From 4d7f27b078a8a2a0a9cd63f74c6331f9b3ffa307 Mon Sep 17 00:00:00 2001 From: Johann POLEWCZYK Date: Tue, 21 Jan 2025 21:59:06 +0100 Subject: [PATCH] Update appleMapsGroup.py for lava output --- scripts/artifacts/appleMapsGroup.py | 69 +++++++++++++---------------- 1 file changed, 30 insertions(+), 39 deletions(-) diff --git a/scripts/artifacts/appleMapsGroup.py b/scripts/artifacts/appleMapsGroup.py index 87bfd18f..26f60c3f 100644 --- a/scripts/artifacts/appleMapsGroup.py +++ b/scripts/artifacts/appleMapsGroup.py @@ -1,17 +1,30 @@ -import plistlib -import blackboxprotobuf -import scripts.artifacts.artGlobals - -from scripts.artifact_report import ArtifactHtmlReport -from scripts.ilapfuncs import logfunc, logdevinfo, tsv, is_platform_windows +__artifacts_v2__ = { + "appleMapsGroup": { + "name": "Apple Maps Group", + "description": "", + "author": "@AlexisBrignoni", + "creation_date": "2020-08-03", + "last_update_date": "2025-01-21", + "requirements": "none", + "category": "Locations", + "notes": "", + "paths": ('*/Shared/AppGroup/*/Library/Preferences/group.com.apple.Maps.plist',), + "output_types": ["html", "tsv", "lava"], + "artifact_icon": "map-pin" + } +} +import blackboxprotobuf +from scripts.ilapfuncs import artifact_processor, get_file_path, get_plist_file_content -def get_appleMapsGroup(files_found, report_folder, seeker, wrap_text, timezone_offset): - versionnum = 0 - file_found = str(files_found[0]) +@artifact_processor +def appleMapsGroup(files_found, report_folder, seeker, wrap_text, timezone_offset): + source_path = get_file_path(files_found, "group.com.apple.Maps.plist") + data_list = [] - with open(file_found, 'rb') as f: - deserialized_plist = plistlib.load(f) + pl = get_plist_file_content(source_path) + maps_activity = pl.get('MapsActivity', None) + if maps_activity: types = {'1': {'type': 'message', 'message_typedef': {'1': {'type': 'int', 'name': ''}, '2': {'type': 'int', 'name': ''}, @@ -25,32 +38,10 @@ def get_appleMapsGroup(files_found, report_folder, seeker, wrap_text, timezone_o '7': {'type': 'int', 'name': ''}}, 'name': ''} } - try: - internal_deserialized_plist, di = blackboxprotobuf.decode_message((deserialized_plist['MapsActivity']),types) - - latitude =(internal_deserialized_plist['1']['5']['Latitude']) - longitude =(internal_deserialized_plist['1']['5']['Longitude']) - - data_list = [] - data_list.append((latitude, longitude)) - report = ArtifactHtmlReport('Apple Maps Group') - report.start_artifact_report(report_folder, 'Apple Maps Group') - report.add_script() - data_headers = ('Latitude','Longitude' ) - report.write_artifact_data_table(data_headers, data_list, file_found) - report.end_artifact_report() - - tsvname = 'Apple Maps Group' - tsv(report_folder, data_headers, data_list, tsvname) - except: - logfunc('No data in Apple Maps Group') - -__artifacts__ = { - "applemapsgroup": ( - "Locations", - ('**/Shared/AppGroup/*/Library/Preferences/group.com.apple.Maps.plist'), - get_appleMapsGroup) -} - + internal_deserialized_plist, di = blackboxprotobuf.decode_message(maps_activity, types) + latitude = (internal_deserialized_plist['1']['5']['Latitude']) + longitude = (internal_deserialized_plist['1']['5']['Longitude']) + data_list.append((latitude, longitude)) - \ No newline at end of file + data_headers = ('Latitude', 'Longitude') + return data_headers, data_list, source_path