±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 2 Overall: 35647
New Yesterday: 9 Visitors: 163

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Open Source Python Modules for binary Plists and IPD files

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

AlexC
Senior Member
 

Open Source Python Modules for binary Plists and IPD files

Post Posted: Jun 11, 12 14:01

In case anyone has any use of them, here are links to a couple of open source python modules we've released.

ccl_bplist
code.google.com/p/ccl-bplist/ - a module for reading Apple binary plists. The load() function takes a file like object and returns a python object which mirrors the plist structure. For XML plists you can use python's own "plistlib" module. This module also de-serialises NSKeyedArchiver files to reveal their actual structure (pass the object returned by the load() function to the deserialise_NsKeyedArchiver() function).

Related links:
digitalinvestigation.w...-use-them/
digitalinvestigation.w...on-module/

ccl_ipd
code.google.com/p/ccl-ipd/ - a module for reading blackberry IPD backups. It's a fully featured class module - just pass the file path of the ipd file to the ipd_file class's constructor and the data is populated. You then get a structure of an ipd_file containing one or more ipd_db objects which will contain a number of ipd_record objects which hold a bunch of ipd_field objects. Iterators and Indexing is implementing where it makes sense, so you should be able to write pretty, pythonic code.


Hopefully those will be of use to someone! Hopefully there'll be another module released fairly soon which will of interest to anyone dealing with Apple stuff. In the meantime, I'm happy to answer any questions regarding these modules.


Edit:
Both modules are designed for Py3k, however at the request of a user I've added a hack to the bplist one which means that it should work with python 2.x - but I haven't tested it anywhere nearly as thoroughly under python 2.  
 
  

rosako
Newbie
 

Re: Open Source Python Modules for binary Plists and IPD files

Post Posted: Jun 15, 12 15:05

Nice job! Thank you very much for sharing it!  
 
  

AlexC
Senior Member
 

Re: Open Source Python Modules for binary Plists and IPD fil

Post Posted: Jun 18, 12 15:40

ccl_asl
code.google.com/p/ccl-asl/ - here's another module, this time for parsing Apple System Log (.asl) files. It can operate as a command line utility for offline log dumping and also as a class module for writing your own ASL parsing scripts. The repository also contains some scripts which demonstrates the use of the class module: a power usage profiler for iOS and a power and login timeline for OSX.

Related links:
digitalinvestigation.w...s-osx-ios/  
 
  

nerdrage
Member
 

Re: Open Source Python Modules for binary Plists and IPD fil

Post Posted: Jul 18, 12 00:53

Hi,

I may be off here, but I was going through the google code for these projects and there is nothing in the downloads. Have these been removed? Just looking to get back into script and learn python and thought these would be fun to look at.  
 
  

jaclaz
Senior Member
 

Re: Open Source Python Modules for binary Plists and IPD fil

Post Posted: Jul 18, 12 00:57

- nerdrage
Hi,

I may be off here, but I was going through the google code for these projects and there is nothing in the downloads. Have these been removed? Just looking to get back into script and learn python and thought these would be fun to look at.

You need to "browse the source" like:
code.google.com/p/ccl-...ce/browse/

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

nerdrage
Member
 

Re: Open Source Python Modules for binary Plists and IPD fil

Post Posted: Jul 18, 12 07:20

ah ha! thank you.  
 
  

AlexC
Senior Member
 

Re: Open Source Python Modules for binary Plists and IPD fil

Post Posted: Jul 19, 12 14:52

I'm so used to Google Code that I take it for granted that people know to go to the Source tab - but I'm learning that simply isn't the case (and when you think about it, it's not very intuitive). I think I'll add a note to the project's front page pointing people in the right direction.

I hope you find the scripts useful (or at least interesting!) if you have any questions about the code I'm happy to try to explain what I've done.  
 

Page 1 of 2
Page 1, 2  Next