forked from Flo354/iOSForensic
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpackage.py
147 lines (122 loc) · 4.65 KB
/
package.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#!/usr/bin/python
# -*- coding: utf8 -*-
from subprocess import Popen, PIPE, STDOUT
import os
import sys
import datetime
import time
import fnmatch
import magic
from general import *
class Package():
def __init__(self, ip, port, password, package, verbose):
self.package = package
self.appname = False
self.verbose = verbose
self.basepath = "/var/mobile/Applications/"
self.basecmd = "sshpass -p " + password + " "
self.basesshcmd = self.basecmd + "ssh root@" + ip + " -p " + port + " "
self.basescpcmd = self.basecmd + "scp -r -v -P " + port + " root@" + ip + ":" + self.basepath
def find(self):
cmd = self.basesshcmd + "find -L " + self.basepath + " -iname *" + self.package + "*.app -type d -prune"
process = Popen(cmd.split(), stderr=STDOUT, stdout=PIPE)
stdout, stderr = process.communicate()
if stdout == "":
return False
else:
return stdout.replace(self.basepath, "").split()
def extract(self):
self.appname = self.package.split("/", 1)[1].replace(".app", "")
self.package = self.package.split("/", 1)[0]
self.createDirectories()
if self.verbose: print ""
self.getDatas()
if self.verbose: print ""
self.getSQL()
if self.verbose: print ""
self.getPlist()
if self.verbose: print ""
self.getLogs()
return True
def createDirectories(self):
try:
self.path = "output/"+ self.appname
if os.path.exists (self.path):
self.path = "output/"+ self.appname +"-"+ datetime.datetime.fromtimestamp(time.time()).strftime('%Y%m%d%H%M%S')
self.pathData = self.path + "/data"
self.pathSQL = self.path + "/SQL"
self.pathPlist = self.path + "/plist"
if not self.verbose:
print "Creating directories..."
if self.verbose:
print "Creating directory : " + self.pathData
os.makedirs(self.pathData)
if self.verbose:
print "Creating directory : "+ self.pathSQL
os.makedirs(self.pathSQL)
if self.verbose:
print "Creating directory : "+ self.pathPlist
os.makedirs(self.pathPlist)
except OSError as e:
print "Folder " + e.filename +" not created"
print "Exception : "+ e.strerror
def getDatas(self):
print "Downloading datas..."
cmd = self.basescpcmd + "/" + self.package + "/* " + self.pathData
process = Popen(cmd.split(), stderr=STDOUT, stdout=PIPE)
if self.verbose:
printVerbose (process)
else:
process.communicate()
def getSQL(self):
print "Finding databases files..."
mime = magic.Magic()
for root, dirnames, filenames in os.walk(self.pathData):
for filename in fnmatch.filter(filenames, "*"):
try:
typeFile = mime.from_file(root +"/"+ filename)
if typeFile is not None and typeFile.find("SQLite", 0, 6) is not -1:
if self.verbose:
print "Database found : "+ root +"/"+ filename
os.makedirs(self.pathSQL + "/" + filename)
cmd = "sqlite3 "+ root +"/"+ filename +" .tables"
process = Popen(cmd.split(), stderr=STDOUT, stdout=PIPE)
stdout, stderr = process.communicate()
cmd = "sqlite3 "+ root +"/"+ filename
process = Popen(cmd.split(), stderr=STDOUT, stdout=PIPE, stdin=PIPE)
process.stdin.write(".headers on\n")
process.stdin.write(".mode csv\n")
for table in stdout.split():
if self.verbose:
print "\tExtracting table : "+ table
process.stdin.write(".output "+ self.pathSQL +"/"+ filename +"/"+ table +".csv\n")
process.stdin.write("select * from "+ table +";\n")
process.stdin.write(".quit\n")
stdout, stderr = process.communicate()
except IOError:
continue
except OSError as e:
print "Folder " + e.filename +" not created"
print "Exception : "+ e.strerror
def getPlist(self):
print "Decompressing plist files"
mime = magic.Magic()
for root, dirnames, filenames in os.walk(self.pathData):
for filename in fnmatch.filter(filenames, "*.plist"):
try:
if self.verbose:
print "Plist file found : "+ root +"/"+ filename
if not os.path.isdir(self.pathPlist + "/" + root.replace(self.pathData, "")):
os.makedirs(self.pathPlist + "/" + root.replace(self.pathData, ""))
cmd = "plistutil -i " + root + "/" + filename + " -o " + self.pathPlist + "/" + root.replace(self.pathData, "") + "/" + filename
process = Popen(cmd.split(), stderr=STDOUT, stdout=PIPE)
stdout, stderr = process.communicate()
except IOError:
continue
except OSError as e:
print "Folder " + e.filename +" not created"
print "Exception : "+ e.strerror
def getLogs(self):
print "Getting logs"
cmd = self.basesshcmd + "grep -Ei \"" + self.appname + "\[[0-9]{1,4}\]: \" /var/log/syslog"
writeResultToFile(cmd, self.path + "/logs", self.verbose)