Open Source Python ...
 
Notifications
Clear all

Open Source Python Modules for binary Plists and IPD files

10 Posts
4 Users
0 Likes
1,127 Views
(@alexc)
Posts: 301
Reputable Member
Topic starter
 

In case anyone has any use of them, here are links to a couple of open source python modules we've released.

ccl_bplist
http//code.google.com/p/ccl-bplist/ - a module for reading Apple binary plists. The load() function takes a file like object and returns a python object which mirrors the plist structure. For XML plists you can use python's own "plistlib" module. This module also de-serialises NSKeyedArchiver files to reveal their actual structure (pass the object returned by the load() function to the deserialise_NsKeyedArchiver() function).

Related links
http//digitalinvestigation.wordpress.com/2012/04/04/geek-post-nskeyedarchiver-files-what-are-they-and-how-can-i-use-them/
http//digitalinvestigation.wordpress.com/2012/03/08/free-python-module/

ccl_ipd
http//code.google.com/p/ccl-ipd/ - a module for reading blackberry IPD backups. It's a fully featured class module - just pass the file path of the ipd file to the ipd_file class's constructor and the data is populated. You then get a structure of an ipd_file containing one or more ipd_db objects which will contain a number of ipd_record objects which hold a bunch of ipd_field objects. Iterators and Indexing is implementing where it makes sense, so you should be able to write pretty, pythonic code.

Hopefully those will be of use to someone! Hopefully there'll be another module released fairly soon which will of interest to anyone dealing with Apple stuff. In the meantime, I'm happy to answer any questions regarding these modules.

Edit
Both modules are designed for Py3k, however at the request of a user I've added a hack to the bplist one which means that it should work with python 2.x - but I haven't tested it anywhere nearly as thoroughly under python 2.

 
Posted : 11/06/2012 2:01 pm
(@rosako)
Posts: 7
Active Member
 

Nice job! Thank you very much for sharing it!

 
Posted : 15/06/2012 3:05 pm
(@alexc)
Posts: 301
Reputable Member
Topic starter
 

ccl_asl
https://code.google.com/p/ccl-asl/ - here's another module, this time for parsing Apple System Log (.asl) files. It can operate as a command line utility for offline log dumping and also as a class module for writing your own ASL parsing scripts. The repository also contains some scripts which demonstrates the use of the class module a power usage profiler for iOS and a power and login timeline for OSX.

Related links
http//digitalinvestigation.wordpress.com/2012/06/18/parsing-apple-system-log-files-osx-ios/

 
Posted : 18/06/2012 3:40 pm
(@nerdrage)
Posts: 21
Eminent Member
 

Hi,

I may be off here, but I was going through the google code for these projects and there is nothing in the downloads. Have these been removed? Just looking to get back into script and learn python and thought these would be fun to look at.

 
Posted : 18/07/2012 12:53 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Hi,

I may be off here, but I was going through the google code for these projects and there is nothing in the downloads. Have these been removed? Just looking to get back into script and learn python and thought these would be fun to look at.

You need to "browse the source" like
https://code.google.com/p/ccl-asl/source/browse/

jaclaz

 
Posted : 18/07/2012 12:57 am
(@nerdrage)
Posts: 21
Eminent Member
 

ah ha! thank you.

 
Posted : 18/07/2012 7:20 am
(@alexc)
Posts: 301
Reputable Member
Topic starter
 

I'm so used to Google Code that I take it for granted that people know to go to the Source tab - but I'm learning that simply isn't the case (and when you think about it, it's not very intuitive). I think I'll add a note to the project's front page pointing people in the right direction.

I hope you find the scripts useful (or at least interesting!) if you have any questions about the code I'm happy to try to explain what I've done.

 
Posted : 19/07/2012 2:52 pm
(@alexc)
Posts: 301
Reputable Member
Topic starter
 

ccl_snss
http//code.google.com/p/ccl-ssns/ Here's another new one, this time for parsing Chrome session files (Last Tabs, Last Session, Current Tabs, Current Session).

Related links
http//digitalinvestigation.wordpress.com/2012/09/03/chrome-session-and-tabs-files-and-the-puzzle-of-the-pickle/

 
Posted : 03/09/2012 8:46 pm
(@alexc)
Posts: 301
Reputable Member
Topic starter
 

I've updated the ccl_bplist and ccl_snss scripts recently.

The ccl_bplist module just has some new convenience functions which makes working with NSKeyedArchiver files easier.

The ccl_snss script now reports more document state and form data after feedback and test data from some users - this helped recover more emails/messages etc.

 
Posted : 29/01/2013 9:21 pm
(@rosako)
Posts: 7
Active Member
 

Very nice job! Thank you very much for sharing it!

 
Posted : 30/01/2013 2:39 am
Share: