Skip to content

Commit

Permalink
Merge pull request #2297 from aberenguel/#2294_user_account_register_xml
Browse files Browse the repository at this point in the history 
#2294 user account register xml
  • Loading branch information
@lfcnassif
lfcnassif authored Oct 16, 2024
2 parents 474f4b9 + b4537e6 commit 1314d7f
Show file tree
Hide file tree
Showing 8 changed files with 198 additions and 108 deletions.
2 changes: 1 addition & 1 deletion iped-app/resources/config/conf/CategoriesConfig.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@
{"name": "SIM Data", "mimes": ["application/x-ufed-html-simdata", "application/x-ufed-simdata"]},
{"name": "Calendar", "mimes": ["application/x-ufed-html-calendar", "application/x-ufed-calendarentry", "application/x-ios-calendar-db"]},
{"name": "Logs", "mimes": ["application/x-ufed-html-logs", "application/x-ufed-logentry"]},
{"name": "User Accounts", "mimes": ["application/x-ufed-html-users", "application/x-ufed-useraccount", "application/x-ufed-user", "contact/x-skype-account", "application/x-whatsapp-account", "application/x-telegram-account", "application/x-gdrive-account-info"]},
{"name": "User Accounts", "mimes": ["application/x-ufed-html-users", "application/x-ufed-useraccount", "application/x-ufed-user", "contact/x-skype-account", "application/x-whatsapp-account", "application/x-telegram-account", "application/x-gdrive-account-info", "application/x-whatsapp-user-xml"]},
{"name": "Searches", "mimes": ["application/x-ufed-html-searches", "application/x-ufed-searcheditem"]},
{"name": "Notes", "mimes": ["application/x-ufed-html-notes", "application/x-ufed-note", "application/x-ios-oldnotes-db", "application/x-ios-notes-db"]},
{"name": "Wireless Networks", "mimes": ["application/x-ufed-html-wifi", "application/x-ufed-wirelessnetwork"]},
Expand Down
2 changes: 2 additions & 0 deletions iped-app/resources/config/conf/CustomSignatures.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1416,6 +1416,8 @@
<glob pattern="com.whatsapp_preferences_light.xml"/>
<glob pattern="com.whatsapp.w4b_preferences.xml"/>
<glob pattern="com.whatsapp.w4b_preferences_light.xml"/>
<glob pattern="registration.RegisterPhone.xml"/>
<glob pattern="startup_prefs.xml"/>
</mime-type>

<mime-type type="application/x-whatsapp-user-plist">
Expand Down
9 changes: 6 additions & 3 deletions iped-app/resources/scripts/tasks/RefineCategoryTask.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,14 +77,17 @@ function process(e){
e.setCategory(cat);
}

if(mime.equals("application/dita+xml") &&
if(path.indexOf("whatsapp") != -1 && mime.equals("application/dita+xml") &&
(e.getName().equals("com.whatsapp_preferences.xml") ||
e.getName().equals("com.whatsapp_preferences_light.xml") ||
e.getName().equals("com.whatsapp.w4b_preferences.xml") ||
e.getName().equals("com.whatsapp.w4b_preferences_light.xml"))) {
e.getName().equals("com.whatsapp.w4b_preferences_light.xml") ||
e.getName().equals("registration.RegisterPhone.xml") ||
e.getName().equals("startup_prefs.xml"))) {
e.setMediaTypeStr("application/x-whatsapp-user-xml");
e.setCategory("Contacts");
e.setCategory("User Accounts");
}

if(mime.equals("application/dita+xml") && e.getName().equals("userconfing.xml")){
e.setMediaTypeStr("application/x-telegram-user-conf");
//e.setCategory("Contacts");
Expand Down
1 change: 0 additions & 1 deletion iped-engine/src/main/java/iped/engine/task/ParsingTask.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -286,7 +286,6 @@ private static boolean isToAlwaysExpand(CaseData caseData, IItem item) {
return false;
}
return WhatsAppParser.WA_USER_PLIST.equals(item.getMediaType())
|| WhatsAppParser.WA_USER_XML.equals(item.getMediaType())
|| TelegramParser.TELEGRAM_USER_CONF.equals(item.getMediaType());
}

Expand Down
95 changes: 52 additions & 43 deletions iped-parsers/iped-parsers-impl/src/main/java/iped/parsers/whatsapp/WAAccount.java
View file
Original file line number Diff line number Diff line change
@@ -1,21 +1,25 @@
package iped.parsers.whatsapp;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.text.ParseException;

import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;

import org.apache.commons.lang3.StringUtils;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;

import com.dd.plist.NSDictionary;
import com.dd.plist.NSObject;
import com.dd.plist.PropertyListFormatException;
import com.dd.plist.PropertyListParser;

public class WAAccount extends WAContact {
Expand All @@ -27,48 +31,72 @@ public WAAccount(String id) {
}

public String getTitle() {
return "WhatsApp Account: " + getName(); //$NON-NLS-1$
return "WhatsApp Account: " + getName();
}

public static WAAccount getFromAndroidXml(InputStream is) {
public static WAAccount getFromAndroidXml(InputStream is) throws SAXException, IOException {
try {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
Document doc = builder.parse(is);

String id = null, name = null, status = null;

XPath xpath = XPathFactory.newInstance().newXPath();
XPathExpression expr = xpath.compile("/map/string[@name=\"registration_jid\"]");

XPathExpression expr = xpath
.compile("/map/string[@name=\"com.whatsapp.registration.RegisterPhone.phone_number\"]");
String value = (String) expr.evaluate(doc, XPathConstants.STRING);
if (value == null || value.isBlank()) {
expr = xpath.compile("/map/string[@name=\"ph\"]");
if (StringUtils.isNotBlank(value)) {
String phoneNumber = value;
expr = xpath.compile("/map/string[@name=\"com.whatsapp.registration.RegisterPhone.country_code\"]");
value = (String) expr.evaluate(doc, XPathConstants.STRING);
if (value == null || value.isBlank())
return null;
if (StringUtils.isNotBlank(value)) {
String countryCode = value;
id = countryCode + phoneNumber + waSuffix;
}
} else {
expr = xpath.compile("/map/string[@name=\"registration_jid\"]");
value = (String) expr.evaluate(doc, XPathConstants.STRING);
if (StringUtils.isBlank(value)) {
expr = xpath.compile("/map/string[@name=\"ph\"]");
value = (String) expr.evaluate(doc, XPathConstants.STRING);
}
if (StringUtils.isNotBlank(value)) {
if (!value.endsWith(waSuffix)) {
value += waSuffix;
}
id = value;
}
}
if (!value.endsWith(waSuffix))
value += waSuffix;

WAAccount account = new WAAccount(value);

expr = xpath.compile("/map/string[@name=\"push_name\"]");
value = (String) expr.evaluate(doc, XPathConstants.STRING);
if (value != null && !value.isBlank())
account.setWaName(value);
if (StringUtils.isNotBlank(value)) {
name = value;
}

expr = xpath.compile("/map/string[@name=\"my_current_status\"]");
value = (String) expr.evaluate(doc, XPathConstants.STRING);
if (value != null && !value.isBlank())
account.setStatus(value);
if (StringUtils.isNotBlank(value)) {
status = value;
}

return account;
if (StringUtils.isAllBlank(id, name, status)) {
return null;
}

WAAccount account = new WAAccount(id);
account.setWaName(name);
account.setStatus(status);

} catch (Exception e) {
e.printStackTrace();
return null;
return account;
} catch (ParserConfigurationException | XPathExpressionException e) {
throw new RuntimeException(e);
}
}

public static WAAccount getFromIOSPlist(InputStream is) {
public static WAAccount getFromIOSPlist(InputStream is) throws SAXException, IOException {
try {
NSDictionary rootDict = (NSDictionary) PropertyListParser.parse(is);
NSObject value = rootDict.get("OwnJabberID");
Expand All @@ -92,26 +120,8 @@ public static WAAccount getFromIOSPlist(InputStream is) {
account.setStatus(value.toString());

return account;

} catch (Exception e) {
e.printStackTrace();
return null;
}
}

public static void main(String[] args) {
try (FileInputStream fis = new FileInputStream(
"c:/users/nassif/downloads/group.net.whatsapp.WhatsApp.shared.plist")) {
WAAccount a = getFromIOSPlist(fis);
System.out.println(a.getId());
System.out.println(a.getWaName());
System.out.println(a.getStatus());
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (PropertyListFormatException | ParseException | ParserConfigurationException e) {
throw new RuntimeException(e);
}
}

Expand All @@ -122,5 +132,4 @@ public boolean isUnknown() {
public void setUnknown(boolean isUnknown) {
this.isUnknown = isUnknown;
}

}
18 changes: 11 additions & 7 deletions iped-parsers/iped-parsers-impl/src/main/java/iped/parsers/whatsapp/WAContact.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@
public class WAContact {

protected static final String waSuffix = "@s.whatsapp.net";

private final String id;

private final String suffix;
private String id;

private String suffix;

private String status;

Expand All @@ -27,6 +27,14 @@ public class WAContact {
private boolean deleted = false;

public WAContact(String id) {
updateId(id);
}

public String getId() {
return id;
}

public void updateId(String id) {
if (id != null) {
String[] idSplit = id.split("@", 2);
this.id = idSplit[0].trim();
Expand All @@ -36,10 +44,6 @@ public WAContact(String id) {
}
}

public String getId() {
return id;
}

public String getStatus() {
return status;
}
Expand Down
Loading

0 comments on commit 1314d7f

Please sign in to comment.