diff --git a/InternalPythonModules/android/fbmessenger.py b/InternalPythonModules/android/fbmessenger.py index 8d4c2671c9..2957bc7a94 100644 --- a/InternalPythonModules/android/fbmessenger.py +++ b/InternalPythonModules/android/fbmessenger.py @@ -20,6 +20,7 @@ limitations under the License. from java.io import File from java.lang import Class from java.lang import ClassNotFoundException +from java.lang import IllegalArgumentException from java.lang import Long from java.lang import String from java.sql import ResultSet @@ -105,7 +106,7 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer): self._MESSAGE_TYPE = "Facebook Messenger" self._VERSION = "239.0.0.41" ## FB version number. Did not find independent version number in FB Messenger - self.selfAccountAddress = None + self.selfAccountId = None self.current_case = None ## Analyze contacts @@ -121,13 +122,13 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer): ## The device owner's FB account details can be found in the contacts table in a row with added_time_ms of 0. selfAccountResultSet = contactsDb.runQuery("SELECT fbid, display_name FROM contacts WHERE added_time_ms = 0") if selfAccountResultSet: - if not self.selfAccountAddress: - self.selfAccountAddress = Account.Address(selfAccountResultSet.getString("fbid"), selfAccountResultSet.getString("display_name")) + if not self.selfAccountId: + self.selfAccountId = selfAccountResultSet.getString("fbid") - if self.selfAccountAddress is not None: + if self.selfAccountId is not None: contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), self._MODULE_NAME, contactsDb.getDBFile(), - Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountAddress ) + Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId ) else: contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), self._MODULE_NAME, contactsDb.getDBFile(), @@ -138,14 +139,15 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer): if contactsResultSet is not None: while contactsResultSet.next(): fbid = contactsResultSet.getString("fbid") - contactAddress = Account.Address(contactsResultSet.getString("fbid"), contactsResultSet.getString("display_name")) + contactName = contactsResultSet.getString("display_name") dateCreated = contactsResultSet.getLong("added_time_ms") / 1000 ## create additional attributes for contact. additionalAttributes = ArrayList(); + additionalAttributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ID, self._MODULE_NAME, fbid)) additionalAttributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED, self._MODULE_NAME, dateCreated)) - contactsDBHelper.addContact( contactAddress, ## contact account + contactsDBHelper.addContact( contactName, ## contact name "", ## phone "", ## home phone "", ## mobile @@ -156,8 +158,11 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer): self._logger.log(Level.WARNING, "Error processing query result for account", ex) self._logger.log(Level.WARNING, traceback.format_exc()) except TskCoreException as ex: - self._logger.log(Level.SEVERE, "Failed to add Facebook Messenger contact artifacts.", ex) + self._logger.log(Level.SEVERE, "Failed to add FB Messenger contact artifacts.", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) + except IllegalArgumentException as ex: + self._logger.log(Level.WARNING, "Invalid arguments for FB Messenger contact artifact.", ex) + self._logger.log(Level.WARNING, traceback.format_exc()) except BlackboardException as ex: self._logger.log(Level.WARNING, "Failed to post artifacts.", ex) self._logger.log(Level.WARNING, traceback.format_exc()) @@ -167,24 +172,23 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer): ## Adds a recipient to given list - def addRecipientToList(self, user_key, name, fromAddress, recipientList): + def addRecipientToList(self, user_key, fromId, recipientList): if user_key is not None: recipientId = user_key.replace('FACEBOOK:', '') - toAddress = Account.Address(recipientId, name) # ensure sender, if known, isn't added to recipientList. - if (fromAddress and fromAddress.getUniqueID() != toAddress.getUniqueID()) or (not fromAddress) : + if (fromId and (fromId != recipientId)) or (not fromId) : # add recipient to list - recipientList.append(toAddress) + recipientList.append(recipientId) ## Analyze messages def analyzeMessages(self, dataSource, fileManager, context): threadsDbs = AppSQLiteDB.findAppDatabases(dataSource, "threads_db2", True, self._FB_MESSENGER_PACKAGE_NAME) for threadsDb in threadsDbs: try: - if self.selfAccountAddress is not None: + if self.selfAccountId is not None: threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), self._MODULE_NAME, threadsDb.getDBFile(), - Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountAddress ) + Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId ) else: threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), self._MODULE_NAME, threadsDb.getDBFile(), @@ -210,8 +214,8 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer): oldMsgId = None direction = CommunicationDirection.UNKNOWN - fromAddress = None - recipientAddressList = None + fromId = None + recipientIdsList = None timeStamp = -1 msgText = "" threadId = "" @@ -226,8 +230,8 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer): messageArtifact = threadsDBHelper.addMessage( self._MESSAGE_TYPE, direction, - fromAddress, - recipientAddressList, + fromId, + recipientIdsList, timeStamp, MessageReadStatus.UNKNOWN, "", # subject @@ -237,25 +241,25 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer): oldMsgId = msgId # New message - collect all attributes - recipientAddressList = [] + recipientIdsList = [] - ## get sender address by parsing JSON in sender column + ## get sender id by parsing JSON in sender column senderJsonStr = messagesResultSet.getString("sender") if senderJsonStr is not None: sender_dict = json.loads(senderJsonStr) senderId = sender_dict['user_key'] senderId = senderId.replace('FACEBOOK:', '') senderName = sender_dict['name'] - fromAddress = Account.Address(senderId, senderName) - if senderId == self.selfAccountAddress.getUniqueID(): + fromId = senderId + if senderId == self.selfAccountId: direction = CommunicationDirection.OUTGOING else: direction = CommunicationDirection.INCOMING # Get recipient and add to list - self.addRecipientToList(messagesResultSet.getString("user_key"), messagesResultSet.getString("name"), - fromAddress, recipientAddressList) + self.addRecipientToList(messagesResultSet.getString("user_key"), + fromId, recipientIdsList) timeStamp = messagesResultSet.getLong("timestamp_ms") / 1000 @@ -271,16 +275,16 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer): threadId = messagesResultSet.getString("thread_key") else: # same msgId as last, just collect recipient from current row - self.addRecipientToList(messagesResultSet.getString("user_key"), messagesResultSet.getString("name"), - fromAddress, recipientAddressList) + self.addRecipientToList(messagesResultSet.getString("user_key"), + fromId, recipientIdsList) # at the end of the loop, add last message messageArtifact = threadsDBHelper.addMessage( self._MESSAGE_TYPE, direction, - fromAddress, - recipientAddressList, + fromId, + recipientIdsList, timeStamp, MessageReadStatus.UNKNOWN, "", # subject @@ -293,6 +297,9 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer): except TskCoreException as ex: self._logger.log(Level.SEVERE, "Failed to add FB Messenger message artifacts.", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) + except IllegalArgumentException as ex: + self._logger.log(Level.WARNING, "Invalid arguments for FB Messenger message artifact.", ex) + self._logger.log(Level.WARNING, traceback.format_exc()) except BlackboardException as ex: self._logger.log(Level.WARNING, "Failed to post artifacts.", ex) self._logger.log(Level.WARNING, traceback.format_exc()) diff --git a/InternalPythonModules/android/imo.py b/InternalPythonModules/android/imo.py index 5abdb748f5..f731e90418 100644 --- a/InternalPythonModules/android/imo.py +++ b/InternalPythonModules/android/imo.py @@ -20,6 +20,7 @@ limitations under the License. from java.io import File from java.lang import Class from java.lang import ClassNotFoundException +from java.lang import IllegalArgumentException from java.lang import Long from java.lang import String from java.sql import ResultSet @@ -77,7 +78,7 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer): self._VERSION = "9.8.0" def analyze(self, dataSource, fileManager, context): - selfAccountAddress = None + selfAccountId = None accountDbs = AppSQLiteDB.findAppDatabases(dataSource, "accountdb.db", True, self._PACKAGE_NAME) for accountDb in accountDbs: try: @@ -86,8 +87,8 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer): # We can determine the IMO user ID of the device owner. # Therefore we can create and use a app account and use that # as a 'self' account instead of a Device account - if not selfAccountAddress: - selfAccountAddress = Account.Address(accountResultSet.getString("uid"), accountResultSet.getString("name")) + if not selfAccountId: + selfAccountId = accountResultSet.getString("uid") except SQLException as ex: self._logger.log(Level.WARNING, "Error processing query result for account", ex) @@ -99,26 +100,32 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer): for friendsDb in friendsDbs: try: current_case = Case.getCurrentCaseThrows() - if selfAccountAddress is not None: + if selfAccountId is not None: friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, friendsDb.getDBFile(), - Account.Type.IMO, Account.Type.IMO, selfAccountAddress ) + Account.Type.IMO, Account.Type.IMO, selfAccountId ) else: friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, friendsDb.getDBFile(), - Account.Type.IMO - ) + Account.Type.IMO ) contactsResultSet = friendsDb.runQuery("SELECT buid, name FROM friends") if contactsResultSet is not None: while contactsResultSet.next(): - contactAddress = Account.Address(contactsResultSet.getString("buid"), contactsResultSet.getString("name")) - friendsDBHelper.addContact( contactAddress, ## contact address + contactId = contactsResultSet.getString("buid") + + ## add a TSK_ID attribute with contact's IMO Id + additionalAttributes = ArrayList() + additionalAttributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ID, self._PARSER_NAME, contactId)) + + friendsDBHelper.addContact( contactsResultSet.getString("name"), ## contact name "", ## phone "", ## home phone "", ## mobile - "") ## email + "", ## email + additionalAttributes) + queryString = """ SELECT messages.buid AS buid, imdata, last_message, timestamp, message_type, message_read, name FROM messages @@ -128,17 +135,17 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer): if messagesResultSet is not None: while messagesResultSet.next(): direction = "" - fromAddress = None - toAddress = None + fromId = None + toId = None name = messagesResultSet.getString("name") uniqueId = messagesResultSet.getString("buid") if (messagesResultSet.getInt("message_type") == 1): direction = CommunicationDirection.INCOMING - fromAddress = Account.Address(uniqueId, name) + fromId = uniqueId else: direction = CommunicationDirection.OUTGOING - toAddress = Account.Address(uniqueId, name) + toId = uniqueId message_read = messagesResultSet.getInt("message_read") @@ -155,8 +162,8 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer): messageArtifact = friendsDBHelper.addMessage( self._MESSAGE_TYPE, direction, - fromAddress, - toAddress, + fromId, + toId, timeStamp, msgReadStatus, "", # subject @@ -173,6 +180,9 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer): except TskCoreException as ex: self._logger.log(Level.SEVERE, "Failed to add IMO message artifacts.", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) + except IllegalArgumentException as ex: + self._logger.log(Level.WARNING, "Invalid arguments for IMO artifact.", ex) + self._logger.log(Level.WARNING, traceback.format_exc()) except BlackboardException as ex: self._logger.log(Level.WARNING, "Failed to post artifacts.", ex) self._logger.log(Level.WARNING, traceback.format_exc()) diff --git a/InternalPythonModules/android/operabrowser.py b/InternalPythonModules/android/operabrowser.py index 7f3e7cc63b..f1f90b9f04 100644 --- a/InternalPythonModules/android/operabrowser.py +++ b/InternalPythonModules/android/operabrowser.py @@ -155,9 +155,9 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer): if downloadsResultSet is not None: while downloadsResultSet.next(): startTime = historyResultSet.getLong("start_time") / 1000000 - 11644473600 #Webkit time format - downloadsDbHelper.addWebDownload( downloadsResultSet.getString("target_path"), + downloadsDbHelper.addWebDownload( downloadsResultSet.getString("url"), startTime, - downloadsResultSet.getString("url"), + downloadsResultSet.getString("target_path"), self._PROGRAM_NAME) except SQLException as ex: diff --git a/InternalPythonModules/android/sbrowser.py b/InternalPythonModules/android/sbrowser.py index 0ce6824823..41e9790c5b 100644 --- a/InternalPythonModules/android/sbrowser.py +++ b/InternalPythonModules/android/sbrowser.py @@ -181,9 +181,9 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): if downloadsResultSet is not None: while downloadsResultSet.next(): startTime = historyResultSet.getLong("start_time") / 1000000 - 11644473600 # Webkit time - downloadsDbHelper.addWebDownload( downloadsResultSet.getString("target_path"), + downloadsDbHelper.addWebDownload( downloadsResultSet.getString("url"), startTime, - downloadsResultSet.getString("url"), + downloadsResultSet.getString("target_path"), self._PROGRAM_NAME) except SQLException as ex: diff --git a/InternalPythonModules/android/shareit.py b/InternalPythonModules/android/shareit.py index 64251fbf11..e93c0d9ccc 100644 --- a/InternalPythonModules/android/shareit.py +++ b/InternalPythonModules/android/shareit.py @@ -20,6 +20,7 @@ limitations under the License. from java.io import File from java.lang import Class from java.lang import ClassNotFoundException +from java.lang import IllegalArgumentException from java.lang import Long from java.lang import String from java.sql import ResultSet @@ -94,15 +95,15 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer): if historyResultSet is not None: while historyResultSet.next(): direction = "" - fromAddress = None - toAddress = None + fromId = None + toId = None if (historyResultSet.getInt("history_type") == 1): direction = CommunicationDirection.INCOMING - fromAddress = Account.Address(historyResultSet.getString("device_id"), historyResultSet.getString("device_name") ) + fromId = historyResultSet.getString("device_id") else: direction = CommunicationDirection.OUTGOING - toAddress = Account.Address(historyResultSet.getString("device_id"), historyResultSet.getString("device_name") ) + toId = historyResultSet.getString("device_id") msgBody = "" # there is no body. attachments = [historyResultSet.getString("file_path")] @@ -112,8 +113,8 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer): messageArtifact = historyDbHelper.addMessage( self._MESSAGE_TYPE, direction, - fromAddress, - toAddress, + fromId, + toId, timeStamp, MessageReadStatus.UNKNOWN, None, # subject @@ -128,6 +129,9 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer): except TskCoreException as ex: self._logger.log(Level.SEVERE, "Failed to create ShareIt message artifacts.", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) + except IllegalArgumentException as ex: + self._logger.log(Level.WARNING, "Invalid arguments for ShareIt message artifact.", ex) + self._logger.log(Level.WARNING, traceback.format_exc()) except BlackboardException as ex: self._logger.log(Level.WARNING, "Failed to post artifacts.", ex) self._logger.log(Level.WARNING, traceback.format_exc()) diff --git a/InternalPythonModules/android/xender.py b/InternalPythonModules/android/xender.py index c0fbcb04a2..fce3052247 100644 --- a/InternalPythonModules/android/xender.py +++ b/InternalPythonModules/android/xender.py @@ -20,6 +20,7 @@ limitations under the License. from java.io import File from java.lang import Class from java.lang import ClassNotFoundException +from java.lang import IllegalArgumentException from java.lang import Long from java.lang import String from java.sql import ResultSet @@ -74,7 +75,7 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer): def analyze(self, dataSource, fileManager, context): - selfAccountAddress = None + selfAccountId = None transactionDbs = AppSQLiteDB.findAppDatabases(dataSource, "trans-history-db", True, self._PACKAGE_NAME) for transactionDb in transactionDbs: try: @@ -83,13 +84,13 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer): profilesResultSet = transactionDb.runQuery("SELECT device_id, nick_name FROM profile WHERE connect_times = 0") if profilesResultSet: while profilesResultSet.next(): - if not selfAccountAddress: - selfAccountAddress = Account.Address(profilesResultSet.getString("device_id"), profilesResultSet.getString("nick_name")) + if not selfAccountId: + selfAccountId = profilesResultSet.getString("device_id") # create artifacts helper - if selfAccountAddress is not None: + if selfAccountId is not None: transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._MODULE_NAME, transactionDb.getDBFile(), - Account.Type.XENDER, Account.Type.XENDER, selfAccountAddress ) + Account.Type.XENDER, Account.Type.XENDER, selfAccountId ) else: transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._MODULE_NAME, transactionDb.getDBFile(), @@ -104,15 +105,15 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer): if messagesResultSet is not None: while messagesResultSet.next(): direction = CommunicationDirection.UNKNOWN - fromAddress = None - toAdddress = None + fromId = None + toId = None if (messagesResultSet.getInt("c_direction") == 1): direction = CommunicationDirection.OUTGOING - toAddress = Account.Address(messagesResultSet.getString("r_device_id"), messagesResultSet.getString("r_name")) + toId = messagesResultSet.getString("r_device_id") else: direction = CommunicationDirection.INCOMING - fromAddress = Account.Address(messagesResultSet.getString("s_device_id"), messagesResultSet.getString("s_name")) + fromId = messagesResultSet.getString("s_device_id") msgBody = "" # there is no body. attachments = [messagesResultSet.getString("f_path")] @@ -122,8 +123,8 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer): messageArtifact = transactionDbHelper.addMessage( self._MESSAGE_TYPE, direction, - fromAddress, - toAddress, + fromId, + toId, timeStamp, MessageReadStatus.UNKNOWN, None, # subject @@ -138,6 +139,9 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer): except TskCoreException as ex: self._logger.log(Level.SEVERE, "Failed to create Xender message artifacts.", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) + except IllegalArgumentException as ex: + self._logger.log(Level.WARNING, "Invalid arguments for Xender message artifact.", ex) + self._logger.log(Level.WARNING, traceback.format_exc()) except BlackboardException as ex: self._logger.log(Level.WARNING, "Failed to post artifacts.", ex) self._logger.log(Level.WARNING, traceback.format_exc()) diff --git a/InternalPythonModules/android/zapya.py b/InternalPythonModules/android/zapya.py index 99672f00de..cafbec5453 100644 --- a/InternalPythonModules/android/zapya.py +++ b/InternalPythonModules/android/zapya.py @@ -20,6 +20,7 @@ limitations under the License. from java.io import File from java.lang import Class from java.lang import ClassNotFoundException +from java.lang import IllegalArgumentException from java.lang import Long from java.lang import String from java.sql import ResultSet @@ -86,15 +87,15 @@ class ZapyaAnalyzer(general.AndroidComponentAnalyzer): if transfersResultSet is not None: while transfersResultSet.next(): direction = CommunicationDirection.UNKNOWN - fromAddress = None - toAddress = None + fromId = None + toId = None if (transfersResultSet.getInt("direction") == 1): direction = CommunicationDirection.OUTGOING - toAddress = Account.Address(transfersResultSet.getString("device"), transfersResultSet.getString("name") ) + toId = transfersResultSet.getString("device") else: direction = CommunicationDirection.INCOMING - fromAddress = Account.Address(transfersResultSet.getString("device"), transfersResultSet.getString("name") ) + fromId = transfersResultSet.getString("device") msgBody = "" # there is no body. attachments = [transfersResultSet.getString("path")] @@ -104,8 +105,8 @@ class ZapyaAnalyzer(general.AndroidComponentAnalyzer): messageArtifact = transferDbHelper.addMessage( self._MESSAGE_TYPE, direction, - fromAddress, - toAddress, + fromId, + toId, timeStamp, MessageReadStatus.UNKNOWN, None, # subject @@ -120,6 +121,9 @@ class ZapyaAnalyzer(general.AndroidComponentAnalyzer): except TskCoreException as ex: self._logger.log(Level.SEVERE, "Failed to create Zapya message artifacts.", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) + except IllegalArgumentException as ex: + self._logger.log(Level.WARNING, "Invalid arguments for Zapya message artifact.", ex) + self._logger.log(Level.WARNING, traceback.format_exc()) except BlackboardException as ex: self._logger.log(Level.WARNING, "Failed to post artifacts.", ex) self._logger.log(Level.WARNING, traceback.format_exc())