From a6747f9879ea3f1e617b8b33c65a3abca7188578 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Mon, 21 Oct 2024 07:40:58 +0200 Subject: [PATCH 1/4] fix: [main] fix ios_version fetching --- src/sysdiagnose/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sysdiagnose/__init__.py b/src/sysdiagnose/__init__.py index fae3cda..a996203 100644 --- a/src/sysdiagnose/__init__.py +++ b/src/sysdiagnose/__init__.py @@ -145,7 +145,7 @@ def create_case(self, sysdiagnose_file: str, force: bool = False, case_id: bool try: case['serial_number'] = remotectl_dumpstate_json['Local device']['Properties']['SerialNumber'] case['unique_device_id'] = remotectl_dumpstate_json['Local device']['Properties']['UniqueDeviceID'] - case['version'] = remotectl_dumpstate_json['Local device']['Properties']['OSVersion'] + case['ios_version'] = remotectl_dumpstate_json['Local device']['Properties']['OSVersion'] except (KeyError, TypeError) as e: print(f"WARNING: Could not parse remotectl_dumpstate, and therefore extract serial numbers. Error {e}") From da1d6c185f43ec5e386afdcfd41dbaaaf58faf87 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Mon, 21 Oct 2024 08:05:24 +0200 Subject: [PATCH 2/4] new: [powerlogs, accessibility_tcc] use apollo for db conversion --- src/sysdiagnose/parsers/accessibility_tcc.py | 27 +-- src/sysdiagnose/parsers/powerlogs.py | 29 +--- src/sysdiagnose/utils/apollo.py | 170 +++++++++++++++++++ tests/test_parsers_accessibility_tcc.py | 3 +- tests/test_parsers_powerlogs.py | 8 +- 5 files changed, 183 insertions(+), 54 deletions(-) create mode 100644 src/sysdiagnose/utils/apollo.py diff --git a/src/sysdiagnose/parsers/accessibility_tcc.py b/src/sysdiagnose/parsers/accessibility_tcc.py index 885e664..832cd87 100644 --- a/src/sysdiagnose/parsers/accessibility_tcc.py +++ b/src/sysdiagnose/parsers/accessibility_tcc.py @@ -4,12 +4,10 @@ # Script to print from Accessibility TCC logs # Author: david@autopsit.org -from sysdiagnose.utils import sqlite2json import glob import os -import sysdiagnose.utils.misc as misc from sysdiagnose.utils.base import BaseParserInterface -from datetime import datetime, timezone +from sysdiagnose.utils.apollo import Apollo class AccessibilityTccParser(BaseParserInterface): @@ -33,26 +31,9 @@ def execute(self) -> list | dict: # only one file to parse try: result = [] - skipped = set() - json_db = misc.json_serializable(sqlite2json.sqlite2struct(self.get_log_files()[0])) - for key, values in json_db.items(): - if 'sqlite_sequence' in key: - continue - for value in values: - if 'last_modified' not in value: - skipped.add(key) - continue - - try: - timestamp = datetime.fromtimestamp(value['last_modified'], tz=timezone.utc) - value['db_table'] = key - value['datetime'] = timestamp.isoformat(timespec='microseconds') - value['timestamp'] = timestamp.timestamp() - result.append(value) - except TypeError: - # skip "None" values and such - pass - + apollo = Apollo(os_version='yolo') # FIXME get right OS version, but also update the Apollo modules to be aware of the latest OS versions + for logfile in self.get_log_files(): + result.extend(apollo.parse_db(db_fname=logfile, db_type='TCC.db')) return result except IndexError: diff --git a/src/sysdiagnose/parsers/powerlogs.py b/src/sysdiagnose/parsers/powerlogs.py index 28bccce..6d97a09 100644 --- a/src/sysdiagnose/parsers/powerlogs.py +++ b/src/sysdiagnose/parsers/powerlogs.py @@ -4,11 +4,10 @@ # Script to print from powerlogs (last 3 days of logs) # Author: david@autopsit.org -from sysdiagnose.utils import sqlite2json import glob import os from sysdiagnose.utils.base import BaseParserInterface -from datetime import datetime, timezone +from sysdiagnose.utils.apollo import Apollo class PowerLogsParser(BaseParserInterface): @@ -35,30 +34,8 @@ def get_log_files(self) -> list: def execute(self) -> list: result = [] - skipped = set() + apollo = Apollo(os_version='yolo') # FIXME get right OS version, but also update the Apollo modules to be aware of the latest OS versions for logfile in self.get_log_files(): - db_json = PowerLogsParser.parse_file_to_json(logfile) - for key, values in db_json.items(): - if 'sqlite_sequence' in key: - continue - for value in values: - if 'timestamp' not in value: - skipped.add(key) - continue + result.extend(apollo.parse_db(db_fname=logfile, db_type='CurrentPowerlog.PLSQL')) - try: - timestamp = datetime.fromtimestamp(value['timestamp'], tz=timezone.utc) - value['db_table'] = key - value['datetime'] = timestamp.isoformat(timespec='microseconds') - value['timestamp'] = timestamp.timestamp() - result.append(value) - except TypeError: - # skip "None" values and such - pass - - print("Skipped the following tables as there are not timestamps:") - [print(f" {table}") for table in skipped] return result - - def parse_file_to_json(path: str) -> dict: - return sqlite2json.sqlite2struct(path) diff --git a/src/sysdiagnose/utils/apollo.py b/src/sysdiagnose/utils/apollo.py new file mode 100644 index 0000000..116b8fb --- /dev/null +++ b/src/sysdiagnose/utils/apollo.py @@ -0,0 +1,170 @@ +''' +-------------------------------------------------------------------------------- + Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, + @iamevltwin, mac4n6.com). All rights reserved. + + Modified by Christophe Vandeplas - 2024 + + This software is provided "as is," without warranty of any kind, + express or implied. In no event shall the author or contributors + be held liable for any damages arising in any way from the use of + this software. + + The contents of this file are DUAL-LICENSED. You may modify and/or + redistribute this software according to the terms of one of the + following two licenses (at your option): + + LICENSE 1 ("BSD-like with acknowledgment clause"): + + Permission is granted to anyone to use this software for any purpose, + including commercial applications, and to alter it and redistribute + it freely, subject to the following restrictions: + + 1. Redistributions of source code must retain the above copyright + notice, disclaimer, and this list of conditions. + 2. Redistributions in binary form must reproduce the above copyright + notice, disclaimer, and this list of conditions in the documenta- + tion and/or other materials provided with the distribution. + 3. All advertising, training, and documentation materials mentioning + features or use of this software must display the following + acknowledgment. Character-limited social media may abbreviate this + acknowledgment to include author and APOLLO name ie: "This new + feature brought to you by @iamevltwin's APOLLO". Please make an + effort credit the appropriate authors on specific APOLLO modules. + The spirit of this clause is to give public acknowledgment to + researchers where credit is due. + + This product includes software developed by Sarah Edwards + (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other + contributors as part of APOLLO (Apple Pattern of Life Lazy + Output'er). + + + LICENSE 2 (GNU GPL v3 or later): + + This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + + APOLLO is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + APOLLO is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with APOLLO. If not, see . +-------------------------------------------------------------------------------- +''' +import sqlite3 +import os +import configparser +import re +from datetime import datetime, timezone +import glob + +default_mod_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'apollo_modules') + + +class Apollo(): + def __init__(self, mod_dir: str = default_mod_dir, os_version: str = 'yolo'): + """ + Initialize the Apollo class for parsing databases + + Args: + mod_dir (str): The directory where the module definitions are stored + os_version (str): The version of the OS for which to parse the modules. 'yolo' means all versions. + """ + self.os_version = os_version + self.mod_dir = mod_dir + + self.supported_database_names = set() + self.mod_info = {} + self.modules: dict[list[dict]] = {} # dict: db_type -> list of modules + self.parse_module_definition(mod_dir=self.mod_dir, os_version=self.os_version) + + def parse_module_definition(self, mod_dir, os_version): + # Parse all module data and build our own list + mod_files = glob.glob(os.path.join(mod_dir, '*.txt')) + for mod_file in mod_files: + parser = configparser.ConfigParser() + parser.read(mod_file) + + query_name = parser['Query Metadata']['QUERY_NAME'] + activity = parser['Query Metadata']['ACTIVITY'] + key_timestamp = parser['Query Metadata']['KEY_TIMESTAMP'] + databases = parser['Database Metadata']['DATABASE'] + database_name = databases.split(',') + + for db in database_name: + # old code + self.supported_database_names.add(db) # keep track of supported databases + + for section in parser.sections(): + if 'SQL Query' not in section: + continue + if os_version == 'yolo' or os_version in re.split('[ ,]', section): + sql_query = parser.items(section, 'QUERY')[0][1] + if db not in self.modules: + self.modules[db] = [] + self.modules[db].append({ + 'name': query_name, + 'db': db, + 'activity': activity, + 'key_timestamp': key_timestamp, + 'sql': sql_query + }) + + def parse_db(self, db_fname: str, db_type: str = None) -> list: + results = [] + if not db_type: + db_type = os.path.basename(db_fname) + + try: + module_queries = self.modules[db_type] + except KeyError: + print(f"No modules with queries for {db_type}.") + return results + + # establish db connection + conn = sqlite3.connect(db_fname) + with conn: + conn.row_factory = sqlite3.Row + cur = conn.cursor() + + # now do all the queries for this db + for module_query in module_queries: + try: + cur.execute(module_query['sql']) + rows = cur.fetchall() + except Exception: + print(f"ERROR: Cannot fetch query contents for {module_query['name']}.") + continue + + if not rows: + print(f"No Records Found for {module_query['name']}.") + continue + + headers = [] + for x in cur.description: + headers.append(x[0].lower()) + + key_timestamp = module_query['key_timestamp'].lower() + for row in rows: + item = dict(list(zip(headers, row))) + try: + timestamp = datetime.fromisoformat(item[key_timestamp]) + timestamp = timestamp.replace(tzinfo=timezone.utc) + item['timestamp'] = timestamp.timestamp() + item['datetime'] = timestamp.isoformat(timespec='microseconds') + item['module_name'] = module_query['name'] + item['module_activity'] = module_query['activity'] + results.append(item) + except TypeError: + # problem with timestamp parsing + print(f"WARNING: Problem with timestamp parsing for table {db_fname}, row {list(row)}") + + print("Executing module on: " + db_fname) + return results diff --git a/tests/test_parsers_accessibility_tcc.py b/tests/test_parsers_accessibility_tcc.py index 417c9d8..1b1fb25 100644 --- a/tests/test_parsers_accessibility_tcc.py +++ b/tests/test_parsers_accessibility_tcc.py @@ -17,8 +17,9 @@ def test_get_accessibility_tcc(self): result = p.get_result() for item in result: - self.assertTrue('db_table' in item) + self.assertTrue('module_name' in item) self.assertTrue('datetime' in item) + self.assertTrue('timestamp' in item) if __name__ == '__main__': diff --git a/tests/test_parsers_powerlogs.py b/tests/test_parsers_powerlogs.py index 35dab38..e3adebf 100644 --- a/tests/test_parsers_powerlogs.py +++ b/tests/test_parsers_powerlogs.py @@ -17,10 +17,10 @@ def test_get_powerlogs(self): result = p.get_result() if result: # some files are empty - for log in result: - self.assertTrue('db_table' in log) - self.assertTrue('datetime' in log) - self.assertTrue('timestamp' in log) + for item in result: + self.assertTrue('module_name' in item) + self.assertTrue('datetime' in item) + self.assertTrue('timestamp' in item) if __name__ == '__main__': From ee4407c1d682182234b4a25f18d055696ae9341d Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Mon, 21 Oct 2024 08:07:51 +0200 Subject: [PATCH 3/4] new: [apollo] initial modules from official repo --- .../aggregate_dictionary_distributed_keys.txt | 85 ++++++ .../aggregate_dictionary_scalars.txt | 80 +++++ .../utils/apollo_modules/call_history.txt | 118 ++++++++ .../coreduetd_device_airplane_state.txt | 83 ++++++ .../coreduetd_device_lock_state.txt | 83 ++++++ .../coreduetdclassd_device_plugin_state.txt | 82 +++++ .../apollo_modules/datausage_zliveusage.txt | 87 ++++++ .../apollo_modules/datausage_zprocess.txt | 81 +++++ .../utils/apollo_modules/dock_launchpad.txt | 85 ++++++ .../utils/apollo_modules/health_distance.txt | 91 ++++++ .../health_ecg_average_heart_rate.txt | 92 ++++++ .../utils/apollo_modules/health_flights.txt | 87 ++++++ .../apollo_modules/health_heart_rate.txt | 90 ++++++ .../utils/apollo_modules/health_steps.txt | 87 ++++++ .../utils/apollo_modules/health_stood_up.txt | 87 ++++++ .../utils/apollo_modules/health_weight.txt | 85 ++++++ .../apollo_modules/health_workout_cadence.txt | 114 +++++++ .../health_workout_elevation.txt | 165 ++++++++++ .../apollo_modules/health_workout_general.txt | 162 ++++++++++ .../health_workout_humidity.txt | 164 ++++++++++ .../apollo_modules/health_workout_indoor.txt | 151 ++++++++++ .../health_workout_location_latitude.txt | 154 ++++++++++ .../health_workout_location_longitude.txt | 154 ++++++++++ .../health_workout_max_ground_elevation.txt | 115 +++++++ .../apollo_modules/health_workout_mets.txt | 114 +++++++ .../health_workout_min_ground_elevation.txt | 115 +++++++ .../health_workout_temperature.txt | 154 ++++++++++ .../health_workout_timeofday.txt | 160 ++++++++++ .../health_workout_timezone.txt | 154 ++++++++++ .../apollo_modules/health_workout_weather.txt | 176 +++++++++++ .../interaction_contact_interactions.txt | 267 +++++++++++++++++ ...eraction_contact_interactions_keywords.txt | 97 ++++++ .../knowledge_activity_level.txt | 103 +++++++ .../knowledge_activity_level_feedback.txt | 99 ++++++ .../knowledge_airplay_prediction.txt | 102 +++++++ .../apollo_modules/knowledge_app_activity.txt | 151 ++++++++++ .../knowledge_app_activity_calendar.txt | 150 ++++++++++ .../knowledge_app_activity_clock.txt | 146 +++++++++ .../knowledge_app_activity_mail.txt | 144 +++++++++ .../knowledge_app_activity_maps.txt | 144 +++++++++ .../knowledge_app_activity_notes.txt | 147 +++++++++ .../knowledge_app_activity_passbook.txt | 149 +++++++++ .../knowledge_app_activity_photos.txt | 145 +++++++++ .../knowledge_app_activity_safari.txt | 150 ++++++++++ .../knowledge_app_activity_weather.txt | 148 +++++++++ .../apollo_modules/knowledge_app_inFocus.txt | 105 +++++++ .../apollo_modules/knowledge_app_install.txt | 105 +++++++ .../apollo_modules/knowledge_app_intents.txt | 160 ++++++++++ .../knowledge_app_location_activity.txt | 180 +++++++++++ .../knowledge_app_media_usage.txt | 101 +++++++ .../knowledge_app_relevantshortcuts.txt | 108 +++++++ .../apollo_modules/knowledge_app_usage.txt | 110 +++++++ .../apollo_modules/knowledge_app_webusage.txt | 113 +++++++ .../knowledge_audio_bluetooth_connected.txt | 111 +++++++ .../knowledge_audio_input_route.txt | 106 +++++++ .../knowledge_audio_media_nowplaying.txt | 156 ++++++++++ .../knowledge_audio_output_route.txt | 106 +++++++ .../knowledge_calendar_event_title.txt | 102 +++++++ ...edge_charging_smart_top_off_engagement.txt | 93 ++++++ ...ledge_charging_smart_topoff_checkpoint.txt | 109 +++++++ .../knowledge_dasd_activity_profile.txt | 107 +++++++ .../knowledge_dasd_battery_temperature.txt | 106 +++++++ .../knowledge_dasd_control_effort.txt | 92 ++++++ .../knowledge_device_battery_saver.txt | 104 +++++++ .../knowledge_device_batterylevel.txt | 136 +++++++++ .../knowledge_device_carplay_connected.txt | 106 +++++++ .../knowledge_device_inferred_motion.txt | 103 +++++++ .../knowledge_device_is_backlit.txt | 107 +++++++ .../knowledge_device_keybag_locked.txt | 103 +++++++ .../knowledge_device_locked.txt | 106 +++++++ .../knowledge_device_locked_imputed.txt | 102 +++++++ .../knowledge_device_low_power_mode.txt | 102 +++++++ .../knowledge_device_orientation.txt | 107 +++++++ .../knowledge_device_pluggedin.txt | 142 +++++++++ .../knowledge_device_watch_nearby.txt | 106 +++++++ .../knowledge_discoverability_signals.txt | 104 +++++++ .../knowledge_discoverability_usage.txt | 110 +++++++ .../knowledge_disk_subsystem_access.txt | 104 +++++++ .../knowledge_event_tombstone.txt | 104 +++++++ .../knowledge_family_prediction.txt | 97 ++++++ ...knowledge_inferred_microlocation_visit.txt | 105 +++++++ ...owledge_knowledge_sync_addition_window.txt | 105 +++++++ .../knowledge_notification_usage.txt | 104 +++++++ .../knowledge_paired_device_nearby.txt | 103 +++++++ .../knowledge_photos_deletes_all.txt | 105 +++++++ .../knowledge_photos_deletes_recent.txt | 105 +++++++ .../knowledge_photos_edit_all.txt | 105 +++++++ .../knowledge_photos_engagement.txt | 106 +++++++ .../knowledge_photos_favorites_other.txt | 99 ++++++ .../knowledge_photos_share_airdrop.txt | 105 +++++++ .../knowledge_photos_share_all.txt | 106 +++++++ .../knowledge_photos_share_extension.txt | 105 +++++++ .../knowledge_portrait_entity.txt | 162 ++++++++++ .../knowledge_portrait_topic.txt | 159 ++++++++++ .../knowledge_safari_browsing.txt | 107 +++++++ .../knowledge_segment_monitor.txt | 101 +++++++ .../knowledge_settings_doNotDisturb.txt | 103 +++++++ .../knowledge_sharesheet_feedback.txt | 114 +++++++ .../utils/apollo_modules/knowledge_siri.txt | 106 +++++++ .../knowledge_siri_activites.txt | 100 +++++++ .../knowledge_siri_flow_activity.txt | 100 +++++++ .../apollo_modules/knowledge_siri_service.txt | 98 ++++++ .../knowledge_spotlight_viewer_event.txt | 101 +++++++ .../knowledge_standby_timer.txt | 103 +++++++ .../knowledge_sync_addition_window.txt | 104 +++++++ .../knowledge_sync_deletion_bookmark.txt | 104 +++++++ .../knowledge_system_airplane_mode.txt | 102 +++++++ .../apollo_modules/knowledge_system_tlc.txt | 95 ++++++ .../knowledge_system_userwakingevent.txt | 100 +++++++ ...edge_user_first_backlight_after_wakeup.txt | 102 +++++++ ...owledge_user_interaction_app_directory.txt | 98 ++++++ .../knowledge_widget_refresh.txt | 104 +++++++ .../apollo_modules/knowledge_widget_view.txt | 104 +++++++ .../knowledge_widgets_viewed.txt | 103 +++++++ .../knowledge_wifi_connection.txt | 96 ++++++ .../locationd_cacheencryptedAB_appharvest.txt | 92 ++++++ ...iond_cacheencryptedAB_cdmacelllocation.txt | 94 ++++++ ...cheencryptedAB_cdmacelllocationharvest.txt | 194 ++++++++++++ ...ocationd_cacheencryptedAB_celllocation.txt | 92 ++++++ ...d_cacheencryptedAB_celllocationharvest.txt | 161 ++++++++++ ...ond_cacheencryptedAB_celllocationlocal.txt | 92 ++++++ ...cacheencryptedAB_indoorlocationharvest.txt | 101 +++++++ ...tiond_cacheencryptedAB_locationharvest.txt | 138 +++++++++ ...tiond_cacheencryptedAB_ltecelllocation.txt | 91 ++++++ ...acheencryptedAB_ltecelllocationharvest.txt | 131 ++++++++ ..._cacheencryptedAB_ltecelllocationlocal.txt | 91 ++++++ ...locationd_cacheencryptedAB_passharvest.txt | 89 ++++++ ...nd_cacheencryptedAB_poiharvestlocation.txt | 87 ++++++ ...cheencryptedAB_pressurelocationharvest.txt | 87 ++++++ ...ond_cacheencryptedAB_scdmacelllocation.txt | 92 ++++++ ...ocationd_cacheencryptedAB_wifilocation.txt | 90 ++++++ ...d_cacheencryptedAB_wifilocationharvest.txt | 138 +++++++++ ...nd_cacheencryptedAB_wtwlocationharvest.txt | 138 +++++++++ ...ond_cacheencryptedC_motionstatehistory.txt | 104 +++++++ ...cationd_cacheencryptedC_nataliehistory.txt | 98 ++++++ ...tiond_cacheencryptedC_stepcounthistory.txt | 117 ++++++++ .../netusage_zliverouteperf.txt | 124 ++++++++ .../apollo_modules/netusage_zliveusage.txt | 109 +++++++ .../apollo_modules/netusage_zprocess.txt | 81 +++++ .../utils/apollo_modules/notifications_db.txt | 106 +++++++ .../passes23_unique_passes_cards.txt | 86 ++++++ .../apollo_modules/passes23_wallet_passes.txt | 93 ++++++ .../passes23_wallet_transactions.txt | 101 +++++++ .../powerlog_accessory_connection.txt | 116 +++++++ .../powerlog_activity_states.txt | 110 +++++++ .../utils/apollo_modules/powerlog_airdrop.txt | 118 ++++++++ .../apollo_modules/powerlog_app_audio.txt | 87 ++++++ .../apollo_modules/powerlog_app_deletion.txt | 118 ++++++++ .../apollo_modules/powerlog_app_frontmost.txt | 113 +++++++ .../apollo_modules/powerlog_app_info.txt | 120 ++++++++ .../powerlog_app_info_macos.txt | 140 +++++++++ .../apollo_modules/powerlog_app_lifecycle.txt | 119 ++++++++ .../powerlog_app_nowplaying.txt | 113 +++++++ .../apollo_modules/powerlog_app_usage.txt | 172 +++++++++++ .../powerlog_app_usage_by_hour.txt | 134 +++++++++ .../apollo_modules/powerlog_assertion.txt | 122 ++++++++ .../apollo_modules/powerlog_audio_routing.txt | 126 ++++++++ .../apollo_modules/powerlog_audio_volume.txt | 125 ++++++++ .../apollo_modules/powerlog_awdl_states.txt | 107 +++++++ .../powerlog_backcamera_state.txt | 115 +++++++ .../powerlog_backlight_brightness.txt | 108 +++++++ .../apollo_modules/powerlog_battery_level.txt | 116 +++++++ .../powerlog_battery_level_ui.txt | 107 +++++++ .../powerlog_bluetooth_device_state.txt | 129 ++++++++ .../apollo_modules/powerlog_button_state.txt | 81 +++++ .../apollo_modules/powerlog_camera_state.txt | 166 +++++++++++ .../powerlog_clamshell_state.txt | 110 +++++++ .../powerlog_coalition_interval.txt | 137 +++++++++ .../powerlog_device_lock_state.txt | 111 +++++++ .../apollo_modules/powerlog_device_screen.txt | 108 +++++++ .../powerlog_device_screen_autolock.txt | 107 +++++++ .../apollo_modules/powerlog_device_state.txt | 131 ++++++++ .../powerlog_device_telephony_activity.txt | 89 ++++++ ...powerlog_device_telephony_registration.txt | 129 ++++++++ .../apollo_modules/powerlog_device_volume.txt | 114 +++++++ .../utils/apollo_modules/powerlog_display.txt | 110 +++++++ .../powerlog_display_brightness.txt | 108 +++++++ .../powerlog_frontcamera_state.txt | 115 +++++++ .../apollo_modules/powerlog_ids_messages.txt | 86 ++++++ .../apollo_modules/powerlog_incallservice.txt | 164 ++++++++++ .../powerlog_kernel_task_monitor.txt | 116 +++++++ .../powerlog_lightning_connector_status.txt | 111 +++++++ .../powerlog_lightnining_connector_status.txt | 111 +++++++ .../powerlog_linear_brightness.txt | 125 ++++++++ .../powerlog_location_client_status.txt | 128 ++++++++ .../powerlog_location_tech_status.txt | 200 +++++++++++++ .../apollo_modules/powerlog_mobilebackup.txt | 84 ++++++ .../apollo_modules/powerlog_network_usage.txt | 113 +++++++ .../powerlog_paired_device_config.txt | 93 ++++++ .../apollo_modules/powerlog_power_state.txt | 282 ++++++++++++++++++ .../apollo_modules/powerlog_powernap.txt | 110 +++++++ .../powerlog_process_data_usage.txt | 125 ++++++++ .../apollo_modules/powerlog_process_id.txt | 116 +++++++ .../powerlog_process_monitor_dynamic.txt | 120 ++++++++ .../powerlog_push_message_received.txt | 128 ++++++++ .../powerlog_rapport_received_message.txt | 128 ++++++++ .../powerlog_scheduled_wake_events.txt | 113 +++++++ ...werlog_springboard_aggregate_bulletins.txt | 83 ++++++ ...og_springboard_aggregate_notifications.txt | 83 ++++++ .../apollo_modules/powerlog_timezone.txt | 122 ++++++++ .../apollo_modules/powerlog_torch_state.txt | 115 +++++++ .../apollo_modules/powerlog_user_idle.txt | 110 +++++++ .../utils/apollo_modules/powerlog_video.txt | 113 +++++++ .../apollo_modules/powerlog_video_cmfile.txt | 119 ++++++++ .../apollo_modules/powerlog_video_cmhls.txt | 125 ++++++++ .../powerlog_video_vtsession.txt | 131 ++++++++ .../apollo_modules/powerlog_wallet_card.txt | 107 +++++++ .../powerlog_wallet_transaction.txt | 107 +++++++ .../powerlog_wifi_power_state.txt | 107 +++++++ .../powerlog_wifi_properties.txt | 110 +++++++ .../powerlog_window_server_timeline.txt | 128 ++++++++ .../apollo_modules/quarantine_events.txt | 87 ++++++ .../apollo_modules/query_predictions.txt | 82 +++++ .../routined_cache_zrtcllocationmo.txt | 89 ++++++ .../routined_cache_zrthintmo.txt | 83 ++++++ .../routined_cache_zrvisitmo.txt | 88 ++++++ .../routined_cacheencryptedB_hint.txt | 81 +++++ .../routined_cacheencryptedB_location.txt | 86 ++++++ .../apollo_modules/routined_cloud_address.txt | 91 ++++++ .../apollo_modules/routined_cloud_mapitem.txt | 126 ++++++++ .../routined_cloud_visit_entry.txt | 211 +++++++++++++ .../routined_cloud_visit_exit.txt | 211 +++++++++++++ .../routined_cloud_visit_inbound_start.txt | 227 ++++++++++++++ .../routined_cloud_visit_inbound_stop.txt | 227 ++++++++++++++ .../routined_cloud_visit_outbound_start.txt | 227 ++++++++++++++ .../routined_cloud_visit_outbound_stop.txt | 227 ++++++++++++++ ...cal_learned_location_of_interest_entry.txt | 144 +++++++++ ...ocal_learned_location_of_interest_exit.txt | 144 +++++++++ ..._location_of_interest_transition_start.txt | 126 ++++++++ ...d_location_of_interest_transition_stop.txt | 126 ++++++++ .../routined_local_vehicle_parked.txt | 112 +++++++ .../routined_local_vehicle_parked_history.txt | 85 ++++++ .../utils/apollo_modules/safari_history.txt | 91 ++++++ .../apollo_modules/screentime_by_category.txt | 153 ++++++++++ .../apollo_modules/screentime_by_hour.txt | 134 +++++++++ .../screentime_counted_items.txt | 127 ++++++++ .../apollo_modules/screentime_timed_items.txt | 159 ++++++++++ .../utils/apollo_modules/sms_chat.txt | 104 +++++++ .../sms_chat_message_delivered.txt | 105 +++++++ .../apollo_modules/sms_chat_message_read.txt | 105 +++++++ ...config_execpolicy_exec_measurements_v2.txt | 93 ++++++ ...g_execpolicy_policy_old_platform_cache.txt | 78 +++++ ...icyconfig_execpolicy_policy_scan_cache.txt | 89 ++++++ ...g_execpolicy_policy_scan_cache_by_path.txt | 90 ++++++ ...nfig_execpolicy_policy_scan_targets_v2.txt | 83 ++++++ ...config_kextpolicy_kext_load_history_v3.txt | 97 ++++++ .../utils/apollo_modules/tcc_db.txt | 101 +++++++ 247 files changed, 28879 insertions(+) create mode 100644 src/sysdiagnose/utils/apollo_modules/aggregate_dictionary_distributed_keys.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/aggregate_dictionary_scalars.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/call_history.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/coreduetd_device_airplane_state.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/coreduetd_device_lock_state.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/coreduetdclassd_device_plugin_state.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/datausage_zliveusage.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/datausage_zprocess.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/dock_launchpad.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_distance.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_ecg_average_heart_rate.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_flights.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_heart_rate.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_steps.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_stood_up.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_weight.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_workout_cadence.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_workout_elevation.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_workout_general.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_workout_humidity.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_workout_indoor.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_workout_location_latitude.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_workout_location_longitude.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_workout_max_ground_elevation.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_workout_mets.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_workout_min_ground_elevation.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_workout_temperature.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_workout_timeofday.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_workout_timezone.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/health_workout_weather.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/interaction_contact_interactions.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/interaction_contact_interactions_keywords.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_activity_level.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_activity_level_feedback.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_airplay_prediction.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_activity.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_calendar.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_clock.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_mail.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_maps.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_notes.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_passbook.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_photos.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_safari.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_weather.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_inFocus.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_install.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_intents.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_location_activity.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_media_usage.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_relevantshortcuts.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_usage.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_app_webusage.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_audio_bluetooth_connected.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_audio_input_route.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_audio_media_nowplaying.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_audio_output_route.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_calendar_event_title.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_charging_smart_top_off_engagement.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_charging_smart_topoff_checkpoint.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_dasd_activity_profile.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_dasd_battery_temperature.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_dasd_control_effort.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_device_battery_saver.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_device_batterylevel.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_device_carplay_connected.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_device_inferred_motion.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_device_is_backlit.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_device_keybag_locked.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_device_locked.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_device_locked_imputed.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_device_low_power_mode.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_device_orientation.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_device_pluggedin.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_device_watch_nearby.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_discoverability_signals.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_discoverability_usage.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_disk_subsystem_access.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_event_tombstone.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_family_prediction.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_inferred_microlocation_visit.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_knowledge_sync_addition_window.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_notification_usage.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_paired_device_nearby.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_photos_deletes_all.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_photos_deletes_recent.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_photos_edit_all.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_photos_engagement.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_photos_favorites_other.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_photos_share_airdrop.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_photos_share_all.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_photos_share_extension.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_portrait_entity.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_portrait_topic.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_safari_browsing.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_segment_monitor.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_settings_doNotDisturb.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_sharesheet_feedback.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_siri.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_siri_activites.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_siri_flow_activity.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_siri_service.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_spotlight_viewer_event.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_standby_timer.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_sync_addition_window.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_sync_deletion_bookmark.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_system_airplane_mode.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_system_tlc.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_system_userwakingevent.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_user_first_backlight_after_wakeup.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_user_interaction_app_directory.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_widget_refresh.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_widget_view.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_widgets_viewed.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/knowledge_wifi_connection.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_appharvest.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_cdmacelllocation.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_cdmacelllocationharvest.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_celllocation.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_celllocationharvest.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_celllocationlocal.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_indoorlocationharvest.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_locationharvest.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_ltecelllocation.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_ltecelllocationharvest.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_ltecelllocationlocal.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_passharvest.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_poiharvestlocation.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_pressurelocationharvest.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_scdmacelllocation.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_wifilocation.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_wifilocationharvest.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_wtwlocationharvest.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedC_motionstatehistory.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedC_nataliehistory.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedC_stepcounthistory.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/netusage_zliverouteperf.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/netusage_zliveusage.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/netusage_zprocess.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/notifications_db.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/passes23_unique_passes_cards.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/passes23_wallet_passes.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/passes23_wallet_transactions.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_accessory_connection.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_activity_states.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_airdrop.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_app_audio.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_app_deletion.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_app_frontmost.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_app_info.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_app_info_macos.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_app_lifecycle.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_app_nowplaying.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_app_usage.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_app_usage_by_hour.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_assertion.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_audio_routing.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_audio_volume.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_awdl_states.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_backcamera_state.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_backlight_brightness.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_battery_level.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_battery_level_ui.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_bluetooth_device_state.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_button_state.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_camera_state.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_clamshell_state.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_coalition_interval.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_device_lock_state.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_device_screen.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_device_screen_autolock.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_device_state.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_device_telephony_activity.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_device_telephony_registration.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_device_volume.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_display.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_display_brightness.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_frontcamera_state.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_ids_messages.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_incallservice.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_kernel_task_monitor.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_lightning_connector_status.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_lightnining_connector_status.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_linear_brightness.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_location_client_status.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_location_tech_status.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_mobilebackup.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_network_usage.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_paired_device_config.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_power_state.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_powernap.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_process_data_usage.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_process_id.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_process_monitor_dynamic.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_push_message_received.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_rapport_received_message.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_scheduled_wake_events.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_springboard_aggregate_bulletins.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_springboard_aggregate_notifications.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_timezone.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_torch_state.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_user_idle.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_video.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_video_cmfile.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_video_cmhls.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_video_vtsession.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_wallet_card.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_wallet_transaction.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_wifi_power_state.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_wifi_properties.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/powerlog_window_server_timeline.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/quarantine_events.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/query_predictions.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_cache_zrtcllocationmo.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_cache_zrthintmo.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_cache_zrvisitmo.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_cacheencryptedB_hint.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_cacheencryptedB_location.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_cloud_address.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_cloud_mapitem.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_entry.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_exit.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_inbound_start.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_inbound_stop.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_outbound_start.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_outbound_stop.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_local_learned_location_of_interest_entry.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_local_learned_location_of_interest_exit.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_local_learned_location_of_interest_transition_start.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_local_learned_location_of_interest_transition_stop.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_local_vehicle_parked.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/routined_local_vehicle_parked_history.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/safari_history.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/screentime_by_category.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/screentime_by_hour.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/screentime_counted_items.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/screentime_timed_items.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/sms_chat.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/sms_chat_message_delivered.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/sms_chat_message_read.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_exec_measurements_v2.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_policy_old_platform_cache.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_policy_scan_cache.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_policy_scan_cache_by_path.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_policy_scan_targets_v2.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/systempolicyconfig_kextpolicy_kext_load_history_v3.txt create mode 100644 src/sysdiagnose/utils/apollo_modules/tcc_db.txt diff --git a/src/sysdiagnose/utils/apollo_modules/aggregate_dictionary_distributed_keys.txt b/src/sysdiagnose/utils/apollo_modules/aggregate_dictionary_distributed_keys.txt new file mode 100644 index 0000000..ac76ffd --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/aggregate_dictionary_distributed_keys.txt @@ -0,0 +1,85 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Keeping track of various values on a per-day basis. + +[Database Metadata] +DATABASE=ADDataStore.sqlitedb +PLATFORM=IOS +VERSIONS=8,9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=aggregate_dictionary_distributed_keys +ACTIVITY=Aggregate Dictionary - Distributed Key +KEY_TIMESTAMP=DAY + +[SQL Query 8,9,10,11,12,13,14] +QUERY= + SELECT + DATE(DISTRIBUTIONKEYS.DAYSSINCE1970*86400, 'unixepoch') AS "DAY", + DISTRIBUTIONKEYS.KEY AS "KEY", + DISTRIBUTIONVALUES.VALUE AS "VALUE", + DISTRIBUTIONVALUES.SECONDSINDAYOFFSET AS "SECONDS IN DAY OFFSET", + DISTRIBUTIONVALUES.DISTRIBUTIONID AS "DISTRIBUTIONVALUES TABLE ID" + FROM + DISTRIBUTIONKEYS + LEFT JOIN + DISTRIBUTIONVALUES + ON DISTRIBUTIONKEYS.ROWID = DISTRIBUTIONVALUES.DISTRIBUTIONID \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/aggregate_dictionary_scalars.txt b/src/sysdiagnose/utils/apollo_modules/aggregate_dictionary_scalars.txt new file mode 100644 index 0000000..9c9cee6 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/aggregate_dictionary_scalars.txt @@ -0,0 +1,80 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Keeping track of various values on a per-day basis. + +[Database Metadata] +DATABASE=ADDataStore.sqlitedb +PLATFORM=IOS +VERSIONS=8,9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=aggregate_dictionary_scalars +ACTIVITY=Aggregate Dictionary - Scalar +KEY_TIMESTAMP=DAY + +[SQL Query 8,9,10,11,12,13,14] +QUERY= + SELECT + DATE(DAYSSINCE1970*86400, 'unixepoch') AS DAY, + KEY AS "KEY", + VALUE AS "VALUE" + FROM + SCALARS \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/call_history.txt b/src/sysdiagnose/utils/apollo_modules/call_history.txt new file mode 100644 index 0000000..fa7d8f7 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/call_history.txt @@ -0,0 +1,118 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Call History + +[Database Metadata] +DATABASE=CallHistory.storedata +PLATFORM=IOS,MACOS +VERSIONS=8,9,10,11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=call_history +ACTIVITY=Call History +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10.13,10.14,10.15,10.16] +QUERY= + SELECT + DATETIME(ZDATE+978307200,'UNIXEPOCH') AS "TIMESTAMP", + ZANSWERED AS "WAS ANSWERED", + ZDISCONNECTED_CAUSE AS "DISCONNECTED CAUSE", + ZCALLTYPE AS "CALL TYPE", + ZORIGINATED AS "ORIGINATED", + ZDURATION/60.00 AS "DURATION (IN MINUTES)", + ZDURATION AS "DURATION (IN SECONDS)", + ZISO_COUNTRY_CODE AS "ISO COUNTRY CODE", + ZLOCATION AS "LOCATION", + ZSERVICE_PROVIDER AS "SERVICE PROVIDER", + HEX(CAST(ZADDRESS AS TEXT)) AS "ADDRESS", + ZCALLRECORD.Z_PK AS "ZCALLRECORD TABLE ID" + FROM ZCALLRECORD + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(ZDATE+978307200,'UNIXEPOCH') AS "TIMESTAMP", + CAST(ZADDRESS AS TEXT) AS "ADDRESS", + ZANSWERED AS "WAS ANSWERED", + ZCALLTYPE AS "CALL TYPE", + ZORIGINATED AS "ORIGINATED", + ZDURATION/60.00 AS "DURATION (IN MINUTES)", + ZDURATION AS "DURATION (IN SECONDS)", + ZISO_COUNTRY_CODE AS "ISO COUNTRY CODE", + ZLOCATION AS "LOCATION", + ZSERVICE_PROVIDER AS "SERVICE PROVIDER", + ZCALLRECORD.Z_PK AS "ZCALLRECORD TABLE ID" + FROM ZCALLRECORD + +[SQL Query 8] +QUERY= + SELECT + DATETIME(ZDATE+978307200,'UNIXEPOCH') AS "TIMESTAMP", + CAST(ZADDRESS AS TEXT) AS "ADDRESS", + ZANSWERED AS "WAS ANSWERED", + ZCALLTYPE AS "CALL TYPE", + ZORIGINATED AS "ORIGINATED", + ZDURATION/60.00 AS "DURATION (IN MINUTES)", + ZDURATION AS "DURATION (IN SECONDS)", + ZISO_COUNTRY_CODE AS "ISO COUNTRY CODE", + ZCALLRECORD.Z_PK AS "ZCALLRECORD TABLE ID" + FROM ZCALLRECORD \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/coreduetd_device_airplane_state.txt b/src/sysdiagnose/utils/apollo_modules/coreduetd_device_airplane_state.txt new file mode 100644 index 0000000..1936c46 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/coreduetd_device_airplane_state.txt @@ -0,0 +1,83 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Airplane Mode + +[Database Metadata] +DATABASE=coreduetd.db +PLATFORM=IOS +VERSIONS=8,9 + +[Query Metadata] +QUERY_NAME=coreduetd_device_airplane_state +ACTIVITY=Airplane Mode +KEY_TIMESTAMP=CREATE TIME + +[SQL Query 8,9] +QUERY= + SELECT + DATETIME(ZCREATIONDATE+978307200,"UNIXEPOCH") AS "CREATE TIME", + TIME(ZLOCALTIME,"UNIXEPOCH") AS "LOCAL DEVICE TIME", + TIME(ZCREATIONDATE-ZLOCALTIME,"UNIXEPOCH") AS "TIME ZONE", + CASE ZAIRPLANEMODEON + WHEN "0" THEN "OFF" + WHEN "1" THEN "ON" + END "AIRPLANE MODE" + FROM ZCDDMAIRPLANEMODEEVENT \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/coreduetd_device_lock_state.txt b/src/sysdiagnose/utils/apollo_modules/coreduetd_device_lock_state.txt new file mode 100644 index 0000000..ad499b7 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/coreduetd_device_lock_state.txt @@ -0,0 +1,83 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Lock State + +[Database Metadata] +DATABASE=coreduetd.db +PLATFORM=IOS +VERSIONS=8,9 + +[Query Metadata] +QUERY_NAME=coreduetd_device_lock_state +ACTIVITY=Lock State +KEY_TIMESTAMP=CREATE TIME + +[SQL Query 8,9] +QUERY= + SELECT + DATETIME(ZCREATIONDATE+978307200,"UNIXEPOCH") AS "CREATE TIME", + TIME(ZLOCALTIME,"UNIXEPOCH") AS "LOCAL DEVICE TIME", + TIME(ZCREATIONDATE-ZLOCALTIME,"UNIXEPOCH") AS "TIME ZONE", + CASE ZLOCKSTATE + WHEN "0" THEN "UNLOCKED" + WHEN "1" THEN "LOCKED" + END "LOCK STATE" + FROM ZCDDMSCREENLOCKEVENT \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/coreduetdclassd_device_plugin_state.txt b/src/sysdiagnose/utils/apollo_modules/coreduetdclassd_device_plugin_state.txt new file mode 100644 index 0000000..df7232c --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/coreduetdclassd_device_plugin_state.txt @@ -0,0 +1,82 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Plugin State + +[Database Metadata] +DATABASE=coreduetdClassD.db +PLATFORM=IOS +VERSIONS=8,9 + +[Query Metadata] +QUERY_NAME=coreduetdclassd_device_plugin_state +ACTIVITY=Plugin State +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 8,9] +QUERY= + SELECT + DATETIME(ZCREATIONDATE+978307200,'UNIXEPOCH') AS "TIMESTAMP", + TIME(ZCREATIONDATE-ZLOCALTIME,'UNIXEPOCH') AS "TIME ZONE", + CASE ZCABLESTATE + WHEN "0" THEN "UNPLUGGED" + WHEN "1" THEN "PLUGGED IN" + END "CABLE STATE" + FROM ZCDDMPLUGINEVENT \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/datausage_zliveusage.txt b/src/sysdiagnose/utils/apollo_modules/datausage_zliveusage.txt new file mode 100644 index 0000000..9439dcc --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/datausage_zliveusage.txt @@ -0,0 +1,87 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Data Usage Traffic by Process. + +[Database Metadata] +DATABASE=DataUsage.sqlite,DataUsage-watch.sqlite +PLATFORM=IOS +VERSIONS=8,9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=datausage_zliveusage +ACTIVITY=Data Usage +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 8,9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(ZLIVEUSAGE.ZTIMESTAMP + 978307200, 'UNIXEPOCH') AS "TIMESTAMP", + DATETIME(ZPROCESS.ZFIRSTTIMESTAMP + 978307200, 'UNIXEPOCH') AS "PROCESS FIRST TIMESTAMP", + DATETIME(ZPROCESS.ZTIMESTAMP+ 978307200, 'UNIXEPOCH') AS "PROCESS TIMESTAMP", + ZPROCESS.ZPROCNAME AS "PROCESS NAME", + ZPROCESS.ZBUNDLENAME AS "BUNDLE ID", + ZLIVEUSAGE.ZWIFIIN AS "WIFI IN", + ZLIVEUSAGE.ZWIFIOUT AS "WIFI OUT", + ZLIVEUSAGE.ZWWANIN AS "WWAN IN", + ZLIVEUSAGE.ZWWANOUT AS "WWAN OUT", + ZLIVEUSAGE.Z_PK AS "ZLIVEUSAGE TABLE ID" + FROM ZLIVEUSAGE + LEFT JOIN ZPROCESS ON ZLIVEUSAGE.ZHASPROCESS = ZPROCESS.Z_PK \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/datausage_zprocess.txt b/src/sysdiagnose/utils/apollo_modules/datausage_zprocess.txt new file mode 100644 index 0000000..9b4d931 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/datausage_zprocess.txt @@ -0,0 +1,81 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Data Usage Processes/Bundle IDs. + +[Database Metadata] +DATABASE=DataUsage.sqlite,DataUsage-watch.sqlite +PLATFORM=IOS +VERSIONS=8,9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=datausage_zprocess +ACTIVITY=Data Usage +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 8,9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(ZPROCESS.ZTIMESTAMP+ 978307200, 'UNIXEPOCH') AS "TIMESTAMP", + DATETIME(ZPROCESS.ZFIRSTTIMESTAMP + 978307200, 'UNIXEPOCH') AS "PROCESS FIRST TIMESTAMP", + ZPROCESS.ZPROCNAME AS "PROCESS NAME", + ZPROCESS.ZBUNDLENAME AS "BUNDLE ID", + ZPROCESS.Z_PK AS "ZPROCESS TABLE ID" + FROM ZPROCESS \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/dock_launchpad.txt b/src/sysdiagnose/utils/apollo_modules/dock_launchpad.txt new file mode 100644 index 0000000..68bc903 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/dock_launchpad.txt @@ -0,0 +1,85 @@ +[Module License] +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Dock Launchpad + +[Database Metadata] +DATABASE=db +PLATFORM=MACOS +VERSIONS=10.13,10.14,10.15,10.16 + +[Query Metadata] +QUERY_NAME=dock_launchpad +ACTIVITY=Dock Launchpad +KEY_TIMESTAMP=MODIFICATION DATE + +[SQL Query 10.13,10.14,10.15,10.16] +QUERY= + SELECT + DATETIME(APPS.MODDATE+978307200,'UNIXEPOCH') AS 'MODIFICATION DATE', + APPS.TITLE AS 'TITLE', + APPS.BUNDLEID AS 'BUNDLE ID', + CATEGORIES.UTI AS 'CATEGORY UTI', + APPS.STOREID AS 'STORE ID', + HEX(APPS.BOOKMARK) AS 'BOOKMARK BLOB (HEX)', + APPS.ITEM_ID AS "APPS TABLE ID" + FROM APPS + LEFT JOIN CATEGORIES ON APPS.CATEGORY_ID == CATEGORIES.ROWID \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_distance.txt b/src/sysdiagnose/utils/apollo_modules/health_distance.txt new file mode 100644 index 0000000..7515d8e --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_distance.txt @@ -0,0 +1,91 @@ + +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Distance + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=health_distance +ACTIVITY=Health Distance +KEY_TIMESTAMP=START DATE + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + QUANTITY AS "DISTANCE IN METERS", + QUANTITY*3.28084 AS "DISTANCE IN FEET", + (SAMPLES.END_DATE-SAMPLES.START_DATE) AS "TIME IN SECONDS", + SAMPLES.DATA_ID AS "SAMPLES TABLE ID" + FROM + SAMPLES + LEFT OUTER JOIN + QUANTITY_SAMPLES + ON SAMPLES.DATA_ID = QUANTITY_SAMPLES.DATA_ID + LEFT OUTER JOIN + CORRELATIONS + ON SAMPLES.DATA_ID = CORRELATIONS.OBJECT + WHERE + SAMPLES.DATA_TYPE = 8 \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_ecg_average_heart_rate.txt b/src/sysdiagnose/utils/apollo_modules/health_ecg_average_heart_rate.txt new file mode 100644 index 0000000..4fb587e --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_ecg_average_heart_rate.txt @@ -0,0 +1,92 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Electrocardiogram (ECG) Average Heart Rate + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=12,13,14 + +[Query Metadata] +QUERY_NAME=health_ecg_average_heart_rate +ACTIVITY=ECG Average Heart Rate +KEY_TIMESTAMP=START DATE + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + METADATA_VALUES.NUMERICAL_VALUE AS "ECG AVERAGE HEARTRATE", + (SAMPLES.END_DATE-SAMPLES.START_DATE) AS "TIME IN SECONDS" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + KEY IS "_HKPrivateMetadataKeyElectrocardiogramHeartRate" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_flights.txt b/src/sysdiagnose/utils/apollo_modules/health_flights.txt new file mode 100644 index 0000000..65545a4 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_flights.txt @@ -0,0 +1,87 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Flights Climbed + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=health_flights +ACTIVITY=Health Flights Climbed +KEY_TIMESTAMP=START DATE + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + QUANTITY AS "FLIGHTS CLIMBED", + (SAMPLES.END_DATE-SAMPLES.START_DATE) AS "TIME IN SECONDS", + SAMPLES.DATA_ID AS "SAMPLES TABLE ID" + FROM + SAMPLES + LEFT OUTER JOIN + QUANTITY_SAMPLES + ON SAMPLES.DATA_ID = QUANTITY_SAMPLES.DATA_ID + WHERE + SAMPLES.DATA_TYPE = 12 \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_heart_rate.txt b/src/sysdiagnose/utils/apollo_modules/health_heart_rate.txt new file mode 100644 index 0000000..1449623 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_heart_rate.txt @@ -0,0 +1,90 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Heart Rate + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=health_heart_rate +ACTIVITY=Health Heart Rate +KEY_TIMESTAMP=DATE + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "DATE", + ORIGINAL_QUANTITY AS "HEART RATE", + UNIT_STRINGS.UNIT_STRING AS "UNITS", + QUANTITY AS "QUANTITY", + SAMPLES.DATA_ID AS "SAMPLES TABLE ID" + FROM + SAMPLES + LEFT OUTER JOIN + QUANTITY_SAMPLES + ON SAMPLES.DATA_ID = QUANTITY_SAMPLES.DATA_ID + LEFT OUTER JOIN + UNIT_STRINGS + ON QUANTITY_SAMPLES.ORIGINAL_UNIT = UNIT_STRINGS.ROWID + WHERE + SAMPLES.DATA_TYPE = 5 \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_steps.txt b/src/sysdiagnose/utils/apollo_modules/health_steps.txt new file mode 100644 index 0000000..92cf331 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_steps.txt @@ -0,0 +1,87 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Steps + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=health_steps +ACTIVITY=Health Steps +KEY_TIMESTAMP=START DATE + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + QUANTITY AS "STEPS", + (SAMPLES.END_DATE-SAMPLES.START_DATE) AS "TIME IN SECONDS", + SAMPLES.DATA_ID AS "SAMPLES TABLE ID" + FROM + SAMPLES + LEFT OUTER JOIN + QUANTITY_SAMPLES + ON SAMPLES.DATA_ID = QUANTITY_SAMPLES.DATA_ID + WHERE + SAMPLES.DATA_TYPE = 7 \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_stood_up.txt b/src/sysdiagnose/utils/apollo_modules/health_stood_up.txt new file mode 100644 index 0000000..d2043ae --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_stood_up.txt @@ -0,0 +1,87 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Stood Up + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=health_stood_up +ACTIVITY=Health Stood Up +KEY_TIMESTAMP=START DATE + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + QUANTITY AS "STOOD UP", + (SAMPLES.END_DATE-SAMPLES.START_DATE) AS "TIME IN SECONDS", + SAMPLES.DATA_ID AS "SAMPLES TABLE ID" + FROM + SAMPLES + LEFT OUTER JOIN + QUANTITY_SAMPLES + ON SAMPLES.DATA_ID = QUANTITY_SAMPLES.DATA_ID + WHERE + SAMPLES.DATA_TYPE = 75 \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_weight.txt b/src/sysdiagnose/utils/apollo_modules/health_weight.txt new file mode 100644 index 0000000..f9144c0 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_weight.txt @@ -0,0 +1,85 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Weight + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=health_weight +ACTIVITY=Health Weight +KEY_TIMESTAMP=DATE + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "DATE", + QUANTITY AS "WEIGHT (IN KG)", + QUANTITY*2.20462 AS "WEIGHT (IN LBS)", + SAMPLES.DATA_ID AS "SAMPLES TABLE ID" + FROM + SAMPLES + LEFT OUTER JOIN QUANTITY_SAMPLES ON SAMPLES.DATA_ID = QUANTITY_SAMPLES.DATA_ID + WHERE + SAMPLES.DATA_TYPE = 3 + AND "DATE" IS NOT NULL \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_workout_cadence.txt b/src/sysdiagnose/utils/apollo_modules/health_workout_cadence.txt new file mode 100644 index 0000000..03ddf03 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_workout_cadence.txt @@ -0,0 +1,114 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Workout Average Cadence + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=12,13,14 + +[Query Metadata] +QUERY_NAME=health_workout_cadence +ACTIVITY=Health Workout Average Cadence +KEY_TIMESTAMP=START DATE + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + METADATA_VALUES.NUMERICAL_VALUE AS "SPM (strides/min)", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_DISTANCE*0.621371 AS "DISTANCE IN MILES", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL", + WORKOUTS.TOTAL_FLIGHTS_CLIMBED AS "FLIGHTS CLIMBED", + WORKOUTS.TOTAL_W_STEPS AS "STEPS" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "_HKPrivateWorkoutAverageCadence" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_workout_elevation.txt b/src/sysdiagnose/utils/apollo_modules/health_workout_elevation.txt new file mode 100644 index 0000000..330c5fb --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_workout_elevation.txt @@ -0,0 +1,165 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Indoor Elevation + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=health_workout_elevation +ACTIVITY=Health Workout Elevation +KEY_TIMESTAMP=START DATE + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + METADATA_VALUES.NUMERICAL_VALUE/100.00 AS "ELEVATION (METERS)", + (METADATA_VALUES.NUMERICAL_VALUE/100.00)*3.28084 AS "ELEVATION (FEET)", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_DISTANCE*0.621371 AS "DISTANCE IN MILES", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL", + WORKOUTS.TOTAL_FLIGHTS_CLIMBED AS "FLIGHTS CLIMBED", + WORKOUTS.TOTAL_W_STEPS AS "STEPS" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND (KEY IS "_HKPrivateWorkoutElevationAscendedQuantity" OR KEY IS "HKElevationAscended") + +[SQL Query 10] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + METADATA_KEYS.KEY AS "KEY", + METADATA_VALUES.NUMERICAL_VALUE/100.00 AS "ELEVATION (IN METERS)", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL" + FROM + SAMPLES + LEFT OUTER JOIN + QUANTITY_SAMPLES + ON SAMPLES.DATA_ID = QUANTITY_SAMPLES.DATA_ID + LEFT OUTER JOIN + UNIT_STRINGS + ON QUANTITY_SAMPLES.ORIGINAL_UNIT = UNIT_STRINGS.ROWID + LEFT OUTER JOIN + CORRELATIONS + ON SAMPLES.DATA_ID = CORRELATIONS.OBJECT + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "_HKPrivateWorkoutElevationAscendedQuantity" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_workout_general.txt b/src/sysdiagnose/utils/apollo_modules/health_workout_general.txt new file mode 100644 index 0000000..44c65a7 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_workout_general.txt @@ -0,0 +1,162 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Workout, these workouts do not have additional metadata associated. This query does not produce all workouts, just those without metadata. + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=health_workout_general +ACTIVITY=Health Workout (General) +KEY_TIMESTAMP=START DATE + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_DISTANCE*0.621371 AS "DISTANCE IN MILES", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL", + WORKOUTS.TOTAL_FLIGHTS_CLIMBED AS "FLIGHTS CLIMBED", + WORKOUTS.TOTAL_W_STEPS AS "STEPS" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL + AND (KEY IS NULL OR KEY IS "HKIndoorWorkout") + +[SQL Query 9,10] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL" + FROM + SAMPLES + LEFT OUTER JOIN + QUANTITY_SAMPLES + ON SAMPLES.DATA_ID = QUANTITY_SAMPLES.DATA_ID + LEFT OUTER JOIN + UNIT_STRINGS + ON QUANTITY_SAMPLES.ORIGINAL_UNIT = UNIT_STRINGS.ROWID + LEFT OUTER JOIN + CORRELATIONS + ON SAMPLES.DATA_ID = CORRELATIONS.OBJECT + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS NULL \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_workout_humidity.txt b/src/sysdiagnose/utils/apollo_modules/health_workout_humidity.txt new file mode 100644 index 0000000..4311c06 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_workout_humidity.txt @@ -0,0 +1,164 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Indoor Humidity + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=health_workout_humidity +ACTIVITY=Health Workout Humidity +KEY_TIMESTAMP=START DATE + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + METADATA_VALUES.NUMERICAL_VALUE || METADATA_VALUES.STRING_VALUE AS "HUMIDITY", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_DISTANCE*0.621371 AS "DISTANCE IN MILES", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL", + WORKOUTS.TOTAL_FLIGHTS_CLIMBED AS "FLIGHTS CLIMBED", + WORKOUTS.TOTAL_W_STEPS AS "STEPS" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "HKWeatherHumidity" + +[SQL Query 10] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + METADATA_KEYS.KEY AS "KEY", + METADATA_VALUES.NUMERICAL_VALUE || METADATA_VALUES.STRING_VALUE AS "VALUE", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL" + FROM + SAMPLES + LEFT OUTER JOIN + QUANTITY_SAMPLES + ON SAMPLES.DATA_ID = QUANTITY_SAMPLES.DATA_ID + LEFT OUTER JOIN + UNIT_STRINGS + ON QUANTITY_SAMPLES.ORIGINAL_UNIT = UNIT_STRINGS.ROWID + LEFT OUTER JOIN + CORRELATIONS + ON SAMPLES.DATA_ID = CORRELATIONS.OBJECT + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "HKWeatherHumidity" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_workout_indoor.txt b/src/sysdiagnose/utils/apollo_modules/health_workout_indoor.txt new file mode 100644 index 0000000..3c757f1 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_workout_indoor.txt @@ -0,0 +1,151 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Indoor Workout + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=health_workout_indoor +ACTIVITY=Health Indoor Workout +KEY_TIMESTAMP=START DATE + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_DISTANCE*0.621371 AS "DISTANCE IN MILES", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL", + WORKOUTS.TOTAL_FLIGHTS_CLIMBED AS "FLIGHTS CLIMBED", + WORKOUTS.TOTAL_W_STEPS AS "STEPS" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "HKIndoorWorkout" + +[SQL Query 9,10] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "HKIndoorWorkout" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_workout_location_latitude.txt b/src/sysdiagnose/utils/apollo_modules/health_workout_location_latitude.txt new file mode 100644 index 0000000..72411c6 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_workout_location_latitude.txt @@ -0,0 +1,154 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Indoor Location Latitude + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=health_workout_location_latitude +ACTIVITY=Health Workout Location Latitude +KEY_TIMESTAMP=START DATE + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + METADATA_VALUES.NUMERICAL_VALUE AS "LATITUDE", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_DISTANCE*0.621371 AS "DISTANCE IN MILES", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL", + WORKOUTS.TOTAL_FLIGHTS_CLIMBED AS "FLIGHTS CLIMBED", + WORKOUTS.TOTAL_W_STEPS AS "STEPS" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "_HKPrivateWorkoutWeatherLocationCoordinatesLatitude" + +[SQL Query 10] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + METADATA_VALUES.NUMERICAL_VALUE AS "LATITUDE", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "_HKPrivateWorkoutWeatherLocationCoordinatesLatitude" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_workout_location_longitude.txt b/src/sysdiagnose/utils/apollo_modules/health_workout_location_longitude.txt new file mode 100644 index 0000000..8774c6d --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_workout_location_longitude.txt @@ -0,0 +1,154 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Indoor Location Longitude + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=health_workout_location_longitude +ACTIVITY=Health Workout Location Longitude +KEY_TIMESTAMP=START DATE + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + METADATA_VALUES.NUMERICAL_VALUE AS "LONGITUDE", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_DISTANCE*0.621371 AS "DISTANCE IN MILES", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL", + WORKOUTS.TOTAL_FLIGHTS_CLIMBED AS "FLIGHTS CLIMBED", + WORKOUTS.TOTAL_W_STEPS AS "STEPS" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "_HKPrivateWorkoutWeatherLocationCoordinatesLongitude" + +[SQL Query 10] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + METADATA_VALUES.NUMERICAL_VALUE AS "LONGITUDE", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "_HKPrivateWorkoutWeatherLocationCoordinatesLongitude" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_workout_max_ground_elevation.txt b/src/sysdiagnose/utils/apollo_modules/health_workout_max_ground_elevation.txt new file mode 100644 index 0000000..71f897b --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_workout_max_ground_elevation.txt @@ -0,0 +1,115 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Workout Maximum Ground Elevation + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=12,13,14 + +[Query Metadata] +QUERY_NAME=health_workout_max_ground_elevation +ACTIVITY=Health Workout Maximum Ground Elevation +KEY_TIMESTAMP=START DATE + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + METADATA_VALUES.NUMERICAL_VALUE AS "MAX GROUND ELEVATION (METERS)", + METADATA_VALUES.NUMERICAL_VALUE*3.28084 AS "MAX GROUND ELEVATION (FEET)", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_DISTANCE*0.621371 AS "DISTANCE IN MILES", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL", + WORKOUTS.TOTAL_FLIGHTS_CLIMBED AS "FLIGHTS CLIMBED", + WORKOUTS.TOTAL_W_STEPS AS "STEPS" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "_HKPrivateWorkoutMaxGroundElevation" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_workout_mets.txt b/src/sysdiagnose/utils/apollo_modules/health_workout_mets.txt new file mode 100644 index 0000000..e7226aa --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_workout_mets.txt @@ -0,0 +1,114 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Workout Average METs + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=12,13,14 + +[Query Metadata] +QUERY_NAME=health_workout_mets +ACTIVITY=Health Workout Average METs +KEY_TIMESTAMP=START DATE + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + METADATA_VALUES.NUMERICAL_VALUE AS "AVERAGE METs", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_DISTANCE*0.621371 AS "DISTANCE IN MILES", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL", + WORKOUTS.TOTAL_FLIGHTS_CLIMBED AS "FLIGHTS CLIMBED", + WORKOUTS.TOTAL_W_STEPS AS "STEPS" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "HKAverageMETs" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_workout_min_ground_elevation.txt b/src/sysdiagnose/utils/apollo_modules/health_workout_min_ground_elevation.txt new file mode 100644 index 0000000..c46e3ec --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_workout_min_ground_elevation.txt @@ -0,0 +1,115 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Workout Minimum Ground Elevation + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=12,13,14 + +[Query Metadata] +QUERY_NAME=health_workout_min_ground_elevation +ACTIVITY=Health Workout Minimum Ground Elevation +KEY_TIMESTAMP=START DATE + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + METADATA_VALUES.NUMERICAL_VALUE AS "MINIMUM GROUND ELEVATION (METERS)", + METADATA_VALUES.NUMERICAL_VALUE*3.28084 AS "MINIMUM GROUND ELEVATION (FEET)", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_DISTANCE*0.621371 AS "DISTANCE IN MILES", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL", + WORKOUTS.TOTAL_FLIGHTS_CLIMBED AS "FLIGHTS CLIMBED", + WORKOUTS.TOTAL_W_STEPS AS "STEPS" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "_HKPrivateWorkoutMinGroundElevation" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_workout_temperature.txt b/src/sysdiagnose/utils/apollo_modules/health_workout_temperature.txt new file mode 100644 index 0000000..e0d2e12 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_workout_temperature.txt @@ -0,0 +1,154 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Indoor Temperature + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=health_workout_temperature +ACTIVITY=Health Workout Temperature +KEY_TIMESTAMP=START DATE + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + METADATA_VALUES.NUMERICAL_VALUE || " " ||METADATA_VALUES.STRING_VALUE AS "TEMPERATURE", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_DISTANCE*0.621371 AS "DISTANCE IN MILES", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL", + WORKOUTS.TOTAL_FLIGHTS_CLIMBED AS "FLIGHTS CLIMBED", + WORKOUTS.TOTAL_W_STEPS AS "STEPS" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "HKWeatherTemperature" + +[SQL Query 10] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + METADATA_VALUES.NUMERICAL_VALUE || " " ||METADATA_VALUES.STRING_VALUE AS "TEMPERATURE", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "HKWeatherTemperature" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_workout_timeofday.txt b/src/sysdiagnose/utils/apollo_modules/health_workout_timeofday.txt new file mode 100644 index 0000000..2a0e6be --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_workout_timeofday.txt @@ -0,0 +1,160 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Indoor Time of Day + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=health_workout_timeofday +ACTIVITY=Health Workout Time of Day +KEY_TIMESTAMP=START DATE + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + CASE METADATA_VALUES.NUMERICAL_VALUE + WHEN 0.0 THEN "NIGHT" + WHEN 1.0 THEN "DAY" + END "TIME OF DAY", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_DISTANCE*0.621371 AS "DISTANCE IN MILES", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL", + WORKOUTS.TOTAL_FLIGHTS_CLIMBED AS "FLIGHTS CLIMBED", + WORKOUTS.TOTAL_W_STEPS AS "STEPS" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "_HKPrivateWorkoutWasInDaytime" + +[SQL Query 10] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + CASE METADATA_VALUES.NUMERICAL_VALUE + WHEN 0.0 THEN "NIGHT" + WHEN 1.0 THEN "DAY" + END "TIME OF DAY", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "_HKPrivateWorkoutWasInDaytime" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_workout_timezone.txt b/src/sysdiagnose/utils/apollo_modules/health_workout_timezone.txt new file mode 100644 index 0000000..f661fb8 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_workout_timezone.txt @@ -0,0 +1,154 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Workout Time Zone + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=health_workout_timezone +ACTIVITY=Health Workout Time Zone +KEY_TIMESTAMP=START DATE + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + METADATA_VALUES.STRING_VALUE AS "TIME ZONE", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_DISTANCE*0.621371 AS "DISTANCE IN MILES", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL", + WORKOUTS.TOTAL_FLIGHTS_CLIMBED AS "FLIGHTS CLIMBED", + WORKOUTS.TOTAL_W_STEPS AS "STEPS" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "HKTimeZone" + +[SQL Query 10] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + METADATA_VALUES.STRING_VALUE AS "TIME ZONE", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "HKTimeZone" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/health_workout_weather.txt b/src/sysdiagnose/utils/apollo_modules/health_workout_weather.txt new file mode 100644 index 0000000..a5ac0f8 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/health_workout_weather.txt @@ -0,0 +1,176 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Health Indoor Weather + +[Database Metadata] +DATABASE=healthdb_secure.sqlite +PLATFORM=IOS +VERSIONS=10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=health_workout_weather +ACTIVITY=Health Workout Weather +KEY_TIMESTAMP=START DATE + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + CASE METADATA_VALUES.NUMERICAL_VALUE + WHEN 1.0 THEN "SUNNY" + WHEN 2.0 THEN "SUNNY OR INDOOR" + WHEN 3.0 THEN "PARTLY CLOUDY" + WHEN 4.0 THEN "CLOUDY" + WHEN 5.0 THEN "CLOUDY" + WHEN 6.0 THEN "FOG" + WHEN 18.0 THEN "SNOW" + WHEN 31.0 THEN "RAIN" + WHEN 35.0 THEN "THUNDERSTORM" + ELSE "UNKNOWN" || "-" || METADATA_VALUES.NUMERICAL_VALUE + END "WEATHER", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_DISTANCE*0.621371 AS "DISTANCE IN MILES", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL", + WORKOUTS.TOTAL_FLIGHTS_CLIMBED AS "FLIGHTS CLIMBED", + WORKOUTS.TOTAL_W_STEPS AS "STEPS" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "_HKPrivateWeatherCondition" + +[SQL Query 10] +QUERY= + SELECT + DATETIME(SAMPLES.START_DATE + 978307200, 'UNIXEPOCH') AS "START DATE", + DATETIME(SAMPLES.END_DATE + 978307200, 'UNIXEPOCH') AS "END DATE", + CASE METADATA_VALUES.NUMERICAL_VALUE + WHEN 1.0 THEN "SUNNY" + WHEN 2.0 THEN "SUNNY OR INDOOR" + WHEN 3.0 THEN "PARTLY CLOUDY" + WHEN 4.0 THEN "CLOUDY" + WHEN 5.0 THEN "CLOUDY" + WHEN 6.0 THEN "FOG" + WHEN 18.0 THEN "SNOW" + WHEN 31.0 THEN "RAIN" + WHEN 35.0 THEN "THUNDERSTORM" + ELSE "UNKNOWN" || "-" || METADATA_VALUES.NUMERICAL_VALUE + END "WEATHER", + CASE WORKOUTS.ACTIVITY_TYPE + WHEN 63 THEN "HIGH INTENSITY INTERVAL TRAINING (HIIT)" + WHEN 37 THEN "INDOOR / OUTDOOR RUN" + WHEN 3000 THEN "OTHER" + WHEN 52 THEN "INDOOR / OUTDOOR WALK" + WHEN 20 THEN "FUNCTIONAL TRAINING" + WHEN 13 THEN "INDOOR CYCLE" + WHEN 16 THEN "ELLIPTICAL" + WHEN 35 THEN "ROWER" + ELSE "UNKNOWN" || "-" || WORKOUTS.ACTIVITY_TYPE + END "WORKOUT TYPE", + WORKOUTS.DURATION / 60.00 AS "DURATION (IN MINUTES)", + WORKOUTS.TOTAL_ENERGY_BURNED AS "CALORIES BURNED", + WORKOUTS.TOTAL_DISTANCE AS "DISTANCE IN KILOMETERS", + WORKOUTS.TOTAL_BASAL_ENERGY_BURNED AS "TOTAL BASEL ENERGY BURNED", + CASE WORKOUTS.GOAL_TYPE + WHEN 2 THEN "MINUTES" + WHEN 0 THEN "OPEN" + END "GOAL TYPE", + WORKOUTS.GOAL AS "GOAL" + FROM + SAMPLES + LEFT OUTER JOIN + METADATA_VALUES + ON METADATA_VALUES.OBJECT_ID = SAMPLES.DATA_ID + LEFT OUTER JOIN + METADATA_KEYS + ON METADATA_KEYS.ROWID = METADATA_VALUES.KEY_ID + LEFT OUTER JOIN + WORKOUTS + ON WORKOUTS.DATA_ID = SAMPLES.DATA_ID + WHERE + WORKOUTS.ACTIVITY_TYPE NOT NULL AND KEY IS "_HKPrivateWeatherCondition" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/interaction_contact_interactions.txt b/src/sysdiagnose/utils/apollo_modules/interaction_contact_interactions.txt new file mode 100644 index 0000000..5636497 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/interaction_contact_interactions.txt @@ -0,0 +1,267 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Contact Interaction + +[Database Metadata] +DATABASE=interactionC.db +PLATFORM=IOS,MACOS +VERSIONS=9,10,11,12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=interaction_contact_interactions +ACTIVITY=Contact Interaction +KEY_TIMESTAMP=START DATE + +[SQL Query 13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZINTERACTIONS.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS 'START DATE', + DATETIME(ZINTERACTIONS.ZENDDATE + 978307200, 'UNIXEPOCH') AS 'END DATE', + ZINTERACTIONS.ZBUNDLEID AS 'BUNDLE ID', + ZINTERACTIONS.ZACCOUNT AS 'ACCOUNT', + ZINTERACTIONS.ZTARGETBUNDLEID AS 'TARGET BUNDLE ID', + CASE ZINTERACTIONS.ZDIRECTION + WHEN '0' THEN 'INCOMING' + WHEN '1' THEN 'OUTGOING' + END 'DIRECTION', + ZCONTACTS.ZDISPLAYNAME AS 'SENDER DISPLAY NAME', + ZCONTACTS.ZIDENTIFIER AS 'SENDER IDENTIFIER', + ZCONTACTS.ZPERSONID AS 'SENDER PERSONID', + RECEIPIENTCONACT.ZDISPLAYNAME AS 'RECIPIENT DISPLAY NAME', + RECEIPIENTCONACT.ZIDENTIFIER AS 'RECIPIENT IDENTIFIER', + RECEIPIENTCONACT.ZPERSONID AS 'RECIPIENT PERSONID', + ZINTERACTIONS.ZRECIPIENTCOUNT AS 'RECIPIENT COUNT', + ZINTERACTIONS.ZDOMAINIDENTIFIER AS 'DOMAIN IDENTIFIER', + ZINTERACTIONS.ZISRESPONSE AS 'IS RESPONSE', + ZATTACHMENT.ZCONTENTTEXT AS 'CONTEXT TEXT', + ZATTACHMENT.ZUTI AS 'UTI', + ZATTACHMENT.ZCONTENTURL AS 'CONTENT URL', + ZATTACHMENT.ZSIZEINBYTES AS 'SIZE IN BYTES', + ZATTACHMENT.ZPHOTOLOCALIDENTIFIER AS 'PHOTO LOCAL IDENTIFIER', + HEX(ZATTACHMENT.ZIDENTIFIER) AS 'ATTACHMENT ID', + ZATTACHMENT.ZCLOUDIDENTIFIER AS 'CLOUD IDENTIFIER', + ZCONTACTS.ZINCOMINGRECIPIENTCOUNT AS 'INCOMING RECIPIENT COUNT', + ZCONTACTS.ZINCOMINGSENDERCOUNT AS 'INCOMING SENDER COUNT', + ZCONTACTS.ZOUTGOINGRECIPIENTCOUNT AS 'OUTGOING RECIPIENT COUNT', + DATETIME(ZINTERACTIONS.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS 'ZINTERACTIONS CREATION DATE', + DATETIME(ZCONTACTS.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS 'ZCONTACTS CREATION DATE', + DATETIME(ZCONTACTS.ZFIRSTINCOMINGRECIPIENTDATE + 978307200, 'UNIXEPOCH') AS 'FIRST INCOMING RECIPIENT DATE', + DATETIME(ZCONTACTS.ZFIRSTINCOMINGSENDERDATE + 978307200, 'UNIXEPOCH') AS 'FIRST INCOMING SENDER DATE', + DATETIME(ZCONTACTS.ZFIRSTOUTGOINGRECIPIENTDATE + 978307200, 'UNIXEPOCH') AS 'FIRST OUTGOING RECIPIENT DATE', + DATETIME(ZCONTACTS.ZLASTINCOMINGSENDERDATE + 978307200, 'UNIXEPOCH') AS 'LAST INCOMING SENDER DATE', + CASE ZCONTACTS.ZLASTINCOMINGRECIPIENTDATE + WHEN '0' THEN '0' + ELSE DATETIME(ZCONTACTS.ZLASTINCOMINGRECIPIENTDATE + 978307200, 'UNIXEPOCH') + END 'LAST INCOMING RECIPIENT DATE', + DATETIME(ZCONTACTS.ZLASTOUTGOINGRECIPIENTDATE + 978307200, 'UNIXEPOCH') AS 'LAST OUTGOING RECIPIENT DATE', + ZCONTACTS.ZCUSTOMIDENTIFIER AS 'CUSTOM IDENTIFIER', + ZINTERACTIONS.ZCONTENTURL AS 'CONTENT URL', + ZINTERACTIONS.ZLOCATIONUUID AS 'LOCATION UUID', + ZINTERACTIONS.ZGROUPNAME AS 'GROUP NAME', + ZINTERACTIONS.ZDERIVEDINTENTIDENTIFIER AS 'DERIVIED INTENT ID', + ZINTERACTIONS.Z_PK AS 'ZINTERACTIONS TABLE ID' + FROM ZINTERACTIONS + LEFT JOIN ZCONTACTS ON ZINTERACTIONS.ZSENDER = ZCONTACTS.Z_PK + LEFT JOIN Z_1INTERACTIONS ON ZINTERACTIONS.Z_PK == Z_1INTERACTIONS.Z_3INTERACTIONS + LEFT JOIN ZATTACHMENT ON Z_1INTERACTIONS.Z_1ATTACHMENTS == ZATTACHMENT.Z_PK + LEFT JOIN Z_2INTERACTIONRECIPIENT ON ZINTERACTIONS.Z_PK== Z_2INTERACTIONRECIPIENT.Z_3INTERACTIONRECIPIENT + LEFT JOIN ZCONTACTS RECEIPIENTCONACT ON Z_2INTERACTIONRECIPIENT.Z_2RECIPIENTS== RECEIPIENTCONACT.Z_PK + +[SQL Query 12] +QUERY= + SELECT + DATETIME(ZINTERACTIONS.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS 'START DATE', + DATETIME(ZINTERACTIONS.ZENDDATE + 978307200, 'UNIXEPOCH') AS 'END DATE', + ZINTERACTIONS.ZBUNDLEID AS 'BUNDLE ID', + ZINTERACTIONS.ZACCOUNT AS 'ACCOUNT', + ZINTERACTIONS.ZTARGETBUNDLEID AS 'TARGET BUNDLE ID', + CASE ZINTERACTIONS.ZDIRECTION + WHEN '0' THEN 'INCOMING' + WHEN '1' THEN 'OUTGOING' + END 'DIRECTION', + ZCONTACTS.ZDISPLAYNAME AS 'SENDER DISPLAY NAME', + ZCONTACTS.ZIDENTIFIER AS 'SENDER IDENTIFIER', + ZCONTACTS.ZPERSONID AS 'SENDER PERSONID', + RECEIPIENTCONACT.ZDISPLAYNAME AS 'RECIPIENT DISPLAY NAME', + RECEIPIENTCONACT.ZIDENTIFIER AS 'RECIPIENT IDENTIFIER', + RECEIPIENTCONACT.ZPERSONID AS 'RECIPIENT PERSONID', + ZINTERACTIONS.ZRECIPIENTCOUNT AS 'RECIPIENT COUNT', + ZINTERACTIONS.ZDOMAINIDENTIFIER AS 'DOMAIN IDENTIFIER', + ZINTERACTIONS.ZISRESPONSE AS 'IS RESPONSE', + ZATTACHMENT.ZCONTENTTEXT AS 'CONTEXT TEXT', + ZATTACHMENT.ZUTI AS 'UTI', + ZATTACHMENT.ZCONTENTURL AS 'CONTENT URL', + ZATTACHMENT.ZSIZEINBYTES AS 'SIZE IN BYTES', + HEX(ZATTACHMENT.ZIDENTIFIER) AS 'ATTACHMENT ID', + ZATTACHMENT.ZCLOUDIDENTIFIER AS 'CLOUD IDENTIFIER', + ZCONTACTS.ZINCOMINGRECIPIENTCOUNT AS 'INCOMING RECIPIENT COUNT', + ZCONTACTS.ZINCOMINGSENDERCOUNT AS 'INCOMING SENDER COUNT', + ZCONTACTS.ZOUTGOINGRECIPIENTCOUNT AS 'OUTGOING RECIPIENT COUNT', + DATETIME(ZINTERACTIONS.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS 'ZINTERACTIONS CREATION DATE', + DATETIME(ZCONTACTS.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS 'ZCONTACTS CREATION DATE', + DATETIME(ZCONTACTS.ZFIRSTINCOMINGRECIPIENTDATE + 978307200, 'UNIXEPOCH') AS 'FIRST INCOMING RECIPIENT DATE', + DATETIME(ZCONTACTS.ZFIRSTINCOMINGSENDERDATE + 978307200, 'UNIXEPOCH') AS 'FIRST INCOMING SENDER DATE', + DATETIME(ZCONTACTS.ZFIRSTOUTGOINGRECIPIENTDATE + 978307200, 'UNIXEPOCH') AS 'FIRST OUTGOING RECIPIENT DATE', + DATETIME(ZCONTACTS.ZLASTINCOMINGSENDERDATE + 978307200, 'UNIXEPOCH') AS 'LAST INCOMING SENDER DATE', + CASE ZCONTACTS.ZLASTINCOMINGRECIPIENTDATE + WHEN '0' THEN '0' + ELSE DATETIME(ZCONTACTS.ZLASTINCOMINGRECIPIENTDATE + 978307200, 'UNIXEPOCH') + END 'LAST INCOMING RECIPIENT DATE', + DATETIME(ZCONTACTS.ZLASTOUTGOINGRECIPIENTDATE + 978307200, 'UNIXEPOCH') AS 'LAST OUTGOING RECIPIENT DATE', + ZCONTACTS.ZCUSTOMIDENTIFIER AS 'CUSTOM IDENTIFIER', + ZINTERACTIONS.ZCONTENTURL AS 'CONTENT URL', + ZINTERACTIONS.ZLOCATIONUUID AS 'LOCATION UUID', + ZINTERACTIONS.Z_PK AS 'ZINTERACTIONS TABLE ID' + FROM + ZINTERACTIONS + LEFT JOIN + ZCONTACTS + ON ZINTERACTIONS.ZSENDER = ZCONTACTS.Z_PK + LEFT JOIN Z_1INTERACTIONS ON ZINTERACTIONS.Z_PK == Z_1INTERACTIONS.Z_3INTERACTIONS + LEFT JOIN ZATTACHMENT ON Z_1INTERACTIONS.Z_1ATTACHMENTS == ZATTACHMENT.Z_PK + LEFT JOIN Z_2INTERACTIONRECIPIENT ON ZINTERACTIONS.Z_PK== Z_2INTERACTIONRECIPIENT.Z_3INTERACTIONRECIPIENT + LEFT JOIN ZCONTACTS RECEIPIENTCONACT ON Z_2INTERACTIONRECIPIENT.Z_2RECIPIENTS== RECEIPIENTCONACT.Z_PK + +[SQL Query 10,11] +QUERY= + SELECT + DATETIME(ZINTERACTIONS.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS 'START DATE', + DATETIME(ZINTERACTIONS.ZENDDATE + 978307200, 'UNIXEPOCH') AS 'END DATE', + ZINTERACTIONS.ZBUNDLEID AS 'BUNDLE ID', + ZCONTACTS.ZDISPLAYNAME AS 'DISPLAY NAME', + ZCONTACTS.ZIDENTIFIER AS 'IDENTIFIER', + ZCONTACTS.ZPERSONID AS 'PERSONID', + ZINTERACTIONS.ZDIRECTION AS 'DIRECTION', + ZINTERACTIONS.ZISRESPONSE AS 'IS RESPONSE', + ZINTERACTIONS.ZMECHANISM AS 'MECHANISM', + ZINTERACTIONS.ZRECIPIENTCOUNT AS 'RECIPIENT COUNT', + DATETIME(ZINTERACTIONS.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS 'ZINTERACTIONS CREATION DATE', + DATETIME(ZCONTACTS.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS 'ZCONTACTS CREATION DATE', + DATETIME(ZCONTACTS.ZFIRSTINCOMINGRECIPIENTDATE + 978307200, 'UNIXEPOCH') AS 'FIRST INCOMING RECIPIENT DATE', + DATETIME(ZCONTACTS.ZFIRSTINCOMINGSENDERDATE + 978307200, 'UNIXEPOCH') AS 'FIRST INCOMING SENDER DATE', + DATETIME(ZCONTACTS.ZFIRSTOUTGOINGRECIPIENTDATE + 978307200, 'UNIXEPOCH') AS 'FIRST OUTGOING RECIPIENT DATE', + DATETIME(ZCONTACTS.ZLASTINCOMINGSENDERDATE + 978307200, 'UNIXEPOCH') AS 'LAST INCOMING SENDER DATE', + CASE + ZLASTINCOMINGRECIPIENTDATE + WHEN + '0' + THEN + '0' + ELSE + DATETIME(ZCONTACTS.ZLASTINCOMINGRECIPIENTDATE + 978307200, 'UNIXEPOCH') + END AS 'LAST INCOMING RECIPIENT DATE', + DATETIME(ZCONTACTS.ZLASTOUTGOINGRECIPIENTDATE + 978307200, 'UNIXEPOCH') AS 'LAST OUTGOING RECIPIENT DATE', + ZINTERACTIONS.ZACCOUNT AS 'ACCOUNT', + ZINTERACTIONS.ZDOMAINIDENTIFIER AS 'DOMAIN IDENTIFIER', + ZCONTACTS.ZINCOMINGRECIPIENTCOUNT AS 'INCOMING RECIPIENT COUNT', + ZCONTACTS.ZINCOMINGSENDERCOUNT AS 'INCOMING SENDER COUNT', + ZCONTACTS.ZOUTGOINGRECIPIENTCOUNT AS 'OUTGOING RECIPIENT COUNT', + ZCONTACTS.ZCUSTOMIDENTIFIER AS 'CUSTOM IDENTIFIER', + ZINTERACTIONS.ZCONTENTURL AS 'CONTENT URL', + ZINTERACTIONS.ZLOCATIONUUID AS 'LOCATION UUID', + ZINTERACTIONS.Z_PK AS 'ZINTERACTIONS TABLE ID' + FROM + ZINTERACTIONS + LEFT JOIN + ZCONTACTS + ON ZINTERACTIONS.ZSENDER = ZCONTACTS.Z_PK + +[SQL Query 9] +QUERY= + SELECT + DATETIME(ZINTERACTIONS.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS 'START DATE', + DATETIME(ZINTERACTIONS.ZENDDATE + 978307200, 'UNIXEPOCH') AS 'END DATE', + DATETIME(ZINTERACTIONS.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS 'ZINTERACTIONS CREATION DATE', + ZINTERACTIONS.ZBUNDLEID AS 'BUNDLE ID', + ZCONTACTS.ZDISPLAYNAME AS 'DISPLAY NAME', + ZCONTACTS.ZIDENTIFIER AS 'IDENTIFIER', + ZCONTACTS.ZPERSONID AS 'PERSONID', + ZINTERACTIONS.ZDIRECTION AS 'DIRECTION', + ZINTERACTIONS.ZISRESPONSE AS 'IS RESPONSE', + ZINTERACTIONS.ZMECHANISM AS 'MECHANISM', + DATETIME(ZCONTACTS.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS 'ZCONTACTS CREATION DATE', + DATETIME(ZCONTACTS.ZFIRSTINCOMINGRECIPIENTDATE + 978307200, 'UNIXEPOCH') AS 'FIRST INCOMING RECIPIENT DATE', + DATETIME(ZCONTACTS.ZFIRSTINCOMINGSENDERDATE + 978307200, 'UNIXEPOCH') AS 'FIRST INCOMING SENDER DATE', + DATETIME(ZCONTACTS.ZFIRSTOUTGOINGRECIPIENTDATE + 978307200, 'UNIXEPOCH') AS 'FIRST OUTGOING RECIPIENT DATE', + DATETIME(ZCONTACTS.ZLASTINCOMINGSENDERDATE + 978307200, 'UNIXEPOCH') AS 'LAST INCOMING SENDER DATE', + CASE + ZLASTINCOMINGRECIPIENTDATE + WHEN + '0' + THEN + '0' + ELSE + DATETIME(ZCONTACTS.ZLASTINCOMINGRECIPIENTDATE + 978307200, 'UNIXEPOCH') + END AS 'LAST INCOMING RECIPIENT DATE', + DATETIME(ZCONTACTS.ZLASTOUTGOINGRECIPIENTDATE + 978307200, 'UNIXEPOCH') AS 'LAST OUTGOING RECIPIENT DATE', + ZINTERACTIONS.ZACCOUNT AS 'ACCOUNT', + ZINTERACTIONS.ZDOMAINIDENTIFIER AS 'DOMAIN IDENTIFIER', + ZCONTACTS.ZINCOMINGRECIPIENTCOUNT AS 'INCOMING RECIPIENT COUNT', + ZCONTACTS.ZINCOMINGSENDERCOUNT AS 'INCOMING SENDER COUNT', + ZCONTACTS.ZOUTGOINGRECIPIENTCOUNT AS 'OUTGOING RECIPIENT COUNT', + ZINTERACTIONS.ZCONTENTURL AS 'CONTENT URL', + ZINTERACTIONS.ZLOCATIONUUID AS 'LOCATION UUID', + ZINTERACTIONS.Z_PK AS 'ZINTERACTIONS TABLE ID' + FROM + ZINTERACTIONS + LEFT JOIN + ZCONTACTS + ON ZINTERACTIONS.ZSENDER = ZCONTACTS.Z_PK \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/interaction_contact_interactions_keywords.txt b/src/sysdiagnose/utils/apollo_modules/interaction_contact_interactions_keywords.txt new file mode 100644 index 0000000..e257bb2 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/interaction_contact_interactions_keywords.txt @@ -0,0 +1,97 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Contact Interaction Keywords + +[Database Metadata] +DATABASE=interactionC.db +PLATFORM=IOS,MACOS +VERSIONS=9,10,11,12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=interaction_contact_interactions_keywords +ACTIVITY=Contact Interaction Keywords +KEY_TIMESTAMP=CREATION DATE + +[SQL Query 12,13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZKEYWORDS.ZCREATIONDATE+ 978307200, 'UNIXEPOCH') AS 'CREATION DATE', + ZKEYWORDS.ZKEYWORD AS 'KEYWORD', + ZINTERACTIONS.ZBUNDLEID AS 'BUNDLE ID', + ZINTERACTIONS.ZDOMAINIDENTIFIER AS 'DOMAIN ID', + ZINTERACTIONS.ZUUID AS 'UUID', + ZKEYWORDS.Z_PK AS 'ZKEYWORDS TABLE ID' + FROM ZKEYWORDS + JOIN Z_3KEYWORDS ON ZKEYWORDS.Z_PK == Z_3KEYWORDS.Z_4KEYWORDS + JOIN ZINTERACTIONS ON Z_3KEYWORDS.Z_3INTERACTIONS1== ZINTERACTIONS.Z_PK + +[SQL Query 9,10,11] +QUERY= + SELECT + DATETIME(ZKEYWORDS.ZCREATIONDATE+ 978307200, 'UNIXEPOCH') AS 'CREATION DATE', + ZKEYWORDS.ZKEYWORD AS 'KEYWORD', + ZINTERACTIONS.ZBUNDLEID AS 'BUNDLE ID', + ZINTERACTIONS.ZDOMAINIDENTIFIER AS 'DOMAIN ID', + ZINTERACTIONS.ZUUID AS 'UUID', + ZKEYWORDS.Z_PK AS 'ZKEYWORDS TABLE ID' + FROM ZKEYWORDS + JOIN Z_2KEYWORDS ON ZKEYWORDS.Z_PK == Z_2KEYWORDS.Z_3KEYWORDS + JOIN ZINTERACTIONS ON Z_2KEYWORDS.Z_2INTERACTIONS== ZINTERACTIONS.Z_PK \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_activity_level.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_activity_level.txt new file mode 100644 index 0000000..d40eb3a --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_activity_level.txt @@ -0,0 +1,103 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Activity Level + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=12,13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_activity_level +ACTIVITY=Activity Level +KEY_TIMESTAMP=START + +[SQL Query 12,13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUEDOUBLE AS "VALUE", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/activity/level" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_activity_level_feedback.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_activity_level_feedback.txt new file mode 100644 index 0000000..af31874 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_activity_level_feedback.txt @@ -0,0 +1,99 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Activity Level Feedback + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=12,13,10.14,10.15 + +[Query Metadata] +QUERY_NAME=knowledge_activity_level_feedback +ACTIVITY=Activity Level Feedback +KEY_TIMESTAMP=START + +[SQL Query 12,13,10.14,10.15] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/activity/level/feedback" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_airplay_prediction.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_airplay_prediction.txt new file mode 100644 index 0000000..d60a964 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_airplay_prediction.txt @@ -0,0 +1,102 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Airplay Prediction + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_airplay_prediction +ACTIVITY=Airplay Prediction +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZSTRUCTUREDMETADATA.Z_DKAIRPLAYPREDICTIONMETADATAKEY__OUTPUTDEVICEID AS "OUTPUT DEVICE ID", + ZSTRUCTUREDMETADATA.Z_DKAIRPLAYPREDICTIONMETADATAKEY__SUBTYPE AS "SUBTYPE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/airplay/prediction" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity.txt new file mode 100644 index 0000000..d6dea82 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity.txt @@ -0,0 +1,151 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Application Activity + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_app_activity +ACTIVITY=Application Activity +KEY_TIMESTAMP=START + +[SQL Query 12,13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSOURCE.ZGROUPID AS "GROUP ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__CONTENTDESCRIPTION AS "CONTENT DESCRIPTION", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYREQUIREDSTRING AS "USER ACTIVITY REQUIRED STRING", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMRELATEDCONTENTURL AS "CONTENT URL", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__SUGGESTEDINVOCATIONPHRASE AS "SUGGESTED IN VOCATION PHRASE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMRELATEDUNIQUEIDENTIFIER AS "UNIQUE ID", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMIDENTIFIER AS "ITEM IDENTIFIER", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYUUID AS "ACTIVITY UUID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISELIGIBLEFORPREDICTION AS "ELIGIBLE FOR PREDICTION", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISPUBLICLYINDEXABLE AS "PUBLICALLY INDEXABLE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + +[SQL Query 11,10.13] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSOURCE.ZGROUPID AS "GROUP ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMRELATEDCONTENTURL AS "CONTENT URL", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMRELATEDUNIQUEIDENTIFIER AS "UNIQUE ID", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMIDENTIFIER AS "ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_calendar.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_calendar.txt new file mode 100644 index 0000000..1d68bdc --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_calendar.txt @@ -0,0 +1,150 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Calendar activity, shows context. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_app_activity_calendar +ACTIVITY=Calendar Activity +KEY_TIMESTAMP=START + +[SQL Query 12,13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYREQUIREDSTRING AS "USER ACTIVITY REQUIRED STRING", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__TITLE AS "TITLE", + DATETIME(ZSTRUCTUREDMETADATA.ZCOM_APPLE_CALENDARUIKIT_USERACTIVITY_DATE + 978307200, 'UNIXEPOCH') AS "CALENDAR DATE", + DATETIME(ZSTRUCTUREDMETADATA.ZCOM_APPLE_CALENDARUIKIT_USERACTIVITY_ENDDATE + 978307200, 'UNIXEPOCH') AS "CALENDAR END DATE", + ZSTRUCTUREDMETADATA.ZCOM_APPLE_CALENDARUIKIT_USERACTIVITY_EXTERNALID AS "EXTERNAL ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMRELATEDUNIQUEIDENTIFIER AS "UNIQUE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMIDENTIFIER AS "ITEM IDENTIFIER", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYUUID AS "ACTIVITY UUID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISELIGIBLEFORPREDICTION AS "ELIGIBLE FOR PREDICTION", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISPUBLICLYINDEXABLE AS "PUBLICALLY INDEXABLE", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND (ZVALUESTRING = "com.apple.mobilecal" OR ZVALUESTRING = "com.apple.iCal") + +[SQL Query 11,10.13] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__TITLE AS "TITLE", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + DATETIME(ZSTRUCTUREDMETADATA.ZCOM_APPLE_CALENDARUIKIT_USERACTIVITY_DATE + 978307200, 'UNIXEPOCH') AS "CALENDAR DATE", + DATETIME(ZSTRUCTUREDMETADATA.ZCOM_APPLE_CALENDARUIKIT_USERACTIVITY_ENDDATE + 978307200, 'UNIXEPOCH') AS "CALENDAR END DATE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND (ZVALUESTRING = "com.apple.mobilecal" OR ZVALUESTRING = "com.apple.iCal") \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_clock.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_clock.txt new file mode 100644 index 0000000..6a0dc47 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_clock.txt @@ -0,0 +1,146 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Clock activity, shows context. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_app_activity_clock +ACTIVITY=Clock Activity +KEY_TIMESTAMP=START + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYREQUIREDSTRING AS "USER ACTIVITY REQUIRED STRING", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMIDENTIFIER AS "ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYUUID AS "ACTIVITY UUID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISELIGIBLEFORPREDICTION AS "ELIGIBLE FOR PREDICTION", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISPUBLICLYINDEXABLE AS "PUBLICALLY INDEXABLE", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND "BUNDLE ID" = "com.apple.mobiletimer" + +[SQL Query 11] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMIDENTIFIER AS "ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISPUBLICLYINDEXABLE AS "PUBLICALLY INDEXABLE", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND "BUNDLE ID" = "com.apple.mobiletimer" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_mail.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_mail.txt new file mode 100644 index 0000000..b1d47bb --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_mail.txt @@ -0,0 +1,144 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Mail activity, shows context. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_app_activity_mail +ACTIVITY=Mail Activity +KEY_TIMESTAMP=START + +[SQL Query 12,13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYREQUIREDSTRING AS "USER ACTIVITY REQUIRED STRING", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISELIGIBLEFORPREDICTION AS "ELIGIBLE FOR PREDICTION", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISPUBLICLYINDEXABLE AS "PUBLICALLY INDEXABLE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMIDENTIFIER AS "ITEM IDENTIFIER", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYUUID AS "ACTIVITY UUID", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND ("BUNDLE ID" = "com.apple.mobilemail" OR "BUNDLE ID" = "com.apple.mail") + +[SQL Query 11,10.13] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND ("BUNDLE ID" = "com.apple.mobilemail" OR "BUNDLE ID" = "com.apple.mail") \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_maps.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_maps.txt new file mode 100644 index 0000000..f50edc4 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_maps.txt @@ -0,0 +1,144 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Maps activity, shows context. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_app_activity_maps +ACTIVITY=Maps Activity +KEY_TIMESTAMP=START + +[SQL Query 12,13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYREQUIREDSTRING AS "USER ACTIVITY REQUIRED STRING", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMIDENTIFIER AS "ITEM IDENTIFIER", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYUUID AS "ACTIVITY UUID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISELIGIBLEFORPREDICTION AS "ELIGIBLE FOR PREDICTION", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISPUBLICLYINDEXABLE AS "PUBLICALLY INDEXABLE", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND "BUNDLE ID" = "com.apple.Maps" + +[SQL Query 11,10.13] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND "BUNDLE ID" = "com.apple.Maps" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_notes.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_notes.txt new file mode 100644 index 0000000..e26c1a7 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_notes.txt @@ -0,0 +1,147 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Notes activity, shows context. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_app_activity_notes +ACTIVITY=Notes Activity +KEY_TIMESTAMP=START + +[SQL Query 12,13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYREQUIREDSTRING AS "USER ACTIVITY REQUIRED STRING", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMRELATEDUNIQUEIDENTIFIER AS "UNIQUE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMIDENTIFIER AS "ITEM IDENTIFIER", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISELIGIBLEFORPREDICTION AS "ELIGIBLE FOR PREDICTION", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISPUBLICLYINDEXABLE AS "PUBLICALLY INDEXABLE", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYUUID AS "ACTIVITY UUID", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND ("BUNDLE ID" = "com.apple.mobilenotes" OR "BUNDLE ID" = "com.apple.Notes") + +[SQL Query 11,10.13] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMIDENTIFIER AS "ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMRELATEDUNIQUEIDENTIFIER AS "UNIQUE ID", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND ("BUNDLE ID" = "com.apple.mobilenotes" OR "BUNDLE ID" = "com.apple.Notes") \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_passbook.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_passbook.txt new file mode 100644 index 0000000..2ac0e69 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_passbook.txt @@ -0,0 +1,149 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Passes/Wallet activity, shows context. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_app_activity_passbook +ACTIVITY=Passes/Wallet Activity +KEY_TIMESTAMP=START + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__CONTENTDESCRIPTION AS "CONTENT DESCRIPTION", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYREQUIREDSTRING AS "USER ACTIVITY REQUIRED STRING", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMRELATEDUNIQUEIDENTIFIER AS "UNIQUE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMIDENTIFIER AS "ITEM IDENTIFIER", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISELIGIBLEFORPREDICTION AS "ELIGIBLE FOR PREDICTION", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISPUBLICLYINDEXABLE AS "PUBLICALLY INDEXABLE", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYUUID AS "ACTIVITY UUID", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND "BUNDLE ID" = "com.apple.Passbook" + +[SQL Query 11] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMRELATEDUNIQUEIDENTIFIER AS "UNIQUE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMIDENTIFIER AS "ITEM IDENTIFIER", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISPUBLICLYINDEXABLE AS "PUBLICALLY INDEXABLE", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND "BUNDLE ID" = "com.apple.Passbook" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_photos.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_photos.txt new file mode 100644 index 0000000..316292c --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_photos.txt @@ -0,0 +1,145 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Photos activity, shows context. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_app_activity_photos +ACTIVITY=Photos Activity +KEY_TIMESTAMP=START + +[SQL Query 12,13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYREQUIREDSTRING AS "USER ACTIVITY REQUIRED STRING", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMIDENTIFIER AS "ITEM IDENTIFIER", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYUUID AS "ACTIVITY UUID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISELIGIBLEFORPREDICTION AS "ELIGIBLE FOR PREDICTION", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISPUBLICLYINDEXABLE AS "PUBLICALLY INDEXABLE", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND ("BUNDLE ID" = "com.apple.mobileslideshow" OR "BUNDLE ID" = "com.apple.Photos") + +[SQL Query 11,10.13] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMIDENTIFIER AS "ID", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND ("BUNDLE ID" = "com.apple.mobileslideshow" OR "BUNDLE ID" = "com.apple.Photos") \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_safari.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_safari.txt new file mode 100644 index 0000000..4a68681 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_safari.txt @@ -0,0 +1,150 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Safari Browser activity, shows context. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_app_activity_safari +ACTIVITY=Safari Activity +KEY_TIMESTAMP=START + +[SQL Query 12,13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSOURCE.ZGROUPID AS "GROUP ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__CONTENTDESCRIPTION AS "CONTENT DESCRIPTION", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMRELATEDCONTENTURL AS "CONTENT URL", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYREQUIREDSTRING AS "USER ACTIVITY REQUIRED STRING", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMRELATEDUNIQUEIDENTIFIER AS "UNIQUE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYUUID AS "ACTIVITY UUID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMIDENTIFIER AS "ITEM IDENTIFIER", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISELIGIBLEFORPREDICTION AS "ELIGIBLE FOR PREDICTION", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISPUBLICLYINDEXABLE AS "PUBLICALLY INDEXABLE", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND ("BUNDLE ID" = "com.apple.mobilesafari" OR "BUNDLE ID" = "com.apple.Safari") + +[SQL Query 11,10.13] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMRELATEDCONTENTURL AS "CONTENT URL", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMIDENTIFIER AS "ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMRELATEDUNIQUEIDENTIFIER AS "UNIQUE ID", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND ("BUNDLE ID" = "com.apple.mobilesafari" OR "BUNDLE ID" = "com.apple.Safari") \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_weather.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_weather.txt new file mode 100644 index 0000000..d6eb1b1 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_activity_weather.txt @@ -0,0 +1,148 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Weather activity, shows context. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_app_activity_weather +ACTIVITY=Weather Activity +KEY_TIMESTAMP=START + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYREQUIREDSTRING AS "USER ACTIVITY REQUIRED STRING", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYUUID AS "ACTIVITY UUID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMIDENTIFIER AS "ITEM IDENTIFIER", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISELIGIBLEFORPREDICTION AS "ELIGIBLE FOR PREDICTION", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISPUBLICLYINDEXABLE AS "PUBLICALLY INDEXABLE", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND "BUNDLE ID" = "com.apple.weather" + +[SQL Query 11] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMIDENTIFIER AS "ITEM IDENTIFIER", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISPUBLICLYINDEXABLE AS "PUBLICALLY INDEXABLE", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ENTRY CREATION", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/activity" + AND "BUNDLE ID" = "com.apple.weather" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_inFocus.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_inFocus.txt new file mode 100644 index 0000000..2e7cde5 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_inFocus.txt @@ -0,0 +1,105 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Application Usage, shows application in focus on device. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_app_inFocus +ACTIVITY=Application In Focus +KEY_TIMESTAMP=START + +[SQL Query 11,12,13,10.13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + (ZOBJECT.ZENDDATE-ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE-ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZSTRUCTUREDMETADATA .Z_DKAPPLICATIONMETADATAKEY__LAUNCHREASON AS "LAUNCH REASON", + ZSTRUCTUREDMETADATA .Z_DKAPPLICATIONMETADATAKEY__EXTENSIONCONTAININGBUNDLEIDENTIFIER AS "EXTENSION CONTAINING BUNDLE ID", + ZSTRUCTUREDMETADATA .Z_DKAPPLICATIONMETADATAKEY__EXTENSIONHOSTIDENTIFIER AS "EXTENSION HOST ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE ZSTREAMNAME IS "/app/inFocus" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_install.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_install.txt new file mode 100644 index 0000000..e9f9205 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_install.txt @@ -0,0 +1,105 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Installed applications + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_app_install +ACTIVITY=Application Install +KEY_TIMESTAMP=START + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPINSTALLMETADATAKEY__PRIMARYCATEGORY AS "APP CATEGORY", + ZSTRUCTUREDMETADATA.Z_DKAPPINSTALLMETADATAKEY__SUBCATEGORIES AS "APP SUBCATEGORY", + ZSTRUCTUREDMETADATA.Z_DKAPPINSTALLMETADATAKEY__TITLE AS "APP NAME", + ZSTRUCTUREDMETADATA.Z_DKAPPINSTALLMETADATAKEY__ISINSTALL AS "IS INSTALL", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/app/install" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_intents.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_intents.txt new file mode 100644 index 0000000..88f32f0 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_intents.txt @@ -0,0 +1,160 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Application intents, provides application context. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_app_intents +ACTIVITY=Application Intents +KEY_TIMESTAMP=START + +[SQL Query 13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "APP NAME", + ZSOURCE.ZBUNDLEID AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKINTENTMETADATAKEY__INTENTVERB AS "INTENT VERB", + ZSTRUCTUREDMETADATA.Z_DKINTENTMETADATAKEY__INTENTCLASS AS "INTENT CLASS", + ZSOURCE.ZDEVICEID AS "DEVICE ID", + ZSOURCE.ZGROUPID AS "GROUP ID", + ZSTRUCTUREDMETADATA.Z_DKINTENTMETADATAKEY__DERIVEDINTENTIDENTIFIER AS "DERIVED INTENT ID", + ZSTRUCTUREDMETADATA.Z_DKINTENTMETADATAKEY__DIRECTION AS "DIRECTION", + ZSTRUCTUREDMETADATA.Z_DKINTENTMETADATAKEY__DONATEDBYSIRI AS "DONATED BY SIRI", + ZSTRUCTUREDMETADATA.Z_DKINTENTMETADATAKEY__INTENTHANDLINGSTATUS AS "HANDLING STATUS", + ZSTRUCTUREDMETADATA.Z_DKINTENTMETADATAKEY__INTENTTYPE AS "INTENT TYPE", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZDOUBLEVALUE AS "VALUE", + ZSOURCE.ZITEMID AS "ITEM ID", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + HEX(ZSTRUCTUREDMETADATA.Z_DKINTENTMETADATAKEY__SERIALIZEDINTERACTION) AS "SERIALIZED INTERACTION (HEX)", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME IS "/app/intents" + +[SQL Query 11,12,10.13,10.14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "APP NAME", + ZSOURCE.ZBUNDLEID AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKINTENTMETADATAKEY__INTENTVERB AS "INTENT VERB", + ZSTRUCTUREDMETADATA.Z_DKINTENTMETADATAKEY__INTENTCLASS AS "INTENT CLASS", + ZSOURCE.ZDEVICEID AS "DEVICE ID", + ZSOURCE.ZGROUPID AS "GROUP ID", + ZSTRUCTUREDMETADATA.Z_DKINTENTMETADATAKEY__DONATEDBYSIRI AS "DONATED BY SIRI", + ZSTRUCTUREDMETADATA.Z_DKINTENTMETADATAKEY__INTENTHANDLINGSTATUS AS "HANDLING STATUS", + ZSOURCE.ZITEMID AS "ITEM ID", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + HEX(ZSTRUCTUREDMETADATA.Z_DKINTENTMETADATAKEY__SERIALIZEDINTERACTION) AS "SERIALIZED INTERACTION (HEX)", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/app/intents" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_location_activity.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_location_activity.txt new file mode 100644 index 0000000..2b97f6a --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_location_activity.txt @@ -0,0 +1,180 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Application Location Activity + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_app_location_activity +ACTIVITY=Application Location Activity +KEY_TIMESTAMP=START + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__LATITUDE || ", " || ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__LONGITUDE AS "COORDINATES", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__LOCATIONNAME AS "NAME", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__DISPLAYNAME AS "DISPLAY NAME", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__FULLYFORMATTEDADDRESS AS "FORMATTED ADDRESS", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__CITY AS "CITY", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__STATEORPROVINCE AS "STATE/PROVINCE", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__COUNTRY AS "COUNTRY", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__POSTALCODE_V2 AS "POSTAL CODE", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__SUBTHOROUGHFARE AS "SUBTHOROUGHFARE", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__THOROUGHFARE AS "THOROUGHFARE", + HEX(ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__PHONENUMBERS) AS "PHONE NUMBERS (HEX)", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__URL AS "URL", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__CONTENTDESCRIPTION AS "CONTENT DESCRIPTION", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYREQUIREDSTRING AS "USER ACTIVITY REQUIRED STRING", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMRELATEDCONTENTURL AS "CONTENT URL", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMRELATEDUNIQUEIDENTIFIER AS "UNIQUE ID", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__LATITUDE AS "LATITUDE", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__LONGITUDE AS "LONGITUDE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISELIGIBLEFORPREDICTION AS "ELIGIBLE FOR PREDICTION", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISPUBLICLYINDEXABLE AS "PUBLICALLY INDEXABLE", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__USERACTIVITYUUID AS "ACTIVITY UUID", + ZSOURCE.ZITEMID AS "ITEM IDENTIFIER", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/app/locationActivity" + + +[SQL Query 11] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__LATITUDE || ", " || ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__LONGITUDE AS "COORDINATES", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__LOCATIONNAME AS "NAME", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__DISPLAYNAME AS "DISPLAY NAME", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__FULLYFORMATTEDADDRESS AS "FORMATTED ADDRESS", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__CITY AS "CITY", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__STATEORPROVINCE AS "STATE/PROVINCE", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__COUNTRY AS "COUNTRY", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__POSTALCODE_V2 AS "POSTAL CODE", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__SUBTHOROUGHFARE AS "SUBTHOROUGHFARE", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__THOROUGHFARE AS "THOROUGHFARE", + HEX(ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__PHONENUMBERS) AS "PHONE NUMBERS (HEX)", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__URL AS "URL", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ACTIVITYTYPE AS "ACTIVITY TYPE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMRELATEDCONTENTURL AS "CONTENT URL", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ITEMRELATEDUNIQUEIDENTIFIER AS "UNIQUE ID", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__LATITUDE AS "LATITUDE", + ZSTRUCTUREDMETADATA.Z_DKLOCATIONAPPLICATIONACTIVITYMETADATAKEY__LONGITUDE AS "LONGITUDE", + ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__ISPUBLICLYINDEXABLE AS "PUBLICALLY INDEXABLE", + DATETIME(ZSTRUCTUREDMETADATA.Z_DKAPPLICATIONACTIVITYMETADATAKEY__EXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION DATE", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + ZSOURCE.ZITEMID AS "ITEM IDENTIFIER", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/app/locationActivity" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_media_usage.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_media_usage.txt new file mode 100644 index 0000000..b76b445 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_media_usage.txt @@ -0,0 +1,101 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=App Media Usage + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=14,10.16 + +[Query Metadata] +QUERY_NAME=knowledge_app_media_usage +ACTIVITY=App Media Usage +KEY_TIMESTAMP=START + +[SQL Query 14,10.16] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKDIGITALHEALTHMETADATAKEY__ISUSAGETRUSTED AS "IS USAGE TRUSTED", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/app/mediaUsage" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_relevantshortcuts.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_relevantshortcuts.txt new file mode 100644 index 0000000..d00b47e --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_relevantshortcuts.txt @@ -0,0 +1,108 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Application Relevant Shortcuts + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_app_relevantshortcuts +ACTIVITY=Application Relevant Shortcuts +KEY_TIMESTAMP=START + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + HEX(ZSTRUCTUREDMETADATA.Z_DKRELEVANTSHORTCUTMETADATAKEY__SERIALIZEDRELEVANTSHORTCUT) AS "SERIALIZED RELEVANT SHORTCUT (HEX)", + ZSTRUCTUREDMETADATA.Z_DKRELEVANTSHORTCUTMETADATAKEY__KEYIMAGEPROXYIDENTIFIER AS "KEY IMAGE PROXY ID", + ZCUSTOMMETADATA.ZNAME AS "NAME", + HEX(ZCUSTOMMETADATA.ZBINARYVALUE) AS "BINARY VALUE (HEX)", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE ZSTREAMNAME IS "/app/relevantShortcuts" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_usage.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_usage.txt new file mode 100644 index 0000000..eed1f11 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_usage.txt @@ -0,0 +1,110 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Application Usage + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=12,13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_app_usage +ACTIVITY=Application Usage +KEY_TIMESTAMP=START + +[SQL Query 12,13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZSOURCE.ZDEVICEID AS "DEVICE ID (HARDWARE UUID)", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZDOUBLEVALUE AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/app/usage" diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_app_webusage.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_app_webusage.txt new file mode 100644 index 0000000..efdf3c1 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_app_webusage.txt @@ -0,0 +1,113 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Application Web Usage + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_app_webusage +ACTIVITY=Application Web Usage +KEY_TIMESTAMP=START + +[SQL Query 12,13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "APP NAME", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZSTRUCTUREDMETADATA .Z_DKDIGITALHEALTHMETADATAKEY__WEBDOMAIN AS "DIGITAL HEALTH DOMAIN", + ZSTRUCTUREDMETADATA .Z_DKDIGITALHEALTHMETADATAKEY__WEBPAGEURL AS "DIGITAL HEALTH URL", + ZSTRUCTUREDMETADATA.Z_DKDIGITALHEALTHMETADATAKEY__USAGETYPE AS "DIGITALHEALTH USAGE TYPE", + ZSOURCE.ZDEVICEID AS "DEVICE ID (HARDWARE UUID)", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZDOUBLEVALUE AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/app/webUsage" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_audio_bluetooth_connected.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_audio_bluetooth_connected.txt new file mode 100644 index 0000000..5f48790 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_audio_bluetooth_connected.txt @@ -0,0 +1,111 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Audio Bluetooth Connections + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,14,10.16 + +[Query Metadata] +QUERY_NAME=knowledge_audio_bluetooth_connected +ACTIVITY=Bluetooth Connected +KEY_TIMESTAMP=START + +[SQL Query 11,12,13,14,10.16] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZSTRUCTUREDMETADATA.Z_DKBLUETOOTHMETADATAKEY__ADDRESS AS "BLUETOOTH ADDRESS", + ZSTRUCTUREDMETADATA.Z_DKBLUETOOTHMETADATAKEY__NAME AS "BLUETOOTH NAME", + ZSTRUCTUREDMETADATA.Z_DKBLUETOOTHMETADATAKEY__DEVICETYPE AS "DEVICE TYPE", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZINTEGERVALUE AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/bluetooth/isConnected" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_audio_input_route.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_audio_input_route.txt new file mode 100644 index 0000000..20d5681 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_audio_input_route.txt @@ -0,0 +1,106 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Audio Input + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_audio_input_route +ACTIVITY=Audio Input +KEY_TIMESTAMP=START + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZSTRUCTUREDMETADATA.Z_DKAUDIOMETADATAKEY__IDENTIFIER AS "AUDIO IDENTIFIER", + ZSTRUCTUREDMETADATA.Z_DKAUDIOMETADATAKEY__PORTNAME AS "AUDIO PORT NAME", + ZSTRUCTUREDMETADATA.Z_DKAUDIOMETADATAKEY__PORTTYPE AS "AUDIO PORT TYPE", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZSTRUCTUREDMETADATA.Z_DKAUDIOMETADATAKEY__ROUTECHANGEREASON AS "ROUTE CHANGE REASON", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/audio/inputRoute" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_audio_media_nowplaying.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_audio_media_nowplaying.txt new file mode 100644 index 0000000..d8dc392 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_audio_media_nowplaying.txt @@ -0,0 +1,156 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=What is currently playing in various audio apps. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_audio_media_nowplaying +ACTIVITY=Now Playing +KEY_TIMESTAMP=START + +[SQL Query 13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__ALBUM AS "NOW PLAYING ALBUM", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__ARTIST AS "NOW PLAYING ARTIST", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__GENRE AS "NOW PLAYING GENRE", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__TITLE AS "NOW PLAYING TITLE", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__DURATION AS "NOW PLAYING DURATION", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__ISAIRPLAYVIDEO AS "IS AIRPLAY VIDEO", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__PLAYING AS "PLAYING", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__DURATION AS "DURATION", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__ELAPSED AS "ELAPSED", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__IDENTIFIER AS "IDENTIFIER", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__MEDIATYPE AS "MEDIA TYPE", + HEX(ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__OUTPUTDEVICEIDS) AS "OUTPUT DEVICE IDS (HEX)", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/media/nowPlaying" + +[SQL Query 11,12] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__ALBUM AS "NOW PLAYING ALBUM", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__ARTIST AS "NOW PLAYING ARTIST", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__GENRE AS "NOW PLAYING GENRE", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__TITLE AS "NOW PLAYING TITLE", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__DURATION AS "NOW PLAYING DURATION", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__PLAYING AS "PLAYING", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__DURATION AS "DURATION", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__ELAPSED AS "ELAPSED", + ZSTRUCTUREDMETADATA.Z_DKNOWPLAYINGMETADATAKEY__IDENTIFIER AS "IDENTIFIER", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/media/nowPlaying" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_audio_output_route.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_audio_output_route.txt new file mode 100644 index 0000000..96723fb --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_audio_output_route.txt @@ -0,0 +1,106 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Audio Output + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_audio_output_route +ACTIVITY=Audio Output +KEY_TIMESTAMP=START + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZSTRUCTUREDMETADATA.Z_DKAUDIOMETADATAKEY__IDENTIFIER AS "AUDIO IDENTIFIER", + ZSTRUCTUREDMETADATA.Z_DKAUDIOMETADATAKEY__PORTNAME AS "AUDIO PORT NAME", + ZSTRUCTUREDMETADATA.Z_DKAUDIOMETADATAKEY__PORTTYPE AS "AUDIO PORT TYPE", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZSTRUCTUREDMETADATA.Z_DKAUDIOMETADATAKEY__ROUTECHANGEREASON AS "ROUTE CHANGE REASON", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/audio/outputRoute" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_calendar_event_title.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_calendar_event_title.txt new file mode 100644 index 0000000..31d59d4 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_calendar_event_title.txt @@ -0,0 +1,102 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Calendar Event Title + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_calendar_event_title +ACTIVITY=Calendar Event Title +KEY_TIMESTAMP=START + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZOBJECT.ZVALUESTRING AS "ACTIVITY", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/calendar/eventTitle" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_charging_smart_top_off_engagement.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_charging_smart_top_off_engagement.txt new file mode 100644 index 0000000..8763d70 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_charging_smart_top_off_engagement.txt @@ -0,0 +1,93 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Smart Top Off Engagement + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=MACOS +VERSIONS=10.16 + +[Query Metadata] +QUERY_NAME=knowledge_charging_smart_top_off_engagement +ACTIVITY=Smart Top Off Engagement +KEY_TIMESTAMP=START + +[SQL Query 10.16] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + WHERE + ZSTREAMNAME = "/charging/smartTopOffEngagement" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_charging_smart_topoff_checkpoint.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_charging_smart_topoff_checkpoint.txt new file mode 100644 index 0000000..15826b4 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_charging_smart_topoff_checkpoint.txt @@ -0,0 +1,109 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Charging - Smart Topoff Checkpoint + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=13,14,10.16 + +[Query Metadata] +QUERY_NAME=knowledge_charging_smart_topoff_checkpoint +ACTIVITY=Charging - Smart Topoff Checkpoint +KEY_TIMESTAMP=START + +[SQL Query 13,14,10.16] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZOBJECT.ZVALUEDOUBLE AS "VALUE", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZINTEGERVALUE AS "INTEGER VALUE", + ZCUSTOMMETADATA.ZDOUBLEVALUE AS "DOUBLE VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/charging/smartTopOffCheckpoint" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_dasd_activity_profile.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_dasd_activity_profile.txt new file mode 100644 index 0000000..123de56 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_dasd_activity_profile.txt @@ -0,0 +1,107 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=DASD Activity Profile + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=14 + +[Query Metadata] +QUERY_NAME=knowledge_dasd_activity_profile +ACTIVITY=DASD Activity Profile +KEY_TIMESTAMP=START + +[SQL Query 14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZINTEGERVALUE AS "INTEGER VALUE", + ZCUSTOMMETADATA.ZDOUBLEVALUE AS "DOUBLE VALUE", + ZCUSTOMMETADATA.ZSTRINGVALUE AS "STRING VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/dasd/activityprofile" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_dasd_battery_temperature.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_dasd_battery_temperature.txt new file mode 100644 index 0000000..f20e8da --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_dasd_battery_temperature.txt @@ -0,0 +1,106 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=DASD Battery Temperature + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_dasd_battery_temperature +ACTIVITY=DASD Battery Temperature +KEY_TIMESTAMP=START + +[SQL Query 12,13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUEINTEGER AS "OBJECT VALUE", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZINTEGERVALUE AS "CUSTOM METADATA VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/dasd/batterytemperature" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_dasd_control_effort.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_dasd_control_effort.txt new file mode 100644 index 0000000..b12bf02 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_dasd_control_effort.txt @@ -0,0 +1,92 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=DASD Control Effort + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=14 + +[Query Metadata] +QUERY_NAME=knowledge_dasd_control_effort +ACTIVITY=DASD Control Effort +KEY_TIMESTAMP=START + +[SQL Query 14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + WHERE + ZSTREAMNAME = "/dasd/controlEffort" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_device_battery_saver.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_device_battery_saver.txt new file mode 100644 index 0000000..b97bb54 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_device_battery_saver.txt @@ -0,0 +1,104 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Device Battery Saver + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_device_battery_saver +ACTIVITY=Device Battery Saver +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZOBJECT.ZVALUEDOUBLE AS "VALUE", + ZSTRUCTUREDMETADATA.Z_DKBATTERYSAVERMETADATAKEY__SOURCE AS "SOURCE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/device/batterySaver" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_device_batterylevel.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_device_batterylevel.txt new file mode 100644 index 0000000..1290823 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_device_batterylevel.txt @@ -0,0 +1,136 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Device battery level percentage. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_device_batterylevel +ACTIVITY=Battery Level +KEY_TIMESTAMP=START + +[SQL Query 13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUEDOUBLE AS "BATTERY LEVEL", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZSTRUCTUREDMETADATA.Z_DKDEVICEBATTERYPERCENTAGEMETADATAKEY__FULLYCHARGED AS "FULLY CHARGED", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME LIKE "/device/BatteryPercentage" + +[SQL Query 11,12,10.14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUEDOUBLE AS "BATTERY LEVEL", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME LIKE "/device/BatteryPercentage" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_device_carplay_connected.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_device_carplay_connected.txt new file mode 100644 index 0000000..bf748b7 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_device_carplay_connected.txt @@ -0,0 +1,106 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Carplay Connections + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_device_carplay_connected +ACTIVITY=CarPlay Connection Status +KEY_TIMESTAMP=START + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + CASE ZOBJECT.ZVALUEINTEGER + WHEN '0' THEN 'DISCONNECTED' + WHEN '1' THEN 'CONNECTED' + END "CARPLAY CONNECTED", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME is "/carplay/isConnected" diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_device_inferred_motion.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_device_inferred_motion.txt new file mode 100644 index 0000000..4ecd859 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_device_inferred_motion.txt @@ -0,0 +1,103 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Inferred Motion + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_device_inferred_motion +ACTIVITY=Inferred Motion +KEY_TIMESTAMP=START + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUEINTEGER AS "VALUE", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/inferred/motion" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_device_is_backlit.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_device_is_backlit.txt new file mode 100644 index 0000000..416dcbe --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_device_is_backlit.txt @@ -0,0 +1,107 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Is the device screen backlit or not. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_device_is_backlit +ACTIVITY=Backlight Status +KEY_TIMESTAMP=START + +[SQL Query 11,12,13,10.13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + CASE ZOBJECT.ZVALUEINTEGER + WHEN '0' THEN 'NO' + WHEN '1' THEN 'YES' + END "SCREEN IS BACKLIT", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZSOURCE.ZDEVICEID AS "DEVICE ID (HARDWARE UUID)", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME is "/display/isBacklit" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_device_keybag_locked.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_device_keybag_locked.txt new file mode 100644 index 0000000..a05085b --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_device_keybag_locked.txt @@ -0,0 +1,103 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Keybag Locked + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_device_keybag_locked +ACTIVITY=Keybag Lock Status +KEY_TIMESTAMP=START + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUEINTEGER AS "VALUE", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/keybag/isLocked" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_device_locked.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_device_locked.txt new file mode 100644 index 0000000..d85b8f6 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_device_locked.txt @@ -0,0 +1,106 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Is the deviced locked or unlocked. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_device_locked +ACTIVITY=Device Lock Status +KEY_TIMESTAMP=START + +[SQL Query 11,12,13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + CASE ZOBJECT.ZVALUEINTEGER + WHEN '0' THEN 'UNLOCKED' + WHEN '1' THEN 'LOCKED' + END "IS LOCKED", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZSOURCE.ZDEVICEID AS "DEVICE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME LIKE "/device/isLocked" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_device_locked_imputed.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_device_locked_imputed.txt new file mode 100644 index 0000000..b54790e --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_device_locked_imputed.txt @@ -0,0 +1,102 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Is locked imputed + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_device_locked_imputed +ACTIVITY=Device Lock Imputed +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZOBJECT.ZVALUEINTEGER AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/device/isLockedImputed" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_device_low_power_mode.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_device_low_power_mode.txt new file mode 100644 index 0000000..70d6282 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_device_low_power_mode.txt @@ -0,0 +1,102 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Device Low Power Mode + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_device_low_power_mode +ACTIVITY=Device Low Power Mode +KEY_TIMESTAMP=START + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZOBJECT.ZVALUEINTEGER AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/device/lowPowerMode" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_device_orientation.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_device_orientation.txt new file mode 100644 index 0000000..c4333a3 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_device_orientation.txt @@ -0,0 +1,107 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=The screen orientation of the iOS device, portrait or landscape. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_device_orientation +ACTIVITY=Device Orientation +KEY_TIMESTAMP=START + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + CASE ZOBJECT.ZVALUEINTEGER + WHEN '0' THEN 'PORTRAIT' + WHEN '1' THEN 'LANDSCAPE' + ELSE ZOBJECT.ZVALUEINTEGER + END "ORIENTATION", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME is "/display/orientation" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_device_pluggedin.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_device_pluggedin.txt new file mode 100644 index 0000000..ee90906 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_device_pluggedin.txt @@ -0,0 +1,142 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Is the device is plugged in or not. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_device_pluggedin +ACTIVITY=Device Plugin Status +KEY_TIMESTAMP=START + +[SQL Query 13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + CASE ZOBJECT.ZVALUEINTEGER + WHEN '0' THEN 'UNPLUGGED' + WHEN '1' THEN 'PLUGGED IN' + END "IS PLUGGED IN", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZSTRUCTUREDMETADATA.Z_DKDEVICEISPLUGGEDINMETADATAKEY__ADAPTERTYPE AS "ADAPTER TYPE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME LIKE "/device/isPluggedIn" + +[SQL Query 11,12,10.13,10.14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + CASE ZOBJECT.ZVALUEINTEGER + WHEN '0' THEN 'UNPLUGGED' + WHEN '1' THEN 'PLUGGED IN' + END "IS PLUGGED IN", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME LIKE "/device/isPluggedIn" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_device_watch_nearby.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_device_watch_nearby.txt new file mode 100644 index 0000000..bf4852c --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_device_watch_nearby.txt @@ -0,0 +1,106 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Does the iPhone see the Apple Watch nearby. + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=11 + +[Query Metadata] +QUERY_NAME=knowledge_device_watch_nearby +ACTIVITY=Watch Nearby Status +KEY_TIMESTAMP=START + +[SQL Query 11] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + CASE ZOBJECT.ZVALUEINTEGER + WHEN '0' THEN 'NO' + WHEN '1' THEN 'YES' + END "WATCH NEARBY", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME is "/watch/nearby" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_discoverability_signals.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_discoverability_signals.txt new file mode 100644 index 0000000..b506f0b --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_discoverability_signals.txt @@ -0,0 +1,104 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Discoverability Signals + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_discoverability_signals +ACTIVITY=Device Discoverability +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZSOURCE.ZBUNDLEID, + ZOBJECT.ZVALUESTRING AS "APP NAME", + ZSTRUCTUREDMETADATA.Z_DKDISCOVERABILITYSIGNALSMETADATAKEY__CONTEXT AS "DISCOVERABILITY SIGNAL CONTEXT", + ZSTRUCTUREDMETADATA.Z_DKDISCOVERABILITYSIGNALSMETADATAKEY__OSBUILD AS "OS BUILD", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/discoverability/signals" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_discoverability_usage.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_discoverability_usage.txt new file mode 100644 index 0000000..6658ceb --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_discoverability_usage.txt @@ -0,0 +1,110 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Discoverability Usage + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_discoverability_usage +ACTIVITY=Discoverability Usage +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZSOURCE.ZBUNDLEID AS "BUNDLE ID", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + HEX(ZSTRUCTUREDMETADATA.Z_DKDISCOVERABILITYUSAGEMETADATAKEY__ANALYTICSEVENT) AS "ANALYTICS EVENT (HEX)", + ZSTRUCTUREDMETADATA.Z_DKDISCOVERABILITYUSAGEMETADATAKEY__BUNDLEID AS "USAGE BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKDISCOVERABILITYUSAGEMETADATAKEY__CONTENTTYPE AS "CONTENT TYPE", + ZSTRUCTUREDMETADATA.Z_DKDISCOVERABILITYUSAGEMETADATAKEY__CONTEXT AS "CONTEXT", + ZSTRUCTUREDMETADATA.Z_DKDISCOVERABILITYUSAGEMETADATAKEY__ELIGIBLECONTEXT AS "ELIGIBLE CONTEXT", + ZSTRUCTUREDMETADATA.Z_DKDISCOVERABILITYUSAGEMETADATAKEY__INELIGIBLEREASON AS "INELIGIBILE REASON", + ZSTRUCTUREDMETADATA.Z_DKDISCOVERABILITYUSAGEMETADATAKEY__OSBUILD AS "OS BUILD", + ZSTRUCTUREDMETADATA.Z_DKDISCOVERABILITYUSAGEMETADATAKEY__STATE AS "STATE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/discoverability/usage" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_disk_subsystem_access.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_disk_subsystem_access.txt new file mode 100644 index 0000000..d47bb5b --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_disk_subsystem_access.txt @@ -0,0 +1,104 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Disk Subsystem Access + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_disk_subsystem_access +ACTIVITY=Disk Subsystem Access +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZSOURCE.ZBUNDLEID AS "BUNDLE ID", + ZOBJECT.ZVALUESTRING, + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME is "/disk/subsystemAccess" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_event_tombstone.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_event_tombstone.txt new file mode 100644 index 0000000..6ce367b --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_event_tombstone.txt @@ -0,0 +1,104 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Event Tombstone + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=12,13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_event_tombstone +ACTIVITY=Event Tombstone +KEY_TIMESTAMP=START + +[SQL Query 12,13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZSTRUCTUREDMETADATA.Z_DKTOMBSTONEMETADATAKEY__EVENTSOURCEDEVICEID AS "EVENT SOURCE DEVICE ID", + ZSTRUCTUREDMETADATA.Z_DKTOMBSTONEMETADATAKEY__EVENTSTREAMNAME AS "EVENT STREAM NAME", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/event/tombstone" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_family_prediction.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_family_prediction.txt new file mode 100644 index 0000000..1542f11 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_family_prediction.txt @@ -0,0 +1,97 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Family Prediction + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=14 + +[Query Metadata] +QUERY_NAME=knowledge_family_prediction +ACTIVITY=Family Prediction +KEY_TIMESTAMP=START + +[SQL Query 14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + ZOBJECT.ZVALUESTRING AS "VALUE", + HEX(ZSTRUCTUREDMETADATA.Z_DKFAMILYPREDICTIONMETADATAKEY__SUGGESTIONS) AS "SUGGESTIONS(HEX)", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/family/prediction" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_inferred_microlocation_visit.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_inferred_microlocation_visit.txt new file mode 100644 index 0000000..022fd1a --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_inferred_microlocation_visit.txt @@ -0,0 +1,105 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Inferred microLocation Visit + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_inferred_microlocation_visit +ACTIVITY=Inferred microLocation Visit +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "STRING", + ZSTRUCTUREDMETADATA.Z_DKMICROLOCATIONMETADATAKEY__DOMAIN AS "DOMAIN", + HEX(ZSTRUCTUREDMETADATA.Z_DKMICROLOCATIONMETADATAKEY__PROBABILITYVECTOR) AS "PROBABILITY VECTOR (HEX)", + ZSTRUCTUREDMETADATA.Z_DKMICROLOCATIONMETADATAKEY__LOCATIONDISTRIBUTION AS "LOCATION DISTRIBUTION", + ZSTRUCTUREDMETADATA.Z_DKMICROLOCATIONMETADATAKEY__MICROLOCATIONDISTRIBUTION AS "MICROLOCATION DISTRIBUTION", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/inferred/microLocationVisit" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_knowledge_sync_addition_window.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_knowledge_sync_addition_window.txt new file mode 100644 index 0000000..999102c --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_knowledge_sync_addition_window.txt @@ -0,0 +1,105 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Knowledge Sync Addition Window + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12.13,10.13,10.14,10.15 + +[Query Metadata] +QUERY_NAME=knowledge_knowledge_sync_addition_window +ACTIVITY=Knowledge Sync Addition Window +KEY_TIMESTAMP=START + + +[SQL Query 12,13,10.13,10.14,10.15] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZOBJECT.ZSTREAMNAME AS "STREAM NAME", + ZOBJECT.ZVALUESTRING AS "STRING", + ZOBJECT.ZVALUEDOUBLE AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME like "/knowledge-sync-addition-window/%" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_notification_usage.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_notification_usage.txt new file mode 100644 index 0000000..01af4e9 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_notification_usage.txt @@ -0,0 +1,104 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Notification Usage + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_notification_usage +ACTIVITY=Notification Usage +KEY_TIMESTAMP=START + +[SQL Query 12,13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZSTRUCTUREDMETADATA.Z_DKNOTIFICATIONUSAGEMETADATAKEY__BUNDLEID AS "BUNDLE ID", + ZOBJECT.ZVALUESTRING AS "NOTIFICATION TYPE", + ZSOURCE.ZDEVICEID AS "DEVICE ID (HARDWARE UUID)", + ZSTRUCTUREDMETADATA.Z_DKNOTIFICATIONUSAGEMETADATAKEY__IDENTIFIER AS "ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/notification/usage" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_paired_device_nearby.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_paired_device_nearby.txt new file mode 100644 index 0000000..49456d8 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_paired_device_nearby.txt @@ -0,0 +1,103 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Paired Device Nearby + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_paired_device_nearby +ACTIVITY=Paired Device Nearby +KEY_TIMESTAMP=START + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZOBJECT.ZVALUEINTEGER AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/defaultPaired/nearby" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_photos_deletes_all.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_photos_deletes_all.txt new file mode 100644 index 0000000..6635cf6 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_photos_deletes_all.txt @@ -0,0 +1,105 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Photos Deletes All + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_photos_deletes_all +ACTIVITY=Photos Deletes All +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZSTRINGVALUE AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/photos/deletes/all" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_photos_deletes_recent.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_photos_deletes_recent.txt new file mode 100644 index 0000000..97c3ae7 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_photos_deletes_recent.txt @@ -0,0 +1,105 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Photos Deletes Recent + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_photos_deletes_recent +ACTIVITY=Photos Deletes Recent +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZSTRINGVALUE AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/photos/deletes/recent" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_photos_edit_all.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_photos_edit_all.txt new file mode 100644 index 0000000..6f59bd8 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_photos_edit_all.txt @@ -0,0 +1,105 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Photos Edit All + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_photos_edit_all +ACTIVITY=Photos Edit All +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZSTRINGVALUE AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/photos/edit/all" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_photos_engagement.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_photos_engagement.txt new file mode 100644 index 0000000..d2d03a1 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_photos_engagement.txt @@ -0,0 +1,106 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Photos Engagement + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_photos_engagement +ACTIVITY=Photos Engagement +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZSTREAMNAME AS "STREAM NAME", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZSTRINGVALUE AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME like "/photos/engagement/%" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_photos_favorites_other.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_photos_favorites_other.txt new file mode 100644 index 0000000..4c4aabe --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_photos_favorites_other.txt @@ -0,0 +1,99 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Photos Favorites Other + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_photos_favorites_other +ACTIVITY=Photos Favorites +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZSTRINGVALUE AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/photos/favorites/other" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_photos_share_airdrop.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_photos_share_airdrop.txt new file mode 100644 index 0000000..4452a77 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_photos_share_airdrop.txt @@ -0,0 +1,105 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Photos Share AirDrop + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_photos_share_airdrop +ACTIVITY=Photos Share AirDrop +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZSTRINGVALUE AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/photos/share/airdrop" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_photos_share_all.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_photos_share_all.txt new file mode 100644 index 0000000..188eb7c --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_photos_share_all.txt @@ -0,0 +1,106 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Photos Share All + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_photos_share_all +ACTIVITY=Photos Share All +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZSTRINGVALUE AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZCUSTOMMETADATA.*, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/photos/share/all" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_photos_share_extension.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_photos_share_extension.txt new file mode 100644 index 0000000..503fa09 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_photos_share_extension.txt @@ -0,0 +1,105 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Photos Share Extension + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_photos_share_extension +ACTIVITY=Photos Share Extension +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZSTRINGVALUE AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/photos/share/extension" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_portrait_entity.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_portrait_entity.txt new file mode 100644 index 0000000..6f71322 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_portrait_entity.txt @@ -0,0 +1,162 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Portrait Entity + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_portrait_entity +ACTIVITY=Portrait Entity +KEY_TIMESTAMP=START + +[SQL Query 10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZSTRUCTUREDMETADATA.Z_CDENTITYMETADATAKEY__NAME AS "NAME", + ZSOURCE.ZBUNDLEID AS "SOURCE BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__OSBUILD AS "OS BUILD", + ZSOURCE.ZDEVICEID AS "DEVICE ID (HARDWARE UUID)", + ZSOURCE.ZGROUPID AS "GROUP ID", + ZSOURCE.ZITEMID AS "ITEM ID", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__ASSETVERSION AS "ASSET VERSION", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__ALGORITHM AS "ALGORITHM", + ZSTRUCTUREDMETADATA.Z_CDENTITYMETADATAKEY__BESTLANGUAGE AS "BEST LANGUAGE", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__DECAYRATE AS "DECAY RATE", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__SCORE AS "SCORE", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZSTRINGVALUE AS "STRING", + ZCUSTOMMETADATA.ZINTEGERVALUE AS "VALUE", + ZOBJECT.ZVALUEINTEGER AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/portrait/entity" + +[SQL Query 11,12,13,10.13,10.14,10.15] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZSTRUCTUREDMETADATA.Z_CDENTITYMETADATAKEY__NAME AS "NAME", + ZSOURCE.ZBUNDLEID AS "SOURCE BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__OSBUILD AS "OS BUILD", + ZSOURCE.ZDEVICEID AS "DEVICE ID (HARDWARE UUID)", + ZSOURCE.ZGROUPID AS "GROUP ID", + ZSOURCE.ZITEMID AS "ITEM ID", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__ASSETVERSION AS "ASSET VERSION", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__ALGORITHM AS "ALGORITHM", + ZSTRUCTUREDMETADATA.Z_CDENTITYMETADATAKEY__BESTLANGUAGE AS "BEST LANGUAGE", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__DECAYRATE AS "DECAY RATE", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__SCORE AS "SCORE", + ZOBJECT.ZVALUEINTEGER AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/portrait/entity" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_portrait_topic.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_portrait_topic.txt new file mode 100644 index 0000000..5a0454f --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_portrait_topic.txt @@ -0,0 +1,159 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Portrait Topic + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_portrait_topic +ACTIVITY=Portrait Topic +KEY_TIMESTAMP=START + +[SQL Query 10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZSTRUCTUREDMETADATA.Z_CDENTITYMETADATAKEY__NAME AS "NAME", + ZSOURCE.ZBUNDLEID AS "SOURCE BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__OSBUILD AS "OS BUILD", + ZSOURCE.ZDEVICEID AS "DEVICE ID (HARDWARE UUID)", + ZSOURCE.ZGROUPID AS "GROUP ID", + ZSOURCE.ZITEMID AS "ITEM ID", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__ASSETVERSION AS "ASSET VERSION", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__ALGORITHM AS "ALGORITHM", + ZSTRUCTUREDMETADATA.Z_CDENTITYMETADATAKEY__BESTLANGUAGE AS "BEST LANGUAGE", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__DECAYRATE AS "DECAY RATE", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__SCORE AS "SCORE", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZSTRINGVALUE AS "STRING", + ZCUSTOMMETADATA.ZINTEGERVALUE AS "VALUE", + ZOBJECT.ZVALUEINTEGER AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/portrait/topic" + +[SQL Query 11,12,13,10.13,10.14,10.15] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZSOURCE.ZBUNDLEID AS "SOURCE BUNDLE ID", + ZOBJECT.ZVALUESTRING AS "STRING", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__OSBUILD AS "OS BUILD", + ZSOURCE.ZDEVICEID AS "DEVICE ID (HARDWARE UUID)", + ZSOURCE.ZGROUPID AS "GROUP ID", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__ASSETVERSION AS "ASSET VERSION", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__ALGORITHM AS "ALGORITHM", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__DECAYRATE AS "DECAY RATE", + ZSTRUCTUREDMETADATA.Z_CDPORTRAITMETADATAKEY__SCORE AS "SCORE", + ZSOURCE.ZITEMID AS "ITEM ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/portrait/topic" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_safari_browsing.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_safari_browsing.txt new file mode 100644 index 0000000..2ea9f30 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_safari_browsing.txt @@ -0,0 +1,107 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Safari browsing stored in the knowledgeC.db database + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12.13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_safari_browsing +ACTIVITY=Safari Browsing +KEY_TIMESTAMP=START + + +[SQL Query 11,12,13,10.13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZSTRUCTUREDMETADATA.Z_DKSAFARIHISTORYMETADATAKEY__TITLE AS "TITLE", + ZOBJECT.ZVALUESTRING AS "URL", + ZSOURCE.ZBUNDLEID AS "BUNDLE ID", + ZSOURCE.ZGROUPID AS "GROUP ID", + ZSOURCE.ZITEMID AS "ITEM ID", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/safari/history" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_segment_monitor.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_segment_monitor.txt new file mode 100644 index 0000000..699d388 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_segment_monitor.txt @@ -0,0 +1,101 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Segment Monitor (News) + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_segment_monitor +ACTIVITY=Segment Monitor +KEY_TIMESTAMP=START + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME like "%segment_monitor%" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_settings_doNotDisturb.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_settings_doNotDisturb.txt new file mode 100644 index 0000000..7dbc7dc --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_settings_doNotDisturb.txt @@ -0,0 +1,103 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Device in Do Not Disturb Mode + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_settings_doNotDisturb +ACTIVITY=Device DND State +KEY_TIMESTAMP=START + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUEINTEGER AS "VALUE", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/settings/doNotDisturb" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_sharesheet_feedback.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_sharesheet_feedback.txt new file mode 100644 index 0000000..01a7148 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_sharesheet_feedback.txt @@ -0,0 +1,114 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Sharesheet Feedback + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_sharesheet_feedback +ACTIVITY=Sharesheet Feedback +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZSOURCE.ZBUNDLEID AS "BUNDLE ID", + ZSOURCE.ZSOURCEID AS "SOURCE ID", + ZSTRUCTUREDMETADATA.Z_DKSHARESHEETSUGGESTIONMETADATAKEY__TARGETBUNDLEID AS "TARGET BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKSHARESHEETSUGGESTIONMETADATAKEY__SOURCEBUNDLEID AS "SOURCE BUNDLE ID", + ZSTRUCTUREDMETADATA.Z_DKSHARESHEETSUGGESTIONMETADATAKEY__DERIVEDINTENTIDENTIFIER AS "DERIVED INTENT ID", + ZSTRUCTUREDMETADATA.Z_DKSHARESHEETSUGGESTIONMETADATAKEY__EXTENSIONCONTEXTUUID AS "EXTENSION CONTEXT UUID", + ZCUSTOMMETADATA.ZNAME AS "NAME", + HEX(ZCUSTOMMETADATA.ZBINARYVALUE) AS "VALUE(HEX)", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZSTRUCTUREDMETADATA.ZMETADATAHASH, + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/sharesheet/feedback" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_siri.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_siri.txt new file mode 100644 index 0000000..e0bbac4 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_siri.txt @@ -0,0 +1,106 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Siri Usage + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_siri +ACTIVITY=Siri Usage +KEY_TIMESTAMP=START + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + ZOBJECT.ZVALUESTRING AS "APP NAME", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZCUSTOMMETADATA.ZSTRINGVALUE AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/siri/ui" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_siri_activites.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_siri_activites.txt new file mode 100644 index 0000000..1497fd3 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_siri_activites.txt @@ -0,0 +1,100 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Siri Activities + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_siri_activites +ACTIVITY=Siri Activities +KEY_TIMESTAMP=START + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "ACTIVITY", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/siri/activities" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_siri_flow_activity.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_siri_flow_activity.txt new file mode 100644 index 0000000..04e6570 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_siri_flow_activity.txt @@ -0,0 +1,100 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Siri Flow Activity + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_siri_flow_activity +ACTIVITY=Siri Flow Activity +KEY_TIMESTAMP=START + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "ACTIVITY", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/siri/flowActivity" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_siri_service.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_siri_service.txt new file mode 100644 index 0000000..d37699b --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_siri_service.txt @@ -0,0 +1,98 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Siri Service + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_siri_service +ACTIVITY=Siri Service +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + ZOBJECT.ZVALUESTRING AS "VALUE", + ZSTRUCTUREDMETADATA.Z_DKSIRISERVICEMETADATAKEY__DOMAIN AS "DOMAIN", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/siri/service" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_spotlight_viewer_event.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_spotlight_viewer_event.txt new file mode 100644 index 0000000..7ae2844 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_spotlight_viewer_event.txt @@ -0,0 +1,101 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Spotlight Viewer Event + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=12,13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_spotlight_viewer_event +ACTIVITY=Spotlight Viewer Event +KEY_TIMESTAMP=START + +[SQL Query 12,13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "STRING", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "com.apple.spotlightviewer.events" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_standby_timer.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_standby_timer.txt new file mode 100644 index 0000000..8829df2 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_standby_timer.txt @@ -0,0 +1,103 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Standby Timer + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=knowledge_standby_timer +ACTIVITY=Standby Timer +KEY_TIMESTAMP=START + +[SQL Query 13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZSTRUCTUREDMETADATA.Z_DKDEVICESTANDBYTIMERMETADATAKEY__TIMERTYPE AS "TIMER TYPE", + ZSTRUCTUREDMETADATA.Z_DKDEVICESTANDBYTIMERMETADATAKEY__DELAY AS "DELAY", + ZOBJECT.ZVALUESTRING AS "SERVICE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME IS "/standby/timer" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_sync_addition_window.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_sync_addition_window.txt new file mode 100644 index 0000000..02c171e --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_sync_addition_window.txt @@ -0,0 +1,104 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Knowledge Sync Addition Window + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.14,10.15,14,10.16 + +[Query Metadata] +QUERY_NAME=knowledge_sync_addition_window +ACTIVITY=Knowledge Sync Addition Window +KEY_TIMESTAMP=START + +[SQL Query 11,12,13,10.14,10.15,14,10.16] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZOBJECT.ZSTREAMNAME AS "STREAM NAME", + ZOBJECT.ZVALUESTRING AS "STRING", + ZOBJECT.ZVALUEDOUBLE AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME like "/knowledge-sync-addition-window/%" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_sync_deletion_bookmark.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_sync_deletion_bookmark.txt new file mode 100644 index 0000000..e8cedb9 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_sync_deletion_bookmark.txt @@ -0,0 +1,104 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Knowledge Sync Deletion Bookmark + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS,MACOS +VERSIONS=12.13,10.14,10.15,14 + +[Query Metadata] +QUERY_NAME=knowledge_sync_deletion_bookmark +ACTIVITY=Knowledge Sync Deletion Bookmark +KEY_TIMESTAMP=START + +[SQL Query 12,13,10.14,10.15,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZOBJECT.ZSTREAMNAME AS "STREAM NAME", + ZOBJECT.ZVALUESTRING AS "STRING", + ZOBJECT.ZVALUEDOUBLE AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME like "/knowledge-sync-addition-window/%" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_system_airplane_mode.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_system_airplane_mode.txt new file mode 100644 index 0000000..37f1322 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_system_airplane_mode.txt @@ -0,0 +1,102 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Airplane Mode + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=knowledge_system_airplane_mode +ACTIVITY=Airplane Mode +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZOBJECT.ZVALUEDOUBLE AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/system/airplaneMode" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_system_tlc.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_system_tlc.txt new file mode 100644 index 0000000..893e397 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_system_tlc.txt @@ -0,0 +1,95 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=System TLC + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=14 + +[Query Metadata] +QUERY_NAME=knowledge_system_tlc +ACTIVITY=System TLC +KEY_TIMESTAMP=START + +[SQL Query 14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + WHERE + ZSTREAMNAME = "/system/TLC" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_system_userwakingevent.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_system_userwakingevent.txt new file mode 100644 index 0000000..bc8ee62 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_system_userwakingevent.txt @@ -0,0 +1,100 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=User Waking Event + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_system_userwakingevent +ACTIVITY=User Waking Event +KEY_TIMESTAMP=START + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/system/userWakingEvent" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_user_first_backlight_after_wakeup.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_user_first_backlight_after_wakeup.txt new file mode 100644 index 0000000..079540d --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_user_first_backlight_after_wakeup.txt @@ -0,0 +1,102 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=First Backlight On After Wakeup + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_user_first_backlight_after_wakeup +ACTIVITY=First Backlight On After Wakeup +KEY_TIMESTAMP=START + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZOBJECT.ZVALUEDOUBLE AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/user/isFirstBacklightOnAfterWakeup" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_user_interaction_app_directory.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_user_interaction_app_directory.txt new file mode 100644 index 0000000..5bfe1af --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_user_interaction_app_directory.txt @@ -0,0 +1,98 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=User Interaction App Directory + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=14 + +[Query Metadata] +QUERY_NAME=knowledge_user_interaction_app_directory +ACTIVITY=User Interaction App Directory +KEY_TIMESTAMP=START + +[SQL Query 14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + ZCUSTOMMETADATA.ZNAME AS "NAME", + ZOBJECT.ZVALUEINTEGER AS "VALUE", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/userInteraction/appDirectory" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_widget_refresh.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_widget_refresh.txt new file mode 100644 index 0000000..06d0753 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_widget_refresh.txt @@ -0,0 +1,104 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Widget Refresh + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=14 + +[Query Metadata] +QUERY_NAME=knowledge_widget_refresh +ACTIVITY=Widget Refresh +KEY_TIMESTAMP=START + +[SQL Query 14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZCUSTOMMETADATA.ZNAME AS "NAME", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/dasd/widgetRefresh" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_widget_view.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_widget_view.txt new file mode 100644 index 0000000..beabe3f --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_widget_view.txt @@ -0,0 +1,104 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Widget View + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=14 + +[Query Metadata] +QUERY_NAME=knowledge_widget_view +ACTIVITY=Widget View +KEY_TIMESTAMP=START + +[SQL Query 14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + ZCUSTOMMETADATA.ZNAME AS "NAME", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + LEFT JOIN Z_4EVENT + ON ZOBJECT.Z_PK = Z_4EVENT.Z_11EVENT + LEFT JOIN ZCUSTOMMETADATA + ON Z_4EVENT.Z_4CUSTOMMETADATA = ZCUSTOMMETADATA.Z_PK + WHERE + ZSTREAMNAME = "/dasd/widgetView" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_widgets_viewed.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_widgets_viewed.txt new file mode 100644 index 0000000..db34962 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_widgets_viewed.txt @@ -0,0 +1,103 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Widgets Viewed + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=knowledge_widgets_viewed +ACTIVITY=Widgets Viewed +KEY_TIMESTAMP=START + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + ZOBJECT.ZVALUESTRING AS "BUNDLE ID", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM + ZOBJECT + LEFT JOIN + ZSTRUCTUREDMETADATA + ON ZOBJECT.ZSTRUCTUREDMETADATA = ZSTRUCTUREDMETADATA.Z_PK + LEFT JOIN + ZSOURCE + ON ZOBJECT.ZSOURCE = ZSOURCE.Z_PK + WHERE + ZSTREAMNAME = "/widgets/viewed" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/knowledge_wifi_connection.txt b/src/sysdiagnose/utils/apollo_modules/knowledge_wifi_connection.txt new file mode 100644 index 0000000..8e4cf5f --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/knowledge_wifi_connection.txt @@ -0,0 +1,96 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=WiFi Connection + +[Database Metadata] +DATABASE=knowledgeC.db +PLATFORM=IOS +VERSIONS=14 + +[Query Metadata] +QUERY_NAME=knowledge_wifi_connection +ACTIVITY=WiFi Connection +KEY_TIMESTAMP=START + +[SQL Query 14] +QUERY= + SELECT + DATETIME(ZOBJECT.ZSTARTDATE+978307200,'UNIXEPOCH') AS "START", + DATETIME(ZOBJECT.ZENDDATE+978307200,'UNIXEPOCH') AS "END", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE) AS "USAGE IN SECONDS", + (ZOBJECT.ZENDDATE - ZOBJECT.ZSTARTDATE)/60.00 AS "USAGE IN MINUTES", + ZOBJECT.ZVALUESTRING AS "ACCESS POINT", + CASE ZOBJECT.ZSTARTDAYOFWEEK + WHEN "1" THEN "Sunday" + WHEN "2" THEN "Monday" + WHEN "3" THEN "Tuesday" + WHEN "4" THEN "Wednesday" + WHEN "5" THEN "Thursday" + WHEN "6" THEN "Friday" + WHEN "7" THEN "Saturday" + END "DAY OF WEEK", + ZOBJECT.ZSECONDSFROMGMT/3600 AS "GMT OFFSET", + DATETIME(ZOBJECT.ZCREATIONDATE+978307200,'UNIXEPOCH') AS "ENTRY CREATION", + ZOBJECT.ZUUID AS "UUID", + ZOBJECT.Z_PK AS "ZOBJECT TABLE ID" + FROM ZOBJECT + WHERE + ZSTREAMNAME = "/wifi/connection" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_appharvest.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_appharvest.txt new file mode 100644 index 0000000..75efa3f --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_appharvest.txt @@ -0,0 +1,92 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd App Harvest Location + +[Database Metadata] +DATABASE=cache_encryptedB.db,cache_encryptedA.db +PLATFORM=IOS +VERSIONS=8,9,10 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_appharvest +ACTIVITY=App Harvest Location +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 8,9,10] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + BUNDLEID AS "BUNDLE ID", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + ALTITUDE AS "ALTITUDE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + STATE AS "STATE", + AGE AS "AGE", + ROUTINEMODE AS "ROUTINE MODE", + LOCATIONOFINTERESTTYPE AS "LOCATION OF INTEREST TYPE", + HEX(SIG) AS "SIG (HEX)", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE" + FROM APPHARVEST \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_cdmacelllocation.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_cdmacelllocation.txt new file mode 100644 index 0000000..7f52f1d --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_cdmacelllocation.txt @@ -0,0 +1,94 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd CDMA Cell Location + +[Database Metadata] +DATABASE=cache_encryptedB.db,cache_encryptedA.db,lockCache_encryptedA.db +PLATFORM=IOS +VERSIONS=8,9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_cdmacelllocation +ACTIVITY=Cellular Location +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 8,9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + MCC AS "MCC", + SID AS "SID", + NID AS "NID", + BSID AS "BSID", + ZONEID AS "ZONEID", + BANDCLASS AS "BANDCLASS", + CHANNEL AS "CHANNEL", + PNOFFSET AS "PNOFFSET", + ALTITUDE AS "ALTITUDE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM CDMACELLLOCATION \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_cdmacelllocationharvest.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_cdmacelllocationharvest.txt new file mode 100644 index 0000000..248bf8f --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_cdmacelllocationharvest.txt @@ -0,0 +1,194 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd CDMA Cell Location Harvest + +[Database Metadata] +DATABASE=cache_encryptedB.db,cache_encryptedA.db +PLATFORM=IOS +VERSIONS=8,9,10 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_cmdacelllocationharvest +ACTIVITY=Cellular Location +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + ALTITUDE AS "ALTITUDE", + KTABLECOLUMNMCC AS "MCC", + MNC AS "MNC", + SID AS "SID", + NID AS "NID", + BSID AS "BSID", + BSLATITUDE AS "BSLATITUDE", + BSLONGITUDE AS "BSLONGITUDE", + ZONEID AS "ZONE ID", + SECTORID AS "SECTOR ID", + SECTORLATITUDE AS "SECTOR LATITUDE", + SECTORLONGITUDE AS "SECTOR LONGITUDE", + BANDCLASS AS "BAND CLASS", + RAT AS "RAT", + CELLTYPE AS "CELL TYPE", + PNOFFSET AS "PN OFFSET", + CHANNEL AS "CHANNEL", + OPERATOR AS "OPERATOR", + BUNDLEID AS "BUNDLE ID", + LTMOFFSET AS "LTM OFFSET", + DAYLIGHTSAVINGS AS "DAYLIGHT SAVINGS", + RSCP AS "RSCP", + ECN0 AS "ECN0", + DERIVEDMCC AS "DERIVED MCC", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + MOTIONACTIVITYCONFIDENCE AS "MOTION ACTIVITY CONFIDENCE", + MOTIONVEHICLECONNECTEDSTATECHANGED AS "MOTION VEHICLE CONNECTED STATE CHANGED", + MOTIONVEHICLECONNECTED AS "MOTION VEHICLE CONNECTED", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE" + FROM CDMACELLLOCATIONHARVEST + +[SQL Query 9] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + ALTITUDE AS "ALTITUDE", + KTABLECOLUMNMCC AS "MCC", + MNC AS "MNC", + SID AS "SID", + NID AS "NID", + BSID AS "BSID", + BSLATITUDE AS "BSLATITUDE", + BSLONGITUDE AS "BSLONGITUDE", + ZONEID AS "ZONE ID", + SECTORID AS "SECTOR ID", + SECTORLATITUDE AS "SECTOR LATITUDE", + SECTORLONGITUDE AS "SECTOR LONGITUDE", + BANDCLASS AS "BAND CLASS", + RAT AS "RAT", + CELLTYPE AS "CELL TYPE", + PNOFFSET AS "PN OFFSET", + CHANNEL AS "CHANNEL", + OPERATOR AS "OPERATOR", + BUNDLEID AS "BUNDLE ID", + LTMOFFSET AS "LTM OFFSET", + DAYLIGHTSAVINGS AS "DAYLIGHT SAVINGS", + RSCP AS "RSCP", + ECN0 AS "ECN0", + DERIVEDMCC AS "DERIVED MCC", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + MOTIONACTIVITYCONFIDENCE AS "MOTION ACTIVITY CONFIDENCE", + MOTIONVEHICLECONNECTEDSTATECHANGED AS "MOTION VEHICLE CONNECTED STATE CHANGED", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE" + FROM CDMACELLLOCATIONHARVEST + +[SQL Query 8] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + ALTITUDE AS "ALTITUDE", + KTABLECOLUMNMCC AS "MCC", + MNC AS "MNC", + SID AS "SID", + NID AS "NID", + BSID AS "BSID", + BSLATITUDE AS "BSLATITUDE", + BSLONGITUDE AS "BSLONGITUDE", + ZONEID AS "ZONE ID", + SECTORID AS "SECTOR ID", + SECTORLATITUDE AS "SECTOR LATITUDE", + SECTORLONGITUDE AS "SECTOR LONGITUDE", + BANDCLASS AS "BAND CLASS", + RAT AS "RAT", + CELLTYPE AS "CELL TYPE", + PNOFFSET AS "PN OFFSET", + CHANNEL AS "CHANNEL", + OPERATOR AS "OPERATOR", + BUNDLEID AS "BUNDLE ID", + LTMOFFSET AS "LTM OFFSET", + DAYLIGHTSAVINGS AS "DAYLIGHT SAVINGS", + RSCP AS "RSCP", + ECN0 AS "ECN0", + DERIVEDMCC AS "DERIVED MCC", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + MOTIONACTIVITYCONFIDENCE AS "MOTION ACTIVITY CONFIDENCE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE" + FROM CDMACELLLOCATIONHARVEST \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_celllocation.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_celllocation.txt new file mode 100644 index 0000000..fe7150a --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_celllocation.txt @@ -0,0 +1,92 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd Cell Location + +[Database Metadata] +DATABASE=cache_encryptedB.db,cache_encryptedA.db,lockCache_encryptedA.db +PLATFORM=IOS +VERSIONS=8,9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_celllocation +ACTIVITY=Cellular Location +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 8,9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + MCC AS "MCC", + MNC AS "MNC", + LAC AS "LAC", + CI AS "CI", + UARFCN AS "UARFCN", + PSC AS "PSC", + ALTITUDE AS "ALTITUDE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM CELLLOCATION \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_celllocationharvest.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_celllocationharvest.txt new file mode 100644 index 0000000..96bec0c --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_celllocationharvest.txt @@ -0,0 +1,161 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd Cell Location Harvest + +[Database Metadata] +DATABASE=cache_encryptedB.db,cache_encryptedA.db +PLATFORM=IOS +VERSIONS=8,9,10 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_celllocationharvest +ACTIVITY=Cellular Location +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + ALTITUDE AS "ALTITUDE", + MCC AS "MCC", + MNC AS "MNC", + CI AS "CI", + RSSI AS "RSSI", + ARFCN AS "ARFCN", + PSC AS "PSC", + RSCP AS "RSCP", + ECN0 AS "ECN0", + RAT AS "RAT", + OPERATOR AS "OPERATOR", + TRANSMIT AS "TRANSMIT", + BUNDLEID AS "BUNDLE ID", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + MOTIONACTIVITYCONFIDENCE AS "MOTION ACTIVITY CONFIDENCE", + MOTIONVEHICLECONNECTEDSTATECHANGED AS "MOTION VEHICLE CONNECTED STATE CHANGED", + MOTIONVEHICLECONNECTED AS "MOTION VEHICLE CONNECTED", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE" + FROM CELLLOCATIONHARVEST + +[SQL Query 9] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + ALTITUDE AS "ALTITUDE", + MCC AS "MCC", + MNC AS "MNC", + CI AS "CI", + RSSI AS "RSSI", + ARFCN AS "ARFCN", + PSC AS "PSC", + RSCP AS "RSCP", + ECN0 AS "ECN0", + RAT AS "RAT", + OPERATOR AS "OPERATOR", + TRANSMIT AS "TRANSMIT", + BUNDLEID AS "BUNDLE ID", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + MOTIONACTIVITYCONFIDENCE AS "MOTION ACTIVITY CONFIDENCE", + MOTIONVEHICLECONNECTEDSTATECHANGED AS "MOTION VEHICLE CONNECTED STATE CHANGED", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE" + FROM CELLLOCATIONHARVEST + +[SQL Query 8] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + ALTITUDE AS "ALTITUDE", + MCC AS "MCC", + MNC AS "MNC", + CI AS "CI", + RSSI AS "RSSI", + ARFCN AS "ARFCN", + PSC AS "PSC", + RSCP AS "RSCP", + ECN0 AS "ECN0", + RAT AS "RAT", + OPERATOR AS "OPERATOR", + TRANSMIT AS "TRANSMIT", + BUNDLEID AS "BUNDLE ID", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + MOTIONACTIVITYCONFIDENCE AS "MOTION ACTIVITY CONFIDENCE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE" + FROM CELLLOCATIONHARVEST \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_celllocationlocal.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_celllocationlocal.txt new file mode 100644 index 0000000..babe416 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_celllocationlocal.txt @@ -0,0 +1,92 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd Cell Location Local + +[Database Metadata] +DATABASE=cache_encryptedB.db,cache_encryptedA.db,lockCache_encryptedA.db +PLATFORM=IOS +VERSIONS=8,9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_celllocationlocal +ACTIVITY=Cellular Location +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 8,9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + MCC AS "MCC", + MNC AS "MNC", + LAC AS "LAC", + CI AS "CI", + UARFCN AS "UARFCN", + PSC AS "PSC", + ALTITUDE AS "ALTITUDE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM CELLLOCATIONLOCAL \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_indoorlocationharvest.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_indoorlocationharvest.txt new file mode 100644 index 0000000..d3d71d7 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_indoorlocationharvest.txt @@ -0,0 +1,101 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd Indoor Location Harvest + +[Database Metadata] +DATABASE=cache_encryptedB.db,cache_encryptedA.db +PLATFORM=IOS +VERSIONS=8,9,10 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_indoorlocationharvest +ACTIVITY=Indoor Location Harvest +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 9,10] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + PROVIDER AS "PROVIDER", + FLOOR AS "FLOOR", + CONFIDENCE AS "CONFIDENCE", + BUNDLEID AS "BUNDLE ID", + ALTITUDE AS "ALTITUDE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM INDOORLOCATIONHARVEST + +[SQL Query 8] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + CONFIDENCE AS "CONFIDENCE", + BUNDLEID AS "BUNDLE ID", + ALTITUDE AS "ALTITUDE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM INDOORLOCATIONHARVEST \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_locationharvest.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_locationharvest.txt new file mode 100644 index 0000000..0bed25f --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_locationharvest.txt @@ -0,0 +1,138 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd Location Harvest + +[Database Metadata] +DATABASE=cache_encryptedB.db,cache_encryptedA.db +VERSIONS=8,9,10 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_locationharvest +ACTIVITY=Location Harvest +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10] +QUERY= + SELECT + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + TRIPID AS "TRIPID", + MCC AS "MCC", + MNC AS "MNC", + RAT AS "RAT", + CONTEXT AS "CONTEXT", + CONFIDENCE AS "CONFIDENCE", + BUNDLEID AS "BUNDLE ID", + BUNDLEIDS AS "BUNDLE IDS", + ALTITUDE AS "ALTITUDE", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + MOTIONACTIVITYCONFIDENCE AS "MOTION ACTIVITY CONFIDENCE", + MOTIONVEHICLECONNECTEDSTATECHANGED AS "MOTION VEHICLE CONNECTED STATE CHANGED", + MOTIONVEHICLECONNECTED AS "MOTION VEHICLE CONNECTED", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE", + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP" + FROM LOCATIONHARVEST + +[SQL Query 9] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + TRIPID AS "TRIPID", + MCC AS "MCC", + MNC AS "MNC", + RAT AS "RAT", + CONTEXT AS "CONTEXT", + CONFIDENCE AS "CONFIDENCE", + BUNDLEID AS "BUNDLE ID", + BUNDLEIDS AS "BUNDLE IDS", + ALTITUDE AS "ALTITUDE", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + MOTIONACTIVITYCONFIDENCE AS "MOTION ACTIVITY CONFIDENCE", + MOTIONVEHICLECONNECTEDSTATECHANGED AS "MOTION VEHICLE CONNECTED STATE CHANGED", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM LOCATIONHARVEST + +[SQL Query 8] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + TRIPID AS "TRIPID", + MCC AS "MCC", + MNC AS "MNC", + RAT AS "RAT", + CONTEXT AS "CONTEXT", + CONFIDENCE AS "CONFIDENCE", + BUNDLEID AS "BUNDLE ID", + ALTITUDE AS "ALTITUDE", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + MOTIONACTIVITYCONFIDENCE AS "MOTION ACTIVITY CONFIDENCE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM LOCATIONHARVEST \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_ltecelllocation.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_ltecelllocation.txt new file mode 100644 index 0000000..cd6ccd9 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_ltecelllocation.txt @@ -0,0 +1,91 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd LTE Cell Location + +[Database Metadata] +DATABASE=cache_encryptedB.db,cache_encryptedA.db,lockCache_encryptedA.db +PLATFORM=IOS +VERSIONS=8,9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_ltecelllocation +ACTIVITY=Cellular Location +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 8,9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + MCC AS "MCC", + MNC AS "MNC", + CI AS "CI", + UARFCN AS "UARFCN", + PID AS "PID", + ALTITUDE AS "ALTITUDE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM LTECELLLOCATION \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_ltecelllocationharvest.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_ltecelllocationharvest.txt new file mode 100644 index 0000000..ebd9941 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_ltecelllocationharvest.txt @@ -0,0 +1,131 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd LTE Cell Location Harvest + +[Database Metadata] +DATABASE=cache_encryptedB.db,cache_encryptedA.db +PLATFORM=IOS +VERSIONS=8,9,10 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_ltecelllocationharvest +ACTIVITY=Cellular Location +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 9,10] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + MCC AS "MCC", + MNC AS "MNC", + TAC AS "TAC", + CI AS "CI", + PID AS "PID", + BANDINFO AS "BAND INFO", + UARFCN AS "UARFCN", + CONFIDENCE AS "CONFIDENCE", + BUNDLEID AS "BUNDLE ID", + RSCP AS "RSCP", + ECN0 AS "ECN0", + RSSI AS "RSSI", + CELLLATITUDE AS "CELL LATITUTDE", + CELLLONGITUDE AS "CELL LONGITUDE", + OPERATOR AS "OPERATOR", + ALTITUDE AS "ALTITUDE", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + MOTIONACTIVITYCONFIDENCE AS "MOTION ACTIVITY CONFIDENCE", + MOTIONVEHICLECONNECTEDSTATECHANGED AS "MOTION VEHICLE CONNECTED STATE CHANGED", + MOTIONVEHICLECONNECTED AS "MOTION VEHICLE CONNECTED", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM LTECELLLOCATIONHARVEST + +[SQL Query 8] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + MCC AS "MCC", + MNC AS "MNC", + TAC AS "TAC", + CI AS "CI", + PID AS "PID", + BANDINFO AS "BAND INFO", + UARFCN AS "UARFCN", + CONFIDENCE AS "CONFIDENCE", + BUNDLEID AS "BUNDLE ID", + RSCP AS "RSCP", + ECN0 AS "ECN0", + RSSI AS "RSSI", + CELLLATITUDE AS "CELL LATITUTDE", + CELLLONGITUDE AS "CELL LONGITUDE", + OPERATOR AS "OPERATOR", + ALTITUDE AS "ALTITUDE", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + MOTIONACTIVITYCONFIDENCE AS "MOTION ACTIVITY CONFIDENCE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM LTECELLLOCATIONHARVEST \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_ltecelllocationlocal.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_ltecelllocationlocal.txt new file mode 100644 index 0000000..f1ea3a9 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_ltecelllocationlocal.txt @@ -0,0 +1,91 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd LTE Cell Location Local + +[Database Metadata] +DATABASE=cache_encryptedB.db,cache_encryptedA.db,lockCache_encryptedA.db +PLATFORM=IOS +VERSIONS=8,9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_ltecelllocationlocal +ACTIVITY=Cellular Location +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 8,9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + MCC AS "MCC", + MNC AS "MNC", + CI AS "CI", + UARFCN AS "UARFCN", + PID AS "PID", + ALTITUDE AS "ALTITUDE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM LTECELLLOCATIONLOCAL \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_passharvest.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_passharvest.txt new file mode 100644 index 0000000..903fba5 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_passharvest.txt @@ -0,0 +1,89 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd Pass Harvest + +[Database Metadata] +DATABASE=cache_encryptedB.db,cache_encryptedA.db +PLATFORM=IOS +VERSIONS=8,9,10 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_passharvest +ACTIVITY=Pass Location Harvest +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 8,9,10] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + PASSTYPEID AS "PASS TYPE ID", + ASSOCIATEDSTOREIDS AS "ASSOCIATED STORE IDS", + PASSSOURCE AS "PASS SOURCE", + AGE AS "AGE", + SIG AS "SIG", + CONFIDENCE AS "CONFIDENCE", + ALTITUDE AS "ALTITUDE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM PASSHARVEST \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_poiharvestlocation.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_poiharvestlocation.txt new file mode 100644 index 0000000..b1e1f7a --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_poiharvestlocation.txt @@ -0,0 +1,87 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd POI Harvest Location + +[Database Metadata] +DATABASE=cache_encryptedB.db +PLATFORM=IOS +VERSIONS=10 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_poiharvestlocation +ACTIVITY=POI Location Harvest +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + TRIGGERUUID AS "TRIGGERUUID", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + BUNDLEIDS AS "BUNDLE IDS", + CONFIDENCE AS "CONFIDENCE", + ALTITUDE AS "ALTITUDE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM POIHARVESTLOCATION \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_pressurelocationharvest.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_pressurelocationharvest.txt new file mode 100644 index 0000000..404fc64 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_pressurelocationharvest.txt @@ -0,0 +1,87 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd Pressure Location Harvest + +[Database Metadata] +DATABASE=cache_encryptedB.db,cache_encryptedA.db +PLATFORM=IOS +VERSIONS=9,10 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_pressurelocationharvest +ACTIVITY=Pressure Location Harvest +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 9,10] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + PROVIDER AS "PROVIDER", + FLOOR AS "FLOOR", + CONFIDENCE AS "CONFIDENCE", + BUNDLEID AS "BUNDLE ID", + ALTITUDE AS "ALTITUDE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM PRESSURELOCATIONHARVEST \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_scdmacelllocation.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_scdmacelllocation.txt new file mode 100644 index 0000000..7c63572 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_scdmacelllocation.txt @@ -0,0 +1,92 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd SCDMA Cell Location + +[Database Metadata] +DATABASE=cache_encryptedB.db,cache_encryptedA.db,lockCache_encryptedA.db +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_scdmacelllocation +ACTIVITY=Cellular Location +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + MCC AS "MCC", + MNC AS "MNC", + LAC AS "LAC", + CI AS "CI", + UARFCN AS "UARFCN", + PSC AS "PSC", + ALTITUDE AS "ALTITUDE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM SCDMACELLLOCATION \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_wifilocation.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_wifilocation.txt new file mode 100644 index 0000000..8f2742e --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_wifilocation.txt @@ -0,0 +1,90 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd Wi-Fi Location + +[Database Metadata] +DATABASE=cache_encryptedB.db,cache_encryptedA.db,lockCache_encryptedA.db +PLATFORM=IOS +VERSIONS=8,9,10,11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_wifilocation +ACTIVITY=WiFi Location +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 8,9,10,11,12,13,10.13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + MAC AS "MAC", + CHANNEL AS "CHANNEL", + INFOMASK AS "INFOMASK", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE", + SCORE AS "SCORE", + REACH AS "REACH", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM WIFILOCATION \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_wifilocationharvest.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_wifilocationharvest.txt new file mode 100644 index 0000000..7593cb9 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_wifilocationharvest.txt @@ -0,0 +1,138 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd WiFi Location Harvest + +[Database Metadata] +DATABASE=cache_encryptedB.db,cache_encryptedA.db +PLATFORM=IOS +VERSIONS=8,9,10 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_wifilocationharvest +ACTIVITY=WiFi Location Harvest +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + MAC AS "MAC", + CHANNEL AS "CHANNEL", + HIDDEN AS "HIDDEN", + RSSI AS "RSSI", + DATETIME(SCANTIMESTAMP + 978307200,'UNIXEPOCH') AS "SCAN TIMESTAMP", + AGE AS "AGE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + MOTIONACTIVITYCONFIDENCE AS "MOTION ACTIVITY CONFIDENCE", + MOTIONVEHICLECONNECTEDSTATECHANGED AS "MOTION VEHICLE CONNECTED STATE CHANGED", + MOTIONVEHICLECONNECTED AS "MOTION VEHICLE CONNECTED", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM WIFILOCATIONHARVEST + +[SQL Query 9] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + MAC AS "MAC", + CHANNEL AS "CHANNEL", + HIDDEN AS "HIDDEN", + RSSI AS "RSSI", + AGE AS "AGE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + MOTIONACTIVITYCONFIDENCE AS "MOTION ACTIVITY CONFIDENCE", + MOTIONVEHICLECONNECTEDSTATECHANGED AS "MOTION VEHICLE CONNECTED STATE CHANGED", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM WIFILOCATIONHARVEST + +[SQL Query 8] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + MAC AS "MAC", + CHANNEL AS "CHANNEL", + HIDDEN AS "HIDDEN", + RSSI AS "RSSI", + AGE AS "AGE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + MOTIONACTIVITYCONFIDENCE AS "MOTION ACTIVITY CONFIDENCE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM WIFILOCATIONHARVEST \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_wtwlocationharvest.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_wtwlocationharvest.txt new file mode 100644 index 0000000..45e357a --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedAB_wtwlocationharvest.txt @@ -0,0 +1,138 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd WTW Location Harvest + +[Database Metadata] +DATABASE=cache_encryptedB.db,cache_encryptedA.db +PLATFORM=IOS +VERSIONS=8,9,10 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedAB_wtwlocationharvest +ACTIVITY=WTW Location Harvest +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + MAC AS "MAC", + CHANNEL AS "CHANNEL", + HIDDEN AS "HIDDEN", + RSSI AS "RSSI", + DATETIME(SCANTIMESTAMP + 978307200,'UNIXEPOCH') AS "SCAN TIMESTAMP", + AGE AS "AGE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + MOTIONACTIVITYCONFIDENCE AS "MOTION ACTIVITY CONFIDENCE", + MOTIONVEHICLECONNECTEDSTATECHANGED AS "MOTION VEHICLE CONNECTED STATE CHANGED", + MOTIONVEHICLECONNECTED AS "MOTION VEHICLE CONNECTED", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM WTWLOCATIONHARVEST + +[SQL Query 9] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + MAC AS "MAC", + CHANNEL AS "CHANNEL", + HIDDEN AS "HIDDEN", + RSSI AS "RSSI", + AGE AS "AGE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + MOTIONACTIVITYCONFIDENCE AS "MOTION ACTIVITY CONFIDENCE", + MOTIONVEHICLECONNECTEDSTATECHANGED AS "MOTION VEHICLE CONNECTED STATE CHANGED", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM WTWLOCATIONHARVEST + +[SQL Query 8] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + MAC AS "MAC", + CHANNEL AS "CHANNEL", + HIDDEN AS "HIDDEN", + RSSI AS "RSSI", + AGE AS "AGE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE", + MOTIONACTIVITYTYPE AS "MOTION ACTIVITY TYPE", + MOTIONACTIVITYCONFIDENCE AS "MOTION ACTIVITY CONFIDENCE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM WTWLOCATIONHARVEST \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedC_motionstatehistory.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedC_motionstatehistory.txt new file mode 100644 index 0000000..d658027 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedC_motionstatehistory.txt @@ -0,0 +1,104 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd Motion State History + +[Database Metadata] +DATABASE=cache_encryptedC.db +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedC_motionstatehistory +ACTIVITY=Motion State History +KEY_TIMESTAMP=START TIME + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(STARTTIME + 978307200, 'UNIXEPOCH') AS "START TIME", + TIMESTAMP AS "TIMESTAMP", + TYPE AS "TYPE", + CONFIDENCE AS "CONFIDENCE", + MOUNTED AS "MOUNTED", + MOUNTEDCONFIDENCE AS "MOUNTED CONFIDENCE", + TURN AS "TURN", + ISVEHICULAR AS "IS VEHICULAR", + ISMOVING AS "IS MOVING", + VEHICLEEXITSTATE AS "VEHICLE EXIT STATE", + VEHICULARFLAGSDATA AS "VEHICULAR FLAGS DATA", + MOTIONSTATEHISTORY.ID AS "MOTIONSTATEHISTORY TABLE ID" + FROM MOTIONSTATEHISTORY + +[SQL Query 9,10] +QUERY= + SELECT + DATETIME(STARTTIME + 978307200, 'UNIXEPOCH') AS "START TIME", + TIMESTAMP AS "TIMESTAMP", + TYPE AS "TYPE", + CONFIDENCE AS "CONFIDENCE", + MOUNTED AS "MOUNTED", + MOUNTEDCONFIDENCE AS "MOUNTED CONFIDENCE", + TURN AS "TURN", + ISVEHICULAR AS "IS VEHICULAR", + ISMOVING AS "IS MOVING", + VEHICLEEXITSTATE AS "VEHICLE EXIT STATE", + MOTIONSTATEHISTORY.ID AS "MOTIONSTATEHISTORY TABLE ID" + FROM MOTIONSTATEHISTORY diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedC_nataliehistory.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedC_nataliehistory.txt new file mode 100644 index 0000000..d0512bd --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedC_nataliehistory.txt @@ -0,0 +1,98 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd Natalie History + +[Database Metadata] +DATABASE=cache_encryptedC.db +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedC_nataliehistory +ACTIVITY=Health - Natalies +KEY_TIMESTAMP=START TIME + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(STARTTIME + 978307200, 'UNIXEPOCH') AS "START TIME", + ACTIVITYTYPE AS "ACTIVITY TYPE", + ISSTANDING AS "IS STANDING", + METS AS "METS", + NATALIES AS "NATALIES", + BASALNATALIES AS "BASEL NATALIES", + OVERRIDESET AS "OVERRIDE SET", + TRUTHMETS AS "TRUTH METS", + NATALIEHISTORY.ID AS "NATALIEHISTORY TABLE ID" + FROM NATALIEHISTORY + +[SQL Query 9,10] +QUERY= + SELECT + DATETIME(STARTTIME + 978307200, 'UNIXEPOCH') AS "START TIME", + ACTIVITYTYPE AS "ACTIVITY TYPE", + ISSTANDING AS "IS STANDING", + METS AS "METS", + NATALIES AS "NATALIES", + BASALNATALIES AS "BASEL NATALIES", + OVERRIDESET AS "OVERRIDE SET", + NATALIEHISTORY.ID AS "NATALIEHISTORY TABLE ID" + FROM NATALIEHISTORY \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedC_stepcounthistory.txt b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedC_stepcounthistory.txt new file mode 100644 index 0000000..435e794 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/locationd_cacheencryptedC_stepcounthistory.txt @@ -0,0 +1,117 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Locationd Step Count History + +[Database Metadata] +DATABASE=cache_encryptedC.db +PLATFORM=IOS +VERSIONS=8,9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=locationd_cacheencryptedC_stepcounthistory +ACTIVITY=Health - Step Count +KEY_TIMESTAMP=START TIME + +[SQL Query 10,11,12,13,14] +QUERY= + SELECT + DATETIME(STARTTIME + 978307200, 'UNIXEPOCH') AS "START TIME", + TIMESTAMP AS "MOVEMENT TIME", + COUNT AS "COUNT", + DISTANCE AS "DISTANCE", + RAWDISTANCE AS "RAWDISTANCE", + FLOORSASCENDED AS "FLOORS ASCENDED", + FLOORSDESCENDED AS "FLOORS DESCENDED", + PACE AS "PACE", + ACTIVETIME AS "ACTIVE TIME", + FIRSTSTEPTIME AS "FIRST STEP TIME", + PUSHCOUNT AS "PUSH COUNT", + WORKOUTTYPE AS "WORKOUT TYPE", + STEPCOUNTHISTORY.ID AS "STEPCOUNTHISTORY TABLE ID" + FROM STEPCOUNTHISTORY + +[SQL Query 9] +QUERY= + SELECT + DATETIME(STARTTIME + 978307200, 'UNIXEPOCH') AS "START TIME", + TIMESTAMP AS "MOVEMENT TIME", + COUNT AS "COUNT", + DISTANCE AS "DISTANCE", + RAWDISTANCE AS "RAWDISTANCE", + FLOORSASCENDED AS "FLOORS ASCENDED", + FLOORSDESCENDED AS "FLOORS DESCENDED", + PACE AS "PACE", + ACTIVETIME AS "ACTIVE TIME", + STEPCOUNTHISTORY.ID AS "STEPCOUNTHISTORY TABLE ID" + FROM STEPCOUNTHISTORY + +[SQL Query 8] +QUERY= + SELECT + DATETIME(STARTTIME + 978307200, 'UNIXEPOCH') AS "START TIME", + TIMESTAMP AS "MOVEMENT TIME", + COUNT AS "COUNT", + DISTANCE AS "DISTANCE", + RAWDISTANCE AS "RAWDISTANCE", + FLOORSASCENDED AS "FLOORS ASCENDED", + FLOORSDESCENDED AS "FLOORS DESCENDED", + STEPCOUNTHISTORY.ID AS "STEPCOUNTHISTORY TABLE ID" + FROM STEPCOUNTHISTORY \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/netusage_zliverouteperf.txt b/src/sysdiagnose/utils/apollo_modules/netusage_zliverouteperf.txt new file mode 100644 index 0000000..2447b8b --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/netusage_zliverouteperf.txt @@ -0,0 +1,124 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Network Usage Traffic by Network. + +[Database Metadata] +DATABASE=netusage.sqlite +PLATFORM=IOS,MACOS +VERSIONS=8,9,10,11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=netusage_zliverouteperf +ACTIVITY=Network Usage +KEY_TIMESTAMP=LIVEROUTEPREF TIMESTAMP + +[SQL Query 11,12,13,10.13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZLIVEROUTEPERF.ZTIMESTAMP + 978307200, 'unixepoch') AS "LIVEROUTEPREF TIMESTAMP", + DATETIME(ZNETWORKATTACHMENT.ZFIRSTTIMESTAMP + 978307200, 'unixepoch') AS "FIRST NETWORK ATTACHMENT", + DATETIME(ZNETWORKATTACHMENT.ZTIMESTAMP + 978307200, 'unixepoch') AS "NETWORK ATTACHMENT TIMESTAMP", + CASE ZLIVEROUTEPERF.ZKIND + WHEN 1 THEN "WIFI" + WHEN 2 THEN "CELLULAR" + END "NETWORK TYPE", + ZLIVEROUTEPERF.ZBYTESIN AS "BYTES IN", + ZLIVEROUTEPERF.ZBYTESOUT AS "BYTES OUT", + ZLIVEROUTEPERF.ZPACKETSIN AS "PACKETS IN", + ZLIVEROUTEPERF.ZPACKETSOUT AS "PACKETS OUT", + ZLIVEROUTEPERF.ZCONNATTEMPTS AS "CONNECTION ATTEMPTS", + ZLIVEROUTEPERF.ZCONNSUCCESSES AS "CONNECTION SUCCESSES", + ZNETWORKATTACHMENT.ZIDENTIFIER AS "NETWORK IDENTIFIER", + ZNETWORKATTACHMENT.ZISKNOWNGOOD AS "IS KNOWN GOOD", + HEX(ZNETWORKATTACHMENT.ZNETSIGNATURE) AS "NET SIGNATURE (HEX)", + ZNETWORKATTACHMENT.ZOVERALLSTAYMEAN AS "OVERALL STAY MEAN (NETWORK ATTACHMENT)", + ZNETWORKATTACHMENT.ZOVERALLSTAYVAR AS "OVERALL STAY VAR (NETWORK ATTACHMENT)", + ZLIVEROUTEPERF.ZOVERALLSTAY AS "OVERALL STAY MEAN (LIVE ROUTE PERF)", + ZLIVEROUTEPERF.ZOVERALLSTAYM2 AS "OVERALL STAY M2 (LIVE ROUTE PERF)", + ZLIVEROUTEPERF.Z_PK AS "ZLIVEROUTEPERF TABLE ID" + FROM ZLIVEROUTEPERF + LEFT JOIN ZNETWORKATTACHMENT ON ZLIVEROUTEPERF.ZHASNETWORKATTACHMENT = ZNETWORKATTACHMENT.Z_PK + +[SQL Query 8,9,10] +QUERY= + SELECT + DATETIME(ZLIVEROUTEPERF.ZTIMESTAMP + 978307200, 'unixepoch') AS "LIVEROUTEPREF TIMESTAMP", + DATETIME(ZNETWORKATTACHMENT.ZFIRSTTIMESTAMP + 978307200, 'unixepoch') AS "FIRST NETWORK ATTACHMENT", + DATETIME(ZNETWORKATTACHMENT.ZTIMESTAMP + 978307200, 'unixepoch') AS "NETWORK ATTACHMENT TIMESTAMP", + CASE ZLIVEROUTEPERF.ZKIND + WHEN 1 THEN "WIFI" + WHEN 2 THEN "CELLULAR" + END "NETWORK TYPE", + ZLIVEROUTEPERF.ZBYTESIN AS "BYTES IN", + ZLIVEROUTEPERF.ZBYTESOUT AS "BYTES OUT", + ZLIVEROUTEPERF.ZPACKETSIN AS "PACKETS IN", + ZLIVEROUTEPERF.ZPACKETSOUT AS "PACKETS OUT", + ZLIVEROUTEPERF.ZCONNATTEMPTS AS "CONNECTION ATTEMPTS", + ZLIVEROUTEPERF.ZCONNSUCCESSES AS "CONNECTION SUCCESSES", + ZNETWORKATTACHMENT.ZIDENTIFIER AS "NETWORK IDENTIFIER", + ZNETWORKATTACHMENT.ZISKNOWNGOOD AS "IS KNOWN GOOD", + ZNETWORKATTACHMENT.ZOVERALLSTAYMEAN AS "OVERALL STAY MEAN (NETWORK ATTACHMENT)", + ZNETWORKATTACHMENT.ZOVERALLSTAYVAR AS "OVERALL STAY VAR (NETWORK ATTACHMENT)", + ZLIVEROUTEPERF.ZOVERALLSTAY AS "OVERALL STAY MEAN (LIVE ROUTE PERF)", + ZLIVEROUTEPERF.ZOVERALLSTAYM2 AS "OVERALL STAY M2 (LIVE ROUTE PERF)", + ZLIVEROUTEPERF.Z_PK AS "ZLIVEROUTEPERF TABLE ID" + FROM ZLIVEROUTEPERF + LEFT JOIN ZNETWORKATTACHMENT ON ZLIVEROUTEPERF.ZHASNETWORKATTACHMENT = ZNETWORKATTACHMENT.Z_PK \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/netusage_zliveusage.txt b/src/sysdiagnose/utils/apollo_modules/netusage_zliveusage.txt new file mode 100644 index 0000000..54fdf09 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/netusage_zliveusage.txt @@ -0,0 +1,109 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Network Usage Traffic by Process. + +[Database Metadata] +DATABASE=netusage.sqlite +PLATFORM=IOS +VERSIONS=8,9,10,11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=netusage_zliveusage +ACTIVITY=Network Usage +KEY_TIMESTAMP=PROCESS TIMESTAMP + +[SQL Query 10,11,12,13,10.13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZPROCESS.ZTIMESTAMP + 978307200, 'unixepoch') AS "PROCESS TIMESTAMP", + DATETIME(ZPROCESS.ZFIRSTTIMESTAMP + 978307200, 'unixepoch') AS "PROCESS FIRST TIMESTAMP", + DATETIME(ZLIVEUSAGE.ZTIMESTAMP + 978307200, 'unixepoch') AS "LIVE USAGE TIMESTAMP", + ZBUNDLENAME AS "BUNDLE ID", + ZPROCNAME AS "PROCESS NAME", + ZWIFIIN AS "WIFI IN", + ZWIFIOUT AS "WIFI OUT", + ZWWANIN AS "WWAN IN", + ZWWANOUT AS "WWAN OUT", + ZWIREDIN AS "WIRED IN", + ZWIREDOUT AS "WIRED OUT", + ZXIN AS "X IN", + ZXOUT AS "X OUT", + ZLIVEUSAGE.Z_PK AS "ZLIVEUSAGE TABLE ID" + FROM ZLIVEUSAGE + LEFT JOIN ZPROCESS ON ZPROCESS.Z_PK = ZLIVEUSAGE.ZHASPROCESS + +[SQL Query 8,9] +QUERY= + SELECT + DATETIME(ZPROCESS.ZTIMESTAMP + 978307200, 'unixepoch') AS "PROCESS TIMESTAMP", + DATETIME(ZPROCESS.ZFIRSTTIMESTAMP + 978307200, 'unixepoch') AS "PROCESS FIRST TIMESTAMP", + DATETIME(ZLIVEUSAGE.ZTIMESTAMP + 978307200, 'unixepoch') AS "LIVE USAGE TIMESTAMP", + ZBUNDLENAME AS "BUNDLE ID", + ZPROCNAME AS "PROCESS NAME", + ZWIFIIN AS "WIFI IN", + ZWIFIOUT AS "WIFI OUT", + ZWWANIN AS "WWAN IN", + ZWWANOUT AS "WWAN OUT", + ZWIREDIN AS "WIRED IN", + ZWIREDOUT AS "WIRED OUT", + ZLIVEUSAGE.Z_PK AS "ZLIVEUSAGE TABLE ID" + FROM ZLIVEUSAGE + LEFT JOIN ZPROCESS ON ZPROCESS.Z_PK = ZLIVEUSAGE.ZHASPROCESS \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/netusage_zprocess.txt b/src/sysdiagnose/utils/apollo_modules/netusage_zprocess.txt new file mode 100644 index 0000000..de49311 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/netusage_zprocess.txt @@ -0,0 +1,81 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Network Usage Processes/Bundle IDs + +[Database Metadata] +DATABASE=netusage.sqlite +PLATFORM=IOS +VERSIONS=8,9,10,11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=netusage_zprocess +ACTIVITY=Network Usage +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 8,9,10,11,12,13,10.13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZPROCESS.ZTIMESTAMP+ 978307200, 'unixepoch') AS "TIMESTAMP", + DATETIME(ZPROCESS.ZFIRSTTIMESTAMP + 978307200, 'unixepoch') AS "PROCESS FIRST TIMESTAMP", + ZPROCESS.ZPROCNAME AS "PROCESS NAME", + ZPROCESS.ZBUNDLENAME AS "BUNDLE ID", + ZPROCESS.Z_PK AS "ZPROCESS TABLE ID" + FROM ZPROCESS \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/notifications_db.txt b/src/sysdiagnose/utils/apollo_modules/notifications_db.txt new file mode 100644 index 0000000..07d30bb --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/notifications_db.txt @@ -0,0 +1,106 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=App Notifications (Under /db2/) + +[Database Metadata] +DATABASE=db +PLATFORM=MACOS +VERSIONS=10.13,10.14,10.15,10.16 + +[Query Metadata] +QUERY_NAME=notifications +ACTIVITY=Notification +KEY_TIMESTAMP=DATE DELIVERED + +[SQL Query 10.14,10.15,10.16] +QUERY= + SELECT + DATETIME(RECORD.DELIVERED_DATE+978307200,'UNIXEPOCH') AS 'DATE DELIVERED', + APP.IDENTIFIER AS 'BUNDLE ID', + APP.BADGE AS 'APP BADGE', + RECORD.PRESENTED AS 'PRESENTED', + RECORD.STYLE AS 'STYLE', + RECORD.SNOOZE_FIRE_DATE AS 'SNOOZE FIRE DATE', + HEX(RECORD.DATA) AS 'NOTIFICATION DATA (HEX)', + HEX(CATEGORIES.CATEGORIES) AS 'CATEGORIES (HEX)', + RECORD.REQUEST_DATE AS 'REQUEST DATE', + RECORD.REQUEST_LAST_DATE AS 'REQUEST LAST DATE', + HEX(RECORD.UUID) AS 'UUID (HEX)', + RECORD.REC_ID AS "RECORD TABLE ID" + FROM RECORD + LEFT JOIN APP ON APP.APP_ID == RECORD.APP_ID + LEFT JOIN CATEGORIES ON CATEGORIES.APP_ID == RECORD.APP_ID + +[SQL Query 10.13] +QUERY= + SELECT + DATETIME(RECORD.DELIVERED_DATE+978307200,'UNIXEPOCH') AS 'DATE DELIVERED', + APP.IDENTIFIER AS 'BUNDLE ID', + RECORD.PRESENTED AS 'PRESENTED', + RECORD.STYLE AS 'STYLE', + RECORD.SNOOZE_FIRE_DATE AS 'SNOOZE FIRE DATE', + HEX(RECORD.DATA) AS 'NOTIFICATION DATA (HEX)', + RECORD.REQUEST_DATE AS 'REQUEST DATE', + RECORD.REQUEST_LAST_DATE AS 'REQUEST LAST DATE', + HEX(RECORD.UUID) AS 'UUID (HEX)', + RECORD.REC_ID AS "RECORD TABLE ID" + FROM RECORD + LEFT JOIN APP ON APP.APP_ID == RECORD.APP_ID \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/passes23_unique_passes_cards.txt b/src/sysdiagnose/utils/apollo_modules/passes23_unique_passes_cards.txt new file mode 100644 index 0000000..3b88a99 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/passes23_unique_passes_cards.txt @@ -0,0 +1,86 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Wallet Unique Passes & Cards + +[Database Metadata] +DATABASE=passes23.sqlite +PLATFORM=IOS +VERSIONS=10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=passes23_unique_passes_cards +ACTIVITY=Wallet Unique Pass/Card +KEY_TIMESTAMP=INGESTED DATE + +[SQL Query 10,11,12,13,14] +QUERY= + SELECT + DISTINCT(SERIAL_NUMBER) AS "SERIAL NUMBER", + DATETIME(PASS.INGESTED_DATE+978307200,'UNIXEPOCH') AS "INGESTED DATE", + DATETIME(PASS.MODIFIED_DATE+978307200,'UNIXEPOCH') AS "MODIFIED DATE", + DATETIME(PASS.RELEVANT_DATE+978307200,'UNIXEPOCH') AS "RELEVANT TIME", + DATETIME(PASS.PUSH_REGISTRATION_DATE+978307200,'UNIXEPOCH') AS "PUSH REGISTRATION TIME", + PASS.ORGANIZATION_NAME AS "ORGANIZATION NAME", + PASS_TYPE.IDENTIFIER AS "IDENTIFIER", + PASS.LAST_MODIFIED_TAG AS "LAST MODIFIED TAG", + PASS.UNIQUE_ID AS "PASS ID" + FROM PASS + LEFT JOIN PASS_TYPE ON PASS.PASS_TYPE_PID == PASS_TYPE.PID \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/passes23_wallet_passes.txt b/src/sysdiagnose/utils/apollo_modules/passes23_wallet_passes.txt new file mode 100644 index 0000000..f0a2666 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/passes23_wallet_passes.txt @@ -0,0 +1,93 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Wallet Passes + +[Database Metadata] +DATABASE=passes23.sqlite +PLATFORM=IOS +VERSIONS=10,11,12,13 + +[Query Metadata] +QUERY_NAME=passes23_passes +ACTIVITY=Wallet Pass +KEY_TIMESTAMP=INGESTED DATE + +[SQL Query 10,11,12,13] +QUERY= + SELECT + DATETIME(PASS.INGESTED_DATE+978307200,'UNIXEPOCH') AS "INGESTED DATE", + DATETIME(PASS.MODIFIED_DATE+978307200,'UNIXEPOCH') AS "MODIFIED DATE", + DATETIME(PASS.RELEVANT_DATE+978307200,'UNIXEPOCH') AS "RELEVANT TIME", + PASS.ORGANIZATION_NAME AS "ORGANIZATION NAME", + PASS_TYPE.IDENTIFIER AS "IDENTIFIER", + LOCATION.RELEVANT_TEXT AS "RELEVANT TEXT", + LOCATION.LATITUDE AS "LATITUDE", + LOCATION.LONGITUDE AS "LONGITUDE", + DATETIME(PASS.PUSH_REGISTRATION_DATE+978307200,'UNIXEPOCH') AS "PUSH REGISTRATION TIME", + PASS.LAST_MODIFIED_TAG AS "LAST MODIFIED TAG", + SERIAL_NUMBER AS "SERIAL NUMBER", + PASS.UNIQUE_ID AS "PASS ID" + FROM PASS + LEFT JOIN PASS_TYPE ON PASS.PASS_TYPE_PID == PASS_TYPE.PID + LEFT JOIN PAYMENT_TRANSACTION ON PASS.PID == PAYMENT_TRANSACTION.PASS_PID + LEFT JOIN LOCATION_SOURCE ON LOCATION_SOURCE.URL LIKE '%'||PASS.UNIQUE_ID||'%' + LEFT JOIN LOCATION ON LOCATION.LOCATION_SOURCE_PID == LOCATION_SOURCE.PID + WHERE AMOUNT IS NULL \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/passes23_wallet_transactions.txt b/src/sysdiagnose/utils/apollo_modules/passes23_wallet_transactions.txt new file mode 100644 index 0000000..b4a2e42 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/passes23_wallet_transactions.txt @@ -0,0 +1,101 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Wallet Transactions + +[Database Metadata] +DATABASE=passes23.sqlite +PLATFORM=IOS +VERSIONS=10,11,12,13 + +[Query Metadata] +QUERY_NAME=passes23_wallet_transactions +ACTIVITY=Wallet Transaction +KEY_TIMESTAMP=TRANSACTION DATE + +[SQL Query 10,11,12,13] +QUERY= + SELECT + DATETIME(PASS.INGESTED_DATE+978307200,'UNIXEPOCH') AS "INGESTED DATE", + DATETIME(PASS.MODIFIED_DATE+978307200,'UNIXEPOCH') AS "MODIFIED DATE", + DATETIME(PAYMENT_TRANSACTION.TRANSACTION_DATE+978307200,'UNIXEPOCH') AS "TRANSACTION DATE", + PASS.ORGANIZATION_NAME AS "ORGANIZATION NAME", + PASS_TYPE.IDENTIFIER AS "IDENTIFIER", + PAYMENT_TRANSACTION.AMOUNT/100.00 AS "AMOUNT", + PAYMENT_TRANSACTION.CURRENCY_CODE AS "CURRENCY CODE", + PAYMENT_TRANSACTION.MERCHANT_INDUSTRY_CATEGORY AS "MERCHANT INDUSTRY CATEGORY", + PAYMENT_TRANSACTION.MERCHANT_NAME AS "MERCHANT NAME", + PAYMENT_TRANSACTION.MERCHANT_INDUSTRY_CATEGORY AS "MERCHANT CATEGORY", + PAYMENT_TRANSACTION.PEER_PAYMENT_COUNTERPART_HANDLE AS "PEER PAYMENT HANDLE", + PAYMENT_TRANSACTION.PEER_PAYMENT_MEMO AS "PEER PAYMENT MEMO", + DATETIME(PAYMENT_TRANSACTION.LOCATION_DATE+978307200,'UNIXEPOCH') AS "LOCATION DATE", + PAYMENT_TRANSACTION.LOCATION_LATITUDE AS "LATITUDE", + PAYMENT_TRANSACTION.LOCATION_LONGITUDE AS "LONGITUDE", + PAYMENT_TRANSACTION.LOCATION_ALTITUDE AS "ALTITUDE", + PAYMENT_TRANSACTION.LOCATION_HORIZONTAL_ACCURACY AS "HORIZONTAL ACCURACY", + PAYMENT_TRANSACTION.LOCATION_VERTICAL_ACCURACY AS "VERTICAL ACCURACY", + SERIAL_NUMBER AS "SERIAL NUMBER", + PASS.UNIQUE_ID AS "PASS ID" + FROM PASS + LEFT JOIN PASS_TYPE ON PASS.PASS_TYPE_PID == PASS_TYPE.PID + LEFT JOIN PAYMENT_TRANSACTION ON PASS.PID == PAYMENT_TRANSACTION.PASS_PID + LEFT JOIN LOCATION_SOURCE ON LOCATION_SOURCE.URL LIKE '%'||PASS.UNIQUE_ID||'%' + LEFT JOIN LOCATION ON LOCATION.LOCATION_SOURCE_PID == LOCATION_SOURCE.PID + WHERE "AMOUNT" NOT NULL \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_accessory_connection.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_accessory_connection.txt new file mode 100644 index 0000000..a7bbddd --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_accessory_connection.txt @@ -0,0 +1,116 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Accessory Connections - Accessories may be bluetooth devices like headphones or connections to devices like CarPlay enabled vehicles. + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_accessory_connection +ACTIVITY=Accessory Connection +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(ACCESSORYCONNECTION_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + ACCESSORYUSAGETIMEINSECONDS AS "ACCESSORY USAGE TIME IN SECONDS", + DATETIME(IAPAPPACCESSORYCONNECTIONTIMEINSECKEY + SYSTEM, 'UNIXEPOCH') AS "CONNECTION TIME (ADJ)", + CASE ISCONNECTED + WHEN '0' THEN 'DISCONNECTED' + WHEN '1' THEN 'CONNECTED' + END "CONNECTION STATUS", + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + ACCESSORYCONNECTION_ID AS "PLXPCAGENT_EVENTFORWARD_ACCESSORY TABLE ID" + FROM + ( + SELECT + ACCESSORYCONNECTION_ID, + ACCESSORYCONNECTION_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + ACCESSORYUSAGETIMEINSECONDS, + IAPAPPACCESSORYCONNECTIONTIMEINSECKEY, + ISCONNECTED, + SYSTEM + FROM + ( + SELECT + PLXPCAGENT_EVENTFORWARD_ACCESSORY.TIMESTAMP AS ACCESSORYCONNECTION_TIMESTAMP, + ACCESSORYUSAGETIMEINSECONDS, + IAPAPPACCESSORYCONNECTIONTIMEINSECKEY, + ISCONNECTED, + PLXPCAGENT_EVENTFORWARD_ACCESSORY.ID AS "ACCESSORYCONNECTION_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLXPCAGENT_EVENTFORWARD_ACCESSORY + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS ACCESSORYCONNECTION_STATE + GROUP BY + ACCESSORYCONNECTION_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_activity_states.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_activity_states.txt new file mode 100644 index 0000000..bfac3c7 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_activity_states.txt @@ -0,0 +1,110 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Activity States + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS +VERSIONS=10.13,10.14,10.15,10.16,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_activity_states +ACTIVITY=Activity States +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.13,10.14,10.15,10.16,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + ACTIVITYID AS 'ACTIVITY ID', + STATE AS 'STATE', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLSTORAGEOPERATOR_EVENTFORWARD_ACTIVITYSTATES TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + ACTIVITYID, + STATE, + SYSTEM + FROM + ( + SELECT + PLSTORAGEOPERATOR_EVENTFORWARD_ACTIVITYSTATES.TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_ACTIVITYSTATES.ACTIVITYID, + PLSTORAGEOPERATOR_EVENTFORWARD_ACTIVITYSTATES.STATE, + PLSTORAGEOPERATOR_EVENTFORWARD_ACTIVITYSTATES.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLSTORAGEOPERATOR_EVENTFORWARD_ACTIVITYSTATES + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_airdrop.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_airdrop.txt new file mode 100644 index 0000000..f97b200 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_airdrop.txt @@ -0,0 +1,118 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Airdrop Connection infomation + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_airdrop +ACTIVITY=Airdrop Connection +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(AIRDROP_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + STATE, + SUBEVENT, + BUNDLEID AS BUNDLE_ID, + PID, + DATETIME(AIRDROP_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_AIRDROP_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + AIRDROP_ID AS "PLXPCAGENT_EVENTFORWARD_AIRDROP TABLE ID" + FROM + ( + SELECT + BUNDLEID, + AIRDROP_ID, + AIRDROP_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + SYSTEM, + PID, + SUBEVENT, + STATE + FROM + ( + SELECT + PLXPCAGENT_EVENTFORWARD_AIRDROP.TIMESTAMP AS AIRDROP_TIMESTAMP, + PLXPCAGENT_EVENTFORWARD_AIRDROP.BUNDLEID, + PLXPCAGENT_EVENTFORWARD_AIRDROP.PID, + PLXPCAGENT_EVENTFORWARD_AIRDROP.SUBEVENT, + PLXPCAGENT_EVENTFORWARD_AIRDROP.STATE, + PLXPCAGENT_EVENTFORWARD_AIRDROP.ID AS "AIRDROP_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM, + BUNDLEID + FROM + PLXPCAGENT_EVENTFORWARD_AIRDROP + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS AIRDROPSTATE + GROUP BY + AIRDROP_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_app_audio.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_app_audio.txt new file mode 100644 index 0000000..976f5f9 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_app_audio.txt @@ -0,0 +1,87 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Audio Routing via App + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_app_audio +ACTIVITY=App Audio Routing +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP, + DATETIME(TIMESTAMPLOGGED, 'UNIXEPOCH') AS "TIMESTAMP LOGGED", + OPERATION, + APPLICATIONNAME AS "APPLICATION NAME / BUNDLE ID", + ASSERTIONNAME AS "ASSERTION NAME", + AUDIOROUTE AS "AUDIO ROUTE", + MIRRORINGSTATE AS "MIRRORING STATE", + ASSERTIONID AS "ASERTION ID", + PID, + ID AS "PLAUDIOAGENT_EVENTPOINT_AUDIOAPP TABLE ID" + FROM + PLAUDIOAGENT_EVENTPOINT_AUDIOAPP \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_app_deletion.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_app_deletion.txt new file mode 100644 index 0000000..9064eba --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_app_deletion.txt @@ -0,0 +1,118 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Applications that have been recently deleted. + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_app_deletion +ACTIVITY=App Deletion +KEY_TIMESTAMP=APP DELETED DATE + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(APPDELETEDDATE, 'UNIXEPOCH') AS "APP DELETED DATE", + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP, + APPNAME AS "APP NAME", + APPEXECUTABLE AS "APP EXECUTABLE NAME", + APPBUNDLEID AS "BUNDLE ID", + APPBUILDVERSION AS "APP BUILD VERSION", + APPBUNDLEVERSION AS "APP BUNDLE VERSION", + APPTYPE AS "APP TYPE", + ID AS "PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS TABLE ID" + FROM + PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS + WHERE + APPDELETEDDATE > 0 + +[SQL Query 10] +QUERY= + SELECT + DATETIME(APPDELETEDDATE, 'UNIXEPOCH') AS "APP DELETED DATE", + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP, + APPNAME AS "APP NAME", + APPEXECUTABLE AS "APP EXECUTABLE NAME", + APPBUNDLEID AS "BUNDLE ID", + APPBUILDVERSION AS "APP BUILD VERSION", + APPBUNDLEVERSION AS "APP BUNDLE VERSION", + --APPTYPE AS "APP TYPE", + ID AS "PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS TABLE ID" + FROM + PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS + WHERE + APPDELETEDDATE > 0 + +[SQL Query 9] +QUERY= + SELECT + DATETIME(APPDELETEDDATE, 'UNIXEPOCH') AS "APP DELETED DATE", + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP, + APPNAME AS "APP NAME", + APPBUNDLEID AS "BUNDLE ID", + ID AS "PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS TABLE ID" + FROM + PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS + WHERE + APPDELETEDDATE > 0 \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_app_frontmost.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_app_frontmost.txt new file mode 100644 index 0000000..a7cbd10 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_app_frontmost.txt @@ -0,0 +1,113 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Frontmost Application + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS +VERSIONS=10.15,10.16 + +[Query Metadata] +QUERY_NAME=powerlog_app_frontmost +ACTIVITY=Frontmost App +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + BUNDLEID AS 'BUNDLE ID', + ASN AS 'ASN', + APPLICATIONTYPE AS 'APPLICATION TYPE', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLAPPLICATIONAGENT_EVENTFORWARD_FRONTMOSTAPP TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + BUNDLEID, + ASN, + APPLICATIONTYPE, + SYSTEM + FROM + ( + SELECT + PLAPPLICATIONAGENT_EVENTFORWARD_FRONTMOSTAPP.TIMESTAMP, + PLAPPLICATIONAGENT_EVENTFORWARD_FRONTMOSTAPP.BUNDLEID, + PLAPPLICATIONAGENT_EVENTFORWARD_FRONTMOSTAPP.ASN, + PLAPPLICATIONAGENT_EVENTFORWARD_FRONTMOSTAPP.APPLICATIONTYPE, + PLAPPLICATIONAGENT_EVENTFORWARD_FRONTMOSTAPP.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLAPPLICATIONAGENT_EVENTFORWARD_FRONTMOSTAPP + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_app_info.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_app_info.txt new file mode 100644 index 0000000..c827661 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_app_info.txt @@ -0,0 +1,120 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Get a listing of applications and associated data (app name, executable name, bundle ID, app version, app type and deletion date/status). Not really a log per se, but a good listing of application information. App Types: 1="Background iOS Service", 3=iOS Native Apps, 4=3rd Party Apps + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_app_info +ACTIVITY=App Info +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP, + APPNAME AS "APP NAME", + APPEXECUTABLE AS "APP EXECUTABLE NAME", + APPBUNDLEID AS "BUNDLE ID", + APPBUILDVERSION AS "APP BUILD VERSION", + APPBUNDLEVERSION AS "APP BUNDLE VERSION", + APPTYPE AS "APP TYPE", + CASE APPDELETEDDATE + WHEN 0 THEN "NOT DELETED" + ELSE DATETIME(APPDELETEDDATE, 'UNIXEPOCH') + END "APP DELETED DATE", + ID AS "PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS TABLE ID" + FROM + PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS + +[SQL Query 10] +QUERY= + SELECT + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP, + APPNAME AS "APP NAME", + APPEXECUTABLE AS "APP EXECUTABLE NAME", + APPBUNDLEID AS "BUNDLE ID", + APPBUILDVERSION AS "APP BUILD VERSION", + APPBUNDLEVERSION AS "APP BUNDLE VERSION", + CASE APPDELETEDDATE + WHEN 0 THEN "NOT DELETED" + ELSE DATETIME(APPDELETEDDATE, 'UNIXEPOCH') + END "APP DELETED DATE", + ID AS "PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS TABLE ID" + FROM + PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS + +[SQL Query 9] +QUERY= + SELECT + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP, + APPNAME AS "APP NAME", + APPBUNDLEID AS "BUNDLE ID", + CASE APPDELETEDDATE + WHEN 0 THEN "NOT DELETED" + ELSE DATETIME(APPDELETEDDATE, 'UNIXEPOCH') + END "APP DELETED DATE", + ID AS "PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS TABLE ID" + FROM + PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_app_info_macos.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_app_info_macos.txt new file mode 100644 index 0000000..195245c --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_app_info_macos.txt @@ -0,0 +1,140 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES= + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS +VERSIONS=10.15,10.16 + +[Query Metadata] +QUERY_NAME=powerlog_app_info_macos +ACTIVITY=App Info +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + NAME AS 'NAME', + EXECUTABLE AS 'EXECUTABLE', + CFDISPLAYNAME AS 'CF DISPLAY NAME', + LSDISPLAYNAME AS 'LS DISPLAY NAME', + BUNDLEID AS 'BUNDLE ID', + NUMERICVERSION AS 'NUMERIC VERSION', + SHORTVERSIONSTRING AS 'SHORT VERSION STRING', + VERSION AS 'VERSION', + PACKAGETYPE AS 'PACKAGE TYPE', + APPLICATIONTYPE AS 'APPLICATION TYPE', + BUILDMACHINEOSBUILD AS 'BUILD MACHINE OS BUILD', + ARCHITECTURE AS 'ARCHITECTURE', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLAPPLICATIONAGENT_EVENTNONE_APPINFO TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + NAME, + EXECUTABLE, + CFDISPLAYNAME, + LSDISPLAYNAME, + BUNDLEID, + NUMERICVERSION, + SHORTVERSIONSTRING, + VERSION, + PACKAGETYPE, + APPLICATIONTYPE, + BUILDMACHINEOSBUILD, + ARCHITECTURE, + SYSTEM + FROM + ( + SELECT + PLAPPLICATIONAGENT_EVENTNONE_APPINFO.TIMESTAMP, + PLAPPLICATIONAGENT_EVENTNONE_APPINFO.NAME, + PLAPPLICATIONAGENT_EVENTNONE_APPINFO.EXECUTABLE, + PLAPPLICATIONAGENT_EVENTNONE_APPINFO.CFDISPLAYNAME, + PLAPPLICATIONAGENT_EVENTNONE_APPINFO.LSDISPLAYNAME, + PLAPPLICATIONAGENT_EVENTNONE_APPINFO.BUNDLEID, + PLAPPLICATIONAGENT_EVENTNONE_APPINFO.NUMERICVERSION, + PLAPPLICATIONAGENT_EVENTNONE_APPINFO.SHORTVERSIONSTRING, + PLAPPLICATIONAGENT_EVENTNONE_APPINFO.VERSION, + PLAPPLICATIONAGENT_EVENTNONE_APPINFO.PACKAGETYPE, + PLAPPLICATIONAGENT_EVENTNONE_APPINFO.APPLICATIONTYPE, + PLAPPLICATIONAGENT_EVENTNONE_APPINFO.BUILDMACHINEOSBUILD, + PLAPPLICATIONAGENT_EVENTNONE_APPINFO.ARCHITECTURE, + PLAPPLICATIONAGENT_EVENTNONE_APPINFO.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLAPPLICATIONAGENT_EVENTNONE_APPINFO + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_app_lifecycle.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_app_lifecycle.txt new file mode 100644 index 0000000..c9b95ef --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_app_lifecycle.txt @@ -0,0 +1,119 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES= + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS +VERSIONS=10.15,10.16 + +[Query Metadata] +QUERY_NAME=powerlog_app_lifecycle +ACTIVITY=App Lifecycle +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + BUNDLEID AS 'BUNDLE ID', + EVENT AS 'EVENT', + ASN AS 'ASN', + PARENTASN AS 'PARENT ASN', + PID AS 'PID', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLAPPLICATIONAGENT_EVENTFORWARD_APPLIFECYCLE TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + BUNDLEID, + EVENT, + ASN, + PARENTASN, + PID, + SYSTEM + FROM + ( + SELECT + PLAPPLICATIONAGENT_EVENTFORWARD_APPLIFECYCLE.TIMESTAMP, + PLAPPLICATIONAGENT_EVENTFORWARD_APPLIFECYCLE.BUNDLEID, + PLAPPLICATIONAGENT_EVENTFORWARD_APPLIFECYCLE.EVENT, + PLAPPLICATIONAGENT_EVENTFORWARD_APPLIFECYCLE.ASN, + PLAPPLICATIONAGENT_EVENTFORWARD_APPLIFECYCLE.PARENTASN, + PLAPPLICATIONAGENT_EVENTFORWARD_APPLIFECYCLE.PID, + PLAPPLICATIONAGENT_EVENTFORWARD_APPLIFECYCLE.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLAPPLICATIONAGENT_EVENTFORWARD_APPLIFECYCLE + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_app_nowplaying.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_app_nowplaying.txt new file mode 100644 index 0000000..e9f27d1 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_app_nowplaying.txt @@ -0,0 +1,113 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=What app/service is playing something, or not. + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_app_nowplaying +ACTIVITY=App Now Playing +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10,11,12,13,14] +QUERY= + SELECT + DATETIME(NOWPLAYING_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + BUNDLEID AS "BUNDLE ID", + CASE STATE + WHEN "0" THEN "OFF" + WHEN "1" THEN "ON" + END AS "STATE", + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + NOWPLAYING_ID AS "PLAUDIOAGENT_EVENTFORWARD_NOWPLAYING TABLE ID" + FROM + ( + SELECT + NOWPLAYING_ID, + NOWPLAYING_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + BUNDLEID, + STATE, + SYSTEM + FROM + ( + SELECT + PLAUDIOAGENT_EVENTFORWARD_NOWPLAYING.TIMESTAMP AS NOWPLAYING_TIMESTAMP, + BUNDLEID, + STATE, + PLAUDIOAGENT_EVENTFORWARD_NOWPLAYING.ID AS "NOWPLAYING_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLAUDIOAGENT_EVENTFORWARD_NOWPLAYING + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS NOWPLAYING_STATE + GROUP BY + NOWPLAYING_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_app_usage.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_app_usage.txt new file mode 100644 index 0000000..7422d24 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_app_usage.txt @@ -0,0 +1,172 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Application/Device screen state/orientation + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=powerlog_app_usage +ACTIVITY=App Usage +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 11,12,13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(SCREEN_STATE_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + BUNDLEID AS BUNDLE_ID, + APPROLE, + DISPLAY, + LEVEL, + ORIENTATION, + SCREENWEIGHT, + DATETIME(SCREEN_STATE_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_SCREEN_STATE_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + SCREENSTATE_ID AS "PLSCREENSTATEAGENT_EVENTFORWARD_SCREENSTATE TABLE ID" + FROM + ( + SELECT + BUNDLEID, + SCREENSTATE_ID, + SCREEN_STATE_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + SYSTEM, + APPROLE, + DISPLAY, + LEVEL, + ORIENTATION, + SCREENWEIGHT + FROM + ( + SELECT + PLSCREENSTATEAGENT_EVENTFORWARD_SCREENSTATE.APPROLE AS APPROLE, + PLSCREENSTATEAGENT_EVENTFORWARD_SCREENSTATE.DISPLAY AS DISPLAY, + PLSCREENSTATEAGENT_EVENTFORWARD_SCREENSTATE.LEVEL AS LEVEL, + PLSCREENSTATEAGENT_EVENTFORWARD_SCREENSTATE.ORIENTATION AS ORIENTATION, + PLSCREENSTATEAGENT_EVENTFORWARD_SCREENSTATE.SCREENWEIGHT AS SCREENWEIGHT, + PLSCREENSTATEAGENT_EVENTFORWARD_SCREENSTATE.ID AS SCREENSTATE_ID, + PLSCREENSTATEAGENT_EVENTFORWARD_SCREENSTATE.TIMESTAMP AS SCREEN_STATE_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM, + BUNDLEID + FROM + PLSCREENSTATEAGENT_EVENTFORWARD_SCREENSTATE + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS SCREENSTATE + GROUP BY + SCREENSTATE_ID + ) + +[SQL Query 9,10] +QUERY= + SELECT + DATETIME(SCREEN_STATE_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + BUNDLEID AS BUNDLE_ID, + APPROLE, + DISPLAY, + LEVEL, + SCREENWEIGHT, + DATETIME(SCREEN_STATE_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_SCREEN_STATE_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + SCREENSTATE_ID AS "PLSCREENSTATEAGENT_EVENTFORWARD_SCREENSTATE TABLE ID" + FROM + ( + SELECT + BUNDLEID, + SCREENSTATE_ID, + SCREEN_STATE_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + SYSTEM, + APPROLE, + DISPLAY, + LEVEL, + SCREENWEIGHT + FROM + ( + SELECT + PLSCREENSTATEAGENT_EVENTFORWARD_SCREENSTATE.APPROLE AS APPROLE, + PLSCREENSTATEAGENT_EVENTFORWARD_SCREENSTATE.DISPLAY AS DISPLAY, + PLSCREENSTATEAGENT_EVENTFORWARD_SCREENSTATE.LEVEL AS LEVEL, + PLSCREENSTATEAGENT_EVENTFORWARD_SCREENSTATE.SCREENWEIGHT AS SCREENWEIGHT, + PLSCREENSTATEAGENT_EVENTFORWARD_SCREENSTATE.ID AS SCREENSTATE_ID, + PLSCREENSTATEAGENT_EVENTFORWARD_SCREENSTATE.TIMESTAMP AS SCREEN_STATE_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM, + BUNDLEID + FROM + PLSCREENSTATEAGENT_EVENTFORWARD_SCREENSTATE + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS SCREENSTATE + GROUP BY + SCREENSTATE_ID + ) diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_app_usage_by_hour.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_app_usage_by_hour.txt new file mode 100644 index 0000000..8f8ab73 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_app_usage_by_hour.txt @@ -0,0 +1,134 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Application usage by hour + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_app_usage_by_hour +ACTIVITY=App Usage by Hour +KEY_TIMESTAMP=HOUR OF DAY + +[SQL Query 10,11,12,13,14] +QUERY= + SELECT + DATETIME(APPUSAGE_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS "HOUR OF DAY", + TIMEINTERVAL / 60 AS "TIME INTERVAL (MINUTES)", + BUNDLEID AS "BUNDLE ID", + SCREENONTIME AS "SCREEN TIME (SECONDS)", + BACKGROUNDTIME AS "BACKGROUND TIME (SECONDS)", + BACKGROUNDAUDIONOWPLAYINGTIME AS "BACKGROUND AUDIO NOW PLAYING TIME (SECONDS)", + BACKGROUNDLOCATIONTIME AS "BACKGROUND LOCATION TIME (SECONDS)", + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + APPUSAGE_ID AS "PLAPPTIMESERVICE_AGGREGATE_APPRUNTIME TABLE ID" + FROM + ( + SELECT + APPUSAGE_ID, + APPUSAGE_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + TIMEINTERVAL, + BUNDLEID, + SCREENONTIME, + BACKGROUNDTIME, + BACKGROUNDAUDIONOWPLAYINGTIME, + BACKGROUNDLOCATIONTIME, + SYSTEM + FROM + ( + SELECT + PLAPPTIMESERVICE_AGGREGATE_APPRUNTIME.TIMESTAMP AS APPUSAGE_TIMESTAMP, + TIMEINTERVAL, + BUNDLEID, + SCREENONTIME, + BACKGROUNDTIME, + BACKGROUNDAUDIONOWPLAYINGTIME, + BACKGROUNDLOCATIONTIME, + PLAPPTIMESERVICE_AGGREGATE_APPRUNTIME.ID AS "APPUSAGE_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLAPPTIMESERVICE_AGGREGATE_APPRUNTIME + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS APPUSAGE_STATE + GROUP BY + APPUSAGE_ID + ) + +[SQL Query 9] +QUERY= + SELECT + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS "HOUR OF DAY", + TIMEINTERVAL / 60 AS "TIME INTERVAL (MINUTES)", + BUNDLEID AS "BUNDLE ID", + SCREENONTIME AS "SCREEN TIME (SECONDS)", + BACKGROUNDTIME AS "BACKGROUND TIME (SECONDS)", + ID AS "PLAPPTIMESERVICE_AGGREGATE_APPRUNTIME TABLE ID" + FROM + PLAPPTIMESERVICE_AGGREGATE_APPRUNTIME diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_assertion.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_assertion.txt new file mode 100644 index 0000000..8c7f910 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_assertion.txt @@ -0,0 +1,122 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Device/App Assertions + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS,IOS +VERSIONS=10.14,10.15,10.16,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_assertion +ACTIVITY=Device/App Assertions +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.14,10.15,10.16,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + ASSERTNAME AS 'ASSERT NAME', + ACTION AS 'ACTION', + ASSERTTYPE AS 'ASSERT TYPE', + ASSERTIONONBEHALFOFPID AS 'ASSETION ON BEHALF OF PID', + GLOBALUNIQUEID AS 'GLOBAL UNIQUE ID', + TIMESTAMPACTIONOFFSET AS 'TIMESTAMP ACTION OFFSET', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLPOWERASSERTIONAGENT_EVENTFORWARD_ASSERTION TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + TIMESTAMPACTIONOFFSET, + ACTION, + ASSERTNAME, + ASSERTTYPE, + ASSERTIONONBEHALFOFPID, + GLOBALUNIQUEID, + SYSTEM + FROM + ( + SELECT + PLPOWERASSERTIONAGENT_EVENTFORWARD_ASSERTION.TIMESTAMP, + PLPOWERASSERTIONAGENT_EVENTFORWARD_ASSERTION.TIMESTAMPACTIONOFFSET, + PLPOWERASSERTIONAGENT_EVENTFORWARD_ASSERTION.ACTION, + PLPOWERASSERTIONAGENT_EVENTFORWARD_ASSERTION.ASSERTNAME, + PLPOWERASSERTIONAGENT_EVENTFORWARD_ASSERTION.ASSERTTYPE, + PLPOWERASSERTIONAGENT_EVENTFORWARD_ASSERTION.ASSERTIONONBEHALFOFPID, + PLPOWERASSERTIONAGENT_EVENTFORWARD_ASSERTION.GLOBALUNIQUEID, + PLPOWERASSERTIONAGENT_EVENTFORWARD_ASSERTION.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLPOWERASSERTIONAGENT_EVENTFORWARD_ASSERTION + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_audio_routing.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_audio_routing.txt new file mode 100644 index 0000000..af1800e --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_audio_routing.txt @@ -0,0 +1,126 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Power Log Audio Output (ie: Speaker/CarAudioOutput/HeadphonesBT) of different categories (ie: Audio/Video, VoiceCommand, MediaPlayback). + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_audio_routing +ACTIVITY=Audio Routing +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(AUDIOROUTE_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + ACTIVEROUTE, + CASE ACTIVE + WHEN "0" THEN "NO" + WHEN "1" THEN "YES" + END "ACTIVE", + ACTIVEPID AS "ACTIVE PID", + OUTPUTCATEGORY AS "OUTPUT CATEGORY", + HEADSETHASINPUT AS "HEADSET HAS INPUT", + HEADPHONESCONNECTED AS "HEADPHONES CONNECTED", + DATETIME(AUDIOROUTE_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_AUDIOROUTE_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + AUDIOROUTE_ID AS "PLAUDIOAGENT_EVENTFORWARD_ROUTING TABLE ID" + FROM + ( + SELECT + AUDIOROUTE_ID, + AUDIOROUTE_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + ACTIVEROUTE, + ACTIVE, + ACTIVEPID, + OUTPUTCATEGORY, + HEADSETHASINPUT, + HEADPHONESCONNECTED, + SYSTEM + FROM + ( + SELECT + PLAUDIOAGENT_EVENTFORWARD_ROUTING.TIMESTAMP AS AUDIOROUTE_TIMESTAMP, + ACTIVEROUTE, + ACTIVE, + ACTIVEPID, + OUTPUTCATEGORY, + HEADSETHASINPUT, + HEADPHONESCONNECTED, + PLAUDIOAGENT_EVENTFORWARD_ROUTING.ID AS "AUDIOROUTE_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLAUDIOAGENT_EVENTFORWARD_ROUTING + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS AUDIOROUTE_STATE + GROUP BY + AUDIOROUTE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_audio_volume.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_audio_volume.txt new file mode 100644 index 0000000..b71c3a9 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_audio_volume.txt @@ -0,0 +1,125 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Device Volume + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS +VERSIONS=10.15,10.16 + +[Query Metadata] +QUERY_NAME=powerlog_audio_volume +ACTIVITY=Audio Volume +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + DEVICEID AS 'DEVICE ID', + ISINPUT AS 'IS INPUT', + ISRUNNING AS 'IS RUNNING', + SOURCEID AS 'SOURCE ID', + TRANSTYPE AS 'TRANS TYPE', + VOLUME AS 'VOLUME', + DATETIME(TIMESTAMPLOGGED + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_LOGGED_TIMESTAMP, + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLAUDIOAGENT_EVENTFORWARD_AUDIODEVICE TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + TIMESTAMPLOGGED, + DEVICEID, + ISINPUT, + ISRUNNING, + SOURCEID, + TRANSTYPE, + VOLUME, + SYSTEM + FROM + ( + SELECT + PLAUDIOAGENT_EVENTFORWARD_AUDIODEVICE.TIMESTAMP, + PLAUDIOAGENT_EVENTFORWARD_AUDIODEVICE.TIMESTAMPLOGGED, + PLAUDIOAGENT_EVENTFORWARD_AUDIODEVICE.DEVICEID, + PLAUDIOAGENT_EVENTFORWARD_AUDIODEVICE.ISINPUT, + PLAUDIOAGENT_EVENTFORWARD_AUDIODEVICE.ISRUNNING, + PLAUDIOAGENT_EVENTFORWARD_AUDIODEVICE.SOURCEID, + PLAUDIOAGENT_EVENTFORWARD_AUDIODEVICE.TRANSTYPE, + PLAUDIOAGENT_EVENTFORWARD_AUDIODEVICE.VOLUME, + PLAUDIOAGENT_EVENTFORWARD_AUDIODEVICE.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLAUDIOAGENT_EVENTFORWARD_AUDIODEVICE + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_awdl_states.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_awdl_states.txt new file mode 100644 index 0000000..6925a78 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_awdl_states.txt @@ -0,0 +1,107 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Apple Wireless Direct Link (AWDL) State + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS,IOS +VERSIONS=10.15,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_awdl_states +ACTIVITY=AWDL State +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + AWDLDOWN AS 'AWDL DOWN', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLWIFIAGENT_EVENTFORWARD_AWDLSTATE TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + AWDLDOWN, + SYSTEM + FROM + ( + SELECT + PLWIFIAGENT_EVENTFORWARD_AWDLSTATE.TIMESTAMP, + PLWIFIAGENT_EVENTFORWARD_AWDLSTATE.AWDLDOWN, + PLWIFIAGENT_EVENTFORWARD_AWDLSTATE.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLWIFIAGENT_EVENTFORWARD_AWDLSTATE + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_backcamera_state.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_backcamera_state.txt new file mode 100644 index 0000000..1fac24c --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_backcamera_state.txt @@ -0,0 +1,115 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Records when back camera is in use. + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9 + +[Query Metadata] +QUERY_NAME=powerlog_backcamera_state +ACTIVITY=Back Camera State +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9] +QUERY= + SELECT + DATETIME(CAMERA_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + BUNDLEID AS BUNDLE_ID, + CASE STATE + WHEN "0" THEN "OFF" + WHEN "1" THEN "ON" + END AS STATE, + DATETIME(CAMERA_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_CAMERA_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + CAMERA_ID AS "PLCAMERAAGENT_EVENTFORWARD_BACKCAMERA TABLE ID" + FROM + ( + SELECT + BUNDLEID, + CAMERA_ID, + CAMERA_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + SYSTEM, + STATE + FROM + ( + SELECT + PLCAMERAAGENT_EVENTFORWARD_BACKCAMERA.TIMESTAMP AS CAMERA_TIMESTAMP, + PLCAMERAAGENT_EVENTFORWARD_BACKCAMERA.BUNDLEID, + PLCAMERAAGENT_EVENTFORWARD_BACKCAMERA.STATE, + PLCAMERAAGENT_EVENTFORWARD_BACKCAMERA.ID AS "CAMERA_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM, + BUNDLEID + FROM + PLCAMERAAGENT_EVENTFORWARD_BACKCAMERA + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS CAMERASTATE + GROUP BY + CAMERA_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_backlight_brightness.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_backlight_brightness.txt new file mode 100644 index 0000000..bad6180 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_backlight_brightness.txt @@ -0,0 +1,108 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Display Brightness + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS,IOS +VERSIONS=10.15,10.16,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_backlight_brightness +ACTIVITY=Blacklight Brightness +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + LINEARBRIGHTNESS AS 'LINEAR BRIGHTNESS', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLXPCAGENT_EVENTFORWARD_APPLEBACKLIGHTBRIGHTNESS TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + TIMESTAMP, + LINEARBRIGHTNESS, + SYSTEM + FROM + ( + SELECT + PLXPCAGENT_EVENTFORWARD_APPLEBACKLIGHTBRIGHTNESS.TIMESTAMP, + PLXPCAGENT_EVENTFORWARD_APPLEBACKLIGHTBRIGHTNESS.LINEARBRIGHTNESS, + PLXPCAGENT_EVENTFORWARD_APPLEBACKLIGHTBRIGHTNESS.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLXPCAGENT_EVENTFORWARD_APPLEBACKLIGHTBRIGHTNESS + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_battery_level.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_battery_level.txt new file mode 100644 index 0000000..e049494 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_battery_level.txt @@ -0,0 +1,116 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Battery Level + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS,MACOS +VERSIONS=9,10,11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=powerlog_battery_level +ACTIVITY=Battery Level +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,10.13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + LEVEL AS 'LEVEL', + RAWLEVEL AS 'RAW LEVEL', + ISCHARGING AS 'IS CHARGING', + FULLYCHARGED AS 'FULLY CHARGED', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLBATTERYAGENT_EVENTBACKWARD_BATTERY TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + LEVEL, + RAWLEVEL, + ISCHARGING, + FULLYCHARGED, + SYSTEM + FROM + ( + SELECT + PLBATTERYAGENT_EVENTBACKWARD_BATTERY.TIMESTAMP, + PLBATTERYAGENT_EVENTBACKWARD_BATTERY.LEVEL, + PLBATTERYAGENT_EVENTBACKWARD_BATTERY.RAWLEVEL, + PLBATTERYAGENT_EVENTBACKWARD_BATTERY.ISCHARGING, + PLBATTERYAGENT_EVENTBACKWARD_BATTERY.FULLYCHARGED, + PLBATTERYAGENT_EVENTBACKWARD_BATTERY.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLBATTERYAGENT_EVENTBACKWARD_BATTERY + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_battery_level_ui.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_battery_level_ui.txt new file mode 100644 index 0000000..496f982 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_battery_level_ui.txt @@ -0,0 +1,107 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES= + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS,MACOS +VERSIONS=9,10,11,12,13,14,10.16 + +[Query Metadata] +QUERY_NAME=powerlog_battery_level_ui +ACTIVITY=Battery Level UI +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,14,10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + LEVEL AS 'LEVEL', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLBATTERYAGENT_EVENTBACKWARD_BATTERYUI TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + LEVEL, + SYSTEM + FROM + ( + SELECT + PLBATTERYAGENT_EVENTBACKWARD_BATTERYUI.TIMESTAMP, + PLBATTERYAGENT_EVENTBACKWARD_BATTERYUI.LEVEL, + PLBATTERYAGENT_EVENTBACKWARD_BATTERYUI.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLBATTERYAGENT_EVENTBACKWARD_BATTERYUI + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_bluetooth_device_state.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_bluetooth_device_state.txt new file mode 100644 index 0000000..5b0396f --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_bluetooth_device_state.txt @@ -0,0 +1,129 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Keeps track of Bluetooth state on device, discoverability, connection, etc. + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS,MACOS +VERSIONS=9,10,11,12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=powerlog_bluetooth_device_state +ACTIVITY=Bluetooth State +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(BLUETOOTHSTATE_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + CASE DEVICECONNECTABLE + WHEN "0" THEN "NO" + WHEN "1" THEN "YES" + END AS "DEVICE CONNECTABLE", + CASE DEVICECONNECTED + WHEN "0" THEN "NO" + WHEN "1" THEN "YES" + END AS "DEVICE CONNECTED", + CASE DEVICEDISCOVERABLE + WHEN "0" THEN "NO" + WHEN "1" THEN "YES" + END AS "DEVICE DISCOVERABLE", + CASE DEVICEPOWERED + WHEN "0" THEN "NO" + WHEN "1" THEN "YES" + END AS "DEVICE POWERED", + DATETIME(BLUETOOTHSTATE_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_BLUETOOTHSTATE_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + BLUETOOTHSTATE_ID AS "PLBLUETOOTHAGENT_EVENTFORWARD_DEVICESTATE TABLE ID" + FROM + ( + SELECT + BLUETOOTHSTATE_ID, + BLUETOOTHSTATE_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + DEVICECONNECTABLE, + DEVICECONNECTED, + DEVICEDISCOVERABLE, + DEVICEPOWERED, + SYSTEM + FROM + ( + SELECT + PLBLUETOOTHAGENT_EVENTFORWARD_DEVICESTATE.TIMESTAMP AS BLUETOOTHSTATE_TIMESTAMP, + DEVICECONNECTABLE, + DEVICECONNECTED, + DEVICEDISCOVERABLE, + DEVICEPOWERED, + PLBLUETOOTHAGENT_EVENTFORWARD_DEVICESTATE.ID AS "BLUETOOTHSTATE_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLBLUETOOTHAGENT_EVENTFORWARD_DEVICESTATE + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS BLUETOOTHSTATE_STATE + GROUP BY + BLUETOOTHSTATE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_button_state.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_button_state.txt new file mode 100644 index 0000000..db63d6f --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_button_state.txt @@ -0,0 +1,81 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Button State + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_button_state +ACTIVITY=Button State +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10,11,12,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP, + BUTTONTYPE AS "BUTTON TYPE", + EVENTTYPE AS "EVENT TYPE", + ID AS "PLBUTTONAGENT_EVENTPOINT_BUTTONTABLE TABLE ID" + FROM + PLBUTTONAGENT_EVENTPOINT_BUTTON \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_camera_state.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_camera_state.txt new file mode 100644 index 0000000..6107dc3 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_camera_state.txt @@ -0,0 +1,166 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Records when and which camera is in use. + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS,MACOS +VERSIONS=11,12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=powerlog_camera_state +ACTIVITY=Camera State +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16] +QUERY= + SELECT + DATETIME(CAMERA_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + CASE STATE + WHEN "0" THEN "OFF" + WHEN "1" THEN "ON" + END AS STATE, + CASE CAMERA_TYPE + WHEN "2" THEN "FRONT" + WHEN "0" THEN "BACK" + END AS CAMERA_TYPE, + DATETIME(CAMERA_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_CAMERA_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + CAMERA_ID AS "PLCAMERAAGENT_EVENTFORWARD_CAMERA TABLE ID" + FROM + ( + SELECT + CAMERA_ID, + CAMERA_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + SYSTEM, + CAMERA_TYPE, + STATE + FROM + ( + SELECT + PLCAMERAAGENT_EVENTFORWARD_CAMERA.TIMESTAMP AS CAMERA_TIMESTAMP, + PLCAMERAAGENT_EVENTFORWARD_CAMERA.CAMERATYPE AS "CAMERA_TYPE", + PLCAMERAAGENT_EVENTFORWARD_CAMERA.STATE, + PLCAMERAAGENT_EVENTFORWARD_CAMERA.ID AS "CAMERA_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLCAMERAAGENT_EVENTFORWARD_CAMERA + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS CAMERASTATE + GROUP BY + CAMERA_ID + ) + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(CAMERA_TIMESTAMP + SYSTEM, 'unixepoch') AS ADJUSTED_TIMESTAMP, + BUNDLEID AS BUNDLE_ID, + CASE STATE + WHEN "0" THEN "OFF" + WHEN "1" THEN "ON" + END AS STATE, + CASE CAMERA_TYPE + WHEN "2" THEN "FRONT" + WHEN "0" THEN "BACK" + END AS CAMERA_TYPE, + DATETIME(CAMERA_TIMESTAMP, 'unixepoch') AS ORIGINAL_CAMERA_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'unixepoch') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + CAMERA_ID AS "PLCAMERAAGENT_EVENTFORWARD_CAMERA TABLE ID" + FROM + ( + SELECT + BUNDLEID, + CAMERA_ID, + CAMERA_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS max_id, + SYSTEM, + CAMERA_TYPE, + STATE + FROM + ( + SELECT + PLCAMERAAGENT_EVENTFORWARD_CAMERA.TIMESTAMP AS CAMERA_TIMESTAMP, + PLCAMERAAGENT_EVENTFORWARD_CAMERA.BUNDLEID, + PLCAMERAAGENT_EVENTFORWARD_CAMERA.CAMERATYPE AS "CAMERA_TYPE", + PLCAMERAAGENT_EVENTFORWARD_CAMERA.STATE, + PLCAMERAAGENT_EVENTFORWARD_CAMERA.ID AS "CAMERA_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLCAMERAAGENT_EVENTFORWARD_CAMERA + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS CAMERASTATE + GROUP BY + CAMERA_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_clamshell_state.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_clamshell_state.txt new file mode 100644 index 0000000..b94a799 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_clamshell_state.txt @@ -0,0 +1,110 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Laptop Open/Close + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS +VERSIONS=10.15,10.16 + +[Query Metadata] +QUERY_NAME=powerlog_clamshell_state +ACTIVITY=Clamshell State +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + CASE CLOSED + WHEN 0 THEN "OPEN" + WHEN 1 THEN "CLOSED" + END 'CLOSED', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLPERIPHERALAGENT_EVENTFORWARD_CLAMSHELLSTATE TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + TIMESTAMP, + CLOSED, + SYSTEM + FROM + ( + SELECT + PLPERIPHERALAGENT_EVENTFORWARD_CLAMSHELLSTATE.TIMESTAMP, + PLPERIPHERALAGENT_EVENTFORWARD_CLAMSHELLSTATE.CLOSED, + PLPERIPHERALAGENT_EVENTFORWARD_CLAMSHELLSTATE.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLPERIPHERALAGENT_EVENTFORWARD_CLAMSHELLSTATE + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_coalition_interval.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_coalition_interval.txt new file mode 100644 index 0000000..2cd8dd7 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_coalition_interval.txt @@ -0,0 +1,137 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=App Coalition Information + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS,IOS +VERSIONS=10.14,10.15,10.16,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_coalition_interval +ACTIVITY=Coalition Interval +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.14,10.15,10.16,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + BUNDLEID AS 'BUNDLE ID', + LAUNCHDCOALITIONID AS 'LAUNCHD COALITION ID', + LAUNCHDNAME AS 'LAUNCHD NAME', + BYTESREAD AS 'BYTES READ', + BYTESWRITTEN AS 'BYTES WRITTEN', + CPU_INSTRUCTIONS AS 'CPU INSTRUCITONS', + CPU_TIME AS 'CPU TIME', + GPU_TIME AS 'GPU TIME', + TASKS_STARTED AS 'TASKS STARTED', + TASKS_EXITED AS 'TASKS EXITED', + DATETIME(TIMESTAMPEND + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_END_TIMESTAMP, + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLCOALITIONAGENT_EVENTINTERVAL_COALITIONINTERVAL TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + TIMESTAMPEND, + BUNDLEID, + LAUNCHDCOALITIONID, + LAUNCHDNAME, + BYTESREAD, + BYTESWRITTEN, + CPU_INSTRUCTIONS, + CPU_TIME, + GPU_TIME, + TASKS_STARTED, + TASKS_EXITED, + SYSTEM + FROM + ( + SELECT + PLCOALITIONAGENT_EVENTINTERVAL_COALITIONINTERVAL.TIMESTAMP, + PLCOALITIONAGENT_EVENTINTERVAL_COALITIONINTERVAL.TIMESTAMPEND, + PLCOALITIONAGENT_EVENTINTERVAL_COALITIONINTERVAL.BUNDLEID, + PLCOALITIONAGENT_EVENTINTERVAL_COALITIONINTERVAL.LAUNCHDCOALITIONID, + PLCOALITIONAGENT_EVENTINTERVAL_COALITIONINTERVAL.LAUNCHDNAME, + PLCOALITIONAGENT_EVENTINTERVAL_COALITIONINTERVAL.BYTESREAD, + PLCOALITIONAGENT_EVENTINTERVAL_COALITIONINTERVAL.BYTESWRITTEN, + PLCOALITIONAGENT_EVENTINTERVAL_COALITIONINTERVAL.CPU_INSTRUCTIONS, + PLCOALITIONAGENT_EVENTINTERVAL_COALITIONINTERVAL.CPU_TIME, + PLCOALITIONAGENT_EVENTINTERVAL_COALITIONINTERVAL.GPU_TIME, + PLCOALITIONAGENT_EVENTINTERVAL_COALITIONINTERVAL.TASKS_STARTED, + PLCOALITIONAGENT_EVENTINTERVAL_COALITIONINTERVAL.TASKS_EXITED, + PLCOALITIONAGENT_EVENTINTERVAL_COALITIONINTERVAL.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLCOALITIONAGENT_EVENTINTERVAL_COALITIONINTERVAL + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_device_lock_state.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_device_lock_state.txt new file mode 100644 index 0000000..ca21665 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_device_lock_state.txt @@ -0,0 +1,111 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Records when the device is locked or unlocked. + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_device_lock_state +ACTIVITY=Lock State +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(LOCKSTATE_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + CASE LOCKED + WHEN "0" THEN "DEVICE UNLOCKED" + WHEN "1" THEN "DEVICE LOCKED" + END AS "LOCK STATUS", + DATETIME(LOCKSTATE_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_LOCKSTATE_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + LOCKSTATE_ID AS "PLSPRINGBOARDAGENT_EVENTFORWARD_SBLOCK TABLE ID" + FROM + ( + SELECT + LOCKSTATE_ID, + LOCKSTATE_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + LOCKED, + SYSTEM + FROM + ( + SELECT + PLSPRINGBOARDAGENT_EVENTFORWARD_SBLOCK.TIMESTAMP AS LOCKSTATE_TIMESTAMP, + LOCKED, + PLSPRINGBOARDAGENT_EVENTFORWARD_SBLOCK.ID AS "LOCKSTATE_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLSPRINGBOARDAGENT_EVENTFORWARD_SBLOCK + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS LOCKSTATE_STATE + GROUP BY + LOCKSTATE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_device_screen.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_device_screen.txt new file mode 100644 index 0000000..c25b3d4 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_device_screen.txt @@ -0,0 +1,108 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Records which Springboard screen device is on. Homescreen(s)=2 Widgets=19, Control Center=5, Lock Screen=9, Pin Unlock Screen=15, Blank Screen=0, App Switcher=4, Spotlight Search=18, Lock Screen Camera=11, Lock Screen Widgets=17 + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_device_screen +ACTIVITY=Springboard Screen State +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(SCREENSTATE_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + SCREEN, + DATETIME(SCREENSTATE_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_SCREENSTATE_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + SCREENSTATE_ID AS "PLSPRINGBOARDAGENT_EVENTFORWARD_SBSCREEN TABLE ID" + FROM + ( + SELECT + SCREENSTATE_ID, + SCREENSTATE_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + SCREEN, + SYSTEM + FROM + ( + SELECT + PLSPRINGBOARDAGENT_EVENTFORWARD_SBSCREEN.TIMESTAMP AS SCREENSTATE_TIMESTAMP, + SCREEN, + PLSPRINGBOARDAGENT_EVENTFORWARD_SBSCREEN.ID AS "SCREENSTATE_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLSPRINGBOARDAGENT_EVENTFORWARD_SBSCREEN + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS SCREENSTATE_STATE + GROUP BY + SCREENSTATE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_device_screen_autolock.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_device_screen_autolock.txt new file mode 100644 index 0000000..e17d5b0 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_device_screen_autolock.txt @@ -0,0 +1,107 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Records the Auto-Lock timestamp. + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_device_screen_autolock +ACTIVITY=Screen Unlock State +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(SBAUTOLOCK_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + AUTOLOCKTYPE AS "AUTO LOCK TYPE", + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + SBAUTOLOCK_ID AS "PLSPRINGBOARDAGENT_EVENTPOINT_SBAUTOLOCK TABLE ID" + FROM + ( + SELECT + SBAUTOLOCK_ID, + SBAUTOLOCK_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + AUTOLOCKTYPE, + SYSTEM + FROM + ( + SELECT + PLSPRINGBOARDAGENT_EVENTPOINT_SBAUTOLOCK.TIMESTAMP AS SBAUTOLOCK_TIMESTAMP, + AUTOLOCKTYPE, + PLSPRINGBOARDAGENT_EVENTPOINT_SBAUTOLOCK.ID AS "SBAUTOLOCK_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLSPRINGBOARDAGENT_EVENTPOINT_SBAUTOLOCK + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS SBAUTOLOCK_STATE + GROUP BY + SBAUTOLOCK_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_device_state.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_device_state.txt new file mode 100644 index 0000000..ff85ddf --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_device_state.txt @@ -0,0 +1,131 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Device Peripherals State + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS +VERSIONS=10.15,10.16 + +[Query Metadata] +QUERY_NAME=powerlog_device_state +ACTIVITY=Peripheral State +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + BUSVERSIONORSPEED AS 'BUS VERSION OR SPEED', + DEVICENAME AS 'DEVICE NAME', + DEVICETYPE AS 'DEVICE TYPE', + ISBUILTIN AS 'IS BUILT IN', + NOWCONNECTED AS 'NOW CONNECTED', + PRODUCTID AS 'PRODUCT ID', + REGISTERENTRYID AS 'REGISTRY ENTRY ID', + THUNDERBOLTREVISIONID AS 'THUNDERBOLT REVISION ID', + VENDORID AS 'VENDOR ID', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLPERIPHERALAGENT_EVENTFORWARD_DEVICESTATE TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + BUSVERSIONORSPEED, + DEVICENAME, + DEVICETYPE, + ISBUILTIN, + NOWCONNECTED, + PRODUCTID, + REGISTERENTRYID, + THUNDERBOLTREVISIONID, + VENDORID, + SYSTEM + FROM + ( + SELECT + PLPERIPHERALAGENT_EVENTFORWARD_DEVICESTATE.TIMESTAMP, + PLPERIPHERALAGENT_EVENTFORWARD_DEVICESTATE.BUSVERSIONORSPEED, + PLPERIPHERALAGENT_EVENTFORWARD_DEVICESTATE.DEVICENAME, + PLPERIPHERALAGENT_EVENTFORWARD_DEVICESTATE.DEVICETYPE, + PLPERIPHERALAGENT_EVENTFORWARD_DEVICESTATE.ISBUILTIN, + PLPERIPHERALAGENT_EVENTFORWARD_DEVICESTATE.NOWCONNECTED, + PLPERIPHERALAGENT_EVENTFORWARD_DEVICESTATE.PRODUCTID, + PLPERIPHERALAGENT_EVENTFORWARD_DEVICESTATE.REGISTERENTRYID, + PLPERIPHERALAGENT_EVENTFORWARD_DEVICESTATE.THUNDERBOLTREVISIONID, + PLPERIPHERALAGENT_EVENTFORWARD_DEVICESTATE.VENDORID, + PLPERIPHERALAGENT_EVENTFORWARD_DEVICESTATE.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLPERIPHERALAGENT_EVENTFORWARD_DEVICESTATE + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_device_telephony_activity.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_device_telephony_activity.txt new file mode 100644 index 0000000..0d4b076 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_device_telephony_activity.txt @@ -0,0 +1,89 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Telephony Activity + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_device_telephony_activity +ACTIVITY=Telephony Activity +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP, + AIRPLANEMODE AS "AIRPLANE MODE", + CALLSTATUS AS "CALL STATUS", + SIGNALBARS AS "SIGNALS BARS", + SIGNALSTRENGTH AS "SIGNAL STRENGTH", + CAMPEDRAT AS "CAMPED RAT", + CURRENTRAT AS "CURRENT RAT", + PREFERREDRAT AS "PREFERRED RAT", + ACTIVEBAND AS "ACTIVE BAND", + DATASTATUS AS "DATA STATUS", + SIMSTATUS AS "SIM STATUS", + ID AS "PLBBAGENT_EVENTPOINT_TELEPHONYACTIVITY TABLE ID" + FROM + PLBBAGENT_EVENTPOINT_TELEPHONYACTIVITY \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_device_telephony_registration.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_device_telephony_registration.txt new file mode 100644 index 0000000..10bacc2 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_device_telephony_registration.txt @@ -0,0 +1,129 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Records telephony registration details such AS carrier and service. + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_device_telephony_registration +ACTIVITY=Telephony Registration +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(TELEPHONYREG_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + DATAIND AS "SERVICE", + OPERATOR AS "OPERATOR", + STATUS AS "STATUS", + CELLID AS "CELL ID", + DATAACTIVE AS "DATA ACTIVE", + DATAATTACHED AS "DATA ATTACHED", + HOME AS "HOME", + LAC AS "LAC", + DATETIME(TELEPHONYREG_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TELEPHONYREG_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TELEPHONYREG_ID AS "PLBBAGENT_EVENTFORWARD_TELEPHONYREGISTRATION TABLE ID" + FROM + ( + SELECT + TELEPHONYREG_ID, + TELEPHONYREG_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + DATAIND, + OPERATOR, + STATUS, + CELLID, + DATAACTIVE, + DATAATTACHED, + HOME, + LAC, + SYSTEM + FROM + ( + SELECT + PLBBAGENT_EVENTFORWARD_TELEPHONYREGISTRATION.TIMESTAMP AS TELEPHONYREG_TIMESTAMP, + DATAIND, + OPERATOR, + STATUS, + CELLID, + DATAACTIVE, + DATAATTACHED, + HOME, + LAC, + PLBBAGENT_EVENTFORWARD_TELEPHONYREGISTRATION.ID AS "TELEPHONYREG_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLBBAGENT_EVENTFORWARD_TELEPHONYREGISTRATION + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS TELEPHONYREG_STATE + GROUP BY + TELEPHONYREG_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_device_volume.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_device_volume.txt new file mode 100644 index 0000000..3887677 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_device_volume.txt @@ -0,0 +1,114 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Volume Percentage + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_device_volume +ACTIVITY=Device Volume +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(VOLUME_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + VOLUME AS "VOLUME PERCENTAGE", + CASE MUTED + WHEN "0" THEN "NO" + WHEN "1" THEN "YES" + END AS "MUTED", + DATETIME(VOLUME_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_VOLUME_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + VOLUME_ID AS "PLAUDIOAGENT_EVENTFORWARD_OUTPUT TABLE ID" + FROM + ( + SELECT + VOLUME_ID, + VOLUME_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + VOLUME, + MUTED, + SYSTEM + FROM + ( + SELECT + PLAUDIOAGENT_EVENTFORWARD_OUTPUT.TIMESTAMP AS VOLUME_TIMESTAMP, + VOLUME, + MUTED, + PLAUDIOAGENT_EVENTFORWARD_OUTPUT.ID AS "VOLUME_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLAUDIOAGENT_EVENTFORWARD_OUTPUT + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS VOLUME_STATE + GROUP BY + VOLUME_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_display.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_display.txt new file mode 100644 index 0000000..52145c5 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_display.txt @@ -0,0 +1,110 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Display + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS,IOS +VERSIONS=10.15,10.16,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_display +ACTIVITY=Display +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + BLOCK AS 'BLOCK', + ACTIVE AS 'ACTIVE', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLDISPLAYAGENT_EVENTPOINT_DISPLAY TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + BLOCK, + ACTIVE, + SYSTEM + FROM + ( + SELECT + PLDISPLAYAGENT_EVENTPOINT_DISPLAY.TIMESTAMP, + PLDISPLAYAGENT_EVENTPOINT_DISPLAY.BLOCK, + PLDISPLAYAGENT_EVENTPOINT_DISPLAY.ACTIVE, + PLDISPLAYAGENT_EVENTPOINT_DISPLAY.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLDISPLAYAGENT_EVENTPOINT_DISPLAY + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_display_brightness.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_display_brightness.txt new file mode 100644 index 0000000..45d8dc7 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_display_brightness.txt @@ -0,0 +1,108 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Screen Brightness Percentage + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_display_brightness +ACTIVITY=Screen Brightness +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(BRIGHTNESS_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + BRIGHTNESS, + DATETIME(BRIGHTNESS_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_BRIGHTNESS_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + BRIGHTNESS_ID AS "PLDISPLAYAGENT_EVENTFORWARD_DISPLAY TABLE ID" + FROM + ( + SELECT + BRIGHTNESS_ID, + BRIGHTNESS_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + BRIGHTNESS, + SYSTEM + FROM + ( + SELECT + PLDISPLAYAGENT_EVENTFORWARD_DISPLAY.TIMESTAMP AS BRIGHTNESS_TIMESTAMP, + BRIGHTNESS, + PLDISPLAYAGENT_EVENTFORWARD_DISPLAY.ID AS "BRIGHTNESS_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLDISPLAYAGENT_EVENTFORWARD_DISPLAY + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS BRIGHTNESS_STATE + GROUP BY + BRIGHTNESS_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_frontcamera_state.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_frontcamera_state.txt new file mode 100644 index 0000000..03daa15 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_frontcamera_state.txt @@ -0,0 +1,115 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Records when front camera is in use. + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9 + +[Query Metadata] +QUERY_NAME=powerlog_frontcamera_state +ACTIVITY=Front Camera Status +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9] +QUERY= + SELECT + DATETIME(CAMERA_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + BUNDLEID AS BUNDLE_ID, + CASE STATE + WHEN "0" THEN "OFF" + WHEN "1" THEN "ON" + END AS STATE, + DATETIME(CAMERA_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_CAMERA_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + CAMERA_ID AS "PLCAMERAAGENT_EVENTFORWARD_FRONTCAMERA TABLE ID" + FROM + ( + SELECT + BUNDLEID, + CAMERA_ID, + CAMERA_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + SYSTEM, + STATE + FROM + ( + SELECT + PLCAMERAAGENT_EVENTFORWARD_FRONTCAMERA.TIMESTAMP AS CAMERA_TIMESTAMP, + PLCAMERAAGENT_EVENTFORWARD_FRONTCAMERA.BUNDLEID, + PLCAMERAAGENT_EVENTFORWARD_FRONTCAMERA.STATE, + PLCAMERAAGENT_EVENTFORWARD_FRONTCAMERA.ID AS "CAMERA_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM, + BUNDLEID + FROM + PLCAMERAAGENT_EVENTFORWARD_FRONTCAMERA + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS CAMERASTATE + GROUP BY + CAMERA_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_ids_messages.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_ids_messages.txt new file mode 100644 index 0000000..8eb6684 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_ids_messages.txt @@ -0,0 +1,86 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=IDS Messages + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_ids_messages +ACTIVITY=IDS Messages +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP, + DATETIME(TIMESTAMPEND, 'UNIXEPOCH') AS "TIMESTAMP END", + TOPIC AS "TOPIC", + PRIORITY AS "PRIORITY", + INCOMINGMESSAGES AS "INCOMING MESSAGES", + OUTGOINGMESSAGES AS "OUTGOING MESSAGES", + INCOMINGBYTES AS "INCOMING BYTES", + OUTGOINGBYTES AS "OUTGOING BYTES", + ID AS "PLIDENTITYSERVICESAGENT_EVENTINTERVAL_IDSMESSAGEPERIODIC TABLE ID" + FROM + PLIDENTITYSERVICESAGENT_EVENTINTERVAL_IDSMESSAGEPERIODIC \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_incallservice.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_incallservice.txt new file mode 100644 index 0000000..7703878 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_incallservice.txt @@ -0,0 +1,164 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Provides calling service details and status. + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS,MACOS +VERSIONS=9,10,11,12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=powerlog_incallserivice +ACTIVITY=In Call Service +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10,11,12,13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(INCALLSERVICE_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + BUNDLEID AS "BUNDLE ID", + KCALLSUBTYPE AS "KCALL SUB TYPE", + PROVIDERIDENTIFIER AS "PROVIDER IDENTIFIER", + STATUS, + VIDEO, + DATETIME(INCALLSERVICE_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_INCALLSERVICE_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + INCALLSERVICE_ID AS "PLXPCAGENT_EVENTFORWARD_INCALLSERVICE TABLE ID" + FROM + ( + SELECT + INCALLSERVICE_ID, + INCALLSERVICE_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + BUNDLEID, + KCALLSUBTYPE, + PROVIDERIDENTIFIER, + STATUS, + VIDEO, + SYSTEM + FROM + ( + SELECT + PLXPCAGENT_EVENTFORWARD_INCALLSERVICE.TIMESTAMP AS INCALLSERVICE_TIMESTAMP, + BUNDLEID, + KCALLSUBTYPE, + PROVIDERIDENTIFIER, + STATUS, + VIDEO, + PLXPCAGENT_EVENTFORWARD_INCALLSERVICE.ID AS "INCALLSERVICE_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLXPCAGENT_EVENTFORWARD_INCALLSERVICE + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + WHERE + INCALLSERVICE_TIMESTAMP > TIME_OFFSET_TIMESTAMP + ) + AS INCALLSERVICE_STATE + GROUP BY + INCALLSERVICE_ID + ) + +[SQL Query 9] +QUERY= + SELECT + DATETIME(INCALLSERVICE_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + BUNDLEID AS "BUNDLE ID", + STATUS, + DATETIME(INCALLSERVICE_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_INCALLSERVICE_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + INCALLSERVICE_ID AS "PLXPCAGENT_EVENTFORWARD_INCALLSERVICE TABLE ID" + FROM + ( + SELECT + INCALLSERVICE_ID, + INCALLSERVICE_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + BUNDLEID, + STATUS, + SYSTEM + FROM + ( + SELECT + PLXPCAGENT_EVENTFORWARD_INCALLSERVICE.TIMESTAMP AS INCALLSERVICE_TIMESTAMP, + BUNDLEID, + STATUS, + PLXPCAGENT_EVENTFORWARD_INCALLSERVICE.ID AS "INCALLSERVICE_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLXPCAGENT_EVENTFORWARD_INCALLSERVICE + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + WHERE + INCALLSERVICE_TIMESTAMP > TIME_OFFSET_TIMESTAMP + ) + AS INCALLSERVICE_STATE + GROUP BY + INCALLSERVICE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_kernel_task_monitor.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_kernel_task_monitor.txt new file mode 100644 index 0000000..60d35bc --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_kernel_task_monitor.txt @@ -0,0 +1,116 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Kernel Task Monitor + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS,IOS +VERSIONS=10.14,10.15,10.16,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_kernel_task_monitor +ACTIVITY=Kernel Task Monitor +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.14,10.15,10.16,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + DATETIME(TIMESTAMPEND + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_END_TIMESTAMP, + THREADNAME AS 'THREAD NAME', + CPUTIME AS 'CPU TIME', + THREADID AS 'THREAD ID', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLPROCESSMONITORAGENT_EVENTINTERVAL_KERNELTASKMONITOR TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + TIMESTAMPEND, + CPUTIME, + THREADID, + THREADNAME, + SYSTEM + FROM + ( + SELECT + PLPROCESSMONITORAGENT_EVENTINTERVAL_KERNELTASKMONITOR.TIMESTAMP, + PLPROCESSMONITORAGENT_EVENTINTERVAL_KERNELTASKMONITOR.TIMESTAMPEND, + PLPROCESSMONITORAGENT_EVENTINTERVAL_KERNELTASKMONITOR.CPUTIME, + PLPROCESSMONITORAGENT_EVENTINTERVAL_KERNELTASKMONITOR.THREADID, + PLPROCESSMONITORAGENT_EVENTINTERVAL_KERNELTASKMONITOR.THREADNAME, + PLPROCESSMONITORAGENT_EVENTINTERVAL_KERNELTASKMONITOR.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLPROCESSMONITORAGENT_EVENTINTERVAL_KERNELTASKMONITOR + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_lightning_connector_status.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_lightning_connector_status.txt new file mode 100644 index 0000000..cbc2378 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_lightning_connector_status.txt @@ -0,0 +1,111 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Lightning Connector Status/Power Mode + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_lightnining_connector_status +ACTIVITY=Lightning Connector Status +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10,11,12,13,14] +QUERY= + SELECT + DATETIME(LIGHTNINGCONNECTOR_TIMESTAMP + SYSTEM, 'UNIXEPOCH','LOCALTIME') AS ADJUSTED_TIMESTAMP, + CASE IOACCESSORYPOWERMODE + WHEN "1" THEN "UNPLUGGED" + WHEN "3" THEN "PLUGGED IN" + END AS "IO ACCESSORY POWER MODE", + DATETIME(LIGHTNINGCONNECTOR_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_LIGHTNINGCONNECTOR_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + LIGHTNINGCONNECTOR_ID AS "PLBATTERYAGENT_EVENTFORWARD_LIGHTNINGCONNECTORSTATUS TABLE ID" + FROM + ( + SELECT + LIGHTNINGCONNECTOR_ID, + LIGHTNINGCONNECTOR_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + IOACCESSORYPOWERMODE, + SYSTEM + FROM + ( + SELECT + PLBATTERYAGENT_EVENTFORWARD_LIGHTNINGCONNECTORSTATUS.TIMESTAMP AS LIGHTNINGCONNECTOR_TIMESTAMP, + IOACCESSORYPOWERMODE, + PLBATTERYAGENT_EVENTFORWARD_LIGHTNINGCONNECTORSTATUS.ID AS "LIGHTNINGCONNECTOR_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLBATTERYAGENT_EVENTFORWARD_LIGHTNINGCONNECTORSTATUS + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS LIGHTNINGCONNECTOR_STATE + GROUP BY + LIGHTNINGCONNECTOR_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_lightnining_connector_status.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_lightnining_connector_status.txt new file mode 100644 index 0000000..2b9a131 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_lightnining_connector_status.txt @@ -0,0 +1,111 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Lightning Connector Status/Power Mode + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=10,11,12,13 + +[Query Metadata] +QUERY_NAME=powerlog_lightnining_connector_status +ACTIVITY=Lightning Connector Status +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10,11,12,13] +QUERY= + SELECT + DATETIME(LIGHTNINGCONNECTOR_TIMESTAMP + SYSTEM, 'UNIXEPOCH','LOCALTIME') AS ADJUSTED_TIMESTAMP, + CASE IOACCESSORYPOWERMODE + WHEN "1" THEN "UNPLUGGED" + WHEN "3" THEN "PLUGGED IN" + END AS "IO ACCESSORY POWER MODE", + DATETIME(LIGHTNINGCONNECTOR_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_LIGHTNINGCONNECTOR_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + LIGHTNINGCONNECTOR_ID AS "PLBATTERYAGENT_EVENTFORWARD_LIGHTNINGCONNECTORSTATUS TABLE ID" + FROM + ( + SELECT + LIGHTNINGCONNECTOR_ID, + LIGHTNINGCONNECTOR_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + IOACCESSORYPOWERMODE, + SYSTEM + FROM + ( + SELECT + PLBATTERYAGENT_EVENTFORWARD_LIGHTNINGCONNECTORSTATUS.TIMESTAMP AS LIGHTNINGCONNECTOR_TIMESTAMP, + IOACCESSORYPOWERMODE, + PLBATTERYAGENT_EVENTFORWARD_LIGHTNINGCONNECTORSTATUS.ID AS "LIGHTNINGCONNECTOR_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLBATTERYAGENT_EVENTFORWARD_LIGHTNINGCONNECTORSTATUS + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS LIGHTNINGCONNECTOR_STATE + GROUP BY + LIGHTNINGCONNECTOR_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_linear_brightness.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_linear_brightness.txt new file mode 100644 index 0000000..c584f8f --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_linear_brightness.txt @@ -0,0 +1,125 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Display Brightness + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS +VERSIONS=10.15,10.16 + +[Query Metadata] +QUERY_NAME=powerlog_linear_brightness +ACTIVITY=Linear Brightness +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + USERBRIGHTNESS AS 'USER BRIGHTNESS', + AUTOBRIGHTNESSENABLED AS 'AUTOBRIGHTNESS ENABLED', + CHANGEREASON AS 'CHANGE REASON', + DYNAMICSLIDERFACTOR AS 'DYNAMIC SLIDER FACTOR', + LINEARBRIGHTNESS AS 'LINEAR BRIGHTNESS', + LINEARBRIGHTNESSDYNAMICSLIDER AS 'LINEAR BRIGHTNESS DYNAMIC SLIDER', + MAGSAFEREDUCTIONFACTOR AS 'MAGSAFE REDUCTION FACTOR', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLDISPLAYAGENT_EVENTFORWARD_LINEARBRIGHTNESS TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + USERBRIGHTNESS, + AUTOBRIGHTNESSENABLED, + CHANGEREASON, + DYNAMICSLIDERFACTOR, + LINEARBRIGHTNESS, + LINEARBRIGHTNESSDYNAMICSLIDER, + MAGSAFEREDUCTIONFACTOR, + SYSTEM + FROM + ( + SELECT + PLDISPLAYAGENT_EVENTFORWARD_LINEARBRIGHTNESS.TIMESTAMP, + PLDISPLAYAGENT_EVENTFORWARD_LINEARBRIGHTNESS.USERBRIGHTNESS, + PLDISPLAYAGENT_EVENTFORWARD_LINEARBRIGHTNESS.AUTOBRIGHTNESSENABLED, + PLDISPLAYAGENT_EVENTFORWARD_LINEARBRIGHTNESS.CHANGEREASON, + PLDISPLAYAGENT_EVENTFORWARD_LINEARBRIGHTNESS.DYNAMICSLIDERFACTOR, + PLDISPLAYAGENT_EVENTFORWARD_LINEARBRIGHTNESS.LINEARBRIGHTNESS, + PLDISPLAYAGENT_EVENTFORWARD_LINEARBRIGHTNESS.LINEARBRIGHTNESSDYNAMICSLIDER, + PLDISPLAYAGENT_EVENTFORWARD_LINEARBRIGHTNESS.MAGSAFEREDUCTIONFACTOR, + PLDISPLAYAGENT_EVENTFORWARD_LINEARBRIGHTNESS.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLDISPLAYAGENT_EVENTFORWARD_LINEARBRIGHTNESS + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_location_client_status.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_location_client_status.txt new file mode 100644 index 0000000..5a8f723 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_location_client_status.txt @@ -0,0 +1,128 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Location Usage by App/Process Client + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS,MACOS +VERSIONS=9,10,11,12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=powerlog_location_client_status +ACTIVITY=App Location Usage +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(LOCATIONAGENT_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + DATETIME(TIMESTAMPLOGGED+ SYSTEM, 'UNIXEPOCH') AS "TIMESTAMP LOGGED (ADJ)", + DATETIME(TIMESTAMPEND + SYSTEM, 'UNIXEPOCH') AS "TIMESTAMP END (ADJ)", + BUNDLEID AS "BUNDLE ID", + TYPE AS "TYPE", + LOCATIONDESIREDACCURACY AS "LOCATION DESIRED ACCURACY", + LOCATIONDISTANCEFILTER AS "LOCATION DISTANCE FILTER", + CLIENT AS "CLIENT", + EXECUTABLE AS "EXECUTABLE", + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + LOCATIONAGENT_ID AS "PLLOCATIONAGENT_EVENTFORWARD_CLIENTSTATUS TABLE ID" + FROM + ( + SELECT + LOCATIONAGENT_ID, + LOCATIONAGENT_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + TIMESTAMPEND, + TIMESTAMPLOGGED, + BUNDLEID, + TYPE, + LOCATIONDESIREDACCURACY, + LOCATIONDISTANCEFILTER, + CLIENT, + EXECUTABLE, + SYSTEM + FROM + ( + SELECT + PLLOCATIONAGENT_EVENTFORWARD_CLIENTSTATUS.TIMESTAMP AS LOCATIONAGENT_TIMESTAMP, + TIMESTAMPEND, + TIMESTAMPLOGGED, + BUNDLEID, + TYPE, + LOCATIONDESIREDACCURACY, + LOCATIONDISTANCEFILTER, + CLIENT, + EXECUTABLE, + PLLOCATIONAGENT_EVENTFORWARD_CLIENTSTATUS.ID AS "LOCATIONAGENT_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLLOCATIONAGENT_EVENTFORWARD_CLIENTSTATUS + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS LOCATIONAGENT_STATE + GROUP BY + LOCATIONAGENT_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_location_tech_status.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_location_tech_status.txt new file mode 100644 index 0000000..69e1142 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_location_tech_status.txt @@ -0,0 +1,200 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Technology used to determine location. + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS,MACOS +VERSIONS=9,10,11,12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=powerlog_location_tech_status +ACTIVITY=Location Technology +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 11,12,13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(LOCATIONTECH_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + ACCESSORY AS "ACCESSORY", + CELL AS "CELL", + GPS AS "GPS", + GPS_COARSE AS "GPS COARSE", + LAC AS "LAC", + MCC AS "MCC", + NMEA AS "NMEA", + PIPELINE AS "PIPELINE", + SKYHOOK AS "SKYHOOK", + WIFI AS "WIFI", + WIFI2 AS "WIFI2", + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + LOCATIONTECH_ID AS "PLLOCATIONAGENT_EVENTFORWARD_TECHSTATUS TABLE ID" + FROM + ( + SELECT + LOCATIONTECH_ID, + LOCATIONTECH_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + ACCESSORY, + CELL, + GPS, + GPS_COARSE, + LAC, + MCC, + NMEA, + PIPELINE, + SKYHOOK, + WIFI, + WIFI2, + SYSTEM + FROM + ( + SELECT + PLLOCATIONAGENT_EVENTFORWARD_TECHSTATUS.TIMESTAMP AS LOCATIONTECH_TIMESTAMP, + ACCESSORY, + CELL, + GPS, + GPS_COARSE, + LAC, + MCC, + NMEA, + PIPELINE, + SKYHOOK, + WIFI, + WIFI2, + PLLOCATIONAGENT_EVENTFORWARD_TECHSTATUS.ID AS "LOCATIONTECH_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLLOCATIONAGENT_EVENTFORWARD_TECHSTATUS + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS LOCATIONTECH_STATE + GROUP BY + LOCATIONTECH_ID + ) + +[SQL Query 9,10] +QUERY= + SELECT + DATETIME(LOCATIONTECH_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + ACCESSORY AS "ACCESSORY", + CELL AS "CELL", + GPS AS "GPS", + GPS_COARSE AS "GPS COARSE", + LAC AS "LAC", + MCC AS "MCC", + NMEA AS "NMEA", + PIPELINE AS "PIPELINE", + SKYHOOK AS "SKYHOOK", + WIFI AS "WIFI", + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + LOCATIONTECH_ID AS "PLLOCATIONAGENT_EVENTFORWARD_TECHSTATUS TABLE ID" + FROM + ( + SELECT + LOCATIONTECH_ID, + LOCATIONTECH_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + ACCESSORY, + CELL, + GPS, + GPS_COARSE, + LAC, + MCC, + NMEA, + PIPELINE, + SKYHOOK, + WIFI, + SYSTEM + FROM + ( + SELECT + PLLOCATIONAGENT_EVENTFORWARD_TECHSTATUS.TIMESTAMP AS LOCATIONTECH_TIMESTAMP, + ACCESSORY, + CELL, + GPS, + GPS_COARSE, + LAC, + MCC, + NMEA, + PIPELINE, + SKYHOOK, + WIFI, + PLLOCATIONAGENT_EVENTFORWARD_TECHSTATUS.ID AS "LOCATIONTECH_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLLOCATIONAGENT_EVENTFORWARD_TECHSTATUS + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS LOCATIONTECH_STATE + GROUP BY + LOCATIONTECH_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_mobilebackup.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_mobilebackup.txt new file mode 100644 index 0000000..51037ee --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_mobilebackup.txt @@ -0,0 +1,84 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Mobile Backup Status + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_mobilebackup +ACTIVITY=Mobile Backup Status +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP, + DATETIME(START, 'UNIXEPOCH') AS "START", + DATETIME(END, 'UNIXEPOCH') AS "END", + STATE AS "STATE", + FINISHED AS "FINISHED", + HASERROR AS "HAS ERROR", + ID AS "PLXPCAGENT_EVENTPOINT_MOBILEBACKUPEVENTS TABLE ID" + FROM + PLXPCAGENT_EVENTPOINT_MOBILEBACKUPEVENTS \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_network_usage.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_network_usage.txt new file mode 100644 index 0000000..fee2055 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_network_usage.txt @@ -0,0 +1,113 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=UNKNOWN?? + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS,IOS +VERSIONS=10.14,10.15,10.16,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_network_usage +ACTIVITY=Network Usage +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.14,10.15,10.16,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + INTERFACE AS 'INTERFACE', + DOWNBYTES AS 'DOWN BYTES', + UPBYTES AS 'UP BYTES', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLNETWORKAGENT_EVENTBACKWARD_CUMULATIVENETWORKUSAGE TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + INTERFACE, + DOWNBYTES, + UPBYTES, + SYSTEM + FROM + ( + SELECT + PLNETWORKAGENT_EVENTBACKWARD_CUMULATIVENETWORKUSAGE.TIMESTAMP, + PLNETWORKAGENT_EVENTBACKWARD_CUMULATIVENETWORKUSAGE.INTERFACE, + PLNETWORKAGENT_EVENTBACKWARD_CUMULATIVENETWORKUSAGE.DOWNBYTES, + PLNETWORKAGENT_EVENTBACKWARD_CUMULATIVENETWORKUSAGE.UPBYTES, + PLNETWORKAGENT_EVENTBACKWARD_CUMULATIVENETWORKUSAGE.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLNETWORKAGENT_EVENTBACKWARD_CUMULATIVENETWORKUSAGE + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_paired_device_config.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_paired_device_config.txt new file mode 100644 index 0000000..6dce314 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_paired_device_config.txt @@ -0,0 +1,93 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Paired Device Config + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_paired_device_config +ACTIVITY=Paired Device Config +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10,11,12,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP, + BUILD, + DEVICE, + HWMODEL, + PAIRINGID AS "PAIRING ID", + ID AS "PLCONFIGAGENT_EVENTNONE_PAIREDDEVICECONFIG TABLE ID" + FROM + PLCONFIGAGENT_EVENTNONE_PAIREDDEVICECONFIG + +[SQL Query 9] +QUERY= + SELECT + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP, + BUILD, + DEVICE, + ID AS "PLCONFIGAGENT_EVENTNONE_PAIREDDEVICECONFIG TABLE ID" + FROM + PLCONFIGAGENT_EVENTNONE_PAIREDDEVICECONFIG \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_power_state.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_power_state.txt new file mode 100644 index 0000000..e58a1ad --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_power_state.txt @@ -0,0 +1,282 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Power State, Sleep/Wake Status + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS +VERSIONS=10.14,10.15,10.16 + +[Query Metadata] +QUERY_NAME=powerlog_power_state +ACTIVITY=Power State +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + DATETIME(TIMESTAMPLOGGED + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_LOGGED_TIMESTAMP, + UUID AS 'UUID', + REASON AS 'REASON', + REASONVALUE AS 'REASON VALUE', + WAKEREASON AS 'WAKE REASON', + SLEEPTRIGGERS AS 'SLEEP TRIGGERS', + STATE AS 'STATE', + EVENT AS 'EVENT', + DRIVERWAKEREASON, + CAPABILITIES AS 'CAPABILITIES', + CURRENTKERNELWAKETIME AS 'CURRENT KERNEL WAKE TIME', + DATETIME(KERNELSLEEPDATE, 'UNIXEPOCH') AS 'KERNEL SLEEP DATE', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + TIMESTAMPLOGGED, + CAPABILITIES, + CURRENTKERNELWAKETIME, + EVENT, + KERNELSLEEPDATE, + REASON, + SLEEPTRIGGERS, + STATE, + UUID, + DRIVERWAKEREASON, + REASONVALUE, + WAKEREASON, + SYSTEM + FROM + ( + SELECT + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.TIMESTAMP, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.TIMESTAMPLOGGED, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.CAPABILITIES, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.CURRENTKERNELWAKETIME, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.EVENT, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.KERNELSLEEPDATE, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.REASON, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.SLEEPTRIGGERS, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.STATE, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.UUID, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_DRIVERWAKEREASON.VALUE AS DRIVERWAKEREASON, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_REASON.VALUE AS REASONVALUE, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_WAKETYPE.VALUE AS WAKEREASON, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE + LEFT JOIN PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_REASON ON PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.ID == PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_REASON.FK_ID + LEFT JOIN PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_WAKETYPE ON PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.ID == PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_WAKETYPE.FK_ID + LEFT JOIN PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_DRIVERWAKEREASON ON PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.ID == PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_DRIVERWAKEREASON.FK_ID + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) + +[SQL Query 10.15] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + DATETIME(TIMESTAMPLOGGED + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_LOGGED_TIMESTAMP, + UUID AS 'UUID', + REASON AS 'REASON', + REASONVALUE AS 'REASON VALUE', + WAKEREASON AS 'WAKE REASON', + SLEEPTRIGGERS AS 'SLEEP TRIGGERS', + STATE AS 'STATE', + EVENT AS 'EVENT', + WAKETRIGGERSUBCLASS AS 'WAKE TRIGGER SUBCLASS', + CAPABILITIES AS 'CAPABILITIES', + CURRENTKERNELWAKETIME AS 'CURRENT KERNEL WAKE TIME', + DATETIME(KERNELSLEEPDATE, 'UNIXEPOCH') AS 'KERNEL SLEEP DATE', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + TIMESTAMPLOGGED, + CAPABILITIES, + CURRENTKERNELWAKETIME, + EVENT, + KERNELSLEEPDATE, + REASON, + SLEEPTRIGGERS, + STATE, + UUID, + WAKETRIGGERSUBCLASS, + REASONVALUE, + WAKEREASON, + SYSTEM + FROM + ( + SELECT + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.TIMESTAMP, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.TIMESTAMPLOGGED, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.CAPABILITIES, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.CURRENTKERNELWAKETIME, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.EVENT, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.KERNELSLEEPDATE, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.REASON, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.SLEEPTRIGGERS, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.STATE, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.UUID, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.WAKETRIGGERSUBCLASS, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_REASON.VALUE AS REASONVALUE, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_WAKETRIGGERSUBCLASS.VALUE AS WAKEREASON, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE + LEFT JOIN PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_REASON ON PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.ID == PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_REASON.FK_ID + LEFT JOIN PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_WAKETRIGGERSUBCLASS ON PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.ID == PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_WAKETRIGGERSUBCLASS.FK_ID + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) + +[SQL Query 10.14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + DATETIME(TIMESTAMPLOGGED + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_LOGGED_TIMESTAMP, + UUID AS 'UUID', + REASON AS 'REASON', + REASONVALUE AS 'REASON VALUE', + WAKEREASON AS 'WAKE REASON', + STATE AS 'STATE', + EVENT AS 'EVENT', + WAKETRIGGERSUBCLASS AS 'WAKE TRIGGER SUBCLASS', + CAPABILITIES AS 'CAPABILITIES', + CURRENTKERNELWAKETIME AS 'CURRENT KERNEL WAKE TIME', + DATETIME(KERNELSLEEPDATE, 'UNIXEPOCH') AS 'KERNEL SLEEP DATE', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + TIMESTAMPLOGGED, + CAPABILITIES, + CURRENTKERNELWAKETIME, + EVENT, + KERNELSLEEPDATE, + REASON, + STATE, + UUID, + WAKETRIGGERSUBCLASS, + REASONVALUE, + WAKEREASON, + SYSTEM + FROM + ( + SELECT + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.TIMESTAMP, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.TIMESTAMPLOGGED, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.CAPABILITIES, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.CURRENTKERNELWAKETIME, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.EVENT, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.KERNELSLEEPDATE, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.REASON, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.STATE, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.UUID, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.WAKETRIGGERSUBCLASS, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_REASON.VALUE AS REASONVALUE, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_WAKETRIGGERSUBCLASS.VALUE AS WAKEREASON, + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE + LEFT JOIN PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_REASON ON PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.ID == PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_REASON.FK_ID + LEFT JOIN PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_WAKETRIGGERSUBCLASS ON PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE.ID == PLSLEEPWAKEAGENT_EVENTFORWARD_POWERSTATE_ARRAY_WAKETRIGGERSUBCLASS.FK_ID + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_powernap.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_powernap.txt new file mode 100644 index 0000000..ff9b600 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_powernap.txt @@ -0,0 +1,110 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=PowerNap Configuration + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS +VERSIONS=10.15,10.16 + +[Query Metadata] +QUERY_NAME=powerlog_powernap +ACTIVITY=PowerNap +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + ACPOWER AS 'AC POWER', + BATTERYPOWER AS 'BATTERY POWER', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLSLEEPWAKEAGENT_EVENTNONE_POWERNAPCONFIG TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + ACPOWER, + BATTERYPOWER, + SYSTEM + FROM + ( + SELECT + PLSLEEPWAKEAGENT_EVENTNONE_POWERNAPCONFIG.TIMESTAMP, + PLSLEEPWAKEAGENT_EVENTNONE_POWERNAPCONFIG.ACPOWER, + PLSLEEPWAKEAGENT_EVENTNONE_POWERNAPCONFIG.BATTERYPOWER, + PLSLEEPWAKEAGENT_EVENTNONE_POWERNAPCONFIG.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLSLEEPWAKEAGENT_EVENTNONE_POWERNAPCONFIG + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_process_data_usage.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_process_data_usage.txt new file mode 100644 index 0000000..765fbc2 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_process_data_usage.txt @@ -0,0 +1,125 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Data Incoming/Outgoing to Devices + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS,MACOS +VERSIONS=9,10,11,12,13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=powerlog_process_data_usage +ACTIVITY=Process Data Usage +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + DATETIME(TIMESTAMPEND + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_END_TIMESTAMP, + BUNDLENAME AS 'BUNDLE ID', + PROCESSNAME AS 'PROCESS NAME', + CELLIN AS 'CELL IN', + CELLOUT AS 'CELL OUT', + WIFIIN AS 'WIFI IN', + WIFIOUT AS 'WIFI OUT', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLPROCESSNETWORKAGENT_EVENTINTERVAL_USAGEDIFF TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + TIMESTAMPEND, + BUNDLENAME, + PROCESSNAME, + CELLIN, + CELLOUT, + WIFIIN, + WIFIOUT, + SYSTEM + FROM + ( + SELECT + PLPROCESSNETWORKAGENT_EVENTINTERVAL_USAGEDIFF.TIMESTAMP, + PLPROCESSNETWORKAGENT_EVENTINTERVAL_USAGEDIFF.TIMESTAMPEND, + PLPROCESSNETWORKAGENT_EVENTINTERVAL_USAGEDIFF.BUNDLENAME, + PLPROCESSNETWORKAGENT_EVENTINTERVAL_USAGEDIFF.PROCESSNAME, + PLPROCESSNETWORKAGENT_EVENTINTERVAL_USAGEDIFF.CELLIN, + PLPROCESSNETWORKAGENT_EVENTINTERVAL_USAGEDIFF.CELLOUT, + PLPROCESSNETWORKAGENT_EVENTINTERVAL_USAGEDIFF.WIFIIN, + PLPROCESSNETWORKAGENT_EVENTINTERVAL_USAGEDIFF.WIFIOUT, + PLPROCESSNETWORKAGENT_EVENTINTERVAL_USAGEDIFF.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLPROCESSNETWORKAGENT_EVENTINTERVAL_USAGEDIFF + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_process_id.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_process_id.txt new file mode 100644 index 0000000..65d09a5 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_process_id.txt @@ -0,0 +1,116 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=App/Process Usage + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS,IOS +VERSIONS=10.14,10.15,10.16,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_process_id +ACTIVITY=Process ID +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.14,10.15,10.16,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + PROCESSNAME AS 'PROCESS NAME', + BUNDLEID AS 'BUNDLE ID', + COALITIONID AS 'COALITION ID', + PID AS 'PID', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLPROCESSMONITORAGENT_EVENTFORWARD_PROCESSID TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + BUNDLEID, + COALITIONID, + PID, + PROCESSNAME, + SYSTEM + FROM + ( + SELECT + PLPROCESSMONITORAGENT_EVENTFORWARD_PROCESSID.TIMESTAMP, + PLPROCESSMONITORAGENT_EVENTFORWARD_PROCESSID.BUNDLEID, + PLPROCESSMONITORAGENT_EVENTFORWARD_PROCESSID.COALITIONID, + PLPROCESSMONITORAGENT_EVENTFORWARD_PROCESSID.PID, + PLPROCESSMONITORAGENT_EVENTFORWARD_PROCESSID.PROCESSNAME, + PLPROCESSMONITORAGENT_EVENTFORWARD_PROCESSID.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLPROCESSMONITORAGENT_EVENTFORWARD_PROCESSID + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_process_monitor_dynamic.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_process_monitor_dynamic.txt new file mode 100644 index 0000000..2b6cc0d --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_process_monitor_dynamic.txt @@ -0,0 +1,120 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=App/Process Usage + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS,IOS +VERSIONS=10.14,10.15,10.16,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_process_monitor_dynamic +ACTIVITY=Process Monitor Dynamic +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.14,10.15,10.16,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + BUNDLEID AS 'BUNDLE ID', + PROCESSNAME AS 'PROCESS NAME', + PID AS 'PID', + VALUE AS 'VALUE', + UNIT AS 'UNIT', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLPROCESSMONITORAGENT_EVENTBACKWARD_PROCESSMONITOR_DYNAMIC TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + BUNDLEID, + PROCESSNAME, + PID, + UNIT, + VALUE, + SYSTEM + FROM + ( + SELECT + PLPROCESSMONITORAGENT_EVENTBACKWARD_PROCESSMONITOR.TIMESTAMP, + PLPROCESSMONITORAGENT_EVENTBACKWARD_PROCESSMONITOR_DYNAMIC.BUNDLEID, + PLPROCESSMONITORAGENT_EVENTBACKWARD_PROCESSMONITOR_DYNAMIC.PROCESSNAME, + PLPROCESSMONITORAGENT_EVENTBACKWARD_PROCESSMONITOR_DYNAMIC.PID, + PLPROCESSMONITORAGENT_EVENTBACKWARD_PROCESSMONITOR_DYNAMIC.UNIT, + PLPROCESSMONITORAGENT_EVENTBACKWARD_PROCESSMONITOR_DYNAMIC.VALUE, + PLPROCESSMONITORAGENT_EVENTBACKWARD_PROCESSMONITOR_DYNAMIC.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLPROCESSMONITORAGENT_EVENTBACKWARD_PROCESSMONITOR_DYNAMIC + LEFT JOIN PLPROCESSMONITORAGENT_EVENTBACKWARD_PROCESSMONITOR ON PLPROCESSMONITORAGENT_EVENTBACKWARD_PROCESSMONITOR_DYNAMIC.FK_ID = PLPROCESSMONITORAGENT_EVENTBACKWARD_PROCESSMONITOR.ID + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_push_message_received.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_push_message_received.txt new file mode 100644 index 0000000..a5fe1b1 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_push_message_received.txt @@ -0,0 +1,128 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Push Messages Received + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS,MACOS +VERSIONS=9,10,11,12,13.10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=powerlog_push_message_received +ACTIVITY=Push Message Received +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + BUNDLEID AS 'BUNDLE ID', + CONNECTIONTYPE AS 'CONNECTION TYPE', + ISDROPPED AS 'IS DROPPED', + LINKQUALITY AS 'LINK QUALITY', + PRIORITY AS 'PRIORITY', + TOPIC AS 'TOPIC', + SERVERHOSTNAME AS 'SERVERHOSTNAME', + SERVERIP AS 'SERVER IP', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLPUSHAGENT_EVENTPOINT_RECEIVEDPUSH TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + BUNDLEID, + CONNECTIONTYPE, + ISDROPPED, + LINKQUALITY, + PRIORITY, + TOPIC, + SERVERHOSTNAME, + SERVERIP, + SYSTEM + FROM + ( + SELECT + PLPUSHAGENT_EVENTPOINT_RECEIVEDPUSH.TIMESTAMP, + PLPUSHAGENT_EVENTPOINT_RECEIVEDPUSH.BUNDLEID, + PLPUSHAGENT_EVENTPOINT_RECEIVEDPUSH.CONNECTIONTYPE, + PLPUSHAGENT_EVENTPOINT_RECEIVEDPUSH.ISDROPPED, + PLPUSHAGENT_EVENTPOINT_RECEIVEDPUSH.LINKQUALITY, + PLPUSHAGENT_EVENTPOINT_RECEIVEDPUSH.PRIORITY, + PLPUSHAGENT_EVENTPOINT_RECEIVEDPUSH.TOPIC, + PLPUSHAGENT_EVENTPOINT_RECEIVEDPUSH.SERVERHOSTNAME, + PLPUSHAGENT_EVENTPOINT_RECEIVEDPUSH.SERVERIP, + PLPUSHAGENT_EVENTPOINT_RECEIVEDPUSH.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLPUSHAGENT_EVENTPOINT_RECEIVEDPUSH + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_rapport_received_message.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_rapport_received_message.txt new file mode 100644 index 0000000..8c43e60 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_rapport_received_message.txt @@ -0,0 +1,128 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Rapport Received Messages + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS,IOS +VERSIONS=10.15,10.16,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_rapport_received_message +ACTIVITY=Rapport Received Message +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + DATETIME(TIMESTAMPEND + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_END_TIMESTAMP, + APPID AS 'APP ID', + BYTES AS 'BYTES', + IDENTIFIER AS 'IDENTIFIER', + LINKTYPE AS 'LINK TYPE', + MESSAGES AS 'MESSAGES', + SENDERID AS 'SENDER ID', + TYPE AS 'TYPE', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLXPCAGENT_EVENTINTERVAL_RAPPORTRECEIVEDMESSAGE TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + TIMESTAMPEND, + APPID, + BYTES, + IDENTIFIER, + LINKTYPE, + MESSAGES, + SENDERID, + TYPE, + SYSTEM + FROM + ( + SELECT + PLXPCAGENT_EVENTINTERVAL_RAPPORTRECEIVEDMESSAGE.TIMESTAMP, + PLXPCAGENT_EVENTINTERVAL_RAPPORTRECEIVEDMESSAGE.TIMESTAMPEND, + PLXPCAGENT_EVENTINTERVAL_RAPPORTRECEIVEDMESSAGE.APPID, + PLXPCAGENT_EVENTINTERVAL_RAPPORTRECEIVEDMESSAGE.BYTES, + PLXPCAGENT_EVENTINTERVAL_RAPPORTRECEIVEDMESSAGE.IDENTIFIER, + PLXPCAGENT_EVENTINTERVAL_RAPPORTRECEIVEDMESSAGE.LINKTYPE, + PLXPCAGENT_EVENTINTERVAL_RAPPORTRECEIVEDMESSAGE.MESSAGES, + PLXPCAGENT_EVENTINTERVAL_RAPPORTRECEIVEDMESSAGE.SENDERID, + PLXPCAGENT_EVENTINTERVAL_RAPPORTRECEIVEDMESSAGE.TYPE, + PLXPCAGENT_EVENTINTERVAL_RAPPORTRECEIVEDMESSAGE.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLXPCAGENT_EVENTINTERVAL_RAPPORTRECEIVEDMESSAGE + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_scheduled_wake_events.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_scheduled_wake_events.txt new file mode 100644 index 0000000..ddcfac1 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_scheduled_wake_events.txt @@ -0,0 +1,113 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Scheduled Wake Event + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS +VERSIONS=10.15,10.16 + +[Query Metadata] +QUERY_NAME=powerlog_scheduled_wake_events +ACTIVITY=Scheduled Wake Event +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + APPNAME AS 'APP NAME', + EVENTTIME AS 'EVENT TIME', + TYPE AS 'TYPE', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLSCHEDULEDWAKEAGENT_EVENTFORWARD_SCHEDULEDEVENT TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + APPNAME, + EVENTTIME, + TYPE, + SYSTEM + FROM + ( + SELECT + PLSCHEDULEDWAKEAGENT_EVENTFORWARD_SCHEDULEDEVENT.TIMESTAMP, + PLSCHEDULEDWAKEAGENT_EVENTFORWARD_SCHEDULEDEVENT.APPNAME, + PLSCHEDULEDWAKEAGENT_EVENTFORWARD_SCHEDULEDEVENT.EVENTTIME, + PLSCHEDULEDWAKEAGENT_EVENTFORWARD_SCHEDULEDEVENT.TYPE, + PLSCHEDULEDWAKEAGENT_EVENTFORWARD_SCHEDULEDEVENT.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLSCHEDULEDWAKEAGENT_EVENTFORWARD_SCHEDULEDEVENT + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_springboard_aggregate_bulletins.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_springboard_aggregate_bulletins.txt new file mode 100644 index 0000000..05dd5fb --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_springboard_aggregate_bulletins.txt @@ -0,0 +1,83 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Springboard Aggregate Bulletins + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_springboard_aggregate_bulletins +ACTIVITY=Springboard Aggregate Bulletins +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10,11,12,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP, + BULLETINBUNDLEID AS "BULLETIN BUNDLE ID", + TIMEINTERVAL / 60 AS "TIME INTERVAL IN SECONDS", + COUNT AS "COUNT", + POSTTYPE AS "POST TYPE", + ID AS "PLSPRINGBOARDAGENT_AGGREGATE_SBBULLETINS_AGGREGATE TABLE ID" + FROM + PLSPRINGBOARDAGENT_AGGREGATE_SBBULLETINS_AGGREGATE \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_springboard_aggregate_notifications.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_springboard_aggregate_notifications.txt new file mode 100644 index 0000000..3de8330 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_springboard_aggregate_notifications.txt @@ -0,0 +1,83 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Springboard Aggregate Notifications + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_springboard_aggregate_notifications +ACTIVITY=Springboard Aggregate Notifications +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10,11,12,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP, + NOTIFICATIONBUNDLEID AS "BULLETIN BUNDLE ID", + TIMEINTERVAL / 60 AS "TIME INTERVAL IN SECONDS", + COUNT AS "COUNT", + NOTIFICATIONTYPE AS "NOTIFICATION TYPE", + ID AS "PLSPRINGBOARDAGENT_AGGREGATE_SBNOTIFICATIONS_AGGREGATE TABLE ID" + FROM + PLSPRINGBOARDAGENT_AGGREGATE_SBNOTIFICATIONS_AGGREGATE \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_timezone.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_timezone.txt new file mode 100644 index 0000000..9cb33ef --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_timezone.txt @@ -0,0 +1,122 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Keeping track of the timezone. + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS,MACOS +VERSIONS=9,10,11,12,13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=powerlog_timezone +ACTIVITY=Timezone +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(TIMEZONE_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + TIMEZONENAME AS "TIME ZONE NAME", + COUNTRYCODE AS "COUNTRY CODE", + LOCALEID AS "LOCALE ID", + SECONDSFROMGMT / 3600 AS "SECONDS FROM GMT", + TIMEZONEISINDST AS "TIME ZONE IN DST", + TRIGGER AS "TRIGGER", + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TIMEZONE_ID AS "PLLOCALEAGENT_EVENTFORWARD_TIMEZONE TABLE ID" + FROM + ( + SELECT + TIMEZONE_ID, + TIMEZONE_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + TIMEZONENAME, + COUNTRYCODE, + LOCALEID, + SECONDSFROMGMT, + TIMEZONEISINDST, + TRIGGER, + SYSTEM + FROM + ( + SELECT + PLLOCALEAGENT_EVENTFORWARD_TIMEZONE.TIMESTAMP AS TIMEZONE_TIMESTAMP, + TIMEZONENAME, + COUNTRYCODE, + LOCALEID, + SECONDSFROMGMT, + TIMEZONEISINDST, + TRIGGER, + PLLOCALEAGENT_EVENTFORWARD_TIMEZONE.ID AS "TIMEZONE_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLLOCALEAGENT_EVENTFORWARD_TIMEZONE + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS TIMEZONE_STATE + GROUP BY + TIMEZONE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_torch_state.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_torch_state.txt new file mode 100644 index 0000000..4a0a7bc --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_torch_state.txt @@ -0,0 +1,115 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Determine when the flashlight/torch wAS turned on/off and how (com.apple.springboard in the Bundle ID is using the control center). + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_torch_state +ACTIVITY=Torch/Flashlight State +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(TORCH_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + BUNDLEID AS BUNDLE_ID, + CASE LEVEL + WHEN "0" THEN "OFF" + WHEN "1" THEN "ON" + END AS STATUS, + DATETIME(TORCH_TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TORCH_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TORCH_ID + FROM + ( + SELECT + BUNDLEID, + TORCH_ID, + TORCH_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + SYSTEM, + LEVEL + FROM + ( + SELECT + PLCAMERAAGENT_EVENTFORWARD_TORCH.TIMESTAMP AS TORCH_TIMESTAMP, + PLCAMERAAGENT_EVENTFORWARD_TORCH.BUNDLEID, + PLCAMERAAGENT_EVENTFORWARD_TORCH.LEVEL, + PLCAMERAAGENT_EVENTFORWARD_TORCH.ID AS "TORCH_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM, + BUNDLEID + FROM + PLCAMERAAGENT_EVENTFORWARD_TORCH + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS TORCHESTATE + GROUP BY + TORCH_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_user_idle.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_user_idle.txt new file mode 100644 index 0000000..25e3c12 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_user_idle.txt @@ -0,0 +1,110 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=User is idle for at least 5 minutes + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS +VERSIONS=10.15,10.16 + +[Query Metadata] +QUERY_NAME=powerlog_user_idle +ACTIVITY=User Idle Status +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + CASE IDLE + WHEN 0 THEN "USER IS BACK" + WHEN 1 THEN "USER IS IDLE" + END AS 'IDLE', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLSLEEPWAKEAGENT_EVENTFORWARD_USERIDLE TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + IDLE, + SYSTEM + FROM + ( + SELECT + PLSLEEPWAKEAGENT_EVENTFORWARD_USERIDLE.TIMESTAMP, + PLSLEEPWAKEAGENT_EVENTFORWARD_USERIDLE.IDLE, + PLSLEEPWAKEAGENT_EVENTFORWARD_USERIDLE.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLSLEEPWAKEAGENT_EVENTFORWARD_USERIDLE + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_video.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_video.txt new file mode 100644 index 0000000..defe22b --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_video.txt @@ -0,0 +1,113 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Which app is playing a video. + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS,MACOS +VERSIONS=9,10,11,12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=powerlog_video +ACTIVITY=App Usage Video +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(VIDEO_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + CLIENTDISPLAYID AS "CLIENT DISPLAY ID", + STATE, + CLIENTPID AS "CLIENT PID", + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + VIDEO_ID AS "PLVIDEOAGENT_EVENTFORWARD_VIDEO TABLE ID" + FROM + ( + SELECT + VIDEO_ID, + VIDEO_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + CLIENTDISPLAYID, + STATE, + CLIENTPID, + SYSTEM + FROM + ( + SELECT + PLVIDEOAGENT_EVENTFORWARD_VIDEO.TIMESTAMP AS VIDEO_TIMESTAMP, + CLIENTDISPLAYID, + STATE, + CLIENTPID, + PLVIDEOAGENT_EVENTFORWARD_VIDEO.ID AS "VIDEO_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLVIDEOAGENT_EVENTFORWARD_VIDEO + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS VIDEO_STATE + GROUP BY + VIDEO_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_video_cmfile.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_video_cmfile.txt new file mode 100644 index 0000000..e213959 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_video_cmfile.txt @@ -0,0 +1,119 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Video CM File + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS,IOS +VERSIONS=10.15,10.16,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_video_cmfile +ACTIVITY=Video CM File +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + AUON AS 'AU ON', + PLAYTIMEWC AS 'PLAY TIME WC', + STALLCOUNT AS 'STALL COUNT', + TWIABR AS 'TWIABR', + LOGID AS 'LOG ID', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLVIDEOAGENT_EVENTBACKWARD_CMFILE TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + AUON, + PLAYTIMEWC, + STALLCOUNT, + TWIABR, + LOGID, + SYSTEM + FROM + ( + SELECT + PLVIDEOAGENT_EVENTBACKWARD_CMFILE.TIMESTAMP, + PLVIDEOAGENT_EVENTBACKWARD_CMFILE.AUON, + PLVIDEOAGENT_EVENTBACKWARD_CMFILE.PLAYTIMEWC, + PLVIDEOAGENT_EVENTBACKWARD_CMFILE.STALLCOUNT, + PLVIDEOAGENT_EVENTBACKWARD_CMFILE.TWIABR, + PLVIDEOAGENT_EVENTBACKWARD_CMFILE.LOGID, + PLVIDEOAGENT_EVENTBACKWARD_CMFILE.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLVIDEOAGENT_EVENTBACKWARD_CMFILE + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_video_cmhls.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_video_cmhls.txt new file mode 100644 index 0000000..2f9b6ae --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_video_cmhls.txt @@ -0,0 +1,125 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Video CMHls File + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS,IOS +VERSIONS=10.15,10.16,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_video_cmhls +ACTIVITY=Video CMHLS +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + AUON AS 'AU ON', + PLAYTIMEWC AS 'PLAY TIME WC', + TWIBR AS 'TWIBR', + IFTY AS 'IFTY', + TWOBR AS 'TWOBR', + TWVARK AS 'TWVARK', + LOGID AS 'LOG ID', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLVIDEOAGENT_EVENTBACKWARD_CMHLS TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + AUON, + PLAYTIMEWC, + TWIBR, + LOGID, + IFTY, + TWOBR, + TWVARK, + SYSTEM + FROM + ( + SELECT + PLVIDEOAGENT_EVENTBACKWARD_CMHLS.TIMESTAMP, + PLVIDEOAGENT_EVENTBACKWARD_CMHLS.AUON, + PLVIDEOAGENT_EVENTBACKWARD_CMHLS.PLAYTIMEWC, + PLVIDEOAGENT_EVENTBACKWARD_CMHLS.TWIBR, + PLVIDEOAGENT_EVENTBACKWARD_CMHLS.LOGID, + PLVIDEOAGENT_EVENTBACKWARD_CMHLS.IFTY, + PLVIDEOAGENT_EVENTBACKWARD_CMHLS.TWOBR, + PLVIDEOAGENT_EVENTBACKWARD_CMHLS.TWVARK, + PLVIDEOAGENT_EVENTBACKWARD_CMHLS.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLVIDEOAGENT_EVENTBACKWARD_CMHLS + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_video_vtsession.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_video_vtsession.txt new file mode 100644 index 0000000..ef4e09b --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_video_vtsession.txt @@ -0,0 +1,131 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Video Session Information + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS,IOS +VERSIONS=10.15,10.16,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_video_vtsession +ACTIVITY=Video VT Session +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16,13,14] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + ISHDR AS 'IS HDR', + LOGID AS 'LOG ID', + NUMFRAMESDECODED AS 'NUM FRAMES DECODED', + NUMFRAMESDROPPED AS 'NUM FRAMES DROPPED', + PROCESSID AS 'PROCESS ID', + RESHEIGHT AS 'RES HEIGHT', + RESWIDTH AS 'RES WIDTH', + SESSIONDURATION AS 'SESSION DURATION', + VIDEOCODECTYPE AS 'VIDEO CODEC TYPE', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLVIDEOAGENT_EVENTBACKWARD_VTSESSION TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + ISHDR, + LOGID, + NUMFRAMESDECODED, + NUMFRAMESDROPPED, + PROCESSID, + RESHEIGHT, + RESWIDTH, + SESSIONDURATION, + VIDEOCODECTYPE, + SYSTEM + FROM + ( + SELECT + PLVIDEOAGENT_EVENTBACKWARD_VTSESSION.TIMESTAMP, + PLVIDEOAGENT_EVENTBACKWARD_VTSESSION.ISHDR, + PLVIDEOAGENT_EVENTBACKWARD_VTSESSION.LOGID, + PLVIDEOAGENT_EVENTBACKWARD_VTSESSION.NUMFRAMESDECODED, + PLVIDEOAGENT_EVENTBACKWARD_VTSESSION.NUMFRAMESDROPPED, + PLVIDEOAGENT_EVENTBACKWARD_VTSESSION.PROCESSID, + PLVIDEOAGENT_EVENTBACKWARD_VTSESSION.RESHEIGHT, + PLVIDEOAGENT_EVENTBACKWARD_VTSESSION.RESWIDTH, + PLVIDEOAGENT_EVENTBACKWARD_VTSESSION.SESSIONDURATION, + PLVIDEOAGENT_EVENTBACKWARD_VTSESSION.VIDEOCODECTYPE, + PLVIDEOAGENT_EVENTBACKWARD_VTSESSION.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLVIDEOAGENT_EVENTBACKWARD_VTSESSION + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_wallet_card.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_wallet_card.txt new file mode 100644 index 0000000..e0080c2 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_wallet_card.txt @@ -0,0 +1,107 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Wallet Authorized Status + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_wallet_card +ACTIVITY=Wallet Card +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(WALLETCARD_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + AUTHORIZEDSTATUS AS "AUTHORIZED STATUS", + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + WALLETCARD_ID AS "PLNFCAGENT_EVENTFORWARD_CARD TABLE ID" + FROM + ( + SELECT + WALLETCARD_ID, + WALLETCARD_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + AUTHORIZEDSTATUS, + SYSTEM + FROM + ( + SELECT + PLNFCAGENT_EVENTFORWARD_CARD.TIMESTAMP AS WALLETCARD_TIMESTAMP, + AUTHORIZEDSTATUS, + PLNFCAGENT_EVENTFORWARD_CARD.ID AS "WALLETCARD_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLNFCAGENT_EVENTFORWARD_CARD + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS WALLETCARD_STATE + GROUP BY + WALLETCARD_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_wallet_transaction.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_wallet_transaction.txt new file mode 100644 index 0000000..cb03b1d --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_wallet_transaction.txt @@ -0,0 +1,107 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Wallet transaction status + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_wallet_transaction +ACTIVITY=Wallet Transaction +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(WALLETTRANSACTION_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + STATUS, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + WALLETTRANSACTION_ID AS "PLNFCAGENT_EVENTFORWARD_TRANSACTION TABLE ID" + FROM + ( + SELECT + WALLETTRANSACTION_ID, + WALLETTRANSACTION_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + STATUS, + SYSTEM + FROM + ( + SELECT + PLNFCAGENT_EVENTFORWARD_TRANSACTION.TIMESTAMP AS WALLETTRANSACTION_TIMESTAMP, + STATUS, + PLNFCAGENT_EVENTFORWARD_TRANSACTION.ID AS "WALLETTRANSACTION_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLNFCAGENT_EVENTFORWARD_TRANSACTION + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS WALLETTRANSACTION_STATE + GROUP BY + WALLETTRANSACTION_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_wifi_power_state.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_wifi_power_state.txt new file mode 100644 index 0000000..6126f27 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_wifi_power_state.txt @@ -0,0 +1,107 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=WiFi Power State + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS +VERSIONS=10.14,10.15,10.16 + +[Query Metadata] +QUERY_NAME=powerlog_wifi_power_state +ACTIVITY=WiFi Power State +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.14,10.15,10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + POWERON AS 'POWER ON', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLWIFIAGENT_EVENTFORWARD_POWERSTATE TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + POWERON, + SYSTEM + FROM + ( + SELECT + PLWIFIAGENT_EVENTFORWARD_POWERSTATE.TIMESTAMP, + PLWIFIAGENT_EVENTFORWARD_POWERSTATE.POWERON, + PLWIFIAGENT_EVENTFORWARD_POWERSTATE.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLWIFIAGENT_EVENTFORWARD_POWERSTATE + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_wifi_properties.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_wifi_properties.txt new file mode 100644 index 0000000..b2b60dc --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_wifi_properties.txt @@ -0,0 +1,110 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Wi-Fi network connections + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=IOS +VERSIONS=9,10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=powerlog_wifi_properties +ACTIVITY=WiFi Connection +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 9,10,11,12,13,14] +QUERY= + SELECT + DATETIME(WIFIPROPERTIES_TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + CURRENTSSID, + CURRENTCHANNEL, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + WIFIPROPERTIES_ID AS "PLWIFIAGENT_EVENTBACKWARD_CUMULATIVEPROPERTIES TABLE ID" + FROM + ( + SELECT + WIFIPROPERTIES_ID, + WIFIPROPERTIES_TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + CURRENTSSID, + CURRENTCHANNEL, + SYSTEM + FROM + ( + SELECT + PLWIFIAGENT_EVENTBACKWARD_CUMULATIVEPROPERTIES.TIMESTAMP AS WIFIPROPERTIES_TIMESTAMP, + CURRENTSSID, + CURRENTCHANNEL, + PLWIFIAGENT_EVENTBACKWARD_CUMULATIVEPROPERTIES.ID AS "WIFIPROPERTIES_ID" , + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLWIFIAGENT_EVENTBACKWARD_CUMULATIVEPROPERTIES + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + AS WIFIPROPERTIES_STATE + GROUP BY + WIFIPROPERTIES_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/powerlog_window_server_timeline.txt b/src/sysdiagnose/utils/apollo_modules/powerlog_window_server_timeline.txt new file mode 100644 index 0000000..40d7179 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/powerlog_window_server_timeline.txt @@ -0,0 +1,128 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Window Server Agent Data + +[Database Metadata] +DATABASE=CurrentPowerlog.PLSQL +PLATFORM=MACOS +VERSIONS=10.15,10.16 + +[Query Metadata] +QUERY_NAME=powerlog_window_server_timeline +ACTIVITY=Window Server Timeline +KEY_TIMESTAMP=ADJUSTED_TIMESTAMP + +[SQL Query 10.15,10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP, + DATETIME(TIMESTAMPLOGGED + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_LOGGED_TIMESTAMP, + SESSIONID AS 'SESSION ID', + PROCESSNAME AS 'PROCESS NAME', + PID AS 'PID', + WINDOWSOCCLUDED AS 'WINDOWS OCCLUDED', + WINDOWSOFFSCREEN AS 'WINDOWS OFF SCREEN', + WINDOWSORDEREDOUT AS 'WINDOWS ORDERED OUT', + WINDOWSVISIBLE AS 'WINDOWS VISIBLE', + DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP, + DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP, + SYSTEM AS TIME_OFFSET, + TABLE_ID AS "PLWINDOWSERVERAGENT_EVENTFORWARD_TIMELINEINFO TABLE ID" + FROM + ( + SELECT + TABLE_ID, + TIMESTAMP, + TIME_OFFSET_TIMESTAMP, + MAX(TIME_OFFSET_ID) AS MAX_ID, + TIMESTAMPLOGGED, + SESSIONID, + PROCESSNAME, + PID, + WINDOWSOCCLUDED, + WINDOWSOFFSCREEN, + WINDOWSORDEREDOUT, + WINDOWSVISIBLE, + SYSTEM + FROM + ( + SELECT + PLWINDOWSERVERAGENT_EVENTFORWARD_TIMELINEINFO.TIMESTAMP, + PLWINDOWSERVERAGENT_EVENTFORWARD_TIMELINEINFO.TIMESTAMPLOGGED, + PLWINDOWSERVERAGENT_EVENTFORWARD_TIMELINEINFO.SESSIONID, + PLWINDOWSERVERAGENT_EVENTFORWARD_TIMELINEINFO.PROCESSNAME, + PLWINDOWSERVERAGENT_EVENTFORWARD_TIMELINEINFO.PID, + PLWINDOWSERVERAGENT_EVENTFORWARD_TIMELINEINFO.WINDOWSOCCLUDED, + PLWINDOWSERVERAGENT_EVENTFORWARD_TIMELINEINFO.WINDOWSOFFSCREEN, + PLWINDOWSERVERAGENT_EVENTFORWARD_TIMELINEINFO.WINDOWSORDEREDOUT, + PLWINDOWSERVERAGENT_EVENTFORWARD_TIMELINEINFO.WINDOWSVISIBLE, + PLWINDOWSERVERAGENT_EVENTFORWARD_TIMELINEINFO.ID AS "TABLE_ID", + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID, + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM + FROM + PLWINDOWSERVERAGENT_EVENTFORWARD_TIMELINEINFO + LEFT JOIN + PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET + ) + GROUP BY + TABLE_ID + ) \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/quarantine_events.txt b/src/sysdiagnose/utils/apollo_modules/quarantine_events.txt new file mode 100644 index 0000000..9fcbd76 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/quarantine_events.txt @@ -0,0 +1,87 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Quarantine Events + +[Database Metadata] +DATABASE=com.apple.LaunchServices.QuarantineEventsV2 +PLATFORM=MACOS +VERSIONS=10.13,10.14,10.15,10.16 + +[Query Metadata] +QUERY_NAME=quarantine_events +ACTIVITY=Quarantine +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10.13,10.14,10.15,10.16] +QUERY= + SELECT + DATETIME(LSQUARANTINETIMESTAMP+978307200,'UNIXEPOCH') AS 'TIMESTAMP', + LSQUARANTINEEVENTIDENTIFIER AS 'EVENT ID', + LSQUARANTINEAGENTBUNDLEIDENTIFIER AS 'AGENT BUNDLE ID', + LSQUARANTINEAGENTNAME AS 'AGENT NAME', + LSQUARANTINETYPENUMBER AS 'TYPE NUMBER', + LSQUARANTINESENDERNAME AS 'SENDER NAME', + LSQUARANTINESENDERADDRESS AS 'SENDER ADDRESS', + LSQUARANTINEORIGINTITLE AS 'ORIGIN TITLE', + LSQUARANTINEORIGINURLSTRING AS 'ORIGIN URL STRING', + LSQUARANTINEORIGINALIAS AS 'ORIGIN ALIAS', + LSQUARANTINEDATAURLSTRING AS 'DATA URL STRING' + FROM LSQUARANTINEEVENT \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/query_predictions.txt b/src/sysdiagnose/utils/apollo_modules/query_predictions.txt new file mode 100644 index 0000000..ceb523a --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/query_predictions.txt @@ -0,0 +1,82 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=AlexisBrignoni/abrignoni.com/@alexisbrignoni +MODULE_NOTES=Query_predictions.db + +[Database Metadata] +DATABASE=query_predictions.db +PLATFORM=IOS +VERSIONS=8,9,10,11,12,13 + +[Query Metadata] +QUERY_NAME=query_predictions.db +ACTIVITY=Chat +KEY_TIMESTAMP=START + +[SQL Query 8,9,10,11,12,13] +QUERY= + SELECT + CONTENT, + ISSENT, + CONVERSATIONID, + ID, + UUID, + DATETIME(CREATIONTIMESTAMP, "UNIXEPOCH") AS START + FROM MESSAGES \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_cache_zrtcllocationmo.txt b/src/sysdiagnose/utils/apollo_modules/routined_cache_zrtcllocationmo.txt new file mode 100644 index 0000000..86eb239 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_cache_zrtcllocationmo.txt @@ -0,0 +1,89 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Granular Location Data (~1 Week) + +[Database Metadata] +DATABASE=CoreRoutine.sqlite,Cache.sqlite +PLATFORM=IOS +VERSIONS=10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=routined_cache_zrtcllocationmo +ACTIVITY=Routined Location +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10,11,12,13,14] +QUERY= + SELECT + DATETIME(ZTIMESTAMP + 978307200, 'UNIXEPOCH') AS "TIMESTAMP", + ZLATITUDE || ", " || ZLONGITUDE AS "COORDINATES", + ZALTITUDE AS "ALTITUDE", + ZCOURSE AS "COURSE", + ZSPEED AS "SPEED (M/S)", + ZSPEED*2.23694 AS "SPEED (MPH)", + ZSPEED*3.6 AS "SPEED (KMPH)", + ZHORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + ZVERTICALACCURACY AS "VERTICAL ACCURACY", + ZLATITUDE AS "LATITUDE", + ZLONGITUDE AS "LONGITUDE", + ZRTCLLOCATIONMO.Z_PK AS "ZRTCLLOCATIONMO TABLE ID" + FROM + ZRTCLLOCATIONMO \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_cache_zrthintmo.txt b/src/sysdiagnose/utils/apollo_modules/routined_cache_zrthintmo.txt new file mode 100644 index 0000000..4104bb9 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_cache_zrthintmo.txt @@ -0,0 +1,83 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Semi-granular Location Data (~1 Week) + +[Database Metadata] +DATABASE=Cache.sqlite,CoreRoutine.sqlite +PLATFORM=IOS +VERSIONS=10,11,12,13,14 + +[Query Metadata] +QUERY_NAME=routined_cache_zrthintmo +ACTIVITY=Routined Location +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10,11,12,13,14] +QUERY= + SELECT + DATETIME(ZDATE + 978307200, 'UNIXEPOCH') AS "TIMESTAMP", + ZLATITUDE || ", " || ZLONGITUDE AS "COORDINATES", + ZSOURCE AS "SOURCE", + ZLATITUDE AS "LATITUDE", + ZLONGITUDE AS "LONGITUDE", + ZRTHINTMO.Z_PK AS "ZRTHINTMO TABLE ID" + FROM + ZRTHINTMO \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_cache_zrvisitmo.txt b/src/sysdiagnose/utils/apollo_modules/routined_cache_zrvisitmo.txt new file mode 100644 index 0000000..d246e8a --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_cache_zrvisitmo.txt @@ -0,0 +1,88 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Visit Locations + +[Database Metadata] +DATABASE=Cache.sqlite,CoreRoutine.sqlite +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=routined_cache_zrvisitmo +ACTIVITY=Routined Location - Entry +KEY_TIMESTAMP=ENTRY TIMESTAMP + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "ENTRY TIMESTAMP", + DATETIME(ZEXITDATE + 978307200, 'UNIXEPOCH') AS "EXIT TIMESTAMP", + ZLOCATIONLATITUDE || ", " || ZLOCATIONLONGITUDE AS "COORDINATES", + DATETIME(ZDETECTIONDATE + 978307200, 'UNIXEPOCH') AS "DETECTION TIMESTAMP", + (ZEXITDATE-ZENTRYDATE)/60.00 AS "VISIT TIME (MINUTES)", + ZTYPE AS "TYPE", + ZLOCATIONLATITUDE AS "LATITUDE", + ZLOCATIONLONGITUDE AS "LONGITUDE", + ZLOCATIONUNCERTAINTY AS "UNCERTAINTY", + ZDATAPOINTCOUNT AS "DATA POINT COUNT", + Z_PK AS "ZRTVISITMO TABLE ID" + FROM + ZRTVISITMO \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_cacheencryptedB_hint.txt b/src/sysdiagnose/utils/apollo_modules/routined_cacheencryptedB_hint.txt new file mode 100644 index 0000000..c69298b --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_cacheencryptedB_hint.txt @@ -0,0 +1,81 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Routined Locations + +[Database Metadata] +DATABASE=cache_encryptedB.db +PLATFORM=IOS +VERSIONS=8,9 + +[Query Metadata] +QUERY_NAME=routined_cacheencryptedB_hint +ACTIVITY=Routined Location +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 8,9] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM HINT \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_cacheencryptedB_location.txt b/src/sysdiagnose/utils/apollo_modules/routined_cacheencryptedB_location.txt new file mode 100644 index 0000000..60f6875 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_cacheencryptedB_location.txt @@ -0,0 +1,86 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Routined Locations + +[Database Metadata] +DATABASE=cache_encryptedB.db +PLATFORM=IOS +VERSIONS=8,9 + +[Query Metadata] +QUERY_NAME=routined_cacheencryptedB_location +ACTIVITY=Routined Location +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 8,9] +QUERY= + SELECT + DATETIME(TIMESTAMP + 978307200,'UNIXEPOCH') AS "TIMESTAMP", + LATITUDE || ", " || LONGITUDE AS "COORDINATES", + ALTITUDE AS "ALTITUDE", + SPEED AS "SPEED", + COURSE AS "COURSE", + CONFIDENCE AS "CONFIDENCE", + HORIZONTALACCURACY AS "HORIZONTAL ACCURACY", + VERTICALACCURACY AS "VERTICAL ACCURACY", + LATITUDE AS "LATITUDE", + LONGITUDE AS "LONGITUDE" + FROM LOCATION \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_cloud_address.txt b/src/sysdiagnose/utils/apollo_modules/routined_cloud_address.txt new file mode 100644 index 0000000..c8a6c42 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_cloud_address.txt @@ -0,0 +1,91 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Address + +[Database Metadata] +DATABASE=Cloud.sqlite,Cloud-V2.sqlite +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=routined_cloud_address +ACTIVITY=Location +KEY_TIMESTAMP=ADDRESS CREATION DATE + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(ZRTADDRESSMO.ZCREATIONDATE + 978307200, 'unixepoch') AS "ADDRESS CREATION DATE", + DATETIME(ZRTADDRESSMO.ZEXPIRATIONDATE + 978307200, 'unixepoch') AS "ADDRESS EXPIRATION DATE", + ZRTADDRESSMO.ZCOUNTRY AS "COUNTRY", + ZRTADDRESSMO.ZCOUNTRYCODE AS "COUNTRY CODE", + ZRTADDRESSMO.ZPOSTALCODE AS "POSTAL CODE", + ZRTADDRESSMO.ZLOCALITY AS "LOCALITY", + ZRTADDRESSMO.ZSUBLOCALITY AS "SUBLOCALITY", + ZRTADDRESSMO.ZTHOROUGHFARE AS "THROROUGHFARE", + ZRTADDRESSMO.ZSUBTHOROUGHFARE AS "SUBTHOROUGHFARE", + ZRTADDRESSMO.ZSUBADMINISTRATIVEAREA AS "SUBADMINISTRATIVE AREA", + CAST(ZRTADDRESSMO.ZAREASOFINTEREST AS TEXT) AS "AREA OF INTEREST", + ZRTADDRESSMO.ZOCEAN AS "OCEAN", + ZRTADDRESSMO.ZINLANDWATER AS "INLAND WATER", + ZRTADDRESSMO.ZISLAND AS "ISLAND", + ZRTADDRESSMO.Z_PK AS "ZRTADDRESSMO TABLE ID" + FROM ZRTADDRESSMO \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_cloud_mapitem.txt b/src/sysdiagnose/utils/apollo_modules/routined_cloud_mapitem.txt new file mode 100644 index 0000000..086f717 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_cloud_mapitem.txt @@ -0,0 +1,126 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Map Item + +[Database Metadata] +DATABASE=Cloud.sqlite,Cloud-V2.sqlite +PLATFORM=IOS +VERSIONS=13,14 + +[Query Metadata] +QUERY_NAME=routined_cloud_mapitem +ACTIVITY=Routined Location - Map Item Creation +KEY_TIMESTAMP=MAP ITEM CREATION DATE + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZRTMAPITEMMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION DATE", + DATETIME(ZRTMAPITEMMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM EXPIRATION DATE", + ZRTMAPITEMMO.ZLATITUDE || ", " || ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM COORDINATES", + ZRTMAPITEMMO.ZNAME AS "MAP ITEM NAME", + ZRTADDRESSMO.ZCOUNTRY AS "COUNTRY", + ZRTADDRESSMO.ZCOUNTRYCODE AS "COUNTRY CODE", + ZRTADDRESSMO.ZPOSTALCODE AS "POSTAL CODE", + ZRTADDRESSMO.ZLOCALITY AS "LOCALITY", + ZRTADDRESSMO.ZSUBLOCALITY AS "SUBLOCALITY", + ZRTADDRESSMO.ZTHOROUGHFARE AS "THROROUGHFARE", + ZRTADDRESSMO.ZSUBTHOROUGHFARE AS "SUBTHOROUGHFARE", + ZRTADDRESSMO.ZSUBADMINISTRATIVEAREA AS "SUBADMINISTRATIVE AREA", + CAST(ZRTADDRESSMO.ZAREASOFINTEREST AS TEXT) AS "AREA OF INTEREST", + ZRTADDRESSMO.ZOCEAN AS "OCEAN", + ZRTADDRESSMO.ZINLANDWATER AS "INLAND WATER", + ZRTADDRESSMO.ZISLAND AS "ISLAND", + ZRTMAPITEMMO.ZLATITUDE AS "LATITUTE", + ZRTMAPITEMMO.ZLONGITUDE AS "LONGITUDE", + ZRTMAPITEMMO.ZUNCERTAINTY AS "UNCERTAINTY", + ZRTMAPITEMMO.ZDISPLAYLANGUAGE AS "MAP ITEM LANGUAGE", + HEX(ZRTMAPITEMMO.ZGEOMAPITEMHANDLE) AS "MAP ITEM GEOMAPITEM (HEX PROTOBUF)", + ZRTMAPITEMMO.Z_PK AS "ZRTMAPITEMMO TABLE ID" + FROM ZRTMAPITEMMO + LEFT JOIN ZRTADDRESSMO ON ZRTMAPITEMMO.Z_PK == ZRTADDRESSMO.ZMAPITEM + +[SQL Query 12] +QUERY= + SELECT + DATETIME(ZRTMAPITEMMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION DATE", + DATETIME(ZRTMAPITEMMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM EXPIRATION DATE", + ZRTMAPITEMMO.ZLATITUDE || ", " || ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM COORDINATES", + ZRTMAPITEMMO.ZNAME AS "MAP ITEM NAME", + ZRTADDRESSMO.ZCOUNTRY AS "COUNTRY", + ZRTADDRESSMO.ZCOUNTRYCODE AS "COUNTRY CODE", + ZRTADDRESSMO.ZPOSTALCODE AS "POSTAL CODE", + ZRTADDRESSMO.ZLOCALITY AS "LOCALITY", + ZRTADDRESSMO.ZSUBLOCALITY AS "SUBLOCALITY", + ZRTADDRESSMO.ZTHOROUGHFARE AS "THROROUGHFARE", + ZRTADDRESSMO.ZSUBTHOROUGHFARE AS "SUBTHOROUGHFARE", + ZRTADDRESSMO.ZSUBADMINISTRATIVEAREA AS "SUBADMINISTRATIVE AREA", + CAST(ZRTADDRESSMO.ZAREASOFINTEREST AS TEXT) AS "AREA OF INTEREST", + ZRTADDRESSMO.ZOCEAN AS "OCEAN", + ZRTADDRESSMO.ZINLANDWATER AS "INLAND WATER", + ZRTADDRESSMO.ZISLAND AS "ISLAND", + ZRTMAPITEMMO.ZLATITUDE AS "LATITUTE", + ZRTMAPITEMMO.ZLONGITUDE AS "LONGITUDE", + ZRTMAPITEMMO.ZUNCERTAINTY AS "UNCERTAINTY", + HEX(ZRTMAPITEMMO.ZGEOMAPITEMHANDLE) AS "MAP ITEM GEOMAPITEM (HEX PROTOBUF)", + ZRTMAPITEMMO.Z_PK AS "ZRTMAPITEMMO TABLE ID" + FROM ZRTMAPITEMMO + LEFT JOIN ZRTADDRESSMO ON ZRTMAPITEMMO.Z_PK == ZRTADDRESSMO.ZMAPITEM \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_entry.txt b/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_entry.txt new file mode 100644 index 0000000..668ceb1 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_entry.txt @@ -0,0 +1,211 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Significant Locations - Vist Entry (Historical) + +[Database Metadata] +DATABASE=Cloud.sqlite,Cloud-V2.sqlite +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=routined_cloud_visit_entry +ACTIVITY=Routined Location - Visit Entry +KEY_TIMESTAMP=VISIT ENTRY + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + (ZEXITDATE-ZENTRYDATE)/60.00 AS "VISIT TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTADDRESSMO.ZCOUNTRY AS "COUNTRY", + ZRTADDRESSMO.ZCOUNTRYCODE AS "COUNTRY CODE", + ZRTADDRESSMO.ZPOSTALCODE AS "POSTAL CODE", + ZRTADDRESSMO.ZLOCALITY AS "LOCALITY", + ZRTADDRESSMO.ZSUBLOCALITY AS "SUBLOCALITY", + ZRTADDRESSMO.ZTHOROUGHFARE AS "THROROUGHFARE", + ZRTADDRESSMO.ZSUBTHOROUGHFARE AS "SUBTHOROUGHFARE", + ZRTADDRESSMO.ZSUBADMINISTRATIVEAREA AS "SUBADMINISTRATIVE AREA", + CAST(ZRTADDRESSMO.ZAREASOFINTEREST AS TEXT) AS "AREA OF INTEREST", + ZRTADDRESSMO.ZOCEAN AS "OCEAN", + ZRTADDRESSMO.ZINLANDWATER AS "INLAND WATER", + ZRTADDRESSMO.ZISLAND AS "ISLAND", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTADDRESSMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ADDRESS CREATION", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTMAPITEMMO.ZLATITUDE || ", " || ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM COORDINATES", + DATETIME(ZRTMAPITEMMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION DATE", + DATETIME(ZRTMAPITEMMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM EXPIRATION DATE", + ZRTMAPITEMMO.ZLATITUDE AS "MAP ITEM LATITUTE", + ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM LONGITUDE", + ZRTMAPITEMMO.ZUNCERTAINTY AS "UNCERTAINTY", + ZRTMAPITEMMO.ZDISPLAYLANGUAGE AS "MAP ITEM LANGUAGE", + ZRTMAPITEMMO.ZNAME AS "MAP ITEM NAME", + HEX(ZRTMAPITEMMO.ZGEOMAPITEMHANDLE) AS "MAP ITEM GEOMAPITEM (HEX PROTOBUF)", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE + LEFT JOIN + ZRTADDRESSMO ON ZRTADDRESSMO.ZMAPITEM = ZRTLEARNEDPLACEMO.ZMAPITEM + LEFT JOIN + ZRTMAPITEMMO ON ZRTMAPITEMMO.Z_PK = ZRTLEARNEDPLACEMO.ZMAPITEM + +[SQL Query 12] +QUERY= + SELECT + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + (ZEXITDATE-ZENTRYDATE)/60.00 AS "VISIT TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTADDRESSMO.ZCOUNTRY AS "COUNTRY", + ZRTADDRESSMO.ZCOUNTRYCODE AS "COUNTRY CODE", + ZRTADDRESSMO.ZPOSTALCODE AS "POSTAL CODE", + ZRTADDRESSMO.ZLOCALITY AS "LOCALITY", + ZRTADDRESSMO.ZSUBLOCALITY AS "SUBLOCALITY", + ZRTADDRESSMO.ZTHOROUGHFARE AS "THROROUGHFARE", + ZRTADDRESSMO.ZSUBTHOROUGHFARE AS "SUBTHOROUGHFARE", + ZRTADDRESSMO.ZSUBADMINISTRATIVEAREA AS "SUBADMINISTRATIVE AREA", + CAST(ZRTADDRESSMO.ZAREASOFINTEREST AS TEXT) AS "AREA OF INTEREST", + ZRTADDRESSMO.ZOCEAN AS "OCEAN", + ZRTADDRESSMO.ZINLANDWATER AS "INLAND WATER", + ZRTADDRESSMO.ZISLAND AS "ISLAND", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTADDRESSMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ADDRESS CREATION", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTMAPITEMMO.ZLATITUDE || ", " || ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM COORDINATES", + DATETIME(ZRTMAPITEMMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION DATE", + DATETIME(ZRTMAPITEMMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM EXPIRATION DATE", + ZRTMAPITEMMO.ZLATITUDE AS "MAP ITEM LATITUTE", + ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM LONGITUDE", + ZRTMAPITEMMO.ZUNCERTAINTY AS "UNCERTAINTY", + ZRTMAPITEMMO.ZNAME AS "MAP ITEM NAME", + HEX(ZRTMAPITEMMO.ZGEOMAPITEMHANDLE) AS "MAP ITEM GEOMAPITEM (HEX PROTOBUF)", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE + LEFT JOIN + ZRTADDRESSMO ON ZRTADDRESSMO.ZMAPITEM = ZRTLEARNEDPLACEMO.ZMAPITEM + LEFT JOIN + ZRTMAPITEMMO ON ZRTMAPITEMMO.Z_PK = ZRTLEARNEDPLACEMO.ZMAPITEM + +[SQL Query 11] +QUERY= + SELECT + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + (ZEXITDATE-ZENTRYDATEV)/60.00 AS "VISIT TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTLEARNEDPLACEMO.ZMAPITEMCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION", + HEX(ZRTLEARNEDPLACEMO.ZMAPITEMGEOMAPITEMHANDLE) AS "PLACE NAME BLOB (HEX)", + HEX(ZRTLEARNEDPLACEMO.ZMAPITEMGEOMAPITEM) AS "PLACE GEO BLOB (HEX)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO + ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO + ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_exit.txt b/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_exit.txt new file mode 100644 index 0000000..4cfa2b8 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_exit.txt @@ -0,0 +1,211 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Significant Locations - Vist Exit (Historical) + +[Database Metadata] +DATABASE=Cloud.sqlite,Cloud-V2.sqlite +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=routined_cloud_visit_exit +ACTIVITY=Routined Location - Visit Exit +KEY_TIMESTAMP=VISIT EXIT + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + (ZEXITDATE-ZENTRYDATE)/60.00 AS "VISIT TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTADDRESSMO.ZCOUNTRY AS "COUNTRY", + ZRTADDRESSMO.ZCOUNTRYCODE AS "COUNTRY CODE", + ZRTADDRESSMO.ZPOSTALCODE AS "POSTAL CODE", + ZRTADDRESSMO.ZLOCALITY AS "LOCALITY", + ZRTADDRESSMO.ZSUBLOCALITY AS "SUBLOCALITY", + ZRTADDRESSMO.ZTHOROUGHFARE AS "THROROUGHFARE", + ZRTADDRESSMO.ZSUBTHOROUGHFARE AS "SUBTHOROUGHFARE", + ZRTADDRESSMO.ZSUBADMINISTRATIVEAREA AS "SUBADMINISTRATIVE AREA", + CAST(ZRTADDRESSMO.ZAREASOFINTEREST AS TEXT) AS "AREA OF INTEREST", + ZRTADDRESSMO.ZOCEAN AS "OCEAN", + ZRTADDRESSMO.ZINLANDWATER AS "INLAND WATER", + ZRTADDRESSMO.ZISLAND AS "ISLAND", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTADDRESSMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ADDRESS CREATION", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTMAPITEMMO.ZLATITUDE || ", " || ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM COORDINATES", + DATETIME(ZRTMAPITEMMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION DATE", + DATETIME(ZRTMAPITEMMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM EXPIRATION DATE", + ZRTMAPITEMMO.ZLATITUDE AS "MAP ITEM LATITUTE", + ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM LONGITUDE", + ZRTMAPITEMMO.ZUNCERTAINTY AS "UNCERTAINTY", + ZRTMAPITEMMO.ZDISPLAYLANGUAGE AS "MAP ITEM LANGUAGE", + ZRTMAPITEMMO.ZNAME AS "MAP ITEM NAME", + HEX(ZRTMAPITEMMO.ZGEOMAPITEMHANDLE) AS "MAP ITEM GEOMAPITEM (HEX PROTOBUF)", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE + LEFT JOIN + ZRTADDRESSMO ON ZRTADDRESSMO.ZMAPITEM = ZRTLEARNEDPLACEMO.ZMAPITEM + LEFT JOIN + ZRTMAPITEMMO ON ZRTMAPITEMMO.Z_PK = ZRTLEARNEDPLACEMO.ZMAPITEM + +[SQL Query 12] +QUERY= + SELECT + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + (ZEXITDATE-ZENTRYDATE)/60.00 AS "VISIT TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTADDRESSMO.ZCOUNTRY AS "COUNTRY", + ZRTADDRESSMO.ZCOUNTRYCODE AS "COUNTRY CODE", + ZRTADDRESSMO.ZPOSTALCODE AS "POSTAL CODE", + ZRTADDRESSMO.ZLOCALITY AS "LOCALITY", + ZRTADDRESSMO.ZSUBLOCALITY AS "SUBLOCALITY", + ZRTADDRESSMO.ZTHOROUGHFARE AS "THROROUGHFARE", + ZRTADDRESSMO.ZSUBTHOROUGHFARE AS "SUBTHOROUGHFARE", + ZRTADDRESSMO.ZSUBADMINISTRATIVEAREA AS "SUBADMINISTRATIVE AREA", + CAST(ZRTADDRESSMO.ZAREASOFINTEREST AS TEXT) AS "AREA OF INTEREST", + ZRTADDRESSMO.ZOCEAN AS "OCEAN", + ZRTADDRESSMO.ZINLANDWATER AS "INLAND WATER", + ZRTADDRESSMO.ZISLAND AS "ISLAND", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTADDRESSMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ADDRESS CREATION", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTMAPITEMMO.ZLATITUDE || ", " || ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM COORDINATES", + DATETIME(ZRTMAPITEMMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION DATE", + DATETIME(ZRTMAPITEMMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM EXPIRATION DATE", + ZRTMAPITEMMO.ZLATITUDE AS "MAP ITEM LATITUTE", + ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM LONGITUDE", + ZRTMAPITEMMO.ZUNCERTAINTY AS "UNCERTAINTY", + ZRTMAPITEMMO.ZNAME AS "MAP ITEM NAME", + HEX(ZRTMAPITEMMO.ZGEOMAPITEMHANDLE) AS "MAP ITEM GEOMAPITEM (HEX PROTOBUF)", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE + LEFT JOIN + ZRTADDRESSMO ON ZRTADDRESSMO.ZMAPITEM = ZRTLEARNEDPLACEMO.ZMAPITEM + LEFT JOIN + ZRTMAPITEMMO ON ZRTMAPITEMMO.Z_PK = ZRTLEARNEDPLACEMO.ZMAPITEM + +[SQL Query 11] +QUERY= + SELECT + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + (ZEXITDATE-ZENTRYDATE)/60.00 AS "VISIT TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTLEARNEDPLACEMO.ZMAPITEMCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION", + HEX(ZRTLEARNEDPLACEMO.ZMAPITEMGEOMAPITEMHANDLE) AS "PLACE NAME BLOB (HEX)", + HEX(ZRTLEARNEDPLACEMO.ZMAPITEMGEOMAPITEM) AS "PLACE GEO BLOB (HEX)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO + ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO + ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_inbound_start.txt b/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_inbound_start.txt new file mode 100644 index 0000000..0eccd69 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_inbound_start.txt @@ -0,0 +1,227 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Significant Locations - Inbound Start (Historical) + +[Database Metadata] +DATABASE=Cloud.sqlite,Cloud-V2.sqlite +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=routined_cloud_visit_inbound_start +ACTIVITY=Routined Location - Inbound Start +KEY_TIMESTAMP=INBOUND START DATE + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "INBOUND START DATE", + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "INBOUND STOP DATE", + (ZRTLEARNEDTRANSITIONMO.ZSTOPDATE-ZRTLEARNEDTRANSITIONMO.ZSTARTDATE)/60.00 AS "INBOUND TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTADDRESSMO.ZCOUNTRY AS "COUNTRY", + ZRTADDRESSMO.ZCOUNTRYCODE AS "COUNTRY CODE", + ZRTADDRESSMO.ZPOSTALCODE AS "POSTAL CODE", + ZRTADDRESSMO.ZLOCALITY AS "LOCALITY", + ZRTADDRESSMO.ZSUBLOCALITY AS "SUBLOCALITY", + ZRTADDRESSMO.ZTHOROUGHFARE AS "THROROUGHFARE", + ZRTADDRESSMO.ZSUBTHOROUGHFARE AS "SUBTHOROUGHFARE", + ZRTADDRESSMO.ZSUBADMINISTRATIVEAREA AS "SUBADMINISTRATIVE AREA", + CAST(ZRTADDRESSMO.ZAREASOFINTEREST AS TEXT) AS "AREA OF INTEREST", + ZRTADDRESSMO.ZOCEAN AS "OCEAN", + ZRTADDRESSMO.ZINLANDWATER AS "INLAND WATER", + ZRTADDRESSMO.ZISLAND AS "ISLAND", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTADDRESSMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ADDRESS CREATION", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTMAPITEMMO.ZLATITUDE || ", " || ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM COORDINATES", + DATETIME(ZRTMAPITEMMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION DATE", + DATETIME(ZRTMAPITEMMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM EXPIRATION DATE", + ZRTMAPITEMMO.ZLATITUDE AS "MAP ITEM LATITUTE", + ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM LONGITUDE", + ZRTMAPITEMMO.ZUNCERTAINTY AS "UNCERTAINTY", + ZRTMAPITEMMO.ZDISPLAYLANGUAGE AS "MAP ITEM LANGUAGE", + ZRTMAPITEMMO.ZNAME AS "MAP ITEM NAME", + HEX(ZRTMAPITEMMO.ZGEOMAPITEMHANDLE) AS "MAP ITEM GEOMAPITEM (HEX PROTOBUF)", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE + LEFT JOIN + ZRTLEARNEDTRANSITIONMO ON ZRTLEARNEDTRANSITIONMO.Z_PK = ZRTLEARNEDVISITMO.ZINBOUND + LEFT JOIN + ZRTADDRESSMO ON ZRTADDRESSMO.ZMAPITEM = ZRTLEARNEDPLACEMO.ZMAPITEM + LEFT JOIN + ZRTMAPITEMMO ON ZRTMAPITEMMO.Z_PK = ZRTLEARNEDPLACEMO.ZMAPITEM + WHERE "INBOUND START DATE" NOT NULL + +[SQL Query 12] +QUERY= + SELECT + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "INBOUND START DATE", + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "INBOUND STOP DATE", + (ZRTLEARNEDTRANSITIONMO.ZSTOPDATE-ZRTLEARNEDTRANSITIONMO.ZSTARTDATE)/60.00 AS "INBOUND TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTADDRESSMO.ZCOUNTRY AS "COUNTRY", + ZRTADDRESSMO.ZCOUNTRYCODE AS "COUNTRY CODE", + ZRTADDRESSMO.ZPOSTALCODE AS "POSTAL CODE", + ZRTADDRESSMO.ZLOCALITY AS "LOCALITY", + ZRTADDRESSMO.ZSUBLOCALITY AS "SUBLOCALITY", + ZRTADDRESSMO.ZTHOROUGHFARE AS "THROROUGHFARE", + ZRTADDRESSMO.ZSUBTHOROUGHFARE AS "SUBTHOROUGHFARE", + ZRTADDRESSMO.ZSUBADMINISTRATIVEAREA AS "SUBADMINISTRATIVE AREA", + CAST(ZRTADDRESSMO.ZAREASOFINTEREST AS TEXT) AS "AREA OF INTEREST", + ZRTADDRESSMO.ZOCEAN AS "OCEAN", + ZRTADDRESSMO.ZINLANDWATER AS "INLAND WATER", + ZRTADDRESSMO.ZISLAND AS "ISLAND", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTADDRESSMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ADDRESS CREATION", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTMAPITEMMO.ZLATITUDE || ", " || ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM COORDINATES", + DATETIME(ZRTMAPITEMMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION DATE", + DATETIME(ZRTMAPITEMMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM EXPIRATION DATE", + ZRTMAPITEMMO.ZLATITUDE AS "MAP ITEM LATITUTE", + ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM LONGITUDE", + ZRTMAPITEMMO.ZUNCERTAINTY AS "UNCERTAINTY", + ZRTMAPITEMMO.ZNAME AS "MAP ITEM NAME", + HEX(ZRTMAPITEMMO.ZGEOMAPITEMHANDLE) AS "MAP ITEM GEOMAPITEM (HEX PROTOBUF)", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE + LEFT JOIN + ZRTLEARNEDTRANSITIONMO ON ZRTLEARNEDTRANSITIONMO.Z_PK = ZRTLEARNEDVISITMO.ZINBOUND + LEFT JOIN + ZRTADDRESSMO ON ZRTADDRESSMO.ZMAPITEM = ZRTLEARNEDPLACEMO.ZMAPITEM + LEFT JOIN + ZRTMAPITEMMO ON ZRTMAPITEMMO.Z_PK = ZRTLEARNEDPLACEMO.ZMAPITEM + WHERE "INBOUND START DATE" NOT NULL + +[SQL Query 11] +QUERY= + SELECT + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "INBOUND START DATE", + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "INBOUND STOP DATE", + (ZRTLEARNEDTRANSITIONMO.ZSTOPDATE-ZRTLEARNEDTRANSITIONMO.ZSTARTDATE)/60.00 AS "INBOUND TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTLEARNEDPLACEMO.ZMAPITEMCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION", + HEX(ZRTLEARNEDPLACEMO.ZMAPITEMGEOMAPITEMHANDLE) AS "PLACE NAME BLOB (HEX)", + HEX(ZRTLEARNEDPLACEMO.ZMAPITEMGEOMAPITEM) AS "PLACE GEO BLOB (HEX)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO + ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO + ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE + LEFT JOIN + ZRTLEARNEDTRANSITIONMO + ON ZRTLEARNEDTRANSITIONMO.Z_PK = ZRTLEARNEDVISITMO.ZINBOUND + WHERE "INBOUND STOP DATE" NOT NULL \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_inbound_stop.txt b/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_inbound_stop.txt new file mode 100644 index 0000000..2a88e1c --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_inbound_stop.txt @@ -0,0 +1,227 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Significant Locations - Inbound Stop (Historical) + +[Database Metadata] +DATABASE=Cloud.sqlite,Cloud-V2.sqlite +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=routined_cloud_visit_inbound_stop +ACTIVITY=Routined Location - Inbound Stop +KEY_TIMESTAMP=INBOUND STOP DATE + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "INBOUND START DATE", + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "INBOUND STOP DATE", + (ZRTLEARNEDTRANSITIONMO.ZSTOPDATE-ZRTLEARNEDTRANSITIONMO.ZSTARTDATE)/60.00 AS "INBOUND TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTADDRESSMO.ZCOUNTRY AS "COUNTRY", + ZRTADDRESSMO.ZCOUNTRYCODE AS "COUNTRY CODE", + ZRTADDRESSMO.ZPOSTALCODE AS "POSTAL CODE", + ZRTADDRESSMO.ZLOCALITY AS "LOCALITY", + ZRTADDRESSMO.ZSUBLOCALITY AS "SUBLOCALITY", + ZRTADDRESSMO.ZTHOROUGHFARE AS "THROROUGHFARE", + ZRTADDRESSMO.ZSUBTHOROUGHFARE AS "SUBTHOROUGHFARE", + ZRTADDRESSMO.ZSUBADMINISTRATIVEAREA AS "SUBADMINISTRATIVE AREA", + CAST(ZRTADDRESSMO.ZAREASOFINTEREST AS TEXT) AS "AREA OF INTEREST", + ZRTADDRESSMO.ZOCEAN AS "OCEAN", + ZRTADDRESSMO.ZINLANDWATER AS "INLAND WATER", + ZRTADDRESSMO.ZISLAND AS "ISLAND", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTADDRESSMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ADDRESS CREATION", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTMAPITEMMO.ZLATITUDE || ", " || ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM COORDINATES", + DATETIME(ZRTMAPITEMMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION DATE", + DATETIME(ZRTMAPITEMMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM EXPIRATION DATE", + ZRTMAPITEMMO.ZLATITUDE AS "MAP ITEM LATITUTE", + ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM LONGITUDE", + ZRTMAPITEMMO.ZUNCERTAINTY AS "UNCERTAINTY", + ZRTMAPITEMMO.ZDISPLAYLANGUAGE AS "MAP ITEM LANGUAGE", + ZRTMAPITEMMO.ZNAME AS "MAP ITEM NAME", + HEX(ZRTMAPITEMMO.ZGEOMAPITEMHANDLE) AS "MAP ITEM GEOMAPITEM (HEX PROTOBUF)", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE + LEFT JOIN + ZRTLEARNEDTRANSITIONMO ON ZRTLEARNEDTRANSITIONMO.Z_PK = ZRTLEARNEDVISITMO.ZINBOUND + LEFT JOIN + ZRTADDRESSMO ON ZRTADDRESSMO.ZMAPITEM = ZRTLEARNEDPLACEMO.ZMAPITEM + LEFT JOIN + ZRTMAPITEMMO ON ZRTMAPITEMMO.Z_PK = ZRTLEARNEDPLACEMO.ZMAPITEM + WHERE "INBOUND STOP DATE" NOT NULL + +[SQL Query 12] +QUERY= + SELECT + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "INBOUND START DATE", + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "INBOUND STOP DATE", + (ZRTLEARNEDTRANSITIONMO.ZSTOPDATE-ZRTLEARNEDTRANSITIONMO.ZSTARTDATE)/60.00 AS "INBOUND TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTADDRESSMO.ZCOUNTRY AS "COUNTRY", + ZRTADDRESSMO.ZCOUNTRYCODE AS "COUNTRY CODE", + ZRTADDRESSMO.ZPOSTALCODE AS "POSTAL CODE", + ZRTADDRESSMO.ZLOCALITY AS "LOCALITY", + ZRTADDRESSMO.ZSUBLOCALITY AS "SUBLOCALITY", + ZRTADDRESSMO.ZTHOROUGHFARE AS "THROROUGHFARE", + ZRTADDRESSMO.ZSUBTHOROUGHFARE AS "SUBTHOROUGHFARE", + ZRTADDRESSMO.ZSUBADMINISTRATIVEAREA AS "SUBADMINISTRATIVE AREA", + CAST(ZRTADDRESSMO.ZAREASOFINTEREST AS TEXT) AS "AREA OF INTEREST", + ZRTADDRESSMO.ZOCEAN AS "OCEAN", + ZRTADDRESSMO.ZINLANDWATER AS "INLAND WATER", + ZRTADDRESSMO.ZISLAND AS "ISLAND", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTADDRESSMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ADDRESS CREATION", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTMAPITEMMO.ZLATITUDE || ", " || ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM COORDINATES", + DATETIME(ZRTMAPITEMMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION DATE", + DATETIME(ZRTMAPITEMMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM EXPIRATION DATE", + ZRTMAPITEMMO.ZLATITUDE AS "MAP ITEM LATITUTE", + ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM LONGITUDE", + ZRTMAPITEMMO.ZUNCERTAINTY AS "UNCERTAINTY", + ZRTMAPITEMMO.ZNAME AS "MAP ITEM NAME", + HEX(ZRTMAPITEMMO.ZGEOMAPITEMHANDLE) AS "MAP ITEM GEOMAPITEM (HEX PROTOBUF)", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE + LEFT JOIN + ZRTLEARNEDTRANSITIONMO ON ZRTLEARNEDTRANSITIONMO.Z_PK = ZRTLEARNEDVISITMO.ZINBOUND + LEFT JOIN + ZRTADDRESSMO ON ZRTADDRESSMO.ZMAPITEM = ZRTLEARNEDPLACEMO.ZMAPITEM + LEFT JOIN + ZRTMAPITEMMO ON ZRTMAPITEMMO.Z_PK = ZRTLEARNEDPLACEMO.ZMAPITEM + WHERE "INBOUND STOP DATE" NOT NULL + +[SQL Query 11] +QUERY= + SELECT + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "INBOUND START DATE", + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "INBOUND STOP DATE", + (ZRTLEARNEDTRANSITIONMO.ZSTOPDATE-ZRTLEARNEDTRANSITIONMO.ZSTARTDATE)/60.00 AS "INBOUND TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTLEARNEDPLACEMO.ZMAPITEMCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION", + HEX(ZRTLEARNEDPLACEMO.ZMAPITEMGEOMAPITEMHANDLE) AS "PLACE NAME BLOB (HEX)", + HEX(ZRTLEARNEDPLACEMO.ZMAPITEMGEOMAPITEM) AS "PLACE GEO BLOB (HEX)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO + ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO + ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE + LEFT JOIN + ZRTLEARNEDTRANSITIONMO + ON ZRTLEARNEDTRANSITIONMO.Z_PK = ZRTLEARNEDVISITMO.ZINBOUND + WHERE "INBOUND START DATE" NOT NULL \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_outbound_start.txt b/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_outbound_start.txt new file mode 100644 index 0000000..0da2f7c --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_outbound_start.txt @@ -0,0 +1,227 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Significant Locations - Outbound Start (Historical) + +[Database Metadata] +DATABASE=Cloud.sqlite,Cloud-V2.sqlite +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=routined_cloud_visit_outbound_start +ACTIVITY=Routined Location - Outbound Start +KEY_TIMESTAMP=OUTBOUND START DATE + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "OUTBOUND START DATE", + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "OUTBOUND STOP DATE", + (ZRTLEARNEDTRANSITIONMO.ZSTOPDATE-ZRTLEARNEDTRANSITIONMO.ZSTARTDATE)/60.00 AS "OUTBOUND TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTADDRESSMO.ZCOUNTRY AS "COUNTRY", + ZRTADDRESSMO.ZCOUNTRYCODE AS "COUNTRY CODE", + ZRTADDRESSMO.ZPOSTALCODE AS "POSTAL CODE", + ZRTADDRESSMO.ZLOCALITY AS "LOCALITY", + ZRTADDRESSMO.ZSUBLOCALITY AS "SUBLOCALITY", + ZRTADDRESSMO.ZTHOROUGHFARE AS "THROROUGHFARE", + ZRTADDRESSMO.ZSUBTHOROUGHFARE AS "SUBTHOROUGHFARE", + ZRTADDRESSMO.ZSUBADMINISTRATIVEAREA AS "SUBADMINISTRATIVE AREA", + CAST(ZRTADDRESSMO.ZAREASOFINTEREST AS TEXT) AS "AREA OF INTEREST", + ZRTADDRESSMO.ZOCEAN AS "OCEAN", + ZRTADDRESSMO.ZINLANDWATER AS "INLAND WATER", + ZRTADDRESSMO.ZISLAND AS "ISLAND", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTADDRESSMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ADDRESS CREATION", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTMAPITEMMO.ZLATITUDE || ", " || ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM COORDINATES", + DATETIME(ZRTMAPITEMMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION DATE", + DATETIME(ZRTMAPITEMMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM EXPIRATION DATE", + ZRTMAPITEMMO.ZLATITUDE AS "MAP ITEM LATITUTE", + ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM LONGITUDE", + ZRTMAPITEMMO.ZUNCERTAINTY AS "UNCERTAINTY", + ZRTMAPITEMMO.ZDISPLAYLANGUAGE AS "MAP ITEM LANGUAGE", + ZRTMAPITEMMO.ZNAME AS "MAP ITEM NAME", + HEX(ZRTMAPITEMMO.ZGEOMAPITEMHANDLE) AS "MAP ITEM GEOMAPITEM (HEX PROTOBUF)", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE + LEFT JOIN + ZRTLEARNEDTRANSITIONMO ON ZRTLEARNEDTRANSITIONMO.Z_PK = ZRTLEARNEDVISITMO.ZINBOUND + LEFT JOIN + ZRTADDRESSMO ON ZRTADDRESSMO.ZMAPITEM = ZRTLEARNEDPLACEMO.ZMAPITEM + LEFT JOIN + ZRTMAPITEMMO ON ZRTMAPITEMMO.Z_PK = ZRTLEARNEDPLACEMO.ZMAPITEM + WHERE "OUTBOUND START DATE" NOT NULL + +[SQL Query 12] +QUERY= + SELECT + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "OUTBOUND START DATE", + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "OUTBOUND STOP DATE", + (ZRTLEARNEDTRANSITIONMO.ZSTOPDATE-ZRTLEARNEDTRANSITIONMO.ZSTARTDATE)/60.00 AS "OUTBOUND TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTADDRESSMO.ZCOUNTRY AS "COUNTRY", + ZRTADDRESSMO.ZCOUNTRYCODE AS "COUNTRY CODE", + ZRTADDRESSMO.ZPOSTALCODE AS "POSTAL CODE", + ZRTADDRESSMO.ZLOCALITY AS "LOCALITY", + ZRTADDRESSMO.ZSUBLOCALITY AS "SUBLOCALITY", + ZRTADDRESSMO.ZTHOROUGHFARE AS "THROROUGHFARE", + ZRTADDRESSMO.ZSUBTHOROUGHFARE AS "SUBTHOROUGHFARE", + ZRTADDRESSMO.ZSUBADMINISTRATIVEAREA AS "SUBADMINISTRATIVE AREA", + CAST(ZRTADDRESSMO.ZAREASOFINTEREST AS TEXT) AS "AREA OF INTEREST", + ZRTADDRESSMO.ZOCEAN AS "OCEAN", + ZRTADDRESSMO.ZINLANDWATER AS "INLAND WATER", + ZRTADDRESSMO.ZISLAND AS "ISLAND", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTADDRESSMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ADDRESS CREATION", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTMAPITEMMO.ZLATITUDE || ", " || ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM COORDINATES", + DATETIME(ZRTMAPITEMMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION DATE", + DATETIME(ZRTMAPITEMMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM EXPIRATION DATE", + ZRTMAPITEMMO.ZLATITUDE AS "MAP ITEM LATITUTE", + ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM LONGITUDE", + ZRTMAPITEMMO.ZUNCERTAINTY AS "UNCERTAINTY", + ZRTMAPITEMMO.ZNAME AS "MAP ITEM NAME", + HEX(ZRTMAPITEMMO.ZGEOMAPITEMHANDLE) AS "MAP ITEM GEOMAPITEM (HEX PROTOBUF)", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE + LEFT JOIN + ZRTLEARNEDTRANSITIONMO ON ZRTLEARNEDTRANSITIONMO.Z_PK = ZRTLEARNEDVISITMO.ZINBOUND + LEFT JOIN + ZRTADDRESSMO ON ZRTADDRESSMO.ZMAPITEM = ZRTLEARNEDPLACEMO.ZMAPITEM + LEFT JOIN + ZRTMAPITEMMO ON ZRTMAPITEMMO.Z_PK = ZRTLEARNEDPLACEMO.ZMAPITEM + WHERE "OUTBOUND START DATE" NOT NULL + +[SQL Query 11] +QUERY= + SELECT + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "OUTBOUND START DATE", + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "OUTBOUND STOP DATE", + (ZRTLEARNEDTRANSITIONMO.ZSTOPDATE-ZRTLEARNEDTRANSITIONMO.ZSTARTDATE)/60.00 AS "OUTBOUND TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTLEARNEDPLACEMO.ZMAPITEMCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION", + HEX(ZRTLEARNEDPLACEMO.ZMAPITEMGEOMAPITEMHANDLE) AS "PLACE NAME BLOB (HEX)", + HEX(ZRTLEARNEDPLACEMO.ZMAPITEMGEOMAPITEM) AS "PLACE GEO BLOB (HEX)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO + ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO + ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE + LEFT JOIN + ZRTLEARNEDTRANSITIONMO + ON ZRTLEARNEDTRANSITIONMO.Z_PK = ZRTLEARNEDVISITMO.ZOUTBOUND + WHERE "OUTBOUND START DATE" NOT NULL \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_outbound_stop.txt b/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_outbound_stop.txt new file mode 100644 index 0000000..3990e01 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_cloud_visit_outbound_stop.txt @@ -0,0 +1,227 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Significant Locations - Outbound Stop (Historical) + +[Database Metadata] +DATABASE=Cloud.sqlite,Cloud-V2.sqlite +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=routined_cloud_visit_outbound_stop +ACTIVITY=Routined Location - Outbound Stop +KEY_TIMESTAMP=OUTBOUND STOP DATE + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "OUTBOUND START DATE", + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "OUTBOUND STOP DATE", + (ZRTLEARNEDTRANSITIONMO.ZSTOPDATE-ZRTLEARNEDTRANSITIONMO.ZSTARTDATE)/60.00 AS "OUTBOUND TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTADDRESSMO.ZCOUNTRY AS "COUNTRY", + ZRTADDRESSMO.ZCOUNTRYCODE AS "COUNTRY CODE", + ZRTADDRESSMO.ZPOSTALCODE AS "POSTAL CODE", + ZRTADDRESSMO.ZLOCALITY AS "LOCALITY", + ZRTADDRESSMO.ZSUBLOCALITY AS "SUBLOCALITY", + ZRTADDRESSMO.ZTHOROUGHFARE AS "THROROUGHFARE", + ZRTADDRESSMO.ZSUBTHOROUGHFARE AS "SUBTHOROUGHFARE", + ZRTADDRESSMO.ZSUBADMINISTRATIVEAREA AS "SUBADMINISTRATIVE AREA", + CAST(ZRTADDRESSMO.ZAREASOFINTEREST AS TEXT) AS "AREA OF INTEREST", + ZRTADDRESSMO.ZOCEAN AS "OCEAN", + ZRTADDRESSMO.ZINLANDWATER AS "INLAND WATER", + ZRTADDRESSMO.ZISLAND AS "ISLAND", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTADDRESSMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ADDRESS CREATION", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTMAPITEMMO.ZLATITUDE || ", " || ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM COORDINATES", + DATETIME(ZRTMAPITEMMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION DATE", + DATETIME(ZRTMAPITEMMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM EXPIRATION DATE", + ZRTMAPITEMMO.ZLATITUDE AS "MAP ITEM LATITUTE", + ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM LONGITUDE", + ZRTMAPITEMMO.ZUNCERTAINTY AS "UNCERTAINTY", + ZRTMAPITEMMO.ZDISPLAYLANGUAGE AS "MAP ITEM LANGUAGE", + ZRTMAPITEMMO.ZNAME AS "MAP ITEM NAME", + HEX(ZRTMAPITEMMO.ZGEOMAPITEMHANDLE) AS "MAP ITEM GEOMAPITEM (HEX PROTOBUF)", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE + LEFT JOIN + ZRTLEARNEDTRANSITIONMO ON ZRTLEARNEDTRANSITIONMO.Z_PK = ZRTLEARNEDVISITMO.ZINBOUND + LEFT JOIN + ZRTADDRESSMO ON ZRTADDRESSMO.ZMAPITEM = ZRTLEARNEDPLACEMO.ZMAPITEM + LEFT JOIN + ZRTMAPITEMMO ON ZRTMAPITEMMO.Z_PK = ZRTLEARNEDPLACEMO.ZMAPITEM + WHERE "OUTBOUND STOP DATE" NOT NULL + +[SQL Query 12] +QUERY= + SELECT + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "OUTBOUND START DATE", + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "OUTBOUND STOP DATE", + (ZRTLEARNEDTRANSITIONMO.ZSTOPDATE-ZRTLEARNEDTRANSITIONMO.ZSTARTDATE)/60.00 AS "OUTBOUND TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTADDRESSMO.ZCOUNTRY AS "COUNTRY", + ZRTADDRESSMO.ZCOUNTRYCODE AS "COUNTRY CODE", + ZRTADDRESSMO.ZPOSTALCODE AS "POSTAL CODE", + ZRTADDRESSMO.ZLOCALITY AS "LOCALITY", + ZRTADDRESSMO.ZSUBLOCALITY AS "SUBLOCALITY", + ZRTADDRESSMO.ZTHOROUGHFARE AS "THROROUGHFARE", + ZRTADDRESSMO.ZSUBTHOROUGHFARE AS "SUBTHOROUGHFARE", + ZRTADDRESSMO.ZSUBADMINISTRATIVEAREA AS "SUBADMINISTRATIVE AREA", + CAST(ZRTADDRESSMO.ZAREASOFINTEREST AS TEXT) AS "AREA OF INTEREST", + ZRTADDRESSMO.ZOCEAN AS "OCEAN", + ZRTADDRESSMO.ZINLANDWATER AS "INLAND WATER", + ZRTADDRESSMO.ZISLAND AS "ISLAND", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTADDRESSMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "ADDRESS CREATION", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTMAPITEMMO.ZLATITUDE || ", " || ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM COORDINATES", + DATETIME(ZRTMAPITEMMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION DATE", + DATETIME(ZRTMAPITEMMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM EXPIRATION DATE", + ZRTMAPITEMMO.ZLATITUDE AS "MAP ITEM LATITUTE", + ZRTMAPITEMMO.ZLONGITUDE AS "MAP ITEM LONGITUDE", + ZRTMAPITEMMO.ZUNCERTAINTY AS "UNCERTAINTY", + ZRTMAPITEMMO.ZNAME AS "MAP ITEM NAME", + HEX(ZRTMAPITEMMO.ZGEOMAPITEMHANDLE) AS "MAP ITEM GEOMAPITEM (HEX PROTOBUF)", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE + LEFT JOIN + ZRTLEARNEDTRANSITIONMO ON ZRTLEARNEDTRANSITIONMO.Z_PK = ZRTLEARNEDVISITMO.ZINBOUND + LEFT JOIN + ZRTADDRESSMO ON ZRTADDRESSMO.ZMAPITEM = ZRTLEARNEDPLACEMO.ZMAPITEM + LEFT JOIN + ZRTMAPITEMMO ON ZRTMAPITEMMO.Z_PK = ZRTLEARNEDPLACEMO.ZMAPITEM + WHERE "OUTBOUND STOP DATE" NOT NULL + +[SQL Query 11] +QUERY= + SELECT + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "OUTBOUND START DATE", + DATETIME(ZRTLEARNEDTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "OUTBOUND STOP DATE", + (ZRTLEARNEDTRANSITIONMO.ZSTOPDATE-ZRTLEARNEDTRANSITIONMO.ZSTARTDATE)/60.00 AS "OUTBOUND TIME (MINUTES)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDVISITMO.ZPLACE AS "PLACE ID", + ZRTLEARNEDVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + ZRTLEARNEDVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDVISITMO.ZCONFIDENCE AS "CONFIDENCE", + DATETIME(ZRTLEARNEDVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "VISIT ENTRY", + DATETIME(ZRTLEARNEDVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXIT", + DATETIME(ZRTLEARNEDVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT CREATION", + DATETIME(ZRTLEARNEDVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "VISIT EXPIRATION", + ZRTDEVICEMO.ZDEVICECLASS AS "DEVICE CLASS", + ZRTDEVICEMO.ZDEVICEMODEL AS "DEVICE MODEL", + ZRTDEVICEMO.ZDEVICENAME AS "DEVICE NAME", + DATETIME(ZRTLEARNEDPLACEMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE CREATION", + DATETIME(ZRTLEARNEDPLACEMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "LEARNED PLACE EXPIRATION", + DATETIME(ZRTLEARNEDPLACEMO.ZMAPITEMCREATIONDATE + 978307200, 'UNIXEPOCH') AS "MAP ITEM CREATION", + HEX(ZRTLEARNEDPLACEMO.ZMAPITEMGEOMAPITEMHANDLE) AS "PLACE NAME BLOB (HEX)", + HEX(ZRTLEARNEDPLACEMO.ZMAPITEMGEOMAPITEM) AS "PLACE GEO BLOB (HEX)", + ZRTLEARNEDVISITMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDVISITMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDVISITMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTLEARNEDVISITMO + LEFT JOIN + ZRTDEVICEMO + ON ZRTLEARNEDVISITMO.ZDEVICE = ZRTDEVICEMO.Z_PK + LEFT JOIN + ZRTLEARNEDPLACEMO + ON ZRTLEARNEDPLACEMO.Z_PK = ZRTLEARNEDVISITMO.ZPLACE + LEFT JOIN + ZRTLEARNEDTRANSITIONMO + ON ZRTLEARNEDTRANSITIONMO.Z_PK = ZRTLEARNEDVISITMO.ZOUTBOUND + WHERE "OUTBOUND STOP DATE" NOT NULL \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_local_learned_location_of_interest_entry.txt b/src/sysdiagnose/utils/apollo_modules/routined_local_learned_location_of_interest_entry.txt new file mode 100644 index 0000000..a0c57ac --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_local_learned_location_of_interest_entry.txt @@ -0,0 +1,144 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Significant Locations - Location of Interest Entry (Historical) + +[Database Metadata] +DATABASE=Local.sqlite +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=routined_local_learned_location_of_interest_entry +ACTIVITY=Routined Location - Learned Location of Interest Entry +KEY_TIMESTAMP=ENTRY + +[SQL Query 14] +QUERY= + SELECT + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "ENTRY", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "EXIT", + (ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXITDATE-ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZENTRYDATE)/60.00 AS "EXIT TIME (MINUTES)", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZCONFIDENCE AS "CONFIDENCE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONOFINTERESTCONFIDENCE AS "LOI CONFIDENCE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONHORIZONTALUNCERTAINTY AS "HORIZONAL LOCATION UNCERTAINTY", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONVERTICALUNCERTAINTY AS "VERTICAL LOCATION UNCERTAINTY", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "PLACE CREATION DATE", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONLATITUDE AS "VISIT LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONLONGITUDE AS "VISIT LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.Z_PK AS "ZRTLEARNEDLOCATIONOFINTERESTVISITMO TABLE ID" + FROM + ZRTLEARNEDLOCATIONOFINTERESTVISITMO + LEFT JOIN + ZRTLEARNEDLOCATIONOFINTERESTMO + ON ZRTLEARNEDLOCATIONOFINTERESTMO.Z_PK = ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONOFINTEREST + +[SQL Query 12,13] +QUERY= + SELECT + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "ENTRY", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "EXIT", + (ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXITDATE-ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZENTRYDATE)/60.00 AS "ENTRY TIME (MINUTES)", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZCONFIDENCE AS "CONFIDENCE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "PLACE CREATION DATE", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONLATITUDE AS "VISIT LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONLONGITUDE AS "VISIT LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.Z_PK AS "ZRTLEARNEDLOCATIONOFINTERESTVISITMO TABLE ID" + FROM + ZRTLEARNEDLOCATIONOFINTERESTVISITMO + LEFT JOIN + ZRTLEARNEDLOCATIONOFINTERESTMO + ON ZRTLEARNEDLOCATIONOFINTERESTMO.Z_PK = ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONOFINTEREST + +[SQL Query 11] +QUERY= + SELECT + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "ENTRY", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "EXIT", + (ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXITDATE-ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZENTRYDATE)/60.00 AS "ENTRY TIME (MINUTES)", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZCONFIDENCE AS "CONFIDENCE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "PLACE CREATION DATE", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION", + HEX(ZRTLEARNEDLOCATIONOFINTERESTMO.ZPLACEMAPITEMGEOMAPITEMHANDLE) AS "PLACE NAME BLOB (HEX)", + HEX(ZRTLEARNEDLOCATIONOFINTERESTMO.ZPLACEMAPITEMGEOMAPITEM) AS "PLACE GEO BLOB (HEX)", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONLATITUDE AS "VISIT LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONLONGITUDE AS "VISIT LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.Z_PK AS "ZRTLEARNEDLOCATIONOFINTERESTVISITMO TABLE ID" + FROM + ZRTLEARNEDLOCATIONOFINTERESTVISITMO + LEFT JOIN + ZRTLEARNEDLOCATIONOFINTERESTMO + ON ZRTLEARNEDLOCATIONOFINTERESTMO.Z_PK = ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONOFINTEREST \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_local_learned_location_of_interest_exit.txt b/src/sysdiagnose/utils/apollo_modules/routined_local_learned_location_of_interest_exit.txt new file mode 100644 index 0000000..c75dd20 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_local_learned_location_of_interest_exit.txt @@ -0,0 +1,144 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Significant Locations - Location of Interest Exit (Historical) + +[Database Metadata] +DATABASE=Local.sqlite +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=routined_local_learned_location_of_interest_exit +ACTIVITY=Routined Location - Learned Location of Interest Exit +KEY_TIMESTAMP=EXIT + +[SQL Query 14] +QUERY= + SELECT + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "ENTRY", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "EXIT", + (ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXITDATE-ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZENTRYDATE)/60.00 AS "EXIT TIME (MINUTES)", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZCONFIDENCE AS "CONFIDENCE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONOFINTERESTCONFIDENCE AS "LOI CONFIDENCE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONHORIZONTALUNCERTAINTY AS "HORIZONAL LOCATION UNCERTAINTY", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONVERTICALUNCERTAINTY AS "VERTICAL LOCATION UNCERTAINTY", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "PLACE CREATION DATE", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONLATITUDE AS "VISIT LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONLONGITUDE AS "VISIT LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.Z_PK AS "ZRTLEARNEDLOCATIONOFINTERESTVISITMO TABLE ID" + FROM + ZRTLEARNEDLOCATIONOFINTERESTVISITMO + LEFT JOIN + ZRTLEARNEDLOCATIONOFINTERESTMO + ON ZRTLEARNEDLOCATIONOFINTERESTMO.Z_PK = ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONOFINTEREST + +[SQL Query 12,13] +QUERY= + SELECT + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "ENTRY", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "EXIT", + (ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXITDATE-ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZENTRYDATE)/60.00 AS "EXIT TIME (MINUTES)", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZCONFIDENCE AS "CONFIDENCE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "PLACE CREATION DATE", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONLATITUDE AS "VISIT LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONLONGITUDE AS "VISIT LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.Z_PK AS "ZRTLEARNEDLOCATIONOFINTERESTVISITMO TABLE ID" + FROM + ZRTLEARNEDLOCATIONOFINTERESTVISITMO + LEFT JOIN + ZRTLEARNEDLOCATIONOFINTERESTMO + ON ZRTLEARNEDLOCATIONOFINTERESTMO.Z_PK = ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONOFINTEREST + +[SQL Query 11] +QUERY= + SELECT + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZENTRYDATE + 978307200, 'UNIXEPOCH') AS "ENTRY", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXITDATE + 978307200, 'UNIXEPOCH') AS "EXIT", + (ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXITDATE-ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZENTRYDATE)/60.00 AS "EXIT TIME (MINUTES)", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "COORDINATES", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZCONFIDENCE AS "CONFIDENCE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZDATAPOINTCOUNT AS "DATA POINT COUNT", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "PLACE CREATION DATE", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION", + HEX(ZRTLEARNEDLOCATIONOFINTERESTMO.ZPLACEMAPITEMGEOMAPITEMHANDLE) AS "PLACE NAME BLOB (HEX)", + HEX(ZRTLEARNEDLOCATIONOFINTERESTMO.ZPLACEMAPITEMGEOMAPITEM) AS "PLACE GEO BLOB (HEX)", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONLATITUDE AS "VISIT LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONLONGITUDE AS "VISIT LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTVISITMO.Z_PK AS "ZRTLEARNEDLOCATIONOFINTERESTVISITMO TABLE ID" + FROM + ZRTLEARNEDLOCATIONOFINTERESTVISITMO + LEFT JOIN + ZRTLEARNEDLOCATIONOFINTERESTMO + ON ZRTLEARNEDLOCATIONOFINTERESTMO.Z_PK = ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZLOCATIONOFINTEREST \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_local_learned_location_of_interest_transition_start.txt b/src/sysdiagnose/utils/apollo_modules/routined_local_learned_location_of_interest_transition_start.txt new file mode 100644 index 0000000..87633b0 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_local_learned_location_of_interest_transition_start.txt @@ -0,0 +1,126 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Significant Locations - Location of Interest Transition Start (Historical) + +[Database Metadata] +DATABASE=Local.sqlite +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=routined_local_learned_location_of_interest_transition_start +ACTIVITY=Routined Location - Learned Location of Interest Transition Start +KEY_TIMESTAMP=START + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "START", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "STOP", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "COORDINATES", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "CREATION DATE", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.Z_PK AS "ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO TABLE ID" + FROM + ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO + LEFT JOIN + ZRTLEARNEDLOCATIONOFINTERESTMO + ON ZRTLEARNEDLOCATIONOFINTERESTMO.Z_PK = ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZLOCATIONOFINTEREST + +[SQL Query 12] +QUERY= + SELECT + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "START", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "STOP", + (ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXITDATE-ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZENTRYDATE)/60.00 AS "TRANSITION TIME (MINUTES)", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "COORDINATES", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "CREATION DATE", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.Z_PK AS "ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO TABLE ID" + FROM + ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO + LEFT JOIN + ZRTLEARNEDLOCATIONOFINTERESTMO + ON ZRTLEARNEDLOCATIONOFINTERESTMO.Z_PK = ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZLOCATIONOFINTEREST + +[SQL Query 11] +QUERY= + SELECT + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "START", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "STOP", + (ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXITDATE-ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZENTRYDATE)/60.00 AS "TRANSITION TIME (MINUTES)", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "COORDINATES", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "CREATION DATE", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION", + HEX(ZRTLEARNEDLOCATIONOFINTERESTMO.ZPLACEMAPITEMGEOMAPITEMHANDLE) AS "PLACE NAME BLOB (HEX)", + HEX(ZRTLEARNEDLOCATIONOFINTERESTMO.ZPLACEMAPITEMGEOMAPITEM) AS "PLACE GEO BLOB (HEX)", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.Z_PK AS "ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO TABLE ID" + FROM + ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO + LEFT JOIN + ZRTLEARNEDLOCATIONOFINTERESTMO + ON ZRTLEARNEDLOCATIONOFINTERESTMO.Z_PK = ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZLOCATIONOFINTEREST \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_local_learned_location_of_interest_transition_stop.txt b/src/sysdiagnose/utils/apollo_modules/routined_local_learned_location_of_interest_transition_stop.txt new file mode 100644 index 0000000..aa3a543 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_local_learned_location_of_interest_transition_stop.txt @@ -0,0 +1,126 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Significant Locations - Location of Interest Transition Stop (Historical) + +[Database Metadata] +DATABASE=Local.sqlite +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=routined_local_learned_location_of_interest_transition_stop +ACTIVITY=Routined Location - Learned Location of Interest Transition Stop +KEY_TIMESTAMP=STOP + +[SQL Query 13,14] +QUERY= + SELECT + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "START", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "STOP", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "COORDINATES", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "CREATION DATE", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.Z_PK AS "ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO TABLE ID" + FROM + ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO + LEFT JOIN + ZRTLEARNEDLOCATIONOFINTERESTMO + ON ZRTLEARNEDLOCATIONOFINTERESTMO.Z_PK = ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZLOCATIONOFINTEREST + +[SQL Query 12] +QUERY= + SELECT + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "START", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "STOP", + (ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXITDATE-ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZENTRYDATE)/60.00 AS "TRANSITION TIME (MINUTES)", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "COORDINATES", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "CREATION DATE", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.Z_PK AS "ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO TABLE ID" + FROM + ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO + LEFT JOIN + ZRTLEARNEDLOCATIONOFINTERESTMO + ON ZRTLEARNEDLOCATIONOFINTERESTMO.Z_PK = ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZLOCATIONOFINTEREST + +[SQL Query 11] +QUERY= + SELECT + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZSTARTDATE + 978307200, 'UNIXEPOCH') AS "START", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZSTOPDATE + 978307200, 'UNIXEPOCH') AS "STOP", + (ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZEXITDATE-ZRTLEARNEDLOCATIONOFINTERESTVISITMO.ZENTRYDATE)/60.00 AS "TRANSITION TIME (MINUTES)", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE || ", " || ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "COORDINATES", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZCREATIONDATE + 978307200, 'UNIXEPOCH') AS "CREATION DATE", + DATETIME(ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZEXPIRATIONDATE + 978307200, 'UNIXEPOCH') AS "EXPIRATION", + HEX(ZRTLEARNEDLOCATIONOFINTERESTMO.ZPLACEMAPITEMGEOMAPITEMHANDLE) AS "PLACE NAME BLOB (HEX)", + HEX(ZRTLEARNEDLOCATIONOFINTERESTMO.ZPLACEMAPITEMGEOMAPITEM) AS "PLACE GEO BLOB (HEX)", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLATITUDE AS "LATITUDE", + ZRTLEARNEDLOCATIONOFINTERESTMO.ZLOCATIONLONGITUDE AS "LONGITUDE", + ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.Z_PK AS "ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO TABLE ID" + FROM + ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO + LEFT JOIN + ZRTLEARNEDLOCATIONOFINTERESTMO + ON ZRTLEARNEDLOCATIONOFINTERESTMO.Z_PK = ZRTLEARNEDLOCATIONOFINTERESTTRANSITIONMO.ZLOCATIONOFINTEREST \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_local_vehicle_parked.txt b/src/sysdiagnose/utils/apollo_modules/routined_local_vehicle_parked.txt new file mode 100644 index 0000000..b465bb4 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_local_vehicle_parked.txt @@ -0,0 +1,112 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Parked Vehicle - Last Location + +[Database Metadata] +DATABASE=Local.sqlite +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=routined_local_vehicle_parked +ACTIVITY=Routined Location - Vehicle Parked +KEY_TIMESTAMP=DATE + +[SQL Query 12,13,14] +QUERY= + SELECT + DATETIME(ZRTVEHICLEEVENTMO.ZDATE + 978307200, 'UNIXEPOCH') AS "DATE", + DATETIME(ZRTVEHICLEEVENTMO.ZLOCDATE + 978307200, 'UNIXEPOCH') AS "LOCATION DATE", + ZLOCLATITUDE || ", " || ZLOCLONGITUDE AS "COORDINATES", + ZVEHICLEIDENTIFIER AS "VEHICLE IDENTIFIER", + ZLOCUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZIDENTIFIER AS "IDENTIFIER", + ZLOCATIONQUALITY AS "LOCATION QUALITY", + ZUSERSETLOCATION AS "USER SET LOCATION", + ZUSUALLOCATION AS "USUAL LOCATION", + ZNOTES AS "NOTES", + ZPHOTODATA AS "PHOTO DATA", + ZLOCLATITUDE AS "LATITUDE", + ZLOCLONGITUDE AS "LONGITUDE", + ZRTVEHICLEEVENTMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTVEHICLEEVENTMO + +[SQL Query 11] +QUERY= + SELECT + DATETIME(ZRTVEHICLEEVENTMO.ZDATE + 978307200, 'UNIXEPOCH') AS "DATE", + DATETIME(ZRTVEHICLEEVENTMO.ZLOCDATE + 978307200, 'UNIXEPOCH') AS "LOCATION DATE", + ZLOCLATITUDE || ", " || ZLOCLONGITUDE AS "COORDINATES", + ZVEHICLEIDENTIFIER AS "VEHICLE IDENTIFIER", + ZLOCUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZIDENTIFIER AS "IDENTIFIER", + ZLOCATIONQUALITY AS "LOCATION QUALITY", + ZUSERSETLOCATION AS "USER SET LOCATION", + ZUSUALLOCATION AS "USUAL LOCATION", + ZNOTES AS "NOTES", + ZGEOMAPITEM AS "GEO MAP ITEM", + ZPHOTODATA AS "PHOTO DATA", + ZLOCLATITUDE AS "LATITUDE", + ZLOCLONGITUDE AS "LONGITUDE", + ZRTVEHICLEEVENTMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTVEHICLEEVENTMO \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/routined_local_vehicle_parked_history.txt b/src/sysdiagnose/utils/apollo_modules/routined_local_vehicle_parked_history.txt new file mode 100644 index 0000000..f0ce7fe --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/routined_local_vehicle_parked_history.txt @@ -0,0 +1,85 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Parked Vehicle - Historical Locations + +[Database Metadata] +DATABASE=Local.sqlite +PLATFORM=IOS +VERSIONS=11,12,13,14 + +[Query Metadata] +QUERY_NAME=routined_local_vehicle_parked_history +ACTIVITY=Routined Location - Vehicle Park History +KEY_TIMESTAMP=DATE + +[SQL Query 11,12,13,14] +QUERY= + SELECT + DATETIME(ZRTVEHICLEEVENTHISTORYMO.ZDATE + 978307200, 'UNIXEPOCH') AS "DATE", + DATETIME(ZRTVEHICLEEVENTHISTORYMO.ZLOCDATE + 978307200, 'UNIXEPOCH') AS "LOCATION DATE", + ZLOCLATITUDE || ", " || ZLOCLONGITUDE AS "COORDINATES", + ZLOCUNCERTAINTY AS "LOCATION UNCERTAINTY", + ZIDENTIFIER AS "IDENTIFIER", + ZLOCLATITUDE AS "LATITUDE", + ZLOCLONGITUDE AS "LONGITUDE", + ZRTVEHICLEEVENTHISTORYMO.Z_PK AS "ZRTLEARNEDVISITMO TABLE ID" + FROM + ZRTVEHICLEEVENTHISTORYMO \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/safari_history.txt b/src/sysdiagnose/utils/apollo_modules/safari_history.txt new file mode 100644 index 0000000..f38b057 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/safari_history.txt @@ -0,0 +1,91 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Safari Browsing + +[Database Metadata] +DATABASE=History.db +PLATFORM=IOS,MACOS +VERSIONS=8,9,10,11,12,13,10.13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=safari_history +ACTIVITY=Safari Browsing +KEY_TIMESTAMP=VISIT TIME + +[SQL Query 8,9,10,11,12,13,10.13,10.14,10.15,10.16,14] +QUERY= + SELECT + DATETIME(HISTORY_VISITS.VISIT_TIME+978307200,'UNIXEPOCH') AS "VISIT TIME", + HISTORY_ITEMS.URL AS "URL", + HISTORY_ITEMS.VISIT_COUNT AS "VISIT COUNT", + HISTORY_VISITS.TITLE AS "TITLE", + CASE HISTORY_VISITS.ORIGIN + WHEN 1 THEN "ICLOUD SYNCED DEVICE" + WHEN 0 THEN "VISITED FROM THIS DEVICE" + ELSE HISTORY_VISITS.ORIGIN + END "ICLOUD SYNC", + HISTORY_VISITS.LOAD_SUCCESSFUL AS "LOAD SUCCESSFUL", + HISTORY_VISITS.id AS "VISIT ID", + HISTORY_VISITS.REDIRECT_SOURCE AS "REDIRECT SOURCE", + HISTORY_VISITS.REDIRECT_DESTINATION AS "REDIRECT DESTINATION", + HISTORY_VISITS.ID AS "HISTORY ITEM ID" + FROM HISTORY_ITEMS + LEFT OUTER JOIN HISTORY_VISITS ON HISTORY_ITEMS.ID == HISTORY_VISITS.HISTORY_ITEM \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/screentime_by_category.txt b/src/sysdiagnose/utils/apollo_modules/screentime_by_category.txt new file mode 100644 index 0000000..7c30575 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/screentime_by_category.txt @@ -0,0 +1,153 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Screen Time - Category (By Hour) + +[Database Metadata] +DATABASE=RMAdminStore-Local.sqlite,RMAdminStore-Cloud.sqlite +PLATFORM=IOS,MACOS +VERSIONS=12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=screentime_by_category +ACTIVITY=Screen Time - Category (By Hour) +KEY_TIMESTAMP=HOUR + +[SQL Query 13,10.15,10.16,14] +QUERY= + SELECT + DISTINCT + DATETIME(ZUSAGEBLOCK.ZSTARTDATE+978307200,'UNIXEPOCH') AS 'HOUR', + CASE ZUSAGECATEGORY.ZIDENTIFIER + WHEN 'DH0011' THEN 'Unspecified1' + WHEN 'DH0012' THEN 'Unspecified2' + WHEN 'DH0013' THEN 'Unspecified3' + WHEN 'DH1001' THEN 'Games' + WHEN 'DH1002' THEN 'Social Networking' + WHEN 'DH1003' THEN 'Entertainment' + WHEN 'DH1004' THEN 'Creativity' + WHEN 'DH1005' THEN 'Productivity' + WHEN 'DH1006' THEN 'Education' + WHEN 'DH1007' THEN 'Reading & Reference' + WHEN 'DH1008' THEN 'Health & Fitness' + WHEN 'DH1009' THEN 'Other' + ELSE ZUSAGECATEGORY.ZIDENTIFIER + END AS 'CATEGORY ID', + ZUSAGECATEGORY.ZTOTALTIMEINSECONDS AS 'CATEGORY TOTAL TIME (SECONDS)', + ZUSAGECATEGORY.ZTOTALTIMEINSECONDS/60.00 AS 'CATEGORY TOTAL TIME (MINUTES)', + ZCOREDEVICE.ZNAME AS 'NAME', + ZCOREDEVICE.ZIDENTIFIER AS 'DEVICE ID', + ZCOREDEVICE.ZLOCALUSERDEVICESTATE AS 'LOCAL USER DEVICE STATE', + CASE ZCOREDEVICE.ZPLATFORM + WHEN 0 THEN 'Unknown' + WHEN 1 THEN 'macOS' + WHEN 2 THEN 'iOS' + WHEN 4 THEN 'Apple Watch' + ELSE ZPLATFORM + END AS PLATFORM, + ZCOREUSER.ZGIVENNAME AS 'GIVEN NAME', + ZCOREUSER.ZFAMILYNAME AS 'FAMILY NAME', + ZCOREUSER.ZFAMILYMEMBERTYPE AS 'FAMILY MEMBER TYPE', + ZCOREUSER.ZAPPLEID AS 'APPLE ID', + ZCOREUSER.ZDSID AS 'DSID', + ZCOREUSER.ZALTDSID AS 'ALT DSID' + FROM ZUSAGETIMEDITEM + LEFT JOIN ZUSAGECATEGORY ON ZUSAGECATEGORY.Z_PK == ZUSAGETIMEDITEM.ZCATEGORY + LEFT JOIN ZUSAGEBLOCK ON ZUSAGECATEGORY.ZBLOCK == ZUSAGEBLOCK.Z_PK + LEFT JOIN ZUSAGE ON ZUSAGEBLOCK.ZUSAGE == ZUSAGE.Z_PK + LEFT JOIN ZCOREUSER ON ZUSAGE.ZUSER == ZCOREUSER.Z_PK + LEFT JOIN ZCOREDEVICE ON ZUSAGE.ZDEVICE == ZCOREDEVICE.Z_PK + +[SQL Query 12] +QUERY= + SELECT + DISTINCT + DATETIME(ZUSAGEBLOCK.ZSTARTDATE+978307200,'UNIXEPOCH') AS 'HOUR', + CASE ZUSAGECATEGORY.ZIDENTIFIER + WHEN 'DH0011' THEN 'Unspecified1' + WHEN 'DH0012' THEN 'Unspecified2' + WHEN 'DH0013' THEN 'Unspecified3' + WHEN 'DH1001' THEN 'Games' + WHEN 'DH1002' THEN 'Social Networking' + WHEN 'DH1003' THEN 'Entertainment' + WHEN 'DH1004' THEN 'Creativity' + WHEN 'DH1005' THEN 'Productivity' + WHEN 'DH1006' THEN 'Education' + WHEN 'DH1007' THEN 'Reading & Reference' + WHEN 'DH1008' THEN 'Health & Fitness' + WHEN 'DH1009' THEN 'Other' + ELSE ZUSAGECATEGORY.ZIDENTIFIER + END AS 'CATEGORY ID', + ZUSAGECATEGORY.ZTOTALTIMEINSECONDS AS 'CATEGORY TOTAL TIME (SECONDS)', + ZUSAGECATEGORY.ZTOTALTIMEINSECONDS/60.00 AS 'CATEGORY TOTAL TIME (MINUTES)', + ZCOREDEVICE.ZNAME AS 'NAME', + ZCOREDEVICE.ZIDENTIFIER AS 'DEVICE ID', + ZCOREDEVICE.ZLOCALUSERDEVICESTATE AS 'LOCAL USER DEVICE STATE', + ZCOREUSER.ZGIVENNAME AS 'GIVEN NAME', + ZCOREUSER.ZFAMILYNAME AS 'FAMILY NAME', + ZCOREUSER.ZFAMILYMEMBERTYPE AS 'FAMILY MEMBER TYPE', + ZCOREUSER.ZAPPLEID AS 'APPLE ID', + ZCOREUSER.ZDSID AS 'DSID' + FROM ZUSAGETIMEDITEM + LEFT JOIN ZUSAGECATEGORY ON ZUSAGECATEGORY.Z_PK == ZUSAGETIMEDITEM.ZCATEGORY + LEFT JOIN ZUSAGEBLOCK ON ZUSAGECATEGORY.ZBLOCK == ZUSAGEBLOCK.Z_PK + LEFT JOIN ZUSAGE ON ZUSAGEBLOCK.ZUSAGE == ZUSAGE.Z_PK + LEFT JOIN ZCOREUSER ON ZUSAGE.ZUSER == ZCOREUSER.Z_PK + LEFT JOIN ZCOREDEVICE ON ZUSAGE.ZDEVICE == ZCOREDEVICE.Z_PK diff --git a/src/sysdiagnose/utils/apollo_modules/screentime_by_hour.txt b/src/sysdiagnose/utils/apollo_modules/screentime_by_hour.txt new file mode 100644 index 0000000..b8d25f4 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/screentime_by_hour.txt @@ -0,0 +1,134 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Screen Time - Generic (By Hour) + +[Database Metadata] +DATABASE=RMAdminStore-Local.sqlite,RMAdminStore-Cloud.sqlite +PLATFORM=IOS,MACOS +VERSIONS=12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=screentime_by_hour +ACTIVITY=Screen Time - Generic (By Hour) +KEY_TIMESTAMP=HOUR + +[SQL Query 13,10.15,10.16,14] +QUERY= + SELECT + DISTINCT + DATETIME(ZUSAGEBLOCK.ZSTARTDATE+978307200,'UNIXEPOCH') AS 'HOUR', + ZUSAGEBLOCK.ZSCREENTIMEINSECONDS AS 'SCREENTIME (SECONDS)', + ZUSAGEBLOCK.ZSCREENTIMEINSECONDS/60.00 AS 'SCREENTIME (MINUTES)', + ZCOREUSER.ZGIVENNAME AS 'GIVEN NAME', + ZCOREUSER.ZFAMILYNAME AS 'FAMILY NAME', + ZCOREDEVICE.ZNAME AS 'NAME', + CASE ZCOREDEVICE.ZPLATFORM + WHEN 0 THEN 'Unknown' + WHEN 1 THEN 'macOS' + WHEN 2 THEN 'iOS' + WHEN 4 THEN 'Apple Watch' + ELSE ZPLATFORM + END AS PLATFORM, + ZCOREDEVICE.ZIDENTIFIER AS 'DEVICE ID', + ZCOREDEVICE.ZLOCALUSERDEVICESTATE AS 'LOCAL USER DEVICE STATE', + DATETIME(ZUSAGEBLOCK.ZLONGESTSESSIONSTARTDATE+978307200,'UNIXEPOCH') AS 'LONGEST SESSION START', + DATETIME(ZUSAGEBLOCK.ZLONGESTSESSIONENDDATE+978307200,'UNIXEPOCH') AS 'LONGEST SESSION END', + DATETIME(ZUSAGEBLOCK.ZLASTEVENTDATE+978307200,'UNIXEPOCH') AS 'LAST EVENT DATE', + (ZLONGESTSESSIONENDDATE-ZLONGESTSESSIONSTARTDATE) AS 'LONGEST SESSION TIME (SECONDS)', + (ZLONGESTSESSIONENDDATE-ZLONGESTSESSIONSTARTDATE)/60.00 AS 'LONGEST SESSION TIME (MINUTES)', + ZCOREUSER.ZFAMILYMEMBERTYPE AS 'FAMILY MEMBER TYPE', + ZCOREUSER.ZAPPLEID AS 'APPLE ID', + ZCOREUSER.ZDSID AS 'DSID', + ZCOREUSER.ZALTDSID AS 'ALT DSID' + FROM ZUSAGETIMEDITEM + LEFT JOIN ZUSAGECATEGORY ON ZUSAGECATEGORY.Z_PK == ZUSAGETIMEDITEM.ZCATEGORY + LEFT JOIN ZUSAGEBLOCK ON ZUSAGECATEGORY.ZBLOCK == ZUSAGEBLOCK.Z_PK + LEFT JOIN ZUSAGE ON ZUSAGEBLOCK.ZUSAGE == ZUSAGE.Z_PK + LEFT JOIN ZCOREUSER ON ZUSAGE.ZUSER == ZCOREUSER.Z_PK + LEFT JOIN ZCOREDEVICE ON ZUSAGE.ZDEVICE == ZCOREDEVICE.Z_PK + +[SQL Query 12] +QUERY= + SELECT + DISTINCT + DATETIME(ZUSAGEBLOCK.ZSTARTDATE+978307200,'UNIXEPOCH') AS 'HOUR', + ZUSAGEBLOCK.ZSCREENTIMEINSECONDS AS 'SCREENTIME (SECONDS)', + ZUSAGEBLOCK.ZSCREENTIMEINSECONDS/60.00 AS 'SCREENTIME (MINUTES)', + ZCOREUSER.ZGIVENNAME AS 'GIVEN NAME', + ZCOREUSER.ZFAMILYNAME AS 'FAMILY NAME', + ZCOREDEVICE.ZNAME AS 'NAME', + ZCOREDEVICE.ZIDENTIFIER AS 'DEVICE ID', + ZCOREDEVICE.ZLOCALUSERDEVICESTATE AS 'LOCAL USER DEVICE STATE', + DATETIME(ZUSAGEBLOCK.ZLONGESTSESSIONSTARTDATE+978307200,'UNIXEPOCH') AS 'LONGEST SESSION START', + DATETIME(ZUSAGEBLOCK.ZLONGESTSESSIONENDDATE+978307200,'UNIXEPOCH') AS 'LONGEST SESSION END', + DATETIME(ZUSAGEBLOCK.ZLASTEVENTDATE+978307200,'UNIXEPOCH') AS 'LAST EVENT DATE', + (ZLONGESTSESSIONENDDATE-ZLONGESTSESSIONSTARTDATE) AS 'LONGEST SESSION TIME (SECONDS)', + (ZLONGESTSESSIONENDDATE-ZLONGESTSESSIONSTARTDATE)/60.00 AS 'LONGEST SESSION TIME (MINUTES)', + ZCOREUSER.ZFAMILYMEMBERTYPE AS 'FAMILY MEMBER TYPE', + ZCOREUSER.ZAPPLEID AS 'APPLE ID', + ZCOREUSER.ZDSID AS 'DSID' + FROM ZUSAGETIMEDITEM + LEFT JOIN ZUSAGECATEGORY ON ZUSAGECATEGORY.Z_PK == ZUSAGETIMEDITEM.ZCATEGORY + LEFT JOIN ZUSAGEBLOCK ON ZUSAGECATEGORY.ZBLOCK == ZUSAGEBLOCK.Z_PK + LEFT JOIN ZUSAGE ON ZUSAGEBLOCK.ZUSAGE == ZUSAGE.Z_PK + LEFT JOIN ZCOREUSER ON ZUSAGE.ZUSER == ZCOREUSER.Z_PK + LEFT JOIN ZCOREDEVICE ON ZUSAGE.ZDEVICE == ZCOREDEVICE.Z_PK + diff --git a/src/sysdiagnose/utils/apollo_modules/screentime_counted_items.txt b/src/sysdiagnose/utils/apollo_modules/screentime_counted_items.txt new file mode 100644 index 0000000..5c21d26 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/screentime_counted_items.txt @@ -0,0 +1,127 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Screen Time - Counted Items - This includes notifications and pickups. + +[Database Metadata] +DATABASE=RMAdminStore-Local.sqlite,RMAdminStore-Cloud.sqlite +PLATFORM=IOS,MACOS +VERSIONS=12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=screentime_counted_items +ACTIVITY=Screen Time - Counted Item +KEY_TIMESTAMP=HOUR + +[SQL Query 13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZUSAGEBLOCK.ZSTARTDATE+978307200,'UNIXEPOCH') AS 'HOUR', + ZUSAGECOUNTEDITEM.ZBUNDLEIDENTIFIER AS 'BUNDLE ID', + ZUSAGECOUNTEDITEM.ZNUMBEROFNOTIFICATIONS AS 'NUMBER OF NOTIFICATIONS', + ZUSAGECOUNTEDITEM.ZNUMBEROFPICKUPS AS 'NUMBER OF PICKUPS', + DATETIME(ZUSAGEBLOCK.ZFIRSTPICKUPDATE+978307200,'UNIXEPOCH') AS 'FIRST PICKUP', + ZUSAGEBLOCK.ZNUMBEROFPICKUPSWITHOUTAPPLICATIONUSAGE AS 'NUMBER OF PICKUPS W/O APP USAGE', + ZCOREDEVICE.ZNAME AS 'NAME', + ZCOREDEVICE.ZIDENTIFIER AS 'DEVICE ID', + ZCOREDEVICE.ZLOCALUSERDEVICESTATE AS 'LOCAL USER DEVICE STATE', + CASE ZCOREDEVICE.ZPLATFORM + WHEN 0 THEN 'Unknown' + WHEN 1 THEN 'macOS' + WHEN 2 THEN 'iOS' + WHEN 4 THEN 'Apple Watch' + ELSE ZPLATFORM + END AS PLATFORM, + ZCOREUSER.ZGIVENNAME AS 'GIVEN NAME', + ZCOREUSER.ZFAMILYNAME AS 'FAMILY NAME', + ZCOREUSER.ZFAMILYMEMBERTYPE AS 'FAMILY MEMBER TYPE', + ZCOREUSER.ZAPPLEID AS 'APPLE ID', + ZCOREUSER.ZDSID AS 'DSID', + ZCOREUSER.ZALTDSID AS 'ALT DSID', + ZUSAGECOUNTEDITEM.Z_PK AS "ZUSAGECOUNTEDITEM TABLE ID" + FROM ZUSAGECOUNTEDITEM + LEFT JOIN ZUSAGEBLOCK ON ZUSAGECOUNTEDITEM.ZBLOCK == ZUSAGEBLOCK.Z_PK + LEFT JOIN ZUSAGE ON ZUSAGEBLOCK.ZUSAGE == ZUSAGE.Z_PK + LEFT JOIN ZCOREUSER ON ZUSAGE.ZUSER == ZCOREUSER.Z_PK + LEFT JOIN ZCOREDEVICE ON ZUSAGE.ZDEVICE == ZCOREDEVICE.Z_PK + +[SQL Query 12] +QUERY= + SELECT + DATETIME(ZUSAGEBLOCK.ZSTARTDATE+978307200,'UNIXEPOCH') AS 'HOUR', + ZUSAGECOUNTEDITEM.ZBUNDLEIDENTIFIER AS 'BUNDLE ID', + ZUSAGECOUNTEDITEM.ZNUMBEROFNOTIFICATIONS AS 'NUMBER OF NOTIFICATIONS', + ZUSAGECOUNTEDITEM.ZNUMBEROFPICKUPS AS 'NUMBER OF PICKUPS', + DATETIME(ZUSAGEBLOCK.ZFIRSTPICKUPDATE+978307200,'UNIXEPOCH') AS 'FIRST PICKUP', + ZUSAGEBLOCK.ZNUMBEROFPICKUPSWITHOUTAPPLICATIONUSAGE AS 'NUMBER OF PICKUPS W/O APP USAGE', + ZCOREDEVICE.ZNAME AS 'NAME', + ZCOREDEVICE.ZIDENTIFIER AS 'DEVICE ID', + ZCOREDEVICE.ZLOCALUSERDEVICESTATE AS 'LOCAL USER DEVICE STATE', + ZCOREUSER.ZGIVENNAME AS 'GIVEN NAME', + ZCOREUSER.ZFAMILYNAME AS 'FAMILY NAME', + ZCOREUSER.ZFAMILYMEMBERTYPE AS 'FAMILY MEMBER TYPE', + ZCOREUSER.ZAPPLEID AS 'APPLE ID', + ZCOREUSER.ZDSID AS 'DSID', + ZUSAGECOUNTEDITEM.Z_PK AS "ZUSAGECOUNTEDITEM TABLE ID" + FROM ZUSAGECOUNTEDITEM + LEFT JOIN ZUSAGEBLOCK ON ZUSAGECOUNTEDITEM.ZBLOCK == ZUSAGEBLOCK.Z_PK + LEFT JOIN ZUSAGE ON ZUSAGEBLOCK.ZUSAGE == ZUSAGE.Z_PK + LEFT JOIN ZCOREUSER ON ZUSAGE.ZUSER == ZCOREUSER.Z_PK + LEFT JOIN ZCOREDEVICE ON ZUSAGE.ZDEVICE == ZCOREDEVICE.Z_PK diff --git a/src/sysdiagnose/utils/apollo_modules/screentime_timed_items.txt b/src/sysdiagnose/utils/apollo_modules/screentime_timed_items.txt new file mode 100644 index 0000000..86439cc --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/screentime_timed_items.txt @@ -0,0 +1,159 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Screen Time - App (By Hour) + +[Database Metadata] +DATABASE=RMAdminStore-Local.sqlite,RMAdminStore-Cloud.sqlite +PLATFORM=IOS,MACOS +VERSIONS=12,13,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=screentime_timed_items +ACTIVITY=Screen Time - App (By Hour) +KEY_TIMESTAMP=HOUR + +[SQL Query 13,10.15,10.16,14] +QUERY= + SELECT + DATETIME(ZUSAGEBLOCK.ZSTARTDATE+978307200,'UNIXEPOCH') AS 'HOUR', + ZUSAGETIMEDITEM.ZBUNDLEIDENTIFIER AS 'BUNDLE ID', + ZUSAGETIMEDITEM.ZDOMAIN AS 'DOMAIN', + CASE ZUSAGECATEGORY.ZIDENTIFIER + WHEN 'DH0011' THEN 'Unspecified1' + WHEN 'DH0012' THEN 'Unspecified2' + WHEN 'DH0013' THEN 'Unspecified3' + WHEN 'DH1001' THEN 'Games' + WHEN 'DH1002' THEN 'Social Networking' + WHEN 'DH1003' THEN 'Entertainment' + WHEN 'DH1004' THEN 'Creativity' + WHEN 'DH1005' THEN 'Productivity' + WHEN 'DH1006' THEN 'Education' + WHEN 'DH1007' THEN 'Reading & Reference' + WHEN 'DH1008' THEN 'Health & Fitness' + WHEN 'DH1009' THEN 'Other' + ELSE ZUSAGECATEGORY.ZIDENTIFIER + END AS 'CATEGORY ID', + ZUSAGETIMEDITEM.ZTOTALTIMEINSECONDS AS 'APP USAGE TIME ITEM (SECONDS)', + ZUSAGETIMEDITEM.ZTOTALTIMEINSECONDS/60.00 AS 'APP USAGE TIME ITEM (MINUTES)', + ZUSAGEBLOCK.ZNUMBEROFPICKUPSWITHOUTAPPLICATIONUSAGE AS 'NUMBER OF PICKUPS W/O APP USAGE', + ZCOREDEVICE.ZNAME AS 'NAME', + ZCOREDEVICE.ZIDENTIFIER AS 'DEVICE ID', + ZCOREDEVICE.ZLOCALUSERDEVICESTATE AS 'LOCAL USER DEVICE STATE', + CASE ZCOREDEVICE.ZPLATFORM + WHEN 0 THEN 'Unknown' + WHEN 1 THEN 'macOS' + WHEN 2 THEN 'iOS' + WHEN 4 THEN 'Apple Watch' + ELSE ZPLATFORM + END AS PLATFORM, + ZCOREUSER.ZGIVENNAME AS 'GIVEN NAME', + ZCOREUSER.ZFAMILYNAME AS 'FAMILY NAME', + ZCOREUSER.ZFAMILYMEMBERTYPE AS 'FAMILY MEMBER TYPE', + ZCOREUSER.ZAPPLEID AS 'APPLE ID', + ZCOREUSER.ZDSID AS 'DSID', + ZCOREUSER.ZALTDSID AS 'ALT DSID', + ZUSAGETIMEDITEM.Z_PK AS 'ZUSAGETIMEDITEM TABLE ID' + FROM ZUSAGETIMEDITEM + LEFT JOIN ZUSAGECATEGORY ON ZUSAGECATEGORY.Z_PK == ZUSAGETIMEDITEM.ZCATEGORY + LEFT JOIN ZUSAGEBLOCK ON ZUSAGECATEGORY.ZBLOCK == ZUSAGEBLOCK.Z_PK + LEFT JOIN ZUSAGE ON ZUSAGEBLOCK.ZUSAGE == ZUSAGE.Z_PK + LEFT JOIN ZCOREUSER ON ZUSAGE.ZUSER == ZCOREUSER.Z_PK + LEFT JOIN ZCOREDEVICE ON ZUSAGE.ZDEVICE == ZCOREDEVICE.Z_PK + +[SQL Query 12] +QUERY= + SELECT + DATETIME(ZUSAGEBLOCK.ZSTARTDATE+978307200,'UNIXEPOCH') AS 'HOUR', + ZUSAGETIMEDITEM.ZBUNDLEIDENTIFIER AS 'BUNDLE ID', + ZUSAGETIMEDITEM.ZDOMAIN AS 'DOMAIN', + CASE ZUSAGECATEGORY.ZIDENTIFIER + WHEN 'DH0011' THEN 'Unspecified1' + WHEN 'DH0012' THEN 'Unspecified2' + WHEN 'DH0013' THEN 'Unspecified3' + WHEN 'DH1001' THEN 'Games' + WHEN 'DH1002' THEN 'Social Networking' + WHEN 'DH1003' THEN 'Entertainment' + WHEN 'DH1004' THEN 'Creativity' + WHEN 'DH1005' THEN 'Productivity' + WHEN 'DH1006' THEN 'Education' + WHEN 'DH1007' THEN 'Reading & Reference' + WHEN 'DH1008' THEN 'Health & Fitness' + WHEN 'DH1009' THEN 'Other' + ELSE ZUSAGECATEGORY.ZIDENTIFIER + END AS 'CATEGORY ID', + ZUSAGETIMEDITEM.ZTOTALTIMEINSECONDS AS 'APP USAGE TIME ITEM (SECONDS)', + ZUSAGETIMEDITEM.ZTOTALTIMEINSECONDS/60.00 AS 'APP USAGE TIME ITEM (MINUTES)', + ZUSAGEBLOCK.ZNUMBEROFPICKUPSWITHOUTAPPLICATIONUSAGE AS 'NUMBER OF PICKUPS W/O APP USAGE', + ZCOREDEVICE.ZNAME AS 'NAME', + ZCOREDEVICE.ZIDENTIFIER AS 'DEVICE ID', + ZCOREDEVICE.ZLOCALUSERDEVICESTATE AS 'LOCAL USER DEVICE STATE', + ZCOREUSER.ZGIVENNAME AS 'GIVEN NAME', + ZCOREUSER.ZFAMILYNAME AS 'FAMILY NAME', + ZCOREUSER.ZFAMILYMEMBERTYPE AS 'FAMILY MEMBER TYPE', + ZCOREUSER.ZAPPLEID AS 'APPLE ID', + ZCOREUSER.ZDSID AS 'DSID', + ZUSAGETIMEDITEM.Z_PK AS 'ZUSAGETIMEDITEM TABLE ID' + FROM ZUSAGETIMEDITEM + LEFT JOIN ZUSAGECATEGORY ON ZUSAGECATEGORY.Z_PK == ZUSAGETIMEDITEM.ZCATEGORY + LEFT JOIN ZUSAGEBLOCK ON ZUSAGECATEGORY.ZBLOCK == ZUSAGEBLOCK.Z_PK + LEFT JOIN ZUSAGE ON ZUSAGEBLOCK.ZUSAGE == ZUSAGE.Z_PK + LEFT JOIN ZCOREUSER ON ZUSAGE.ZUSER == ZCOREUSER.Z_PK + LEFT JOIN ZCOREDEVICE ON ZUSAGE.ZDEVICE == ZCOREDEVICE.Z_PK diff --git a/src/sysdiagnose/utils/apollo_modules/sms_chat.txt b/src/sysdiagnose/utils/apollo_modules/sms_chat.txt new file mode 100644 index 0000000..f7f6f9f --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/sms_chat.txt @@ -0,0 +1,104 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=SMS and Chat Messages + +[Database Metadata] +DATABASE=sms.db,chat.db +PLATFORM=IOS,MACOS +VERSIONS=8,9,10,11,12,13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=sms_chat +ACTIVITY=SMS Chat +KEY_TIMESTAMP=MESSAGE DATE + +[SQL Query 8,9,10,11,12,13,10.14,10.15,10.16,14] +QUERY= + SELECT + CASE + WHEN LENGTH(MESSAGE.DATE)=18 THEN DATETIME(MESSAGE.DATE/1000000000+978307200,'UNIXEPOCH') + WHEN LENGTH(MESSAGE.DATE)=9 THEN DATETIME(MESSAGE.DATE + 978307200,'UNIXEPOCH') + ELSE "N/A" + END "MESSAGE DATE", + CASE + WHEN LENGTH(MESSAGE.DATE_DELIVERED)=18 THEN DATETIME(MESSAGE.DATE_DELIVERED/1000000000+978307200,"UNIXEPOCH") + WHEN LENGTH(MESSAGE.DATE_DELIVERED)=9 THEN DATETIME(MESSAGE.DATE_DELIVERED+978307200,"UNIXEPOCH") + ELSE "N/A" + END "DATE DELIVERED", + CASE + WHEN LENGTH(MESSAGE.DATE_READ)=18 THEN DATETIME(MESSAGE.DATE_READ/1000000000+978307200,"UNIXEPOCH") + WHEN LENGTH(MESSAGE.DATE_READ)=9 THEN DATETIME(MESSAGE.DATE_READ+978307200,"UNIXEPOCH") + ELSE "N/A" + END "DATE READ", + MESSAGE.TEXT AS "MESSAGE", + HANDLE.ID AS "CONTACT ID", + MESSAGE.SERVICE AS "SERVICE", + MESSAGE.ACCOUNT AS "ACCOUNT", + MESSAGE.IS_DELIVERED AS "IS DELIVERED", + MESSAGE.IS_FROM_ME AS "IS FROM ME", + ATTACHMENT.FILENAME AS "FILENAME", + ATTACHMENT.MIME_TYPE AS "MIME TYPE", + ATTACHMENT.TRANSFER_NAME AS "TRANSFER TYPE", + ATTACHMENT.TOTAL_BYTES AS "TOTAL BYTES" + FROM MESSAGE + LEFT OUTER JOIN MESSAGE_ATTACHMENT_JOIN ON MESSAGE.ROWID = MESSAGE_ATTACHMENT_JOIN.MESSAGE_ID + LEFT OUTER JOIN ATTACHMENT ON MESSAGE_ATTACHMENT_JOIN.ATTACHMENT_ID = ATTACHMENT.ROWID + LEFT OUTER JOIN HANDLE ON MESSAGE.HANDLE_ID = HANDLE.ROWID \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/sms_chat_message_delivered.txt b/src/sysdiagnose/utils/apollo_modules/sms_chat_message_delivered.txt new file mode 100644 index 0000000..7a52d86 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/sms_chat_message_delivered.txt @@ -0,0 +1,105 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=SMS and Chat Messages, when the message wAS delivered. + +[Database Metadata] +DATABASE=sms.db,chat.db +PLATFORM=IOS,MACOS +VERSIONS=8,9,10,11,12,13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=sms_chat +ACTIVITY=SMS Chat - Message Delivered +KEY_TIMESTAMP=DATE DELIVERED + +[SQL Query 8,9,10,11,12,13,10.14,10.15,10.16,14] +QUERY= + SELECT + CASE + WHEN LENGTH(MESSAGE.DATE)=18 THEN DATETIME(MESSAGE.DATE/1000000000+978307200,'UNIXEPOCH') + WHEN LENGTH(MESSAGE.DATE)=9 THEN DATETIME(MESSAGE.DATE + 978307200,'UNIXEPOCH') + ELSE "N/A" + END "MESSAGE DATE", + CASE + WHEN LENGTH(MESSAGE.DATE_DELIVERED)=18 THEN DATETIME(MESSAGE.DATE_DELIVERED/1000000000+978307200,"UNIXEPOCH") + WHEN LENGTH(MESSAGE.DATE_DELIVERED)=9 THEN DATETIME(MESSAGE.DATE_DELIVERED+978307200,"UNIXEPOCH") + ELSE "N/A" + END "DATE DELIVERED", + CASE + WHEN LENGTH(MESSAGE.DATE_READ)=18 THEN DATETIME(MESSAGE.DATE_READ/1000000000+978307200,"UNIXEPOCH") + WHEN LENGTH(MESSAGE.DATE_READ)=9 THEN DATETIME(MESSAGE.DATE_READ+978307200,"UNIXEPOCH") + ELSE "N/A" + END "DATE READ", + MESSAGE.TEXT AS "MESSAGE", + HANDLE.ID AS "CONTACT ID", + MESSAGE.SERVICE AS "SERVICE", + MESSAGE.ACCOUNT AS "ACCOUNT", + MESSAGE.IS_DELIVERED AS "IS DELIVERED", + MESSAGE.IS_FROM_ME AS "IS FROM ME", + ATTACHMENT.FILENAME AS "FILENAME", + ATTACHMENT.MIME_TYPE AS "MIME TYPE", + ATTACHMENT.TRANSFER_NAME AS "TRANSFER TYPE", + ATTACHMENT.TOTAL_BYTES AS "TOTAL BYTES" + FROM MESSAGE + LEFT OUTER JOIN MESSAGE_ATTACHMENT_JOIN ON MESSAGE.ROWID = MESSAGE_ATTACHMENT_JOIN.MESSAGE_ID + LEFT OUTER JOIN ATTACHMENT ON MESSAGE_ATTACHMENT_JOIN.ATTACHMENT_ID = ATTACHMENT.ROWID + LEFT OUTER JOIN HANDLE ON MESSAGE.HANDLE_ID = HANDLE.ROWID + WHERE "DATE DELIVERED" IS NOT "N/A" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/sms_chat_message_read.txt b/src/sysdiagnose/utils/apollo_modules/sms_chat_message_read.txt new file mode 100644 index 0000000..47d5c21 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/sms_chat_message_read.txt @@ -0,0 +1,105 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=SMS and Chat Messages, when the message wAS read. + +[Database Metadata] +DATABASE=sms.db +PLATFORM=IOS,MACOS +VERSIONS=8,9,10,11,12,13,10.14,10.15,10.16,14 + +[Query Metadata] +QUERY_NAME=sms_chat +ACTIVITY=SMS Chat - Message Read +KEY_TIMESTAMP=DATE READ + +[SQL Query 8,9,10,11,12,13,10.14,10.15,10.16,14] +QUERY= + SELECT + CASE + WHEN LENGTH(MESSAGE.DATE)=18 THEN DATETIME(MESSAGE.DATE/1000000000+978307200,'UNIXEPOCH') + WHEN LENGTH(MESSAGE.DATE)=9 THEN DATETIME(MESSAGE.DATE + 978307200,'UNIXEPOCH') + ELSE "N/A" + END "MESSAGE DATE", + CASE + WHEN LENGTH(MESSAGE.DATE_DELIVERED)=18 THEN DATETIME(MESSAGE.DATE_DELIVERED/1000000000+978307200,"UNIXEPOCH") + WHEN LENGTH(MESSAGE.DATE_DELIVERED)=9 THEN DATETIME(MESSAGE.DATE_DELIVERED+978307200,"UNIXEPOCH") + ELSE "N/A" + END "DATE DELIVERED", + CASE + WHEN LENGTH(MESSAGE.DATE_READ)=18 THEN DATETIME(MESSAGE.DATE_READ/1000000000+978307200,"UNIXEPOCH") + WHEN LENGTH(MESSAGE.DATE_READ)=9 THEN DATETIME(MESSAGE.DATE_READ+978307200,"UNIXEPOCH") + ELSE "N/A" + END "DATE READ", + MESSAGE.TEXT AS "MESSAGE", + HANDLE.ID AS "CONTACT ID", + MESSAGE.SERVICE AS "SERVICE", + MESSAGE.ACCOUNT AS "ACCOUNT", + MESSAGE.IS_DELIVERED AS "IS DELIVERED", + MESSAGE.IS_FROM_ME AS "IS FROM ME", + ATTACHMENT.FILENAME AS "FILENAME", + ATTACHMENT.MIME_TYPE AS "MIME TYPE", + ATTACHMENT.TRANSFER_NAME AS "TRANSFER TYPE", + ATTACHMENT.TOTAL_BYTES AS "TOTAL BYTES" + FROM MESSAGE + LEFT OUTER JOIN MESSAGE_ATTACHMENT_JOIN ON MESSAGE.ROWID = MESSAGE_ATTACHMENT_JOIN.MESSAGE_ID + LEFT OUTER JOIN ATTACHMENT ON MESSAGE_ATTACHMENT_JOIN.ATTACHMENT_ID = ATTACHMENT.ROWID + LEFT OUTER JOIN HANDLE ON MESSAGE.HANDLE_ID = HANDLE.ROWID + WHERE "DATE READ" IS NOT "N/A" \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_exec_measurements_v2.txt b/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_exec_measurements_v2.txt new file mode 100644 index 0000000..a19864a --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_exec_measurements_v2.txt @@ -0,0 +1,93 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=System Policy Configuration - ExecPolicy - Executable Measurements + +[Database Metadata] +DATABASE=ExecPolicy +PLATFORM=MACOS +VERSIONS=10.15,10.16 + +[Query Metadata] +QUERY_NAME=systempolicyconfig_execpolicy_exec_measurements_v2 +ACTIVITY=System Policy Configuration - Exec Measurements +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10.14,10.15,10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP,'UNIXEPOCH') AS 'TIMESTAMP', + DATETIME(REPORTED_TIMESTAMP,'UNIXEPOCH') AS 'REPORTED TIMESTAMP', + FILE_IDENTIFIER AS 'FILE IDENTIFIER', + BUNDLE_IDENTIFIER AS 'BUNDLE ID', + IS_SIGNED AS 'IS SIGNED', + BUNDLE_VERSION AS 'BUNDLE VERSION', + TEAM_IDENTIFIER AS 'TEAM IDENTIFIER', + SIGNING_IDENTIFIER AS 'SIGNING IDENTIFIER', + CDHASH AS 'CDHASH', + MAIN_EXECUTABLE_HASH AS 'MAIN EXECUTABLE HASH', + DATETIME(EXECUTABLE_TIMESTAMP,'UNIXEPOCH') AS 'EXECUTABLE TIMESTAMP', + FILE_SIZE AS 'FILE SIZE', + IS_LIBRARY AS 'IS LIBRARY', + IS_USED AS 'IS USED', + RESPONSIBLE_FILE_IDENTIFIER AS 'RESPONSIBLE FILE IDENTIFIER', + IS_VALID AS 'IS VALID', + IS_QUARANTINED AS 'IS QUARANTINED' + FROM EXECUTABLE_MEASUREMENTS_V2 \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_policy_old_platform_cache.txt b/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_policy_old_platform_cache.txt new file mode 100644 index 0000000..f84d922 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_policy_old_platform_cache.txt @@ -0,0 +1,78 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=System Policy Configuration - ExecPolicy - Old Platform Cache + +[Database Metadata] +DATABASE=ExecPolicy +PLATFORM=MACOS +VERSIONS=10.14,10.15,10.16 + +[Query Metadata] +QUERY_NAME=systempolicyconfig_execpolicy_policy_old_platform_cache +ACTIVITY=System Policy Configuration - Old Platform Cache +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10.14,10.15,10.16] +QUERY= + SELECT + DATETIME(TS,'UNIXEPOCH') AS 'TIMESTAMP', + KEY + FROM OLD_PLATFORM_CACHE \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_policy_scan_cache.txt b/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_policy_scan_cache.txt new file mode 100644 index 0000000..983bfbc --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_policy_scan_cache.txt @@ -0,0 +1,89 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=System Policy Configuration - ExecPolicy - Policy Scan Cache + +[Database Metadata] +DATABASE=ExecPolicy +PLATFORM=MACOS +VERSIONS=10.15,10.16 + +[Query Metadata] +QUERY_NAME=systempolicyconfig_execpolicy_policy_scan_cache +ACTIVITY=System Policy Configuration - Policy Scan Cache +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10.15,10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP,'UNIXEPOCH') AS 'TIMESTAMP', + DATETIME(MOD_TIME,'UNIXEPOCH') AS 'MOD TIME', + DATETIME(REVOCATION_CHECK_TIME,'UNIXEPOCH') AS 'REVOCATION CHECK TIME', + VOLUME_UUID AS 'VOLUME UUID', + OBJECT_ID AS 'OBJECT ID', + FS_TYPE_NAME AS 'FS TYPE NAME', + BUNDLE_ID AS 'BUNDLE ID', + CDHASH AS 'CDHASH', + TEAM_IDENTIFIER AS 'TEAM IDENTIFIER', + SIGNING_IDENTIFIER AS 'SIGNING_IDENTIFIER', + POLICY_MATCH AS 'POLICY MATCH', + MALWARE_RESULT AS 'MALWARE RESULT', + FLAGS AS 'FLAGS' + FROM POLICY_SCAN_CACHE \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_policy_scan_cache_by_path.txt b/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_policy_scan_cache_by_path.txt new file mode 100644 index 0000000..60ab34b --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_policy_scan_cache_by_path.txt @@ -0,0 +1,90 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=System Policy Configuration - ExecPolicy - Policy Scan Cache by Path + +[Database Metadata] +DATABASE=ExecPolicy +PLATFORM=MACOS +VERSIONS=10.15,10.16 + +[Query Metadata] +QUERY_NAME=systempolicyconfig_execpolicy_policy_scan_cache_by_path +ACTIVITY=System Policy Configuration - Scan Cache by Path +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10.15,10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP,'UNIXEPOCH') AS 'TIMESTAMP', + DATETIME(MOD_TIME,'UNIXEPOCH') AS 'MOD TIME', + DATETIME(LAST_USED_TIME,'UNIXEPOCH') AS 'LAST USED TIME', + DATETIME(REVOCATION_CHECK_TIME,'UNIXEPOCH') AS 'REVOCATION CHECK TIME', + MOUNT_POINT AS 'MOUNT POINT', + MOUNT_RELATIVE_PATH AS 'MOUNT RELATIVE', + FS_TYPE_NAME AS 'FS TYPE NAME', + BUNDLE_ID AS 'BUNDLE ID', + CDHASH AS 'CDHASH', + TEAM_IDENTIFIER AS 'TEAM IDENTIFIER', + SIGNING_IDENTIFIER AS 'SIGNING_IDENTIFIER', + POLICY_MATCH AS 'POLICY MATCH', + MALWARE_RESULT AS 'MALWARE RESULT', + FLAGS AS 'FLAGS' + FROM POLICY_SCAN_CACHE_BY_PATH \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_policy_scan_targets_v2.txt b/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_policy_scan_targets_v2.txt new file mode 100644 index 0000000..7567207 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_execpolicy_policy_scan_targets_v2.txt @@ -0,0 +1,83 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=System Policy Configuration - ExecPolicy - Scan Targets + +[Database Metadata] +DATABASE=ExecPolicy +PLATFORM=MACOS +VERSIONS=10.14,10.15,10.16 + +[Query Metadata] +QUERY_NAME=systempolicyconfig_execpolicy_policy_scan_targets_v2 +ACTIVITY=System Policy Configuration - Policy Scan Targets +KEY_TIMESTAMP=TIMESTAMP + +[SQL Query 10.14,10.15,10.16] +QUERY= + SELECT + DATETIME(TIMESTAMP,'UNIXEPOCH') AS 'TIMESTAMP', + DATETIME(MEASURED_TIMESTAMP,'UNIXEPOCH') AS 'MEASURED TIMESTAMP', + PATH AS 'PATH', + RESPONSIBLE_PATH AS 'RESPONSIBLE_PATH', + IS_LIBRARY AS 'IS LIBRARY', + IS_USED AS 'IS USED', + DEFERRAL_COUNT AS 'DEFERRAL COUNT' + FROM SCAN_TARGETS_V2 \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_kextpolicy_kext_load_history_v3.txt b/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_kextpolicy_kext_load_history_v3.txt new file mode 100644 index 0000000..a437cf2 --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/systempolicyconfig_kextpolicy_kext_load_history_v3.txt @@ -0,0 +1,97 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=System Policy Configuration - KextPolicy - Kext Load History V3 + +[Database Metadata] +DATABASE=KextPolicy +PLATFORM=macOS +VERSIONS=10.14,10.15,10.16 + +[Query Metadata] +QUERY_NAME=systempolicyconfig_kextpolicy_kext_load_history_v3 +ACTIVITY=System Policy Configuration - Kext Load History +KEY_TIMESTAMP=CREATED AT + +[SQL Query 10.15,10.16] +QUERY= + SELECT + CREATED_AT AS 'CREATED AT', + LAST_SEEN AS 'LAST SEEN', + PATH AS 'PATH', + TEAM_ID AS 'TEAM ID', + BUNDLE_ID AS 'BUNDLE ID', + BOOT_UUID AS 'BOOT UUID', + FLAGS AS 'FLAGS', + CDHASH AS 'CDHASH' + FROM KEXT_LOAD_HISTORY_V3 + + +[SQL Query 10.13,10.14] +QUERY= + SELECT + CREATED_AT AS 'CREATED AT', + LAST_SEEN AS 'LAST SEEN', + PATH AS 'PATH', + TEAM_ID AS 'TEAM ID', + BUNDLE_ID AS 'BUNDLE ID', + BOOT_UUID AS 'BOOT UUID', + FLAGS AS 'FLAGS' + FROM KEXT_LOAD_HISTORY_V3 \ No newline at end of file diff --git a/src/sysdiagnose/utils/apollo_modules/tcc_db.txt b/src/sysdiagnose/utils/apollo_modules/tcc_db.txt new file mode 100644 index 0000000..5345bdd --- /dev/null +++ b/src/sysdiagnose/utils/apollo_modules/tcc_db.txt @@ -0,0 +1,101 @@ +# -------------------------------------------------------------------------------- +# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC, +# @iamevltwin, mac4n6.com). All rights reserved. + +# This software is provided "as is," without warranty of any kind, +# express or implied. In no event shall the author or contributors +# be held liable for any damages arising in any way from the use of +# this software. + +# The contents of this file are DUAL-LICENSED. You may modify and/or +# redistribute this software according to the terms of one of the +# following two licenses (at your option): + +# LICENSE 1 ("BSD-like with acknowledgment clause"): + +# Permission is granted to anyone to use this software for any purpose, +# including commercial applications, and to alter it and redistribute +# it freely, subject to the following restrictions: + +# 1. Redistributions of source code must retain the above copyright +# notice, disclaimer, and this list of conditions. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, disclaimer, and this list of conditions in the documenta- +# tion and/or other materials provided with the distribution. +# 3. All advertising, training, and documentation materials mentioning +# features or use of this software must display the following +# acknowledgment. Character-limited social media may abbreviate this +# acknowledgment to include author and APOLLO name ie: "This new +# feature brought to you by @iamevltwin's APOLLO". Please make an +# effort credit the appropriate authors on specific APOLLO modules. +# The spirit of this clause is to give public acknowledgment to +# researchers where credit is due. + +# This product includes software developed by Sarah Edwards +# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other +# contributors as part of APOLLO (Apple Pattern of Life Lazy +# Output'er). + + +# LICENSE 2 (GNU GPL v3 or later): + +# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er). + +# APOLLO is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# APOLLO is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with APOLLO. If not, see . +# -------------------------------------------------------------------------------- + + +[Module Metadata] +AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin +MODULE_NOTES=Transparancy, Consent, and Control (TCC) Database - Application Permissions + +[Database Metadata] +DATABASE=TCC.db +PLATFORM=MACOS,IOS +VERSIONS=13,10.14,10.15,14,10.16,14 + +[Query Metadata] +QUERY_NAME=tcc_db +ACTIVITY=App Permissions +KEY_TIMESTAMP=LAST MODIFIED + +[SQL Query 14,10.16,14] +QUERY= + SELECT + DATETIME(LAST_MODIFIED,'UNIXEPOCH') AS "LAST MODIFIED", + SERVICE AS 'SERVICE', + CLIENT AS 'CLIENT', + CASE AUTH_VALUE + WHEN 0 THEN 'NOT ALLOWED' + WHEN 2 THEN 'ALLOWED' + END AS 'ALLOWED', + AUTH_REASON AS 'AUTH REASON', + CLIENT_TYPE AS 'CLIENT TYPE', + INDIRECT_OBJECT_IDENTIFIER AS 'INDIRECT OBJECT IDENTIFIER' + FROM ACCESS + +[SQL Query 12,13,10.14,10.15] +QUERY= + SELECT + DATETIME(LAST_MODIFIED,'UNIXEPOCH') AS "LAST MODIFIED", + SERVICE AS 'SERVICE', + CLIENT AS 'CLIENT', + CASE ALLOWED + WHEN 0 THEN 'NOT ALLOWED' + WHEN 1 THEN 'ALLOWED' + END AS 'ALLOWED', + CLIENT_TYPE AS 'CLIENT TYPE', + PROMPT_COUNT AS 'PROMPT COUNT', + INDIRECT_OBJECT_IDENTIFIER AS 'INDIRECT OBJECT IDENTIFIER' + FROM ACCESS \ No newline at end of file From 08faf0c4fac6f687023eaec204a1c9dfd060e372 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Mon, 21 Oct 2024 08:23:58 +0200 Subject: [PATCH 4/4] chg: cleanup of gitignore --- .gitignore | 7 ------- README.md | 2 +- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index fddb0b5..a20048c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,10 +1,5 @@ # generated data cases/* -data/* -cases.json -parsed_data/* -*.gpx -db.json yara/* # private test data @@ -12,8 +7,6 @@ yara/* # Byte-compiled / optimized / DLL files __pycache__/ -parsers/__pycache__/* -utils/__pycache__/* *.pyc *.pyo *.pyd diff --git a/README.md b/README.md index d271ca9..2c3fea2 100644 --- a/README.md +++ b/README.md @@ -189,7 +189,7 @@ Tested On: - Christophe VANDEPLAS (European Commission - EC DIGIT Cybersecurity Operation Centre) - Emilien LE JAMTEL (CERT-EU) - BenoƮt ROUSSILLE (European Parliament) - +- For the Apollo library: https://github.com/mac4n6/APOLLO # License This project is released under the European Public Licence