Closed odinian closed 2 years ago
Oops, I installed construct Crypto
but even after installing Crypto, I get
Successfully installed Crypto-1.4.1 Naked-0.1.32 certifi-2022.9.24 charset-normalizer-2.1.1 idna-3.4 pyyaml-6.0 requests-2.28.1 shellescape-3.8.1 urllib3-1.26.12
WARNING: You are using pip version 20.2.3; however, version 22.3.1 is available.
You should consider upgrading via the '/Applications/Xcode.app/Contents/Developer/usr/bin/python3 -m pip install --upgrade pip' command.
allan OneDrive % python3 odl.py -o ~/Desktop/odl_output.csv ~/Desktop/testing
Traceback (most recent call last):
File "odl.py", line 52, in <module>
from Crypto.Cipher import AES
ModuleNotFoundError: No module named 'Crypto'
allan@ OneDrive % pip3 install Crypto
Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: Crypto in /Users/allan/Library/Python/3.8/lib/python/site-packages (1.4.1)
Requirement already satisfied: shellescape in /Users/allan/Library/Python/3.8/lib/python/site-packages (from Crypto) (3.8.1)
Requirement already satisfied: Naked in /Users/allan/Library/Python/3.8/lib/python/site-packages (from Crypto) (0.1.32)
Requirement already satisfied: requests in /Users/allan/Library/Python/3.8/lib/python/site-packages (from Naked->Crypto) (2.28.1)
Requirement already satisfied: pyyaml in /Users/allan/Library/Python/3.8/lib/python/site-packages (from Naked->Crypto) (6.0)
Requirement already satisfied: charset-normalizer<3,>=2 in /Users/allan/Library/Python/3.8/lib/python/site-packages (from requests->Naked->Crypto) (2.1.1)
Requirement already satisfied: idna<4,>=2.5 in /Users/allan/Library/Python/3.8/lib/python/site-packages (from requests->Naked->Crypto) (3.4)
Requirement already satisfied: urllib3<1.27,>=1.21.1 in /Users/allan/Library/Python/3.8/lib/python/site-packages (from requests->Naked->Crypto) (1.26.12)
Requirement already satisfied: certifi>=2017.4.17 in /Users/allan/Library/Python/3.8/lib/python/site-packages (from requests->Naked->Crypto) (2022.9.24)
Could this be a capitalization issue? I believe the module on disk is all lowercase
I also uninstalled Crypto and installed it with sudo. same error.
Hmm, try installing a virtual environment (venv).
On Sat, Nov 12, 2022, 2:30 AM odinian @.***> wrote:
Oops, I installed construct Crypto
but even after installing Crypto, I get
Successfully installed Crypto-1.4.1 Naked-0.1.32 certifi-2022.9.24 charset-normalizer-2.1.1 idna-3.4 pyyaml-6.0 requests-2.28.1 shellescape-3.8.1 urllib3-1.26.12 WARNING: You are using pip version 20.2.3; however, version 22.3.1 is available. You should consider upgrading via the '/Applications/Xcode.app/Contents/Developer/usr/bin/python3 -m pip install --upgrade pip' command. @.*** OneDrive % python3 odl.py -o ~/Desktop/odl_output.csv ~/Desktop/testing Traceback (most recent call last): File "odl.py", line 52, in
from Crypto.Cipher import AES ModuleNotFoundError: No module named 'Crypto' — Reply to this email directly, view it on GitHub https://github.com/ydkhatri/OneDrive/issues/3#issuecomment-1311826406, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADFCHUF5NAXTSXGHDK5QFHDWHZRAZANCNFSM6AAAAAAR5WJGMM . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Hmm, try installing a virtual environment (venv).
On macOS, you can do this as shown below.
% ls
LICENSE README.md odl.py
% python3 -m venv env
% cd env
% source bin/activate
env % pip install construct pycryptodome
Collecting construct
Downloading construct-2.10.68.tar.gz (57 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 57.9/57.9 KB 1.6 MB/s eta 0:00:00
Preparing metadata (setup.py) ... done
Collecting pycryptodome
Downloading pycryptodome-3.15.0-cp35-abi3-macosx_10_9_x86_64.whl (1.6 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.6/1.6 MB 5.8 MB/s eta 0:00:00
...snipped...
env % python3 ../odl.py -h
usage: odl.py [-h] [-o OUTPUT_PATH] [-s OBFUSCATIONSTRINGMAP_PATH] [-k] [-d] odl_folder
OneDrive Log (ODL) reader
positional arguments:
odl_folder Path to folder with .odl files
optional arguments:
-h, --help show this help message and exit
-o OUTPUT_PATH, --output_path OUTPUT_PATH
Output file name and path
-s OBFUSCATIONSTRINGMAP_PATH, --obfuscationstringmap_path OBFUSCATIONSTRINGMAP_PATH
Path to ObfuscationStringMap.txt (if not in odl_folder)
-k, --all_key_values For repeated keys in ObfuscationMap, get all values | delimited (off by default)
-d, --all_data Show all data (off by default)
(c) 2021 Yogesh Khatri, @swiftforensics
This script will read OneDrive sync logs. These logs are produced by OneDrive,
and are stored in a binary format having the extensions .odl .odlgz .oldsent .aold
Sometimes the ObfuscationMap stores old and new values of Keys. By default, only
the latest value is fetched. Use -k option to get all possible values (values will
be | delimited).
By default, irrelevant functions and/or those with empty parameters are not displayed.
This can be toggled with the -d option.
pip3 install construct pycryptodome
seemed to be the issue. Once I ran that, the script worked.
Hello, first off thanks for this code. On my Mac (BigSur, OneDrive for Business), the path to the logs file is ~/Library/Containers/com.microsoft.OneDrive-mac/Data/Library/Logs You might want to note that in the readme.
I copied the Logs/Business1 folder to the desktop and renamed it testing and ran python3 odl.py -o ~/Desktop/odl_output.csv ~/Desktop/testing
and I get this:
Any ideas?