class UserAccounts(IMiscSource):
version = [18, 19, 20, 21]
catalog_id = Catalog.CATALOG_DEVINFO
title = Label("Accounts", "accounts")
relative_directories = ["system", "users", re.compile("^\d+$")]
knownfiles = {
"accounts.db":
KnownFile(
ParserType.TYPE_SQLITE3, {
Label("Accounts", "accounts"): [
KnownFieldSQL(
FieldType.TYPE_ARRAY,
"""
SELECT *
FROM accounts
""",
contents=[
KnownFieldSQL(FieldType.TYPE_STR, None,
"Account ID", "_id"),
KnownFieldSQL(FieldType.TYPE_STR, None, "Name",
"name"),
KnownFieldSQL(FieldType.TYPE_STR, None, "Type",
"type"),
KnownFieldSQL(FieldType.TYPE_STR, None,
"Password (Hash)", "password"),
]),
],
})
}
class UsageStats(IMiscSource):
version = []
catalog_id = Catalog.CATALOG_LOGS
title = Label("Usage Stats", "usage_stats")
relative_directories = ["system", "usagestats"]
knownfiles = {
"usage-history.xml":
KnownFile(
ParserType.TYPE_XML, {
Label("Usage Stats", "usage_stats"): [
KnownFieldXML(
FieldType.TYPE_ARRAY,
"./pkg/comp",
"usage_stats",
contents=[
KnownFieldXML(FieldType.TYPE_STR,
".",
"activity_name",
"Activity",
read_type=ReadTypeXML.READ_ATTR,
attr="name"),
KnownFieldXML(FieldType.TYPE_DATE,
".",
"last_run",
"Last Run Time",
read_type=ReadTypeXML.READ_ATTR,
attr="lrt",
converter=ConvertUtils.JsToUnix)
])
]
})
}
class UserAccountsOld(IMiscSource):
version = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]
catalog_id = Catalog.CATALOG_DEVINFO
title = Label("Accounts", "accounts")
relative_directories = ["system"]
knownfiles = {
"accounts.db":
KnownFile(
ParserType.TYPE_SQLITE3, {
Label("Accounts", "accounts"): [
KnownFieldSQL(
FieldType.TYPE_ARRAY,
"""
SELECT *
FROM accounts
""",
contents=[
KnownFieldSQL(FieldType.TYPE_STR, None,
"Account ID", "_id"),
KnownFieldSQL(FieldType.TYPE_STR, None, "Name",
"name"),
KnownFieldSQL(FieldType.TYPE_STR, None, "Type",
"type"),
KnownFieldSQL(FieldType.TYPE_STR, None,
"Password (Hash)", "password"),
]),
],
})
}
class SyncAccounts(IMiscSource):
version = []
catalog_id = Catalog.CATALOG_DEVINFO
title = Label("Accounts", "accounts")
relative_directories = ["system", "sync"]
knownfiles = {
"accounts.xml":
KnownFile(
ParserType.TYPE_XML, {
Label("Sync Accounts", "sync_accounts"): [
KnownFieldXML(
FieldType.TYPE_ARRAY,
"./authority",
"sync_accounts",
contents=[
KnownFieldXML(FieldType.TYPE_STR,
".",
"account_id",
"Id",
read_type=ReadTypeXML.READ_ATTR,
attr="id"),
KnownFieldXML(FieldType.TYPE_STR,
".",
"account_name",
"Account",
read_type=ReadTypeXML.READ_ATTR,
attr="account"),
KnownFieldXML(FieldType.TYPE_STR,
".",
"owning_user",
"Owning User",
read_type=ReadTypeXML.READ_ATTR,
attr="user"),
KnownFieldXML(FieldType.TYPE_STR,
".", "account_type"
"Account Type",
read_type=ReadTypeXML.READ_ATTR,
attr="type"),
KnownFieldXML(FieldType.TYPE_STR,
".",
"authority",
"Authority",
read_type=ReadTypeXML.READ_ATTR,
attr="authority"),
KnownFieldXML(FieldType.TYPE_STR,
".",
"enabled",
"Enabled",
read_type=ReadTypeXML.READ_ATTR,
attr="enabled"),
KnownFieldXML(FieldType.TYPE_STR,
".",
"sync_enabled",
"Sync Enabled",
read_type=ReadTypeXML.READ_ATTR,
attr="syncable"),
])
]
})
}
class ContactsAccounts(IMiscSource):
version = []
catalog_id = Catalog.CATALOG_DEVINFO
title = Label("Accounts", "accounts")
relative_directories = ["data", "com.android.providers", "databases"]
knownfiles = {
"contacts2.db":
KnownFile(
ParserType.TYPE_SQLITE3, {
Label("Contacts Accounts", "contacts_accounts"): [
KnownFieldSQL(FieldType.TYPE_ARRAY,
"""
SELECT *
FROM accounts
""",
contents=[
KnownFieldSQL(FieldType.TYPE_STR, None,
"Account ID", "_id"),
KnownFieldSQL(FieldType.TYPE_STR, None,
"Name", "account_name"),
KnownFieldSQL(FieldType.TYPE_STR, None,
"Type", "account_type"),
]),
],
})
}
class SmsMms(IMiscSource):
version = []
catalog_id = Catalog.CATALOG_COMMS
title = Label("Telephony", "telephony")
relative_directories = [
"data", "com.android.providers.telephony", "databases"
]
knownfiles = {
"mmssms.db":
KnownFile(
ParserType.TYPE_SQLITE3, {
Label("SMS Messages", "sms_messages"): [
KnownFieldSQL(
FieldType.TYPE_ARRAY,
"""SELECT * FROM sms""",
contents=[
KnownFieldSQL(FieldType.TYPE_STR, None,
"Message ID", "_id"),
KnownFieldSQL(FieldType.TYPE_STR,
None,
"Status",
"status",
converter=SMS_TP_Status2text),
KnownFieldSQL(FieldType.TYPE_STR,
None,
"Type",
"type",
converter=lambda val: "Outgoing"
if val == 2 else "Incoming"),
KnownFieldSQL(FieldType.TYPE_DATE,
None,
"Date Send",
"date_sent",
converter=sendDateParse),
KnownFieldSQL(FieldType.TYPE_DATE,
None,
"Local Date",
"date",
converter=ConvertUtils.JsToUnix),
KnownFieldSQL(FieldType.TYPE_STR, None, "From/To",
"address"),
KnownFieldSQL(FieldType.TYPE_STR,
None,
"Seen",
"seen",
converter=lambda val: "Yes"
if val == 1 else "No"),
KnownFieldSQL(FieldType.TYPE_STR, None, "Message",
"body"),
]),
],
})
}
class LockSettings(IMiscSource):
version = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17]
catalog_id = Catalog.CATALOG_DEVINFO
title = Label("Screen Lock", "screen_lock")
relative_directories = [
"data", "com.android.providers.settings", "databases"
]
knownfiles = {
"settings.db":
KnownFile(
ParserType.TYPE_SQLITE3, {
Label("Lock Settings", "lock_settings"): [
KnownFieldSQL(
FieldType.TYPE_STR,
"""
SELECT value FROM
secure
WHERE name = 'lock_screen_owner_info'
""",
"Owner Info",
"lock_screen_owner_info",
),
KnownFieldSQL(
FieldType.TYPE_STR,
"""
SELECT value FROM
secure
WHERE name = 'lockscreen.password_salt'
""",
"Password Salt",
"password_salt",
),
KnownFieldSQL(FieldType.TYPE_STR,
"""
SELECT value FROM
locksettings
WHERE name = 'lockscreen.password_type'
""",
"Password Quality",
"lockscreen.password_type",
converter=password_type_tostr),
]
})
}
class Calls(IMiscSource):
version = []
catalog_id = Catalog.CATALOG_COMMS
title = Label("Telephony", "telephony")
relative_directories = [
"data", "com.android.providers.contacts", "databases"
]
knownfiles = {
"contacts2.db":
KnownFile(
ParserType.TYPE_SQLITE3, {
Label("Calls", "calls"): [
KnownFieldSQL(
FieldType.TYPE_ARRAY,
"""SELECT * FROM calls""",
contents=[
KnownFieldSQL(FieldType.TYPE_DATE,
None,
"Date",
"date",
converter=ConvertUtils.JsToUnix),
KnownFieldSQL(FieldType.TYPE_INT,
None,
"Type",
"type",
converter=callTypeToStr),
KnownFieldSQL(FieldType.TYPE_STR, None, "Number",
"number"),
KnownFieldSQL(FieldType.TYPE_STR, None, "Contact",
"name"),
KnownFieldSQL(FieldType.TYPE_STR, None,
"Duration (seconds)", "duration"),
KnownFieldSQL(FieldType.TYPE_STR, None,
"Number Geolocation",
"geocoded_location"),
])
]
})
}
class Bluetooth(IMiscSource):
version = []
catalog_id = Catalog.CATALOG_NETWORKING
title = Label("Bluetooth Information", "bluetooth_info")
relative_directories = ["misc", "bluedroid"]
knownfiles = {
"bt_config.xml":
KnownFile(
ParserType.TYPE_XML, {
Label("Device Info", "device_info"): [
KnownFieldXML(
FieldType.TYPE_STR,
"*[@Tag='Local']/*[@Tag='Adapter']/*[@Tag='Address']",
"device_hardware_address", "Device Hardware Address"),
],
Label("Paired Devices", "paired_devices"): [
KnownFieldXML(
FieldType.TYPE_CONTAINER,
"*[@Tag='Remote']",
"paired_devices",
contents=[
KnownFieldXML(FieldType.TYPE_STR,
".",
"device_hardware_address",
"Device Hardware Address",
read_type=ReadTypeXML.READ_ATTR,
attr="Tag"),
KnownFieldXML(FieldType.TYPE_DATE,
"./*[@Tag='Timestamp']", "pair_date",
"Pair Date"),
KnownFieldXML(FieldType.TYPE_STR,
"./*[@Tag='Name']", "device_name",
"Device Name")
])
]
})
}
class Packages(IMiscSource):
version = []
catalog_id = Catalog.CATALOG_APPS
title = Label("Packages & Permissions", "packages")
relative_directories = ["system"]
knownfiles = {
"packages.xml":
KnownFile(
ParserType.TYPE_XML,
{
Label(STR_INSTALLED_APPLICATIONS, "installed_apps"):
[ #XXX add signatures as well?
KnownFieldXML(
FieldType.TYPE_ARRAY,
["./package", "./updated-package", "./shared-user"],
"applications",
contents=[
KnownFieldXML(FieldType.TYPE_STR,
".",
"name",
"Package Name",
read_type=ReadTypeXML.READ_ATTR,
attr="name"),
KnownFieldXML(FieldType.TYPE_STR,
".",
"codePath",
"APK Path",
read_type=ReadTypeXML.READ_ATTR,
attr="codePath"),
#Flags information can be found under
#/frameworks/base/core/java/android/content/pm/ApplicationInfo.java:34
KnownFieldXML(FieldType.TYPE_INT,
".",
"flags",
"Flags",
read_type=ReadTypeXML.READ_ATTR,
attr="flags"),
KnownFieldXML(FieldType.TYPE_DATE,
".",
"ft",
"First Install Time",
read_type=ReadTypeXML.READ_ATTR,
attr="ft",
converter=ConvertUtils.HexToUnix),
KnownFieldXML(FieldType.TYPE_DATE,
".",
"it",
"Install Time",
read_type=ReadTypeXML.READ_ATTR,
attr="it",
converter=ConvertUtils.HexToUnix),
KnownFieldXML(FieldType.TYPE_DATE,
".",
"ut",
"Update Time",
read_type=ReadTypeXML.READ_ATTR,
attr="ut",
converter=ConvertUtils.HexToUnix),
KnownFieldXML(
FieldType.TYPE_STR,
".",
"version",
"Version",
read_type=ReadTypeXML.READ_ATTR,
attr="version",
),
KnownFieldXML(
FieldType.TYPE_STR,
".",
"userId",
"User ID",
read_type=ReadTypeXML.READ_ATTR,
attr="userId",
),
KnownFieldXML(
FieldType.TYPE_STR,
".",
"installer",
"Installer",
read_type=ReadTypeXML.READ_ATTR,
attr="installer",
),
KnownFieldXML(
FieldType.TYPE_CONTAINER,
"./perms",
"permissions",
"Permissions",
contents=[
KnownFieldXML(
FieldType.TYPE_STR,
".",
"name",
"Permission",
read_type=ReadTypeXML.READ_ATTR,
attr="name")
])
])
],
Label(STR_AVAILABLE_PERMISSIONS, "available_permissions"): [
KnownFieldXML(FieldType.TYPE_CONTAINER,
"./permissions",
"available_permissions",
contents=[
KnownFieldXML(
FieldType.TYPE_STR,
".",
"name",
"Name",
read_type=ReadTypeXML.READ_ATTR,
attr="name"),
KnownFieldXML(
FieldType.TYPE_STR,
".",
"package",
"Package",
read_type=ReadTypeXML.READ_ATTR,
attr="package"),
KnownFieldXML(
FieldType.TYPE_STR,
".",
"protection",
"Protection",
read_type=ReadTypeXML.READ_ATTR,
attr="protection",
converter=protectionToFlags)
])
],
Label(STR_PLATFORM_VERSION, "platform_version"): [
KnownFieldXML(FieldType.TYPE_STR,
"./last-platform-version",
"platform_version",
"Platform Version",
read_type=ReadTypeXML.READ_ATTR,
attr="internal"),
]
})
}
class Contacts(IMiscSource):
version = []
catalog_id = Catalog.CATALOG_COMMS
title = Label("Contacts", "contacts")
relative_directories = [
"data", "com.android.providers.contacts", "databases"
]
knownfiles = {
"contacts2.db":
KnownFile(
ParserType.TYPE_SQLITE3, {
Label("Contacts", "contacts"): [
KnownFieldSQL(
FieldType.TYPE_ARRAY,
"""
SELECT DISTINCT
data._id AS _id,
data.raw_contact_id AS person,
data.is_primary AS isprimary,
data.data1 AS number,
data.data2 AS num_type,
data.data3 AS label,
data.data1 AS number_key,
name.data1 AS name,
raw_contacts.display_name AS display_name,
note.data1 AS notes,
view_v1_people.account_name,
view_v1_people.account_type,
raw_contacts.times_contacted AS times_contacted,
raw_contacts.last_time_contacted AS last_time_contacted,
raw_contacts.custom_ringtone AS custom_ringtone,
raw_contacts.send_to_voicemail AS send_to_voicemail,
raw_contacts.starred AS starred,
raw_contacts.deleted AS deleted,
organization._id AS primary_organization,
email._id AS primary_email,
phone._id AS primary_phone,
phone.data1 AS pnumber,
phone.data2 AS ptype,
phone.data3 AS plabel,
phone.data1 AS pnumber_key
FROM data
JOIN phone_lookup
ON ( data._id = phone_lookup.data_id )
JOIN mimetypes
ON ( mimetypes._id = data.mimetype_id )
JOIN raw_contacts
ON ( raw_contacts._id = data.raw_contact_id )
JOIN view_v1_people
ON ( raw_contacts._id = view_v1_people._id )
LEFT OUTER JOIN data name
ON ( raw_contacts._id = name.raw_contact_id
AND (
SELECT mimetype
FROM mimetypes
WHERE mimetypes._id = name.mimetype_id
) = 'vnd.android.cursor.item/name' )
LEFT OUTER JOIN data organization
ON ( raw_contacts._id = organization.raw_contact_id
AND (
SELECT mimetype
FROM mimetypes
WHERE mimetypes._id =
organization.mimetype_id
) = 'vnd.android.cursor.item/organization'
AND organization.is_primary )
LEFT OUTER JOIN data email
ON ( raw_contacts._id = email.raw_contact_id
AND
(
SELECT mimetype
FROM mimetypes
WHERE mimetypes._id =
email.mimetype_id
) = 'vnd.android.cursor.item/email_v2'
AND email.is_primary )
LEFT OUTER JOIN data note
ON ( raw_contacts._id = note.raw_contact_id
AND (
SELECT mimetype
FROM mimetypes
WHERE mimetypes._id = note.mimetype_id
) = 'vnd.android.cursor.item/note' )
LEFT OUTER JOIN data phone
ON ( raw_contacts._id = phone.raw_contact_id
AND (
SELECT mimetype
FROM mimetypes
WHERE mimetypes._id =
phone.mimetype_id
) = 'vnd.android.cursor.item/phone_v2'
AND phone.is_primary )
WHERE
mimetypes.mimetype = 'vnd.android.cursor.item/phone_v2'
""",
contents=[
KnownFieldSQL(FieldType.TYPE_STR, None,
"Person ID", "person"),
KnownFieldSQL(FieldType.TYPE_STR, None, "Name",
"name"),
KnownFieldSQL(FieldType.TYPE_STR, None, "Number",
"number"),
KnownFieldSQL(FieldType.TYPE_INT,
None,
"Type",
"num_type",
converter=phoneType2Text),
KnownFieldSQL(FieldType.TYPE_STR, None, "Label",
"label"),
KnownFieldSQL(FieldType.TYPE_STR, None,
"Times Contacted",
"times_contacted"),
KnownFieldSQL(
FieldType.TYPE_DATE,
None,
"Last Contact Date",
"last_time_contacted",
converter=ConvertUtils.JsToUnix),
KnownFieldSQL(FieldType.TYPE_STR, None, "Notes",
"notes"),
KnownFieldSQL(FieldType.TYPE_STR, None, "Account",
"account_name"),
KnownFieldSQL(FieldType.TYPE_STR, None,
"Account Type", "account_type")
])
]
})
}
class LockSettings(IMiscSource):
version = []
catalog_id = Catalog.CATALOG_DEVINFO
title = Label("Screen Lock", "screen_lock")
relative_directories = ["system"]
knownfiles = {
"locksettings.db":
KnownFile(
ParserType.TYPE_SQLITE3, {
Label("Lock Settings", "lock_settings"): [
KnownFieldSQL(FieldType.TYPE_STR,
"""
SELECT value FROM
locksettings
WHERE name = 'lock_screen_owner_info_enabled'
""",
"Owner Info Display",
"lock_screen_owner_info_enabled",
converter=lambda val: "Enabled"
if val == '1' else "Disabled"),
KnownFieldSQL(
FieldType.TYPE_STR,
"""
SELECT value FROM
locksettings
WHERE name = 'lock_screen_owner_info'
""",
"Owner Info",
"lock_screen_owner_info",
),
KnownFieldSQL(FieldType.TYPE_STR,
"""
SELECT value FROM
locksettings
WHERE name = 'lockscreen.disabled'
""",
"Lock Screen",
"lockscreen.disabled",
converter=lambda val: "Disabled"
if val == '1' else "Enabled"),
KnownFieldSQL(
FieldType.TYPE_STR,
"""
SELECT value FROM
locksettings
WHERE name = 'lockscreen.password_salt'
""",
"Password Salt",
"password_salt",
),
KnownFieldSQL(FieldType.TYPE_STR,
"""
SELECT value FROM
locksettings
WHERE name = 'lockscreen.password_type'
""",
"Password Quality",
"lockscreen.password_type",
converter=password_type_tostr),
]
}),
"password.key":
KnownFile(
ParserType.TYPE_REGEX, {
Label("Lock Settings", "lock_settings"): [
KnownField(FieldType.TYPE_STR, "(.*)", "password_hash",
"Password Hash")
]
}),
"gesture.key":
KnownFile(
ParserType.TYPE_BINARY, {
Label("Lock Settings", "lock_settings"): [
KnownFieldBin(BinaryClass.ASCII_STRING, BinaryRead.EOF,
"gesture_hash", "Gesture Hash",
ConvertUtils.BintoASCII)
]
}),
"device_policies.xml":
KnownFile(
ParserType.TYPE_XML, {
Label("Lock Settings", "lock_settings"): [
KnownFieldXML(FieldType.TYPE_STR,
"./active-password", "password_length"
"Password Length",
read_type=ReadTypeXML.READ_ATTR,
attr="length"),
KnownFieldXML(FieldType.TYPE_STR,
"./active-password",
"password_quality_journal",
"Password Quality (Journal)",
read_type=ReadTypeXML.READ_ATTR,
attr="quality",
converter=password_type_tostr),
KnownFieldXML(FieldType.TYPE_STR,
"./active-password",
"num_letters",
"Letter Digits #",
read_type=ReadTypeXML.READ_ATTR,
attr="letters"),
KnownFieldXML(FieldType.TYPE_STR,
"./active-password",
"num_nonletter",
"Non-letter Digits #",
read_type=ReadTypeXML.READ_ATTR,
attr="length"),
KnownFieldXML(FieldType.TYPE_STR,
"./active-password",
"num_lowercase",
"Lowercase Digits #",
read_type=ReadTypeXML.READ_ATTR,
attr="lowercase"),
KnownFieldXML(FieldType.TYPE_STR,
"./active-password",
"num_uppercase",
"Uppercase Digits #",
read_type=ReadTypeXML.READ_ATTR,
attr="uppercase"),
KnownFieldXML(FieldType.TYPE_STR,
"./active-password",
"num_numbers",
"Numeric Digits #",
read_type=ReadTypeXML.READ_ATTR,
attr="numeric"),
KnownFieldXML(FieldType.TYPE_STR,
"./active-password",
"num_symbols",
"Symbol Digits #",
read_type=ReadTypeXML.READ_ATTR,
attr="symbols"),
]
})
}
class SELinuxLog(IMiscSource):
version = []
catalog_id = Catalog.CATALOG_LOGS
title = Label("SELinux Audit Log", "selinux")
relative_directories = ["misc", "audit"]
knownfiles = {
"audit.log":
KnownFile(
ParserType.TYPE_REGEX, {
Label("File System Logs", "filesyste_logs"): [
KnownField(
FieldType.TYPE_CONTAINER,
"(.*?tclass=(dir|file|ipc|fifo_file|chr_file|" +
"filesystem|lnk_file|association|fd|" +
"sock_file|unix_stream_socket|netlink_nflog_socket))\n",
"logs_container",
contents=[
KnownField(FieldType.TYPE_DATE, "msg=audit\((\d*)",
"date", "Date"),
KnownField(FieldType.TYPE_STR, "avc:\s+?(\w+)",
"action", "Action"),
KnownField(FieldType.TYPE_STR, "\{\s+?(\w+)\s+}",
"permission", "Permission"),
KnownField(FieldType.TYPE_STR, "pid=(\d+)", "pid",
"PID"),
KnownField(FieldType.TYPE_STR, "comm=\"(.*?)\"",
"command", "Command"),
KnownField(FieldType.TYPE_STR,
"name=\"(.*?)\"|group=\"(.*?)\"",
"name", "Name/Path"),
KnownField(FieldType.TYPE_STR, "dev=(\w+)\s",
"dev", "Device"),
KnownField(FieldType.TYPE_STR, "ino=(\d+)\s",
"inode", "inode"),
KnownField(FieldType.TYPE_STR, "scontext=(.*?)\s",
"source_context", "Source Context"),
KnownField(FieldType.TYPE_STR, "tcontext=(.*?)\s",
"target_context", "Target Context"),
KnownField(FieldType.TYPE_STR, "tclass=(.*)",
"target_class", "Target Class")
])
],
Label("Networking", "networking_logs"): [
KnownField(
FieldType.TYPE_CONTAINER,
"(.*?tclass=(key_socket|netif|netlink_socket|" +
"netlink_audit_socket|netlink_ip6fw_socket|" +
"netlink_kobject_uevent_socket|" +
"netlink_route_socket|" + "netlink_selinux_socket|" +
"netlink_tcpdiag_socket|netlink_xfrm_socket|" +
"node|packet|packet_socket|peer|rawip_socket|" +
"socket|tcp_socket|tun_socket|udp_socket|" +
"unix_dgram_socket))\n",
"logs_container",
contents=[
KnownField(FieldType.TYPE_DATE, "msg=audit\((\d*)",
"date", "Date"),
KnownField(FieldType.TYPE_STR, "avc:\s+?(\w+)",
"action", "Action"),
KnownField(FieldType.TYPE_STR, "\{\s+?(\w+)\s+}",
"permission", "Permission"),
KnownField(FieldType.TYPE_STR, "pid=(\d+)", "pid",
"PID"),
KnownField(FieldType.TYPE_STR, "comm=\"(.*?)\"",
"command", "Command"),
KnownField(FieldType.TYPE_STR,
"src=(\d+)|lport=(\d+)", "source",
"Source/Bind Port"),
KnownField(FieldType.TYPE_STR, "dest=(\d+)",
"dest", "Destination"),
KnownField(FieldType.TYPE_STR, "scontext=(.*?)\s",
"source_context", "Source Context"),
KnownField(FieldType.TYPE_STR, "tcontext=(.*?)\s",
"target_context", "Target Context"),
KnownField(FieldType.TYPE_STR, "tclass=(.*)",
"target_class", "Target Class")
])
],
}),
}
class WiFi(IMiscSource):
version = []
catalog_id = Catalog.CATALOG_NETWORKING
title = Label("Wifi Information", "wifi_info")
relative_directories = ["misc", "wifi"]
knownfiles = {
"wpa_supplicant.conf":
KnownFile(
ParserType.TYPE_REGEX, {
Label("Device Info", "device_info"): [
KnownField(FieldType.TYPE_STR, "ctrl_interface=(.*?)\n",
"interface", "Wifi Interface"),
KnownField(FieldType.TYPE_STR, "device_name=(.*?)\n",
"dev_name"
"Device Name"),
KnownField(FieldType.TYPE_STR, "manufacturer=(.*?)\n",
"manufacturer", "Manufacturer")
],
Label("Connected Networks", "connected_networks"): [
KnownField(
FieldType.TYPE_CONTAINER,
"network=\{[\s\S.]*?\}",
"connected_networks",
"networks_container",
contents=[
KnownField(FieldType.TYPE_STR, "ssid=(.*?)\n",
"ssid", "Network SSID"),
KnownField(FieldType.TYPE_STR, "bssid=(.*?)\n",
"ap_address", "AP Address"),
KnownField(FieldType.TYPE_STR, "key_mgmt=(.*?)\n",
"security", "Security"),
KnownField(FieldType.TYPE_STR, "psk=(.*?)\n",
"password", "Password"),
KnownField(FieldType.TYPE_STR, "priority=(.*?)\n",
"priority", "Network Priority")
])
]
}),
"hostapd.conf":
KnownFile(
ParserType.TYPE_REGEX, {
Label("Wifi Tethering", "wifi_tethering"): [
KnownField(FieldType.TYPE_STR, "interface=(.*?)\n",
"tethering_interface", "Tethering Interface"),
KnownField(FieldType.TYPE_STR, "ssid=(.*?)\n",
"network_name", "Network Name"),
KnownField(FieldType.TYPE_STR, "channel=(.*?)\n",
"channel", "Channel"),
KnownField(FieldType.TYPE_STR, "wpa_psk=(.*?)\n",
"wpa_passkey", "WPA Passkey")
]
}),
"softap.conf":
KnownFile(
ParserType.TYPE_BINARY, {
Label("Wifi Tethering", "wifi_tethering"): [
KnownFieldBin(BinaryClass.ENUMERATION, BinaryRead.INTEGER,
"file_version", "File Version",
{1: "VERSION 1"}),
KnownFieldBin(BinaryClass.CONSUME, BinaryRead.SHORT,
"ssidlength", None),
KnownFieldBin(BinaryClass.UTF8, "ssidlength", "ap_name",
"AP Network Name (Software)"),
KnownFieldBin(
BinaryClass.ENUMERATION, BinaryRead.INTEGER,
"auth_type", "Security", {
0: "NONE",
1: "WPA_PSK",
2: "WPA_EAP",
3: "IEEE8021X",
4: "WPA2_PSK"
}),
KnownFieldBin(BinaryClass.CONSUME, BinaryRead.SHORT,
"passlength", None),
KnownFieldBin(BinaryClass.UTF8, "passlength", "pass",
"Password (Plain)")
]
})
}