def set_file_format_table(file_name, load_db_path):
query = 'SELECT flag FROM file_format ORDER BY flag DESC LIMIT 1'
flag_last = SQLite3.execute_fetch_query(query, load_db_path)[0]
query = 'SELECT count(*) FROM "%s" WHERE format = "%s"' % ("file_format", file_name)
flag = '%d' % SQLite3.execute_fetch_query(query, load_db_path)
if flag == '0':
query = 'INSERT INTO file_format(format, flag) VALUES("%s", %d)' % (file_name, flag_last+1)
SQLite3.execute_commit_query(query, load_db_path)
def get_custom_app_name(preprocess_db_path):
if not os.path.exists(APP_PACKAGE_CONF_PATH):
logger.error('Not exist the config (\"%s\").' %
APP_PACKAGE_CONF_PATH)
return False
try:
f = open(APP_PACKAGE_CONF_PATH, 'r')
except Exception as e:
logger.error("Fail to open file [%s]" % APP_PACKAGE_CONF_PATH)
return False
lines = f.readlines()
for line in lines:
if not line: break
line = line.strip()
line = line.replace(" ", "")
line = line.replace("\t", "")
package_name = line.split(",")[0]
app_name = line.split(",")[1]
query = 'SELECT app_name FROM package_info WHERE package_name = "%s"' % package_name
ret = SQLite3.execute_fetch_query(query, preprocess_db_path)
if ret != None:
if ret[0] == "":
query = 'UPDATE package_info set app_name = "%s" WHERE package_name = "%s"' % (
app_name, package_name)
SQLite3.execute_commit_query(query, preprocess_db_path)
f.close()
def get_permission_id(name, preprocess_db_path):
query = 'SELECT rowid FROM permission_info WHERE permission_name = "%s"' % name
ret = SQLite3.execute_fetch_query(query, preprocess_db_path)
if ret:
return ret[0]
else:
return False
def set_file_format_table_to_loaddb(list_dic_file_format_signature, load_db_path):
for i in range(len(list_dic_file_format_signature)):
format_name = list_dic_file_format_signature[i]['format']
format_flag = i+1
query = 'SELECT count(*) FROM "file_format" WHERE format = "%s"' % format_name
if(SQLite3.execute_fetch_query(query, load_db_path)[0]) == 0:
query = 'INSERT INTO file_format(format, flag) VALUES("%s", %d)' % (format_name, format_flag)
SQLite3.execute_commit_query(query, load_db_path)
def set_loaddb(load_db_path): # create a id_package column in loaddb's tsk_files table query = "SELECT sql FROM sqlite_master WHERE name='tsk_files' AND sql LIKE '%id_package%'" if(SQLite3.execute_fetch_query(query, load_db_path)) == None: query = "ALTER TABLE tsk_files ADD id_package INTEGER DEFAULT 0 NOT NULL" SQLite3.execute_commit_query(query, load_db_path) # create a format column in loaddb's tsk_files table query = "SELECT sql FROM sqlite_master WHERE name='tsk_files' AND sql LIKE '%format%'" if(SQLite3.execute_fetch_query(query, load_db_path)) == None: query = "ALTER TABLE tsk_files ADD format INTEGER DEFAULT 0 NOT NULL" SQLite3.execute_commit_query(query, load_db_path) # create a file_format table in loaddb query = 'SELECT count(*) FROM sqlite_master WHERE name = "file_format"' if SQLite3.execute_fetch_query(query, load_db_path)[0] == 0: query = "CREATE TABLE file_format (format TEXT, flag INTEGER)" SQLite3.execute_commit_query(query, load_db_path)
def classify_with_file_name(file_name, load_db_path): query = 'SELECT flag FROM file_format WHERE format = "%s"' % file_name flag_signature = SQLite3.execute_fetch_query(query, load_db_path)[0] if file_name == "SQLITEDB_JOURNAL": query = 'UPDATE tsk_files set format = %d WHERE name LIKE ' % flag_signature query2 = '"%-journal" and dir_type !=3 and dir_flags != 2 and type = 0 and size != 0' # print(query + query2) SQLite3.execute_commit_query(query + query2, load_db_path) elif file_name == "APK": query = 'UPDATE tsk_files set format = %d WHERE name LIKE ' % flag_signature query2 = '"%.apk" and dir_type !=3 and dir_flags != 2 and type = 0 and size != 0' SQLite3.execute_commit_query(query + query2, load_db_path) else: return 0
def do_compare(list_file_inode, image_file_path, size_buf, list_dic_file_format_signature, load_db_path, result):
for i in range(0, len(list_file_inode)):
inode = '%d' % list_file_inode.pop()
header = TSK.get_file_buffer(image_file_path, int(inode), size_buf)
header_hex = b2a_hex(header)
# insert_file_signature_to_loaddb
format_name = Classifier.compare_signature(header_hex, list_dic_file_format_signature)
if format_name != False:
query = 'SELECT flag FROM file_format WHERE format = "%s"' % format_name
flag_signature = SQLite3.execute_fetch_query(query, load_db_path)
if flag_signature != None:
query = 'UPDATE tsk_files set format = %d WHERE meta_addr = %d and dir_flags != 2 and type = 0' % (int(flag_signature[0]), int(inode))
# print("query: ", query)
SQLite3.execute_commit_query(query, load_db_path)
result.put(len(list_file_inode))