Skip to content

Commit

Permalink
Merge pull request #1995 from sepinf-inc/#1857_complement
Browse files Browse the repository at this point in the history 
#1857 complement
  • Loading branch information
@lfcnassif
lfcnassif authored Nov 23, 2023
2 parents fd55e3f + d724fe6 commit 875a42c
Show file tree
Hide file tree
Showing 4 changed files with 67 additions and 35 deletions.
35 changes: 26 additions & 9 deletions iped-engine/src/main/java/iped/engine/task/P2PBookmarker.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,10 @@
import java.awt.Color;
import java.io.File;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;

import org.apache.lucene.document.Document;
import org.slf4j.Logger;
Expand All @@ -19,6 +22,7 @@
import iped.parsers.emule.PartMetParser;
import iped.parsers.gdrive.GDriveCloudGraphParser;
import iped.parsers.gdrive.GDriveSnapshotParser;
import iped.parsers.shareaza.ShareazaDownloadParser;
import iped.parsers.shareaza.ShareazaLibraryDatParser;
import iped.parsers.skype.SkypeParser;
import iped.parsers.telegram.TelegramParser;
Expand All @@ -39,7 +43,7 @@ public P2PBookmarker(ICaseData caseData) {
}

class P2PProgram {
final String hashName;
final List<String> hashNames;
final String appName;
final Color color;

Expand All @@ -48,7 +52,11 @@ public P2PProgram(String hashName, String appName) {
}

public P2PProgram(String hashName, String appName, Color color) {
this.hashName = hashName;
this(Collections.singletonList(hashName), appName, color);
}

public P2PProgram(List<String> hashNames, String appName, Color color) {
this.hashNames = hashNames;
this.appName = appName;
this.color = color;
}
Expand All @@ -70,8 +78,13 @@ public void createBookmarksForSharedFiles(File caseDir) {
p2pPrograms.put(AresParser.ARES_MIME_TYPE,
new P2PProgram(HashTask.HASH.SHA1.toString(), "Ares", new Color(238, 173, 0)));

List<String> shareazaHashes = Arrays.asList(HashTask.HASH.MD5.toString(), HashTask.HASH.SHA1.toString(), HashTask.HASH.EDONKEY.toString());

p2pPrograms.put(ShareazaLibraryDatParser.LIBRARY_DAT_MIME_TYPE,
new P2PProgram(HashTask.HASH.MD5.toString(), "Shareaza", new Color(170, 20, 20)));
new P2PProgram(shareazaHashes, "Shareaza", new Color(170, 20, 20)));

p2pPrograms.put(ShareazaDownloadParser.SHAREAZA_DOWNLOAD_META,
new P2PProgram(shareazaHashes, "Shareaza SD", new Color(170, 20, 20)));

p2pPrograms.put(WhatsAppParser.WHATSAPP_CHAT.toString(),
new P2PProgram(HashTask.HASH.SHA256.toString(), "WhatsApp", new Color(32, 146, 90)));
Expand All @@ -93,7 +106,7 @@ public void createBookmarksForSharedFiles(File caseDir) {
p2pPrograms.put(GDriveSnapshotParser.GDRIVE_SNAPSHOT_REG.toString(), progGDrive);

IPEDSource ipedSrc = new IPEDSource(caseDir);
String queryText = ExtraProperties.SHARED_HASHES + ":*"; //$NON-NLS-1$
String queryText = ExtraProperties.SHARED_HASHES + ":* OR " + ExtraProperties.SHARED_ITEMS + ":*";
IPEDSearcher searcher = new IPEDSearcher(ipedSrc, queryText);
try {
SearchResult p2pItems = searcher.search();
Expand Down Expand Up @@ -121,11 +134,15 @@ public void createBookmarksForSharedFiles(File caseDir) {
}
StringBuilder queryBuilder = new StringBuilder();
queryBuilder.append(IndexItem.LENGTH + ":[3 TO *] AND ("); //$NON-NLS-1$
if (isHash)
queryBuilder.append(program.hashName + ":("); //$NON-NLS-1$
queryBuilder.append(items.toString());
if (isHash)
queryBuilder.append(")"); //$NON-NLS-1$
if (isHash) {
for (String hash : program.hashNames) {
queryBuilder.append(hash + ":("); //$NON-NLS-1$
queryBuilder.append(items.toString());
queryBuilder.append(") "); //$NON-NLS-1$
}
} else {
queryBuilder.append(items.toString());
}
queryBuilder.append(")"); //$NON-NLS-1$
searcher = new IPEDSearcher(ipedSrc, queryBuilder.toString());

Expand Down
49 changes: 30 additions & 19 deletions ...parsers/iped-parsers-impl/src/main/java/iped/parsers/shareaza/ShareazaDownloadParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,6 @@ public void parse(InputStream stream, ContentHandler handler, Metadata metadata,
processSDFile(stream, handler, xhtml, searcher, metadata, context, item.getPath(), item.getName());

metadata.set(ExtraProperties.P2P_REGISTRY_COUNT, String.valueOf(1));
metadata.set(ExtraProperties.DECODED_DATA, Boolean.TRUE.toString());

} catch (TikaException | SAXException | IOException e) {
throw e;
Expand Down Expand Up @@ -209,14 +208,14 @@ public void processSDFile(InputStream inputStreamFile, ContentHandler handler, X

IItemReader item = null;
HashSet<String> hashSets = new HashSet<String>();
String md5 = null, sha1 = null, edonkey = null;

if (sha1Valid != 0) {
String hash = readHashString(buffer, 20);
metadata.add(ExtraProperties.SHARED_HASHES, hash);
addLine(xhtml, "SHA1: " + hash);
hashSets.addAll(ChildPornHashLookup.lookupHash(HASH_SHA1, hash));
sha1 = readHashString(buffer, 20);
addLine(xhtml, "SHA1: " + sha1);
hashSets.addAll(ChildPornHashLookup.lookupHash(HASH_SHA1, sha1));
if (item == null) {
item = searchItemInCase(searcher, HASH_SHA1, hash);
item = searchItemInCase(searcher, HASH_SHA1, sha1);
}
}

Expand All @@ -234,12 +233,11 @@ public void processSDFile(InputStream inputStreamFile, ContentHandler handler, X
int md5Valid = readControl4Bytes(buffer);

if (md5Valid != 0) {
String hash = readHashString(buffer, 16);
metadata.add(ExtraProperties.SHARED_HASHES, hash);
addLine(xhtml, "MD5: " + hash);
hashSets.addAll(ChildPornHashLookup.lookupHash(HASH_MD5, hash));
md5 = readHashString(buffer, 16);
addLine(xhtml, "MD5: " + md5);
hashSets.addAll(ChildPornHashLookup.lookupHash(HASH_MD5, md5));
if (item == null) {
item = searchItemInCase(searcher, HASH_MD5, hash);
item = searchItemInCase(searcher, HASH_MD5, md5);
}
}

Expand All @@ -251,12 +249,11 @@ public void processSDFile(InputStream inputStreamFile, ContentHandler handler, X
int edonkeyValid = readControl4Bytes(buffer);

if (edonkeyValid != 0) {
String hash = readHashString(buffer, 16);
metadata.add(ExtraProperties.SHARED_HASHES, hash);
addLine(xhtml, "EDONKEY: " + hash);
hashSets.addAll(ChildPornHashLookup.lookupHash(HASH_EDONKEY, hash));
edonkey = readHashString(buffer, 16);
addLine(xhtml, "EDONKEY: " + edonkey);
hashSets.addAll(ChildPornHashLookup.lookupHash(HASH_EDONKEY, edonkey));
if (item == null) {
item = searchItemInCase(searcher, HASH_EDONKEY, hash);
item = searchItemInCase(searcher, HASH_EDONKEY, edonkey);
}
}

Expand Down Expand Up @@ -418,20 +415,22 @@ public void processSDFile(InputStream inputStreamFile, ContentHandler handler, X

int hasFile = read2Bytes(buffer);

long totalDownloaded = 0;

if (hasFile == 1) {
sbFile.append("File: " + "\n");

long nTotal = read8Bytes(buffer);
long nRemaning = read8Bytes(buffer);
int nFragments = read4Bytes(buffer);
long notStart = nTotal - nRemaning;
totalDownloaded = nTotal - nRemaning;

sbFile.append(" Total Size: " + nTotal + "\n");
sbFile.append(" Total Remaning: " + nRemaning + "\n");
sbFile.append(" Total Downloaded: " + notStart + "\n");
sbFile.append(" Total Downloaded: " + totalDownloaded + "\n");
sbFile.append(" Number of Fragments: " + nFragments + "\n");

metadata.set(META_PREFIX + "totalDownloaded", Long.toString(notStart));
metadata.set(META_PREFIX + "totalDownloaded", Long.toString(totalDownloaded));

for (int i = 0; i < nFragments; i++) {
long nRangeBegin = read8Bytes(buffer);
Expand Down Expand Up @@ -701,6 +700,18 @@ public void processSDFile(InputStream inputStreamFile, ContentHandler handler, X
addLine(xhtml, "Shared: " + sharedStr);
metadata.set(META_PREFIX + "shared", sharedStr);

if (Boolean.valueOf(sharedStr) && totalDownloaded > 0) {
if (md5 != null) {
metadata.add(ExtraProperties.SHARED_HASHES, md5);
}
if (sha1 != null) {
metadata.add(ExtraProperties.SHARED_HASHES, sha1);
}
if (edonkey != null) {
metadata.add(ExtraProperties.SHARED_HASHES, edonkey);
}
}

String serialID = readHashString(buffer, 4);
addLine(xhtml, "Serial ID: " + serialID);

Expand Down
6 changes: 5 additions & 1 deletion ...rsers/iped-parsers-impl/src/main/java/iped/parsers/shareaza/ShareazaLibraryDatParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,9 +170,13 @@ private void storeSharedHashes(LibraryFolder folder, Metadata metadata) {
private void storeSharedHashes(LibraryFile file, Metadata metadata) {
if (file.isShared() && file.getMd5() != null && file.getMd5().length() == 32) {
metadata.add(ExtraProperties.SHARED_HASHES, file.getMd5());
} else if (file.isShared() && file.getSha1() != null && file.getSha1().length() == 40) {
}
if (file.isShared() && file.getSha1() != null && file.getSha1().length() == 40) {
metadata.add(ExtraProperties.SHARED_HASHES, file.getSha1());
}
if (file.isShared() && file.getEd2k() != null && file.getEd2k().length() == 32) {
metadata.add(ExtraProperties.SHARED_HASHES, file.getEd2k());
}
}

private void storeSharedHashes(AlbumFolder folder, Map<Integer, LibraryFile> indexToFile, Metadata metadata) {
Expand Down
12 changes: 6 additions & 6 deletions ...s/iped-parsers-impl/src/test/java/iped/parsers/shareaza/ShareazaLibraryDatParserTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,10 @@ public void testShareazaLibrary1DatParser() throws IOException, SAXException, Ti

assertEquals(ShareazaLibraryDatParser.LIBRARY_DAT_MIME_TYPE.toString(), contenttype[0]);
assertEquals("228", p2pregistrycount[0]);
assertEquals(153, sharedhashes.length);
assertEquals(459, sharedhashes.length);
assertEquals("5ff811cbb56fa306f01aca1890f1a70a", sharedhashes[0]);
assertEquals("07dec8692e10ccfcf765e0807f3d94ce", sharedhashes[1]);
assertEquals("8182ebb4ea93ae9dafaa7cf5b7374bce", sharedhashes[2]);
assertEquals("07dec8692e10ccfcf765e0807f3d94ce", sharedhashes[3]);
assertEquals("8182ebb4ea93ae9dafaa7cf5b7374bce", sharedhashes[6]);

}
}
Expand Down Expand Up @@ -82,10 +82,10 @@ public void testShareazaLibrary2DatParser() throws IOException, SAXException, Ti

assertEquals(ShareazaLibraryDatParser.LIBRARY_DAT_MIME_TYPE.toString(), contenttype[0]);
assertEquals("218", p2pregistrycount[0]);
assertEquals(138, sharedhashes.length);
assertEquals(414, sharedhashes.length);
assertEquals("5ff811cbb56fa306f01aca1890f1a70a", sharedhashes[0]);
assertEquals("07dec8692e10ccfcf765e0807f3d94ce", sharedhashes[1]);
assertEquals("025cfa06883c33bcca9b7000e7196718", sharedhashes[2]);
assertEquals("07dec8692e10ccfcf765e0807f3d94ce", sharedhashes[3]);
assertEquals("025cfa06883c33bcca9b7000e7196718", sharedhashes[6]);

}
}
Expand Down

0 comments on commit 875a42c

Please sign in to comment.