Add USB history extraction script to log connected devices

DefinetlyNotAI · DefinetlyNotAI · commit 2edb41f92798 · 2025-08-26T14:12:02.000+03:00
Signed-off-by: Shahm Najeeb &lt;Nirt_12023@outlook.com&gt;
diff --git a/CODE/usb_history.py b/CODE/usb_history.py
@@ -0,0 +1,89 @@
+import ctypes
+import os
+import winreg
+from datetime import datetime, timedelta
+
+from logicytics import log
+
+
+class USBHistory:
+    def __init__(self):
+        self.history_path = os.path.join(os.path.dirname(os.path.abspath(__file__)), "usb_history.txt")
+
+    def _save_history(self, message: str):
+        """Append a timestamped message to the history file and log it."""
+        timestamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+        entry = f"{timestamp} - {message}\n"
+        try:
+            with open(self.history_path, "a", encoding="utf-8") as f:
+                f.write(entry)
+            log.debug(f"Saved entry: {message}")
+        except Exception as e:
+            log.error(f"Failed to write history: {e}")
+
+    # noinspection PyUnresolvedReferences
+    @staticmethod
+    def _get_last_write_time(root_key, sub_key_path):
+        """Return the precise last write time of a registry key, or None on failure."""
+        try:
+            handle = ctypes.wintypes.HANDLE()
+            if ctypes.windll.advapi32.RegOpenKeyExW(root_key, sub_key_path, 0, winreg.KEY_READ,
+                                                    ctypes.byref(handle)) != 0:
+                return None
+
+            ft = ctypes.wintypes.FILETIME()
+            if ctypes.windll.advapi32.RegQueryInfoKeyW(handle, None, None, None, None, None, None, None, None, None,
+                                                       None, ctypes.byref(ft)) != 0:
+                return None
+
+            t = ((ft.dwHighDateTime << 32) + ft.dwLowDateTime) // 10
+            return datetime(1601, 1, 1) + timedelta(microseconds=t)
+        except Exception:
+            return None
+
+    @staticmethod
+    def _enum_subkeys(root, path, warn_func):
+        """Yield all subkeys of a registry key, logging warnings on errors."""
+        try:
+            with winreg.OpenKey(root, path) as key:
+                for i in range(1024):  # reasonable upper bound to avoid infinite loops
+                    try:
+                        yield winreg.EnumKey(key, i)
+                    except OSError as e:
+                        if e.winerror == 259:  # no more data
+                            break
+                        warn_func(f"Error enumerating {path} index {i}: {e}")
+        except Exception as e:
+            warn_func(f"Failed to open registry key {path}: {e}")
+
+    @staticmethod
+    def _get_friendly_name(dev_info_path, device_id):
+        """Return the friendly name of a device if available, else the device ID."""
+        try:
+            with winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, dev_info_path) as dev_key:
+                return winreg.QueryValueEx(dev_key, "FriendlyName")[0]
+        except FileNotFoundError:
+            return device_id
+        except Exception as e:
+            log.warning(f"Failed to read friendly name for {dev_info_path}: {e}")
+            return device_id
+
+    def read(self):
+        """Read all USB devices from USBSTOR and log their info."""
+        log.info("Starting USB history extraction...")
+        reg_path = r"SYSTEM\CurrentControlSet\Enum\USBSTOR"
+        try:
+            for device_class in self._enum_subkeys(winreg.HKEY_LOCAL_MACHINE, reg_path, log.warning):
+                dev_class_path = f"{reg_path}\\{device_class}"
+                for device_id in self._enum_subkeys(winreg.HKEY_LOCAL_MACHINE, dev_class_path, log.warning):
+                    dev_info_path = f"{dev_class_path}\\{device_id}"
+                    friendly_name = self._get_friendly_name(dev_info_path, device_id)
+                    last_write = self._get_last_write_time(winreg.HKEY_LOCAL_MACHINE, dev_info_path) or "Unknown"
+                    self._save_history(f"USB Device Found: {friendly_name} | LastWriteTime: {last_write}")
+            log.info(f"USB history extraction complete, saved to {self.history_path}")
+        except Exception as e:
+            log.error(f"Error during USB history extraction: {e}")
+
+
+if __name__ == "__main__":
+    USBHistory().read()
diff --git a/PLANS.md b/PLANS.md
@@ -9,7 +9,6 @@
 | Task                                                                                                                                                                       | Version | Might or Will be done? |
 |----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|------------------------|
 | Remake VulnScan .pkl and .pth to be more accurate                                                                                                                          | v3.6.0  | ❌                      |
-| Advanced USB Device History Tracker                                                                                                                                        | v3.6.0  | ❌                      |
 | Merge `sensitive data miner` with `vulnscan` to be 1 tool                                                                                                                  | v4.0.0  | ✅                      |
 | Remake Logicytics End-Execution cycle, where files created must go in `temp/` directory, and zipper takes it from there only, simplifying any code logic with this as well | v4.0.0  | ✅                      |
 | Replace Logger.py with Util that contains (tprint), also implement the ExceptionHandler and UpdateManager from Util                                                        | v4.0.0  | ✅                      |
