From 4ccea13334dc2fbaf0761ea3fbd96afc4dfdec3e Mon Sep 17 00:00:00 2001 From: Johann Polewczyk Date: Fri, 4 Oct 2024 10:53:18 +0200 Subject: [PATCH] Code cleaning --- scripts/artifacts/backupSettings.py | 9 ++-- scripts/artifacts/biomeAirpMode.py | 10 ++-- scripts/artifacts/biomeAppinstall.py | 13 ++--- scripts/artifacts/biomeBacklight.py | 9 +--- scripts/artifacts/biomeBattperc.py | 17 +++--- scripts/artifacts/biomeBluetooth.py | 11 ++-- scripts/artifacts/biomeCarplayisconnected.py | 12 ++--- scripts/artifacts/biomeDevWifi.py | 2 +- scripts/artifacts/biomeDevplugin.py | 17 +++--- scripts/artifacts/biomeHardware.py | 11 ++-- scripts/artifacts/biomeInfocus.py | 8 +-- scripts/artifacts/biomeIntents.py | 5 -- scripts/artifacts/biomeLocationactivity.py | 12 ++--- scripts/artifacts/biomeNotes.py | 4 +- scripts/artifacts/biomeNotificationsPub.py | 9 +--- scripts/artifacts/biomeNowplaying.py | 9 +--- scripts/artifacts/biomeSafari.py | 6 +-- scripts/artifacts/biomeTextinputses.py | 13 ++--- scripts/artifacts/biomeUseractmeta.py | 11 ++-- scripts/artifacts/biomeWifi.py | 10 ++-- scripts/artifacts/carCD.py | 55 +++++++++----------- scripts/artifacts/chatgpt.py | 6 +-- scripts/artifacts/duetLocations.py | 13 ++--- scripts/artifacts/notificationsDuet.py | 13 ++--- scripts/artifacts/timezoneInfo.py | 9 +--- scripts/artifacts/wifiIdent.py | 43 +++++++-------- scripts/ilapfuncs.py | 2 +- 27 files changed, 129 insertions(+), 210 deletions(-) diff --git a/scripts/artifacts/backupSettings.py b/scripts/artifacts/backupSettings.py index c522a9a9..10a5e565 100644 --- a/scripts/artifacts/backupSettings.py +++ b/scripts/artifacts/backupSettings.py @@ -14,27 +14,26 @@ } import plistlib -from datetime import datetime -from scripts.ilapfuncs import artifact_processor, logfunc, logdevinfo, timestampsconv +from scripts.ilapfuncs import artifact_processor, logfunc, logdevinfo, webkit_timestampsconv @artifact_processor def get_backupSettings(files_found, report_folder, seeker, wrap_text, timezone_offset): data_list = [] source_path = str(files_found[0]) - with open(file_found, "rb") as fp: + with open(source_path, "rb") as fp: pl = plistlib.load(fp) if len(pl) > 0: for key, val in pl.items(): if key == 'LastiTunesBackupDate': - lastime = timestampsconv(val) + lastime = webkit_timestampsconv(val) data_list.append(('Last iTunes Backup Date', lastime)) logdevinfo(f"Last iTunes Backup Date: {lastime}") elif key == 'LastiTunesBackupTZ': data_list.append((key, val)) logdevinfo(f"Last iTunes Backup TZ: {val}") elif key == 'LastCloudBackupDate': - lastcloudtime = timestampsconv(val) + lastcloudtime = webkit_timestampsconv(val) data_list.append(('Last Cloud iTunes Backup Date', lastcloudtime)) logdevinfo(f"Last Cloud iTunes Backup Date: {lastcloudtime}") elif key == 'LastCloudBackupTZ': diff --git a/scripts/artifacts/biomeAirpMode.py b/scripts/artifacts/biomeAirpMode.py index 581ef682..a9bd827b 100644 --- a/scripts/artifacts/biomeAirpMode.py +++ b/scripts/artifacts/biomeAirpMode.py @@ -8,7 +8,7 @@ from scripts.ccl import ccl_segb1 from scripts.ccl import ccl_segb2 from scripts.artifact_report import ArtifactHtmlReport -from scripts.ilapfuncs import logfunc, tsv, timeline, is_platform_windows, open_sqlite_db_readonly, convert_utc_human_to_timezone, timestampsconv, convert_ts_int_to_utc +from scripts.ilapfuncs import logfunc, tsv, timeline, is_platform_windows, open_sqlite_db_readonly, convert_utc_human_to_timezone, webkit_timestampsconv, convert_ts_int_to_utc def utf8_in_extended_ascii(input_string, *, raise_on_unexpected=False): """Returns a tuple of bool (whether mis-encoded utf-8 is present) and str (the converted string)""" @@ -109,8 +109,8 @@ def get_biomeAirpMode(files_found, report_folder, seeker, wrap_text, timezone_of if state == 'Written': protostuff, types = blackboxprotobuf.decode_message(data[8:],typess) - timestart = (timestampsconv(protostuff['2'])) - #timeend = (timestampsconv(protostuff['3'])) + timestart = (webkit_timestampsconv(protostuff['2'])) + #timeend = (webkit_timestampsconv(protostuff['3'])) #timeend = convert_ts_int_to_utc(timeend) event = protostuff['1']['1'] guid = protostuff['5'].decode() @@ -136,8 +136,8 @@ def get_biomeAirpMode(files_found, report_folder, seeker, wrap_text, timezone_of if state == 'Written': protostuff, types = blackboxprotobuf.decode_message(data,typess) - timestart = (timestampsconv(protostuff['2'])) - #timeend = (timestampsconv(protostuff['3'])) + timestart = (webkit_timestampsconv(protostuff['2'])) + #timeend = (webkit_timestampsconv(protostuff['3'])) #timeend = convert_ts_int_to_utc(timeend) event = protostuff['1']['1'].decode() guid = protostuff['5'].decode() diff --git a/scripts/artifacts/biomeAppinstall.py b/scripts/artifacts/biomeAppinstall.py index 48ed16aa..a47f7959 100644 --- a/scripts/artifacts/biomeAppinstall.py +++ b/scripts/artifacts/biomeAppinstall.py @@ -6,7 +6,7 @@ from io import StringIO from io import BytesIO from scripts.artifact_report import ArtifactHtmlReport -from scripts.ilapfuncs import logfunc, tsv, timeline, is_platform_windows, open_sqlite_db_readonly, convert_ts_human_to_utc, convert_utc_human_to_timezone, convert_time_obj_to_utc +from scripts.ilapfuncs import logfunc, tsv, timeline, is_platform_windows, open_sqlite_db_readonly, convert_ts_human_to_utc, convert_utc_human_to_timezone, convert_time_obj_to_utc, webkit_timestampsconv def utf8_in_extended_ascii(input_string, *, raise_on_unexpected=False): """Returns a tuple of bool (whether mis-encoded utf-8 is present) and str (the converted string)""" @@ -66,11 +66,6 @@ def handle_bad_data(index, character): return mis_encoded_utf8_present, "".join(output) -def timestampsconv(webkittime): - unix_timestamp = webkittime + 978307200 - finaltime = datetime.fromtimestamp(unix_timestamp, tz=timezone.utc) - return(finaltime) - def get_biomeAppinstall(files_found, report_folder, seeker, wrap_text, timezone_offset): typess = {'1': {'type': 'message', 'message_typedef': {'1': {'type': 'str', 'name': ''}, '2': {'type': 'message', 'message_typedef': {'1': {'type': 'int', 'name': ''}, '2': {'type': 'int', 'name': ''}}, 'name': ''}}, 'name': ''}, '2': {'type': 'double', 'name': ''}, '3': {'type': 'double', 'name': ''}, '4': {'type': 'message', 'message_typedef': {'1': {'type': 'message', 'message_typedef': {'1': {'type': 'int', 'name': ''}, '2': {'type': 'int', 'name': ''}}, 'name': ''}, '3': {'type': 'str', 'name': ''}}, 'name': ''}, '5': {'type': 'str', 'name': ''}, '7': {'type': 'message', 'message_typedef': {'1': {'type': 'message', 'message_typedef': {}, 'name': ''}, '2': {'type': 'message', 'message_typedef': {'1': {'type': 'message', 'message_typedef': {'1': {'type': 'int', 'name': ''}, '2': {'type': 'int', 'name': ''}}, 'name': ''}, '4': {'type': 'int', 'name': ''}, '3': {'type': 'str', 'name': ''}}, 'name': ''}, '3': {'type': 'int', 'name': ''}}, 'name': ''}, '8': {'type': 'double', 'name': ''}, '10': {'type': 'int', 'name': ''}} @@ -123,11 +118,11 @@ def get_biomeAppinstall(files_found, report_folder, seeker, wrap_text, timezone_ protostuff, types = blackboxprotobuf.decode_message(protostuff, typess) activity = (protostuff['1']['1']) - timestart = (timestampsconv(protostuff['2'])) + timestart = (webkit_timestampsconv(protostuff['2'])) timestart = convert_utc_human_to_timezone(timestart, timezone_offset) - timeend = (timestampsconv(protostuff['3'])) + timeend = (webkit_timestampsconv(protostuff['3'])) timeend = convert_utc_human_to_timezone(timeend, timezone_offset) bundleid = (protostuff['4']['3']) @@ -146,7 +141,7 @@ def get_biomeAppinstall(files_found, report_folder, seeker, wrap_text, timezone_ else: bundleinfo = '' - timewrite = (timestampsconv(protostuff['8'])) + timewrite = (webkit_timestampsconv(protostuff['8'])) timewrite = convert_utc_human_to_timezone(timewrite, timezone_offset) data_list.append((timestart, timeend, timewrite, activity, bundleid, bundleinfo, appinfo1, appinfo2, actionguid )) diff --git a/scripts/artifacts/biomeBacklight.py b/scripts/artifacts/biomeBacklight.py index a0d07dbc..5fe383b6 100644 --- a/scripts/artifacts/biomeBacklight.py +++ b/scripts/artifacts/biomeBacklight.py @@ -6,7 +6,7 @@ from io import StringIO from io import BytesIO from scripts.artifact_report import ArtifactHtmlReport -from scripts.ilapfuncs import logfunc, tsv, timeline, is_platform_windows, open_sqlite_db_readonly, convert_utc_human_to_timezone +from scripts.ilapfuncs import logfunc, tsv, timeline, is_platform_windows, open_sqlite_db_readonly, convert_utc_human_to_timezone, webkit_timestampsconv def utf8_in_extended_ascii(input_string, *, raise_on_unexpected=False): """Returns a tuple of bool (whether mis-encoded utf-8 is present) and str (the converted string)""" @@ -66,11 +66,6 @@ def handle_bad_data(index, character): return mis_encoded_utf8_present, "".join(output) -def timestampsconv(webkittime): - unix_timestamp = webkittime + 978307200 - finaltime = datetime.fromtimestamp(unix_timestamp, tz=timezone.utc) - return(finaltime) - def get_biomeBacklight(files_found, report_folder, seeker, wrap_text, timezone_offset): typess = {'1': {'type': 'double', 'name': ''}, '2': {'type': 'int', 'name': ''}} @@ -122,7 +117,7 @@ def get_biomeBacklight(files_found, report_folder, seeker, wrap_text, timezone_o protostuff, types = blackboxprotobuf.decode_message(protostuff,typess) #print(protostuff) - timestart = (timestampsconv(protostuff['1'])) + timestart = (webkit_timestampsconv(protostuff['1'])) timestart = convert_utc_human_to_timezone(timestart, timezone_offset) state = (protostuff['2']) diff --git a/scripts/artifacts/biomeBattperc.py b/scripts/artifacts/biomeBattperc.py index e96b5e7a..3b3a505c 100644 --- a/scripts/artifacts/biomeBattperc.py +++ b/scripts/artifacts/biomeBattperc.py @@ -6,7 +6,7 @@ from io import StringIO from io import BytesIO from scripts.artifact_report import ArtifactHtmlReport -from scripts.ilapfuncs import logfunc, tsv, timeline, is_platform_windows, open_sqlite_db_readonly, convert_ts_human_to_utc, convert_utc_human_to_timezone, convert_time_obj_to_utc +from scripts.ilapfuncs import logfunc, tsv, timeline, is_platform_windows, open_sqlite_db_readonly, convert_ts_human_to_utc, convert_utc_human_to_timezone, convert_time_obj_to_utc, webkit_timestampsconv def utf8_in_extended_ascii(input_string, *, raise_on_unexpected=False): """Returns a tuple of bool (whether mis-encoded utf-8 is present) and str (the converted string)""" @@ -66,11 +66,6 @@ def handle_bad_data(index, character): return mis_encoded_utf8_present, "".join(output) -def timestampsconv(webkittime): - unix_timestamp = webkittime + 978307200 - finaltime = datetime.fromtimestamp(unix_timestamp, tz=timezone.utc) - return(finaltime) - def get_biomeBattperc(files_found, report_folder, seeker, wrap_text, timezone_offset): typess = {'1': {'type': 'message', 'message_typedef': {'1': {'type': 'str', 'name': ''}, '2': {'type': 'message', 'message_typedef': {'1': {'type': 'int', 'name': ''}, '2': {'type': 'int', 'name': ''}}, 'name': ''}}, 'name': ''}, '2': {'type': 'double', 'name': ''}, '3': {'type': 'double', 'name': ''}, '4': {'type': 'message', 'message_typedef': {'1': {'type': 'message', 'message_typedef': {'1': {'type': 'int', 'name': ''}, '2': {'type': 'int', 'name': ''}}, 'name': ''}, '5': {'type': 'double', 'name': ''}}, 'name': ''}, '5': {'type': 'str', 'name': ''}, '8': {'type': 'double', 'name': ''}, '10': {'type': 'int', 'name': ''}} @@ -116,12 +111,12 @@ def get_biomeBattperc(files_found, report_folder, seeker, wrap_text, timezone_of date1 = ab.read(8) date1 = (struct.unpack_from("Vehicle - Last Connected: {connected} - Last Disconnected: {disconnected} - Type: {contype}') - data_list.append((key, f'Last Connected: {connected}
Last Disconnected: {disconnected}
Type: {contype}')) - - elif key == 'CalibrationUDID': - uid = value - logdevinfo(f'UDID: {uid}') - data_list.append((key, uid)) - else: - pass + lastconn = contype = connected = disconnected = uid = '' + + with open(file_found, "rb") as fp: + pl = plistlib.load(fp) + #print(type(pl)) + for key, value in pl.items(): + #print(key, value) + if key == 'LastVehicleConnection': + lastconn = value + contype = lastconn[2] + connected = webkit_timestampsconv(lastconn[0]) + disconnected = webkit_timestampsconv(lastconn[1]) + logdevinfo(f'Vehicle - Last Connected: {connected} - Last Disconnected: {disconnected} - Type: {contype}') + data_list.append((key, f'Last Connected: {connected}
Last Disconnected: {disconnected}
Type: {contype}')) + + elif key == 'CalibrationUDID': + uid = value + logdevinfo(f'UDID: {uid}') + data_list.append((key, uid)) + else: + pass if len(data_list) > 0: description = 'Last Car Connection and UDID' diff --git a/scripts/artifacts/chatgpt.py b/scripts/artifacts/chatgpt.py index 9d0e778c..3317ea37 100644 --- a/scripts/artifacts/chatgpt.py +++ b/scripts/artifacts/chatgpt.py @@ -31,7 +31,7 @@ from scripts.ccl import ccl_segb1 from scripts.ccl import ccl_segb2 from scripts.artifact_report import ArtifactHtmlReport -from scripts.ilapfuncs import logfunc, tsv, timeline, media_to_html,timestampsconv, convert_utc_human_to_timezone,convert_ts_int_to_utc,is_platform_windows +from scripts.ilapfuncs import logfunc, tsv, timeline, media_to_html,webkit_timestampsconv, convert_utc_human_to_timezone,convert_ts_int_to_utc,is_platform_windows import scripts.artifacts.artGlobals @@ -59,8 +59,8 @@ def get_chatgpt(files_found, report_folder, seeker, wrap_text, time_offset): try: conversation_id = data.get("id", "") conversation_title = data.get("title", "") - creation_time = convert_utc_human_to_timezone(timestampsconv(int(data.get("creation_date", 0))),time_offset) - modification_time = convert_utc_human_to_timezone(timestampsconv(int(data.get("modification_date", 0))),time_offset) + creation_time = convert_utc_human_to_timezone(webkit_timestampsconv(int(data.get("creation_date", 0))),time_offset) + modification_time = convert_utc_human_to_timezone(webkit_timestampsconv(int(data.get("modification_date", 0))),time_offset) model = data.get("configuration", {}).get("model", "") custom_instructions_model = data.get("configuration", {}).get("custom_instructions", {}).get("about_model_message", "") custom_instructions_user = data.get("configuration", {}).get("custom_instructions", {}).get("about_user_message", "") diff --git a/scripts/artifacts/duetLocations.py b/scripts/artifacts/duetLocations.py index ec52224d..b19d4188 100644 --- a/scripts/artifacts/duetLocations.py +++ b/scripts/artifacts/duetLocations.py @@ -7,7 +7,7 @@ from io import StringIO from io import BytesIO from scripts.artifact_report import ArtifactHtmlReport -from scripts.ilapfuncs import logfunc, tsv, timeline, is_platform_windows, open_sqlite_db_readonly, kmlgen +from scripts.ilapfuncs import logfunc, tsv, timeline, is_platform_windows, open_sqlite_db_readonly, kmlgen, webkit_timestampsconv def utf8_in_extended_ascii(input_string, *, raise_on_unexpected=False): """Returns a tuple of bool (whether mis-encoded utf-8 is present) and str (the converted string)""" @@ -67,11 +67,6 @@ def handle_bad_data(index, character): return mis_encoded_utf8_present, "".join(output) -def timestampsconv(webkittime): - unix_timestamp = webkittime + 978307200 - finaltime = datetime.utcfromtimestamp(unix_timestamp) - return(finaltime) - def get_duetLocations(files_found, report_folder, seeker, wrap_text, timezone_offset): for file_found in files_found: @@ -114,13 +109,13 @@ def get_duetLocations(files_found, report_folder, seeker, wrap_text, timezone_of date1 = ab.read(8) date1 = (struct.unpack_from("Last Bootstrap Timezone: {val}") elif key == 'lastBootstrapDate': - times = timestampsconv(val) + times = webkit_timestampsconv(val) data_list.append(('lastBootstrapDate', times)) logdevinfo(f"Last Bootstrap Date: {times}") diff --git a/scripts/artifacts/wifiIdent.py b/scripts/artifacts/wifiIdent.py index 97b04fe2..8754e752 100644 --- a/scripts/artifacts/wifiIdent.py +++ b/scripts/artifacts/wifiIdent.py @@ -1,39 +1,34 @@ -import plistlib -import struct +import plistlib +import struct from datetime import datetime import scripts.artifacts.artGlobals from packaging import version from scripts.artifact_report import ArtifactHtmlReport from scripts.ilapfuncs import logfunc, logdevinfo, timeline, kmlgen, tsv, is_platform_windows, open_sqlite_db_readonly - -def timestampsconv(webkittime): - unix_timestamp = webkittime + 978307200 - finaltime = datetime.utcfromtimestamp(unix_timestamp) - return(finaltime) def get_wifiIdent(files_found, report_folder, seeker, wrap_text, timezone_offset): - - data_list = [] + + data_list = [] for file_found in files_found: file_found = str(file_found) - with open(file_found, "rb") as fp: - pl = plistlib.load(fp) - #print(type(pl)) - for key, value in pl.items(): - #print(key, value) - if key == 'Interfaces': - for y in value: - #print(y) - hexstring = (y['IOMACAddress']) - hexstring = "%x:%x:%x:%x:%x:%x" % struct.unpack("BBBBBB",hexstring) - userdefinedname = y['SCNetworkInterfaceInfo']['UserDefinedName'] - bsdname = y['BSD Name'] - - data_list.append((hexstring, userdefinedname, bsdname)) - logdevinfo(f'MAC Address: {hexstring} - User Defined Name: {userdefinedname} - BSD Name: {bsdname}') + with open(file_found, "rb") as fp: + pl = plistlib.load(fp) + #print(type(pl)) + for key, value in pl.items(): + #print(key, value) + if key == 'Interfaces': + for y in value: + #print(y) + hexstring = (y['IOMACAddress']) + hexstring = "%x:%x:%x:%x:%x:%x" % struct.unpack("BBBBBB",hexstring) + userdefinedname = y['SCNetworkInterfaceInfo']['UserDefinedName'] + bsdname = y['BSD Name'] + + data_list.append((hexstring, userdefinedname, bsdname)) + logdevinfo(f'MAC Address: {hexstring} - User Defined Name: {userdefinedname} - BSD Name: {bsdname}') if len(data_list) > 0: description = 'WIFI Identifiers' diff --git a/scripts/ilapfuncs.py b/scripts/ilapfuncs.py index 41e965d4..1d58456d 100644 --- a/scripts/ilapfuncs.py +++ b/scripts/ilapfuncs.py @@ -136,7 +136,7 @@ def convert_ts_int_to_timezone(time, time_offset): #return the converted value return timezone_time -def timestampsconv(webkittime): +def webkit_timestampsconv(webkittime): unix_timestamp = webkittime + 978307200 finaltime = datetime.fromtimestamp(unix_timestamp, tz=timezone.utc) return(finaltime)