsageBaseline'

Question

Check fails with error: KeyError: 'netUsageBaseline'

Nuru opened this issue a year ago · comments

Running against an iPadOS 16.5 encrypted backup, triangle_check fails because osanalytics does not have a 'netUsageBaseline'.

Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py", line 194, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/triangle_check/__main__.py", line 49, in <module>
    main()
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/triangle_check/__main__.py", line 29, in main
    results = checker.scan_dir(dir, password, ask_password)
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/triangle_check/__init__.py", line 216, in scan_dir
    baseline = osanalytics['netUsageBaseline']
KeyError: 'netUsageBaseline'

Kai · Answer 1 · Tue Jan 02 2024 23:17:10 GMT+0800 (China Standard Time)

I have the same problem. My wild guess is that this happens when analytics collection is disabled on the iPhone.

I created a pull request to work around this. My change skips the detection of some IOCs. Not sure if this is a problem, since data usage of the same IOCs (f.e. BackupAgent) is still performed in the next step of the script.