-
Notifications
You must be signed in to change notification settings - Fork 167
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #903 from JamesHabben/lava-output
update device_info
- Loading branch information
Showing
13 changed files
with
369 additions
and
35 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
# Device Information Collection | ||
|
||
This document outlines the various device information collected by iLEAPP modules using the `device_info()` and `logdevinfo()` functions. | ||
|
||
> **Note**: The information below is automatically generated by `admin/scripts/device_info_values.py` | ||
## Categories and Sources | ||
|
||
### device_info() Usage | ||
<!-- DEVICE_INFO_START --> | ||
| Category | Label | Source Modules | | ||
|-----------|-------|----------------| | ||
| Advertising Identifier | Apple Advertising Identifier | advertisingID | | ||
| Airdrop | Airdrop ID | airdropId | | ||
| Backup Settings | Cloud Backup Enabled | backupSettings | | ||
| Backup Settings | Last Cloud iTunes Backup Date | backupSettings | | ||
| Backup Settings | Last Cloud iTunes Backup TZ | backupSettings | | ||
| Backup Settings | Last iTunes Backup Date | backupSettings | | ||
| Backup Settings | Last iTunes Backup TZ | backupSettings | | ||
| Device Information | Product | lastBuild | | ||
| Device Information | ProductBuildVersion | lastBuild | | ||
| Device Information | iOS version | lastBuild | | ||
| Settings | Last System Version | appleLocationd | | ||
| Settings | Location Services Enabled | appleLocationd | | ||
| WiFi | Keep Wifi Powered Airplane Mode | appleWifiPlist | | ||
<!-- DEVICE_INFO_END --> | ||
|
||
### logdevinfo() Usage | ||
<!-- LOGDEVINFO_START --> | ||
| Key | Source Modules | | ||
|-----|----------------| | ||
| Bluetooth Address: {x[1]} | deviceActivator | | ||
| BuildID: {val} | Ph99SystemVersionPlist | | ||
| BuildVersion: {val} | Ph100UFEDdevcievaluesplist, Ph99SystemVersionPlist | | ||
| CDMA Network Phone Number ICCID: {val} | celWireless | | ||
| Device Name: {val} | deviceName | | ||
| Device/Computer Name: {computername} | preferencesPlist | | ||
| DeviceName: {val} | Ph100UFEDdevcievaluesplist | | ||
| Ethernet Mac Address: {x[1]} | deviceActivator | | ||
| Find My iPhone Add Time: {addtime} | findMy | | ||
| Find My iPhone: Enabled | findMy | | ||
| HardwareModel: {val} | Ph100UFEDdevcievaluesplist | | ||
| Host Name: {hostname} | preferencesPlist | | ||
| IMEI: {val} | celWireless | | ||
| IMEIs: {imeis} | deviceDatam | | ||
| InternationalMobileEquipmentIdentity: {val} | Ph100UFEDdevcievaluesplist | | ||
| Last Bootstrap Date: {times} | timezoneInfo | | ||
| Last Bootstrap Timezone: {val} | timezoneInfo | | ||
| Last Good IMSI: {lastgoodimsi} | imeiImsi | | ||
| Last Known ICCI: {lastknownicci} | imeiImsi | | ||
| Last Known ICCID: {val} | celWireless | | ||
| MAC Address: {hexstring} - User Defined Name: {userdefinedname} - BSD Name: {bsdname} | wifiIdent | | ||
| MEID: {val} | celWireless | | ||
| Model Number: {x[1]} | deviceActivator | | ||
| Model: {localhostname} | preferencesPlist | | ||
| Model: {val} | preferencesPlist | | ||
| Obliterated Timestamp: {utc_modified_date} | obliterated | | ||
| PasswordProtected: {val} | Ph100UFEDdevcievaluesplist | | ||
| Phone Number: {val} | imeiImsi | | ||
| ProductName: {val} | Ph99SystemVersionPlist | | ||
| ProductType: {val} | Ph100UFEDdevcievaluesplist | | ||
| ReleaseType: {val} | Ph99SystemVersionPlist | | ||
| Reported Phone Number: {val} | celWireless, deviceDatam | | ||
| Self Registration Update IMEI: {selfregistrationupdateimei} | imeiImsi | | ||
| Self Registration Update IMSI: {selfregitrationupdateimsi} | imeiImsi | | ||
| Serial Number: {row[0]} | serialNumber | | ||
| SerialNumber: {val} | Ph100UFEDdevcievaluesplist | | ||
| SystemImageID: {val} | Ph99SystemVersionPlist | | ||
| TimeZone: {val} | Ph100UFEDdevcievaluesplist | | ||
| Timezone Set: {val} | timezoneset | | ||
| UDID: {uid} | carCD | | ||
| Vehicle - Last Connected: {connected} - Last Disconnected: {disconnected} - Type: {contype} | carCD | | ||
| Wifi Address: {x[1]} | deviceActivator | | ||
| com.apple.MobileSMS.plist - Keep Messages for Days (iOS 17+): {val} | messageRetention | | ||
| com.apple.MobileSMS.plist - Keep Messages for Days (iOS {val} | messageRetention | | ||
| com.apple.MobileSMS.plist - Keep Messages for Days: No Value | messageRetention | | ||
| com.apple.mobileSMS.plist - Keep Messages for Days (iOS 17+): {keep_val} | messageRetention | | ||
| com.apple.mobileSMS.plist - Keep Messages for Days (iOS {keep_val} | messageRetention | | ||
| com.apple.mobileSMS.plist - Keep Messages for Days: No Value | messageRetention | | ||
| comapplemobileslideshowplist-PhotosSharedLibrarySyncingIsActive: {val} | Ph80comappleMobileSlideShowPlist | | ||
| comapplemobileslideshowplist-downloadAndKeepOriginals: {val} | Ph80comappleMobileSlideShowPlist | | ||
| comapplepurplebuddyplist-SetupState: {val} | Ph83comapplePurpleBuddyPlist | | ||
| iOS version: {val} | Ph100UFEDdevcievaluesplist, Ph99SystemVersionPlist | | ||
| {base_file} - Keep Message for Days: No Value | messageRetention | | ||
| {base_file} - Keep Messages for Days (iOS 17+): {keep_val} | messageRetention | | ||
| {base_file} - Keep Messages for Days (iOS {keep_val} | messageRetention | | ||
| {info_key}: {value_key} | iTunesBackupInfo | | ||
| {key}: {val} | timezoneset | | ||
<!-- LOGDEVINFO_END --> | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,114 @@ | ||
import os | ||
import re | ||
import ast | ||
from pathlib import Path | ||
|
||
def find_function_calls(file_path, function_name): | ||
""" | ||
Parse a Python file and find all calls to the specified function | ||
Returns a list of tuples containing (category, label) for device_info | ||
or (key) for logdevinfo | ||
""" | ||
with open(file_path, 'r', encoding='utf-8') as f: | ||
content = f.read() | ||
|
||
calls = [] | ||
try: | ||
tree = ast.parse(content) | ||
for node in ast.walk(tree): | ||
if isinstance(node, ast.Call): | ||
if isinstance(node.func, ast.Name) and node.func.id == function_name: | ||
if function_name == 'device_info' and len(node.args) >= 2: | ||
# Get the string values if they're string literals | ||
if isinstance(node.args[0], ast.Constant) and isinstance(node.args[1], ast.Constant): | ||
calls.append((node.args[0].value, node.args[1].value)) | ||
elif function_name == 'logdevinfo' and len(node.args) >= 1: | ||
# For logdevinfo, try to extract the message without HTML tags | ||
if isinstance(node.args[0], (ast.Constant, ast.JoinedStr)): | ||
# Convert the argument to string and strip HTML | ||
arg_str = ast.unparse(node.args[0]) | ||
# Remove f-string prefix if present | ||
arg_str = arg_str.strip('f').strip('"\'') | ||
# Basic HTML tag removal (can be enhanced if needed) | ||
clean_str = re.sub(r'<[^>]+>', '', arg_str) | ||
calls.append((clean_str,)) | ||
except: | ||
# If parsing fails, try regex as fallback | ||
if function_name == 'device_info': | ||
pattern = r'device_info\([\'"]([^\'"]+)[\'"],\s*[\'"]([^\'"]+)[\'"]\s*,' | ||
calls.extend(re.findall(pattern, content)) | ||
else: | ||
# Updated pattern to handle f-strings and HTML tags | ||
pattern = r'logdevinfo\(f?[\'"].*?<b>([^<]+)</b>' | ||
matches = re.findall(pattern, content) | ||
calls.extend([(m.strip(),) for m in matches]) | ||
|
||
return calls | ||
|
||
def generate_markdown(): | ||
script_dir = Path(__file__).parent | ||
root_dir = script_dir.parent.parent | ||
|
||
artifacts_dir = Path( root_dir, 'scripts/artifacts') | ||
device_info_usage = {} | ||
logdevinfo_usage = {} | ||
|
||
# Scan all Python files in artifacts directory | ||
for file_path in artifacts_dir.glob('*.py'): | ||
module_name = file_path.stem | ||
|
||
# Find device_info calls | ||
device_calls = find_function_calls(file_path, 'device_info') | ||
if device_calls: | ||
for category, label in device_calls: | ||
if category not in device_info_usage: | ||
device_info_usage[category] = {} | ||
if label not in device_info_usage[category]: | ||
device_info_usage[category][label] = [] | ||
device_info_usage[category][label].append(module_name) | ||
|
||
# Find logdevinfo calls | ||
log_calls = find_function_calls(file_path, 'logdevinfo') | ||
if log_calls: | ||
for (key,) in log_calls: | ||
if key not in logdevinfo_usage: | ||
logdevinfo_usage[key] = [] | ||
logdevinfo_usage[key].append(module_name) | ||
|
||
# Generate markdown content | ||
device_info_md = "| Category | Label | Source Modules |\n|-----------|-------|----------------|\n" | ||
for category in sorted(device_info_usage.keys()): | ||
for label in sorted(device_info_usage[category].keys()): | ||
modules = ", ".join(sorted(set(device_info_usage[category][label]))) | ||
device_info_md += f"| {category} | {label} | {modules} |\n" | ||
|
||
logdevinfo_md = "| Key | Source Modules |\n|-----|----------------|\n" | ||
for key in sorted(logdevinfo_usage.keys()): | ||
modules = ", ".join(sorted(set(logdevinfo_usage[key]))) | ||
logdevinfo_md += f"| {key} | {modules} |\n" | ||
|
||
# Read the existing markdown file | ||
doc_path = Path( root_dir, 'admin/docs/device_info_values.md') | ||
with open(doc_path, 'r', encoding='utf-8') as f: | ||
content = f.read() | ||
|
||
# Replace the placeholders | ||
content = re.sub( | ||
r'<!-- DEVICE_INFO_START -->.*<!-- DEVICE_INFO_END -->', | ||
f'<!-- DEVICE_INFO_START -->\n{device_info_md}<!-- DEVICE_INFO_END -->', | ||
content, | ||
flags=re.DOTALL | ||
) | ||
content = re.sub( | ||
r'<!-- LOGDEVINFO_START -->.*<!-- LOGDEVINFO_END -->', | ||
f'<!-- LOGDEVINFO_START -->\n{logdevinfo_md}<!-- LOGDEVINFO_END -->', | ||
content, | ||
flags=re.DOTALL | ||
) | ||
|
||
# Write the updated content | ||
with open(doc_path, 'w', encoding='utf-8') as f: | ||
f.write(content) | ||
|
||
if __name__ == '__main__': | ||
generate_markdown() |
Binary file added
BIN
+8.96 KB
admin/test/cases/data/advertisingID/testdata.advertisingID.get_adId.mvs_ios_2023.zip
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
{ | ||
"mvs_ios_2023": { | ||
"description": "", | ||
"maker": "", | ||
"make_data": { | ||
"input_data_path": "/Users/jameshabben/Documents/phone-images/magnet/00008101-0010541A1130001E_files_full-001.zip", | ||
"os": "macOS-15.0-x86_64-i386-64bit", | ||
"timestamp": "2024-10-29T11:06:55.527987", | ||
"last_commit": { | ||
"hash": "809b08c7dac89b2f2bcc7d6692b9981e3cf39913", | ||
"author_name": "Johann Polewczyk", | ||
"author_email": "[email protected]", | ||
"date": "2024-10-17T19:06:04+02:00", | ||
"message": "resolve kml error issue with 'all' in output_types" | ||
} | ||
}, | ||
"artifacts": { | ||
"get_adId": { | ||
"search_patterns": [ | ||
"*/containers/Shared/SystemGroup/*/Library/Caches/com.apple.lsdidentifiers.plist" | ||
], | ||
"file_count": 1, | ||
"expected_output": { | ||
"headers": [], | ||
"data": [] | ||
} | ||
} | ||
}, | ||
"image_name": "mvs_ios_2023" | ||
} | ||
} |
32 changes: 32 additions & 0 deletions
32
admin/test/results/advertisingID/advertisingID.get_adId.mvs_ios_2023.20241029180900.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
{ | ||
"metadata": { | ||
"module_name": "advertisingID", | ||
"artifact_name": "Advertising Identifier", | ||
"function_name": "get_adId", | ||
"case_number": "mvs_ios_2023", | ||
"number_of_columns": 2, | ||
"number_of_rows": 1, | ||
"total_data_size_bytes": 64, | ||
"input_zip_path": "admin/test/cases/data/advertisingID/testdata.advertisingID.get_adId.mvs_ios_2023.zip", | ||
"start_time": "2024-10-29T18:09:00.255342+00:00", | ||
"end_time": "2024-10-29T18:09:00.336795+00:00", | ||
"run_time_seconds": 0.02880382537841797, | ||
"last_commit": { | ||
"hash": "809b08c7dac89b2f2bcc7d6692b9981e3cf39913", | ||
"author_name": "Johann Polewczyk", | ||
"author_email": "[email protected]", | ||
"date": "2024-10-17T19:06:04+02:00", | ||
"message": "resolve kml error issue with 'all' in output_types" | ||
} | ||
}, | ||
"headers": [ | ||
"Identifier", | ||
"Data Value" | ||
], | ||
"data": [ | ||
[ | ||
"Apple Advertising Identifier", | ||
"A07BF489-9C5A-4915-9999-438B0A93D291" | ||
] | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.