From ed22650ce705c384f9216bce50f69594f2e00acd Mon Sep 17 00:00:00 2001
From: Fitrianhikma <fitrianurul8686@gmail.com>
Date: Mon, 2 Dec 2024 19:25:08 +0700
Subject: [PATCH 1/3] Add plugin ios_siminfo ke Plaso

---
 plaso/data/formatters/ios.yaml             |  19 ++++++
 plaso/data/timeliner.yaml                  |  26 ++++++++
 plaso/parsers/plist_plugins/__init__.py    |   3 +
 plaso/parsers/plist_plugins/ios_siminfo.py |  74 +++++++++++++++++++++
 test_data/com.apple.commcenter.data.plist  | Bin 0 -> 410 bytes
 tests/parsers/plist_plugins/ios_siminfo.py |  43 ++++++++++++
 6 files changed, 165 insertions(+)
 create mode 100644 plaso/parsers/plist_plugins/ios_siminfo.py
 create mode 100644 test_data/com.apple.commcenter.data.plist
 create mode 100644 tests/parsers/plist_plugins/ios_siminfo.py

diff --git a/plaso/data/formatters/ios.yaml b/plaso/data/formatters/ios.yaml
index bd3c3b005c..55c79bc25e 100644
--- a/plaso/data/formatters/ios.yaml
+++ b/plaso/data/formatters/ios.yaml
@@ -233,3 +233,22 @@ short_message:
 - 'Message: {text}'
 short_source: 'Twitter iOS'
 source: 'Twitter iOS Status'
+
+---
+#tambahan
+type: 'conditional'
+data_type: 'ios:sim:info'
+message:
+  - 'SIM MDN: {mdn}'
+  - 'SIM Type: {sim_type}'
+  - 'CB Ver: {cb_ver}'
+  - 'Label ID: {label_id}'
+  #- 'Timestamp: {timestamp}'
+short_message:
+  - 'SIM MDN: {mdn}'
+short_source: 'IOS'
+source: 'iOS SIM Info'
+
+
+
+
diff --git a/plaso/data/timeliner.yaml b/plaso/data/timeliner.yaml
index 1681f33d74..8a01c96a31 100644
--- a/plaso/data/timeliner.yaml
+++ b/plaso/data/timeliner.yaml
@@ -1795,3 +1795,29 @@ attribute_mappings:
 - name: 'recorded_time'
   description: 'Recorded Time'
 place_holder_event: true
+
+---
+
+# Konfigurasi untuk data type
+data_type: 'ios:sim:info'
+
+attribute_mappings:
+  - name: 'mdn'
+    description: 'Nomor Ponsel SIM'
+  - name: 'sim_type'
+    description: 'Jenis SIM (misalnya, SIM atau USIM)'
+  - name: 'cb_ver'
+    description: 'Versi CB SIM'
+  - name: 'label_id'
+    description: 'ID label untuk SIM'
+  - name: 'timestamp'
+    description: 'Timestamp SIM'
+
+place_holder_event: true
+
+
+
+
+
+
+
diff --git a/plaso/parsers/plist_plugins/__init__.py b/plaso/parsers/plist_plugins/__init__.py
index a3292555b6..7eef8b75a9 100644
--- a/plaso/parsers/plist_plugins/__init__.py
+++ b/plaso/parsers/plist_plugins/__init__.py
@@ -21,3 +21,6 @@
 from plaso.parsers.plist_plugins import spotlight_searched_terms
 from plaso.parsers.plist_plugins import spotlight_volume
 from plaso.parsers.plist_plugins import time_machine
+
+# Impor parser yang baru dibuat
+from plaso.parsers.plist_plugins import ios_siminfo
diff --git a/plaso/parsers/plist_plugins/ios_siminfo.py b/plaso/parsers/plist_plugins/ios_siminfo.py
new file mode 100644
index 0000000000..bd846f5857
--- /dev/null
+++ b/plaso/parsers/plist_plugins/ios_siminfo.py
@@ -0,0 +1,74 @@
+import logging
+from plaso.containers import events
+from plaso.parsers.plist_plugins import interface
+from plaso.parsers.plist import PlistParser
+from dfdatetime import posix_time as dfdatetime_posix_time
+
+# Setup logging
+logging.basicConfig(level=logging.DEBUG)
+
+
+class IOSSIMInfoEventData(events.EventData):
+    """Event data untuk iOS SIM Info."""
+    DATA_TYPE = 'ios:sim:info'
+
+    def __init__(self):
+        """Inisialisasi event data."""
+        super(IOSSIMInfoEventData, self).__init__(data_type=self.DATA_TYPE)
+        self.mdn = None
+        self.eap_aka = None
+        self.sim_type = None
+        self.cb_ver = None
+        self.label_id = None
+        self.timestamp = None
+
+
+class IOSSIMInfoPlugin(interface.PlistPlugin):
+    """Plugin untuk memproses iOS SIM Info plist."""
+    NAME = 'ios_siminfo'
+    DATA_FORMAT = 'iOS SIM Info plist file'
+
+    PLIST_PATH_FILTERS = frozenset([
+        interface.PlistPathFilter('com.apple.commcenter.data.plist')
+    ])
+    PLIST_KEYS = frozenset(['PersonalWallet'])
+
+    def _ParsePlist(self, parser_mediator, match=None, **unused_kwargs):
+        """Memproses file plist."""
+        personal_wallet = match.get('PersonalWallet', {})
+
+        if not personal_wallet:
+            logging.warning('PersonalWallet kosong atau tidak ditemukan di match.')
+            return
+
+        for sim_id, sim_data in personal_wallet.items():
+            info = sim_data.get('info', {})
+            if not info:
+                logging.warning(f'Tidak ada info untuk SIM ID: {sim_id}')
+                continue
+
+            event_data = IOSSIMInfoEventData()
+            event_data.mdn = info.get('mdn')
+            event_data.eap_aka = info.get('eap_aka')
+            event_data.sim_type = info.get('type')
+            event_data.cb_ver = info.get('cb_ver')
+            event_data.label_id = info.get('label-id')
+            event_data.timestamp = dfdatetime_posix_time.PosixTime(
+                timestamp=info.get('ts', 0)
+            )
+
+            # Debugging untuk memastikan data diproduksi
+            logging.debug(
+                f'Memproduksi event data: MDN={event_data.mdn}, '
+                f'SIM Type={event_data.sim_type}, CB Ver={event_data.cb_ver}'
+            )
+
+            # Pastikan data penting ada sebelum menghasilkan event
+            if event_data.mdn:
+                parser_mediator.ProduceEventData(event_data)
+            else:
+                logging.warning(f'MDN tidak ditemukan untuk SIM ID: {sim_id}')
+
+
+# Registrasi plugin
+PlistParser.RegisterPlugin(IOSSIMInfoPlugin)
diff --git a/test_data/com.apple.commcenter.data.plist b/test_data/com.apple.commcenter.data.plist
new file mode 100644
index 0000000000000000000000000000000000000000..df593ebe14a29157883d3709eeda485de9ed9c19
GIT binary patch
literal 410
zcmYc)$jK}&F)+Bo$i&RT%Fe+bFCY+*T2!2$mza}TQW>0+Us4=aP##~FS`;rJR+^Vt
zSemL^oSCbelbDp6qgz~(Uz8dL(-5ARlapGqkS$(7*uv7l(8$cd(%jI{#KO$n%*@hQ
zfaxM9SG<6VtA&%9frXKauA8x?p{|LUvy-l+xrKqQfuoy=nW?dfi-o1zC2k&GzL1jC
zijts`;sBu()1sV<0)p7hy(lCcl9`v5e@%o(R7_k#Qc7AzRxUU<B`-WRu^>J%J29lB
zvLH1qISJ&62#C8gQ)09YEe$PA%`HvL%uR$+QjWjl3<mlu#Kcn1fJjF&a4-lms4!?V
zxG)4Wgfe6^<T4a6OlO$Gu#jO1!%~J-3~Lz<GaO?$&2WR^4#N|Mmkb{meloH#ax?NU
V3NVT?fB_RDgl3S3(ol-g1^^=lX&?Xq

literal 0
HcmV?d00001

diff --git a/tests/parsers/plist_plugins/ios_siminfo.py b/tests/parsers/plist_plugins/ios_siminfo.py
new file mode 100644
index 0000000000..f605acd051
--- /dev/null
+++ b/tests/parsers/plist_plugins/ios_siminfo.py
@@ -0,0 +1,43 @@
+import unittest
+from plaso.parsers.plist_plugins import ios_siminfo
+from tests.parsers.plist_plugins import test_lib
+
+
+class IOSSIMInfoPluginTest(test_lib.PlistPluginTestCase):
+    """Test untuk plugin iOS SIM Info."""
+
+    def testProcess(self):
+        """Menguji proses parsing plist menggunakan plugin iOS SIM Info."""
+        # Nama file plist yang akan diuji
+        plist_name = 'com.apple.commcenter.data.plist'
+
+        # Membuat instance dari plugin
+        plugin = ios_siminfo.IOSSIMInfoPlugin()
+
+        # Memproses file plist dengan plugin
+        storage_writer = self._ParsePlistFileWithPlugin(plugin, [plist_name], plist_name)
+
+        # Mengambil jumlah event_data yang diproses
+        number_of_event_data = storage_writer.GetNumberOfAttributeContainers('event_data')
+
+        # Memastikan jumlah event_data yang diproses sesuai
+        self.assertEqual(number_of_event_data, 1)
+
+        # Mengambil daftar event_data
+        events = list(storage_writer.GetAttributeContainers('event_data'))
+
+        # Memastikan bahwa data di event pertama sesuai dengan yang diharapkan
+        event = events[0]
+        self.assertEqual(event.mdn, '+19195794674')
+        self.assertEqual(event.eap_aka, True)
+        self.assertEqual(event.sim_type, 'sim')
+        self.assertEqual(event.cb_ver, '49.0')
+        self.assertEqual(event.label_id, 'E8B6082D-F391-46CB-9780-0AF46534D89F')
+        self.assertEqual(event.timestamp.timestamp, 1684326382)
+
+        # Memastikan timestamp diubah ke format yang benar
+        self.assertEqual(event.timestamp.CopyToDateTimeString(), '2023-05-17 12:26:22')
+
+
+if __name__ == '__main__':
+    unittest.main()

From 9c49882862e14b7c98e72c2bbf043ee78ee1bc03 Mon Sep 17 00:00:00 2001
From: Fitrianhikma <fitrianurul8686@gmail.com>
Date: Thu, 5 Dec 2024 14:14:11 +0700
Subject: [PATCH 2/3] Fix unnecessary white space in timeliner.yaml and
 ios.yaml

---
 plaso/data/formatters/ios.yaml | 10 ++--------
 plaso/data/timeliner.yaml      | 15 ++-------------
 2 files changed, 4 insertions(+), 21 deletions(-)

diff --git a/plaso/data/formatters/ios.yaml b/plaso/data/formatters/ios.yaml
index 55c79bc25e..f8e4a7537a 100644
--- a/plaso/data/formatters/ios.yaml
+++ b/plaso/data/formatters/ios.yaml
@@ -233,9 +233,8 @@ short_message:
 - 'Message: {text}'
 short_source: 'Twitter iOS'
 source: 'Twitter iOS Status'
-
 ---
-#tambahan
+#ios_siminfo
 type: 'conditional'
 data_type: 'ios:sim:info'
 message:
@@ -243,12 +242,7 @@ message:
   - 'SIM Type: {sim_type}'
   - 'CB Ver: {cb_ver}'
   - 'Label ID: {label_id}'
-  #- 'Timestamp: {timestamp}'
 short_message:
   - 'SIM MDN: {mdn}'
 short_source: 'IOS'
-source: 'iOS SIM Info'
-
-
-
-
+source: 'iOS SIM Info'
\ No newline at end of file
diff --git a/plaso/data/timeliner.yaml b/plaso/data/timeliner.yaml
index 8a01c96a31..70e87d531e 100644
--- a/plaso/data/timeliner.yaml
+++ b/plaso/data/timeliner.yaml
@@ -1795,12 +1795,9 @@ attribute_mappings:
 - name: 'recorded_time'
   description: 'Recorded Time'
 place_holder_event: true
-
 ---
-
-# Konfigurasi untuk data type
+#Configuration for data type
 data_type: 'ios:sim:info'
-
 attribute_mappings:
   - name: 'mdn'
     description: 'Nomor Ponsel SIM'
@@ -1812,12 +1809,4 @@ attribute_mappings:
     description: 'ID label untuk SIM'
   - name: 'timestamp'
     description: 'Timestamp SIM'
-
-place_holder_event: true
-
-
-
-
-
-
-
+place_holder_event: true
\ No newline at end of file

From 0a6db3b53501d6c5ffd28798318fe5935005fab3 Mon Sep 17 00:00:00 2001
From: Fitrianhikma <fitrianurul8686@gmail.com>
Date: Thu, 5 Dec 2024 14:21:39 +0700
Subject: [PATCH 3/3] Fix unnecessary white space 2 in timeliner.yaml and
 ios.yaml

---
 plaso/data/formatters/ios.yaml | 3 ++-
 plaso/data/timeliner.yaml      | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/plaso/data/formatters/ios.yaml b/plaso/data/formatters/ios.yaml
index f8e4a7537a..f059ac0e90 100644
--- a/plaso/data/formatters/ios.yaml
+++ b/plaso/data/formatters/ios.yaml
@@ -245,4 +245,5 @@ message:
 short_message:
   - 'SIM MDN: {mdn}'
 short_source: 'IOS'
-source: 'iOS SIM Info'
\ No newline at end of file
+source: 'iOS SIM Info'
+---
\ No newline at end of file
diff --git a/plaso/data/timeliner.yaml b/plaso/data/timeliner.yaml
index 70e87d531e..f75a83c7a5 100644
--- a/plaso/data/timeliner.yaml
+++ b/plaso/data/timeliner.yaml
@@ -1809,4 +1809,5 @@ attribute_mappings:
     description: 'ID label untuk SIM'
   - name: 'timestamp'
     description: 'Timestamp SIM'
-place_holder_event: true
\ No newline at end of file
+place_holder_event: true
+---
\ No newline at end of file