Notifications
Clear all

mobile Sqlite

13 Posts
4 Users
0 Likes
805 Views
(@alabri)
Posts: 6
Active Member
Topic starter
 

Hi
Please can you help me to write a python code to pull all sqlite databases in mobiles then reading them. I tried a lot but I didn't succeed. thank you in advance

 
Posted : 22/05/2018 10:05 am
Logan
(@logan)
Posts: 66
Trusted Member
 

You want to point the script at an extracted file system, identify ALL of the SQLite databases, and then dump the contents? Or are you targeting a few specific databases?

Seems quite inefficient to do them all. There will be many with data that is irrelevant to your investigation.

 
Posted : 22/05/2018 12:38 pm
(@alabri)
Posts: 6
Active Member
Topic starter
 

thanks for your reply.
I want to extract all sqlite databases in the device to get as much as possible of information. I am thinking to use sqlite file signature because there are different file extensions for sqlite.

 
Posted : 22/05/2018 1:14 pm
(@alabri)
Posts: 6
Active Member
Topic starter
 

Dear logan
We can try your suggestion then we can try the other scenario

 
Posted : 22/05/2018 1:22 pm
Logan
(@logan)
Posts: 66
Trusted Member
 

You would want to use the file header for identifying the databases, sure. Chrome for example stores many of it's databases without a file extension.

You can script something up as follows

1) Write the initial part of the script to query all files in a file system; crawling through it and checking the first 8 bytes for the file header.
2) If you come across one, you can use the SQLite library in Python to open the database.
3) Query the database to obtain a list of all table names.
4) Dump all tables into a format of your choosing - completely up to you how you would like to do this.
5) Close the database and move on.

You could of course also crawl the whole file system for all files, obtain a list of all databases you find, then recursively dump them all after the fact.

Good luck!

 
Posted : 22/05/2018 2:59 pm
Logan
(@logan)
Posts: 66
Trusted Member
 

I will say however that this is, again, a very inefficient way of doing this…a file system can contain MANY databases and include THOUSANDS of records. Without context to the data you are viewing, it is pretty useless…

 
Posted : 22/05/2018 3:00 pm
(@alabri)
Posts: 6
Active Member
Topic starter
 

I plan the same logic as you said in your reply but I faced a problem in Python code if you have some examples I will be thankful to be

 
Posted : 22/05/2018 3:16 pm
Logan
(@logan)
Posts: 66
Trusted Member
 

Best way of learning Alabri is to keep trying! You have the logic.

 
Posted : 23/05/2018 8:20 am
(@soft512byte)
Posts: 16
Active Member
 

To compare the results of your script, you can use our Demo ADR512.

 
Posted : 23/05/2018 8:52 am
(@alabri)
Posts: 6
Active Member
Topic starter
 

Please, Logon can you at less to share some materials which related to my topic so I can read and learn. I am requesting for some guidance from you as master and student it seems you are farther ahead from my experience.

 
Posted : 23/05/2018 8:54 am
Page 1 / 2
Share: