Example #1
0
	def set_file_format_table(file_name, load_db_path):
		query = 'SELECT flag FROM file_format ORDER BY flag DESC LIMIT 1'
		flag_last = SQLite3.execute_fetch_query(query, load_db_path)[0]
		query = 'SELECT count(*) FROM "%s" WHERE format = "%s"' % ("file_format", file_name)
		flag = '%d' % SQLite3.execute_fetch_query(query, load_db_path)
		if flag == '0':
			query = 'INSERT INTO file_format(format, flag) VALUES("%s", %d)' % (file_name, flag_last+1)
			SQLite3.execute_commit_query(query, load_db_path)
    def get_custom_app_name(preprocess_db_path):
        if not os.path.exists(APP_PACKAGE_CONF_PATH):
            logger.error('Not exist the config (\"%s\").' %
                         APP_PACKAGE_CONF_PATH)
            return False
        try:
            f = open(APP_PACKAGE_CONF_PATH, 'r')
        except Exception as e:
            logger.error("Fail to open file [%s]" % APP_PACKAGE_CONF_PATH)
            return False

        lines = f.readlines()
        for line in lines:
            if not line: break
            line = line.strip()
            line = line.replace(" ", "")
            line = line.replace("\t", "")

            package_name = line.split(",")[0]
            app_name = line.split(",")[1]
            query = 'SELECT app_name FROM package_info WHERE package_name = "%s"' % package_name

            ret = SQLite3.execute_fetch_query(query, preprocess_db_path)
            if ret != None:
                if ret[0] == "":
                    query = 'UPDATE package_info set app_name = "%s" WHERE package_name = "%s"' % (
                        app_name, package_name)
                    SQLite3.execute_commit_query(query, preprocess_db_path)
        f.close()
 def get_permission_id(name, preprocess_db_path):
     query = 'SELECT rowid FROM permission_info WHERE permission_name = "%s"' % name
     ret = SQLite3.execute_fetch_query(query, preprocess_db_path)
     if ret:
         return ret[0]
     else:
         return False
Example #4
0
	def set_file_format_table_to_loaddb(list_dic_file_format_signature, load_db_path):
		for i in range(len(list_dic_file_format_signature)):
			format_name = list_dic_file_format_signature[i]['format']
			format_flag = i+1
			query = 'SELECT count(*) FROM "file_format" WHERE format = "%s"' % format_name
			if(SQLite3.execute_fetch_query(query, load_db_path)[0]) == 0:
				query = 'INSERT INTO file_format(format, flag) VALUES("%s", %d)' % (format_name, format_flag)
				SQLite3.execute_commit_query(query, load_db_path)
Example #5
0
	def set_loaddb(load_db_path):
		# create a id_package column in loaddb's tsk_files table
		query = "SELECT sql FROM sqlite_master WHERE name='tsk_files' AND sql LIKE '%id_package%'"
		if(SQLite3.execute_fetch_query(query, load_db_path)) == None:
			query = "ALTER TABLE tsk_files ADD id_package INTEGER DEFAULT 0 NOT NULL"
			SQLite3.execute_commit_query(query, load_db_path)

		# create a format column in loaddb's tsk_files table
		query = "SELECT sql FROM sqlite_master WHERE name='tsk_files' AND sql LIKE '%format%'"
		if(SQLite3.execute_fetch_query(query, load_db_path)) == None:
			query = "ALTER TABLE tsk_files ADD format INTEGER DEFAULT 0 NOT NULL"
			SQLite3.execute_commit_query(query, load_db_path)

		# create a file_format table in loaddb
		query = 'SELECT count(*) FROM sqlite_master WHERE name = "file_format"'
		if SQLite3.execute_fetch_query(query, load_db_path)[0] == 0:
			query = "CREATE TABLE file_format (format TEXT, flag INTEGER)"
			SQLite3.execute_commit_query(query, load_db_path)
Example #6
0
	def classify_with_file_name(file_name, load_db_path):
		query = 'SELECT flag FROM file_format WHERE format = "%s"' % file_name
		flag_signature = SQLite3.execute_fetch_query(query, load_db_path)[0]

		if file_name == "SQLITEDB_JOURNAL":
			query = 'UPDATE tsk_files set format = %d WHERE name LIKE ' % flag_signature
			query2 = '"%-journal" and dir_type !=3 and dir_flags != 2 and type = 0 and size != 0'
			# print(query + query2)
			SQLite3.execute_commit_query(query + query2, load_db_path)
		elif file_name == "APK":
			query = 'UPDATE tsk_files set format = %d WHERE name LIKE ' % flag_signature
			query2 = '"%.apk" and dir_type !=3 and dir_flags != 2 and type = 0 and size != 0'
			SQLite3.execute_commit_query(query + query2, load_db_path)
		else:
			return 0
Example #7
0
	def do_compare(list_file_inode, image_file_path, size_buf, list_dic_file_format_signature, load_db_path, result):
		for i in range(0, len(list_file_inode)):
			inode = '%d' % list_file_inode.pop()
			header = TSK.get_file_buffer(image_file_path, int(inode), size_buf)
			header_hex = b2a_hex(header)

			# insert_file_signature_to_loaddb
			format_name = Classifier.compare_signature(header_hex, list_dic_file_format_signature)
			if format_name != False:
				query = 'SELECT flag FROM file_format WHERE format = "%s"' % format_name
				flag_signature = SQLite3.execute_fetch_query(query, load_db_path)
				if flag_signature != None:
					query = 'UPDATE tsk_files set format = %d WHERE meta_addr = %d and dir_flags != 2 and type = 0' % (int(flag_signature[0]), int(inode))
					# print("query: ", query)
					SQLite3.execute_commit_query(query, load_db_path)
		result.put(len(list_file_inode))