forked from cheeky4n6monkey/iOS_sysdiagnose_forensic_scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sysdiagnose-appconduit.py
145 lines (121 loc) · 5.19 KB
/
sysdiagnose-appconduit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
#! /usr/bin/env python
# For Python3
# Script to print connection info from logs/AppConduit/AppConduit.log.*
# Author: cheeky4n6monkey@gmail.com
import sys
from optparse import OptionParser
version_string = "sysdiagnose-appconduit.py v2019-05-10 Version 1.0"
if sys.version_info[0] < 3:
print("Must be using Python 3! Exiting ...")
exit(-1)
print("Running " + version_string + "\n")
usage = "\n%prog -i inputfile\n"
parser = OptionParser(usage=usage)
parser.add_option("-i", dest="inputfile",
action="store", type="string",
help="logs/AppConduit/AppConduit.log.* To Be Searched")
(options, args) = parser.parse_args()
#no arguments given by user, print help and exit
if len(sys.argv) == 1:
parser.print_help()
exit(-1)
linecount = 0
connectedcount = 0
resumecount = 0
reunioncount = 0
disconnectedcount = 0
suspendcount = 0
with open(options.inputfile, 'r') as fp:
data = fp.readlines()
for line in data:
linecount += 1
if '[ACXCompanionSyncConnectionManager devicesAreNowConnected:]: Device' in line:
connectedcount += 1
#print("\n" + line)
txts = line.split()
#print(txts, linecount)
#print(len(txts))
if(len(txts) > 10):
dayofweek = txts[0]
month = txts[1]
day = txts[2]
time = txts[3]
year = txts[4]
device = txts[11]
print(day + " " + month + " " + year + " " + time + " - " + device + " Now Connected [line " + str(linecount) + "]")
else:
#malformed message ... ignore
print("\nMalformed devicesAreNowConnected entry at line "+str(linecount)+"\n")
if '[ACXInstallQueue reachabilityChangedForDevice:]_block_invoke: Resuming because' in line:
resumecount += 1
#print("\n" + line)
txts = line.split()
#print(txts, linecount)
#print(len(txts))
if(len(txts) > 11):
dayofweek = txts[0]
month = txts[1]
day = txts[2]
time = txts[3]
year = txts[4]
device = txts[12]
print(day + " " + month + " " + year + " " + time + " - " + device + " Resuming [line " + str(linecount) + "]")
else:
#malformed message ... ignore
print("\nMalformed Resuming entry at line "+str(linecount)+"\n")
if '[ACXCompanionSyncConnection performReunionSyncWithReason:]_block_invoke: Starting reunion sync because ' in line:
reunioncount += 1
#print("\n" + line)
txts = line.split()
#print(txts, linecount)
#print(len(txts))
if(len(txts) > 14):
dayofweek = txts[0]
month = txts[1]
day = txts[2]
time = txts[3]
year = txts[4]
buildver = txts[15]
print(day + " " + month + " " + year + " " + time + " - " + device + " Starting Reunion Sync [line " + str(linecount) + "]")
else:
#malformed message ... ignore
print("\nMalformed Sync entry at line "+str(linecount)+"\n")
if '[ACXCompanionSyncConnectionManager devicesAreNoLongerConnected:]: Device' in line:
disconnectedcount += 1
#print("\n" + line)
txts = line.split()
#print(txts, linecount)
#print(len(txts))
if(len(txts) > 10):
dayofweek = txts[0]
month = txts[1]
day = txts[2]
time = txts[3]
year = txts[4]
device = txts[11]
print(day + " " + month + " " + year + " " + time + " - " + device + " Disconnected [line " + str(linecount) + "]")
else:
#malformed message ... ignore
print("\nMalformed devicesAreNoLongerConnected entry at line "+str(linecount)+"\n")
if '[ACXInstallQueue reachabilityChangedForDevice:]_block_invoke: Suspending because' in line:
suspendcount += 1
#print("\n" + line)
txts = line.split()
#print(txts, linecount)
#print(len(txts))
if(len(txts) > 11):
dayofweek = txts[0]
month = txts[1]
day = txts[2]
time = txts[3]
year = txts[4]
device = txts[12]
print(day + " " + month + " " + year + " " + time + " - " + device + " Suspending [line " + str(linecount) + "]")
else:
#malformed message ... ignore
print("\nMalformed Suspending entry at line "+str(linecount)+"\n")
print("\nFound " + str(connectedcount) + " Now Connected entries")
print("Found " + str(resumecount) + " Resuming entries")
print("Found " + str(reunioncount) + " Starting Reunion Sync entries")
print("Found " + str(disconnectedcount) + " Disconnected entries")
print("Found " + str(suspendcount) + " Suspending entries\n")