search

sepinf-inc / IPED

IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
Other
884 stars 209 forks source link

Support new Telegram version for android #2184

Closed hauck-jvsh closed 2 months ago

hauck-jvsh commented 2 months ago

Telegram may have changed the database scheme as two users reported that the database is present but is not being decoded by IPED.

lfcnassif commented 2 months ago

Another Telegram DB schema change, here we go...

hauck-jvsh commented 2 months ago

One user sent the db and of course it wasn't being decoded because of a new version. I just update the decode and the database can be parsed. if you have time please check https://github.com/sepinf-inc/telegram-decoder/pull/3. I didn't remember well where I have to change in the iped project to get the new plugin version.

lfcnassif commented 2 months ago

Thanks @hauck-jvsh! I'll run a regression test on old DBs to check if it is fine. I would also appreciate if you can send the new DB to me for inclusion into the regression data set.

lfcnassif commented 2 months ago

Hi @hauck-jvsh. The build for the new telegram plugin version 1.0.11 is failing:

[INFO] -------------------------------------------------------------
[ERROR] COMPILATION ERROR :
[INFO] -------------------------------------------------------------
[ERROR] /E:/git/telegram-decoder/telegram-decoder-impl/src/main/java/org/telegram/tgnet/tl/TL_stories.java:[8,32] cannot find symbol
  symbol:   class TL_statsPercentValue
  location: class org.telegram.tgnet.TLRPC
[ERROR] /E:/git/telegram-decoder/telegram-decoder-impl/src/main/java/org/telegram/tgnet/tl/TL_stories.java:[1421,16] cannot find symbol
  symbol:   class TL_statsPercentValue
  location: class org.telegram.tgnet.tl.TL_stories.TL_premium_boostsStatus
[ERROR] /E:/git/telegram-decoder/telegram-decoder-impl/src/main/java/org/telegram/tgnet/tl/TL_stories.java:[1452,36] cannot find symbol
  symbol:   variable TL_statsPercentValue
  location: class org.telegram.tgnet.tl.TL_stories.TL_premium_boostsStatus
[INFO] 3 errors
[INFO] -------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for telegram-decoder 1.0.11:
[INFO]
[INFO] telegram-decoder ................................... SUCCESS [  0.315 s]
[INFO] telegram-decoder-api ............................... SUCCESS [  1.200 s]
[INFO] telegram-decoder-impl .............................. FAILURE [  2.813 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE

Seems some classes are missing... Could you take a look?

lfcnassif commented 2 months ago

Just reverted your merged PR on telegram-decoder project main branch until the build is fixed.

hauck-jvsh commented 2 months ago

Strangely it was building in my project, but when I make a clean build it stops. I fix it now, I think that now it is correct.

lfcnassif commented 2 months ago

Thanks @hauck-jvsh. I had a hard time struggling with jitpack.io and the telegram-decoder project pom.xml files, seems ok now, I just started the regression test, should have results later today or tomorrow.

lfcnassif commented 2 months ago

Comparison to 4.1.6 is fine, no exceptions, more chats, many more messages and more search hits for common words. But I should have compared to master, it was already decoding more info than 4.1.6. Just started the processing of all 108 android DBs with master and I should have results tomorrow.

lfcnassif commented 2 months ago

Results look fine on the 108 sample android DBs comparing to master: no exceptions, same number of chats and messages, but we got more contacts and more search hits for common words as expected, since senders and message bodies from the new Telegram version were being returned as unknown.