Skip to content

Fix ChromeAutofill no such table autofill_profiles and Speedtest timezone parsing #629

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
yaudahbanh wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Fix ChromeAutofill no such table autofill_profiles and Speedtest timezone parsing #629

yaudahbanh wants to merge 2 commits into from

Conversation

@yaudahbanh
Copy link

@yaudahbanh yaudahbanh commented Dec 8, 2025
edited
Loading

  1. This PR addresses an issue causing parser crashes during Chrome/Chromium artifact analysis when the database schema differs from expectation:

Chrome Autofill Artifacts: Fixes a sqlite3.OperationalError caused by the absence of the autofill_profiles table in the Web Data database. This table is often missing or has been deprecated/renamed in newer versions of Chromium, WebView, or specific browser derivatives, causing the entire artifact module to fail.

Changes

Chrome Autofill (scripts/artifacts/chromeAutofill.py)

  • Schema Validation: Added a preliminary check against sqlite_master to verify if the autofill_profiles table exists before attempting to query it.
  • Error Handling: Implemented a try-except sqlite3.OperationalError block nested within the validation logic. This ensures that if the table is missing or unreadable, the script logs the event gracefully (or simply skips the missing data) and continues processing other artifacts instead of crashing.

Before the Bug Fix:

ChromeAutofill [chromeAutofill] artifact started
Reading ChromeAutofill artifact had errors!
Error was no such table: autofill_profiles
Exception Traceback: Traceback (most recent call last): File "D:\KULIAH\SEMESTER 7\FOREN\fp\ALEAPP\aleapp.py", line 383, in crunch_artifacts plugin.method(files_found, category_folder, seeker, wrap_text) File "D:\KULIAH\SEMESTER 7\FOREN\fp\ALEAPP\scripts\artifacts\chromeAutofill.py", line 98, in get_chromeAutofill cursor.execute(f''' sqlite3.OperationalError: no such table: autofill_profiles

After the Bug Fix:

ChromeAutofill [chromeAutofill] artifact started
No Unknown - Autofill - Entries data available
No Unknown - Autofill - Entries data available
No Unknown - Autofill - Entries data available
No Unknown - Autofill - Entries data available
No Unknown - Autofill - Entries data available
No Unknown - Autofill - Entries data available
No Edge - Autofill - Entries data available
No Unknown - Autofill - Entries data available
No Unknown - Autofill - Entries data available
No Unknown - Autofill - Entries data available
No Unknown - Autofill - Entries data available
No Unknown - Autofill - Entries data available
No Unknown - Autofill - Entries data available
No Unknown - Autofill - Entries data available
No Unknown - Autofill - Entries data available
No Edge - Autofill - Entries data available
No Unknown - Autofill - Entries data available
No Unknown - Autofill - Entries data available
ChromeAutofill [chromeAutofill] artifact completed

Note: This is tested on Magnet Virtual Summit 2025 CTF - Android Forensic Image from https://www.stark4n6.com/2025/03/magnet-virtual-summit-2025-ctf-android.html

  1. Second PR fixes two critical issues causing the speedtest artifact parser to crash or fail to extract data on certain database versions.

Changes (speedtest_reports_location & speedtest_reports_wifi )

Speedtest (scripts/artifacts/speedtest.py)

  • Fixed ISO 8601 Timestamp Parsing (ValueError): The Speedtest database stores timestamps with timezone offsets that lack a colon separator. This caused datetime.fromisoformat() to fail.
    By Implemented a fix_iso_timestamp helper function using regex to detect this format and inject the colon before parsing, ensuring compatibility with Python's datetime library.
  • Fixed Logging Arguments (TypeError): Exception handlers were calling logfunc() with two arguments (message and exception), but the function only accepts one.

Before the Bug Fix:

speedtest_reports_location [speedtest] artifact started
Reading speedtest_reports_location artifact had errors!
Error was logfunc() takes from 0 to 1 positional arguments but 2 were given
Exception Traceback: Traceback (most recent call last): File "D:\KULIAH\SEMESTER 7\FOREN\fp\yaudahbanh\ALEAPP\scripts\artifacts\speedtest.py", line 92, in speedtest_reports_location report_timestamp = datetime.fromisoformat(j.get('start', {}).get('timestamp', '1970-01-01T00:00:00Z')).astimezone(timezone.utc) ValueError: Invalid isoformat string: '2025-07-22T23:15:30.283+0400' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "D:\KULIAH\SEMESTER 7\FOREN\fp\yaudahbanh\ALEAPP\aleapp.py", line 383, in crunch_artifacts plugin.method(files_found, category_folder, seeker, wrap_text) File "D:\KULIAH\SEMESTER 7\FOREN\fp\yaudahbanh\ALEAPP\scripts\ilapfuncs.py", line 306, in wrapper data_headers, data_list, source_path = func(files_found, report_folder, seeker, wrap_text) File "D:\KULIAH\SEMESTER 7\FOREN\fp\yaudahbanh\ALEAPP\scripts\artifacts\speedtest.py", line 101, in speedtest_reports_location logfunc('Error retrieving Speedtest reports: ', ex) TypeError: logfunc() takes from 0 to 1 positional arguments but 2 were given

speedtest_reports_wifi [speedtest] artifact started
Reading speedtest_reports_wifi artifact had errors!
Error was logfunc() takes from 0 to 1 positional arguments but 2 were given
Exception Traceback: Traceback (most recent call last): File "D:\KULIAH\SEMESTER 7\FOREN\fp\yaudahbanh\ALEAPP\scripts\artifacts\speedtest.py", line 128, in speedtest_reports_wifi boot_time = datetime.fromisoformat(timestamp).astimezone(timezone.utc) - timedelta(microseconds=elapsedRealtimeNanos/1000) if timestamp and elapsedRealtimeNanos else None ValueError: Invalid isoformat string: '2025-07-22T23:15:30.505+0400' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "D:\KULIAH\SEMESTER 7\FOREN\fp\yaudahbanh\ALEAPP\aleapp.py", line 383, in crunch_artifacts plugin.method(files_found, category_folder, seeker, wrap_text) File "D:\KULIAH\SEMESTER 7\FOREN\fp\yaudahbanh\ALEAPP\scripts\ilapfuncs.py", line 306, in wrapper data_headers, data_list, source_path = func(files_found, report_folder, seeker, wrap_text) File "D:\KULIAH\SEMESTER 7\FOREN\fp\yaudahbanh\ALEAPP\scripts\artifacts\speedtest.py", line 142, in speedtest_reports_wifi logfunc('Error retrieving Speedtest reports: ', ex) TypeError: logfunc() takes from 0 to 1 positional arguments but 2 were given

After the Bug Fix:

speedtest_reports_location [speedtest] artifact started
Found 1 record for Speedtest Reports - Location
speedtest_reports_location [speedtest] artifact completed

speedtest_reports_wifi [speedtest] artifact started
Found 18 records for Speedtest Reports - Wi-Fi data
speedtest_reports_wifi [speedtest] artifact completed

Note: This is tested on BelkasoftCTF #7 2025 - Android Forensic Image from https://belkasoft.com/belkactf7/info

@yaudahbanh yaudahbanh changed the title Fix ChromeAutofill no such table: autofill_profiles Fix ChromeAutofill no such table autofill_profiles and Speedtest timezone parsing Dec 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yaudahbanh