Choose script output

analyzer.py

@@ -9,14 +9,14 @@
 from modules import packages
 
 class Analyzer:
-    def __init__(self, folder):
+    def __init__(self, folder, report_folder):
         self.folder = folder
         self.dumps = Utils.list_files(folder, ".tar.gz")
         self.internal_path = None
         self.external_path = None
         self.app_id = self.app_id_parser()
 
-        self.report_path = os.path.join(Utils.get_base_path_folder(), "report")
+        self.report_path = os.path.join(report_folder, "report")
 
         Utils.check_and_generate_folder(self.report_path)
 
@@ -33,7 +33,7 @@ def app_id_parser(self):
         return app_id
 
     def generate_report(self):
-        report_name = "Report_{}".format(Utils.get_current_time())
+        # report_name = "Report_{}".format(Utils.get_current_time())
 
         module_file = packages.get(self.app_id)
 
@@ -42,6 +42,6 @@ def generate_report(self):
             return None
 
         m = __import__("modules.{}".format(module_file), fromlist=[None])
-        module = m.Module(self.internal_path, self.external_path, report_name)
+        module = m.Module(self.internal_path, self.external_path, self.report_path)
 
         module.generate_report()

modules/tiktok.py

@@ -13,13 +13,14 @@
 
 class Module:
     #module super in future
-    def __init__(self, internal_path, external_path, report_name):
+    def __init__(self, internal_path, external_path, report_path):
         print("[Tiktok] Module loaded")
-        self.report_name = report_name
+        # self.report_name = report_name
         self.internal_path = internal_path
         self.external_path = external_path
 
-        self.report_path = os.path.join(Utils.get_base_path_folder(), "report", self.report_name)
+        # self.report_path = os.path.join(report_path, "report", self.report_name)
+        self.report_path = report_path
         Utils.check_and_generate_folder(self.report_path)
 
         self.internal_cache_path = os.path.join(self.report_path, "Contents", "internal")

psy/ingest.py

@@ -19,6 +19,8 @@
 from org.sleuthkit.autopsy.casemodule.services import Services
 from org.sleuthkit.autopsy.casemodule.services import FileManager
 from org.sleuthkit.autopsy.casemodule.services import Blackboard
+from shutil import copyfile
+
 
 from analyzer import Analyzer
 # from start import start
@@ -209,35 +211,59 @@ def startUp(self, context):
 
 
     def process(self, dataSource, progressBar):
-        analyzer = Analyzer("C:\\Users\\X541\\Documents\\GitHub\\TikTok\\dumps\\20200331_224317")
-        analyzer.generate_report()
+        # analyzer = Analyzer("C:\\Users\\josef\\Documents\\GitHub\\TikTok\\dumps\\20200401_191957")
+        # analyzer.generate_report()
 
         progressBar.switchToIndeterminate()
         self.blackboard = Case.getCurrentCase().getServices().getBlackboard()
         fileManager = Case.getCurrentCase().getServices().getFileManager()
-        files = fileManager.findFiles(dataSource, "Report.json")
-        numFiles = len(files)
-        progressBar.switchToDeterminate(numFiles)
+        # files = fileManager.findFiles(dataSource, "Report.json")
+        # progressBar.switchToDeterminate(1)
         fileCount = 0
 
-        # com.zhiliaoapp.musically --path "path..." --adb
-        # localDir = os.path.join(Case.getCurrentCase().getTempDirectory(), "extract")
-
-        # class Args:
-        #     def __init__(self, adb):
-        #         self.adb = adb
-        #         self.app = "com.zhiliaoapp.musically"
-        #         self.path = localDir
-
-        # args = Args(True)      
-        # start(args)
-
+        app_name = "com.zhiliaoapp.musically"
+        internal = app_name + "_internal.tar.gz"
+        external = app_name + "_external.tar.gz"
+
+        os.makedirs(os.path.join(Case.getCurrentCase().getTempDirectory(), app_name))
 
 
+        # analyzer = Analyzer("C:\\Users\\josef\\Documents\\GitHub\\TikTok\\dumps\\20200401_191957")
+        # analyzer.generate_report()
+
+        internal_files = fileManager.findFiles(dataSource, internal)
+        external_files = fileManager.findFiles(dataSource, external)
+
+        lclInternalPath = os.path.join(Case.getCurrentCase().getTempDirectory(),app_name, str(internal_files[0].getName()) + internal)
+        lclExternalPath = os.path.join(Case.getCurrentCase().getTempDirectory(),app_name, str(external_files[0].getName()) + external)        
+
+        ContentUtils.writeToFile(external_files[0], File(lclExternalPath))
+        ContentUtils.writeToFile(internal_files[0], File(lclInternalPath))
+
+        analyzer = Analyzer(os.path.join(Case.getCurrentCase().getTempDirectory(),app_name), os.path.join(Case.getCurrentCase().getTempDirectory(),app_name))
+        analyzer.generate_report()
 
+        # ContentUtils.writeToFile("Report.json", File(os.path.join(Case.getCurrentCase().getTempDirectory(),app_name, "report")))
 
+        # files = fileManager.findFiles(os.path.join(Case.getCurrentCase().getTempDirectory(),app_name, "report"), "Report.json")
+        self.log(Level.INFO,str(os.path.join(Case.getCurrentCase().getTempDirectory(),app_name, "report")))
+
+        f = File(os.path.join(Case.getCurrentCase().getTempDirectory(),app_name, "report"), "Report.json")
+
+        ContentUtils.writeToFile(f, File(os.path.join(Case.getCurrentCase().getTempDirectory(),app_name, "report"), "Report.json"))
+
+        # numFiles = len(files)
+        # progressBar.switchToDeterminate(numFiles)
+        files = fileManager.findFiles(os.path.join(Case.getCurrentCase().getTempDirectory(),app_name, "report"), "Report.json")
+        self.log(Level.INFO, self.moduleName + " TOU MESMO QUASSE A ENTRAR")
         for file in files:
 
+            lclDbPath = os.path.join(Case.getCurrentCase().getTempDirectory(), str(file.getId()) + ".json")
+
+            ContentUtils.writeToFile(file, File(lclDbPath))
+
+            self.log(Level.INFO, "ENTREIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII")
+
             # Check if the user pressed cancel while we were busy
             if self.context.isJobCancelled():
                 return IngestModule.ProcessResult.OK
@@ -274,18 +300,76 @@ def process(self, dataSource, progressBar):
             self.process_user_profile(user_profile, file)
             self.process_users(profiles, file)
             self.process_searches(searches, file)
-            #self.process_undark(unkdark_ouput, file)
-            
+            self.process_undark(unkdark_ouput, file)
+
 
-
+        
 
 
 
             # Clean up
             # stmt.close()
             # dbConn.close()
-            json_file.close()
+        json_file.close()
             # os.remove(lclReportPath)
+
+
+
+
+
+
+
+        # inicio
+        # for file in files:
+
+        #     # Check if the user pressed cancel while we were busy
+        #     if self.context.isJobCancelled():
+        #         return IngestModule.ProcessResult.OK
+
+        #     self.log(Level.INFO, self.moduleName + " Processing file: " + file.getName())
+        #     fileCount += 1
+
+        #     # Save the DB locally in the temp folder. use file id as name to reduce collisions
+        #     lclReportPath = os.path.join(Case.getCurrentCase().getTempDirectory(), str(file.getId()) + ".json")
+        #     ContentUtils.writeToFile(file, File(lclReportPath))
+
+        #     data ={}        
+        #     try: 
+        #         # open file~
+        #         with open(lclReportPath) as json_file:
+        #             data = json.load(json_file)
+        #     except Exception as e:
+        #         return IngestModule.ProcessResult.OK
+
+        #     # Query the contacts table in the database and get all columns. 
+        #     try:
+        #         # get info
+        #         messages = data["messages"]
+        #         user_profile = data["profile"]
+        #         profiles = data["users"]
+        #         searches = data["searches"]
+        #         unkdark_ouput = data["freespace"]
+        #     except Exception as e:
+        #         message = IngestMessage.createMessage(IngestMessage.MessageType.DATA, "TikTok", "Report file with wrong structure")
+        #         IngestServices.getInstance().postMessage(message)
+        #         return IngestModule.ProcessResult.OK
+
+        #     self.process_messages(messages, file)
+        #     self.process_user_profile(user_profile, file)
+        #     self.process_users(profiles, file)
+        #     self.process_searches(searches, file)
+        #     self.process_undark(unkdark_ouput, file)
+        # fim
+
+
+
+
+
+        #     # Clean up
+        #     # stmt.close()
+        #     # dbConn.close()
+        #     json_file.close()
+        #     # os.remove(lclReportPath)
 
 
 

start.py

@@ -26,9 +26,13 @@ def start(args):
 
     if args.adb:
         folders.extend(extract.dump_from_adb(args.app))
+
+    if not args.output:
+        args.output = Utils.get_base_path_folder()
+
 
     for folder in folders:
-        analyzer = Analyzer(folder)
+        analyzer = Analyzer(folder, args.output)
         analyzer.generate_report()
 
     print("[App] Done")
@@ -46,6 +50,7 @@ def start(args):
     parser.add_argument('app', help='Application ID to be analyzed <com.application.example>')
     parser.add_argument('-d', '--dump', help='Analyze specific(s) dump(s) <20200307_215555 ...>', nargs='+', required = False)
     parser.add_argument('-p', '--path', help='Dump app data in path (mount or folder structure)', required = False)
+    parser.add_argument('-o', '--output', help='Report output path folder', required = False)
     parser.add_argument('-a', '--adb', action='store_true', help='Dump app data directly from device with ADB', required = False)
     args = parser.parse_args()
 

utils.py

@@ -10,6 +10,7 @@
 import tarfile
 import json
 import time
+import re
 
 #from meaning.meaning import Meaning
 
@@ -92,10 +93,12 @@ def export_columns_from_database(folder_path):
 
     @staticmethod
     def safe_members(members): #used to clean : in folders
+
+
+
         for finfo in members:
-            if ':' in finfo.name:
-                continue
-            else:
+            if re.sub('[<>:|?*"]', "", finfo.name) == str(finfo.name):
+                print(finfo.name)
                 yield finfo
 
     @staticmethod
@@ -154,25 +157,25 @@ def replace_slash_platform(path):
 
     @staticmethod
     def get_adb_location():
-        if Utils.get_platform().startswith("windows"):
+        if platform.system() == "Windows":
             return os.path.join(Utils.get_base_path_folder(), "dependencies", "windows", "adb.exe")
-        elif Utils.get_platform().startswith("darwin"):
+        elif platform.system() == "darwin":
             return os.path.join(Utils.get_base_path_folder(), "dependencies", "mac", "adb")
         else:
             return os.path.join(Utils.get_base_path_folder(), "dependencies", "linux", "adb")
 
     @staticmethod
     def get_undark_location():
-        if Utils.get_platform().startswith("windows"):
+        if platform.system() == "Windows":
             return os.path.join(Utils.get_base_path_folder(), "dependencies", "windows", "undark.exe")
-        elif Utils.get_platform().startswith("darwin"):
+        elif platform.system() == "darwin":
             return os.path.join(Utils.get_base_path_folder(), "dependencies", "mac", "undark")
         else:
-            return os.path.join(Utils.get_base_path_folder(), "dependencies", "linux", "undark")
+            return os.path.join(Utils.get_base_path_folder(), "dependencies", "windows", "undark.exe")
 
     @staticmethod
     def get_base64_location():
-        if Utils.get_platform().startswith("windows"):
+        if platform.system() == "Windows":
             return os.path.join(Utils.get_base_path_folder(), "dependencies", "windows", "base64.exe")
         else:
             return "base64"