def number_of_images(self):
if self.sweep == None and self.amount == None:
raise ForensicError("You must set either sweep or copies")
if self.sweep != None:
sweep = 1
else:
sweep = 0
if self.amount != None:
amount = self.amount
else:
amount = 0
if (sweep == 0 and amount == 0) or (sweep != 0 and amount != 0):
uitools.errlog("You must set either sweep or copies")
return -1
sstrat=[]
if sweep > 0:
fgroup = self.sweep.group
sfiles = SecretFileItem.objects.filter(group=fgroup)
return len(sfiles) if sweep > 0 else amount
def number_of_images(self):
if self.sweep == None and self.amount == None:
raise ForensicError("You must set either sweep or copies")
if self.sweep != None:
sweep = 1
else:
sweep = 0
if self.amount != None:
amount = self.amount
else:
amount = 0
if (sweep == 0 and amount == 0) or (sweep != 0 and amount != 0):
uitools.errlog("You must set either sweep or copies")
return -1
sstrat = []
if sweep > 0:
fgroup = self.sweep.group
sfiles = SecretFileItem.objects.filter(group=fgroup)
return len(sfiles) if sweep > 0 else amount
def implement_secret_strategy(self,strategy, filesystem,timevariance, sfile=None):
""" this is a kludge to initialise a class variable without __init__ """
try:
if self._used_items[0] == None:
pass
except (IndexError,NameError,AttributeError):
self._used_items = []
hiding_method = strategy.method
#uitools.errlog(hiding_method.name)
hcmodel = hiding_method.get_hide_class()
ssclass = hcmodel(filesystem)
if not sfile:
try:
file_candidates = SecretFileItem.objects.filter(group = strategy.group)
i = 0
""" first try to find a random file. Fall back to sequential if 20 tries fail """
while i < 20:
hfile = random.choice(file_candidates)
if not hfile in self._used_items:
self._used_items.append(hfile)
break
i += 1
if i == 20:
""" find something if nothing found """
possibilities = list(set(file_candidates) - set(self._used_items))
if possibilities == []:
raise ForensicError("no files left to be hidden")
else:
hfile = possibilities[0]
self._used_items.append(hfile)
except (IndexError, NameError):
raise ForensicError("No files to be hidden")
else:
hfile = sfile
retv = None
try:
result = ssclass.hide_file(hfile.file, self, strategy.process_parameters())
if result:
ho = HiddenObject(image=self,file=hfile,method=hiding_method, location=result["instruction"])
ho.save()
retv = {}
try:
trivial_file_path = result["path"]
try:
if result["newfile"] == True:
pass
else:
self.mark_trivial_file_used(trivial_file_path)
except KeyError:
self.mark_trivial_file_used(trivial_file_path)
except KeyError:
pass
try:
retv["todelete"] = result["todelete"]
except KeyError:
pass
if strategy.filetime:
try:
retv["timeline"] = [[result["path"],strategy.filetime+timevariance]]
ho.filetime = strategy.filetime + timevariance
ho.save()
#retv.append([result["path"],strategy.filetime])
except KeyError:
pass
if strategy.actiontime and strategy.action:
helper = strategy.ACTIONS[strategy.action][1]
pblock = {}
pblock[helper] = strategy.actiontime + timevariance
try:
retv["actions"] = [[result["path"],pblock]]
newinstr = ho.location + " ACTION: %s on %s" % (helper,pblock[helper])
ho.location = newinstr
ho.save()
except KeyError:
""" no result["path"] - maybe file slack? """
pass
else:
raise ForensicError("hiding method resulted nothing. Unable to hide")
except ForensicError as fe:
uitools.errlog(fe)
#ho.delete()
raise
return retv
def processCase(self):
trivial_strategies = self.trivialstrategy_set.all()
secret_strategies_pre = self.secretstrategy_set.all()
secret_strategies = secret_strategies_pre
command = self.filesystem.get_create_function()
fsclass = self.filesystem.get_class()
mountpoint = Chelper().mountpoint
prefix = Chelper().prefix
failed_list=[]
succeed_list = []
tobecreated = self.number_of_images()
if tobecreated == -1:
failed_list.append([0,"You must set either sweep or number of copies but not both"])
return [succeed_list,failed_list]
if command == None:
uitools.errlog("no FS create command")
return None
try:
removed_chmod = os.chmod
del os.chmod
except AttributeError:
removed_chmod = None
if self.sweep != None:
secretfiles = SecretFileItem.objects.filter(group=self.sweep.group)
secretindex=0
for i in range(1,tobecreated+1):
if self.trivialstrategy_set.count() == 0:
failed_list.append([i,"No trivial strategies"])
continue
filename = self.name+"-"+str(i)
result = command(size=self.size, garbage=self.garbage,
clustersize=self.fsparam1,
name=filename)
if result != 0:
uitools.errlog( "something may be wrong, image not created")
failed_list.append([i,"Unable to create image file"])
continue
image = Image(filename=filename, seqno = i, case = self)
image.save()
mount_file = image.getLongFilename()
fsystem = fsclass(mount_file, mountpoint)
fsystem.fs_init()
if fsystem.mount_image() != 0:
failed_list.append([i,"Cannot mount image file"])
uitools.errlog("--- Cannot mount file, image not processed")
os.remove(mount_file)
image.delete()
continue
""" Set root dir time """
rand_weeks = random.randint(0,self.weekvariance)
image.weekvariance = rand_weeks
image.save()
timevariance = datetime.timedelta(weeks=rand_weeks)
image_time = self.roottime + timevariance
time_command_list = []
time_command_list = [["/.",image_time]]
flag = False
for strategy in trivial_strategies:
try:
tl = image.implement_trivial_strategy(strategy, strategy.dirtime+timevariance)
time_command_list.append([strategy.path,strategy.dirtime+timevariance])
time_command_list = time_command_list + tl
except ForensicError as fe:
failed_list.append([i,fe])
uitools.errlog(fe)
fsystem.dismount_image()
os.remove(mount_file)
image.delete()
flag = True
break
if flag == True:
continue
""" Initialise NTFS structures at this stage """
fsystem.dismount_image()
fsystem.fs_init()
"""
Reserve code for placeall implementation.
flag = False
secret_strategies = []
for st in secret_strategies_pre:
if st.placeall:
if st == self.sweep:
uitools.errlog("Sweep strategy cannot be a placeall strategy")
failed_list.append([i,"Secret strategy cannot be a placeall strategy"])
os.remove(mount_file)
image.delete()
flag = True
break
pafiles = SecretFileItem.objects.filter(group=st.group)
else:
secret_strategies.append(st)
if flag == True:
continue """
file_delete_list = []
file_action_list = []
try:
for prio in range (1,21):
current_strategies = [t for t in secret_strategies if t.method.priority == prio]
for sstrategy in current_strategies:
if self.sweep != None:
if sstrategy == self.sweep:
tv = image.implement_secret_strategy(sstrategy, fsystem, timevariance,
sfile = secretfiles[secretindex])
secretindex += 1
else:
tv = image.implement_secret_strategy(sstrategy, fsystem, timevariance,
sfile = None)
else:
tv = image.implement_secret_strategy(sstrategy, fsystem, timevariance,
sfile = None)
if tv:
try:
time_command_list = time_command_list + tv["timeline"]
except KeyError:
pass
try:
file_delete_list = file_delete_list + tv["todelete"]
except KeyError:
pass
try:
file_action_list = file_action_list + tv["actions"]
except KeyError:
pass
except ForensicError as fe:
failed_list.append([i,fe])
uitools.errlog(fe)
fsystem.dismount_image()
os.remove(mount_file)
image.delete()
continue
""" Implement deletions
First a dummy is written to the root directory to make sure the files entered last
are not deleted """
if fsystem.mount_image() != 0:
failed_list.append([i,"Cannot mount image for deletions"])
uitools.errlog("cannot mount for deletions")
image.delete()
os.remove(mount_file)
continue
try:
dfile = open(mountpoint+"/info.txt","w")
dfile.write("Created by Forensic test image generator")
dfile.write("Case %s, image %d" % (self.name,i))
dfile.close()
except IOError:
failed_list.append([i,"Cannot write copyright"])
uitools.errlog("Cannot write copyright. Not proceeding")
fsystem.dismount_image()
image.delete()
os.remove(mount_file)
continue
""" flag = temporary variable to detect errors """
flag = False
for dfile in file_delete_list:
try:
os.remove(dfile)
except (IOError,OSError):
failed_list.append([i,"Cannot delete file %s" % dfile])
uitools.errlog("cannot delete file")
fsystem.dismount_image()
image.delete()
os.remove(mount_file)
flag = True
break
if flag:
continue
fsystem.dismount_image()
""" read FS structures once more from scratch """
del fsystem
fsystem = fsclass(mount_file, mountpoint)
fsystem.fs_init()
flag = False
""" Implement time """
for ti in time_command_list:
try:
pass
fsystem.change_time(ti[0],dict(all=ti[1]))
except ForensicError as fe:
failed_list.append([i,fe])
uitools.errlog(fe)
os.remove(mount_file)
image.delete()
flag = True
break
if flag:
continue
del fsystem
fsystem = fsclass(mount_file,mountpoint)
fsystem.fs_init()
""" implement actions """
flag = False
for act in file_action_list:
try:
fsystem.implement_action(act)
except ForensicError as fe:
failed_list.append([i,fe])
uitools.errlog(fe)
os.remove(mount_file)
image.delete()
flag = True
break
if flag:
continue
""" Finally - do file system specific cleanup actions
for NTFS this means setting . in $MftMirr to correspond to $Mft """
try:
fsystem.fs_finalise()
except ForensicError as fe:
failed_list.append([i,fe])
uitools.errlog(fe)
os.remove(mount_file)
image.delete()
continue
succeed_list.append(i)
if removed_chmod != None:
setattr(os, "chmod", removed_chmod)
return [succeed_list,failed_list]
def processWebhistory(self):
try:
self.filesystem = FileSystem.objects.filter(name="NTFS")[0]
except:
raise ForensicError("no NTFS")
t_urls = self.url_set.filter(group = 0)
s_urls = self.url_set.exclude(group = 0)
t_searches = self.searchengine_set.filter(group=0)
s_searches = self.searchengine_set.exclude(group=0)
command = self.filesystem.get_create_function()
fsclass = self.filesystem.get_class()
mountpoint = Chelper().mountpoint
prefix = Chelper().prefix
uclass = self.method.get_hide_class()
webm = uclass(self.filesystem)
rdict = webm.hide_url(trivial_urls=t_urls,secret_urls=s_urls,
amount=self.ntocreate,
secret_searches=s_searches, trivial_searches=t_searches)
if rdict["status"] == 2:
raise ForensicError(rdict["message"])
i=0
failed_list=[]
for r in rdict["results"]:
i += 1
if r["status"] != "OK":
continue
iname=self.name+"-"+str(i)
fcr = command(size=r["size"], garbage=False,
clustersize=8,
name=iname)
if fcr != 0:
uitools.errlog( "something may be wrong, image not created")
failed_list.append([i,"Unable to create image file"])
continue
mount_file = self.getLongFilename(iname)
fsystem = fsclass(mount_file, mountpoint)
fsystem.fs_init()
if fsystem.mount_image() != 0:
failed_list.append([i,"Cannot mount image file"])
uitools.errlog("--- Cannot mount file, image not processed")
os.remove(mount_file)
continue
try:
cdir=os.getcwd()
os.chdir(mountpoint)
except:
fsystem.dismount_image()
os.remove(mount_file)
failed_list.append([i, "unable to change directory"])
continue
cres = call(["/bin/tar", "xf", r["fname"]], shell=False)
if cres != 0:
uitools.errlog("Unable to untar %s" % r["fname"])
fsystem.dismount_image()
os.remove(mount_file)
failed_list.append([i, "unable to untar"])
continue
os.chdir(cdir)
fsystem.dismount_image()
def implement_secret_strategy(self,
strategy,
filesystem,
timevariance,
sfile=None):
""" this is a kludge to initialise a class variable without __init__ """
try:
if self._used_items[0] == None:
pass
except (IndexError, NameError, AttributeError):
self._used_items = []
hiding_method = strategy.method
#uitools.errlog(hiding_method.name)
hcmodel = hiding_method.get_hide_class()
ssclass = hcmodel(filesystem)
if not sfile:
try:
file_candidates = SecretFileItem.objects.filter(
group=strategy.group)
i = 0
""" first try to find a random file. Fall back to sequential if 20 tries fail """
while i < 20:
hfile = random.choice(file_candidates)
if not hfile in self._used_items:
self._used_items.append(hfile)
break
i += 1
if i == 20:
""" find something if nothing found """
possibilities = list(
set(file_candidates) - set(self._used_items))
if possibilities == []:
raise ForensicError("no files left to be hidden")
else:
hfile = possibilities[0]
self._used_items.append(hfile)
except (IndexError, NameError):
raise ForensicError("No files to be hidden")
else:
hfile = sfile
retv = None
try:
result = ssclass.hide_file(hfile.file, self,
strategy.process_parameters())
if result:
ho = HiddenObject(image=self,
file=hfile,
method=hiding_method,
location=result["instruction"])
ho.save()
retv = {}
try:
trivial_file_path = result["path"]
try:
if result["newfile"] == True:
pass
else:
self.mark_trivial_file_used(trivial_file_path)
except KeyError:
self.mark_trivial_file_used(trivial_file_path)
except KeyError:
pass
try:
retv["todelete"] = result["todelete"]
except KeyError:
pass
if strategy.filetime:
try:
retv["timeline"] = [[
result["path"], strategy.filetime + timevariance
]]
ho.filetime = strategy.filetime + timevariance
ho.save()
#retv.append([result["path"],strategy.filetime])
except KeyError:
pass
if strategy.actiontime and strategy.action:
helper = strategy.ACTIONS[strategy.action][1]
pblock = {}
pblock[helper] = strategy.actiontime + timevariance
try:
retv["actions"] = [[result["path"], pblock]]
newinstr = ho.location + " ACTION: %s on %s" % (
helper, pblock[helper])
ho.location = newinstr
ho.save()
except KeyError:
""" no result["path"] - maybe file slack? """
pass
else:
raise ForensicError(
"hiding method resulted nothing. Unable to hide")
except ForensicError as fe:
uitools.errlog(fe)
#ho.delete()
raise
return retv
def processCase(self):
trivial_strategies = self.trivialstrategy_set.all()
secret_strategies_pre = self.secretstrategy_set.all()
secret_strategies = secret_strategies_pre
command = self.filesystem.get_create_function()
fsclass = self.filesystem.get_class()
mountpoint = Chelper().mountpoint
prefix = Chelper().prefix
failed_list = []
succeed_list = []
tobecreated = self.number_of_images()
if tobecreated == -1:
failed_list.append([
0, "You must set either sweep or number of copies but not both"
])
return [succeed_list, failed_list]
if command == None:
uitools.errlog("no FS create command")
return None
try:
removed_chmod = os.chmod
del os.chmod
except AttributeError:
removed_chmod = None
if self.sweep != None:
secretfiles = SecretFileItem.objects.filter(group=self.sweep.group)
secretindex = 0
for i in range(1, tobecreated + 1):
if self.trivialstrategy_set.count() == 0:
failed_list.append([i, "No trivial strategies"])
continue
filename = self.name + "-" + str(i)
result = command(size=self.size,
garbage=self.garbage,
clustersize=self.fsparam1,
name=filename)
if result != 0:
uitools.errlog("something may be wrong, image not created")
failed_list.append([i, "Unable to create image file"])
continue
image = Image(filename=filename, seqno=i, case=self)
image.save()
mount_file = image.getLongFilename()
fsystem = fsclass(mount_file, mountpoint)
fsystem.fs_init()
if fsystem.mount_image() != 0:
failed_list.append([i, "Cannot mount image file"])
uitools.errlog("--- Cannot mount file, image not processed")
os.remove(mount_file)
image.delete()
continue
""" Set root dir time """
rand_weeks = random.randint(0, self.weekvariance)
image.weekvariance = rand_weeks
image.save()
timevariance = datetime.timedelta(weeks=rand_weeks)
image_time = self.roottime + timevariance
time_command_list = []
time_command_list = [["/.", image_time]]
flag = False
for strategy in trivial_strategies:
try:
tl = image.implement_trivial_strategy(
strategy, strategy.dirtime + timevariance)
time_command_list.append(
[strategy.path, strategy.dirtime + timevariance])
time_command_list = time_command_list + tl
except ForensicError as fe:
failed_list.append([i, fe])
uitools.errlog(fe)
fsystem.dismount_image()
os.remove(mount_file)
image.delete()
flag = True
break
if flag == True:
continue
""" Initialise NTFS structures at this stage """
fsystem.dismount_image()
fsystem.fs_init()
"""
Reserve code for placeall implementation.
flag = False
secret_strategies = []
for st in secret_strategies_pre:
if st.placeall:
if st == self.sweep:
uitools.errlog("Sweep strategy cannot be a placeall strategy")
failed_list.append([i,"Secret strategy cannot be a placeall strategy"])
os.remove(mount_file)
image.delete()
flag = True
break
pafiles = SecretFileItem.objects.filter(group=st.group)
else:
secret_strategies.append(st)
if flag == True:
continue """
file_delete_list = []
file_action_list = []
try:
for prio in range(1, 21):
current_strategies = [
t for t in secret_strategies
if t.method.priority == prio
]
for sstrategy in current_strategies:
if self.sweep != None:
if sstrategy == self.sweep:
tv = image.implement_secret_strategy(
sstrategy,
fsystem,
timevariance,
sfile=secretfiles[secretindex])
secretindex += 1
else:
tv = image.implement_secret_strategy(
sstrategy,
fsystem,
timevariance,
sfile=None)
else:
tv = image.implement_secret_strategy(sstrategy,
fsystem,
timevariance,
sfile=None)
if tv:
try:
time_command_list = time_command_list + tv[
"timeline"]
except KeyError:
pass
try:
file_delete_list = file_delete_list + tv[
"todelete"]
except KeyError:
pass
try:
file_action_list = file_action_list + tv[
"actions"]
except KeyError:
pass
except ForensicError as fe:
failed_list.append([i, fe])
uitools.errlog(fe)
fsystem.dismount_image()
os.remove(mount_file)
image.delete()
continue
""" Implement deletions
First a dummy is written to the root directory to make sure the files entered last
are not deleted """
if fsystem.mount_image() != 0:
failed_list.append([i, "Cannot mount image for deletions"])
uitools.errlog("cannot mount for deletions")
image.delete()
os.remove(mount_file)
continue
try:
dfile = open(mountpoint + "/info.txt", "w")
dfile.write("Created by Forensic test image generator")
dfile.write("Case %s, image %d" % (self.name, i))
dfile.close()
except IOError:
failed_list.append([i, "Cannot write copyright"])
uitools.errlog("Cannot write copyright. Not proceeding")
fsystem.dismount_image()
image.delete()
os.remove(mount_file)
continue
""" flag = temporary variable to detect errors """
flag = False
for dfile in file_delete_list:
try:
os.remove(dfile)
except (IOError, OSError):
failed_list.append([i, "Cannot delete file %s" % dfile])
uitools.errlog("cannot delete file")
fsystem.dismount_image()
image.delete()
os.remove(mount_file)
flag = True
break
if flag:
continue
fsystem.dismount_image()
""" read FS structures once more from scratch """
del fsystem
fsystem = fsclass(mount_file, mountpoint)
fsystem.fs_init()
flag = False
""" Implement time """
for ti in time_command_list:
try:
pass
fsystem.change_time(ti[0], dict(all=ti[1]))
except ForensicError as fe:
failed_list.append([i, fe])
uitools.errlog(fe)
os.remove(mount_file)
image.delete()
flag = True
break
if flag:
continue
del fsystem
fsystem = fsclass(mount_file, mountpoint)
fsystem.fs_init()
""" implement actions """
flag = False
for act in file_action_list:
try:
fsystem.implement_action(act)
except ForensicError as fe:
failed_list.append([i, fe])
uitools.errlog(fe)
os.remove(mount_file)
image.delete()
flag = True
break
if flag:
continue
""" Finally - do file system specific cleanup actions
for NTFS this means setting . in $MftMirr to correspond to $Mft """
try:
fsystem.fs_finalise()
except ForensicError as fe:
failed_list.append([i, fe])
uitools.errlog(fe)
os.remove(mount_file)
image.delete()
continue
succeed_list.append(i)
if removed_chmod != None:
setattr(os, "chmod", removed_chmod)
return [succeed_list, failed_list]
def processWebhistory(self):
try:
self.filesystem = FileSystem.objects.filter(name="NTFS")[0]
except:
raise ForensicError("no NTFS")
t_urls = self.url_set.filter(group=0)
s_urls = self.url_set.exclude(group=0)
t_searches = self.searchengine_set.filter(group=0)
s_searches = self.searchengine_set.exclude(group=0)
command = self.filesystem.get_create_function()
fsclass = self.filesystem.get_class()
mountpoint = Chelper().mountpoint
prefix = Chelper().prefix
uclass = self.method.get_hide_class()
webm = uclass(self.filesystem)
rdict = webm.hide_url(trivial_urls=t_urls,
secret_urls=s_urls,
amount=self.ntocreate,
secret_searches=s_searches,
trivial_searches=t_searches)
if rdict["status"] == 2:
raise ForensicError(rdict["message"])
i = 0
failed_list = []
for r in rdict["results"]:
i += 1
if r["status"] != "OK":
continue
iname = self.name + "-" + str(i)
fcr = command(size=r["size"],
garbage=False,
clustersize=8,
name=iname)
if fcr != 0:
uitools.errlog("something may be wrong, image not created")
failed_list.append([i, "Unable to create image file"])
continue
mount_file = self.getLongFilename(iname)
fsystem = fsclass(mount_file, mountpoint)
fsystem.fs_init()
if fsystem.mount_image() != 0:
failed_list.append([i, "Cannot mount image file"])
uitools.errlog("--- Cannot mount file, image not processed")
os.remove(mount_file)
continue
try:
cdir = os.getcwd()
os.chdir(mountpoint)
except:
fsystem.dismount_image()
os.remove(mount_file)
failed_list.append([i, "unable to change directory"])
continue
cres = call(["/bin/tar", "xf", r["fname"]], shell=False)
if cres != 0:
uitools.errlog("Unable to untar %s" % r["fname"])
fsystem.dismount_image()
os.remove(mount_file)
failed_list.append([i, "unable to untar"])
continue
os.chdir(cdir)
fsystem.dismount_image()