sepinf-inc · lfcnassif · Nov 16, 2023 · Oct 28, 2023 · Oct 28, 2023 · Oct 28, 2023
diff --git a/iped-app/resources/config/conf/CategoriesConfig.json b/iped-app/resources/config/conf/CategoriesConfig.json
@@ -89,7 +89,11 @@
         {"name": "Others Chats", "mimes":["application/x-ufed-html-chats", "application/x-ufed-chats-txt", "application/x-ufed-chat", "application/x-ufed-chat-preview"]}
     ]},
     {"name": "USN Journal", "mimes": ["application/x-usnjournal-$J", "application/x-usnjournal-report-html", "application/x-usnjournal-report-csv", "application/x-usnjournal-registry"]},
-    {"name": "Programs and Libraries", "mimes": ["application/java-archive", "application/x-dosexec", "application/x-msdownload", "application/x-bat", "application/vnd.ms-cab-compressed", "application/x-font-ttf", "application/pkcs7-signature", "application/vnd.ms-htmlhelp", "application/java-vm", "application/vnd.ms-pki.seccat", "application/x-ms-installer", "application/x-ufed-html-apps", "application/x-ufed-installedapplication"]},
+    {"name": "Programs and Libraries", 
+        "mimes": ["application/java-archive", "application/x-dosexec", "application/x-msdownload", "application/x-bat", "application/vnd.ms-cab-compressed", "application/x-font-ttf", "application/pkcs7-signature", "application/vnd.ms-htmlhelp", "application/java-vm", "application/vnd.ms-pki.seccat", "application/x-ms-installer", "application/x-ufed-html-apps", "application/x-ufed-installedapplication"],
+        "categories":[{"name": "Android Applications", "mimes": ["application/vnd.android.package-archive"]}]
+        },
+
     {"name": "Unallocated", "mimes": ["application/x-unallocated"]},
     {"name": "File Slacks", "mimes": ["application/x-fileslack"]},
     {"name": "Plain Texts", "mimes": ["text"], "categories":[

diff --git a/iped-app/resources/config/conf/MakePreviewConfig.txt b/iped-app/resources/config/conf/MakePreviewConfig.txt
@@ -7,7 +7,7 @@
 supportedMimes = application/x-msaccess; application/x-lnk; application/x-firefox-savedsession
 supportedMimes = application/x-sqlite3; application/sqlite-skype; application/x-win10-timeline; application/x-gdrive-cloud-graph; application/x-gdrive-snapshot
 supportedMimes = application/x-whatsapp-db; application/x-whatsapp-db-f; application/x-whatsapp-chatstorage; application/x-whatsapp-chatstorage-f; application/x-shareaza-searches-dat; application/x-msie-cache
-supportedMimes = application/x-prefetch; text/x-vcard; application/x-bittorrent-resume-dat; application/x-bittorrent; application/x-emule-preferences-dat
+supportedMimes = application/x-prefetch; text/x-vcard; application/x-bittorrent-resume-dat; application/x-bittorrent; application/x-emule-preferences-dat; application/vnd.android.package-archive
 
 # List of mimetypes which parsers insert links to other case items into preview
 supportedMimesWithLinks = application/x-emule; application/x-emule-part-met; application/x-ares-galaxy; application/x-shareaza-library-dat
diff --git a/iped-app/resources/config/conf/ParserConfig.xml b/iped-app/resources/config/conf/ParserConfig.xml
@@ -361,6 +361,7 @@
         <parser class="iped.parsers.python.PythonParser"></parser>
         <parser class="iped.parsers.mail.win10.Win10MailParser"></parser>
         <parser class="iped.parsers.discord.DiscordParser"></parser>
+        <parser class="iped.parsers.apk.APKParser"></parser>
 
     </parsers>
 

diff --git a/iped-app/resources/config/profiles/triage/conf/ParserConfig.xml b/iped-app/resources/config/profiles/triage/conf/ParserConfig.xml
@@ -348,6 +348,7 @@
         <!-- parser class="iped.parsers.python.PythonParser"></parser-->
         <parser class="iped.parsers.mail.win10.Win10MailParser"></parser>
         <parser class="iped.parsers.discord.DiscordParser"></parser>
+        <!--parser class="iped.parsers.apk.APKParser"></parser-->
 
     </parsers>
 

diff --git a/iped-app/resources/localization/iped-categories.properties b/iped-app/resources/localization/iped-categories.properties
@@ -56,6 +56,7 @@ Registry\ User\ Communication=Registry\ User\ Communication
 Windows\ Recycle=Windows\ Recycle
 USN\ Journal=USN\ Journal
 Programs\ and\ Libraries=Programs\ and\ Libraries
+Android\ Applications=Android\ Applications
 Unallocated=Unallocated
 File\ Slacks=File\ Slacks
 Multimedia=Multimedia

diff --git a/iped-app/resources/localization/iped-categories_de_DE.properties b/iped-app/resources/localization/iped-categories_de_DE.properties
@@ -56,6 +56,7 @@ Registry\ User\ Communication=Registry\ Benutzerkommunikation
 Windows\ Recycle=Windows\ Papierkorb
 USN\ Journal=USN\ Journal
 Programs\ and\ Libraries=Programme\ und\ Bibliotheken
+Android\ Applications=Android\ Applications[TBT]
 Unallocated=nicht\ zugeordnet
 File\ Slacks=Datei-Slack
 Multimedia=Multimedia

diff --git a/iped-app/resources/localization/iped-categories_es_AR.properties b/iped-app/resources/localization/iped-categories_es_AR.properties
@@ -56,6 +56,7 @@ Registry\ User\ Communication=Registro\ Comunicaciones\ Usuario
 Windows\ Recycle=Windows\ Papalera de Reciclaje
 USN\ Journal=USN\ Diario
 Programs\ and\ Libraries=Programas\ y\ Bibliotecas
+Android\ Applications=Android\ Applications[TBT]
 Unallocated=Sin Asignar
 File\ Slacks=Archivos\ Slacks
 Multimedia=Multimedia

diff --git a/iped-app/resources/localization/iped-categories_it_IT.properties b/iped-app/resources/localization/iped-categories_it_IT.properties
@@ -56,6 +56,7 @@ Registry\ User\ Communication=Registro\ Comunicazioni\ Utente
 Windows\ Recycle=Cestino\ di\ Windows
 USN\ Journal=USN\ Journal
 Programs\ and\ Libraries=Software\ e\ Librerie
+Android\ Applications=Android\ Applications[TBT]
 Unallocated=Spazio\ non\ allocato
 File\ Slacks=File\ Slack
 Multimedia=Multimedia

diff --git a/iped-app/resources/localization/iped-categories_pt_BR.properties b/iped-app/resources/localization/iped-categories_pt_BR.properties
@@ -56,6 +56,7 @@ Registry\ User\ Communication=Registro\ -\ Comunicação\ de\ Usuário
 Windows\ Recycle=Lixeira\ do\ Windows
 USN\ Journal=Journal\ USN
 Programs\ and\ Libraries=Programas\ e\ Bibliotecas
+Android\ Applications=Aplicativos\ Android
 Unallocated=Não\ Alocado
 File\ Slacks=File\ Slacks
 Multimedia=Multimídia

diff --git a/iped-app/resources/localization/iped-parsers-messages.properties b/iped-app/resources/localization/iped-parsers-messages.properties
@@ -318,4 +318,19 @@ TelegramReport.joinedByRequest=User joined by Request
 TelegramReport.ChannelMigratedFromGroup=This channel migrated from a group
 TelegramReport.RecoveredGroup=Recovered deleted group
 P2P.FoundInPedoHashDB=* Red lines mean the hashes were found in child porn alert hash databases.
-Win10Mail.NotFound=Not Found
+Win10Mail.NotFound=Not Found
+APKParser.Permissions=Permissions Required
+APKParser.Manifest=Manifest XML
+APKParser.Package=Package
+APKParser.Version=Version
+APKParser.SDKVersion=SDK Version
+APKParser.Features=Features
+APKParser.Signers=Signers
+APKParser.SignersV2=Signers(V2)
+APKParser.Path=Path
+APKParser.Certificate=Certificate
+APKParser.Algorithm=Algorithm
+APKParser.MD5=MD5
+APKParser.OID=OID
+APKParser.StartDate=Start Date
+APKParser.EndDate=End Date
diff --git a/iped-app/resources/localization/iped-parsers-messages_de_DE.properties b/iped-app/resources/localization/iped-parsers-messages_de_DE.properties
@@ -319,3 +319,18 @@ TelegramReport.ChannelMigratedFromGroup=Dieser Kanal ist aus einer Gruppe hervor
 TelegramReport.RecoveredGroup=wiederhergestellte gelöschte Gruppe
 P2P.FoundInPedoHashDB=* Rote Zeile bedeutet, dass der Hash in der KiPo Hash-Datenbank gefunden wurde.
 Win10Mail.NotFound=Nicht gefunden
+APKParser.Permissions=Permissions Required(TBT)
+APKParser.Manifest=Manifest XML(TBT)
+APKParser.Package=Package(TBT)
+APKParser.Version=Version(TBT)
+APKParser.SDKVersion=SDK Version(TBT)
+APKParser.Features=Features(TBT)
+APKParser.Signers=Signers(TBT)
+APKParser.SignersV2=Signers(V2)(TBT)
+APKParser.Path=Path(TBT)
+APKParser.Certificate=Certificate(TBT)
+APKParser.Algorithm=Algorithm(TBT)
+APKParser.MD5=MD5(TBT)
+APKParser.OID=OID(TBT)
+APKParser.StartDate=Start Date(TBT)
+APKParser.EndDate=End Date(TBT)
diff --git a/iped-app/resources/localization/iped-parsers-messages_es_AR.properties b/iped-app/resources/localization/iped-parsers-messages_es_AR.properties
@@ -319,3 +319,18 @@ TelegramReport.ChannelMigratedFromGroup=Este canal ha migrado desde un grupo
 TelegramReport.RecoveredGroup=Grupo borrado recuperado
 P2P.FoundInPedoHashDB=* Las líneas rojas significan que los hashtags se encontraron en bases de datos de hashtags de alertas de pornografía infantil.
 Win10Mail.NotFound=No encontrado
+APKParser.Permissions=Permissions Required(TBT)
+APKParser.Manifest=Manifest XML(TBT)
+APKParser.Package=Package(TBT)
+APKParser.Version=Version(TBT)
+APKParser.SDKVersion=SDK Version(TBT)
+APKParser.Features=Features(TBT)
+APKParser.Signers=Signers(TBT)
+APKParser.SignersV2=Signers(V2)(TBT)
+APKParser.Path=Path(TBT)
+APKParser.Certificate=Certificate(TBT)
+APKParser.Algorithm=Algorithm(TBT)
+APKParser.MD5=MD5(TBT)
+APKParser.OID=OID(TBT)
+APKParser.StartDate=Start Date(TBT)
+APKParser.EndDate=End Date(TBT)
diff --git a/iped-app/resources/localization/iped-parsers-messages_it_IT.properties b/iped-app/resources/localization/iped-parsers-messages_it_IT.properties
@@ -319,3 +319,18 @@ TelegramReport.ChannelMigratedFromGroup=Questo canale è migrato da un gruppo
 TelegramReport.RecoveredGroup=Gruppo cancellato recuperato
 P2P.FoundInPedoHashDB=* Le linee rosse indicano che gli hash sono stati trovati nel child porn alert hash databases.
 Win10Mail.NotFound=Non trovato
+APKParser.Permissions=Permissions Required(TBT)
+APKParser.Manifest=Manifest XML(TBT)
+APKParser.Package=Package(TBT)
+APKParser.Version=Version(TBT)
+APKParser.SDKVersion=SDK Version(TBT)
+APKParser.Features=Features(TBT)
+APKParser.Signers=Signers(TBT)
+APKParser.SignersV2=Signers(V2)(TBT)
+APKParser.Path=Path(TBT)
+APKParser.Certificate=Certificate(TBT)
+APKParser.Algorithm=Algorithm(TBT)
+APKParser.MD5=MD5(TBT)
+APKParser.OID=OID(TBT)
+APKParser.StartDate=Start Date(TBT)
+APKParser.EndDate=End Date(TBT)
diff --git a/iped-app/resources/localization/iped-parsers-messages_pt_BR.properties b/iped-app/resources/localization/iped-parsers-messages_pt_BR.properties
@@ -319,3 +319,18 @@ TelegramReport.ChannelMigratedFromGroup=Este canal migrou de um grupo
 TelegramReport.RecoveredGroup=Grupo apagado recuperado
 P2P.FoundInPedoHashDB=* Linhas em vermelho indicam que os hashes foram encontrados em bases de hashes de alerta de pornografia infantil
 Win10Mail.NotFound=Não Encontrado
+APKParser.Permissions=Permissões requeridas
+APKParser.Manifest=Manifest XML
+APKParser.Package=Pacote
+APKParser.Version=Versão
+APKParser.SDKVersion=Versão do SDK
+APKParser.Features=Características
+APKParser.Signers=Assinaturas
+APKParser.SignersV2=Assinaturas(V2)
+APKParser.Path=Caminho
+APKParser.Certificate=Certificado
+APKParser.Algorithm=Algorítmo
+APKParser.MD5=MD5
+APKParser.OID=OID
+APKParser.StartDate=Início
+APKParser.EndDate=Válido até
diff --git a/iped-app/src/main/resources/iped/app/ui/cat/Android Applications.png b/iped-app/src/main/resources/iped/app/ui/cat/Android Applications.png
diff --git a/iped-parsers/iped-parsers-impl/pom.xml b/iped-parsers/iped-parsers-impl/pom.xml
@@ -232,6 +232,11 @@
             <artifactId>RagingMoose</artifactId>
             <version>c92dba11561cb1423dd81e3bb9dea8ae92a392d3</version>
         </dependency>
+        <dependency>
+            <groupId>net.dongliu</groupId>
+            <artifactId>apk-parser</artifactId>
+            <version>2.6.10</version>
+        </dependency>        
     </dependencies>
 
     <build>