def module_run(self):
self.printer.info("Looking for Binary Cookies files...")
# Compose cmd string
dirs = [
self.APP_METADATA['bundle_directory'],
self.APP_METADATA['data_directory']
]
dirs_str = ' '.join(dirs)
cmd = '{bin} {dirs_str} -type f -name "*binarycookies"'.format(
bin=self.device.DEVICE_TOOLS['FIND'], dirs_str=dirs_str)
out = self.device.remote_op.command_blocking(cmd)
# No files found
if not out:
self.printer.error("No Binary Cookies files found")
return
# Save list
self.add_issue('Binary Cookies files detected', out, 'INVESTIGATE',
None)
# Add data protection class
self.printer.info("Retrieving data protection classes...")
retrieved_files = self.device.app.get_dataprotection(out)
# Analysis
self.printer.info(
"The following Binary Cookies files have been found:")
if self.options['analyze']:
# Show Menu
remote_name = choose_from_list_data_protection(retrieved_files)
local_name = self.device.app.convert_path_to_filename(
remote_name, self.APP_METADATA)
# Save it locally and analyze it
self.save_file(remote_name, local_name, analyze=True)
else:
# Only list files, do not prompt the user
choose_from_list_data_protection(retrieved_files, choose=False)
# Dump all
if self.options['dump_all']:
self.printer.notify('Dumping all Binary Cookies files...')
for fname in out:
remote_name = Utils.escape_path(fname)
# Convert the path to a valid filename
local_name = self.device.app.convert_path_to_filename(
fname, self.APP_METADATA)
# Save it locally
self.save_file(remote_name, local_name)
def module_run(self):
self.printer.info("Looking for Cache.db files...")
# Compose cmd string
dirs = [
self.APP_METADATA['bundle_directory'],
self.APP_METADATA['data_directory']
]
dirs_str = ' '.join(dirs)
cmd = '{bin} {dirs_str} -type f -name "*Cache.db"'.format(
bin=self.device.DEVICE_TOOLS['FIND'], dirs_str=dirs_str)
out = self.device.remote_op.command_blocking(cmd)
# No files found
if not out:
self.printer.info("No Cache.db files found")
return
# Add data protection class
self.printer.info("Retrieving data protection classes...")
retrieved_files = self.device.app.get_dataprotection(out)
# Show Menu
self.printer.info("The following Cache.db files have been found:")
if self.options['analyze']:
option = choose_from_list_data_protection(retrieved_files)
# Pull file
fname = Utils.extract_filename_from_path(option)
temp_file = self.local_op.build_temp_path_for_file(self, fname)
self.device.pull(option, temp_file)
# Analyze it with SQLite
self.printer.info("Spawning SQLite3 console...")
cmd_headers = ' -header' if self.options['headers'] else ''
cmd_column = ' -column' if self.options['column_mode'] else ''
cmd_csv = ' -csv' if self.options['csv_mode'] else ''
cmd = '{bin} {header} {column} {csv} {db}'.format(
bin=self.TOOLS_LOCAL['SQLITE3'],
header=cmd_headers,
column=cmd_column,
csv=cmd_csv,
db=temp_file)
self.local_op.command_interactive(cmd)
# Delete file
self.local_op.delete_temp_file(self, fname)
else:
# Only list files, do not prompt the user
choose_from_list_data_protection(retrieved_files, choose=False)
def module_run(self):
self.printer.info("Looking for Binary Cookies files...")
# Compose cmd string
dirs = [self.APP_METADATA['bundle_directory'], self.APP_METADATA['data_directory']]
dirs_str = ' '.join(dirs)
cmd = '{bin} {dirs_str} -type f -name "*binarycookies"'.format(bin=self.device.DEVICE_TOOLS['FIND'], dirs_str=dirs_str)
out = self.device.remote_op.command_blocking(cmd)
# No files found
if not out:
self.printer.error("No Binary Cookies files found")
return
# Save list
self.add_issue('Binary Cookies files detected', out, 'INVESTIGATE', None)
# Add data protection class
self.printer.info("Retrieving data protection classes...")
retrieved_files = self.device.app.get_dataprotection(out)
# Analysis
self.printer.info("The following Binary Cookies files have been found:")
if self.options['analyze']:
# Show Menu
remote_name = choose_from_list_data_protection(retrieved_files)
local_name = self.device.app.convert_path_to_filename(remote_name, self.APP_METADATA)
# Save it locally and analyze it
self.save_file(remote_name, local_name, analyze=True)
else:
# Only list files, do not prompt the user
choose_from_list_data_protection(retrieved_files, choose=False)
# Dump all
if self.options['dump_all']:
self.printer.notify('Dumping all Binary Cookies files...')
for fname in out:
remote_name = Utils.escape_path(fname)
# Convert the path to a valid filename
local_name = self.device.app.convert_path_to_filename(fname, self.APP_METADATA)
# Save it locally
self.save_file(remote_name, local_name)
def module_run(self):
self.printer.info("Looking for Binary Cookies files...")
# Compose cmd string
dirs = [
self.APP_METADATA['bundle_directory'],
self.APP_METADATA['data_directory']
]
dirs_str = ' '.join(dirs)
cmd = '{bin} {dirs_str} -type f -name "*binarycookies"'.format(
bin=self.device.DEVICE_TOOLS['FIND'], dirs_str=dirs_str)
out = self.device.remote_op.command_blocking(cmd)
# No files found
if not out:
self.printer.info("No Binary Cookies files found")
return
# Add data protection class
self.printer.info("Retrieving data protection classes...")
retrieved_files = self.device.app.get_dataprotection(out)
# Show Menu
self.printer.info(
"The following Binary Cookies files have been found:")
if self.options['analyze']:
option = choose_from_list_data_protection(retrieved_files)
# Pull file
fname = Utils.extract_filename_from_path(option)
temp_file = self.local_op.build_temp_path_for_file(self, fname)
self.device.pull(option, temp_file)
# Analyze it with BinaryCookieReader
cmd = 'python {bin} {temp_file}'.format(
bin=self.TOOLS_LOCAL['BINARYCOOKIEREADER'],
temp_file=temp_file)
self.local_op.command_interactive(cmd)
# Delete file
self.local_op.delete_temp_file(self, fname)
else:
# Only list files, do not prompt the user
choose_from_list_data_protection(retrieved_files, choose=False)
def module_run(self):
self.printer.info("Looking for Plist files...")
# Compose cmd string
dirs = [
self.APP_METADATA['bundle_directory'],
self.APP_METADATA['data_directory']
]
dirs_str = ' '.join(dirs)
cmd = '{bin} {dirs_str} -type f -name "*.plist"'.format(
bin=self.device.DEVICE_TOOLS['FIND'], dirs_str=dirs_str)
out = self.device.remote_op.command_blocking(cmd)
# No files found
if not out:
self.printer.info("No Plist files found")
return
# Add data protection class
self.printer.info("Retrieving data protection classes...")
retrieved_files = self.device.app.get_dataprotection(out)
# Show Menu
self.printer.info("The following Plist files have been found:")
if self.options['analyze']:
option = choose_from_list_data_protection(retrieved_files)
# Run plutil
self.printer.info("Dumping content of the file")
pl = self.device.remote_op.parse_plist(option)
pl = dict(pl)
# Print & Save to file
outfile = self.options['output'] if self.options['output'] else None
self.print_cmd_output(pl, outfile)
else:
# Only list files, do not prompt the user
choose_from_list_data_protection(retrieved_files, choose=False)