WIP: improved schema parsing

2015-09-21 23:18:43 -07:00 · 2015-09-21 23:18:43 -07:00 · 5bc90d7407
parent 82651d5388
commit 5bc90d7407
5 changed files with 34 additions and 6 deletions
--- a/2
+++ b/2
@ -7,7 +7,7 @@
  INTRO
 -------------
 dbfp is a tool that will scan a sqlite database and generate a fingerprint.
-The fingerprint is basically the database schema.
+The fingerprint is basically the database schema with some metadata (md5 sums, scan information)
 The fingerprint is stored to disk in JSON format.


--- a/7
+++ b/7
@ -13,6 +13,13 @@
  History
 ------------

+version 0.90
+  -improved sql create parsing
+  -improved support for AOSP Androd contacts database
+  -improved the table schema comparison
+  -added as an option and to the fingerprint:
+    app name, app version, notes regarding this scan
+
 version 0.85
  -modified format
  -added "file-metadata", info about the scanner and fingerprint file
--- a/dbfp.py
+++ b/dbfp.py
@ -64,7 +64,7 @@ def parseArgs():

  # compare a sqlite database file to all fingerprints
  if (args.fp and args.fpdir):
-    compareFingerprints(args.file, args.fp, args.fpdir)
+    compareFingerprintDir(args.file, args.fp, args.fpdir)
  # compare a sqlite database file to a fingerprint
  if (args.fp):
    compareFingerprint(args.file, args.fp)
--- a/docs/README
+++ b/docs/README
@ -6,10 +6,24 @@
 -------------
  INTRO
 -------------
+[D]ata[B]ase [F]inger[P]rint
+
 dbfp is a tool that will scan a sqlite database and generate a fingerprint.
-The fingerprint is basically the database schema.
+The fingerprint will uniquely identify the database.
+The fingerprint consists of the database schema, the sql table create statements, 
+  md5 calculations, and file meta-data.
 The fingerprint is stored to disk in JSON format.

+The fingerprint can be used to identify unknown databases from random paths or recovered from deleted space.
+The fingerprint can be used for historical comparisons to see what has changed in a new version of an application.
+
+
+-------------
+  FEATURES
+-------------
+1. Generate a fingerprint in JSON format.
+2. Compare a sqlite database with a fingerprint.
+

 -------------
  USAGE
@ -19,12 +33,19 @@ The fingerprint is stored to disk in JSON format.
   DB Fingerprint
 ***** ***** ***** *****

-usage: main.py [-h] [-f FILE] [-j JSON] [-v]
+usage: dbfp.py [-h] [-f FILE] [-fd FPDIR] [-fp FP] [-an APP_NAME]
+               [-av APP_VERSION] [-n NOTES] [-v]

 Fingerprint a sqlite database based on its schema

 optional arguments:
  -h, --help            show this help message and exit
  -f FILE, --file FILE
-  -j JSON, --json JSON
+  -fd FPDIR, --fpdir FPDIR
+                        path to dirctory of fingerprint files
+  -fp FP, --fp FP       fingerprint file to use in comparison
+  -an APP_NAME, --app_name APP_NAME
+  -av APP_VERSION, --app_version APP_VERSION
+  -n NOTES, --notes NOTES
  -v, --verbose
+  
--- a/libs/fingerprint.py
+++ b/libs/fingerprint.py
@ -32,7 +32,7 @@ class DBSchema:
  """

  sqlmaster = "SELECT name, sql FROM sqlite_master WHERE type='table'"
-  scanner_ver = "0.85"
+  scanner_ver = "0.90"
  format_ver  = "0.90"

  def __init__(self):