From 2884af3f974eab1d065b6b02b1ac7183599fa4f3 Mon Sep 17 00:00:00 2001 From: charpy4n6 <112824930+charpy4n6@users.noreply.github.com> Date: Tue, 3 Sep 2024 15:17:34 -0400 Subject: [PATCH] Omega Chat Parses Omega Chat Account, Messages and Users --- scripts/artifacts/hichtAccount.py | 95 ++++++++++++++++++++++++++++++ scripts/artifacts/hichtMessages.py | 84 ++++++++++++++++++++++++++ scripts/artifacts/hichtUsers.py | 88 +++++++++++++++++++++++++++ 3 files changed, 267 insertions(+) create mode 100644 scripts/artifacts/hichtAccount.py create mode 100644 scripts/artifacts/hichtMessages.py create mode 100644 scripts/artifacts/hichtUsers.py diff --git a/scripts/artifacts/hichtAccount.py b/scripts/artifacts/hichtAccount.py new file mode 100644 index 0000000..4e91ef4 --- /dev/null +++ b/scripts/artifacts/hichtAccount.py @@ -0,0 +1,95 @@ +__artifacts_v2__ = { + "OmegaChatAccount": { + "name": "Omega Chat Account", + "description": "Parses Omega Chat Account", + "author": "Heather Charpentier", + "category": "Omega Chat", + "notes": "", + "paths": ('*/hicht.json'), + "function": "get_OmegaChatAccount" + } +} + +import json +from datetime import timezone, datetime + +from scripts.artifact_report import ArtifactHtmlReport +from scripts.ilapfuncs import logfunc, timeline, tsv + +def get_OmegaChatAccount(files_found, report_folder, seeker, wrap_text, timezone_offset): + data_list = [] + + for file_found in files_found: + file_found = str(file_found) + + if file_found.endswith('hicht.json'): + with open(file_found, encoding='utf-8') as f: + data = f.read() + + data = json.loads(data) + + dictofusers = {} + + users = data[8] + for user in users: + userid = int(user) + userdata = data[userid] + indvid = userdata.get('id') + if indvid is not None: + dictofusers[indvid] = userdata + + actcreatedat = userdata.get('created_timestamp', 'Unknown') + if actcreatedat != 'Unknown': + actcreatedat = datetime.fromtimestamp(actcreatedat, tz=timezone.utc) + + actno = int(userdata['mbx_uid']) + actno = data[actno] + + fname = int(userdata['first_name']) + fname = data[fname] + + bdate = int(userdata['birthday']) + bdate = data[bdate] + + lat = userdata.get('lat', 'Unknown') + + lon = userdata.get('lon', 'Unknown') + + cit = int(userdata['city']) + cit = data[cit] + + reg = int(userdata['region']) + reg = data[reg] + + nat = int(userdata['nation']) + nat = data[nat] + + gen = int(userdata['gender']) + gen = data[gen] + + age = userdata.get('age', 'Unknown') + + data_list.append((actcreatedat, actno, fname, bdate, lat, lon, cit, reg, nat, gen, age)) + + if data_list: + description = 'Omega Chat Account' + report = ArtifactHtmlReport('Omega Chat Account') + report.start_artifact_report(report_folder, 'Omega Chat Account', description) + report.add_script() + data_headers = ('createdAt', 'mbx_uid', 'first_name', 'birthday', 'lat', 'lon', 'city', 'region', 'nation', 'gender', 'age') + report.write_artifact_data_table(data_headers, data_list, file_found, html_escape=False) + report.end_artifact_report() + + tsvname = 'Omega Chat Account' + tsv(report_folder, data_headers, data_list, tsvname) + + tlactivity = 'Omega Chat Account' + timeline(report_folder, tlactivity, data_list, data_headers) + + else: + logfunc('No Omega Chat Account data available') + + + + + diff --git a/scripts/artifacts/hichtMessages.py b/scripts/artifacts/hichtMessages.py new file mode 100644 index 0000000..b3b3101 --- /dev/null +++ b/scripts/artifacts/hichtMessages.py @@ -0,0 +1,84 @@ +__artifacts_v2__ = { + "OmegaChatMessages": { + "name": "Omega Chat Messages", + "description": "Parses Omega Chat Messages", + "author": "Alexis Brigs Brignoni", + "category": "Omega Chat", + "notes": "", + "paths": ('*/hicht.json'), + "function": "get_OmegaChatMessages" + } +} + +import json +from datetime import timezone, datetime + +from scripts.artifact_report import ArtifactHtmlReport +from scripts.ilapfuncs import logfunc, timeline, tsv + +def get_OmegaChatMessages(files_found, report_folder, seeker, wrap_text, timezone_offset): + data_list = [] + + for file_found in files_found: + file_found = str(file_found) + + + if file_found.endswith('hicht.json'): + with open(file_found, encoding='utf-8') as f: + data = f.read() + + data = json.loads(data) + + dictofusers = {} + + listofusers = data[2] + for user in listofusers: + userid = int(user) + userdata = data[userid] + indvid = userdata['id'] + del userdata['id'] + dictofusers[indvid] = userdata + + listofconvs = data[3] + + for conv in listofconvs: + conv = int(conv) + conversationMD = data[conv] + convcreatedat = conversationMD['createdAt'] + + contentindex = int(conversationMD['content']) + content = data[contentindex] + + convindex = int(conversationMD['conversation']) + conversation = data[convindex] + userid = int(conversation['user_id']) + userdata = dictofusers[userid] + + fname = int(userdata['first_name']) + fname = data[fname] + + translate = conversationMD.get('translate') + if translate is not None: + translate = int(translate) + translate = data[translate] + + convcreatedat = datetime.fromtimestamp(convcreatedat / 1000, tz=timezone.utc) + data_list.append((convcreatedat, fname, content, translate)) + + if data_list: + description = 'Omega Chat Messages' + report = ArtifactHtmlReport('Omega Chat Messages') + report.start_artifact_report(report_folder, 'Omega Chat Messages', description) + report.add_script() + data_headers = ('createdAt', 'first_name', 'content', 'translate') + report.write_artifact_data_table(data_headers, data_list, file_found, html_escape=False) + report.end_artifact_report() + + tsvname = 'Omega Chat Messages' + tsv(report_folder, data_headers, data_list, tsvname) + + tlactivity = 'Omega Chat Messages' + + + + diff --git a/scripts/artifacts/hichtUsers.py b/scripts/artifacts/hichtUsers.py new file mode 100644 index 0000000..9fb93c3 --- /dev/null +++ b/scripts/artifacts/hichtUsers.py @@ -0,0 +1,88 @@ +__artifacts_v2__ = { + "OmegaChatUsers": { + "name": "Omega Chat Users", + "description": "Parses Omega Chat Users", + "author": "Heather Charpentier", + "category": "Omega Chat", + "notes": "", + "paths": ('*/hicht.json'), + "function": "get_OmegaChatUsers" + } +} + +import json +from datetime import timezone, datetime + +from scripts.artifact_report import ArtifactHtmlReport +from scripts.ilapfuncs import logfunc, timeline, tsv + +def get_OmegaChatUsers(files_found, report_folder, seeker, wrap_text, timezone_offset): + data_list = [] + + for file_found in files_found: + file_found = str(file_found) + + if file_found.endswith('hicht.json'): + with open(file_found, encoding='utf-8') as f: + data = f.read() + + data = json.loads(data) + + dictofusers = {} + + listofusers = data[2] + for user in listofusers: + userid = int(user) + userdata = data[userid] + indvid = userdata['id'] + del userdata['id'] + dictofusers[indvid] = userdata + + actno = int(userdata['mbx_uid']) + actno = data[actno] + + fname = int(userdata['first_name']) + fname = data[fname] + + bdate = int(userdata['birthday']) + bdate = data[bdate] + + lat = int(userdata['lat']) + lat = data[lat] + + lon = int(userdata['lon']) + lon = data[lon] + + cit = int(userdata['city']) + cit = data[cit] + + reg = int(userdata['region']) + reg = data[reg] + + nat = int(userdata['nation']) + nat = data[nat] + + gen = int(userdata['gender']) + gen = data[gen] + + age = userdata.get('age', 'Unknown') + + data_list.append((actno, fname, bdate, lat, lon, cit, reg, nat, gen, age)) + + if data_list: + description = 'Omega Chat Users' + report = ArtifactHtmlReport('Omega Chat Users') + report.start_artifact_report(report_folder, 'Omega Chat Users', description) + report.add_script() + data_headers = ('mbx_uid', 'first_name', 'birthday', 'lat', 'lon', 'city', 'region', 'nation', 'gender', 'age') + report.write_artifact_data_table(data_headers, data_list, file_found, html_escape=False) + report.end_artifact_report() + + tsvname = 'Omega Chat Users' + tsv(report_folder, data_headers, data_list, tsvname) + + tlactivity = 'Omega Chat Users' + + + +