-
Notifications
You must be signed in to change notification settings - Fork 79
/
powerlog_app_info.txt
120 lines (101 loc) · 4.79 KB
/
powerlog_app_info.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# --------------------------------------------------------------------------------
# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC,
# @iamevltwin, mac4n6.com). All rights reserved.
# This software is provided "as is," without warranty of any kind,
# express or implied. In no event shall the author or contributors
# be held liable for any damages arising in any way from the use of
# this software.
# The contents of this file are DUAL-LICENSED. You may modify and/or
# redistribute this software according to the terms of one of the
# following two licenses (at your option):
# LICENSE 1 ("BSD-like with acknowledgment clause"):
# Permission is granted to anyone to use this software for any purpose,
# including commercial applications, and to alter it and redistribute
# it freely, subject to the following restrictions:
# 1. Redistributions of source code must retain the above copyright
# notice, disclaimer, and this list of conditions.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, disclaimer, and this list of conditions in the documenta-
# tion and/or other materials provided with the distribution.
# 3. All advertising, training, and documentation materials mentioning
# features or use of this software must display the following
# acknowledgment. Character-limited social media may abbreviate this
# acknowledgment to include author and APOLLO name ie: "This new
# feature brought to you by @iamevltwin's APOLLO". Please make an
# effort credit the appropriate authors on specific APOLLO modules.
# The spirit of this clause is to give public acknowledgment to
# researchers where credit is due.
# This product includes software developed by Sarah Edwards
# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other
# contributors as part of APOLLO (Apple Pattern of Life Lazy
# Output'er).
# LICENSE 2 (GNU GPL v3 or later):
# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er).
# APOLLO is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# APOLLO is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with APOLLO. If not, see <https://www.gnu.org/licenses/>.
# --------------------------------------------------------------------------------
[Module Metadata]
AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin
MODULE_NOTES=Get a listing of applications and associated data (app name, executable name, bundle ID, app version, app type and deletion date/status). Not really a log per se, but a good listing of application information. App Types: 1="Background iOS Service", 3=iOS Native Apps, 4=3rd Party Apps
[Database Metadata]
DATABASE=CurrentPowerlog.PLSQL
PLATFORM=IOS
VERSIONS=9,10,11,12,13,14
[Query Metadata]
QUERY_NAME=powerlog_app_info
ACTIVITY=App Info
KEY_TIMESTAMP=TIMESTAMP
[SQL Query 9,10,11,12,13,14]
QUERY=
SELECT
DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP,
APPNAME AS "APP NAME",
APPEXECUTABLE AS "APP EXECUTABLE NAME",
APPBUNDLEID AS "BUNDLE ID",
APPBUILDVERSION AS "APP BUILD VERSION",
APPBUNDLEVERSION AS "APP BUNDLE VERSION",
APPTYPE AS "APP TYPE",
CASE APPDELETEDDATE
WHEN 0 THEN "NOT DELETED"
ELSE DATETIME(APPDELETEDDATE, 'UNIXEPOCH')
END "APP DELETED DATE",
ID AS "PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS TABLE ID"
FROM
PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS
[SQL Query 10]
QUERY=
SELECT
DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP,
APPNAME AS "APP NAME",
APPEXECUTABLE AS "APP EXECUTABLE NAME",
APPBUNDLEID AS "BUNDLE ID",
APPBUILDVERSION AS "APP BUILD VERSION",
APPBUNDLEVERSION AS "APP BUNDLE VERSION",
CASE APPDELETEDDATE
WHEN 0 THEN "NOT DELETED"
ELSE DATETIME(APPDELETEDDATE, 'UNIXEPOCH')
END "APP DELETED DATE",
ID AS "PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS TABLE ID"
FROM
PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS
[SQL Query 9]
QUERY=
SELECT
DATETIME(TIMESTAMP, 'UNIXEPOCH') AS TIMESTAMP,
APPNAME AS "APP NAME",
APPBUNDLEID AS "BUNDLE ID",
CASE APPDELETEDDATE
WHEN 0 THEN "NOT DELETED"
ELSE DATETIME(APPDELETEDDATE, 'UNIXEPOCH')
END "APP DELETED DATE",
ID AS "PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS TABLE ID"
FROM
PLAPPLICATIONAGENT_EVENTNONE_ALLAPPS