Skip to content

Commit

Permalink
Merge pull request #327 from stark4n6/master
Browse files Browse the repository at this point in the history
Squashing Bugs 🐛
  • Loading branch information
abrignoni authored Jan 31, 2023
2 parents a726c1f + dd4ee66 commit 71d8611
Show file tree
Hide file tree
Showing 8 changed files with 146 additions and 135 deletions.
4 changes: 3 additions & 1 deletion scripts/artifacts/FacebookMessenger.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@

def get_FacebookMessenger(files_found, report_folder, seeker, wrap_text):

slash = '\\' if is_platform_windows() else '/'

#logfunc(str(files_found))
for file_found in files_found:
file_found = str(file_found)
Expand All @@ -18,7 +20,7 @@ def get_FacebookMessenger(files_found, report_folder, seeker, wrap_text):


if 'user' in file_found:
usernum = file_found.split("/")
usernum = file_found.split(slash)
usernum = '_'+str(usernum[-4])
else:
usernum = ''
Expand Down
18 changes: 10 additions & 8 deletions scripts/artifacts/googleCallScreen.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@

def get_googleCallScreen(files_found, report_folder, seeker, wrap_text):

is_windows = is_platform_windows()
slash = '\\' if is_windows else '/'

for file_found in files_found:
file_found = str(file_found)
if not file_found.endswith('callscreen_transcripts'):
Expand Down Expand Up @@ -45,6 +48,11 @@ def get_googleCallScreen(files_found, report_folder, seeker, wrap_text):
'name': '',
'type': 'message'}}

if report_folder[-1] == slash:
folder_name = os.path.basename(report_folder[:-1])
else:
folder_name = os.path.basename(report_folder)

if usageentries > 0:
for row in all_rows:

Expand All @@ -65,15 +73,9 @@ def get_googleCallScreen(files_found, report_folder, seeker, wrap_text):
conversation += convo_timestamp + convo_transcript

for match in files_found:
if recording_filename in match:
if str(recording_filename) in match:
shutil.copy2(match, report_folder)
audio_file_path = os.path.abspath(match)
audio_clip = '''
<audio controls>
<source src={} type="audio/wav">
<p>Your browser does not support HTML5 audio elements.</p>
</audio>
'''.format(audio_file_path)
audio_clip = f'<audio controls><source src="{folder_name}/{recording_filename}"></audio>'

data_list.append((lm_ts,recording_path,conversation,audio_clip))

Expand Down
226 changes: 114 additions & 112 deletions scripts/artifacts/googleChat.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,130 +15,132 @@
def get_googleChat(files_found, report_folder, seeker, wrap_text):

for file_found in files_found:
file_found = str(file_found)
if not file_found.endswith('dynamite.db'):
file_found = str(file_found)
if file_found.endswith('dynamite.db'):
break
else:
continue # Skip all other files

db = open_sqlite_db_readonly(file_found)
cursor = db.cursor()
cursor.execute('''
SELECT
datetime(topic_messages.create_time/1000000,'unixepoch') AS "Message Time (UTC)",
Groups.name AS "Group Name",
users.name AS "Sender",
topic_messages.text_body AS "Message",
topic_messages.annotation AS "Message Attachment"
FROM
topic_messages
JOIN Groups on Groups.group_id=topic_messages.group_id
JOIN users ON users.user_id=topic_messages.creator_id
ORDER BY "Timestamp (UTC)" ASC
''')
db = open_sqlite_db_readonly(file_found)
cursor = db.cursor()
cursor.execute('''
SELECT
datetime(topic_messages.create_time/1000000,'unixepoch') AS "Message Time (UTC)",
Groups.name AS "Group Name",
users.name AS "Sender",
topic_messages.text_body AS "Message",
topic_messages.annotation AS "Message Attachment"
FROM
topic_messages
JOIN Groups on Groups.group_id=topic_messages.group_id
JOIN users ON users.user_id=topic_messages.creator_id
ORDER BY "Timestamp (UTC)" ASC
''')

all_rows = cursor.fetchall()
usageentries = len(all_rows)
data_list = []
if usageentries > 0:
for x in all_rows:
values = blackboxprotobuf.decode_message(x[4])
if x[4] == b'':
data_list.append((x[0], x[1], x[2], x[3], '', '', '', '','','','',''))
else:
#images section
try:
item11 = (values[0]['1']['10'].get('3').decode('utf-8'))
item12 = (values[0]['1']['10'].get('4').decode('utf-8'))
item13 = (values[0]['1']['10']['5']['1'])
item14 = (values[0]['1']['10']['5']['2'])
data_list.append((x[0], x[1], x[2], x[3], '', '', '', '', item11, item12, item13, item14))
continue
except:
pass
#meeting plain section
try:
item8 = (values[0]['1']['12']['1']['1'].decode('utf-8'))
item9 = (values[0]['1']['12']['1']['3'].decode('utf-8'))
item10 = (values[0]['1']['12']['1']['2'].decode('utf-8'))
data_list.append((x[0], x[1], x[2], x[3], item9, item10, '', '','','','',''))
continue
except:
pass

#meeting with sender name
try:
item4 = (values[0]['1'][0]['12']['1']['1'].decode('utf-8'))
item5 = (values[0]['1'][0]['12']['1']['3'].decode('utf-8'))
item6 = (values[0]['1'][0]['12']['1']['6']['16']['1'].decode('utf-8'))
item7 = (values[0]['1'][0]['12']['1']['6']['16']['2'].decode('utf-8'))
data_list.append((x[0], x[1], x[2], x[3], item5, item6, item7, '','','','',''))
continue
except:
pass

try:
item1 = (values[0]['1'][0]['12']['1']['1'].decode('utf-8'))
item2 = (values[0]['1'][0]['12']['1']['3'].decode('utf-8'))
item3 = (values[0]['1'][0]['12']['1']['2'].decode('utf-8'))
data_list.append((x[0], x[1], x[2], x[3], item2, item3, '','','','','',''))
except:
pass
all_rows = cursor.fetchall()
usageentries = len(all_rows)
data_list = []
if usageentries > 0:
for x in all_rows:
values = blackboxprotobuf.decode_message(x[4])
if x[4] == b'':
data_list.append((x[0], x[1], x[2], x[3], '', '', '', '','','','',''))
else:
#images section
try:
item11 = (values[0]['1']['10'].get('3').decode('utf-8'))
item12 = (values[0]['1']['10'].get('4').decode('utf-8'))
item13 = (values[0]['1']['10']['5']['1'])
item14 = (values[0]['1']['10']['5']['2'])
data_list.append((x[0], x[1], x[2], x[3], '', '', '', '', item11, item12, item13, item14))
continue
except:
pass
#meeting plain section
try:
item8 = (values[0]['1']['12']['1']['1'].decode('utf-8'))
item9 = (values[0]['1']['12']['1']['3'].decode('utf-8'))
item10 = (values[0]['1']['12']['1']['2'].decode('utf-8'))
data_list.append((x[0], x[1], x[2], x[3], item9, item10, '', '','','','',''))
continue
except:
pass

if usageentries > 0:
report = ArtifactHtmlReport('Google Chat Messages')
report.start_artifact_report(report_folder, 'Chat Messages')
report.add_script()
data_headers = ('Message Timestamp (UTC)','Group Name','Sender','Message','Meeting Code', 'Meeting URL','Meeting Sender','Meeting Sender Profile Pic URL','Filename','File Type','Width','Height')
#meeting with sender name
try:
item4 = (values[0]['1'][0]['12']['1']['1'].decode('utf-8'))
item5 = (values[0]['1'][0]['12']['1']['3'].decode('utf-8'))
item6 = (values[0]['1'][0]['12']['1']['6']['16']['1'].decode('utf-8'))
item7 = (values[0]['1'][0]['12']['1']['6']['16']['2'].decode('utf-8'))
data_list.append((x[0], x[1], x[2], x[3], item5, item6, item7, '','','','',''))
continue
except:
pass

try:
item1 = (values[0]['1'][0]['12']['1']['1'].decode('utf-8'))
item2 = (values[0]['1'][0]['12']['1']['3'].decode('utf-8'))
item3 = (values[0]['1'][0]['12']['1']['2'].decode('utf-8'))
data_list.append((x[0], x[1], x[2], x[3], item2, item3, '','','','','',''))
except:
pass

if usageentries > 0:
report = ArtifactHtmlReport('Google Chat Messages')
report.start_artifact_report(report_folder, 'Chat Messages')
report.add_script()
data_headers = ('Message Timestamp (UTC)','Group Name','Sender','Message','Meeting Code', 'Meeting URL','Meeting Sender','Meeting Sender Profile Pic URL','Filename','File Type','Width','Height')

report.write_artifact_data_table(data_headers, data_list, file_found)
report.end_artifact_report()
tsvname = f'Google Chat Messages'
tsv(report_folder, data_headers, data_list, tsvname)
tlactivity = f'Google Chat Messages'
timeline(report_folder, tlactivity, data_list, data_headers)
else:
logfunc('No Google Chat Messages data available')
report.write_artifact_data_table(data_headers, data_list, file_found)
report.end_artifact_report()

tsvname = f'Google Chat Messages'
tsv(report_folder, data_headers, data_list, tsvname)

tlactivity = f'Google Chat Messages'
timeline(report_folder, tlactivity, data_list, data_headers)
else:
logfunc('No Google Chat Messages data available')

cursor.execute('''
SELECT
datetime(Groups.create_time/1000000,'unixepoch') AS "Group Created Time (UTC)",
Groups.name AS "Group Name",
users.name AS "Group Creator",
datetime(Groups.last_view_time/1000000,'unixepoch') AS "Time Group Last Viewed (UTC)"
FROM
Groups
JOIN users ON users.user_id=Groups.creator_id
ORDER BY "Group Created Time (UTC)" ASC
''')
cursor.execute('''
SELECT
datetime(Groups.create_time/1000000,'unixepoch') AS "Group Created Time (UTC)",
Groups.name AS "Group Name",
users.name AS "Group Creator",
datetime(Groups.last_view_time/1000000,'unixepoch') AS "Time Group Last Viewed (UTC)"
FROM
Groups
JOIN users ON users.user_id=Groups.creator_id
ORDER BY "Group Created Time (UTC)" ASC
''')

all_rows = cursor.fetchall()
usageentries = len(all_rows)
if usageentries > 0:
report = ArtifactHtmlReport('Google Chat Group Information')
report.start_artifact_report(report_folder, 'Group Information')
report.add_script()
data_headers = ('Group Created Time (UTC)','Group Name','Group Creator','Time Group Last Viewed (UTC)')
data_list = []
for row in all_rows:
data_list.append((row[0],row[1],row[2],row[3]))
all_rows = cursor.fetchall()
usageentries = len(all_rows)
if usageentries > 0:
report = ArtifactHtmlReport('Google Chat Group Information')
report.start_artifact_report(report_folder, 'Group Information')
report.add_script()
data_headers = ('Group Created Time (UTC)','Group Name','Group Creator','Time Group Last Viewed (UTC)')
data_list = []
for row in all_rows:
data_list.append((row[0],row[1],row[2],row[3]))

report.write_artifact_data_table(data_headers, data_list, file_found)
report.end_artifact_report()

tsvname = f'Google Chat Group Information'
tsv(report_folder, data_headers, data_list, tsvname)
report.write_artifact_data_table(data_headers, data_list, file_found)
report.end_artifact_report()

tsvname = f'Google Chat Group Information'
tsv(report_folder, data_headers, data_list, tsvname)

tlactivity = f'Google Chat Group Information'
timeline(report_folder, tlactivity, data_list, data_headers)
else:
logfunc('No Google Chat Group Information data available')

tlactivity = f'Google Chat Group Information'
timeline(report_folder, tlactivity, data_list, data_headers)
else:
logfunc('No Google Chat Group Information data available')

db.close()
db.close()

__artifacts__ = {
"GoogleChat": (
"Google Chat",
('*/com.google.android.gm/databases/user_accounts/*/dynamite*.db','*/com.google.android.apps.dynamite/databases/dynamite*.db'),
('*/com.google.android.gm/databases/user_accounts/*/dynamite.db*','*/com.google.android.apps.dynamite/databases/dynamite.db*'),
get_googleChat)
}
1 change: 1 addition & 0 deletions scripts/artifacts/imo.py
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ def get_imo(files_found, report_folder, seeker, wrap_text):
for row in all_rows:
from_id = ''
to_id = ''
attachmentPath = ''
if row[4] == "Incoming":
from_id = row[0]
else:
Expand Down
15 changes: 10 additions & 5 deletions scripts/artifacts/installedappsGass.py
Original file line number Diff line number Diff line change
@@ -1,9 +1,12 @@
import sqlite3

from scripts.artifact_report import ArtifactHtmlReport
from scripts.ilapfuncs import logfunc, tsv, open_sqlite_db_readonly
from scripts.ilapfuncs import logfunc, tsv, is_platform_windows, open_sqlite_db_readonly

def get_installedappsGass(files_found, report_folder, seeker, wrap_text):

slash = '\\' if is_platform_windows() else '/'

for file_found in files_found:
file_found = str(file_found)
if file_found.endswith('.db'):
Expand All @@ -12,13 +15,15 @@ def get_installedappsGass(files_found, report_folder, seeker, wrap_text):
cursor = db.cursor()
cursor.execute('''
SELECT
distinct(package_name)
distinct(package_name),
version_code,
digest_sha256
FROM
app_info
''')

if 'user' in file_found:
usernum = file_found.split("/")
usernum = file_found.split(slash)
usernum = '_'+str(usernum[-4])
else:
usernum = ''
Expand All @@ -29,10 +34,10 @@ def get_installedappsGass(files_found, report_folder, seeker, wrap_text):
report = ArtifactHtmlReport('Installed Apps')
report.start_artifact_report(report_folder, f'Installed Apps (GMS){usernum}')
report.add_script()
data_headers = ('Bundle ID',) # Don't remove the comma, that is required to make this a tuple as there is only 1 element
data_headers = ('Bundle ID','Version Code','SHA-256 Hash') # Don't remove the comma, that is required to make this a tuple as there is only 1 element
data_list = []
for row in all_rows:
data_list.append((row[0],))
data_list.append((row[0],row[1],row[2]))

report.write_artifact_data_table(data_headers, data_list, file_found)
report.end_artifact_report()
Expand Down
9 changes: 2 additions & 7 deletions scripts/artifacts/smyfilescache.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,8 @@

def get_smyfilescache(files_found, report_folder, seeker, text_wrap):

platform = is_platform_windows()
if platform:
media_path = media_path.replace('/', '\\')
splitter = '\\'
else:
splitter = '/'
is_windows = is_platform_windows()
splitter = '\\' if is_windows else '/'

for file_found in files_found:
file_found = str(file_found)
Expand All @@ -38,7 +34,6 @@ def get_smyfilescache(files_found, report_folder, seeker, text_wrap):
for row in all_rows:
thumb = media_to_html(splitter + str(row[1]) + '.jpg', files_found, report_folder)


data_list.append((row[0], thumb, row[1], row[2], row[3], row[4]))

if usageentries > 0:
Expand Down
5 changes: 4 additions & 1 deletion scripts/artifacts/wellbeing.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,10 @@ def get_wellbeing(files_found, report_folder, seeker, wrap_text):

for file_found in files_found:
file_found = str(file_found)
if not file_found.endswith('app_usage'):

if file_found.endswith('app_usage'):
break
else:
continue # Skip all other files

db = open_sqlite_db_readonly(file_found)
Expand Down
Loading

0 comments on commit 71d8611

Please sign in to comment.