Skip to content

Commit

Permalink
Merge pull request #920 from Johann-PLW/main
Browse files Browse the repository at this point in the history 
Update modules for lava output
  • Loading branch information
@Johann-PLW
Johann-PLW authored Nov 10, 2024
2 parents 980b43a + 016177c commit d6117c5
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 62 deletions.
64 changes: 30 additions & 34 deletions scripts/artifacts/imeiImsi.py
View file
Original file line number Diff line number Diff line change
@@ -1,60 +1,56 @@
import datetime
import os
import plistlib
__artifacts_v2__ = {
"imeiImsi": {
"name": "IMEI - IMSI",
"description": "Extracts Cellular information",
"author": "@AlexisBrignoni",
"version": "0.2",
"date": "2023-10-03",
"requirements": "none",
"category": "Identifiers",
"notes": "",
"paths": ('*/wireless/Library/Preferences/com.apple.commcenter.plist'),
"output_types": ["html", "tsv", "lava"]
}
}

from scripts.artifact_report import ArtifactHtmlReport
from scripts.ilapfuncs import logfunc, logdevinfo, tsv, is_platform_windows

def get_imeiImsi(files_found, report_folder, seeker, wrap_text, timezone_offset):
import plistlib
from scripts.ilapfuncs import artifact_processor, logfunc, device_info

@artifact_processor
def imeiImsi(files_found, report_folder, seeker, wrap_text, timezone_offset):
data_list = []
file_found = str(files_found[0])
with open(file_found, "rb") as fp:
source_path = str(files_found[0])

with open(source_path, "rb") as fp:
pl = plistlib.load(fp)
for key, val in pl.items():

if key == 'PersonalWallet':
val = (list(val.values())[0])
lastgoodimsi = val['CarrierEntitlements']['lastGoodImsi']
data_list.append(('Last Good IMSI', lastgoodimsi))
logdevinfo(f"<b>Last Good IMSI: </b>{lastgoodimsi}")
device_info("Cellular", "Last Good IMSI", lastgoodimsi, source_path)

selfregitrationupdateimsi = val['CarrierEntitlements']['kEntitlementsSelfRegistrationUpdateImsi']
data_list.append(('Self Registration Update IMSI', selfregitrationupdateimsi))
logdevinfo(f"<b>Self Registration Update IMSI: </b>{selfregitrationupdateimsi}")
device_info("Cellular", "Self Registration Update IMSI", selfregitrationupdateimsi, source_path)

selfregistrationupdateimei = val['CarrierEntitlements']['kEntitlementsSelfRegistrationUpdateImei']
data_list.append(('Self Registration Update IMEI', selfregistrationupdateimei))
logdevinfo(f"<b>Self Registration Update IMEI: </b>{selfregistrationupdateimei}")
device_info("Cellular", "Self Registration Update IMEI", selfregistrationupdateimei, source_path)

elif key == 'LastKnownICCI':
lastknownicci = val
data_list.append(('Last Known ICCI', lastknownicci))
logdevinfo(f"<b>Last Known ICCI: </b>{lastknownicci}")
device_info("Cellular", "Last Known ICCI", lastknownicci, source_path)

elif key == 'PhoneNumber':
phonenumber = val
data_list.append(('Phone Number', val))
logdevinfo(f"<b>Phone Number: </b>{val}")
device_info("Cellular", "Phone Number", val, source_path)

else:
data_list.append((key, val ))

if len(data_list) > 0:
report = ArtifactHtmlReport('IMEI - IMSI')
report.start_artifact_report(report_folder, 'IMEI - IMSI')
report.add_script()
data_headers = ('Key','Values' )
report.write_artifact_data_table(data_headers, data_list, file_found)
report.end_artifact_report()

tsvname = 'IMEI - IMSI'
tsv(report_folder, data_headers, data_list, tsvname)
else:
logfunc('No IMEI - IMSI data in com.apple.commcenter.plist')

__artifacts__ = {
"imeiImsi": (
"Identifiers",
('*/wireless/Library/Preferences/com.apple.commcenter.plist'),
get_imeiImsi)
}

data_headers = ('Property', 'Property Value' )
return data_headers, data_list, source_path
54 changes: 26 additions & 28 deletions scripts/artifacts/timezoneInfo.py
View file
Original file line number Diff line number Diff line change
@@ -1,45 +1,43 @@
from datetime import datetime
import os
__artifacts_v2__ = {
"timezoneInfo": {
"name": "Timezone Information",
"description": "Timezone Information",
"author": "@AlexisBrignoni",
"version": "0.2",
"date": "2023-10-03",
"requirements": "none",
"category": "Identifiers",
"notes": "",
"paths": ('*/mobile/Library/Preferences/com.apple.AppStore.plist',),
"output_types": ["html", "tsv", "lava"]
}
}


import plistlib

from scripts.artifact_report import ArtifactHtmlReport
from scripts.ilapfuncs import logfunc, logdevinfo, tsv, is_platform_windows, webkit_timestampsconv
from scripts.ilapfuncs import artifact_processor, device_info, webkit_timestampsconv

def get_timezoneInfo(files_found, report_folder, seeker, wrap_text, timezone_offset):
@artifact_processor
def timezoneInfo(files_found, report_folder, seeker, wrap_text, timezone_offset):
data_list = []
file_found = str(files_found[0])
with open(file_found, "rb") as fp:
source_path = str(files_found[0])

with open(source_path, "rb") as fp:
pl = plistlib.load(fp)
for key, val in pl.items():

if key == 'lastBootstrapTimeZone':
data_list.append(('lastBootstrapTimeZone', val))
logdevinfo(f"<b>Last Bootstrap Timezone: </b>{val}")
device_info("Settings", "Last Bootstrap Timezone", val, source_path)

elif key == 'lastBootstrapDate':
times = webkit_timestampsconv(val)
data_list.append(('lastBootstrapDate', times))
logdevinfo(f"<b>Last Bootstrap Date: </b>{times}")
device_info("Device Information", "Last Bootstrap Date", times, source_path)

else:
data_list.append((key, val ))

if len(data_list) > 0:
report = ArtifactHtmlReport('Timezone Information')
report.start_artifact_report(report_folder, 'Timezone Information')
report.add_script()
data_headers = ('Key','Values' )
report.write_artifact_data_table(data_headers, data_list, file_found)
report.end_artifact_report()

tsvname = 'Timezone Information'
tsv(report_folder, data_headers, data_list, tsvname)
else:
logfunc('No Timezone Information in com.apple.AppStore.plist')

__artifacts__ = {
"timezoneInfo": (
"Identifiers",
('*/mobile/Library/Preferences/com.apple.AppStore.plist'),
get_timezoneInfo)
}
data_headers = ('Property','Property Value' )
return data_headers, data_list, source_path

0 comments on commit d6117c5

Please sign in to comment.