def get_celWireless(files_found, report_folder, seeker):
data_list = []
for filepath in files_found:
basename = os.path.basename(filepath)
if (basename == "com.apple.commcenter.device_specific_nobackup.plist"
or basename == "com.apple.commcenter.plist"):
p = open(filepath, "rb")
plist = plistlib.load(p)
for key, val in plist.items():
data_list.append((key, val, filepath))
if key == "ReportedPhoneNumber":
logdevinfo(f"Reported Phone Number: {val}")
if key == "CDMANetworkPhoneNumberICCID":
logdevinfo(f"CDMA Network Phone Number ICCID: {val}")
if key == "imei":
logdevinfo(f"IMEI: {val}")
if key == "LastKnownICCID":
logdevinfo(f"Last Known ICCID: {val}")
if key == "meid":
logdevinfo(f"MEID: {val}")
location = 'see source field'
report = ArtifactHtmlReport('Cellular Wireless')
report.start_artifact_report(report_folder, 'Cellular Wireless')
report.add_script()
data_headers = ('Key', 'Values', 'Source')
report.write_artifact_data_table(data_headers, data_list, location)
report.end_artifact_report()
tsvname = 'Cellular Wireless'
tsv(report_folder, data_headers, data_list, tsvname)
def get_iTunesBackupInfo(files_found, report_folder, seeker):
versionnum = 0
data_list = []
file_found = str(files_found[0])
with open(file_found, "rb") as fp:
pl = plistlib.load(fp)
for key, val in pl.items():
if isinstance(val, str) or isinstance(val, int) or isinstance(
val, datetime.datetime):
data_list.append((key, val))
if key in ('Build Version', 'Device Name', 'ICCID', 'IMEI',
'Last Backup Date', 'MEID', 'Phone Number',
'Product Name', 'Product Type', 'Product Version',
'Serial Number'):
logdevinfo(f"{key}: {val}")
if key == ('Product Version'):
scripts.artifacts.artGlobals.versionf = val
logfunc(f"iOS version: {val}")
elif key == "Installed Applications":
data_list.append((key, ', '.join(val)))
report = ArtifactHtmlReport('iTunes Backup')
report.start_artifact_report(report_folder, 'iTunes Backup Information')
report.add_script()
data_headers = ('Key', 'Values')
report.write_artifact_data_table(data_headers, data_list, file_found)
report.end_artifact_report()
tsvname = 'iTunes Backup'
tsv(report_folder, data_headers, data_list, tsvname)
def get_factory_reset(files_found, report_folder, seeker, wrap_text):
for file_found in files_found:
file_found = str(file_found)
if not file_found.endswith('factory_reset'):
continue # Skip all other files
data_list = []
file_name = 'factory_reset'
modTimesinceEpoc = os.path.getmtime(file_found)
reset_time = time.strftime('%Y-%m-%d %H:%M:%S', time.gmtime(modTimesinceEpoc))
logdevinfo(f"Factory Reset Timestamp: {reset_time}")
data_list.append((reset_time, file_name))
if data_list:
report = ArtifactHtmlReport('Factory Reset')
report.start_artifact_report(report_folder, 'Factory Reset')
report.add_script()
data_headers = ('Timestamp', 'File Name')
report.write_artifact_data_table(data_headers, data_list, file_found)
report.end_artifact_report()
tsvname = f'Factory Reset'
tsv(report_folder, data_headers, data_list, tsvname)
tlactivity = f'Factory Reset'
timeline(report_folder, tlactivity, data_list, data_headers)
else:
logfunc('No Factory Reset data available')
def get_appleWifiPlist(files_found, report_folder, seeker):
data_list = []
for file_found in files_found:
file_found = str(file_found)
with open(file_found, 'rb') as f:
deserialized = plistlib.load(f)
if 'KeepWiFiPoweredAirplaneMode' in deserialized:
val = (deserialized['KeepWiFiPoweredAirplaneMode'])
logdevinfo(f"Keep Wifi Powered Airplane Mode: {val}")
length = len(deserialized['List of known networks'])
for x in range(length):
knownnetworks = deserialized['List of known networks'][x]
if 'SSID_STR' in knownnetworks:
ssid = (knownnetworks['SSID_STR'])
else:
ssid = ''
if 'BSSID' in knownnetworks:
bss = (knownnetworks['BSSID'])
else:
bss = ''
if 'lastUpdated' in knownnetworks:
lu = (knownnetworks['lastUpdated'])
else:
lu = ''
if 'lastAutoJoined' in knownnetworks:
laj = (knownnetworks['lastAutoJoined'])
else:
laj = ''
if 'WiFiNetworkPasswordModificationDate' in knownnetworks:
wnpmd = (
knownnetworks['WiFiNetworkPasswordModificationDate'])
else:
wnpmd = ''
alldata = (deserialized['List of known networks'][x])
data_list.append((laj, ssid, bss, lu, wnpmd, alldata))
if len(data_list) > 0:
description = 'WiFi known networks data. Dates are taken straight from the source plist.'
report = ArtifactHtmlReport('Locations')
report.start_artifact_report(report_folder, 'WiFi Known Networks',
description)
report.add_script()
data_headers = ('Last Auto Joined', 'SSID', 'BSSID', 'Last Updated',
'WiFi Network Password Modification Date', 'All Data')
report.write_artifact_data_table(data_headers, data_list, file_found)
report.end_artifact_report()
tsvname = 'WiFi Known Networks'
tsv(report_folder, data_headers, data_list, tsvname)
tlactivity = 'WiFi Known Networks'
timeline(report_folder, tlactivity, data_list, data_headers)
def get_dataArk(files_found, report_folder, seeker):
data_list = []
file_found = str(files_found[0])
with open(file_found, "rb") as fp:
pl = plistlib.load(fp)
for key, val in pl.items():
data_list.append((key, val))
if key == "-DeviceName":
logdevinfo(f"Device name: {val}")
if key == "-TimeZone":
logdevinfo(f"Timezone per Data Ark: {val}")
if key == "com.apple.iTunes.backup-LastBackupComputerName":
logdevinfo(f"Last backup computer name: {val}")
if key == ("com.apple.iTunes.backup-LastBackupComputerType"):
logdevinfo(f"Last backup computer type: {val}")
report = ArtifactHtmlReport('Data Ark')
report.start_artifact_report(report_folder, 'Data Ark')
report.add_script()
data_headers = ('Key', 'Values')
report.write_artifact_data_table(data_headers, data_list, file_found)
report.end_artifact_report()
tsvname = 'Data Ark'
tsv(report_folder, data_headers, data_list, tsvname)
def get_deviceActivator(files_found, report_folder, seeker):
data_list = []
alllines = ''
file_found = str(files_found[0])
with open(file_found, 'r') as f_in:
for line in f_in:
line = line.strip()
alllines = alllines + line
found = re.findall(
'<key>ActivationInfoXML</key><data>(.*)</data><key>RKCertification</key><data>',
alllines)
base64_message = found[0]
data = base64.b64decode(base64_message)
outpath = os.path.join(report_folder, "results.xml")
with open(outpath, 'wb') as f_out:
f_out.write(data)
xmlfile = outpath
tree = ET.parse(xmlfile)
root = tree.getroot()
for elem in root:
for elemx in elem:
for elemz in elemx:
data_list.append(str(elemz.text).strip())
it = iter(data_list)
results = list(zip(it, it))
for x in results:
if x[0] == 'EthernetMacAddress':
logdevinfo(f"Ethernet Mac Address: {x[1]}")
if x[0] == 'BluetoothAddress':
logdevinfo(f"Bluetooth Address: {x[1]}")
if x[0] == 'WifiAddress':
logdevinfo(f"Wifi Address: {x[1]}")
if x[0] == 'ModelNumber':
logdevinfo(f"Model Number: {x[1]}")
if len(results) > 0:
report = ArtifactHtmlReport('iOS Device Activator Data')
report.start_artifact_report(report_folder,
'iOS Device Activator Data')
report.add_script()
data_headers = ('Key', 'Values')
report.write_artifact_data_table(data_headers, results, file_found)
report.end_artifact_report()
tsvname = 'iOS Device Activator Data'
tsv(report_folder, data_headers, results, tsvname)
else:
logfunc('No iOS Device Activator Data')
def process_ssecure(file_path, uid, report_folder):
if (checkabx(file_path)):
multi_root = True
tree = abxread(file_path, multi_root)
root = tree.getroot()
else:
try:
tree = ET.parse(file_path)
root = tree.getroot()
except ET.ParseError: # Fix for android 11 invalid XML file (no root element present)
with open(file_path) as f:
xml = f.read()
root = ET.fromstring(
re.sub(r"(<\?xml[^>]+\?>)", r"\1<root>", xml) + "</root>")
data_list = []
for setting in root.iter('setting'):
nme = setting.get('name')
val = setting.get('value')
if nme == 'bluetooth_name':
data_list.append((nme, val))
logdevinfo(f"Bluetooth name: {val}")
elif nme == 'mock_location':
data_list.append((nme, val))
elif nme == 'android_id':
data_list.append((nme, val))
elif nme == 'bluetooth_address':
data_list.append((nme, val))
logdevinfo(f"Bluetooth address: {val}")
if len(data_list) > 0:
report = ArtifactHtmlReport('Settings Secure')
report.start_artifact_report(report_folder, f'Settings_Secure_{uid}')
report.add_script()
data_headers = ('Name', 'Value')
report.write_artifact_data_table(data_headers, data_list, file_path)
report.end_artifact_report()
tsvname = f'settings secure'
tsv(report_folder, data_headers, data_list, tsvname)
else:
logfunc('No Settings Secure data available')
def get_lastBuild(files_found, report_folder, seeker):
versionnum = 0
data_list = []
file_found = str(files_found[0])
with open(file_found, "rb") as fp:
pl = plistlib.load(fp)
for key, val in pl.items():
data_list.append((key, val))
if key == ("ProductVersion"):
#ilapfuncs.globalvars()
scripts.artifacts.artGlobals.versionf = val
logfunc(f"iOS version: {val}")
logdevinfo(f"iOS version: {val}")
if key == "ProductBuildVersion":
logdevinfo(f"ProductBuildVersion: {val}")
if key == ("ProductName"):
logfunc(f"Product: {val}")
logdevinfo(f"Product: {val}")
report = ArtifactHtmlReport('iOS Build')
report.start_artifact_report(report_folder, 'Build Information')
report.add_script()
data_headers = ('Key','Values' )
report.write_artifact_data_table(data_headers, data_list, file_found)
report.end_artifact_report()
tsvname = 'Last Build'
tsv(report_folder, data_headers, data_list, tsvname)
def get_build(files_found, report_folder, seeker, wrap_text):
data_list = []
Androidversion = scripts.artifacts.artGlobals.versionf
file_found = str(files_found[0])
with open(file_found, "r") as f:
for line in f:
splits = line.split('=')
if splits[0] == 'ro.product.vendor.manufacturer':
key = 'Manufacturer'
value = splits[1]
logdevinfo(f"Manufacturer: {value}")
elif splits[0] == 'ro.product.vendor.brand':
key = 'Brand'
value = splits[1]
logdevinfo(f"Brand: {value}")
data_list.append((key, value))
elif splits[0] == 'ro.product.vendor.model':
key = 'Model'
value = splits[1]
logdevinfo(f"Model: {value}")
data_list.append((key, value))
elif splits[0] == 'ro.product.vendor.device':
key = 'Device'
value = splits[1]
logdevinfo(f"Device: {value}")
data_list.append((key, value))
elif splits[0] == 'ro.vendor.build.version.release':
key = 'Android Version'
value = splits[1]
if Androidversion == 0:
scripts.artifacts.artGlobals.versionf = value
logfunc(f"Android version per build.props: {value}")
logdevinfo(f"Android version per build.props: {value}")
data_list.append((key, value))
elif splits[0] == 'ro.vendor.build.version.sdk':
key = 'SDK'
value = splits[1]
logdevinfo(f"SDK: {value}")
data_list.append((key, value))
elif splits[0] == 'ro.system.build.version.release':
key = ''
value = splits[1]
logdevinfo(f"Version release: {value}")
data_list.append((key, value))
elif splits[0] == 'ro.system.build.version.release':
key = ''
value = splits[1]
data_list.append((key, value))
itemqty = len(data_list)
if itemqty > 0:
report = ArtifactHtmlReport('Build Info')
report.start_artifact_report(report_folder, f'Build Info')
report.add_script()
data_headers = ('Key', 'Value')
report.write_artifact_data_table(data_headers, data_list, file_found)
report.end_artifact_report()
tsvname = f'Build Info'
tsv(report_folder, data_headers, data_list, tsvname)
else:
logfunc(f'No Build Info data available')
def get_appleWifiPlist(files_found, report_folder, seeker):
known_data_list = []
scanned_data_list = []
known_files = []
scanned_files = []
for file_found in files_found:
file_found = str(file_found)
with open(file_found, 'rb') as f:
deserialized = plistlib.load(f)
if 'KeepWiFiPoweredAirplaneMode' in deserialized:
val = (deserialized['KeepWiFiPoweredAirplaneMode'])
logdevinfo(f"Keep Wifi Powered Airplane Mode: {val}")
if 'List of known networks' in deserialized:
known_files.append(file_found)
for known_network in deserialized['List of known networks']:
ssid = ''
bssid = ''
last_updated = ''
last_auto_joined = ''
wnpmd = ''
net_usage = ''
country_code = ''
device_name = ''
manufacturer = ''
serial_number = ''
model_name = ''
enabled = ''
last_joined = ''
add_reason = ''
carplay = ''
bundle = ''
system_joined = ''
user_joined = ''
if 'SSID_STR' in known_network:
ssid = str(known_network['SSID_STR'])
if 'BSSID' in known_network:
bssid = str(known_network['BSSID'])
if 'networkUsage' in known_network:
net_usage = str(known_network['networkUsage'])
if '80211D_IE' in known_network:
if 'IE_KEY_80211D_COUNTRY_CODE' in known_network[
'80211D_IE']:
country_code = str(known_network['80211D_IE']
['IE_KEY_80211D_COUNTRY_CODE'])
if 'lastUpdated' in known_network:
last_updated = str(known_network['lastUpdated'])
if 'lastAutoJoined' in known_network:
last_auto_joined = str(known_network['lastAutoJoined'])
if 'lastJoined' in known_network:
last_joined = str(known_network['lastJoined'])
if 'WiFiNetworkPasswordModificationDate' in known_network:
wnpmd = str(known_network[
'WiFiNetworkPasswordModificationDate'])
if 'enabled' in known_network:
enabled = str(known_network['enabled'])
if 'WPS_PROB_RESP_IE' in known_network:
if 'IE_KEY_WPS_DEV_NAME' in known_network[
'WPS_PROB_RESP_IE']:
device_name = known_network['WPS_PROB_RESP_IE'][
'IE_KEY_WPS_DEV_NAME']
if 'IE_KEY_WPS_MANUFACTURER' in known_network[
'WPS_PROB_RESP_IE']:
manufacturer = known_network['WPS_PROB_RESP_IE'][
'IE_KEY_WPS_MANUFACTURER']
if 'IE_KEY_WPS_SERIAL_NUM' in known_network[
'WPS_PROB_RESP_IE']:
serial_number = known_network['WPS_PROB_RESP_IE'][
'IE_KEY_WPS_SERIAL_NUM']
if 'IE_KEY_WPS_MODEL_NAME' in known_network[
'WPS_PROB_RESP_IE']:
model_name = known_network['WPS_PROB_RESP_IE'][
'IE_KEY_WPS_MODEL_NAME']
if 'CARPLAY_NETWORK' in known_network:
carplay = str(known_network['CARPLAY_NETWORK'])
known_data_list.append([
ssid, bssid, net_usage, country_code, device_name,
manufacturer, serial_number, model_name, last_joined,
last_auto_joined, system_joined, user_joined,
last_updated, enabled, wnpmd, carplay, add_reason,
bundle, file_found
])
if 'com.apple.wifi.known-networks.plist' in file_found:
known_files.append(file_found)
for network_key in deserialized:
known_network = deserialized[network_key]
ssid = ''
bssid = ''
last_updated = ''
last_auto_joined = ''
wnpmd = ''
net_usage = ''
country_code = ''
device_name = ''
manufacturer = ''
serial_number = ''
model_name = ''
enabled = ''
last_joined = ''
add_reason = ''
bundle = ''
system_joined = ''
user_joined = ''
if 'SSID' in known_network:
ssid = str(known_network['SSID'])
if 'AddReason' in known_network:
add_reason = str(known_network['AddReason'])
if 'UpdatedAt' in known_network:
last_updated = str(known_network['UpdatedAt'])
if 'JoinedBySystemAt' in known_network:
system_joined = str(known_network['JoinedBySystemAt'])
if 'JoinedByUserAt' in known_network:
user_joined = str(known_network['JoinedByUserAt'])
if 'BundleID' in known_network:
bundle = str(known_network['BundleID'])
if '__OSSpecific__' in known_network:
if 'BSSID' in known_network['__OSSpecific__']:
bssid = str(
known_network['__OSSpecific__']['BSSID'])
if 'networkUsage' in known_network['__OSSpecific__']:
net_usage = str(known_network['__OSSpecific__']
['networkUsage'])
if 'WiFiNetworkPasswordModificationDate' in known_network[
'__OSSpecific__']:
wnpmd = str(
known_network['__OSSpecific__']
['WiFiNetworkPasswordModificationDate'])
if 'CARPLAY_NETWORK' in known_network[
'__OSSpecific__']:
carplay = str(known_network['__OSSpecific__']
['CARPLAY_NETWORK'])
known_data_list.append([
ssid, bssid, net_usage, country_code, device_name,
manufacturer, serial_number, model_name, last_joined,
last_auto_joined, system_joined, user_joined,
last_updated, enabled, wnpmd, carplay, add_reason,
bundle, file_found
])
if 'List of scanned networks with private mac' in deserialized:
scanned_files.append(file_found)
for scanned_network in deserialized[
'List of scanned networks with private mac']:
ssid = ''
bssid = ''
last_updated = ''
last_joined = ''
private_mac_in_use = ''
private_mac_value = ''
private_mac_valid = ''
added_at = ''
in_known_networks = ''
if 'SSID_STR' in scanned_network:
ssid = str(scanned_network['SSID_STR'])
if 'BSSID' in scanned_network:
bssid = str(scanned_network['BSSID'])
if 'lastUpdated' in scanned_network:
last_updated = str(scanned_network['lastUpdated'])
if 'lastJoined' in scanned_network:
last_joined = str(scanned_network['lastJoined'])
if 'addedAt' in scanned_network:
added_at = str(scanned_network['addedAt'])
if 'PresentInKnownNetworks' in scanned_network:
in_known_networks = str(
scanned_network['PresentInKnownNetworks'])
if 'PRIVATE_MAC_ADDRESS' in scanned_network:
if 'PRIVATE_MAC_ADDRESS_IN_USE' in scanned_network[
'PRIVATE_MAC_ADDRESS']:
private_mac_in_use = str(
_bytes_to_mac_address(
scanned_network['PRIVATE_MAC_ADDRESS']
['PRIVATE_MAC_ADDRESS_IN_USE']))
if 'PRIVATE_MAC_ADDRESS_VALUE' in scanned_network[
'PRIVATE_MAC_ADDRESS']:
private_mac_value = str(
_bytes_to_mac_address(
scanned_network['PRIVATE_MAC_ADDRESS']
['PRIVATE_MAC_ADDRESS_VALUE']))
if 'PRIVATE_MAC_ADDRESS_VALID' in scanned_network[
'PRIVATE_MAC_ADDRESS']:
private_mac_valid = str(
scanned_network['PRIVATE_MAC_ADDRESS']
['PRIVATE_MAC_ADDRESS_VALID'])
scanned_data_list.append([
ssid, bssid, added_at, last_joined, last_updated,
private_mac_in_use, private_mac_value,
private_mac_valid, in_known_networks, file_found
])
if len(known_data_list) > 0:
description = 'WiFi known networks data. Dates are taken straight from the source plist.'
report = ArtifactHtmlReport('Locations')
report.start_artifact_report(report_folder, 'WiFi Known Networks',
description)
report.add_script()
data_headers = [
'SSID', 'BSSID', 'Network Usage', 'Country Code', 'Device Name',
'Manufacturer', 'Serial Number', 'Model Name', 'Last Joined',
'Last Auto Joined', 'System Joined', 'User Joined', 'Last Updated',
'Enabled', 'WiFi Network Password Modification Date',
'Carplay Network', 'Add Reason', 'Bundle ID', 'File'
]
report.write_artifact_data_table(data_headers, known_data_list,
', '.join(known_files))
report.end_artifact_report()
tsvname = 'WiFi Known Networks'
tsv(report_folder, data_headers, known_data_list, tsvname)
tlactivity = 'WiFi Known Networks'
timeline(report_folder, tlactivity, known_data_list, data_headers)
if len(scanned_data_list) > 0:
description = 'WiFi networks scanned while using fake ("private") MAC address. Dates are taken straight from the source plist.'
report = ArtifactHtmlReport('Locations')
report.start_artifact_report(report_folder,
'WiFi Networks Scanned (private)',
description)
report.add_script()
data_headers = [
'SSID', 'BSSID', 'Added At', 'Last Joined', 'Last Updated',
'MAC Used For Network', 'Private MAC Computed For Network',
'MAC Valid', 'In Known Networks', 'File'
]
report.write_artifact_data_table(data_headers, scanned_data_list,
', '.join(scanned_files))
report.end_artifact_report()
tsvname = 'WiFi Networks Scanned (private)'
tsv(report_folder, data_headers, scanned_data_list, tsvname)
tlactivity = 'WiFi Networks Scanned (private)'
timeline(report_folder, tlactivity, scanned_data_list, data_headers)
def get_wifiConfigstore(files_found, report_folder, seeker, wrap_text):
data_list = []
for file_found in files_found:
file_found = str(file_found)
if file_found.endswith('WifiConfigStore.xml'):
#check if file is abx
if (checkabx(file_found)):
multi_root = False
tree = abxread(file_found, multi_root)
else:
tree = ET.parse(file_found)
root = tree.getroot()
for elem in root.iter():
if elem.attrib.get('name') is not None:
if elem.text is not None:
data_list.append((elem.attrib.get('name'), elem.text))
elif elem.attrib.get('value') is not None:
data_list.append((elem.attrib.get('name'),
elem.attrib.get('value')))
if (elem.attrib.get('name')) == 'RandomizedMacAddress':
logdevinfo(f'Randomized MAC Address: {elem.text}')
if (elem.attrib.get('name')
) == 'wifi_sta_factory_mac_address':
logdevinfo(f'WIFI Factory MAC Address: {elem.text}')
if (elem.attrib.get('name')) == 'DefaultGwMacAddress':
logdevinfo(f'Default Gw MAC Address: {elem.text}')
if (elem.attrib.get('name')) == 'ConfigKey':
splitted = elem.text.split('"')
logdevinfo(f'Config Key: {splitted[1]}')
logdevinfo(f'Protocol: {splitted[2]}')
if (elem.attrib.get('name')) == 'SSID':
splitted = elem.text.split('"')
logdevinfo(f'SSID: {splitted[1]}')
if (elem.attrib.get('name')) == 'PreSharedKey':
splitted = elem.text.split('"')
logdevinfo(f'Pre-Shared Key: {splitted[1]}')
if (elem.attrib.get('name')) == 'LastConnectedTime':
timestamp = datetime.datetime.fromtimestamp(
int(elem.attrib.get("value")) /
1000).strftime('%Y-%m-%d %H:%M:%S.%f')
logdevinfo(f'WIFI Last Connected Time: {timestamp}')
if data_list:
report = ArtifactHtmlReport('Wifi Configuration Store.xml')
report.start_artifact_report(report_folder,
'Wifi Configuration Store')
report.add_script()
data_headers = ('Key', 'Value')
report.write_artifact_data_table(data_headers, data_list,
file_found)
report.end_artifact_report()
tsvname = f'Wifi Configuration Store data'
tsv(report_folder, data_headers, data_list, tsvname)
tlactivity = f'Wifi Configuration Store data'
timeline(report_folder, tlactivity, data_list, data_headers)
else:
logfunc('No Wifi Configuration Store data available')
def get_usagestatsVersion(files_found, report_folder, seeker, wrap_text):
data_list = []
file_found = str(files_found[0])
with open(file_found, "r") as f:
for line in f:
splits = line.split(';')
totalvalues = len(splits)
if totalvalues == 3:
logfunc(f"Android version {str(splits[0])}")
logdevinfo(f"Android version per Usagestats: {splits[0]}")
scripts.artifacts.artGlobals.versionf = splits[0]
data_list.append(('Android Version', splits[0]))
logdevinfo(f"Codename per Usagestats: {splits[1]}")
data_list.append(('Codename', splits[1]))
logdevinfo(f"Build version per Usagestats: {splits[2]}")
data_list.append(('Build version', splits[2]))
if totalvalues == 5:
logfunc(f"Android version {str(splits[0])}")
scripts.artifacts.artGlobals.versionf = splits[0]
logdevinfo(f"Android version per Usagestats: {splits[0]}")
data_list.append(('Android Version', splits[0]))
logdevinfo(f"Codename per Usagestats: {splits[1]}")
data_list.append(('Codename', splits[1]))
logdevinfo(f"Country Specific Code per Usagestats: {splits[3]}")
data_list.append(('Country Specific Code', splits[3]))
logdevinfo(f"Build version per Usagestats: {splits[2]}")
data_list.append(('Build Version', splits[2]))
if len(data_list) > 0:
report = ArtifactHtmlReport('OS Version')
report.start_artifact_report(report_folder, f'OS Version')
report.add_script()
data_headers = ('Key', 'Value')
report.write_artifact_data_table(data_headers, data_list, file_found)
report.end_artifact_report()
tsvname = f'OS Version'
tsv(report_folder, data_headers, data_list, tsvname)
else:
logfunc(f'No OS Version file available')
def process_siminfo(folder, uid, report_folder):
#Query to create report
db = open_sqlite_db_readonly(folder)
cursor = db.cursor()
#Query to create report
try:
cursor.execute('''
SELECT
number,
imsi,
display_name,
carrier_name,
iso_country_code,
carrier_id,
icc_id
FROM
siminfo
''')
except:
cursor.execute('''
SELECT
number,
card_id,
display_name,
carrier_name,
carrier_name,
carrier_name,
icc_id
FROM
siminfo
''')
all_rows = cursor.fetchall()
usageentries = len(all_rows)
if usageentries > 0:
report = ArtifactHtmlReport('Device Info')
report.start_artifact_report(report_folder, f'SIM_info_{uid}')
report.add_script()
data_headers = ('Number', 'IMSI', 'Display Name', 'Carrier Name',
'ISO Code', 'Carrier ID', 'ICC ID')
data_list = []
for row in all_rows:
if row[3] == row[4]:
row1 = ''
row4 = ''
row5 = ''
else:
row1 = row[1]
row4 = row[4]
row5 = row[5]
data_list.append(
(row[0], row1, row[2], row[3], row4, row5, row[6]))
logdevinfo(f"SIM Number & IMSI: {row[0]} - {row1}")
logdevinfo(f"SIM Display Name: {row[2]}")
report.write_artifact_data_table(data_headers, data_list, folder)
report.end_artifact_report()
tsvname = f'Sim info {uid}'
tsv(report_folder, data_headers, data_list, tsvname)
else:
logfunc(f'No SIM_Info{uid} data available')
db.close()
