Skip to content

Fix Resolve crashes in Turbo Artifacts & Update Battery Saver LogicFixing modules turbo/artifacts #626

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ariefnr wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Fix Resolve crashes in Turbo Artifacts & Update Battery Saver LogicFixing modules turbo/artifacts #626

ariefnr wants to merge 3 commits into from

Conversation

@ariefnr
Copy link

@ariefnr ariefnr commented Nov 28, 2025

Hello ALEAPP Team,

I hope you are doing well.

I encountered some issues while analyzing the Turbo_Battery and Turbo_Bluetooth artifacts using the 2022 CTF - Android-001.tar image (from Digital Corpora). The execution resulted in crashes due to AttributeError (when using Tar seeker) and NameError (undefined variables).

I have refactored deviceHealthServices_Battery.py to fix these crashes and updated the SQL logic based on the forensic data found in the image.

Here is the summary of changes:

  1. Fix: AttributeError: 'FileSeekerTar' object has no attribute 'directory'
  • Issue: The code previously tried to strip the path using seeker.directory, which does not exist when the seeker is processing a .tar file (FileSeekerTar).
  • Fix: Changed to use os.path.basename(file_found) to safely extract the filename regardless of the seeker type.
  1. Fix: NameError: name 'file_found' is not defined (in Turbo_Bluetooth)
  • Issue: The logic was missing a proper iteration loop, causing it to reference file_found before it was defined.
  • Fix: Implemented a proper for file_found in files_found: loop to handle multiple database files correctly.
  1. Fix: NameError: name 'time_offset' is not defined
  • Issue: The variable time_offset was passed to the timestamp conversion function but was never initialized.
  • Fix: Initialized time_offset = 'UTC'.
  1. Update: Battery Saver Logic Interpretation

  • Analysis: Based on the artifact analysis, the previous SQL CASE statement for battery_saver was inconsistent with the data.

  • Update: Adjusted the logic to:

  • 0 -> 'Enabled'

  • 2 -> 'Disabled'

  • Others -> Returned as is.

  1. Improvement: Error Handling
  • Added try-except blocks when opening the SQLite database (open_sqlite_db_readonly) to prevent the entire artifact parsing from stopping if one DB file is corrupted/locked.

Traceback reference

AttributeError: 'FileSeekerTar' object has no attribute 'directory'
NameError: name 'file_found' is not defined. Did you mean: 'files_found'?

Here's what the error looks like before and bug fixing after
Before
Before Turbo Battery Turbo Bluetooth 1

After
After Turbo Battery Turbo Bluetooth

I have tested these changes against the CTF image, and the artifacts are now parsing correctly without errors.
Thank you for your hard work on this tool!

Best regards.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ariefnr