diff --git a/LICENSE b/LICENSE index ca39ff9..58305f7 100644 --- a/LICENSE +++ b/LICENSE @@ -18,26 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - -MIT License - -Copyright (c) 2020 Alexis Brignoni - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. +SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md index 77eb5ad..100a53b 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,11 @@ This process is executed in a Linux environment, please adjust the needs due to ``` $ python3 dleapp.py -t -i -o ``` +### GUI + +``` +$ python3 dleappGUI.py +``` ### Help diff --git a/assets/logo.png b/assets/icon.png similarity index 100% rename from assets/logo.png rename to assets/icon.png diff --git a/dleapp.py b/dleapp.py index 469c775..0f2b5c4 100644 --- a/dleapp.py +++ b/dleapp.py @@ -37,7 +37,7 @@ def validate_args(args): raise argparse.ArgumentError(None, 'LEAPP Case Data file not found! Run the program again.') if args.load_profile and not os.path.exists(args.load_profile): - raise argparse.ArgumentError(None, 'ALEAPP Profile file not found! Run the program again.') + raise argparse.ArgumentError(None, 'DLEAPP Profile file not found! Run the program again.') def create_profile(plugins, path): @@ -46,7 +46,7 @@ def create_profile(plugins, path): modules_in_profile = {} user_choice = '' - print('--- ALEAPP Profile file creation ---\n') + print('--- DLEAPP Profile file creation ---\n') instructions = 'You can type:\n' instructions += ' - \'a\' to add or remove modules in the profile file\n' instructions += ' - \'l\' to display the list of all available modules with their number\n' @@ -99,7 +99,7 @@ def create_profile(plugins, path): profile_filename += '.alprofile' filename = os.path.join(path, profile_filename) with open(filename, "wt", encoding="utf-8") as profile_file: - json.dump({"leapp": "aleapp", "format_version": 1, "plugins": modules}, profile_file) + json.dump({"leapp": "dleapp", "format_version": 1, "plugins": modules}, profile_file) print('\nProfile saved:', filename) print() else: @@ -130,7 +130,7 @@ def create_casedata(path): return def main(): - parser = argparse.ArgumentParser(description='ALEAPP: Android Logs, Events, and Protobuf Parser.') + parser = argparse.ArgumentParser(description='DLEAPP: Android Logs, Events, and Protobuf Parser.') parser.add_argument('-t', choices=['fs', 'tar', 'zip', 'gz', 'ewf', 'raw'], required=False, action="store", help=("Specify the input type. " "'fs' for a folder containing extracted files with normal paths and names, " @@ -141,10 +141,10 @@ def main(): parser.add_argument('-i', '--input_path', required=False, action="store", help='Path to input file/folder') parser.add_argument('-w', '--wrap_text', required=False, action="store_false", default=True, help='Do not wrap text for output of data files') - parser.add_argument('-m', '--load_profile', required=False, action="store", help="Path to ALEAPP Profile file (.alprofile).") + parser.add_argument('-m', '--load_profile', required=False, action="store", help="Path to DLEAPP Profile file (.alprofile).") parser.add_argument('-d', '--load_case_data', required=False, action="store", help="Path to LEAPP Case Data file (.lcasedata).") parser.add_argument('-c', '--create_profile_casedata', required=False, action="store", - help=("Generate an ALEAPP Profile file (.alprofile) or LEAPP Case Data file (.lcasedata) into the specified path. " + help=("Generate an DLEAPP Profile file (.alprofile) or LEAPP Case Data file (.lcasedata) into the specified path. " "This argument is meant to be used alone, without any other arguments.")) parser.add_argument('-p', '--artifact_paths', required=False, action="store_true", help=("Generate a text file list of artifact paths. " @@ -199,9 +199,9 @@ def main(): if os.path.isdir(args.create_profile_casedata): create_choice = '' print('-' * 55) - print('Welcome to ALEAPP Profile or Case Data file creation\n') + print('Welcome to DLEAPP Profile or Case Data file creation\n') instructions = 'You can type:\n' - instructions += ' - \'1\' to create an ALEAPP Profile file (.alprofile)\n' + instructions += ' - \'1\' to create an DLEAPP Profile file (.alprofile)\n' instructions += ' - \'2\' to create a LEAPP Case Data file (.lcasedata)\n' instructions += ' - \'q\' to quit\n' while not create_choice: @@ -220,7 +220,7 @@ def main(): print('Please enter a valid choice!!!\n') create_choice = '' else: - print('OUTPUT folder for storing ALEAPP Profile file does not exist!\nRun the program again.') + print('OUTPUT folder for storing DLEAPP Profile file does not exist!\nRun the program again.') return if args.load_case_data: @@ -261,7 +261,7 @@ def main(): if not profile_load_error: if isinstance(profile, dict): - if profile.get("leapp") != "aleapp" or profile.get("format_version") != 1: + if profile.get("leapp") != "dleapp" or profile.get("format_version") != 1: profile_load_error = "File was not a valid profile file: incorrect LEAPP or version" print(profile_load_error) return @@ -305,7 +305,7 @@ def crunch_artifacts( logfunc('Processing started. Please wait. This may take a few minutes...') logfunc('\n--------------------------------------------------------------------------------------') - logfunc(f'DLEAPP v1.0: DLEAPP Logs, Events, and Protobuf Parser') + logfunc(f'DLEAPP v1.0: Drone Logs, Events, and Protobuf Parser') logfunc('Objective: Triage Drone Full System Extractions.') logfunc('Based on ALEAPP by Alexis Brignoni and Yogesh Khatri\n') logdevinfo() @@ -320,7 +320,7 @@ def crunch_artifacts( elif extracttype == 'zip': seeker = FileSeekerZip(input_path, out_params.data_folder) - elif extracttype in ('ewf', 'raw'): + elif extracttype in ('ewf', 'raw', '001', 'E01'): logfunc(f'Acquisition type selected: {extracttype}. Starting extraction...') recurse.run_extraction(input_path, extracttype, out_params.data_folder) input_path = out_params.data_folder diff --git a/aleappGUI.py b/dleappGUI.py similarity index 96% rename from aleappGUI.py rename to dleappGUI.py index 53a6a65..8764cda 100644 --- a/aleappGUI.py +++ b/dleappGUI.py @@ -9,7 +9,7 @@ from PIL import Image, ImageTk from tkinter import ttk, filedialog as tk_filedialog, messagebox as tk_msgbox -from scripts.version_info import aleapp_version +from scripts.version_info import aleapp_version, dleapp_version from scripts.search_files import * from scripts.modules_to_exclude import modules_to_exclude from scripts.lavafuncs import * @@ -83,7 +83,7 @@ def load_profile(): destination_path = tk_filedialog.askopenfilename(parent=main_window, title='Load a profile', - filetypes=(('ALEAPP Profile', '*.alprofile'),)) + filetypes=(('DLEAPP Profile', '*.alprofile'),)) if destination_path and os.path.exists(destination_path): profile_load_error = None @@ -94,7 +94,7 @@ def load_profile(): profile_load_error = 'File was not a valid profile file: invalid format' if not profile_load_error: if isinstance(profile, dict): - if profile.get('leapp') != 'aleapp' or profile.get('format_version') != 1: + if profile.get('leapp') != 'dleapp' or profile.get('format_version') != 1: profile_load_error = 'File was not a valid profile file: incorrect LEAPP or version' else: deselect_all() @@ -117,13 +117,13 @@ def save_profile(): '''Save selected modules in a profile file''' destination_path = tk_filedialog.asksaveasfilename(parent=main_window, title='Save a profile', - filetypes=(('ALEAPP Profile', '*.alprofile'),), + filetypes=(('DLEAPP Profile', '*.alprofile'),), defaultextension='.alprofile') if destination_path: selected_modules = get_selected_modules() with open(destination_path, 'wt', encoding='utf-8') as profile_out: - json.dump({'leapp': 'aleapp', 'format_version': 1, 'plugins': selected_modules}, profile_out) + json.dump({'leapp': 'dleapp', 'format_version': 1, 'plugins': selected_modules}, profile_out) tk_msgbox.showinfo( title='Save a profile', message=f'Profile saved: {destination_path}', parent=main_window) @@ -201,7 +201,7 @@ def process(casedata): # re-create modules list based on user selection selected_modules = get_selected_modules() - selected_modules.insert(0, 'usagestatsVersion') # Force usagestatsVersion as first item to be parsed + # selected_modules.insert(0, 'usagestatsVersion') Force usagestatsVersion as first item to be parsed(skipped for drone) selected_modules = [loader[module] for module in selected_modules] progress_bar.config(maximum=len(selected_modules)) casedata = {key: value.get() for key, value in casedata.items()} @@ -244,9 +244,12 @@ def select_input(button_type): if button_type == 'file': input_filename = tk_filedialog.askopenfilename(parent=main_window, title='Select a file', - filetypes=(('All supported files', '*.tar *.zip *.gz'), - ('tar file', '*.tar'), ('zip file', '*.zip'), - ('gz file', '*.gz'))) + filetypes=(('All supported files', '*.tar *.zip *.gz *.ewf *.E01 *.001 *.dd *.raw'), + ('tar file', '*.tar'), + ('zip file', '*.zip'), + ('gz file', '*.gz'), + ('EWF Image', '*.ewf *.e01'), + ('Raw Image', '*.001 *.dd *.raw'))) else: input_filename = tk_filedialog.askdirectory(parent=main_window, title='Select a folder') input_entry.delete(0, 'end') @@ -443,7 +446,7 @@ def add_agency_logo(): pickModules() ## Theme properties -theme_bgcolor = '#586A60' +theme_bgcolor = "#464646" theme_inputcolor = '#fcfff6' theme_fgcolor = '#d0dbbd' theme_button = '#d0dbbd' @@ -466,7 +469,7 @@ def add_agency_logo(): ## Main window properties main_window.geometry(f'{window_width}x{window_height}+{margin_width}+{margin_height}') -main_window.title(f'ALEAPP version {aleapp_version}') +main_window.title(f'DLEAPP version {dleapp_version}') main_window.resizable(False, False) main_window.configure(bg=theme_bgcolor) logo_icon = tk.PhotoImage(file=icon) @@ -498,7 +501,7 @@ def add_agency_logo(): title_frame = ttk.Frame(main_window) title_frame.grid(padx=14, pady=8, sticky='we') title_frame.grid_columnconfigure(0, weight=1) -ileapp_logo = ImageTk.PhotoImage(file=resource_path("ALEAPP_logo.png")) +ileapp_logo = ImageTk.PhotoImage(file=resource_path("DLEAPP_logo.png")) ileapp_logo_label = ttk.Label(title_frame, image=ileapp_logo) ileapp_logo_label.grid(row=0, column=0, sticky='w') leapps_logo = ImageTk.PhotoImage(Image.open(resource_path("leapps_a_logo.png")).resize((110, 51))) @@ -509,7 +512,7 @@ def add_agency_logo(): ### Input output selection input_frame = ttk.LabelFrame( main_window, - text=' Select the file (tar/zip/gz) or directory of the target Android full file system extraction for parsing: ') + text=' Select the file (tar/zip/gz/ewf/raw) or directory of the target Drone full file system extraction for parsing: ') input_frame.grid(padx=14, pady=2, sticky='we') input_frame.grid_columnconfigure(0, weight=1) input_entry = ttk.Entry(input_frame)