#!/usr/bin/env python3
"""
This application is designed to decode timestamps into human-readable date/times and vice-versa
Additional information regarding the source of the timestamp formats and associated equations
is provided in the REFERENCES.md file at https://github.com/digitalsleuth/time_decode.
"""
from datetime import datetime as dt, timedelta, timezone
import struct
from string import hexdigits, ascii_lowercase
import argparse
import inspect
import math
import re
import sys
import os
import base64
import uuid
import traceback
import warnings
import csv
from calendar import monthrange, IllegalMonthError
from typing import NamedTuple
from zoneinfo import ZoneInfo as tzone
import tzdata
import juliandate as jd
from colorama import init
import blackboxprotobuf
from blackboxprotobuf.lib.exceptions import DecoderException
from ulid import ULID
from prettytable import PrettyTable, TableStyle
from PyQt6.QtCore import (
QRect,
Qt,
QMetaObject,
QCoreApplication,
QDate,
QSize,
)
from PyQt6.QtGui import (
QAction,
QPixmap,
QIcon,
QFont,
QKeySequence,
QColor,
)
from PyQt6.QtWidgets import (
QWidget,
QVBoxLayout,
QHBoxLayout,
QGridLayout,
QLabel,
QLineEdit,
QDateTimeEdit,
QComboBox,
QPushButton,
QRadioButton,
QApplication,
QMenu,
QMessageBox,
QTableWidget,
QTableWidgetItem,
QSizePolicy,
QMainWindow,
QStyle,
QFileDialog,
)
warnings.filterwarnings("ignore", category=DeprecationWarning)
init(autoreset=True)
__author__ = "Corey Forman (digitalsleuth)"
__date__ = "2025-05-25"
__version__ = "10.1.0"
__description__ = "Python 3 Date Time Conversion Tool"
__fmt__ = "%Y-%m-%d %H:%M:%S.%f"
__red__ = "\033[1;31m"
__clr__ = "\033[1;m"
__source__ = "https://github.com/digitalsleuth/time_decode"
__appname__ = f"Time Decode v{__version__}"
class NewWindow(QWidget):
"""This class sets the structure for a new window"""
def __init__(self, parent=None):
"""Sets up the new window table and context menu"""
super().__init__(parent)
if parent:
self.setPalette(parent.palette())
self.setFont(parent.font())
self.setStyleSheet("background-color: white;")
layout = QVBoxLayout(self)
self.window_label = QLabel(self)
self.output_table = QTableWidget(self)
self.output_table.setSizePolicy(
QSizePolicy.Policy.Expanding, QSizePolicy.Policy.Expanding
)
self.output_table.setStyleSheet(
"border: none; selection-background-color: #1644b9;"
)
self.output_table.setVerticalScrollBarPolicy(
Qt.ScrollBarPolicy.ScrollBarAsNeeded
)
self.context_menu = ContextMenu(self.output_table)
self.output_table.setContextMenuPolicy(Qt.ContextMenuPolicy.CustomContextMenu)
self.output_table.customContextMenuRequested.connect(
self.context_menu.show_context_menu
)
layout.addWidget(self.output_table)
layout.addWidget(self.window_label)
self.stylesheet = TimeDecodeGui.stylesheet
self.setLayout(layout)
def key_press_event(self, event):
"""Sets the Ctrl+C KeyPress for the window"""
if event.matches(QKeySequence.StandardKey.Copy):
self.context_menu.copy()
else:
super().key_press_event(event)
class CsvWindow(QWidget):
"""This class sets the structure for a new window"""
def __init__(
self,
ts_formats: QComboBox,
time_zones: QComboBox,
dt_formats: QComboBox,
parent=None,
):
"""Sets up the new window table and context menu"""
super().__init__(parent)
if parent:
self.setPalette(parent.palette())
self.setFont(parent.font())
self.window_label = QLabel(self)
self.output_table = QTableWidget(self)
self.ts_formats = QComboBox(self)
self.time_zones = QComboBox(self)
self.dt_formats = QComboBox(self)
for i in range(ts_formats.count()):
self.ts_formats.addItem(ts_formats.itemText(i), ts_formats.itemData(i))
for i in range(time_zones.count()):
self.time_zones.addItem(time_zones.itemText(i), time_zones.itemData(i))
for i in range(dt_formats.count()):
self.dt_formats.addItem(dt_formats.itemText(i), dt_formats.itemData(i))
self.output_table.setSizePolicy(
QSizePolicy.Policy.Expanding, QSizePolicy.Policy.Expanding
)
self.output_table.setVerticalScrollBarPolicy(
Qt.ScrollBarPolicy.ScrollBarAsNeeded
)
class AboutWindow(QWidget):
"""Sets the structure for the About window"""
def __init__(self):
super().__init__()
layout = QGridLayout()
self.about_label = QLabel()
self.url_label = QLabel()
self.logo_label = QLabel()
spacer = QLabel()
layout.addWidget(self.about_label, 0, 0)
layout.addWidget(spacer, 0, 1)
layout.addWidget(self.url_label, 1, 0)
layout.addWidget(self.logo_label, 0, 2)
self.setStyleSheet("background-color: white; color: black;")
self.setFixedHeight(100)
self.setFixedWidth(350)
self.setLayout(layout)
class ContextMenu:
"""Shows a context menu for a QTableWidget"""
def __init__(self, tbl_widget):
"""Associate the tbl_widget variable"""
self.tbl_widget = tbl_widget
def show_context_menu(self, pos):
"""Sets the context menu structure and style"""
stylesheet = TimeDecodeGui.stylesheet
context_menu = QMenu(self.tbl_widget)
copy_event = context_menu.addAction("Copy")
copy_event.setShortcut(QKeySequence("Ctrl+C"))
copy_event.setShortcutVisibleInContextMenu(True)
context_menu.setStyleSheet(stylesheet)
copy_event.triggered.connect(self.copy)
context_menu.exec(self.tbl_widget.mapToGlobal(pos))
def copy(self):
"""Sets up the Copy option for the context menu"""
selected = self.tbl_widget.selectedItems()
if selected:
clipboard = QApplication.clipboard()
text = (
"\n".join(
[
"\t".join(
[
item.text()
for item in self.tbl_widget.selectedItems()
if item.row() == row
]
)
for row in range(self.tbl_widget.rowCount())
]
)
).rstrip()
text = text.lstrip()
clipboard.setText(text)
class UiMainWindow:
"""Sets the structure for the main user interface"""
def __init__(self):
super().__init__()
self.window_width = 490
self.window_height = 130
self.text_font = QFont()
self.text_font.setPointSize(9)
self.results = {}
self.examples_window = None
self.new_window = None
self.timestamp_text = None
self.date_time = None
self.now_button = None
self.update_button = None
self.button_layout = None
self.calendar_buttons = None
self.timestamp_formats = None
self.time_zone_offsets = None
self.output_table = None
self.context_menu = None
self.guess_button = None
self.to_all_button = None
self.encode_radio = None
self.decode_radio = None
self.go_button = None
self.new_window_button = None
self.menu_bar = None
self.file_menu = None
self.exit_action = None
self.view_menu = None
self.view_action = None
self.help_menu = None
self.about_action = None
self.msg_box = None
self.about_window = None
self.logo = None
self.timestamp_count_label = None
self.dt_format_combo = None
self.decode_from_file_button = None
self.selected_header = None
self.csv_path = None
self.csv_content_window = None
self.csv_go_button = None
self.csv_decode_action = None
self.select_new_csv = None
self.csv_close_button = None
self.screen_layout = QApplication.primaryScreen().availableGeometry()
self.center_x = (self.screen_layout.width() // 2) - (self.window_width // 2)
self.center_y = (self.screen_layout.height() // 2) - (self.window_height // 2)
def setup_ui(self, main_window):
"""Sets up the core UI"""
if not main_window.objectName():
main_window.setObjectName(__appname__)
main_window.setFixedWidth(self.window_width)
main_window.setMinimumHeight(self.window_height)
main_window.setStyleSheet(main_window.stylesheet)
main_window.setSizePolicy(
QSizePolicy.Policy.Expanding, QSizePolicy.Policy.Expanding
)
main_window.setWindowFlags(
main_window.windowFlags() & ~Qt.WindowType.WindowMaximizeButtonHint
)
main_window.move(self.center_x, self.center_y)
self.timestamp_text = QLineEdit(main_window)
self.timestamp_text.setObjectName("timestamp_text")
self.timestamp_text.setGeometry(QRect(10, 30, 225, 22))
self.timestamp_text.setHidden(False)
self.timestamp_text.setEnabled(True)
self.timestamp_text.setStyleSheet(main_window.stylesheet)
self.timestamp_text.setFont(self.text_font)
self.timestamp_text.setToolTip(
"Enter your timestamp. To verify your timestamp format, select 'View -> Examples'."
)
utc_time = dt.now(timezone.utc)
self.date_time = QDateTimeEdit(main_window)
self.date_time.setObjectName("date_time")
self.date_time.setDisplayFormat("yyyy-MM-dd HH:mm:ss.zzz")
self.date_time.setGeometry(QRect(10, 30, 225, 22))
self.date_time.setDateTime(utc_time)
self.date_time.setCalendarPopup(True)
self.date_time.calendarWidget().setFixedHeight(220)
self.date_time.calendarWidget().setGridVisible(True)
self.date_time.setHidden(True)
self.date_time.setEnabled(False)
self.date_time.setStyleSheet(main_window.stylesheet)
self.date_time.calendarWidget().setStyleSheet(
"alternate-background-color: #EAF6FF; background-color: white; color: black;"
)
self.date_time.setFont(self.text_font)
self.date_time.calendarWidget().setFont(self.text_font)
self.date_time.setToolTip(
"Enter your date/time as 'YYYY-mm-dd HH:MM:SS.fff' and only 3 digits for milliseconds."
)
self.now_button = QPushButton("&Now", clicked=self.set_now)
self.now_button.setFont(self.text_font)
self.update_button = QPushButton(
"&Update Time Zones", clicked=self.update_timezones
)
self.update_button.setFont(self.text_font)
self.button_layout = QHBoxLayout()
self.button_layout.addWidget(self.now_button)
self.button_layout.addWidget(self.update_button)
self.calendar_buttons = self.date_time.calendarWidget().layout()
self.calendar_buttons.addLayout(self.button_layout)
self.timestamp_formats = QComboBox(main_window)
self.timestamp_formats.setObjectName("timestamp_formats")
self.timestamp_formats.setGeometry(QRect(10, 60, 225, 22))
self.timestamp_formats.setStyleSheet(
"combobox-popup: 0; background-color: white; color: black;"
)
self.timestamp_formats.view().setVerticalScrollBarPolicy(
Qt.ScrollBarPolicy.ScrollBarAsNeeded
)
self.timestamp_formats.setFont(self.text_font)
types = {}
for _, this_type in ts_types.items():
types[this_type[0]] = this_type[1]
types = dict(sorted(types.items(), key=lambda item: item[0].casefold()))
for k, v in enumerate(types.items()):
self.timestamp_formats.addItem(v[0])
self.timestamp_formats.setItemData(k, v[1], Qt.ItemDataRole.ToolTipRole)
self.time_zone_offsets = QComboBox(main_window)
self.time_zone_offsets.setObjectName("time_zone_offsets")
self.time_zone_offsets.setGeometry(QRect(10, 90, 305, 22))
self.time_zone_offsets.setStyleSheet(
"combobox-popup: 0; background-color: white; color: black;"
)
self.time_zone_offsets.view().setVerticalScrollBarPolicy(
Qt.ScrollBarPolicy.ScrollBarAsNeeded
)
self.time_zone_offsets.setFont(self.text_font)
try:
dt_obj = dt.fromisoformat(self.date_time.text()).replace(
tzinfo=timezone.utc
)
except ValueError:
dt_obj = dt.strptime(self.date_time.text(), __fmt__).replace(
tzinfo=timezone.utc
)
ts_offsets = common_timezone_offsets(dt_obj)
for k, v in enumerate(ts_offsets):
self.time_zone_offsets.addItem(f"{v[0]} {v[1]}")
self.time_zone_offsets.setItemData(k, v[1], Qt.ItemDataRole.ToolTipRole)
self.time_zone_offsets.setEnabled(True)
self.time_zone_offsets.setHidden(False)
tz_tooltip = (
"Time Zones in the drop-down box are displayed based on the current date/time.\n"
"The actual UTC Offset (whether observing DST or not) will be calculated\naccordingly"
" when generating output.\n\n"
"For example: Europe/Amsterdam time zone is UTC+01:00 before 29 March 2026 at 2AM,\n"
"then it is UTC+02:00 until 29 October 2026 at 3AM.\n\n"
"If YOUR current date/time falls between these two times, the time zone will display "
"UTC+02:00.\n"
"Otherwise, it will display UTC+01:00.\n\nThe output will adjust based on the date/time"
" value provided or determined."
)
self.time_zone_offsets.setToolTip(tz_tooltip)
self.output_table = QTableWidget(main_window)
self.output_table.setSizePolicy(
QSizePolicy.Policy.Expanding, QSizePolicy.Policy.Expanding
)
self.output_table.setGeometry(QRect(10, 120, 440, 22))
self.output_table.setStyleSheet(
"border: none; background-color: white; color: black; font-size: 10;"
)
self.output_table.setVisible(False)
self.output_table.setVerticalScrollBarPolicy(
Qt.ScrollBarPolicy.ScrollBarAlwaysOn
)
self.output_table.setHorizontalScrollBarPolicy(
Qt.ScrollBarPolicy.ScrollBarAlwaysOff
)
self.context_menu = ContextMenu(self.output_table)
self.output_table.setContextMenuPolicy(Qt.ContextMenuPolicy.CustomContextMenu)
self.output_table.customContextMenuRequested.connect(
self.context_menu.show_context_menu
)
self.output_table.setFont(self.text_font)
self.guess_button = QPushButton(main_window)
self.guess_button.setObjectName("guess_button")
self.guess_button.setEnabled(True)
self.guess_button.setHidden(False)
self.guess_button.setGeometry(QRect(245, 30, 70, 22))
self.guess_button.setStyleSheet("background-color: white; color: black;")
self.guess_button.setFont(self.text_font)
self.guess_button.clicked.connect(self.guess_decode)
self.guess_button.setToolTip(
"Run the current timestamp through all functions to 'Guess' the format."
)
self.to_all_button = QPushButton(main_window)
self.to_all_button.setObjectName("to_all_button")
self.to_all_button.setEnabled(False)
self.to_all_button.setHidden(True)
self.to_all_button.setGeometry(QRect(245, 30, 70, 22))
self.to_all_button.setStyleSheet("background-color: white; color: black;")
self.to_all_button.setFont(self.text_font)
self.to_all_button.clicked.connect(self.encode_toall)
self.to_all_button.setToolTip(
"Convert the selected date/time value to all timestamp formats."
)
self.encode_radio = QRadioButton(main_window)
self.encode_radio.setObjectName("encode_radio")
self.encode_radio.setGeometry(QRect(400, 30, 72, 20))
self.encode_radio.setStyleSheet("background-color: white; color: black;")
self.encode_radio.setFont(self.text_font)
self.encode_radio.toggled.connect(self._encode_select)
self.decode_radio = QRadioButton(main_window)
self.decode_radio.setObjectName("decode_radio")
self.decode_radio.setGeometry(QRect(325, 30, 72, 20))
self.decode_radio.setChecked(True)
self.decode_radio.setStyleSheet("background-color: white; color: black;")
self.decode_radio.setFont(self.text_font)
self.decode_radio.toggled.connect(self._decode_select)
self.decode_from_file_button = QPushButton(main_window)
self.decode_from_file_button.setObjectName("decode_from_file_button")
self.decode_from_file_button.setEnabled(True)
self.decode_from_file_button.setHidden(False)
self.decode_from_file_button.setGeometry(QRect(322, 60, 72, 22))
self.decode_from_file_button.setStyleSheet(
"background-color: white; color: black;"
)
self.decode_from_file_button.setFont(self.text_font)
self.decode_from_file_button.clicked.connect(self.csv_decode)
self.decode_from_file_button.setToolTip(
"Decode timestamps from a CSV/TXT file."
)
self.dt_format_combo = QComboBox(main_window)
self.dt_format_combo.setObjectName("dt_format_combo")
self.dt_format_combo.setEnabled(True)
self.dt_format_combo.setHidden(False)
self.dt_format_combo.setFont(self.text_font)
self.dt_format_combo.setGeometry(QRect(400, 60, 70, 22))
for k, v in enumerate(date_formats.items()):
self.dt_format_combo.addItem(f"{v[0]}")
self.dt_format_combo.setItemData(
k, v[1].replace("%", ""), Qt.ItemDataRole.ToolTipRole
)
self.dt_format_combo.setStyleSheet("background-color: white; color: black;")
self.dt_format_combo.setToolTip("Choose your desired date/time format.")
self.go_button = QPushButton(main_window)
self.go_button.setObjectName("go_button")
self.go_button.setGeometry(QRect(245, 60, 70, 22))
self.go_button.setStyleSheet("background-color: white; color: black;")
self.go_button.setFont(self.text_font)
self.go_button.clicked.connect(self.go_function)
self.go_button.setToolTip("Convert to/from the timestamp selected to the left.")
new_window_pixmap = QStyle.StandardPixmap.SP_ArrowUp
icon = main_window.style().standardIcon(new_window_pixmap)
self.new_window_button = QPushButton(main_window)
self.new_window_button.setObjectName("new_window_button")
self.new_window_button.setGeometry(QRect(325, 90, 22, 22))
self.new_window_button.setStyleSheet(
"background-color: white; color: black; border: 0;"
)
self.new_window_button.setFont(self.text_font)
self.new_window_button.setIcon(icon)
self.new_window_button.setIconSize(QSize(22, 22))
self.new_window_button.setToolTip("Open results in a new window")
self.new_window_button.clicked.connect(self._new_window)
if os.sys.platform == "linux":
vert = 415
else:
vert = 370
self.timestamp_count_label = QLabel(main_window)
self.timestamp_count_label.setGeometry(QRect(vert, 94, 90, 22))
self.timestamp_count_label.setStyleSheet(
"background-color: white; color: black;"
)
self.timestamp_count_label.setFont(self.text_font)
self.timestamp_count_label.setAlignment(Qt.AlignmentFlag.AlignRight)
self.retranslate_ui(main_window)
QMetaObject.connectSlotsByName(main_window)
def retranslate_ui(self, main_window):
"""Retranslate the Ui"""
_translate = QCoreApplication.translate
main_window.setWindowTitle(_translate("main_window", __appname__, None))
self.date_time.setDisplayFormat(
_translate("main_window", "yyyy-MM-dd HH:mm:ss.zzz", None)
)
self.timestamp_text.setPlaceholderText(
_translate("main_window", "Timestamp", None)
)
self.guess_button.setText(_translate("main_window", "Guess", None))
self.to_all_button.setText(_translate("main_window", "To All", None))
self.encode_radio.setText(_translate("main_window", "Encode", None))
self.decode_radio.setText(_translate("main_window", "Decode", None))
self.go_button.setText(_translate("main_window", "\u2190 From", None))
self.decode_from_file_button.setText(
_translate("main_window", "From file..", None)
)
self.new_window_button.setHidden(True)
self.new_window_button.setEnabled(False)
self._menu_bar()
def set_now(self):
"""Sets the current date / time on the Calendar Widget"""
today = QDate().currentDate()
now = dt.now(timezone.utc)
self.date_time.calendarWidget().setSelectedDate(today)
self.date_time.setDateTime(now)
def update_timezones(self):
"""Updates the time_zone_offsets combo box to reflect the selected Calendar date/time"""
try:
dt_obj = dt.fromisoformat(self.date_time.text()).replace(
tzinfo=timezone.utc
)
except ValueError:
dt_obj = dt.strptime(self.date_time.text(), __fmt__).replace(
tzinfo=timezone.utc
)
ts_offsets = common_timezone_offsets(dt_obj)
self.time_zone_offsets.clear()
for k, v in enumerate(ts_offsets):
self.time_zone_offsets.addItem(f"{v[0]} {v[1]}")
self.time_zone_offsets.setItemData(k, v[1], Qt.ItemDataRole.ToolTipRole)
def _decode_select(self):
"""Sets the structure for the decode radio button"""
self.date_time.setHidden(True)
self.date_time.setEnabled(False)
self.timestamp_text.setHidden(False)
self.timestamp_text.setEnabled(True)
self.guess_button.setEnabled(True)
self.guess_button.setHidden(False)
self.to_all_button.setEnabled(False)
self.to_all_button.setHidden(True)
self.go_button.setText("\u2190 From")
self.new_window_button.setHidden(True)
self.new_window_button.setEnabled(False)
self.timestamp_count_label.setText("")
self.decode_from_file_button.setEnabled(True)
self.decode_from_file_button.setHidden(False)
self.dt_format_combo.setEnabled(True)
self.dt_format_combo.setHidden(False)
self._reset_table()
def _encode_select(self):
"""Sets the structure for the encode radio button"""
self.timestamp_text.setHidden(True)
self.timestamp_text.setEnabled(False)
self.date_time.setHidden(False)
self.date_time.setEnabled(True)
self.guess_button.setEnabled(False)
self.guess_button.setHidden(True)
self.to_all_button.setEnabled(True)
self.to_all_button.setHidden(False)
self.go_button.setText("\u2190 To")
self.new_window_button.setHidden(True)
self.new_window_button.setEnabled(False)
self.timestamp_count_label.setText("")
self.decode_from_file_button.setEnabled(False)
self.decode_from_file_button.setHidden(True)
self.dt_format_combo.setEnabled(False)
self.dt_format_combo.setHidden(True)
self._reset_table()
def _reset_table(self):
"""Resets the GUI structure"""
self.adjustSize()
self.setFixedWidth(490)
self.setFixedHeight(130)
self.output_table.setVisible(False)
self.output_table.clearContents()
self.output_table.setColumnCount(0)
self.output_table.setRowCount(0)
self.output_table.reset()
self.output_table.setStyleSheet("border: none")
def guess_decode(self):
"""Will take the provided timestamp and run it through the 'from_all' function"""
timestamp = self.timestamp_text.text()
selected_tz = self.time_zone_offsets.currentText()
tz_name = " ".join(selected_tz.split(" ")[1:])
if timestamp == "":
self._msg_box("You must enter a timestamp!", "Info")
return
if "UTC - Default" in selected_tz:
all_ts = from_all(timestamp)
else:
all_ts = from_all(timestamp, tz_name)
results = {}
for k, _ in all_ts.items():
results[k] = f"{all_ts[k][0]} {all_ts[k][2]}"
self.results = results
self.display_output(results)
def encode_toall(self):
"""Takes the date_time object, passes it to the to_timestamps function which encodes it"""
dt_val = self.date_time.text()
try:
dt_obj = dt.fromisoformat(dt_val)
except ValueError:
dt_obj = dt.strptime(dt_val, __fmt__)
if dt_obj.tzinfo is None:
dt_obj = dt_obj.replace(tzinfo=timezone.utc)
selected_tz = self.time_zone_offsets.currentText()
if "UTC - Default" not in selected_tz:
tz_name = " ".join(selected_tz.split(" ")[1:])
tz = tzone(tz_name)
dt_obj = dt_obj.replace(tzinfo=tz)
results, _ = to_timestamps(dt_obj)
self.results = results
self.display_output(results)
def display_output(self, ts_list):
"""Configures the output format for the provided values"""
self._reset_table()
tbl_fixed_width = 475
col2_width = 235
self_fixed_width = 490
if os.sys.platform == "linux":
tbl_fixed_width = 520
col2_width = 280
self_fixed_width = 535
self.output_table.setVisible(True)
self.output_table.setColumnCount(2)
self.output_table.setAlternatingRowColors(True)
self.output_table.setStyleSheet(
"""
border: none;
alternate-background-color: #EAF6FF;
background-color: white;
color: black;
selection-background-color: #1644b9;
"""
)
for ts_type, result in ts_list.items():
row = self.output_table.rowCount()
self.output_table.insertRow(row)
widget0 = QTableWidgetItem(ts_types[ts_type][0])
widget0.setFlags(widget0.flags() & ~Qt.ItemFlag.ItemIsEditable)
widget0.setToolTip(ts_types[ts_type][1])
widget1 = QTableWidgetItem(result)
widget1.setFlags(widget1.flags() & ~Qt.ItemFlag.ItemIsEditable)
self.output_table.setItem(row, 0, widget0)
self.output_table.item(row, 0).setTextAlignment(
int(Qt.AlignmentFlag.AlignLeft | Qt.AlignmentFlag.AlignVCenter)
)
self.output_table.setItem(row, 1, widget1)
self.output_table.item(row, 1).setTextAlignment(
int(Qt.AlignmentFlag.AlignLeft | Qt.AlignmentFlag.AlignVCenter)
)
if self.decode_radio.isChecked():
this_yr = int(dt.now(timezone.utc).strftime("%Y"))
try:
ts = result.split(" ")[0]
result_yr = int(dt.fromisoformat(ts).strftime("%Y"))
except ValueError:
split_ts = result.split(" ")
ts = f"{split_ts[0]} {split_ts[1]}"
result_yr = int(dt.strptime(ts, __fmt__).strftime("%Y"))
if result_yr in range(this_yr - 5, this_yr + 5):
for each_col in range(0, self.output_table.columnCount()):
this_col = self.output_table.item(row, each_col)
this_col.setBackground(QColor("lightgreen"))
this_col.setForeground(QColor("black"))
self.output_table.horizontalHeader().setFixedHeight(1)
self.output_table.verticalHeader().setFixedWidth(1)
self.output_table.setFixedWidth(tbl_fixed_width)
self.output_table.setColumnWidth(0, 220)
self.output_table.setColumnWidth(1, col2_width)
self.output_table.resizeRowsToContents()
self.output_table.setShowGrid(True)
total_row_height = sum(
self.output_table.rowHeight(row)
for row in range(self.output_table.rowCount())
)
self.output_table.setFixedHeight(400)
if total_row_height > 500:
self.setFixedHeight(540)
self.output_table.verticalScrollBar().show()
else:
self.setFixedHeight(self.height() + int(total_row_height + 12))
self.output_table.verticalScrollBar().hide()
self.setFixedWidth(self_fixed_width)
self.new_window_button.setEnabled(True)
self.new_window_button.setHidden(False)
if len(ts_list) > 1:
txt = "timestamps"
else:
txt = "timestamp"
self.timestamp_count_label.setText(f"{len(ts_list)} {txt}")
def go_function(self):
"""The To/From button: converts a date/timestamp, depending on the selected radio button"""
global __fmt__
results = {}
__fmt__ = date_formats[self.dt_format_combo.currentText()]
ts_format = self.timestamp_formats.currentText()
try:
ts_date = dt.fromisoformat(self.date_time.text()).replace(
tzinfo=timezone.utc
)
except ValueError:
ts_date = dt.strptime(self.date_time.text(), __fmt__).replace(
tzinfo=timezone.utc
)
selected_tz = self.time_zone_offsets.currentText()
if "UTC - Default" not in selected_tz:
tz_name = " ".join(selected_tz.split(" ")[1:])
tz = tzone(tz_name)
ts_date = ts_date.replace(tzinfo=tz)
in_ts_types = [k for k, v in ts_types.items() if ts_format in v]
if not in_ts_types:
self._msg_box(
f"For some reason {ts_format} is not in the list of available conversions!",
"Error",
)
return
ts_type = in_ts_types[0]
if self.encode_radio.isChecked():
is_func = False
ts_selection = f"to_{ts_type}"
for _, funcs in single_funcs.items():
this_func = funcs[1]
if inspect.isfunction(this_func):
func_name = this_func.__name__
if func_name == ts_selection:
is_func = True
if not is_func:
msg = (
f"Cannot convert to {ts_format}, information required to do this is "
"unavailable.\n\n"
"This is typically because the timestamp is only a small part of a larger "
"value, and the other 'parts' of the value are not available to combine with"
" the timestamp to provide a reasonable output."
)
self._msg_box(
msg,
"Warning",
)
return
ts_func = globals()[ts_selection]
result, _ = ts_func(ts_date)
results[ts_type] = result
self.results = results
self.display_output(results)
elif self.decode_radio.isChecked():
is_func = False
ts_text = self.timestamp_text.text()
if ts_text == "":
self._msg_box("You must enter a timestamp!", "Info")
return
ts_selection = f"from_{ts_type}"
for _, funcs in single_funcs.items():
this_func = funcs[0]
if inspect.isfunction(this_func):
func_name = this_func.__name__
if func_name == ts_selection:
is_func = True
if not is_func:
msg = (
f"Cannot convert from {ts_format}, information required to do this is "
"unavailable.\n\n"
"This is typically because the timestamp is only a small part of a larger "
"value, and the other 'parts' of are not available within your value to provide"
" a reasonable output."
)
self._msg_box(
msg,
"Warning",
)
return
ts_func = globals()[ts_selection]
result, _, _, reason, tz_out = ts_func(ts_text)
if not result:
self._msg_box(reason, "Error")
return
if "UTC - Default" not in selected_tz:
result, tz_out, _ = convert_timezone(tz_name, result)
if tz_out.startswith("+") or tz_out.startswith("-"):
results[ts_type] = f"{result}{tz_out}"
else:
results[ts_type] = f"{result} {tz_out}"
self.results = results
self.display_output(results)
def csv_decode(self):
"""GUI function to decode contents a CSV/TXT file from selected timestamp format"""
csv_file_path, _ = QFileDialog.getOpenFileName(
self, "Select a csv or txt document ...", "", "csv/txt files (*.csv *.txt)"
)
self.selected_header = None
combo_style = """
combobox-popup: 0;
background-color: white;
color: black;
selection-background-color: white;
selection-color: black;
"""
sample_rows = []
if csv_file_path:
self.csv_path = os.path.normpath(os.path.abspath(csv_file_path))
self.csv_content_window = CsvWindow(
self.timestamp_formats, self.time_zone_offsets, self.dt_format_combo
)
self.csv_content_window.setStyleSheet("background: white; color: black;")
self.csv_content_window.window_label.setFont(self.text_font)
self.csv_content_window.setWindowTitle("Choose your options for conversion")
self.csv_content_window.setMaximumWidth(330)
self.csv_go_button = QPushButton(self.csv_content_window)
self.csv_go_button.setObjectName("csv_go_button")
self.csv_go_button.setEnabled(True)
self.csv_go_button.setHidden(False)
self.csv_go_button.setFont(self.text_font)
self.csv_go_button.setText("Go")
self.csv_go_button.setGeometry(QRect(315, 230, 70, 22))
self.csv_go_button.setStyleSheet("background: white; color: black;")
self.csv_go_button.clicked.connect(
lambda: self.submit_csv_data(
csv_file_path,
self.csv_content_window.ts_formats.currentText(),
self.selected_header,
tz_name=self.csv_content_window.time_zones.currentText(),
dt_format=date_formats[
self.csv_content_window.dt_formats.currentText()
],
)
)
self.select_new_csv = QPushButton(self.csv_content_window)
self.select_new_csv.setObjectName("select_new_csv")
self.select_new_csv.setEnabled(True)
self.select_new_csv.setHidden(False)
self.select_new_csv.setFont(self.text_font)
self.select_new_csv.setText("Load new..")
self.select_new_csv.setGeometry(QRect(240, 260, 70, 22))
self.select_new_csv.clicked.connect(self.select_new_file)
self.select_new_csv.setToolTip(
"Load a new CSV/TXT file to replace the current one."
)
self.csv_content_window.ts_formats.setGeometry(QRect(10, 230, 225, 22))
self.csv_content_window.ts_formats.setStyleSheet(combo_style)
self.csv_content_window.ts_formats.view().setVerticalScrollBarPolicy(
Qt.ScrollBarPolicy.ScrollBarAsNeeded
)
self.csv_content_window.ts_formats.setFont(self.text_font)
self.csv_content_window.time_zones.setGeometry(QRect(10, 260, 225, 22))
self.csv_content_window.time_zones.setStyleSheet(combo_style)
self.csv_content_window.time_zones.view().setVerticalScrollBarPolicy(
Qt.ScrollBarPolicy.ScrollBarAsNeeded
)
self.csv_content_window.time_zones.setFont(self.text_font)
self.csv_content_window.dt_formats.setGeometry(QRect(240, 230, 70, 22))
self.csv_content_window.dt_formats.setToolTip(
"Choose your desired date/time format."
)
self.csv_content_window.dt_formats.setFont(self.text_font)
self.csv_close_button = QPushButton(self.csv_content_window)
self.csv_close_button.setObjectName("csv_close_button")
self.csv_close_button.setFont(self.text_font)
self.csv_close_button.setText("Close")
self.csv_close_button.setGeometry(QRect(315, 260, 70, 22))
self.csv_close_button.clicked.connect(self.csv_content_window.close)
try:
with open(csv_file_path, "r", newline="", encoding="utf-8") as src:
sample = src.read(1024)
try:
dialect = csv.Sniffer().sniff(sample)
except csv.Error:
dialect = csv.get_dialect("excel")
src.seek(0)
reader = csv.reader(src, dialect)
columns = len(next(reader, None))
src.seek(0)
rows = 5
for row in reader:
sample_rows.append(row)
rows -= 1
if rows == 0:
break
except (FileNotFoundError, PermissionError):
handle(sys.exc_info())
self.csv_content_window.output_table.setColumnCount(columns)
self.csv_content_window.output_table.setRowCount(len(sample_rows))
self.csv_content_window.output_table.setHorizontalHeaderLabels(
[str(i + 1) for i in range(columns)]
)
self.csv_content_window.output_table.setAlternatingRowColors(True)
self.csv_content_window.output_table.setStyleSheet(
"""
border: none;
alternate-background-color: #EAF6FF;
background-color: white;
color: black;
selection-background-color: #1644b9;
"""
)
self.csv_content_window.output_table.setFont(self.text_font)
for row_index, row in enumerate(sample_rows):
for col_index in range(columns):
cell_text = row[col_index] if col_index < len(row) else ""
item = QTableWidgetItem(cell_text)
item.setFlags(item.flags() & ~Qt.ItemFlag.ItemIsEditable)
self.csv_content_window.output_table.setItem(
row_index, col_index, item
)
self.csv_content_window.output_table.verticalHeader().setFixedWidth(1)
self.csv_content_window.output_table.horizontalHeader().setFixedHeight(1)
self.csv_content_window.output_table.resizeColumnsToContents()
self.csv_content_window.output_table.setGeometry(
QRect(
10,
50,
380,
self.csv_content_window.output_table.verticalHeader().length() + 20,
)
)
self.csv_content_window.setFixedSize(
400,
290,
)
self.csv_content_window.output_table.itemSelectionChanged.connect(
self.get_column_number
)
window_width = self.csv_content_window.width()
window_height = self.csv_content_window.height()
self.csv_content_window.window_label.setGeometry(
QRect(10, 10, window_width - 10, 30)
)
self.csv_content_window.window_label.setText(
(
"Select the column which contains your timestamps, then\n "
"choose a timestamp format and time zone, then click 'Go'."
)
)
x = (self.screen_layout.width() // 2) - (window_width // 2)
y = (self.screen_layout.height() // 2) - (window_height // 2)
self.csv_content_window.move(x, y)
self.csv_content_window.show()
def select_new_file(self):
"""Simply closes the open CSV window and reloads to select a new file"""
self.csv_content_window.close()
self.csv_decode()
def submit_csv_data(
self, csv_file, ts_format, column_num, tz_name=None, dt_format=None
):
"""Prepares data to submit for csv conversion"""
global __fmt__
if dt_format is not None and dt_format != __fmt__:
__fmt__ = dt_format
in_ts_types = [k for k, v in ts_types.items() if ts_format in v]
if not in_ts_types:
self._msg_box(
f"For some reason {ts_format} is not in the list of available conversions!",
"Error",
)
return
ts_type = in_ts_types[0]
if tz_name is not None and "UTC - Default" not in tz_name:
tz_name = " ".join(tz_name.split(" ")[1:])
status, dest, reason = generate_csv(
csv_file, ts_type, column_num, tz_name=tz_name
)
else:
status, dest, reason = generate_csv(csv_file, ts_type, column_num)
dest = os.path.normpath(dest)
if status:
self._msg_box(f"Output CSV file saved as {dest}.", "Info")
return
if reason is None:
reason = "Unknown"
self._msg_box(
f"CSV could not be processed. {dest} is incomplete.\n\nReason: {reason}",
"Error",
)
def get_column_number(self):
"""Gets the selected column number from the sample data and sets it into a variable"""
table = self.csv_content_window.output_table
selected_items = table.selectedItems()
if selected_items:
self.selected_header = selected_items[0].column() + 1
def _menu_bar(self):
"""Add a menu bar"""
self.menu_bar = self.menuBar()
self.menu_bar.setStyleSheet(self.stylesheet)
self.file_menu = self.menu_bar.addMenu("&File")
self.exit_action = QAction("&Exit", self)
self.exit_action.triggered.connect(QApplication.instance().quit)
self.exit_action.setFont(self.text_font)
self.csv_decode_action = QAction("&Decode from file ...", self)
self.csv_decode_action.triggered.connect(self.csv_decode)
self.csv_decode_action.setFont(self.text_font)
self.file_menu.addAction(self.csv_decode_action)
self.file_menu.addAction(self.exit_action)
self.menu_bar.addMenu(self.file_menu)
self.view_menu = self.menu_bar.addMenu("&View")
self.view_action = QAction("E&xamples", self)
self.view_action.triggered.connect(self._examples)
self.view_action.setFont(self.text_font)
self.view_menu.addAction(self.view_action)
self.menu_bar.addMenu(self.view_menu)
self.help_menu = self.menu_bar.addMenu("&Help")
self.about_action = QAction("&About", self)
self.about_action.triggered.connect(self._about)
self.about_action.setFont(self.text_font)
self.help_menu.addAction(self.about_action)
self.menu_bar.setFont(self.text_font)
def _msg_box(self, message, msg_type, buttons="ok"):
button_choice = None
if buttons == "ok":
button_choice = QMessageBox.StandardButton.Ok
elif buttons == "ok_cancel":
button_choice = (
QMessageBox.StandardButton.Ok | QMessageBox.StandardButton.Cancel
)
elif buttons == "yes_no_cancel":
button_choice = (
QMessageBox.StandardButton.Yes
| QMessageBox.StandardButton.No
| QMessageBox.StandardButton.Cancel
)
elif buttons == "yes_no":
button_choice = (
QMessageBox.StandardButton.Yes | QMessageBox.StandardButton.No
)
self.msg_box = QMessageBox()
self.msg_box.setStyleSheet("background-color: white; color: black;")
self.msg_box.setSizePolicy(
QSizePolicy.Policy.Expanding, QSizePolicy.Policy.Expanding
)
if msg_type == "Error":
self.msg_box.setIcon(QMessageBox.Icon.Critical)
elif msg_type == "Info":
self.msg_box.setIcon(QMessageBox.Icon.Information)
elif msg_type == "Warning":
self.msg_box.setIcon(QMessageBox.Icon.Warning)
elif msg_type == "":
self.msg_box.setIcon(QMessageBox.Icon.NoIcon)
msg_type = "Unidentified"
self.msg_box.setWindowTitle(msg_type)
self.msg_box.setFixedSize(300, 300)
self.msg_box.setText(f"{message}\t")
self.msg_box.setStandardButtons(button_choice)
x = (self.screen_layout.width() // 2) - (self.msg_box.width() // 2)
y = (self.screen_layout.height() // 2) - (self.msg_box.height() // 2)
self.msg_box.move(x, y)
self.msg_box.exec()
def _about(self):
self.about_window = AboutWindow()
self.about_window.setWindowFlags(
self.about_window.windowFlags() & ~Qt.WindowType.WindowMinMaxButtonsHint
)
github_link = f'View the source on GitHub'
self.about_window.setWindowTitle("About")
self.about_window.about_label.setText(
f"Version: {__appname__}\nLast Updated: {__date__}\nAuthor: {__author__}"
)
self.about_window.about_label.setFont(self.text_font)
self.about_window.url_label.setOpenExternalLinks(True)
self.about_window.url_label.setText(github_link)
self.about_window.url_label.setFont(self.text_font)
self.logo = QPixmap()
self.logo.loadFromData(base64.b64decode(self.__fingerprint__))
self.about_window.logo_label.setPixmap(self.logo)
self.about_window.logo_label.resize(20, 20)
about_width = self.about_window.width()
about_height = self.about_window.height()
x = (self.screen_layout.width() // 2) - (about_width // 2)
y = (self.screen_layout.height() // 2) - (about_height // 2)
self.about_window.move(x, y)
self.about_window.show()
def _examples(self):
if self.examples_window is None:
structures = {}
for _, data_list in ts_types.items():
structures[data_list[0]] = (
data_list[1],
data_list[2],
)
structures = sorted(structures.items(), key=lambda item: item[0].casefold())
self.examples_window = NewWindow()
self.examples_window.window_label.setGeometry(QRect(0, 0, 200, 24))
self.examples_window.setWindowTitle("Timestamp Examples")
self.examples_window.setStyleSheet(
"""
border: none; alternate-background-color: #EAF6FF;
background-color: white; color: black;
"""
)
self.examples_window.output_table.setColumnCount(2)
for example in structures:
row = self.examples_window.output_table.rowCount()
self.examples_window.output_table.insertRow(row)
widget0 = QTableWidgetItem(example[1][0])
widget0.setFlags(widget0.flags() & ~Qt.ItemFlag.ItemIsEditable)
widget0.setToolTip(example[0])
widget1 = QTableWidgetItem(example[1][1])
widget1.setFlags(widget1.flags() & ~Qt.ItemFlag.ItemIsEditable)
self.examples_window.output_table.setItem(row, 0, widget0)
self.examples_window.output_table.item(row, 0).setTextAlignment(
int(Qt.AlignmentFlag.AlignLeft | Qt.AlignmentFlag.AlignVCenter)
)
self.examples_window.output_table.item(row, 0)
self.examples_window.output_table.setItem(row, 1, widget1)
self.examples_window.output_table.item(row, 1).setTextAlignment(
int(Qt.AlignmentFlag.AlignLeft | Qt.AlignmentFlag.AlignVCenter)
)
self.examples_window.output_table.horizontalHeader().setFixedHeight(1)
self.examples_window.output_table.verticalHeader().setFixedWidth(1)
self.examples_window.output_table.setGeometry(
QRect(
0,
0,
self.examples_window.output_table.horizontalHeader().length(),
self.examples_window.output_table.verticalHeader().length(),
)
)
self.examples_window.output_table.resizeColumnsToContents()
self.examples_window.output_table.resizeRowsToContents()
self.examples_window.output_table.setShowGrid(True)
self.examples_window.output_table.setAlternatingRowColors(True)
self.examples_window.setFixedSize(
self.examples_window.output_table.horizontalHeader().length() + 48,
400,
)
self.examples_window.output_table.setFont(self.text_font)
text = (
f"{self.examples_window.output_table.rowCount()} timestamp examples. "
"NOTE: Not all timestamp can be converted TO, as a timestamp may be only PART"
" of the total value."
)
self.examples_window.window_label.setText(text)
self.examples_window.window_label.setFont(self.text_font)
x = (self.screen_layout.width() // 2) - (self.examples_window.width() // 2)
y = (self.screen_layout.height() // 2) - (
self.examples_window.height() // 2
)
self.examples_window.move(x, y)
self.examples_window.show()
else:
self.examples_window.close()
self.examples_window = None
self._examples()
def _new_window(self):
table_data = self.results
selected_tz = self.time_zone_offsets.currentText()
msg = title = ""
if self.encode_radio.isChecked():
entered_value = self.date_time.text()
title = f"Encoded: {entered_value}"
if "UTC - Default" not in selected_tz:
entered_value = f"{entered_value} {selected_tz}"
msg = f"Encoded: {entered_value}"
elif self.decode_radio.isChecked():
entered_value = self.timestamp_text.text()
title = f"Decoded: {entered_value}"
if "UTC - Default" not in selected_tz:
entered_value = f"{entered_value} {selected_tz}"
msg = f"Decoded: {entered_value}"
if self.new_window is None:
self.new_window = NewWindow()
self.new_window.window_label.setGeometry(QRect(0, 0, 200, 24))
self.new_window.window_label.setText(msg)
self.new_window.window_label.setFont(self.text_font)
self.new_window.setWindowTitle(title)
self.new_window.setStyleSheet(
"""
border: none; alternate-background-color: #EAF6FF;
background-color: white; color: black;
"""
)
self.new_window.output_table.setColumnCount(2)
for ts_type, result in table_data.items():
row = self.new_window.output_table.rowCount()
self.new_window.output_table.insertRow(row)
widget0 = QTableWidgetItem(ts_types[ts_type][0])
widget0.setFlags(widget0.flags() & ~Qt.ItemFlag.ItemIsEditable)
widget0.setToolTip(ts_types[ts_type][1])
widget1 = QTableWidgetItem(result)
widget1.setFlags(widget1.flags() & ~Qt.ItemFlag.ItemIsEditable)
self.new_window.output_table.setItem(row, 0, widget0)
self.new_window.output_table.item(row, 0).setTextAlignment(
int(Qt.AlignmentFlag.AlignLeft | Qt.AlignmentFlag.AlignVCenter)
)
self.new_window.output_table.item(row, 0)
self.new_window.output_table.setItem(row, 1, widget1)
self.new_window.output_table.item(row, 1).setTextAlignment(
int(Qt.AlignmentFlag.AlignLeft | Qt.AlignmentFlag.AlignVCenter)
)
if self.decode_radio.isChecked():
ts = result.split(" ")[0]
this_yr = int(dt.now(timezone.utc).strftime("%Y"))
try:
ts = result.split(" ")[0]
result_yr = int(dt.fromisoformat(ts).strftime("%Y"))
except ValueError:
split_ts = result.split(" ")
ts = f"{split_ts[0]} {split_ts[1]}"
result_yr = int(dt.strptime(ts, __fmt__).strftime("%Y"))
if result_yr in range(this_yr - 5, this_yr + 5):
for each_col in range(
0, self.new_window.output_table.columnCount()
):
this_col = self.new_window.output_table.item(row, each_col)
this_col.setBackground(QColor("lightgreen"))
this_col.setForeground(QColor("black"))
self.new_window.output_table.horizontalHeader().setFixedHeight(1)
self.new_window.output_table.verticalHeader().setFixedWidth(1)
self.new_window.output_table.setGeometry(
QRect(
0,
0,
self.new_window.output_table.horizontalHeader().length(),
self.new_window.output_table.verticalHeader().length(),
)
)
self.new_window.output_table.resizeColumnsToContents()
for col in range(0, self.new_window.output_table.columnCount()):
col_width = self.new_window.output_table.columnWidth(col)
self.new_window.output_table.setColumnWidth(col, col_width + 10)
self.new_window.output_table.resizeRowsToContents()
row_height = self.new_window.output_table.rowHeight(row)
total_row_height = sum(
row_height for row in range(self.new_window.output_table.rowCount())
)
if total_row_height < 400:
window_height = total_row_height + (row_height * 2) + 8
else:
window_height = 400
self.new_window.output_table.setShowGrid(True)
self.new_window.output_table.setAlternatingRowColors(True)
self.new_window.setFixedSize(
self.new_window.output_table.horizontalHeader().length() + 38,
window_height,
)
self.new_window.output_table.setFont(self.text_font)
x = (self.screen_layout.width() // 2) - (self.new_window.width() // 2)
y = (self.screen_layout.height() // 2) - (self.new_window.height() // 2)
self.new_window.move(x, y)
self.new_window.show()
else:
self.new_window.close()
self.new_window = None
self._new_window()
class TimeDecodeGui(QMainWindow, UiMainWindow):
"""TimeDecode Class"""
stylesheet = """
QMainWindow {
background-color: white; color: black;
}
QLineEdit {
background-color: white; color: black;
}
QDateTimeEdit {
background-color: white; color: black;
}
QMenu {
background-color: white; color: black; border: 1px solid black; margin: 0;
}
QMenu::item {
background-color: white; color: black; margin: 0; padding: 4px 20px 4px 20px;
}
QMenu::item:selected {
background-color: #1644b9; color: white; margin: 0; padding: 4px 20px 4px 20px;
}
QMenuBar {
background-color: white; color: black;
}
QMenuBar::item {
background-color: white; color: black;
}
QMenuBar::item:selected {
background-color: #1644b9; color: white;
}
"""
__fingerprint__ = """
AAABAAIAMDAAAAEAIACoJQAAJgAAABAQAAABACAAaAQAAM4lAAAoAAAAMAAAAGAAAAABACAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAC9hGcXr4JvPgAAAAAAAAAAwoJYDrZ+V2qwgWEDAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAC/hGd/uIRsVgAAAAC9gmJPqH1n/Zp8bn+hh4UBwYBUH7N6UPCnelWY
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWKcAy+h29Juot5BQAAAAC/hGV7s4Bm+6t/aaGpgW4KpX1o
VpZ4ZfaReGaGAAAAALB7UUCjdk74nHdRcwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMOGajm7g2n3sIFt4KmB
cV+uiXwBs4FmO6l8YuSie2LKn3xnFpV5ZTmRd2NOAAAAAAAAAAChd01il3NG+5V0SD8AAAAAQTq1
DjQ0us81N8opAAAAADY1unoyNcxVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMKLdBXA
kHsJAAAAAAAAAAC7h24VsIFriKZ9avegfGq+n35sG6qAZBqgeV3Qmnha1Zx7XhUAAAAAAAAAALZ8
Qx0AAAAAl3NAnZBxOeKTdT0QSkG6ATQ0vL4wNM3DPUHcATY1u34vM8/qMjjcDwAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAypJ5BL6EafSzgm38qoFx0aN/coKigXUdAAAAAKV+bCademTKmHhh5pl6YjGe
eV4SmHZV0ZV1UsmdflgJv3w+GrB0Nv2ldTpNmHU/DY9vLt+NbyqYAAAAADc3xCYvM835MDXYWTw6
xQovM9DkLTPcgwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+Gax20gm1HqoBug6F9bNybemr4
mHpphJx/bwadfGwIl3dcqpN1V+6VeFktmHdZG5JzSuWSc0aeAAAAAK11MY2ecSzrnHUxF5BwKEyL
bBv8j3AiGAAAAAAwNNCRLTPY2zQ74AMwNNRsLDLd7zE44w1VRroBOTfCRD0/1QEAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAKaDdQObe2hglXdh7ZN3XsOWemERm3xjA5J0U66Pc03glnhNE5JzST2OcDn8
kXM2Uat4MweccCPVlW8fpAAAAACObx43l3cxAQAAAAA0N9QaLTLY+C4031Q1OdkLLDLc7y004WZH
PLIRNTS//TM200MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAu4RqUquBcJ+ffnTJmH112pJ6csyRenBOAAAAAAAAAAAAAAAAlnllIJF0V9iPdFTIlHlc
CpR3WwuOcUTUj3E/qgAAAACNbzSNjW4n45d2KQuZcCFCkWwR/pJwEjMAAAAAqW8INpxvDxIAAAAA
LjPapi0z3rkAAAAALjTdli0z4KwAAAAANjXDxDE01JIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuoJlyauAbbCffnF/lntwbJJ6b3ySem40AAAAALJ8
URmjelghAAAAAJN3WhuOckzkj3NIoAAAAACOcUU1kHEw/Jh3MEWLb0IOi2wd6Y5uGHgAAAAAj2sN
vI5sCKwAAAAAqG0DxZVrBY0AAAAAMDXbSSwz3fsxOOEUMzngCTE34RIAAAAANjXHfDEz1dYAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAALJ5SHqadU7ysYxRQwAAAACzjEU90qE8/OCrNUsAAAAA4KgmoOCn
H8QAAAAAzZkRds6ZC+feowcGl3EPS5FuA/uVcQkYo2wDc5JpAuOofR4BNzzdBy0z3fQuNN9XAAAA
AAAAAAAAAAAAODfKPjEz1P41Od0TQziwFj05wRcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAo39rHJ19ZjqYe2Q9lXpmIZ+EeAEAAAAAAAAAAKl6XALZp0yU4q5F9eKtPzgA
AAAA4aowl+CpKdngpx8E36caLN+mE/7epQ0u3qMIEt2jBvfdogRR3KECA9ufAOnUmgBoom8MJZNp
AP+QawgvAAAAAC4z3b4uM96QAAAAAD45wxQ2ONQZPjzODTIz0/0zNdpCQTewPjg2xrUAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAv4FbJbR+XZSoe1/in3lf/5h3Xv+Sdlv/kXZY/7WQWOHir1J9
469MDQAAAADjrUMB4aw7oeGrMufgqSsb4KgkFt+nHfTfphdhAAAAAN6kCc7eoweCAAAAAN2hArDc
oAGiAAAAANyfAKPcngCrAAAAANWYAOPDjAFpAAAAAC80248vM928AAAAADs2uY8yNNSxAAAAADM0
0+IyNdloRTu3FDc0yP82N9YxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvn9WgrR8WMape1xwoXti
Mpx8bA+VeWkMwppaLeOwUnjir0rl4q1E4uGsOz0AAAAA4KovB+CpJ8rgpx/C36YXBN+lEm3epQ5g
AAAAAN2iBYndogPBAAAAANygAF3cnwCxAAAAANydAG3bnADdAAAAANqaALPamgCWAAAAADY63W0w
NNzbAAAAADw2u3YzNNTSAAAAADQ008UzNdeEAAAAADk1x/I1NdRVAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADirUIM4aw5nOGqMfngqSlXAAAA
AN+nHCHfphTv3qUNhgAAAAAAAAAAAAAAANyhAVzcoADqAAAAAAAAAAAAAAAAAAAAANucAEnbmwD7
2poAA9qZAJHamQC1AAAAAExP4lhHSeDtAAAAADw2vWI0NNPlAAAAADU10rIzNdaWAAAAADk1x9o1
NdJsAAAAAAAAAAAAAAAAAAAAAAAAAACyhGgBoHpZQ5l5WJPKn1jG47FT2eOvTsvirkeZ4q1AQgAA
AAAAAAAAAAAAAOCoJnnfpx7736YWUQAAAADepApR3qMH/d2iBVMAAAAAAAAAANyfAEncnwD8AAAA
AAAAAAAAAAAAAAAAANqaADnamgD/2pkADdqZAH7amADHAAAAAE1P4FBOT+D1AAAAAD84vVk1NdLt
AAAAADY10Kk1NdSeAAAAADo1x8s2NdF7AAAAAAAAAAAAAAAAAAAAAMaHUQmxeUzTqX5R+8+hVbnj
sVN7469OY+KuR3TirT+x4as2+uGqLsPgqCYqAAAAAAAAAADfpROB3qQM9t6jBzkAAAAA3aIEgN2h
AffcoABRAAAAANyeAG/cnQDsAAAAANqbABfamwC32poACNqZADvamQD/2pkAC9qYAHnalwDMAAAA
AE9P31JQT9/zAAAAAE5M2Fw9PNXpAAAAADc1z6s1NdKcAAAAADo1xcI3Nc+DAAAAAAAAAAAAAAAA
AAAAAMWFUAKzekpoxpZRHAAAAAAAAAAAAAAAAAAAAAAAAAAA4aotIeCoJLPfpxz236YTXAAAAADe
pAkB3qMGoN2iBOncoQIhAAAAANygAIPcnwD93J0A2NudAPzbnAB1AAAAANqaAE7amgD42pkABdqY
AFDamAD22pgAAdmXAILZlgDDAAAAAFBQ3h1RUN5yAAAAAFNP2mxTT9rZAAAAADg1zLc2NdCQAAAA
ADw1w8I5Nc2DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4q1EJ+KtQGvhrDmN4asxi+CpKmPgqCIY
AAAAAOCnGgHepRJ13qQL/N6jB3kAAAAA3aEDBt2hAcDcoADW3J8AFAAAAADcnQA03J0ActucAD8A
AAAAAAAAANqZAJ7amQC8AAAAANqYAHrZlwDRAAAAANiWAJrYlQCtAAAAAAAAAAAAAAAAAAAAAFRQ
2YlVUNi+AAAAADo2y844Nc97AAAAAD42wsk6Nct8AAAAAAAAAAAAAAAAAAAAAOOuRz3irUTC4q0/
/+GsOObhqjG/4KkqwuCoIe/fpxr636URm96kChUAAAAA3qMGV92iBPndoQMmAAAAANyfABHcngDS
3J0A0NycABoAAAAAAAAAAAAAAAAAAAAA2pkAQNqYAPvamABLAAAAANmXAMjZlgCQAAAAANiVAMHY
lQCKAAAAAFRQ2R1UUNkRAAAAAFZQ17JWUNaYAAAAAE1G0O06Ns1bAAAAAEA2v9c7NsluAAAAAAAA
AAAAAAAAAAAAAOKtQcDirD2p4aw4NuCrMwEAAAAAAAAAAN+mGATepRFT3qQK2N6jBujdogRDAAAA
ANyhAg0AAAAAAAAAAAAAAADcnQAV25wAyNubAOramgBv2pkALNqZADbamACH2pgA99qYAJEAAAAA
2JYAQ9iWAP7YlQAt2JUACtiUAPXYlABTAAAAAFVQ2MdVUNh8AAAAAFhQ1eVYUNVmWlHTGVtR0v9T
StAxAAAAAEE2u+09N8daAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA3qIGCN2iBJbdoQH73KAAZQAAAAAAAAAA3J0AlducAJnamwAF2psAB9qaAH3amQDp2pkA
/9qYAP/amADW2pcAYAAAAADYlgAX2JUA39iVAJ0AAAAA2JQAXNiUAPTYlAANVlDXFVZQ1/xXUNZD
WVDUJllR0/9aUdMrXFLSCVxS0X1dUtAEVT6pC0I2uP4/OMU+AAAAAEE4wpUAAAAAAAAAAEJM6wtC
TOteQkzrEwAAAABDTOrPREzp3URM6ZdFTegrAAAAAAAAAADcnwBr3J4A/NydAHoAAAAA25wAOtub
AOvamgDD2pkAIgAAAADamAAC2pgAHNqYABQAAAAAAAAAANiVACrYlQDX2JUAzdiVAAzYlAAE2JQA
1diUAJUAAAAAV1DVclhQ1edYUNUEW1HScVtR0uJcUtIBAAAAAAAAAAAAAAAAUjuhLkM2tv9DO8Qc
ST7CDkA2v/tKQcgGQkzrC0NM6+VDTOrtQ0zqMAAAAABETOk1REzpb0VN6MVGTej8Rk3nkkdN5woA
AAAA3J0AVtucAPnbmwCM2poAAdqaACDamQDD2pkA9tqYAJTalwA+2ZcAFdiWABfYlQBD2JUAmdiV
APjYlQC32JUAEQAAAADYlAB/2JMA8NiTABlZUNMIWVDU4lpR04AAAAAAXVLQyV1S0JAAAAAAAAAA
AAAAAAAAAAAAVT+oWUU3tPBORMgBRjq7MkE2vP9JPcESQkzrAUNM6lBDTOkMAAAAAAAAAAAAAAAA
AAAAAAAAAABHTedMR03m5UhN5tFJTeUhAAAAANqbAEjamgD02pkApNqYAAjamAAC2pgAWtmXAMjZ
lwD+2ZYA/9iVAP/YlQD82JUAw9iVAFXYlQABAAAAANiTAFrYkwD82JMAWAAAAABaUdKAW1HS61tR
0hBeUs8xXlLO/l9SzjBiU8sTYlPKUwAAAAAAAAAAY1HEjUo6sr8AAAAARzi3XUM2uu1WTMwBAAAA
AAAAAAAAAAAARU3oF0ZN5yZHTecPAAAAAAAAAAAAAAAASU3lFklO5MBNUOPpWlfgOAAAAADblQI2
3I0B59mKAczRhQsnAAAAAAAAAADYlgAR2JUAMdiVAC/YlQAOAAAAAAAAAAAAAAAA2JMAAtiTAO/Y
kwB1AAAAAFxR0TxcUdH6XVLRXAAAAABgUs2nYFLMwAAAAABjU8l7Y1PJ2AAAAAAAAAAAZ1PEyV1K
vYYAAAAASDiyjUU3uL8AAAAAAAAAAEVN6HRFTejiRk3n/0dN5/9HTeb+SE3mz0lN5WxKSOQJAAAA
AF5a2wZhWt+iYFnf9mNa2lMAAAAA14cIG9iGAr7WhQD30YMEisuBDR0AAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAANiTAAgAAAAAXVLQK11S0OpeUs+cAAAAAGFTzDNhU8v9YlPLQ2VTxgFl
U8fZZVPGgQAAAABpU8ITaVPC/GpTwUMAAAAASjiuxUc4tYkAAAAAAAAAAEZN6HFGTedtR03nLkdN
5x1ITeY6SkzkhkxE5uxEQergQEHrSQAAAABoXtQBY1rcgWJY3fxlWdl9bV7JAsiCGgLTgwVg04IB
3dKBAP3PgALQzn4Cqsx9AqfKfQZlAAAAAAAAAAAAAAAAAAAAAAAAAABeUs8/XlLP619SzrFeUs8F
Y1PKBGJTyspjU8mxAAAAAGZTxUNmU8X8Z1PFIAAAAABrU8Bfa1O/8GtTvwZdQaULTDip+Us5s00A
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE9F4RBFQumVPj/s/Tw/7ZI+QusHAAAAAGVa
2FllWNr0ZlfXu2hXzyAAAAAAxH8aAs2ABz/NfgV+zH4Dnsx9AqDKfQdSAAAAAAAAAAAAAAAAbU20
DGhMwYdgUc37X1LNmV9TzQUAAAAAY1PJhmRTyO9kU8cdAAAAAGhTw7hoU8OtAAAAAAAAAABtVL26
blS9oAAAAABZO5tLTjim+lI/sw4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAQEHrSTw/7eo8P+y5AAAAAAAAAABoWtMoZ1fUyWdV0/ZoVc+MalXIIgAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAHBQsSJsTL1/a0y/6WtLvudqTL5XAAAAAAAAAABkU8dfZVPH/GVTxlAAAAAAaVPC
O2pTwf5qU8EzAAAAAAAAAABvVLuscFS6NQAAAABbOpOaUjmjvAAAAAAAAAAAAAAAAAAAAAAAAAAA
WkXcG1dD4bNUQ+KPUkPhRVhJ1wMAAAAAAAAAAD9C6xw9QOxPAAAAAAAAAAAAAAAAb13DAmpXzmBp
VM7XaVPN/mpTydRrUsWka1DCkGxQv5NsT76tbE6+3GxNv/9tTb7ebU28dm1Otw0AAAAAAAAAAAAA
AABmU8bdZlPFcAAAAABrU78Da1O/ymxTv6gAAAAAAAAAAAAAAAAAAAAAAAAAAHZVswZgPpTrVjqe
aAAAAAAAAAAAAAAAAAAAAAAAAAAAXEbYD1hD34xUQuHCUULk/E9C5N5NQ+RoUEfeBQAAAAAAAAAA
AAAAAAAAAAAAAAAAbk6/AgAAAABzXbcBbFXHN2xTx3psUsSkbFHCtm1QvrNtT72cbk+8cW5PuTNx
U6wBAAAAAAAAAABPRtoJUEbaDAAAAABnU8QBAAAAAAAAAABtVL5zbVS98W5UvRwAAAAAAAAAAAAA
AAAAAAAAAAAAAHhVsVVmQpf3Xz+dEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVUbd
G1BD44dNQuTzS0Lk2EtD40gAAAAAAAAAAAAAAABmRdE8ZETU7WFE1XthR9ISAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT0bbCE1D3mRMQ97iTUPdmwAAAAAAAAAAAAAAAG5UvDlv
VLz5b1S7YAAAAAB1VLUHdVW0a3ZVswQAAAAAAAAAAHtVrsNxSZygAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAYEbVC1hE31NQQ+JHTUXhEwAAAABPRN8YTELjnUpB5f1JQeSqSkPjGgAAAABoSMoFZkXR
cWJE1edfRNf2XETYq1lF2WVXRdk0V0bYGFRG2A9TRdoXUETcMU9D3V1OQ96eTUPe7E1D3vNOQ92J
UEXaDwAAAAAAAAAAVEXXKGBLy+lxVbmZAAAAAAAAAAB2VbOfd1Wy6HdVsg0AAAAAfVWrQH1Vq/1+
VaksAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXkTaPVhD3+9QQuL8SkHl+0ZB5qtFQuYhAAAAAExD
4TpKQePRSEHk8UhC43BLRuAEAAAAAGZJzAdhRdRXXUTXq1pF2OpXRNr/VUPb/1NC3P9RQtz/UELd
/09C3e9PQ922T0TcaFBG2hAAAAAAAAAAAAAAAABVRNY0VEPY6FVE1q9oUMIEAAAAAHdVsoF4VbH3
eVWwOgAAAAB/VakCf1apyoBWp6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABV
R9oJTEPjS0dB5shEQOfwQ0HmXAAAAABORt0FSkLidElB4/JIQuPVSULiT09J3AEAAAAAAAAAAAAA
AABbR9UXWEXYMFVE2ThURNkxVEbZGldL1AEAAAAAAAAAAAAAAAAAAAAAW0jRA1dF1m9WRNb3VkTV
n1xJzgUAAAAAdVO0e3lVr/t6Va5RAAAAAAAAAACBVqZqglal9YJWpSAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEtG4QRFQeWAQ0Dm+0NA5rBHROIIAAAAAExE4BlK
QuKbSUHi+0lC4c5KQ+BfTUbeCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBK
zgVcRdNVWUXU0FhE1fJZRdRmAAAAAGFKzANdRdCRZUnG+ntVrVYAAAAAAAAAAINWpCiDVqTzhFaj
cwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnR88gZETUxWBF1WFiSs4C
RULkM0RB5adGQ+QPAAAAAAAAAAAAAAAATETfJEpC4JdKQuDzS0Lg80xD3qMAAAAAe0y2A3lIvi1z
SMIobkfGLmlHyURlRs1qYkbPo19F0etdRdL2W0XSllxG0RoAAAAAbUnDGmRFy7xfRM/wXkXORwAA
AAAAAAAAAAAAAIVWosyGVqG4hlahAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAZUXSX2BE1/RcRNjHWkbXKQAAAAAAAAAAc0vABXBGybluR8pvbEnHCwAAAABORdwN
TEPeWk1D3X0AAAAAe0i8RHlGwP90RsT/b0bH/2pGyv1mRszgY0bNq2FGz2RhSM0SAAAAAIxPowJ+
SbdlcUfC7WhFyc9jRssnAAAAAAAAAAAAAAAAAAAAAIdXoEqIV58QAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGJG0yJdRNe9WUTa9ldF2nRYSNYDdU66
AXJHx31uRsrtakXM7mdGzZFlR800Z03GAQAAAAAAAAAAAAAAAHtJuRd1R8IecUnCGW5MwQcAAAAA
AAAAAAAAAAAAAAAAAAAAAI5KqUKDSLT2dUe+fm1KwQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABhS84BWkXXa1dE2vNUQ9vJVETaMQAAAABvScQMbEfKaWhGzMxlRc//YkXP4WBF0J5fRdFmXkbR
PF1H0R9dR9AQXEbQEFtG0R9aRNE+WkTSbFtE0Z5dRc8YAAAAAAAAAACHTKsKAAAAAAAAAAAAAAAA
a0fHSmxGxp8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFlG1yBWRNm2U0Pb/FJE25lTRtgaAAAAAAAA
AABnSMolZEbOcWJGz7JgRdDmXkXS/11E0v9bRNP/W0TT/1pD0v9bQ9L/W0TR4VxE0KVeRs0UAAAA
AAAAAAAAAAAAAAAAAGxIxSJsRseobEXH/W5GxY8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAVUXZTlND2tdSQ9r3UkPZllRF1yoAAAAAAAAAAAAAAAAAAAAAYUjMD19GzyleRs83XUXPN11F
zyleR8wOAAAAAAAAAAAAAAAAAAAAAHBNvQFuR8Q9bUbGpG5FxvpuRcXNb0fEPQAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFdH1ANURNhbU0PYz1ND2P5VRNeuAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd063A3RIviVyR8FZcUbDmHBGxOJwRcT+cEXEvnBH
w09xS78BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAFZF1jZWRdVSAAAAAAAAAAAAAAAAjUmstolIr72FSLKxgUi1sn1IuMF6SLvZeEe993ZGv/91
RsDyc0bBuXNGwnJySMAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj0qpYYtJrYqHSbCV
g0mzlH9ItoZ8SLhveki6UHhJuyh2TbgDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA////////AAD///Mf//8AAP//kB///wAA//iAj///AAD/+ADET/8AAP/MAaAH/wAA/4EAAgf/
AAD/wACBAH8AAP/4AAkAfwAA/A4CBJJ/AAD8CRAkgn8AAP/4iQAODwAA/BhAAEgPAADgBASSSQcA
AOACBJJJJwAA/+Ec8EknAADAOIzwSScAAIAMRIBJJwAAj4QggEknAADgQhGSeScAAIARDxJJJwAA
hguAIEgnAAD/hgBEAAUAAIhiEYCBwAAACBAACBPAAAAfCAARAMgAAOOEMOIkyQAAgEIP9ECJAACA
IAD4CIEAAP4IQOCJkQAA/4wfgxGTAADgzgAHI+MAAOA+gBlj4wAA/Bw/4cRnAADhBAABjEcAAOBB
AAcIjwAA+CBwPBGPAAD+CB/wQx8AAPgOCACHHwAA/DCIAg8/AAD+ABw+H/8AAP8EAANz/wAA/8GA
A8P/AAD/8HgeB/8AAP/4P+AP/wAA//84AH//AAD///gD//8AAP///////wAAKAAAABAAAAAgAAAA
AQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv4RnDrqDZxWl
fmoxsXtUPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBjHYDvYVrLqyA
a3GpfWSCmHljX6Z4TTGWc0NcMzTBSDM0xj8yONwCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuYNs
Q6J+bnaYeWNdlHZYgJNzSoGlczBzj28lajY4wjYvM9ZvLTPcUjY1wysAAAAAAAAAAAAAAAAAAAAA
rIBuaZR7clekd00vlnhSXKyHQlashS5vpX0acJFtDHGdawRULjPdcy403yczNM9xQDm5BQAAAAAA
AAAAsX1bX5l5YG7BmFRz3qpGMuGrM33gpx9p3qQLcN2hAmrbnQBwv4gBbzA03W43NcpNMzTVbjk1
x2MAAAAAsnpNGbuRVWzir0pr4as0P+CpJ27epRBS3aIFZ9yfAG/amwAX2poAatqYAG9MTeBsOznP
bTU10m05NcpsAAAAANSeRijgqztu4Kgkad+nGlPeowhd3aECdtyeAE3bnQBV2pkAdtmXAHDZlgBt
UU/dFVVP2G09Oc5tPDbFbAAAAAC6lWg0ZWDEH2BdwTjdogRz3J4ANtubAFvbmwBp2pgAcNmXAFXY
lQBs2JQAdFZQ1nFZUdNwWlDSNEM3um1BN8EvQ0zqP0RN6RRFTehHSU7ld9KWD2TakgFh2ZgAcdmV
AG3ZlQBg2JMAXpJudFlcUdFmX1LObWNSySFWRLlvRDe5bkVN6D9HTedkSEfneEdH6UhjWdyCtXg/
V9CBA3TMfgNdAAAAAGdRwDReUs9wY1LJeWZTxWtqU8EzaVG7Wkw4rGcAAAAAVkPhTlBC40g9QOxD
aFrTBGhW0WRrU8hwbFC/bW1OvXJrTL5NZFLHJWdTxD5rVL9vb1S7E2VDm1dUOqEiAAAAAFVD4FBL
QuRkSkLkfk1C4TJiRNV2WkTYbVND21xPQ91sTUPdd09E2xliTMl/dlWzR3dVsi58VKh5AAAAAAAA
AABiR9IFT0LgaURB5lVJQuNTSkLhdkxD3jFiRs8bZUfMG15F0VJYRNV5X0XPVXFQuWCEVqNWg1al
LAAAAAAAAAAAAAAAAF9E1lVXRNlqbUbKUGdGzXJbRdROckbDUmhGymFfRc9AhEmyL21GxERsRsca
h1efCgAAAAAAAAAAAAAAAAAAAAAAAAAAVkTZGFND2nZURNdgYUbPOl1F0mFbRNJhYkXMPHBGxE1u
RsV5bUbGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVkXVDwAAAACKSa5ofki3bXZH
vmBzR8ElAAAAAAAAAAAAAAAAAAAAAAAAAAD4f6xB4AesQeADrEHAAaxBgAGsQQABrEEAAaxBAACs
QQAArEEAgKxBgACsQYABrEGAAaxBwAOsQeAHrEH6H6xB
"""
def __init__(self):
"""Call and setup the UI"""
super().__init__()
self.setup_ui(self)
def key_press_event(self, event):
"""Create a KeyPress event for a Ctrl+C (Copy) event for selected text"""
if event.matches(QKeySequence.StandardKey.Copy):
self.context_menu.copy()
else:
super().key_press_event(event)
class TsTypes(NamedTuple):
"""Defines the structure of a Timestamp Type"""
ts_type: str
reason: str
example: str
time_zone: str
ts_types = {
"active": TsTypes(
"Active Directory/LDAP",
"Active Directory/LDAP timestamps are 18 digits",
"133908455300649390",
"UTC",
),
"apache": TsTypes(
"Apache Cookie Hex time",
"Apache Cookie hex timestamps are 13 hex characters long",
"63450e689882b",
"UTC",
),
"biome64": TsTypes(
"Apple Biome 64-bit decimal",
"Apple Biome 64-bit decimal is 19 digits in length",
"4739726202305531884",
"UTC",
),
"biomehex": TsTypes(
"Apple Biome Hex time",
"Apple Biome Hex value is 8 bytes (16 chars) long",
"41c6e3de6d084fec",
"UTC",
),
"nsdate": TsTypes(
"Apple NSDate - All",
"Apple NSDates are 9, 9.6, or 15-19 digits in length",
"704656778.285777",
"UTC",
),
"bplist": TsTypes(
"Apple NSDate - bplist / Cocoa",
"Apple NSDates (bplist) are 9 digits in length",
"768064730",
"UTC",
),
"iostime": TsTypes(
"Apple NSDate - iOS 11+",
"Apple NSDates (iOS) are 15-19 digits in length",
"768064730064939008",
"UTC",
),
"mac": TsTypes(
"Apple NSDate - Mac Absolute",
"Apple NSDates (Mac) are 9 digits '.' 6 digits",
"768064730.064939",
"UTC",
),
"bcd": TsTypes(
"Binary Coded Decimal",
"Binary Coded Decimal timestamps are 12 digits in length",
"250506232221",
"Local",
),
"bitdate": TsTypes(
"BitDate time",
"BitDate (Samsung/LG) timestamps are 8 hex characters",
"d223957e",
"Local",
),
"bitdec": TsTypes(
"Bitwise Decimal time",
"Bitwise Decimal timestamps are 10 digits",
"2123703250",
"Local",
),
"dhcp6": TsTypes(
"DHCPv6 DUID time",
"DHCPv6 DUID values are at least 14 bytes long",
"000100012faa41da000000000000",
"UTC",
),
"discord": TsTypes(
"Discord time",
"Discord timestamps are 18 digits or longer",
"1102608904745127937",
"UTC",
),
"dvr": TsTypes(
"DVR (WFS / DHFS) File System",
"DVR timestamps are 4 bytes",
"00F0063F",
"Local",
),
"exfat": TsTypes(
"exFAT time",
"exFAT 32-bit timestamps are 8 hex characters (4 bytes)",
"5aa47a59",
"Local",
),
"fat": TsTypes(
"FAT Date + Time",
"FAT (MS-DOS wFatDate wFatTime) timestamps are 8 hex characters (4 bytes)",
"a45a597a",
"Local",
),
"gbound": TsTypes(
"GMail Boundary time",
"GMail Boundary values are 28 hex chars",
"00000000000089882b063450e600",
"UTC",
),
"gmsgid": TsTypes(
"GMail Message ID time",
"GMail Message ID values are 16 hex chars or 19 digits (IMAP)",
"1969be0e7d000000",
"UTC",
),
"chrome": TsTypes(
"Google Chrome",
"Google Chrome/Webkit timestamp is 17 digits",
"13390845530064940",
"UTC",
),
"eitime": TsTypes(
"Google EI time",
"Google ei timestamps contain only URLsafe base64 characters: A-Za-z0-9=-_",
"WoUXaA",
"UTC",
),
"gclid": TsTypes(
"Google GCLID time",
"Google GCLID timestamps contain only URLsafe base64 characters: A-Za-z0-9=-_",
"CKSDxc_qhLkCFQyk4AodO24Arg",
"UTC",
),
"ved": TsTypes(
"Google VED time",
"Google VED timestamps contain only URLsafe base64 characters: A-Za-z0-9=-_",
"0ahUKEwilufv7joqNAxW3nYkEHd0vMyIQ4dUDCA8",
"UTC",
),
"gps": TsTypes("GPS time", "GPS timestamps are 10 digits", "1430407111", "UTC"),
"gsm": TsTypes(
"GSM time",
"GSM timestamps are 14 hex characters (7 bytes)",
"52504051810500",
"UTC",
),
"hfsbe": TsTypes(
"HFS / HFS+ 32-bit Hex BE",
"HFS / HFS+ Big-Endian timestamps are 8 hex characters (4 bytes)",
"e43d35da",
"Local / UTC",
),
"hfsle": TsTypes(
"HFS / HFS+ 32-bit Hex LE",
"HFS / HFS+ Little-Endian timestamps are 8 hex characters (4 bytes)",
"da353de4",
"Local / UTC",
),
"hfsdec": TsTypes(
"HFS+ Decimal Time",
"HFS+ Decimal timestamps are 10 digits",
"3829216730",
"UTC",
),
"juliandec": TsTypes(
"Julian Date decimal",
"Julian Date decimal values are 7 digits, a decimal, and up to 10 digits",
"2460800.1380787035",
"UTC",
),
"julianhex": TsTypes(
"Julian Date hex",
"Julian Date hex values are 14 characters (7 bytes)",
"258c80524d235b",
"UTC",
),
"ksalnum": TsTypes(
"KSUID Alpha-numeric",
"KSUID values are 27 alpha-numeric characters",
"2PChRqPZDwT9m2gBDLd5uy7XNTr",
"UTC",
),
"ksdec": TsTypes(
"KSUID Decimal",
"KSUID decimal timestamps are 9 digits in length",
"346371930",
"UTC",
),
"leb128hex": TsTypes(
"LEB128 Hex time",
"LEB128 Hex timestamps are variable-length and even-length",
"d0cf83dfe932",
"UTC",
),
"linkedin": TsTypes(
"LinkedIn Activity time",
"LinkedIn Activity timestamps contain only digits",
"7324176984442343424",
"UTC",
),
"mastodon": TsTypes(
"Mastodon time",
"Mastodon timestamps are 18 digits or longer",
"114450230804480000",
"UTC",
),
"metasploit": TsTypes(
"Metasploit Payload UUID",
"Metasploit Payload UUID's are at least 22 chars and base64 urlsafe encoded",
"4PGoVGYmx8l6F3sVI4Rc8g",
"UTC",
),
"dotnet": TsTypes(
"Microsoft .NET DateTime Ticks",
"Microsoft .NET DateTime Ticks values are 18 digits",
"638819687300649472",
"UTC",
),
"systemtime": TsTypes(
"Microsoft 128-bit SYSTEMTIME",
"Microsoft 128-bit SYSTEMTIME timestamps are 32 hex characters (16 bytes)",
"e9070500000004000f00120032004000",
"UTC",
),
"dttm": TsTypes(
"Microsoft DTTM Date",
"Microsoft DTTM timestamps are 4 bytes",
"8768f513",
"Local",
),
"ms1904": TsTypes(
"Microsoft Excel 1904 Date",
"Microsoft Excel 1904 timestamps are 2 ints, separated by a dot",
"44319.638079455312",
"UTC",
),
"hotmail": TsTypes(
"Microsoft Hotmail time",
"Microsoft Hotmail timestamps are 2x 8 hex chars (4 bytes) colon separated",
"07bddb01:aed19dd6",
"UTC",
),
"msdos": TsTypes(
"Microsoft MS-DOS 32-bit Hex",
"Microsoft MS-DOS 32-bit timestamps are 8 hex characters (4 bytes)",
"597aa45a",
"Local",
),
"moto": TsTypes(
"Motorola time",
"Motorola 6-byte hex timestamps are 12 hex characters",
"3705040f1232",
"UTC",
),
"prtime": TsTypes(
"Mozilla PRTime",
"Mozilla PRTime timestamps are 16 digits",
"1746371930064939",
"UTC",
),
"nokia": TsTypes(
"Nokia time",
"Nokia 4-byte hex timestamps are 8 hex characters",
"d19d0f5a",
"UTC",
),
"ns40": TsTypes(
"Nokia S40 time",
"Nokia 7-byte hex timestamps are 14 hex characters",
"07e905040f1232",
"UTC",
),
"ns40le": TsTypes(
"Nokia S40 time LE",
"Nokia 7-byte hex timestamps are 14 hex characters",
"e90705040f1232",
"UTC",
),
"nokiale": TsTypes(
"Nokia time LE",
"Nokia 4-byte hex timestamps are 8 hex characters",
"5a0f9dd1",
"UTC",
),
"s32": TsTypes(
"S32 Encoded (Bluesky) time",
"S32 encoded (Bluesky) timestamps are 9 characters long",
"3muhy3twk",
"UTC",
),
"semioctet": TsTypes(
"Semi-Octet decimal",
"Semi-Octet decimal values are 12 or 14 digits long",
"525040518105",
"Local",
),
"sony": TsTypes(
"Sonyflake time",
"Sonyflake values are 15 hex characters",
"65dd4bb89000001",
"UTC",
),
"symantec": TsTypes(
"Symantec AV time",
"Symantec 6-byte hex timestamps are 12 hex characters",
"3704040f1232",
"UTC",
),
"tiktok": TsTypes(
"TikTok time",
"TikTok timestamps are 19 digits long",
"7228142017547750661",
"UTC",
),
"twitter": TsTypes(
"Twitter time",
"Twitter timestamps are 18 digits or longer",
"1189581422684274688",
"UTC",
),
"ulid": TsTypes(
"ULID time",
"ULID timestamp contains only Base32 characters",
"01JTDY1SYGCZWCBPCSEBHV1DW2",
"UTC",
),
"unixhex32be": TsTypes(
"Unix Hex 32-bit BE",
"Unix Hex 32-bit Big-Endian timestamps are 8 hex characters (4 bytes)",
"6817855a",
"UTC",
),
"unixhex32le": TsTypes(
"Unix Hex 32-bit LE",
"Unix Hex 32-bit Little-Endian timestamps are 8 hex characters (4 bytes)",
"5a851768",
"UTC",
),
"unixmilli": TsTypes(
"Unix Milliseconds",
"Unix milliseconds timestamp is 13 digits in length",
"1746371930064",
"UTC",
),
"unixmillihex": TsTypes(
"Unix Milliseconds hex",
"Unix Milliseconds hex timestamp is 12 hex characters (6 bytes)",
"01969be0e7d0",
"UTC",
),
"unixsec": TsTypes(
"Unix Seconds",
"Unix seconds timestamp is 10 digits in length",
"1746371930",
"UTC",
),
"uuid": TsTypes(
"UUID time",
"UUIDs are in the format 00000000-0000-0000-0000-000000000000",
"d93026f0-e857-11ed-a05b-0242ac120003",
"UTC",
),
"vm": TsTypes(
"VMSD time",
"VMSD values are a 6-digit value and a signed/unsigned int at least 9 digits",
"406608,-427259264",
"UTC",
),
"cookie": TsTypes(
"Windows Cookie Date",
"Windows Cookie times consist of 2 ints, entered with a comma between them",
"3600017664,31177991",
"UTC",
),
"filetimelohi": TsTypes(
"Windows FILETIME (Low|High)",
"Windows FILETIME Low|High times are 2x 8 hex chars (4 bytes) colon separated",
"d69dd1ae:01dbbd07",
"UTC",
),
"filetimebe": TsTypes(
"Windows FILETIME BE",
"Windows FILETIME Hex Big-Endian timestamp is 16 hex characters (8 bytes)",
"01dbbd07d69dd1ae",
"UTC",
),
"filetimele": TsTypes(
"Windows FILETIME LE",
"Windows FILETIME Hex Little-Endian timestamp is 16 hex characters (8 bytes)",
"aed19dd607bddb01",
"UTC",
),
"olebe": TsTypes(
"Windows OLE 64-bit hex BE",
"Windows OLE Big-Endian timestamps are 16 hex characters (8 bytes)",
"40e65ab46b259b1a",
"UTC",
),
"olele": TsTypes(
"Windows OLE 64-bit hex LE",
"Windows OLE Little-Endian timestamps are 16 hex characters (8 bytes)",
"1a9b256bb45ae640",
"UTC",
),
"oleauto": TsTypes(
"Windows OLE Automation Date",
"Windows OLE Automation timestamps are 2 ints, separated by a dot",
"45781.638079455312",
"UTC",
),
}
epochs = {
1: dt(1, 1, 1, tzinfo=timezone.utc),
1582: dt(1582, 10, 15, tzinfo=timezone.utc),
1601: dt(1601, 1, 1, tzinfo=timezone.utc),
1899: dt(1899, 12, 30, tzinfo=timezone.utc),
1904: dt(1904, 1, 1, tzinfo=timezone.utc),
1970: dt(1970, 1, 1, tzinfo=timezone.utc),
1980: dt(1980, 1, 6, tzinfo=timezone.utc),
2000: dt(2000, 1, 1, tzinfo=timezone.utc),
2001: dt(2001, 1, 1, tzinfo=timezone.utc),
2050: dt(2050, 1, 1, tzinfo=timezone.utc),
"hundreds_nano": 10000000,
"nano_2001": 1000000000,
"active": 116444736000000000,
"win_unix": 11644473600,
"hfs_dec_sub": 2082844800,
"kstime": 1400000000,
"ticks": 621355968000000000,
}
# There have been no further leapseconds since 2017,1,1 at the __date__ of this script
# which is why the leapseconds end with a dt.now object to valid/relevant timestamp output.
# See REFERENCES.md for source info.
leapseconds = {
10: [dt(1972, 1, 1, tzinfo=timezone.utc), dt(1972, 7, 1, tzinfo=timezone.utc)],
11: [dt(1972, 7, 1, tzinfo=timezone.utc), dt(1973, 1, 1, tzinfo=timezone.utc)],
12: [dt(1973, 1, 1, tzinfo=timezone.utc), dt(1974, 1, 1, tzinfo=timezone.utc)],
13: [dt(1974, 1, 1, tzinfo=timezone.utc), dt(1975, 1, 1, tzinfo=timezone.utc)],
14: [dt(1975, 1, 1, tzinfo=timezone.utc), dt(1976, 1, 1, tzinfo=timezone.utc)],
15: [dt(1976, 1, 1, tzinfo=timezone.utc), dt(1977, 1, 1, tzinfo=timezone.utc)],
16: [dt(1977, 1, 1, tzinfo=timezone.utc), dt(1978, 1, 1, tzinfo=timezone.utc)],
17: [dt(1978, 1, 1, tzinfo=timezone.utc), dt(1979, 1, 1, tzinfo=timezone.utc)],
18: [dt(1979, 1, 1, tzinfo=timezone.utc), dt(1980, 1, 1, tzinfo=timezone.utc)],
19: [dt(1980, 1, 1, tzinfo=timezone.utc), dt(1981, 7, 1, tzinfo=timezone.utc)],
20: [dt(1981, 7, 1, tzinfo=timezone.utc), dt(1982, 7, 1, tzinfo=timezone.utc)],
21: [dt(1982, 7, 1, tzinfo=timezone.utc), dt(1983, 7, 1, tzinfo=timezone.utc)],
22: [dt(1983, 7, 1, tzinfo=timezone.utc), dt(1985, 7, 1, tzinfo=timezone.utc)],
23: [dt(1985, 7, 1, tzinfo=timezone.utc), dt(1988, 1, 1, tzinfo=timezone.utc)],
24: [dt(1988, 1, 1, tzinfo=timezone.utc), dt(1990, 1, 1, tzinfo=timezone.utc)],
25: [dt(1990, 1, 1, tzinfo=timezone.utc), dt(1991, 1, 1, tzinfo=timezone.utc)],
26: [dt(1991, 1, 1, tzinfo=timezone.utc), dt(1992, 7, 1, tzinfo=timezone.utc)],
27: [dt(1992, 7, 1, tzinfo=timezone.utc), dt(1993, 7, 1, tzinfo=timezone.utc)],
28: [dt(1993, 7, 1, tzinfo=timezone.utc), dt(1994, 7, 1, tzinfo=timezone.utc)],
29: [dt(1994, 7, 1, tzinfo=timezone.utc), dt(1996, 1, 1, tzinfo=timezone.utc)],
30: [dt(1996, 1, 1, tzinfo=timezone.utc), dt(1997, 7, 1, tzinfo=timezone.utc)],
31: [dt(1997, 7, 1, tzinfo=timezone.utc), dt(1999, 1, 1, tzinfo=timezone.utc)],
32: [dt(1999, 1, 1, tzinfo=timezone.utc), dt(2006, 1, 1, tzinfo=timezone.utc)],
33: [dt(2006, 1, 1, tzinfo=timezone.utc), dt(2009, 1, 1, tzinfo=timezone.utc)],
34: [dt(2009, 1, 1, tzinfo=timezone.utc), dt(2012, 7, 1, tzinfo=timezone.utc)],
35: [dt(2012, 7, 1, tzinfo=timezone.utc), dt(2015, 7, 1, tzinfo=timezone.utc)],
36: [dt(2015, 7, 1, tzinfo=timezone.utc), dt(2017, 1, 1, tzinfo=timezone.utc)],
37: [
dt(2017, 1, 1, tzinfo=timezone.utc),
dt.now(timezone.utc) - timedelta(seconds=37),
],
}
date_formats = {
"Default": __fmt__,
"ISO 8601": "%Y-%m-%dT%H:%M:%S.%f",
"DD/MM/YY": "%d/%m/%Y %H:%M:%S.%f",
"DMY": "%d-%m-%Y %H:%M:%S.%f",
"MDY": "%m-%d-%Y %H:%M:%S.%f",
"YMD": __fmt__,
}
S32_CHARS = "234567abcdefghijklmnopqrstuvwxyz"
BASE32_CHARS = "0123456789ABCDEFGHJKMNPQRSTVWXYZ"
URLSAFE_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890=-_"
KSALNUM_CHARS = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
def from_unixsec(timestamp):
"""Convert Unix Seconds value to a date"""
ts_type, reason, _, tz_out = ts_types["unixsec"]
try:
if len(str(timestamp)) != 10 or not timestamp.isdigit():
in_unix_sec = indiv_output = combined_output = ""
else:
in_unix_sec = dt.fromtimestamp(float(timestamp), timezone.utc).strftime(
__fmt__
)
indiv_output, combined_output = format_output(ts_type, in_unix_sec, tz_out)
except Exception:
handle(sys.exc_info())
in_unix_sec = indiv_output = combined_output = ""
return in_unix_sec, indiv_output, combined_output, reason, tz_out
def to_unixsec(dt_obj):
"""Convert date to a Unix Seconds value"""
ts_type, _, _, _ = ts_types["unixsec"]
try:
out_unix_sec = str(int(dt_obj.timestamp()))
ts_output, _ = format_output(ts_type, out_unix_sec)
except Exception:
handle(sys.exc_info())
out_unix_sec = ts_output = ""
return out_unix_sec, ts_output
def from_unixmilli(timestamp):
"""Convert Unix Millisecond value to a date"""
ts_type, reason, _, tz_out = ts_types["unixmilli"]
try:
if len(str(timestamp)) != 13 or not str(timestamp).isdigit():
in_unix_milli = indiv_output = combined_output = ""
else:
in_unix_milli = dt.fromtimestamp(
float(timestamp) / 1000.0, timezone.utc
).strftime(__fmt__)
indiv_output, combined_output = format_output(
ts_type, in_unix_milli, tz_out
)
except Exception:
handle(sys.exc_info())
in_unix_milli = indiv_output = combined_output = ""
return in_unix_milli, indiv_output, combined_output, reason, tz_out
def to_unixmilli(dt_obj):
"""Convert date to a Unix Millisecond value"""
ts_type, _, _, _ = ts_types["unixmilli"]
try:
out_unix_milli = str(int(dt_obj.timestamp() * 1000))
ts_output, _ = format_output(ts_type, out_unix_milli)
except Exception:
handle(sys.exc_info())
out_unix_milli = ts_output = ""
return out_unix_milli, ts_output
def from_unixmillihex(timestamp):
"""Convert a Unix Millisecond hex value to a date"""
ts_type, reason, _, tz_out = ts_types["unixmillihex"]
try:
if len(str(timestamp)) != 12 or not all(
char in hexdigits for char in timestamp
):
in_unix_milli_hex = indiv_output = combined_output = ""
else:
unix_mil = int(str(timestamp), 16)
in_unix_milli_hex, _, _, _, _ = from_unixmilli(unix_mil)
indiv_output, combined_output = format_output(
ts_type, in_unix_milli_hex, tz_out
)
except Exception:
handle(sys.exc_info())
in_unix_milli_hex = indiv_output = combined_output = ""
return in_unix_milli_hex, indiv_output, combined_output, reason, tz_out
def to_unixmillihex(dt_obj):
"""Convert a date to a Unix Millisecond hex value"""
ts_type, _, _, _ = ts_types["unixmillihex"]
try:
unix_mil, _ = to_unixmilli(dt_obj)
out_unix_milli_hex = f"{int(unix_mil):012x}"
ts_output, _ = format_output(ts_type, out_unix_milli_hex)
except Exception:
handle(sys.exc_info())
out_unix_milli_hex = ts_output = ""
return out_unix_milli_hex, ts_output
def from_filetimebe(timestamp):
"""Convert a Windows 64 Hex Big-Endian value to a date"""
ts_type, reason, _, tz_out = ts_types["filetimebe"]
try:
if not len(timestamp) == 16 or not all(char in hexdigits for char in timestamp):
in_filetime_be = indiv_output = combined_output = ""
else:
base10_microseconds = int(timestamp, 16) / 10
if base10_microseconds >= 1e17:
in_filetime_be = indiv_output = combined_output = ""
else:
dt_obj = epochs[1601] + timedelta(microseconds=base10_microseconds)
in_filetime_be = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(
ts_type, in_filetime_be, tz_out
)
except Exception:
handle(sys.exc_info())
in_filetime_be = indiv_output = combined_output = ""
return in_filetime_be, indiv_output, combined_output, reason, tz_out
def to_filetimebe(dt_obj):
"""Convert a date to a Windows 64 Hex Big-Endian value"""
ts_type, _, _, _ = ts_types["filetimebe"]
try:
minus_epoch = dt_obj - epochs[1601]
calc_time = (
minus_epoch.microseconds
+ (minus_epoch.seconds * 1000000)
+ (minus_epoch.days * 86400000000)
)
out_filetime_be = str(hex(int(calc_time) * 10))[2:].zfill(16)
ts_output, _ = format_output(ts_type, out_filetime_be)
except Exception:
handle(sys.exc_info())
out_filetime_be = ts_output = ""
return out_filetime_be, ts_output
def from_filetimele(timestamp):
"""Convert a Windows 64 Hex Little-Endian value to a date"""
ts_type, reason, _, tz_out = ts_types["filetimele"]
try:
if not len(timestamp) == 16 or not all(char in hexdigits for char in timestamp):
in_filetime_le = indiv_output = combined_output = ""
else:
indiv_output = combined_output = ""
endianness_change = int.from_bytes(
struct.pack("= 1e17:
in_filetime_le = indiv_output = combined_output = ""
else:
dt_obj = epochs[1601] + timedelta(microseconds=converted_time)
in_filetime_le = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(
ts_type, in_filetime_le, tz_out
)
except Exception:
handle(sys.exc_info())
in_filetime_le = indiv_output = combined_output = ""
return in_filetime_le, indiv_output, combined_output, reason, tz_out
def to_filetimele(dt_obj):
"""Convert a date to a Windows 64 Hex Little-Endian value"""
ts_type, _, _, _ = ts_types["filetimele"]
try:
minus_epoch = dt_obj - epochs[1601]
calc_time = (
minus_epoch.microseconds
+ (minus_epoch.seconds * 1000000)
+ (minus_epoch.days * 86400000000)
)
out_filetime_le = str(struct.pack("= 32536799999:
# This is the Windows maximum for parsing a unix TS
# and is 3001-01-19 02:59:59 UTC
in_ad = indiv_output = combined_output = ""
else:
dt_obj = dt.fromtimestamp(val_check, timezone.utc)
in_ad = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_ad, tz_out)
except Exception:
handle(sys.exc_info())
in_ad = indiv_output = combined_output = ""
return in_ad, indiv_output, combined_output, reason, tz_out
def to_active(dt_obj):
"""Convert a date to an Active Directory/LDAP timestamp"""
ts_type, _, _, _ = ts_types["active"]
try:
nano_convert = int(dt_obj.timestamp() * epochs["hundreds_nano"])
out_adtime = str(int(nano_convert) + int(epochs["active"]))
ts_output, _ = format_output(ts_type, out_adtime)
except Exception:
handle(sys.exc_info())
out_adtime = ts_output = ""
return out_adtime, ts_output
def from_unixhex32be(timestamp):
"""Convert a Unix Hex 32-bit Big-Endian timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["unixhex32be"]
try:
if not len(timestamp) == 8 or not all(char in hexdigits for char in timestamp):
in_unix_hex_32 = indiv_output = combined_output = ""
else:
to_dec = int(timestamp, 16)
in_unix_hex_32 = dt.fromtimestamp(float(to_dec), timezone.utc).strftime(
__fmt__
)
indiv_output, combined_output = format_output(
ts_type, in_unix_hex_32, tz_out
)
except Exception:
handle(sys.exc_info())
in_unix_hex_32 = indiv_output = combined_output = ""
return in_unix_hex_32, indiv_output, combined_output, reason, tz_out
def to_unixhex32be(dt_obj):
"""Convert a date to a Unix Hex 32-bit Big-Endian timestamp"""
ts_type, _, _, _ = ts_types["unixhex32be"]
try:
unix_time = int(dt_obj.timestamp())
out_unix_hex_32 = str(struct.pack(">L", unix_time).hex())
ts_output, _ = format_output(ts_type, out_unix_hex_32)
except Exception:
handle(sys.exc_info())
out_unix_hex_32 = ts_output = ""
return out_unix_hex_32, ts_output
def from_unixhex32le(timestamp):
"""Convert a Unix Hex 32-bit Little-Endian timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["unixhex32le"]
try:
if not len(timestamp) == 8 or not all(char in hexdigits for char in timestamp):
in_unix_hex_32le = indiv_output = combined_output = ""
else:
to_dec = int.from_bytes(struct.pack("= 32536799999 or calc < 0:
in_cookie = indiv_output = combined_output = ""
else:
dt_obj = dt.fromtimestamp(calc, timezone.utc)
in_cookie = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(
ts_type, in_cookie, tz_out
)
except Exception:
handle(sys.exc_info())
in_cookie = indiv_output = combined_output = ""
return in_cookie, indiv_output, combined_output, reason, tz_out
def to_cookie(dt_obj):
"""Convert a date to Internet Explorer timestamp values"""
ts_type, _, _, _ = ts_types["cookie"]
try:
unix_time = int(dt_obj.timestamp())
high = int(((unix_time + epochs["win_unix"]) * 10**7) / 2**32)
low = (
int((unix_time + epochs["win_unix"]) * 10**7)
- (high * 2**32)
+ (dt_obj.microsecond * 10)
)
out_cookie = f"{str(low)},{str(high)}"
ts_output, _ = format_output(ts_type, out_cookie)
except Exception:
handle(sys.exc_info())
out_cookie = ts_output = ""
return out_cookie, ts_output
def from_olebe(timestamp):
"""Convert an OLE Big-Endian timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["olebe"]
try:
if not len(timestamp) == 16 or not all(char in hexdigits for char in timestamp):
in_ole_be = indiv_output = combined_output = ""
else:
delta = struct.unpack(">d", struct.pack(">Q", int(timestamp, 16)))[0]
if int(delta) < 0 or int(delta) > 2e6:
in_ole_be = indiv_output = combined_output = ""
else:
dt_obj = epochs[1899] + timedelta(days=delta)
in_ole_be = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(
ts_type, in_ole_be, tz_out
)
except Exception:
handle(sys.exc_info())
in_ole_be = indiv_output = combined_output = ""
return in_ole_be, indiv_output, combined_output, reason, tz_out
def to_olebe(dt_obj):
"""Convert a date to an OLE Big-Endian timestamp"""
ts_type, _, _, _ = ts_types["olebe"]
try:
delta = ((dt_obj - epochs[1899]).total_seconds()) / 86400
conv = struct.unpack("Q", conv).hex())
ts_output, _ = format_output(ts_type, out_ole_be)
except Exception:
handle(sys.exc_info())
out_ole_be = ts_output = ""
return out_ole_be, ts_output
def from_olele(timestamp):
"""Convert an OLE Little-Endian timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["olele"]
try:
if not len(timestamp) == 16 or not all(char in hexdigits for char in timestamp):
in_ole_le = indiv_output = combined_output = ""
else:
to_le = hex(int.from_bytes(struct.pack("d", struct.pack(">Q", int(to_le[2:], 16)))[0]
if int(delta) < 0 or int(delta) > 99999:
in_ole_le = indiv_output = combined_output = ""
else:
dt_obj = epochs[1899] + timedelta(days=delta)
in_ole_le = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(
ts_type, in_ole_le, tz_out
)
except Exception:
handle(sys.exc_info())
in_ole_le = indiv_output = combined_output = ""
return in_ole_le, indiv_output, combined_output, reason, tz_out
def to_olele(dt_obj):
"""Convert a date to an OLE Little-Endian timestamp"""
ts_type, _, _, _ = ts_types["olele"]
try:
delta = ((dt_obj - epochs[1899]).total_seconds()) / 86400
conv = struct.unpack(" 4294967295:
out_hfs_be = "[!] Timestamp Boundary Exceeded [!]"
else:
out_hfs_be = f"{conv:08x}"
ts_output, _ = format_output(ts_type, out_hfs_be)
except Exception:
handle(sys.exc_info())
out_hfs_be = ts_output = ""
return out_hfs_be, ts_output
def from_hfsle(timestamp):
"""Convert an HFS / HFS+ Little-Endian timestamp to a date (HFS+ is in UTC)"""
ts_type, reason, _, tz_out = ts_types["hfsle"]
try:
if not len(timestamp) == 8 or not all(char in hexdigits for char in timestamp):
in_hfs_le = indiv_output = combined_output = ""
else:
to_le = struct.unpack(">I", struct.pack(" 4294967295:
out_hfs_le = "[!] Timestamp Boundary Exceeded [!]"
else:
out_hfs_le = str(struct.pack("I", int(year + month + day + hour + minute + seconds, 2)
).hex()
)
byte_swap = "".join([to_hex[i : i + 2] for i in range(0, len(to_hex), 2)][::-1])
out_fat = "".join(
[byte_swap[i : i + 4] for i in range(0, len(byte_swap), 4)][::-1]
)
ts_output, _ = format_output(ts_type, out_fat)
except Exception:
handle(sys.exc_info())
out_fat = ts_output = ""
return out_fat, ts_output
def from_msdos(timestamp):
"""Convert an MS-DOS timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["msdos"]
try:
if not len(timestamp) == 8 or not all(char in hexdigits for char in timestamp):
in_msdos = indiv_output = combined_output = ""
else:
swap = "".join(
[timestamp[i : i + 2] for i in range(0, len(timestamp), 2)][::-1]
)
binary = f"{int(swap, 16):032b}"
stamp = [
binary[:7],
binary[7:11],
binary[11:16],
binary[16:21],
binary[21:27],
binary[27:32],
]
for val in stamp[:]:
dec = int(val, 2)
stamp.remove(val)
stamp.append(dec)
dos_year = stamp[0] + 1980
dos_month = stamp[1]
dos_day = stamp[2]
dos_hour = stamp[3]
dos_min = stamp[4]
dos_sec = stamp[5] * 2
try:
out_of_range = any(
not low <= value < high
for value, (low, high) in zip(
(dos_year, dos_month, dos_day, dos_hour, dos_min, dos_sec),
(
(1970, 2100),
(1, 13),
(1, monthrange(dos_year, dos_month)[1] + 1),
(0, 24),
(0, 60),
(0, 60),
),
)
)
if out_of_range:
in_msdos = indiv_output = combined_output = ""
return in_msdos, indiv_output, combined_output, reason, tz_out
except (IllegalMonthError, ValueError):
in_msdos = indiv_output = combined_output = ""
return in_msdos, indiv_output, combined_output, reason, tz_out
dt_obj = dt(dos_year, dos_month, dos_day, dos_hour, dos_min, dos_sec)
in_msdos = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_msdos, tz_out)
except Exception:
handle(sys.exc_info())
in_msdos = indiv_output = combined_output = ""
return in_msdos, indiv_output, combined_output, reason, tz_out
def to_msdos(dt_obj):
"""Convert a date to an MS-DOS timestamp"""
ts_type, _, _, _ = ts_types["msdos"]
try:
year = f"{(dt_obj.year - 1980):07b}"
month = f"{dt_obj.month:04b}"
day = f"{dt_obj.day:05b}"
hour = f"{dt_obj.hour:05b}"
minute = f"{dt_obj.minute:06b}"
seconds = f"{int(dt_obj.second / 2):05b}"
hexval = str(
struct.pack(
">I", int(year + month + day + hour + minute + seconds, 2)
).hex()
)
out_msdos = "".join([hexval[i : i + 2] for i in range(0, len(hexval), 2)][::-1])
ts_output, _ = format_output(ts_type, out_msdos)
except Exception:
handle(sys.exc_info())
out_msdos = ts_output = ""
return out_msdos, ts_output
def from_exfat(timestamp):
"""Convert an exFAT timestamp (LE) to a date"""
ts_type, reason, _, tz_out = ts_types["exfat"]
try:
if not len(timestamp) == 8 or not all(char in hexdigits for char in timestamp):
in_exfat = indiv_output = combined_output = ""
else:
binary = f"{int(timestamp, 16):032b}"
stamp = [
binary[:7],
binary[7:11],
binary[11:16],
binary[16:21],
binary[21:27],
binary[27:32],
]
for val in stamp[:]:
dec = int(val, 2)
stamp.remove(val)
stamp.append(dec)
exfat_year = stamp[0] + 1980
exfat_month = stamp[1]
exfat_day = stamp[2]
exfat_hour = stamp[3]
exfat_min = stamp[4]
exfat_sec = stamp[5] * 2
try:
out_of_range = any(
not low <= value < high
for value, (low, high) in zip(
(
exfat_year,
exfat_month,
exfat_day,
exfat_hour,
exfat_min,
exfat_sec,
),
(
(1970, 2100),
(1, 13),
(1, monthrange(exfat_year, exfat_month)[1] + 1),
(0, 24),
(0, 60),
(0, 60),
),
)
)
if out_of_range:
in_exfat = indiv_output = combined_output = ""
return in_exfat, indiv_output, combined_output, reason, tz_out
except (IllegalMonthError, ValueError):
in_exfat = indiv_output = combined_output = ""
return in_exfat, indiv_output, combined_output, reason, tz_out
dt_obj = dt(
exfat_year, exfat_month, exfat_day, exfat_hour, exfat_min, exfat_sec
)
in_exfat = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_exfat, tz_out)
except Exception:
handle(sys.exc_info())
in_exfat = indiv_output = combined_output = ""
return in_exfat, indiv_output, combined_output, reason, tz_out
def to_exfat(dt_obj):
"""Convert a date to an exFAT timestamp (LE)"""
ts_type, _, _, _ = ts_types["exfat"]
try:
year = f"{(dt_obj.year - 1980):07b}"
month = f"{dt_obj.month:04b}"
day = f"{dt_obj.day:05b}"
hour = f"{dt_obj.hour:05b}"
minute = f"{dt_obj.minute:06b}"
seconds = f"{int(dt_obj.second / 2):05b}"
out_exfat = str(
struct.pack(
">I", int(year + month + day + hour + minute + seconds, 2)
).hex()
)
ts_output, _ = format_output(ts_type, out_exfat)
except Exception:
handle(sys.exc_info())
out_exfat = ts_output = ""
return out_exfat, ts_output
def from_systemtime(timestamp):
"""Convert a Microsoft 128-bit SYSTEMTIME timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["systemtime"]
try:
if not len(timestamp) == 32 or not all(char in hexdigits for char in timestamp):
in_systemtime = indiv_output = combined_output = ""
else:
to_le = "".join(
[timestamp[i : i + 2] for i in range(0, len(timestamp), 2)][::-1]
)
converted = [to_le[i : i + 4] for i in range(0, len(to_le), 4)][::-1]
stamp = []
for i in converted:
dec = int(i, 16)
stamp.append(dec)
if (stamp[0] > 3000) or (stamp[1] > 12) or (stamp[2] > 31):
in_systemtime = indiv_output = combined_output = ""
else:
dt_obj = dt(
stamp[0],
stamp[1],
stamp[3],
stamp[4],
stamp[5],
stamp[6],
stamp[7] * 1000,
)
in_systemtime = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(
ts_type, in_systemtime, tz_out
)
except Exception:
handle(sys.exc_info())
in_systemtime = indiv_output = combined_output = ""
return in_systemtime, indiv_output, combined_output, reason, tz_out
def to_systemtime(dt_obj):
"""Convert a date to a Microsoft 128-bit SYSTEMTIME timestamp"""
ts_type, _, _, _ = ts_types["systemtime"]
try:
micro = int(dt_obj.microsecond / 1000)
full_date = dt_obj.strftime(f"%Y, %m, %w, %d, %H, %M, %S, {micro}")
stamp = []
for val in full_date.split(","):
to_hex = int(
hex(int.from_bytes(struct.pack("Q", struct.pack(">LL", part1, part2))[0]
if converted_time >= 1e18:
in_filetime_lo_hi = indiv_output = combined_output = ""
else:
dt_obj = dt.fromtimestamp(
float(converted_time - epochs["active"]) / epochs["hundreds_nano"],
timezone.utc,
)
in_filetime_lo_hi = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(
ts_type, in_filetime_lo_hi, tz_out
)
except Exception:
handle(sys.exc_info())
in_filetime_lo_hi = indiv_output = combined_output = ""
return in_filetime_lo_hi, indiv_output, combined_output, reason, tz_out
def to_filetimelohi(dt_obj):
"""Convert a date to a Microsoft FILETIME timestamp"""
ts_type, _, _, _ = ts_types["filetimelohi"]
try:
minus_epoch = dt_obj - epochs[1601]
calc_time = (
minus_epoch.microseconds
+ (minus_epoch.seconds * 1000000)
+ (minus_epoch.days * 86400000000)
)
indiv_output = str(struct.pack(">Q", int(calc_time * 10)).hex())
out_filetime_lo_hi = f"{str(indiv_output[8:])}:{str(indiv_output[:8])}"
ts_output, _ = format_output(ts_type, out_filetime_lo_hi)
except Exception:
handle(sys.exc_info())
out_filetime_lo_hi = ts_output = ""
return out_filetime_lo_hi, ts_output
def from_hotmail(timestamp):
"""Convert a Microsoft Hotmail timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["hotmail"]
try:
if ":" not in timestamp or not (
all(char in hexdigits for char in timestamp[0:8])
and all(char in hexdigits for char in timestamp[9:])
):
in_hotmail = indiv_output = combined_output = ""
else:
hm_repl = timestamp.replace(":", "")
byte_swap = "".join(
[hm_repl[i : i + 2] for i in range(0, len(hm_repl), 2)][::-1]
)
part2 = int(byte_swap[:8], base=16)
part1 = int(byte_swap[8:], base=16)
converted_time = struct.unpack(">Q", struct.pack(">LL", part1, part2))[0]
if converted_time >= 1e18:
in_hotmail = indiv_output = combined_output = ""
else:
dt_obj = dt.fromtimestamp(
float(converted_time - epochs["active"]) / epochs["hundreds_nano"],
timezone.utc,
)
in_hotmail = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(
ts_type, in_hotmail, tz_out
)
except Exception:
handle(sys.exc_info())
in_hotmail = indiv_output = combined_output = ""
return in_hotmail, indiv_output, combined_output, reason, tz_out
def to_hotmail(dt_obj):
"""Convert a date to a Microsoft Hotmail timestamp"""
ts_type, _, _, _ = ts_types["hotmail"]
try:
minus_epoch = dt_obj - epochs[1601]
calc_time = (
minus_epoch.microseconds
+ (minus_epoch.seconds * 1000000)
+ (minus_epoch.days * 86400000000)
)
indiv_output = str(struct.pack(">Q", int(calc_time * 10)).hex())
byte_swap = "".join(
[indiv_output[i : i + 2] for i in range(0, len(indiv_output), 2)][::-1]
)
out_hotmail = f"{str(byte_swap[8:])}:{str(byte_swap[:8])}"
ts_output, _ = format_output(ts_type, out_hotmail)
except Exception:
handle(sys.exc_info())
out_hotmail = ts_output = ""
return out_hotmail, ts_output
def from_prtime(timestamp):
"""Convert a Mozilla PRTime timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["prtime"]
try:
if not len(timestamp) == 16 or not timestamp.isdigit():
in_prtime = indiv_output = combined_output = ""
else:
dt_obj = epochs[1970] + timedelta(microseconds=int(timestamp))
in_prtime = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_prtime, tz_out)
except Exception:
handle(sys.exc_info())
in_prtime = indiv_output = combined_output = ""
return in_prtime, indiv_output, combined_output, reason, tz_out
def to_prtime(dt_obj):
"""Convert a date to Mozilla's PRTime timestamp"""
ts_type, _, _, _ = ts_types["prtime"]
try:
out_prtime = str(int(((dt_obj - epochs[1970]).total_seconds()) * 1000000))
ts_output, _ = format_output(ts_type, out_prtime)
except Exception:
handle(sys.exc_info())
out_prtime = ts_output = ""
return out_prtime, ts_output
def from_oleauto(timestamp):
"""Convert an OLE Automation timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["oleauto"]
try:
if (
"." not in timestamp
or not (
(len(timestamp.split(".")[0]) == 5)
and (len(timestamp.split(".")[1]) in range(9, 13))
)
or not "".join(timestamp.split(".")).isdigit()
):
in_ole_auto = indiv_output = combined_output = ""
else:
dt_obj = epochs[1899] + timedelta(days=float(timestamp))
in_ole_auto = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_ole_auto, tz_out)
except Exception:
handle(sys.exc_info())
in_ole_auto = indiv_output = combined_output = ""
return in_ole_auto, indiv_output, combined_output, reason, tz_out
def to_oleauto(dt_obj):
"""Convert a date to an OLE Automation timestamp"""
ts_type, _, _, _ = ts_types["oleauto"]
try:
ole_ts = ((dt_obj - epochs[1899]).total_seconds()) / 86400
out_ole_auto = f"{ole_ts:.12f}"
ts_output, _ = format_output(ts_type, out_ole_auto)
except Exception:
handle(sys.exc_info())
out_ole_auto = ts_output = ""
return out_ole_auto, ts_output
def from_ms1904(timestamp):
"""Convert a Microsoft Excel 1904 timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["ms1904"]
try:
if (
"." not in timestamp
or not (
(len(timestamp.split(".")[0]) == 5)
and (len(timestamp.split(".")[1]) in range(9, 13))
)
or not "".join(timestamp.split(".")).isdigit()
):
in_ms1904 = indiv_output = combined_output = ""
else:
dt_obj = epochs[1904] + timedelta(days=float(timestamp))
in_ms1904 = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_ms1904, tz_out)
except Exception:
handle(sys.exc_info())
in_ms1904 = indiv_output = combined_output = ""
return in_ms1904, indiv_output, combined_output, reason, tz_out
def to_ms1904(dt_obj):
"""Convert a date to a Microsoft Excel 1904 timestamp"""
ts_type, _, _, _ = ts_types["ms1904"]
try:
ms1904_ts = ((dt_obj - epochs[1904]).total_seconds()) / 86400
out_ms1904 = f"{ms1904_ts:.12f}"
ts_output, _ = format_output(ts_type, out_ms1904)
except Exception:
handle(sys.exc_info())
out_ms1904 = ts_output = ""
return out_ms1904, ts_output
def from_symantec(timestamp):
"""Convert a Symantec 6-byte hex timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["symantec"]
try:
if not len(timestamp) == 12 or not all(char in hexdigits for char in timestamp):
in_symtime = indiv_output = combined_output = ""
else:
hex_to_dec = [
int(timestamp[i : i + 2], 16) for i in range(0, len(timestamp), 2)
]
hex_to_dec[0] = hex_to_dec[0] + 1970
hex_to_dec[1] = hex_to_dec[1] + 1
if hex_to_dec[1] not in range(1, 13):
in_symtime = indiv_output = combined_output = ""
else:
try:
dt_obj = dt(
hex_to_dec[0],
hex_to_dec[1],
hex_to_dec[2],
hex_to_dec[3],
hex_to_dec[4],
hex_to_dec[5],
)
except ValueError:
in_symtime = indiv_output = combined_output = ""
return in_symtime, indiv_output, combined_output, reason, tz_out
in_symtime = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_symtime, tz_out)
except Exception:
handle(sys.exc_info())
in_symtime = indiv_output = combined_output = ""
return in_symtime, indiv_output, combined_output, reason, tz_out
def to_symantec(dt_obj):
"""Convert a date to Symantec's 6-byte hex timestamp"""
ts_type, _, _, _ = ts_types["symantec"]
try:
sym_year = f"{(dt_obj.year - 1970):02x}"
sym_month = f"{(dt_obj.month - 1):02x}"
sym_day = f"{(dt_obj.day):02x}"
sym_hour = f"{(dt_obj.hour):02x}"
sym_minute = f"{(dt_obj.minute):02x}"
sym_second = f"{(dt_obj.second):02x}"
out_symtime = (
f"{sym_year}{sym_month}{sym_day}{sym_hour}{sym_minute}{sym_second}"
)
ts_output, _ = format_output(ts_type, out_symtime)
except Exception:
handle(sys.exc_info())
out_symtime = ts_output = ""
return out_symtime, ts_output
def from_gps(timestamp):
"""Convert a GPS timestamp to a date (involves leap seconds)"""
ts_type, reason, _, tz_out = ts_types["gps"]
try:
if not len(timestamp) == 10 or not timestamp.isdigit():
in_gpstime = indiv_output = combined_output = ""
else:
gps_stamp = epochs[1980] + timedelta(seconds=float(timestamp))
tai_convert = gps_stamp + timedelta(seconds=19)
epoch_convert = (tai_convert - epochs[1970]).total_seconds()
check_date = dt.fromtimestamp(epoch_convert, timezone.utc)
for entry in leapseconds:
check = date_range(
leapseconds.get(entry)[0], leapseconds.get(entry)[1], check_date
)
if check is True:
variance = entry
else:
variance = 0
gps_out = check_date - timedelta(seconds=variance)
in_gpstime = gps_out.strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_gpstime, tz_out)
except Exception:
handle(sys.exc_info())
in_gpstime = indiv_output = combined_output = ""
return in_gpstime, indiv_output, combined_output, reason, tz_out
def to_gps(dt_obj):
"""Convert a date to a GPS timestamp (involves leap seconds)"""
ts_type, _, _, _ = ts_types["gps"]
try:
for entry in leapseconds:
check = date_range(
leapseconds.get(entry)[0], leapseconds.get(entry)[1], dt_obj
)
if check is True:
variance = entry
else:
variance = 0
leap_correction = dt_obj + timedelta(seconds=variance)
epoch_shift = leap_correction - epochs[1970]
gps_stamp = (
dt.fromtimestamp(epoch_shift.total_seconds(), timezone.utc) - epochs[1980]
).total_seconds() - 19
out_gpstime = str(int(gps_stamp))
ts_output, _ = format_output(ts_type, out_gpstime)
except Exception:
handle(sys.exc_info())
out_gpstime = ts_output = ""
return out_gpstime, ts_output
def from_eitime(timestamp):
"""Convert a Google ei URL timestamp"""
ts_type, reason, _, tz_out = ts_types["eitime"]
try:
if not all(char in URLSAFE_CHARS for char in timestamp):
in_eitime = indiv_output = combined_output = ""
else:
padding_check = len(timestamp) % 4
if padding_check != 0:
padding_reqd = 4 - padding_check
result_eitime = timestamp + (padding_reqd * "=")
else:
result_eitime = timestamp
try:
decoded_eitime = base64.urlsafe_b64decode(result_eitime).hex()[:8]
unix_ts = int.from_bytes(
struct.pack(" 0:
tz_out = f"{tz_out}+{str(dt_tz)}"
else:
tz_out = f"{tz_out}{str(dt_tz)}"
in_gsm = str(
dt(dt_year, dt_month, dt_day, dt_hour, dt_min, dt_sec).strftime(__fmt__)
)
indiv_output, combined_output = format_output(ts_type, in_gsm, tz_out)
except ValueError:
in_gsm = indiv_output = combined_output = ""
except Exception:
handle(sys.exc_info())
in_gsm = indiv_output = combined_output = ""
return in_gsm, indiv_output, combined_output, reason, tz_out
def to_gsm(dt_obj):
"""Convert a timestamp to a GSM timestamp"""
ts_type, _, _, _ = ts_types["gsm"]
try:
dt_tz = dt_obj.utcoffset().seconds
if dt_tz == 0:
hex_tz = f"{0:02d}"
elif dt_tz < 0:
dt_tz = dt_tz / 3600
conversion = str(f"{(int(abs(dt_tz)) * 4):02d}")
conv_list = list(conversion)
high_order = f"{int(conv_list[0]):04b}"
low_order = f"{int(conv_list[1]):04b}"
high_order = f"{(int(high_order, 2) + 8):04b}"
hex_tz = hex(int((high_order + low_order), 2)).lstrip("0x").upper()
else:
dt_tz = dt_tz / 3600
conversion = str(int(dt_tz) * 4).zfill(2)
conv_list = list(conversion)
high_order = f"{int(conv_list[0]):04b}"
low_order = f"{int(conv_list[1]):04b}"
hex_tz = hex(int((high_order + low_order), 2)).lstrip("0x").upper()
date_list = [
f"{(dt_obj.year - 2000):02d}",
f"{dt_obj.month:02d}",
f"{dt_obj.day:02d}",
f"{dt_obj.hour:02d}",
f"{dt_obj.minute:02d}",
f"{dt_obj.second:02d}",
hex_tz,
]
date_value_swap = []
for value in date_list[:]:
b_endian = value[::-1]
date_value_swap.append(b_endian)
out_gsm = "".join(date_value_swap)
ts_output, _ = format_output(ts_type, out_gsm)
except Exception:
handle(sys.exc_info())
out_gsm = ts_output = ""
return out_gsm, ts_output
def from_vm(timestamp):
"""Convert from a .vmsd createTimeHigh/createTimeLow timestamp"""
ts_type, reason, _, tz_out = ts_types["vm"]
try:
if "," not in timestamp:
in_vm = indiv_output = combined_output = ""
else:
create_time_high = int(timestamp.split(",")[0])
create_time_low = int(timestamp.split(",")[1])
try:
vmsd = (
float(
(create_time_high * 2**32)
+ struct.unpack("I", struct.pack("i", create_time_low))[0]
)
/ 1000000
)
except Exception:
in_vm = indiv_output = combined_output = ""
return in_vm, indiv_output, combined_output, reason, tz_out
if vmsd >= 32536799999:
in_vm = indiv_output = combined_output = ""
else:
in_vm = dt.fromtimestamp(vmsd, timezone.utc).strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_vm, tz_out)
except Exception:
handle(sys.exc_info())
in_vm = indiv_output = combined_output = ""
return in_vm, indiv_output, combined_output, reason, tz_out
def to_vm(dt_obj):
"""Convert date to a .vmsd createTime* value"""
ts_type, _, _, _ = ts_types["vm"]
try:
unix_seconds = int((dt_obj - epochs[1970]).total_seconds()) * 1000000
create_time_high = int(float(unix_seconds) / 2**32)
unpacked_int = unix_seconds - (create_time_high * 2**32)
create_time_low = struct.unpack("i", struct.pack("I", unpacked_int))[0]
out_vm = f"{str(create_time_high)},{str(create_time_low)}"
ts_output, _ = format_output(ts_type, out_vm)
except Exception:
handle(sys.exc_info())
out_vm = ts_output = ""
return out_vm, ts_output
def from_tiktok(timestamp):
"""Convert a TikTok URL value to a date/time"""
ts_type, reason, _, tz_out = ts_types["tiktok"]
try:
if len(str(timestamp)) < 19 or not timestamp.isdigit():
in_tiktok = indiv_output = combined_output = ""
else:
unix_ts = int(timestamp) >> 32
if unix_ts >= 32536799999:
in_tiktok = indiv_output = combined_output = ""
else:
in_tiktok = dt.fromtimestamp(float(unix_ts), timezone.utc).strftime(
__fmt__
)
indiv_output, combined_output = format_output(ts_type, in_tiktok, tz_out)
except Exception:
handle(sys.exc_info())
in_tiktok = indiv_output = combined_output = ""
return in_tiktok, indiv_output, combined_output, reason, tz_out
def to_tiktok(dt_obj):
"""Convert a date/time to a TikTok timestamp"""
ts_type, _, _, _ = ts_types["tiktok"]
try:
unix_ts = int(dt_obj.timestamp())
out_tiktok = str(unix_ts << 32)
ts_output, _ = format_output(ts_type, out_tiktok)
except Exception:
handle(sys.exc_info())
out_tiktok = ts_output = ""
return out_tiktok, ts_output
def from_twitter(timestamp):
"""Convert a Twitter URL value to a date/time"""
ts_type, reason, _, tz_out = ts_types["twitter"]
try:
if len(str(timestamp)) < 18 or not timestamp.isdigit():
in_twitter = indiv_output = combined_output = ""
else:
unix_ts = ((int(timestamp) >> 22) + 1288834974657) / 1000
if unix_ts >= 32536799999:
in_twitter = indiv_output = combined_output = ""
else:
in_twitter = dt.fromtimestamp(float(unix_ts), timezone.utc).strftime(
__fmt__
)
indiv_output, combined_output = format_output(ts_type, in_twitter, tz_out)
except Exception:
handle(sys.exc_info())
in_twitter = indiv_output = combined_output = ""
return in_twitter, indiv_output, combined_output, reason, tz_out
def to_twitter(dt_obj):
"""Convert a date/time value to a Twitter value"""
ts_type, _, _, _ = ts_types["twitter"]
try:
unix_ts = (dt_obj.timestamp() * 1000) - 1288834974657
out_twitter = str(int(unix_ts) << 22)
ts_output, _ = format_output(ts_type, out_twitter)
except Exception:
handle(sys.exc_info())
out_twitter = ts_output = ""
return out_twitter, ts_output
def from_discord(timestamp):
"""Convert a Discord URL value to a date/time"""
ts_type, reason, _, tz_out = ts_types["discord"]
try:
if len(str(timestamp)) < 18 or not timestamp.isdigit():
in_discord = indiv_output = combined_output = ""
else:
unix_ts = ((int(timestamp) >> 22) + 1420070400000) / 1000
if unix_ts >= 32536799999:
in_discord = indiv_output = combined_output = ""
else:
in_discord = dt.fromtimestamp(float(unix_ts), timezone.utc).strftime(
__fmt__
)
indiv_output, combined_output = format_output(ts_type, in_discord, tz_out)
except Exception:
handle(sys.exc_info())
in_discord = indiv_output = combined_output = ""
return in_discord, indiv_output, combined_output, reason, tz_out
def to_discord(dt_obj):
"""Convert a date/time to a Discord URL value"""
ts_type, _, _, _ = ts_types["discord"]
try:
timestamp = int(dt_obj.timestamp() * 1000) - 1420070400000
out_discord = str(timestamp << 22)
ts_output, _ = format_output(ts_type, out_discord)
except Exception:
handle(sys.exc_info())
out_discord = ts_output = ""
return out_discord, ts_output
def from_ksalnum(timestamp):
"""Extract a timestamp from a KSUID alpha-numeric value"""
ts_type, reason, _, tz_out = ts_types["ksalnum"]
try:
if len(str(timestamp)) != 27 or not all(
char in KSALNUM_CHARS for char in timestamp
):
in_ksalnum = indiv_output = combined_output = ""
else:
length, i, variation = len(timestamp), 0, 0
b_array = bytearray()
for val in timestamp:
variation += KSALNUM_CHARS.index(val) * (62 ** (length - (i + 1)))
i += 1
while variation > 0:
b_array.append(variation & 0xFF)
variation //= 256
b_array.reverse()
ts_bytes = bytes(b_array)[0:4]
unix_ts = int.from_bytes(ts_bytes, "big", signed=False) + epochs["kstime"]
in_ksalnum = dt.fromtimestamp(float(unix_ts), timezone.utc).strftime(
__fmt__
)
indiv_output, combined_output = format_output(ts_type, in_ksalnum, tz_out)
except Exception:
handle(sys.exc_info())
in_ksalnum = indiv_output = combined_output = ""
return in_ksalnum, indiv_output, combined_output, reason, tz_out
def to_ksalnum(dt_obj):
"""Convert a date/time to a KSUID alpha-numeric value"""
ts_type, _, _, _ = ts_types["ksalnum"]
try:
out_ksalnum = ""
unix_ts = int(dt_obj.timestamp())
ts_bytes = (unix_ts - epochs["kstime"]).to_bytes(4, "big")
filler = os.urandom(16)
all_bytes = ts_bytes + filler
big_int = int.from_bytes(all_bytes, "big")
while big_int > 0:
big_int, rem = divmod(big_int, 62)
out_ksalnum = KSALNUM_CHARS[rem] + out_ksalnum
out_ksalnum = out_ksalnum.rjust(27, "0")
ts_output, _ = format_output(ts_type, out_ksalnum)
except Exception:
handle(sys.exc_info())
out_ksalnum = ts_output = ""
return out_ksalnum, ts_output
def from_mastodon(timestamp):
"""Convert a Mastodon value to a date/time"""
ts_type, reason, _, tz_out = ts_types["mastodon"]
try:
if len(str(timestamp)) < 18 or not timestamp.isdigit():
in_mastodon = indiv_output = combined_output = ""
else:
ts_conversion = int(timestamp) >> 16
unix_ts = float(ts_conversion) / 1000.0
if int(unix_ts) >= 32536799999:
in_mastodon = indiv_output = combined_output = ""
else:
in_mastodon = dt.fromtimestamp(unix_ts, timezone.utc).strftime(__fmt__)
indiv_output, combined_output = format_output(
ts_type, in_mastodon, tz_out
)
except Exception:
handle(sys.exc_info())
in_mastodon = indiv_output = combined_output = ""
return in_mastodon, indiv_output, combined_output, reason, tz_out
def to_mastodon(dt_obj):
"""Convert a date/time to a Mastodon value"""
ts_type, _, _, _ = ts_types["mastodon"]
try:
unix_seconds = int((dt_obj - epochs[1970]).total_seconds()) * 1000
bit_shift = unix_seconds << 16
out_mastodon = f"{str(bit_shift)}"
ts_output, _ = format_output(ts_type, out_mastodon)
except Exception:
handle(sys.exc_info())
out_mastodon = ts_output = ""
return out_mastodon, ts_output
def from_metasploit(timestamp):
"""Convert a Metasploit Payload UUID value to a date/time"""
ts_type, reason, _, tz_out = ts_types["metasploit"]
meta_format = "8sBBBBBBBB"
try:
if len(str(timestamp)) < 22 or not all(
char in URLSAFE_CHARS for char in timestamp
):
in_metasploit = indiv_output = combined_output = ""
else:
b64decoded = base64.urlsafe_b64decode(timestamp[0:22] + "==")
if len(b64decoded) < struct.calcsize(meta_format):
in_metasploit = indiv_output = combined_output = ""
return in_metasploit, indiv_output, combined_output, reason, tz_out
(
_,
xor1,
xor2,
_,
_,
ts1_xored,
ts2_xored,
ts3_xored,
ts4_xored,
) = struct.unpack(meta_format, b64decoded)
unix_ts = struct.unpack(
">I",
bytes(
[
ts1_xored ^ xor1,
ts2_xored ^ xor2,
ts3_xored ^ xor1,
ts4_xored ^ xor2,
]
),
)[0]
in_metasploit = dt.fromtimestamp(float(unix_ts), timezone.utc).strftime(
__fmt__
)
indiv_output, combined_output = format_output(
ts_type, in_metasploit, tz_out
)
except Exception:
handle(sys.exc_info())
in_metasploit = indiv_output = combined_output = ""
return in_metasploit, indiv_output, combined_output, reason, tz_out
def from_sony(timestamp):
"""Convert a Sonyflake value to a date/time"""
ts_type, reason, _, tz_out = ts_types["sony"]
try:
if len(str(timestamp)) != 15 or not all(
char in hexdigits for char in timestamp
):
in_sony = indiv_output = combined_output = ""
else:
dec_value = int(timestamp, 16)
ts_value = dec_value >> 24
unix_ts = (ts_value + 140952960000) * 10
in_sony = dt.fromtimestamp(float(unix_ts) / 1000.0, timezone.utc).strftime(
__fmt__
)
indiv_output, combined_output = format_output(ts_type, in_sony, tz_out)
except Exception:
handle(sys.exc_info())
in_sony = indiv_output = combined_output = ""
return in_sony, indiv_output, combined_output, reason, tz_out
def to_sony(dt_obj):
"""Convert a date/time to a Sonyflake value"""
ts_type, _, _, _ = ts_types["sony"]
try:
dec_value = int((dt_obj.timestamp() * 100) - 140952960000)
out_sony = f"{(dec_value << 24):0x}"
ts_output, _ = format_output(ts_type, out_sony)
except Exception:
handle(sys.exc_info())
out_sony = ts_output = ""
return out_sony, ts_output
def from_uuid(timestamp):
"""Convert a UUID value to date/time"""
ts_type, reason, _, tz_out = ts_types["uuid"]
try:
uuid_lower = timestamp.lower()
uuid_regex = re.compile(
"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
)
if not bool(uuid_regex.match(uuid_lower)):
in_uuid = indiv_output = combined_output = ""
else:
u_data = uuid.UUID(uuid_lower)
if u_data.version == 1:
unix_ts = int((u_data.time / 10000) - 12219292800000)
in_uuid = dt.fromtimestamp(
float(unix_ts) / 1000.0, timezone.utc
).strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_uuid, tz_out)
else:
in_uuid = indiv_output = combined_output = ""
except Exception:
handle(sys.exc_info())
in_uuid = indiv_output = combined_output = ""
return in_uuid, indiv_output, combined_output, reason, tz_out
def to_uuid(dt_obj):
"""Convert a date/time value to a UUID"""
ts_type, _, _, _ = ts_types["uuid"]
try:
timestamp = int((dt_obj - epochs[1582]).total_seconds() * 1e7)
time_lo = timestamp & 0xFFFFFFFF
time_mid = (timestamp >> 32) & 0xFFFF
time_hi = (timestamp >> 48) & 0x0FFF
time_hi_ver_1 = time_hi | (1 << 12)
clock_seq = uuid.getnode() & 0x3FFF
clock_seq_hi_variant = (clock_seq >> 8) | 0x80
clock_seq_low = clock_seq & 0xFF
node = uuid.getnode()
out_uuid = str(
uuid.UUID(
fields=(
time_lo,
time_mid,
time_hi_ver_1,
clock_seq_hi_variant,
clock_seq_low,
node,
)
)
)
ts_output, _ = format_output(ts_type, out_uuid)
except Exception:
handle(sys.exc_info())
out_uuid = ts_output = ""
return out_uuid, ts_output
def from_dhcp6(timestamp):
"""Convert a DHCPv6 DUID value to date/time"""
ts_type, reason, _, tz_out = ts_types["dhcp6"]
try:
if len(str(timestamp)) < 28 or not all(char in hexdigits for char in timestamp):
in_dhcp6 = indiv_output = combined_output = ""
else:
dhcp6_bytes = timestamp[8:16]
dhcp6_dec = int(dhcp6_bytes, 16)
dhcp6_ts = epochs[2000] + timedelta(seconds=int(dhcp6_dec))
in_dhcp6 = dhcp6_ts.strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_dhcp6, tz_out)
except Exception:
handle(sys.exc_info())
in_dhcp6 = indiv_output = combined_output = ""
return in_dhcp6, indiv_output, combined_output, reason, tz_out
def to_dhcp6(dt_obj):
"""Convert a timestamp to a DHCP DUID value"""
ts_type, _, _, _ = ts_types["dhcp6"]
try:
unix_time = int((dt_obj - epochs[2000]).total_seconds())
if int(unix_time) < 0:
out_dhcp6 = "[!] Timestamp Boundary Exceeded [!]"
else:
dhcp6_ts = str(struct.pack(">L", unix_time).hex())
out_dhcp6 = f"00010001{dhcp6_ts}000000000000"
ts_output, _ = format_output(ts_type, out_dhcp6)
except Exception:
handle(sys.exc_info())
out_dhcp6 = ts_output = ""
return out_dhcp6, ts_output
def from_dotnet(timestamp):
"""Convert a .NET DateTime Ticks value to date/time"""
ts_type, reason, _, tz_out = ts_types["dotnet"]
try:
if len(str(timestamp)) != 18 or not (timestamp).isdigit():
in_dotnet = indiv_output = combined_output = ""
else:
dotnet_to_umil = (int(timestamp) - epochs["ticks"]) / epochs[
"hundreds_nano"
]
if dotnet_to_umil < 0:
in_dotnet = indiv_output = combined_output = ""
else:
in_dotnet = dt.fromtimestamp(dotnet_to_umil, timezone.utc).strftime(
__fmt__
)
indiv_output, combined_output = format_output(ts_type, in_dotnet, tz_out)
except Exception:
handle(sys.exc_info())
in_dotnet = indiv_output = combined_output = ""
return in_dotnet, indiv_output, combined_output, reason, tz_out
def to_dotnet(dt_obj):
"""Convert date to a .NET DateTime Ticks value"""
ts_type, _, _, _ = ts_types["dotnet"]
try:
ts = dt_obj.timestamp() * epochs["hundreds_nano"]
out_dotnet = str(int(ts + epochs["ticks"]))
ts_output, _ = format_output(ts_type, out_dotnet)
except Exception:
handle(sys.exc_info())
out_dotnet = ts_output = ""
return out_dotnet, ts_output
def from_gbound(timestamp):
"""Convert a GMail Boundary value to date/time"""
ts_type, reason, _, tz_out = ts_types["gbound"]
try:
if len(str(timestamp)) != 28 or not all(
char in hexdigits for char in timestamp
):
in_gbound = indiv_output = combined_output = ""
else:
working_value = timestamp[12:26]
end = working_value[:6]
begin = working_value[6:14]
full_dec = int("".join(begin + end), 16)
in_gbound = dt.fromtimestamp(full_dec / 1000000, timezone.utc).strftime(
__fmt__
)
indiv_output, combined_output = format_output(ts_type, in_gbound, tz_out)
except Exception:
handle(sys.exc_info())
in_gbound = indiv_output = combined_output = ""
return in_gbound, indiv_output, combined_output, reason, tz_out
def to_gbound(dt_obj):
"""Convert date to a GMail Boundary value"""
ts_type, _, _, _ = ts_types["gbound"]
try:
to_int = int(((dt_obj - epochs[1970]).total_seconds()) * 1000000)
if len(f"{to_int:x}") < 14:
to_int = f"0{to_int:x}"
begin = to_int[8:]
end = to_int[:8]
out_gbound = f"000000000000{begin}{end}00"
ts_output, _ = format_output(ts_type, out_gbound)
except Exception:
handle(sys.exc_info())
out_gbound = ts_output = ""
return out_gbound, ts_output
def from_gmsgid(timestamp):
"""Convert a GMail Message ID to a date/time value"""
ts_type, reason, _, tz_out = ts_types["gmsgid"]
try:
gmsgid = timestamp
if str(gmsgid).isdigit() and len(str(gmsgid)) == 19:
gmsgid = str(f"{int(gmsgid):x}")
if len(str(gmsgid)) != 16 or not all(char in hexdigits for char in gmsgid):
in_gmsgid = indiv_output = combined_output = ""
else:
working_value = gmsgid[:11]
to_int = int(working_value, 16)
in_gmsgid = dt.fromtimestamp(to_int / 1000, timezone.utc).strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_gmsgid, tz_out)
except Exception:
handle(sys.exc_info())
in_gmsgid = indiv_output = combined_output = ""
return in_gmsgid, indiv_output, combined_output, reason, tz_out
def to_gmsgid(dt_obj):
"""Convert date to a GMail Message ID value"""
ts_type, _, _, _ = ts_types["gmsgid"]
try:
to_int = int(((dt_obj - epochs[1970]).total_seconds()) * 1000)
ts_hex = f"{to_int:x}"
out_gmsgid = f"{ts_hex}00000"
ts_output, _ = format_output(ts_type, out_gmsgid)
except Exception:
handle(sys.exc_info())
out_gmsgid = ts_output = ""
return out_gmsgid, ts_output
def from_moto(timestamp):
"""Convert a Motorola 6-byte hex timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["moto"]
try:
if len(str(timestamp)) != 12 or not all(
char in hexdigits for char in timestamp
):
in_moto = indiv_output = combined_output = ""
else:
hex_to_dec = [
int(timestamp[i : i + 2], 16) for i in range(0, len(timestamp), 2)
]
hex_to_dec[0] = hex_to_dec[0] + 1970
if hex_to_dec[1] not in range(1, 13):
in_moto = indiv_output = combined_output = ""
else:
try:
dt_obj = dt(
hex_to_dec[0],
hex_to_dec[1],
hex_to_dec[2],
hex_to_dec[3],
hex_to_dec[4],
hex_to_dec[5],
)
except ValueError:
in_moto = indiv_output = combined_output = ""
return in_moto, indiv_output, combined_output, reason, tz_out
in_moto = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_moto, tz_out)
except Exception:
handle(sys.exc_info())
in_moto = indiv_output = combined_output = ""
return in_moto, indiv_output, combined_output, reason, tz_out
def to_moto(dt_obj):
"""Convert a date to Motorola's 6-byte hex timestamp"""
ts_type, _, _, _ = ts_types["moto"]
try:
moto_year = f"{(dt_obj.year - 1970):02x}"
moto_month = f"{(dt_obj.month):02x}"
moto_day = f"{(dt_obj.day):02x}"
moto_hour = f"{(dt_obj.hour):02x}"
moto_minute = f"{(dt_obj.minute):02x}"
moto_second = f"{(dt_obj.second):02x}"
out_moto = str(
f"{moto_year}{moto_month}{moto_day}"
f"{moto_hour}{moto_minute}{moto_second}"
)
ts_output, _ = format_output(ts_type, out_moto)
except Exception:
handle(sys.exc_info())
out_moto = ts_output = ""
return out_moto, ts_output
def from_nokia(timestamp):
"""Convert a Nokia 4-byte value to date/time"""
ts_type, reason, _, tz_out = ts_types["nokia"]
try:
if not len(timestamp) == 8 or not all(char in hexdigits for char in timestamp):
in_nokia = indiv_output = combined_output = ""
else:
to_int = int(timestamp, 16)
int_diff = to_int ^ 4294967295
int_diff = ~int_diff + 1
unix_ts = int_diff + (epochs[2050] - epochs[1970]).total_seconds()
if unix_ts < 0:
in_nokia = indiv_output = combined_output = ""
else:
in_nokia = dt.fromtimestamp(unix_ts, timezone.utc).strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_nokia, tz_out)
except Exception:
handle(sys.exc_info())
in_nokia = indiv_output = combined_output = ""
return in_nokia, indiv_output, combined_output, reason, tz_out
def to_nokia(dt_obj):
"""Convert a date/time value to a Nokia 4-byte timestamp"""
ts_type, _, _, _ = ts_types["nokia"]
try:
unix_ts = (dt_obj - epochs[1970]).total_seconds()
int_diff = int(unix_ts - (epochs[2050] - epochs[1970]).total_seconds())
int_diff = int_diff - 1
dec_value = ~int_diff ^ 4294967295
out_nokia = f"{dec_value:x}"
ts_output, _ = format_output(ts_type, out_nokia)
except Exception:
handle(sys.exc_info())
out_nokia = ts_output = ""
return out_nokia, ts_output
def from_nokiale(timestamp):
"""Convert a little-endian Nokia 4-byte value to date/time"""
ts_type, reason, _, tz_out = ts_types["nokiale"]
try:
if not len(timestamp) == 8 or not all(char in hexdigits for char in timestamp):
in_nokiale = indiv_output = combined_output = ""
else:
to_be = "".join(
[timestamp[i : i + 2] for i in range(0, len(timestamp), 2)][::-1]
)
to_int = int(to_be, 16)
int_diff = to_int ^ 4294967295
int_diff = ~int_diff + 1
unix_ts = int_diff + (epochs[2050] - epochs[1970]).total_seconds()
if unix_ts < 0:
in_nokiale = indiv_output = combined_output = ""
else:
in_nokiale = dt.fromtimestamp(unix_ts, timezone.utc).strftime(__fmt__)
indiv_output, combined_output = format_output(
ts_type, in_nokiale, tz_out
)
except Exception:
handle(sys.exc_info())
in_nokiale = indiv_output = combined_output = ""
return in_nokiale, indiv_output, combined_output, reason, tz_out
def to_nokiale(dt_obj):
"""Convert a date/time value to a little-endian Nokia 4-byte timestamp"""
ts_type, _, _, _ = ts_types["nokiale"]
try:
unix_ts = (dt_obj - epochs[1970]).total_seconds()
int_diff = int(unix_ts - (epochs[2050] - epochs[1970]).total_seconds())
int_diff = int_diff - 1
dec_val = ~int_diff ^ 4294967295
hex_val = f"{dec_val:x}"
out_nokiale = "".join(
[hex_val[i : i + 2] for i in range(0, len(hex_val), 2)][::-1]
)
ts_output, _ = format_output(ts_type, out_nokiale)
except Exception:
handle(sys.exc_info())
out_nokiale = ts_output = ""
return out_nokiale, ts_output
def from_ns40(timestamp):
"""Convert a Nokia S40 7-byte value to a time/time"""
ts_type, reason, _, tz_out = ts_types["ns40"]
try:
if not len(timestamp) == 14 or not all(char in hexdigits for char in timestamp):
in_ns40 = indiv_output = combined_output = ""
else:
ns40 = timestamp
ns40_val = {
"yr": ns40[:4],
"mon": ns40[4:6],
"day": ns40[6:8],
"hr": ns40[8:10],
"min": ns40[10:12],
"sec": ns40[12:],
}
for each_key, _ in ns40_val.items():
ns40_val[str(each_key)] = int(ns40_val[str(each_key)], 16)
if ns40_val["yr"] > 9999:
in_ns40 = indiv_output = combined_output = ""
elif (int(ns40_val["mon"]) > 12) or (int(ns40_val["mon"] < 1)):
in_ns40 = indiv_output = combined_output = ""
else:
in_ns40 = dt(
ns40_val["yr"],
ns40_val["mon"],
ns40_val["day"],
ns40_val["hr"],
ns40_val["min"],
ns40_val["sec"],
).strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_ns40, tz_out)
except Exception:
handle(sys.exc_info())
in_ns40 = indiv_output = combined_output = ""
return in_ns40, indiv_output, combined_output, reason, tz_out
def to_ns40(dt_obj):
"""Convert a date/time value to a Nokia S40 7-byte timestamp"""
ts_type, _, _, _ = ts_types["ns40"]
try:
hex_vals = []
hex_vals.append(f"{dt_obj.year:x}".zfill(4))
hex_vals.append(f"{dt_obj.month:x}".zfill(2))
hex_vals.append(f"{dt_obj.day:x}".zfill(2))
hex_vals.append(f"{dt_obj.hour:x}".zfill(2))
hex_vals.append(f"{dt_obj.minute:x}".zfill(2))
hex_vals.append(f"{dt_obj.second:x}".zfill(2))
out_ns40 = "".join(hex_vals)
ts_output, _ = format_output(ts_type, out_ns40)
except Exception:
handle(sys.exc_info())
out_ns40 = ts_output = ""
return out_ns40, ts_output
def from_ns40le(timestamp):
"""Convert a little-endian Nokia S40 7-byte value to a date/time"""
ts_type, reason, _, tz_out = ts_types["ns40le"]
try:
if len(str(timestamp)) != 14 or not all(
char in hexdigits for char in timestamp
):
in_ns40le = indiv_output = combined_output = ""
else:
ns40le = timestamp
ns40_val = {
"yr": "".join(
[ns40le[i : i + 2] for i in range(0, len(ns40le[:4]), 2)][::-1]
),
"mon": ns40le[4:6],
"day": ns40le[6:8],
"hr": ns40le[8:10],
"min": ns40le[10:12],
"sec": ns40le[12:],
}
for each_key, _ in ns40_val.items():
ns40_val[str(each_key)] = int(ns40_val[str(each_key)], 16)
if ns40_val["yr"] > 9999:
in_ns40le = indiv_output = combined_output = ""
elif (int(ns40_val["mon"]) > 12) or (int(ns40_val["mon"] < 1)):
in_ns40le = indiv_output = combined_output = ""
else:
in_ns40le = dt(
ns40_val["yr"],
ns40_val["mon"],
ns40_val["day"],
ns40_val["hr"],
ns40_val["min"],
ns40_val["sec"],
).strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_ns40le, tz_out)
except Exception:
handle(sys.exc_info())
in_ns40le = indiv_output = combined_output = ""
return in_ns40le, indiv_output, combined_output, reason, tz_out
def to_ns40le(dt_obj):
"""Convert a date/time value to a little-endian Nokia S40 7-byte timestamp"""
ts_type, _, _, _ = ts_types["ns40le"]
try:
hex_vals = []
year_le = f"{dt_obj.year:x}".zfill(4)
year_le = "".join(
[year_le[i : i + 2] for i in range(0, len(year_le[:4]), 2)][::-1]
)
hex_vals.append(f"{year_le}".zfill(4))
hex_vals.append(f"{dt_obj.month:x}".zfill(2))
hex_vals.append(f"{dt_obj.day:x}".zfill(2))
hex_vals.append(f"{dt_obj.hour:x}".zfill(2))
hex_vals.append(f"{dt_obj.minute:x}".zfill(2))
hex_vals.append(f"{dt_obj.second:x}".zfill(2))
out_ns40le = "".join(hex_vals)
ts_output, _ = format_output(ts_type, out_ns40le)
except Exception:
handle(sys.exc_info())
out_ns40le = ts_output = ""
return out_ns40le, ts_output
def from_bitdec(timestamp):
"""Convert a 10-digit Bitwise Decimal value to a date/time"""
ts_type, reason, _, tz_out = ts_types["bitdec"]
try:
if len(str(timestamp)) != 10 or not (timestamp).isdigit():
in_bitdec = indiv_output = combined_output = ""
else:
full_ts = int(timestamp)
bd_yr = full_ts >> 20
bd_mon = (full_ts >> 16) & 15
bd_day = (full_ts >> 11) & 31
bd_hr = (full_ts >> 6) & 31
bd_min = full_ts & 63
try:
in_bitdec = dt(bd_yr, bd_mon, bd_day, bd_hr, bd_min).strftime(__fmt__)
except ValueError:
in_bitdec = indiv_output = combined_output = ""
return in_bitdec, indiv_output, combined_output, reason, tz_out
indiv_output, combined_output = format_output(ts_type, in_bitdec, tz_out)
except Exception:
handle(sys.exc_info())
in_bitdec = indiv_output = combined_output = ""
return in_bitdec, indiv_output, combined_output, reason, tz_out
def to_bitdec(dt_obj):
"""Convert a date/time value to a Bitwise Decimal timestamp"""
ts_type, _, _, _ = ts_types["bitdec"]
try:
out_bitdec = str(
(dt_obj.year << 20)
+ (dt_obj.month << 16)
+ (dt_obj.day << 11)
+ (dt_obj.hour << 6)
+ (dt_obj.minute)
)
ts_output, _ = format_output(ts_type, out_bitdec)
except Exception:
handle(sys.exc_info())
out_bitdec = ts_output = ""
return out_bitdec, ts_output
def from_bitdate(timestamp):
"""Convert a Samsung/LG 4-byte hex timestamp to a date/time"""
ts_type, reason, _, tz_out = ts_types["bitdate"]
try:
if len(str(timestamp)) != 8 or not all(char in hexdigits for char in timestamp):
in_bitdate = indiv_output = combined_output = ""
else:
to_le = "".join(
[timestamp[i : i + 2] for i in range(0, len(str(timestamp)), 2)][::-1]
)
to_binary = f"{int(to_le, 16):032b}"
bitdate_yr = int(to_binary[:12], 2)
bitdate_mon = int(to_binary[12:16], 2)
bitdate_day = int(to_binary[16:21], 2)
bitdate_hr = int(to_binary[21:26], 2)
bitdate_min = int(to_binary[26:32], 2)
if bitdate_yr not in range(1900, 2500):
in_bitdate = indiv_output = combined_output = ""
return in_bitdate, indiv_output, combined_output, reason, tz_out
try:
in_bitdate = dt(
bitdate_yr, bitdate_mon, bitdate_day, bitdate_hr, bitdate_min
).strftime(__fmt__)
except ValueError:
in_bitdate = indiv_output = combined_output = ""
return in_bitdate, indiv_output, combined_output, reason, tz_out
indiv_output, combined_output = format_output(ts_type, in_bitdate, tz_out)
except Exception:
handle(sys.exc_info())
in_bitdate = indiv_output = combined_output = ""
return in_bitdate, indiv_output, combined_output, reason, tz_out
def to_bitdate(dt_obj):
"""Convert a date/time value to a Samsung/LG timestamp"""
ts_type, _, _, _ = ts_types["bitdate"]
try:
bitdate_yr = f"{dt_obj.year:012b}"
bitdate_mon = f"{dt_obj.month:04b}"
bitdate_day = f"{dt_obj.day:05b}"
bitdate_hr = f"{dt_obj.hour:05b}"
bitdate_min = f"{dt_obj.minute:06b}"
to_hex = str(
struct.pack(
">I",
int(
bitdate_yr + bitdate_mon + bitdate_day + bitdate_hr + bitdate_min, 2
),
).hex()
)
out_bitdate = "".join(
[to_hex[i : i + 2] for i in range(0, len(to_hex), 2)][::-1]
)
ts_output, _ = format_output(ts_type, out_bitdate)
except Exception:
handle(sys.exc_info())
out_bitdate = ts_output = ""
return out_bitdate, ts_output
def from_ksdec(timestamp):
"""Convert a KSUID decimal value to a date"""
ts_type, reason, _, tz_out = ts_types["ksdec"]
try:
if len(timestamp) != 9 or not timestamp.isdigit():
in_ksdec = indiv_output = combined_output = ""
else:
ts_val = int(timestamp) + int(epochs["kstime"])
in_ksdec = dt.fromtimestamp(float(ts_val), timezone.utc).strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_ksdec, tz_out)
except Exception:
handle(sys.exc_info())
in_ksdec = indiv_output = combined_output = ""
return in_ksdec, indiv_output, combined_output, reason, tz_out
def to_ksdec(dt_obj):
"""Convert date to a KSUID decimal value"""
ts_type, _, _, _ = ts_types["ksdec"]
try:
unix_ts = str(int((dt_obj - epochs[1970]).total_seconds()))
out_ksdec = str(int(unix_ts) - int(epochs["kstime"]))
if int(out_ksdec) < 0:
out_ksdec = "[!] Timestamp Boundary Exceeded [!]"
ts_output, _ = format_output(ts_type, out_ksdec)
except Exception:
handle(sys.exc_info())
out_ksdec = ts_output = ""
return out_ksdec, ts_output
def from_biomehex(timestamp):
"""Convert an Apple Biome Hex value to a date - from Little Endian"""
ts_type, reason, _, tz_out = ts_types["biomehex"]
try:
biomehex = str(timestamp)
if len(biomehex) != 16 or not all(char in hexdigits for char in biomehex):
in_biomehex = indiv_output = combined_output = ""
else:
if biomehex[:2] == "41":
biomehex = "".join(
[biomehex[i : i + 2] for i in range(0, len(biomehex), 2)][::-1]
)
byte_val = bytes.fromhex(str(biomehex))
nsdate_val = struct.unpack("= 1e17:
in_biomehex = indiv_output = combined_output = ""
else:
dt_obj = epochs[2001] + timedelta(seconds=float(nsdate_val))
in_biomehex = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(
ts_type, in_biomehex, tz_out
)
except Exception:
handle(sys.exc_info())
in_biomehex = indiv_output = combined_output = ""
return in_biomehex, indiv_output, combined_output, reason, tz_out
def to_biomehex(dt_obj):
"""Convert a date/time to an Apple Biome Hex value"""
ts_type, _, _, _ = ts_types["biomehex"]
try:
bplist_stamp = str(float((dt_obj - epochs[2001]).total_seconds()))
byte_biome = struct.pack(">d", float(bplist_stamp))
out_biomehex = bytes.hex(byte_biome)
ts_output, _ = format_output(ts_type, out_biomehex)
except Exception:
handle(sys.exc_info())
out_biomehex = ts_output = ""
return out_biomehex, ts_output
def from_biome64(timestamp):
"""Convert a 64-bit decimal value to a date/time value"""
ts_type, reason, _, tz_out = ts_types["biome64"]
try:
if len(timestamp) != 19 or not timestamp.isdigit():
in_biome64 = indiv_output = combined_output = ""
else:
nsdate_unpacked = int(
struct.unpack("= 1e17:
in_biome64 = indiv_output = combined_output = ""
else:
dt_obj = epochs[2001] + timedelta(seconds=float(nsdate_unpacked))
in_biome64 = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(
ts_type, in_biome64, tz_out
)
except Exception:
handle(sys.exc_info())
in_biome64 = indiv_output = combined_output = ""
return in_biome64, indiv_output, combined_output, reason, tz_out
def to_biome64(dt_obj):
"""Convert a date/time value to a"""
ts_type, _, _, _ = ts_types["biome64"]
try:
nsdate_stamp = float((dt_obj - epochs[2001]).total_seconds())
out_biome64 = str(int.from_bytes(struct.pack(">d", nsdate_stamp), "big"))
ts_output, _ = format_output(ts_type, out_biome64)
except Exception:
handle(sys.exc_info())
out_biome64 = ts_output = ""
return out_biome64, ts_output
def from_s32(timestamp):
"""
Convert an S32 timestamp to a date/time value
"""
ts_type, reason, _, tz_out = ts_types["s32"]
try:
result = 0
timestamp = str(timestamp)
if len(timestamp) != 9 or not all(char in S32_CHARS for char in timestamp):
in_s32 = indiv_output = combined_output = ""
else:
for char in timestamp:
result = result * 32 + S32_CHARS.index(char)
dt_obj = dt.fromtimestamp(result / 1000.0, timezone.utc)
in_s32 = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_s32, tz_out)
except Exception:
handle(sys.exc_info())
in_s32 = indiv_output = combined_output = ""
return in_s32, indiv_output, combined_output, reason, tz_out
def to_s32(dt_obj):
"""Convert a date/time to an S32-encoded timestamp"""
ts_type, _, _, _ = ts_types["s32"]
try:
result = ""
index = 0
unix_mil = int(((dt_obj - epochs[1970]).total_seconds())) * 1000
while unix_mil:
index = unix_mil % 32
unix_mil = math.floor(unix_mil / 32)
result = S32_CHARS[index] + result
out_s32 = result
ts_output, _ = format_output(ts_type, out_s32)
except Exception:
handle(sys.exc_info())
out_s32 = ts_output = ""
return out_s32, ts_output
def from_apache(timestamp):
"""
Convert an Apache hex timestamp to a date/time value
This value has 13 hex characters, and does not fit a byte boundary
"""
ts_type, reason, _, tz_out = ts_types["apache"]
try:
timestamp = str(timestamp)
if len(timestamp) != 13 or not all(char in hexdigits for char in timestamp):
in_apache = indiv_output = combined_output = ""
else:
dec_val = int(timestamp, 16)
dt_obj = epochs[1970] + timedelta(microseconds=dec_val)
in_apache = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_apache, tz_out)
except Exception:
handle(sys.exc_info())
in_apache = indiv_output = combined_output = ""
return in_apache, indiv_output, combined_output, reason, tz_out
def to_apache(dt_obj):
"""Convert a date/time to an Apache cookie value"""
ts_type, _, _, _ = ts_types["apache"]
try:
apache_int = int(((dt_obj - epochs[1970]).total_seconds()) * 1000000)
out_apache = f"{apache_int:x}"
ts_output, _ = format_output(ts_type, out_apache)
except Exception:
handle(sys.exc_info())
out_apache = ts_output = ""
return out_apache, ts_output
def from_leb128hex(timestamp):
"""Convert a LEB 128 hex value to a date"""
ts_type, reason, _, tz_out = ts_types["leb128hex"]
try:
if not len(timestamp) % 2 == 0 or not all(
char in hexdigits for char in timestamp
):
in_leb128_hex = indiv_output = combined_output = ""
else:
ts_hex_list = [(timestamp[i : i + 2]) for i in range(0, len(timestamp), 2)]
unix_milli = 0
shift = 0
for hex_val in ts_hex_list:
byte_val = int(hex_val, 16)
unix_milli |= (byte_val & 0x7F) << shift
if (byte_val & 0x80) == 0:
break
shift += 7
in_leb128_hex, _, _, _, _ = from_unixmilli(str(unix_milli))
indiv_output, combined_output = format_output(
ts_type, in_leb128_hex, tz_out
)
except Exception:
handle(sys.exc_info())
in_leb128_hex = indiv_output = combined_output = ""
return in_leb128_hex, indiv_output, combined_output, reason, tz_out
def to_leb128hex(dt_obj):
"""Convert a date to a LEB128 hex value."""
ts_type, _, _, _ = ts_types["leb128hex"]
try:
unix_milli, _ = to_unixmilli(dt_obj)
unix_milli = int(unix_milli)
byte_list = []
while True:
byte_val = unix_milli & 0x7F
unix_milli >>= 7
if unix_milli != 0:
byte_val |= 0x80
byte_list.append(byte_val)
if unix_milli == 0:
break
out_leb128_hex = "".join([f"{byte_val:02x}" for byte_val in byte_list])
ts_output, _ = format_output(ts_type, out_leb128_hex)
except Exception:
handle(sys.exc_info())
out_leb128_hex = ts_output = ""
return out_leb128_hex, ts_output
def from_juliandec(timestamp):
"""Convert Julian Date decimal value to a date"""
ts_type, reason, _, tz_out = ts_types["juliandec"]
try:
if (
"." not in timestamp
or not (
(len(timestamp.split(".")[0]) == 7)
and (len(timestamp.split(".")[1]) in range(0, 11))
)
or not "".join(timestamp.split(".")).isdigit()
):
in_julian_dec = indiv_output = combined_output = ""
else:
try:
timestamp = float(timestamp)
except Exception:
timestamp = int(timestamp)
yr, mon, day, hr, mins, sec, mil = jd.to_gregorian(timestamp)
dt_vals = [yr, mon, day, hr, mins, sec, mil]
if any(val < 0 for val in dt_vals):
in_julian_dec = indiv_output = combined_output = ""
else:
in_julian_dec = (dt(yr, mon, day, hr, mins, sec, mil)).strftime(__fmt__)
indiv_output, combined_output = format_output(
ts_type, in_julian_dec, tz_out
)
except Exception:
handle(sys.exc_info())
in_julian_dec = indiv_output = combined_output = ""
return in_julian_dec, indiv_output, combined_output, reason, tz_out
def to_juliandec(dt_obj):
"""Convert a date to a Julian Date"""
ts_type, _, _, _ = ts_types["juliandec"]
try:
out_julian_dec = str(
jd.from_gregorian(
dt_obj.year,
dt_obj.month,
dt_obj.day,
dt_obj.hour,
dt_obj.minute,
dt_obj.second,
)
)
ts_output, _ = format_output(ts_type, out_julian_dec)
except Exception:
handle(sys.exc_info())
out_julian_dec = ts_output = ""
return out_julian_dec, ts_output
def from_julianhex(timestamp):
"""Convert Julian Date hex value to a date"""
ts_type, reason, _, tz_out = ts_types["julianhex"]
try:
if not len(timestamp) // 2 == 7 or not all(
char in hexdigits for char in timestamp
):
in_julian_hex = indiv_output = combined_output = ""
else:
julianday = int(timestamp[:6], 16)
julianmil = int(timestamp[6:], 16)
julianmil = julianmil / 10 ** int((len(str(julianmil))))
julian_date = int(julianday) + int(julianmil)
yr, mon, day, hr, mins, sec, mil = jd.to_gregorian(julian_date)
dt_vals = [yr, mon, day, hr, mins, sec, mil]
if yr > 3000 or any(val < 0 for val in dt_vals):
in_julian_hex = indiv_output = combined_output = ""
else:
dt_obj = dt(yr, mon, day, hr, mins, sec, mil)
in_julian_hex = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(
ts_type, in_julian_hex, tz_out
)
except Exception:
handle(sys.exc_info())
in_julian_hex = indiv_output = combined_output = ""
return in_julian_hex, indiv_output, combined_output, reason, tz_out
def to_julianhex(dt_obj):
"""Convert a date to a Julian Hex Date"""
ts_type, _, _, _ = ts_types["julianhex"]
try:
jul_dec = jd.from_gregorian(
dt_obj.year,
dt_obj.month,
dt_obj.day,
dt_obj.hour,
dt_obj.minute,
dt_obj.second,
)
if isinstance(jul_dec, float):
left_val, right_val = str(jul_dec).split(".")
left_val = f"{int(left_val):06x}"
right_val = f"{int(right_val):08x}"
elif isinstance(jul_dec, int):
left_val = f"{jul_dec:06x}"
right_val = f"{0:08x}"
out_julian_hex = f"{str(left_val)}{str(right_val)}"
ts_output, _ = format_output(ts_type, out_julian_hex)
except Exception:
handle(sys.exc_info())
out_julian_hex = ts_output = ""
return out_julian_hex, ts_output
def from_semioctet(timestamp):
"""Convert from a Semi-Octet decimal value to a date"""
ts_type, reason, _, tz_out = ts_types["semioctet"]
try:
yr = mon = day = hr = mins = sec = None
if (
len(str(timestamp)) != 12
or len(str(timestamp)) != 14
and not str(timestamp).isdigit()
):
in_semi_octet = indiv_output = combined_output = ""
else:
if len(str(timestamp)) == 12:
yr, mon, day, hr, mins, sec = [
(a + b)[::-1] for a, b in zip(timestamp[::2], timestamp[1::2])
]
elif len(str(timestamp)) == 14:
yr, mon, day, hr, mins, sec, _ = [
(a + b)[::-1] for a, b in zip(timestamp[::2], timestamp[1::2])
]
try:
dt_obj = dt(
int(yr) + 2000, int(mon), int(day), int(hr), int(mins), int(sec)
)
except ValueError:
in_semi_octet = indiv_output = combined_output = ""
return in_semi_octet, indiv_output, combined_output, reason, tz_out
in_semi_octet = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(
ts_type, in_semi_octet, tz_out
)
except Exception:
handle(sys.exc_info())
in_semi_octet = indiv_output = combined_output = ""
return in_semi_octet, indiv_output, combined_output, reason, tz_out
def to_semioctet(dt_obj):
"""Convert a date to a Semi-Octet decimal value"""
ts_type, _, _, _ = ts_types["semioctet"]
try:
swap_list = []
ts_vals = [
str(f"{(dt_obj.year - 2000):02d}"),
str(f"{dt_obj.month:02d}"),
str(f"{dt_obj.day:02d}"),
str(f"{dt_obj.hour:02d}"),
str(f"{dt_obj.minute:02d}"),
str(f"{dt_obj.second:02d}"),
]
for each in ts_vals:
swap_list.append(each[::-1])
out_semi_octet = "".join(swap_list)
ts_output, _ = format_output(ts_type, out_semi_octet)
except Exception:
handle(sys.exc_info())
out_semi_octet = ts_output = ""
return out_semi_octet, ts_output
def from_ved(timestamp):
"""Convert from a VED urlsafe base64 encoded protobuf"""
ts_type, reason, _, tz_out = ts_types["ved"]
try:
if not all(char in URLSAFE_CHARS for char in timestamp):
in_ved = indiv_output = combined_output = ""
else:
decoded_ved = None
if timestamp[0].isdigit() and int(timestamp[0]) in range(0, 3):
timestamp = timestamp[1:]
padding_check = len(timestamp) % 4
if padding_check != 0:
padding_reqd = 4 - padding_check
result_ved = timestamp + (padding_reqd * "=")
else:
result_ved = timestamp
try:
decoded_ved = base64.urlsafe_b64decode(result_ved)
except base64.binascii.Error:
in_ved = indiv_output = combined_output = ""
try:
buff_content, _ = blackboxprotobuf.decode_message(decoded_ved)
except (DecoderException, TypeError):
in_ved = indiv_output = combined_output = ""
return in_ved, indiv_output, combined_output, reason, tz_out
if "13" in buff_content:
ved_ts = buff_content["13"]["1"]["1"]
in_ved = dt.fromtimestamp(ved_ts / 1000000, timezone.utc).strftime(
__fmt__
)
indiv_output, combined_output = format_output(ts_type, in_ved, tz_out)
else:
in_ved = indiv_output = combined_output = ""
except Exception:
handle(sys.exc_info())
in_ved = indiv_output = combined_output = ""
return in_ved, indiv_output, combined_output, reason, tz_out
def from_gclid(timestamp):
"""Convert from a gclid urlsafe base64 encoded protobuf"""
ts_type, reason, _, tz_out = ts_types["gclid"]
try:
if not all(char in URLSAFE_CHARS for char in timestamp):
in_gclid = indiv_output = combined_output = ""
else:
decoded_gclid = None
if timestamp[0].isdigit() and int(timestamp[0]) in range(0, 3):
timestamp = timestamp[1:]
padding_check = len(timestamp) % 4
if padding_check != 0:
padding_reqd = 4 - padding_check
result_gclid = timestamp + (padding_reqd * "=")
else:
result_gclid = timestamp
try:
decoded_gclid = base64.urlsafe_b64decode(result_gclid)
except base64.binascii.Error:
in_gclid = indiv_output = combined_output = ""
try:
buff_content, _ = blackboxprotobuf.decode_message(decoded_gclid)
except (DecoderException, TypeError):
in_gclid = indiv_output = combined_output = ""
return in_gclid, indiv_output, combined_output, reason, tz_out
if (
"1" in buff_content
and isinstance(buff_content["1"], int)
and len(str(buff_content["1"])) == 16
):
gclid_ts = buff_content["1"]
in_gclid = dt.fromtimestamp(gclid_ts / 1000000, timezone.utc).strftime(
__fmt__
)
indiv_output, combined_output = format_output(ts_type, in_gclid, tz_out)
else:
in_gclid = indiv_output = combined_output = ""
except Exception:
handle(sys.exc_info())
in_gclid = indiv_output = combined_output = ""
return in_gclid, indiv_output, combined_output, reason, tz_out
def from_linkedin(timestamp):
"""Convert from a LinkedIn Post Activity ID"""
ts_type, reason, _, tz_out = ts_types["linkedin"]
try:
if not str(timestamp).isdigit():
in_linkedin = indiv_output = combined_output = ""
else:
bin_convert = bin(int(timestamp))[2:43]
li_ts = int(bin_convert, 2) / 1000
in_linkedin = dt.fromtimestamp(li_ts, timezone.utc).strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_linkedin, tz_out)
except Exception:
handle(sys.exc_info())
in_linkedin = indiv_output = combined_output = ""
return in_linkedin, indiv_output, combined_output, reason, tz_out
def to_linkedin(dt_obj):
"""Convert a date/time to a LinkedIn Post Activity ID"""
ts_type, _, _, _ = ts_types["linkedin"]
padding = "1011100101100100110110"
try:
unix_ts = dt_obj.timestamp() * 1000
to_bin = bin(int(unix_ts))[2:43]
out_linkedin = str(int(to_bin + padding, 2))
ts_output, _ = format_output(ts_type, out_linkedin)
except Exception:
handle(sys.exc_info())
out_linkedin = ts_output = ""
return out_linkedin, ts_output
def from_ulid(timestamp):
"""Convert from a ULID value"""
ts_type, reason, _, tz_out = ts_types["ulid"]
try:
if (
not all(char in BASE32_CHARS for char in timestamp)
or len(str(timestamp)) != 26
):
in_ulid = indiv_output = combined_output = ""
else:
ulid_dt = ULID.parse(timestamp).datetime
in_ulid = ulid_dt.strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_ulid, tz_out)
except Exception:
handle(sys.exc_info())
in_ulid = indiv_output = combined_output = ""
return in_ulid, indiv_output, combined_output, reason, tz_out
def to_ulid(dt_obj):
"""Convert a date to a ULID value"""
ts_type, _, _, _ = ts_types["ulid"]
try:
out_ulid = str(ULID.from_datetime(dt_obj))
ts_output, _ = format_output(ts_type, out_ulid)
except Exception:
handle(sys.exc_info())
out_ulid = ts_output = ""
return out_ulid, ts_output
def from_dttm(timestamp):
"""Convert a Microsoft DTTM timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["dttm"]
try:
if not len(timestamp) == 8 or not all(char in hexdigits for char in timestamp):
in_dttm = indiv_output = combined_output = ""
else:
int_ts = int(timestamp, 16)
binary = f"{int_ts:032b}"
stamp = [
binary[:3],
binary[3:12],
binary[12:16],
binary[16:21],
binary[21:26],
binary[26:32],
]
for binary in stamp[:]:
dec = int(binary, 2)
stamp.remove(binary)
stamp.append(dec)
dttm_dow = stamp[0]
dttm_year = stamp[1] + 1900
dttm_month = stamp[2]
dttm_dom = stamp[3]
dttm_hour = stamp[4]
dttm_min = stamp[5]
try:
out_of_range = any(
not low <= value < high
for value, (low, high) in zip(
(
dttm_dow,
dttm_year,
dttm_month,
dttm_dom,
dttm_hour,
dttm_min,
),
(
(0, 6),
(1900, 2050),
(1, 13),
(0, monthrange(dttm_year, dttm_month)[1] + 1),
(0, 24),
(0, 60),
),
)
)
if out_of_range:
in_dttm = indiv_output = combined_output = ""
return in_dttm, indiv_output, combined_output, reason, tz_out
except (IllegalMonthError, ValueError):
in_dttm = indiv_output = combined_output = ""
return in_dttm, indiv_output, combined_output, reason, tz_out
dt_obj = dt(dttm_year, dttm_month, dttm_dom, dttm_hour, dttm_min, 0)
in_dttm = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_dttm, tz_out)
except Exception:
handle(sys.exc_info())
in_dttm = indiv_output = combined_output = ""
return in_dttm, indiv_output, combined_output, reason, tz_out
def to_dttm(dt_obj):
"""Convert a date to a Microsoft DTTM timestamp"""
ts_type, _, _, _ = ts_types["dttm"]
try:
year = f"{(dt_obj.year - 1900):09b}"
month = f"{dt_obj.month:04b}"
day = f"{dt_obj.day:05b}"
hour = f"{dt_obj.hour:05b}"
minute = f"{dt_obj.minute:06b}"
dow = f"{dt_obj.isoweekday():03b}"
out_dttm = str(
struct.pack(">I", int(dow + year + month + day + hour + minute, 2)).hex()
)
ts_output, _ = format_output(ts_type, out_dttm)
except Exception:
handle(sys.exc_info())
out_dttm = ts_output = ""
return out_dttm, ts_output
def from_bcd(timestamp):
"""Convert a Binary Coded Decimal timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["bcd"]
try:
if len(timestamp) != 12 and not timestamp.isdigit():
in_bcd = indiv_output = combined_output = ""
else:
yr, mon, day, hr, mins, sec = [
timestamp[i : i + 2] for i in range(0, len(timestamp), 2)
]
yr, mon, day, hr, mins, sec = (
int(yr) + 2000,
int(mon),
int(day),
int(hr),
int(mins),
int(sec),
)
in_bcd = dt(yr, mon, day, hr, mins, sec, tzinfo=timezone.utc).strftime(
__fmt__
)
indiv_output, combined_output = format_output(ts_type, in_bcd, tz_out)
except ValueError:
in_bcd = indiv_output = combined_output = ""
except Exception:
handle(sys.exc_info())
in_bcd = indiv_output = combined_output = ""
return in_bcd, indiv_output, combined_output, reason, tz_out
def to_bcd(dt_obj):
"""Convert a date/time to a Binary Coded Decimal"""
ts_type, _, _, _ = ts_types["bcd"]
try:
yr, mon, day, hr, mins, sec = dt_obj.strftime("%Y-%m-%d-%H-%M-%S").split("-")
yr = str(int(yr) - 2000)
out_bcd = f"{yr}{mon}{day}{hr}{mins}{sec}"
ts_output, _ = format_output(ts_type, out_bcd)
except Exception:
handle(sys.exc_info())
out_bcd = ts_output = ""
return out_bcd, ts_output
def from_dvr(timestamp):
"""Convert a DVR (WFS / DHFS) file system timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["dvr"]
try:
if not len(timestamp) == 8 or not all(char in hexdigits for char in timestamp):
in_dvr = indiv_output = combined_output = ""
else:
int_ts = int(timestamp, 16)
binary = f"{int_ts:032b}"
stamp = [
binary[:6],
binary[6:10],
binary[10:15],
binary[15:20],
binary[20:26],
binary[26:32],
]
for binary in stamp[:]:
dec = int(binary, 2)
stamp.remove(binary)
stamp.append(dec)
dvr_yr = stamp[0] + 2000
dvr_mon = stamp[1]
dvr_day = stamp[2]
dvr_hr = stamp[3]
dvr_min = stamp[4]
dvr_sec = stamp[5]
try:
out_of_range = any(
not low <= value < high
for value, (low, high) in zip(
(
dvr_yr,
dvr_mon,
dvr_day,
dvr_hr,
dvr_min,
dvr_sec,
),
(
(2000, 3000),
(1, 13),
(0, monthrange(dvr_yr, dvr_mon)[1] + 1),
(0, 24),
(0, 60),
(0, 60),
),
)
)
if out_of_range:
in_dvr = indiv_output = combined_output = ""
return in_dvr, indiv_output, combined_output, reason, tz_out
except (IllegalMonthError, ValueError):
in_dvr = indiv_output = combined_output = ""
return in_dvr, indiv_output, combined_output, reason, tz_out
dt_obj = dt(dvr_yr, dvr_mon, dvr_day, dvr_hr, dvr_min, dvr_sec)
in_dvr = dt_obj.strftime(__fmt__)
indiv_output, combined_output = format_output(ts_type, in_dvr, tz_out)
except Exception:
handle(sys.exc_info())
in_dvr = indiv_output = combined_output = ""
return in_dvr, indiv_output, combined_output, reason, tz_out
def to_dvr(dt_obj):
"""Convert a date to a DVR (WFS / DHFS) file system timestamp"""
ts_type, _, _, _ = ts_types["dvr"]
try:
year = f"{(dt_obj.year - 2000):06b}"
month = f"{dt_obj.month:04b}"
day = f"{dt_obj.day:05b}"
hour = f"{dt_obj.hour:05b}"
minute = f"{dt_obj.minute:06b}"
sec = f"{dt_obj.second:06b}"
out_dvr = str(
struct.pack(">I", int(year + month + day + hour + minute + sec, 2)).hex()
)
ts_output, _ = format_output(ts_type, out_dvr)
except Exception:
handle(sys.exc_info())
out_dvr = ts_output = ""
return out_dvr, ts_output
def date_range(start, end, check_date):
"""Check if date is in range of start and end, return True if it is"""
if start <= end:
return start <= check_date <= end
return start <= check_date or check_date <= end
def from_all(timestamps, tz_name=None):
"""Output all processed timestamp values and find date from provided timestamp"""
this_yr = int(dt.now(timezone.utc).strftime("%Y"))
full_list = {}
for _, funcs in single_funcs.items():
func = funcs[0]
func_name = func.__name__.replace("from_", "")
(result, _, combined_output, _, tz_out) = func(timestamps)
if result and combined_output:
if isinstance(result, str):
if tz_name is not None:
new_ts, new_tz, _ = convert_timezone(tz_name, result)
combined_output = combined_output.replace(result, new_ts)
combined_output = combined_output.replace(tz_out, new_tz)
tz_out = new_tz
result = new_ts
try:
ts = result.split(" ")[0]
result_yr = int(dt.fromisoformat(ts).strftime("%Y"))
except ValueError:
split_ts = result.split(" ")
ts = f"{split_ts[0]} {split_ts[1]}"
result_yr = int(dt.strptime(ts, __fmt__).strftime("%Y"))
if result_yr not in range(this_yr - 5, this_yr + 5):
combined_output = combined_output.strip(__red__).strip(__clr__)
full_list[func_name] = [result, combined_output, tz_out]
return full_list
def to_timestamps(dt_obj, tz_name=None):
"""Convert provided date to all timestamps"""
results = {}
ts_outputs = []
if isinstance(dt_obj, str):
try:
dt_obj = dt.fromisoformat(dt_obj)
except ValueError:
dt_obj = dt.strptime(dt_obj, __fmt__)
except Exception as exc:
print(
f"[!] Check that your input timestamp follows the format: 'YYYY-MM-DD HH:MM:SS'\n"
f"[!] with '.ffffff' for milliseconds and '+/-HH:MM' for timezones\n"
f"[!] or use --date-formats to pick a format and use the --date-format NAME:\n{exc}"
)
sys.exit(1)
if dt_obj.tzinfo is None and tz_name is None:
dt_obj = dt_obj.replace(tzinfo=timezone.utc)
elif tz_name is not None:
tz = tzone(tz_name)
dt_obj = dt_obj.replace(tzinfo=tz)
for _, funcs in single_funcs.items():
func = funcs[1]
if not func:
continue
result, ts_output = func(dt_obj)
func_name = (func.__name__).replace("to_", "")
if result and isinstance(result, str):
results[func_name] = result
ts_outputs.append(ts_output)
return results, ts_outputs
def gui():
"""Execute the application"""
try:
from ctypes import windll
app_id = f"digitalsleuth.time-decode.gui.v{__version__.replace('.','-')}"
windll.shell32.SetCurrentProcessExplicitAppUserModelID(app_id)
except ImportError:
pass
td_app = QApplication([__appname__, "windows:darkmode=2"])
td_app.setApplicationDisplayName(__appname__)
td_app.setApplicationName(__appname__)
icon = QPixmap()
icon.loadFromData(base64.b64decode(TimeDecodeGui.__fingerprint__))
td_app.setWindowIcon(QIcon(icon))
td_app.setStyle("Fusion")
td_form = TimeDecodeGui()
td_form.show()
td_app.exec()
def handle(error):
"""Error handling output and formatting to include function causing error"""
exc_type, exc_obj, _ = error
error_tb = traceback.extract_stack()[:-3] + traceback.extract_tb(
exc_obj.__traceback__
)
_, line_no, function_name, _ = error_tb[-1]
print(f"{str(exc_type.__name__)}: {str(exc_obj)} - {function_name} line {line_no}")
def formats(display="ALL"):
"""Displays a PrettyTable output of examples of all timestamps and their formats"""
structures = {}
for arg, data_list in ts_types.items():
structures[data_list[0]] = (data_list[1], data_list[2], arg)
structures = sorted(structures.items(), key=lambda item: item[0].casefold())
table = PrettyTable()
table.set_style(TableStyle.SINGLE_BORDER)
table.align = "l"
table.field_names = ["Type", "Format", "Example", "Argument"]
for structure in structures:
ts_type, details = structure
argument = f"--{details[2]}"
if display == "ALL":
table.add_row([ts_type, details[0], details[1], argument])
elif details[2] == display:
table.add_row([ts_type, details[0], details[1], argument])
print(table)
print("* BE = Big-Endian / LE = Little-Endian")
def format_output(ts_type, ts, tz=None):
"""Format the output of the timestamp functions"""
tabs = ""
if len(ts_type) < 15:
tabs = "\t\t\t"
elif len(ts_type) in range(15, 23):
tabs = "\t\t"
elif len(ts_type) in range(23, 32):
tabs = "\t"
if tz:
indiv_output = f"{ts_type}: {ts}{tz}"
combined_output = f"{__red__}{ts_type}:{tabs}{ts}{tz}{__clr__}"
else:
indiv_output = f"{ts_type}:{tabs}{ts}"
combined_output = None
return indiv_output, combined_output
def tzdata_timezones():
"""Get the tzdata timezones and put them in a list for the timezone drop-down"""
zoneinfo_dir = os.path.join(tzdata.__path__[0], "zoneinfo")
timezones = set()
for root, _, files in os.walk(zoneinfo_dir):
for name in files:
rel_path = os.path.relpath(os.path.join(root, name), zoneinfo_dir)
if rel_path.startswith(("posix", "right")):
continue
timezones.add(rel_path)
return sorted(timezones)
def common_timezone_offsets(dt_obj):
"""Generates a list of all tzdata timezones for conversion, sorted by UTC offset"""
timezone_offsets = [("UTC - Default", "")]
duplicates = [
"Factory",
"Zulu",
"Etc\\Zulu",
"Etc\\UTC",
"GMT-0",
"GMT+0",
"Etc\\Universal",
"GMT0",
"UCT",
"Etc\\Greenwich",
"Etc\\GMT",
"Etc\\GMT+0",
"Etc\\GMT-0",
"Etc\\GMT0",
"Etc\\UCT",
"Universal",
]
for tz_name in tzdata_timezones():
if tz_name in duplicates:
continue
try:
set_timezone = tzone(tz_name)
dt_val = dt_obj.astimezone(set_timezone)
offset_tz = dt_val.utcoffset()
if offset_tz is None:
continue
offset_seconds = offset_tz.total_seconds()
hours, remainder = divmod(abs(offset_seconds), 3600)
minutes = remainder // 60
sign = "+" if offset_seconds >= 0 else "-"
int_offset = f"{sign}{int(hours):02}:{int(minutes):02}"
formatted_offset = f"UTC{int_offset}"
timezone_offsets.append((formatted_offset, tz_name))
except Exception:
continue
timezone_offsets.sort(key=lambda x: x[0])
return timezone_offsets
def generate_csv(src_file, ts_choice, column_num=None, tz_name=None):
"""Loads a CSV file, reads a column and decodes the timestamps from the selected format"""
ts_func = single_funcs[ts_choice][0]
src_file = os.path.normpath(os.path.abspath(src_file))
dst_file = f"{os.path.splitext(src_file)[0]}_out.csv"
status = False
reason = None
csv_output = []
if isinstance(column_num, str) and not column_num.isdigit():
if len(column_num) == 1:
column_num = int(ascii_lowercase.index(column_num.lower()))
else:
return status, dst_file, reason
elif isinstance(column_num, str) and column_num.isdigit():
column_num = int(column_num)
if column_num > 0:
column_num -= 1
elif column_num < 0:
column_num = 0
elif isinstance(column_num, int):
if column_num > 0:
column_num -= 1
elif column_num < 0:
column_num = 0
elif column_num is None:
column_num = 0
try:
with open(src_file, "r", newline="", encoding="utf-8") as src, open(
dst_file, "w", newline="", encoding="utf-8"
) as dst:
sample = src.read(2048)
try:
dialect = csv.Sniffer().sniff(sample)
except csv.Error:
dialect = csv.get_dialect("excel")
try:
has_header = csv.Sniffer().has_header(sample)
except csv.Error:
has_header = False
header_check = sample.count(",")
content = sample.split("\n")
if header_check == 0:
line_one = content[0]
line_two = content[1]
if len(line_one) != len(line_two):
has_header = True
elif len(content[0].split(",")[0]) != len(content[1].split(",")[1]):
has_header = True
src.seek(0)
reader = csv.reader(src, dialect)
columns = len(next(reader, None))
src.seek(0)
if has_header:
header = next(reader)
if column_num > columns:
reason = "The selected column number is higher than the amount of actual columns."
return status, dst_file, reason
for row in reader:
ts = row[column_num]
results = ts_func(ts)
result = results[0]
reason = results[3]
if result == "":
return status, dst_file, reason
if tz_name is not None:
new_result, new_tz, _ = convert_timezone(tz_name, result)
if new_tz.startswith("+") or new_tz.startswith("-"):
result = f"{new_result}{new_tz}"
else:
result = f"{new_result} {new_tz}"
row.append(result)
csv_output.append(row)
writer = csv.writer(dst, quotechar='"', quoting=csv.QUOTE_MINIMAL)
if has_header:
header.append(f"{ts_choice}_ts")
writer.writerow(header)
for row in csv_output:
writer.writerow(row)
status = True
except (FileNotFoundError, PermissionError):
handle(sys.exc_info())
status = False
return status, dst_file, reason
def convert_timezone(tz_name, dt_val):
"""Separate function to take a string date/time and convert it to the identified time zone"""
tz = tzone(tz_name)
try:
dt_obj = dt.fromisoformat(dt_val).replace(tzinfo=timezone.utc)
except ValueError:
dt_obj = dt.strptime(dt_val, __fmt__).replace(tzinfo=timezone.utc)
tz_change = dt_obj.astimezone(tz)
tz_offset = tz_change.strftime("%z")
tz_offset = f"{tz_offset[:3]}:{tz_offset[3:]}"
tz_selected = tz_change.strftime(__fmt__)
if check_daylight(dt_obj, tz):
tz_out = f"{tz_offset} DST"
else:
tz_out = tz_offset
return tz_selected, tz_out, tz_change
def check_daylight(dtval, tz):
"""Checks to see if the provided timestamp, in the provided timezone, is observing DST"""
if dtval.tzinfo is None:
dtval = dtval.replace(tzinfo=tz)
else:
dtval = dtval.astimezone(tz)
return dtval.dst() != timedelta(0, 0)
def list_timezones():
"""Displays all available time zone conversion options in a PrettyTable"""
tzs = common_timezone_offsets(dt.now(timezone.utc))
tzs = tzs[1:]
tzs.sort(key=lambda x: x[1])
table = PrettyTable()
table.set_style(TableStyle.SINGLE_BORDER)
table.align = "l"
table.field_names = ["Time Zone Name", "Current Offset"]
for tz in tzs:
table.add_row([tz[1], tz[0]])
print(table)
print(f"* Based on the current date/time of {dt.now(timezone.utc)}")
def list_date_formats():
"""Displays available date/time format strings"""
table = PrettyTable()
table.set_style(TableStyle.SINGLE_BORDER)
table.align = "l"
table.field_names = ["Name", "Format"]
for k, v in date_formats.items():
table.add_row([k, v.replace("%", "")])
print(table)
single_funcs = {
"active": [from_active, to_active],
"apache": [from_apache, to_apache],
"biome64": [from_biome64, to_biome64],
"biomehex": [from_biomehex, to_biomehex],
"bplist": [from_bplist, to_bplist],
"iostime": [from_iostime, to_iostime],
"mac": [from_mac, to_mac],
"bcd": [from_bcd, to_bcd],
"bitdate": [from_bitdate, to_bitdate],
"bitdec": [from_bitdec, to_bitdec],
"dhcp6": [from_dhcp6, to_dhcp6],
"discord": [from_discord, to_discord],
"dvr": [from_dvr, to_dvr],
"exfat": [from_exfat, to_exfat],
"fat": [from_fat, to_fat],
"gbound": [from_gbound, to_gbound],
"gmsgid": [from_gmsgid, to_gmsgid],
"chrome": [from_chrome, to_chrome],
"eitime": [from_eitime, to_eitime],
"gclid": [from_gclid, None],
"ved": [from_ved, None],
"gps": [from_gps, to_gps],
"gsm": [from_gsm, to_gsm],
"hfsbe": [from_hfsbe, to_hfsbe],
"hfsle": [from_hfsle, to_hfsle],
"hfsdec": [from_hfsdec, to_hfsdec],
"juliandec": [from_juliandec, to_juliandec],
"julianhex": [from_julianhex, to_julianhex],
"ksalnum": [from_ksalnum, to_ksalnum],
"ksdec": [from_ksdec, to_ksdec],
"leb128hex": [from_leb128hex, to_leb128hex],
"linkedin": [from_linkedin, to_linkedin],
"mastodon": [from_mastodon, to_mastodon],
"metasploit": [from_metasploit, None],
"dotnet": [from_dotnet, to_dotnet],
"systemtime": [from_systemtime, to_systemtime],
"dttm": [from_dttm, to_dttm],
"ms1904": [from_ms1904, to_ms1904],
"hotmail": [from_hotmail, to_hotmail],
"msdos": [from_msdos, to_msdos],
"moto": [from_moto, to_moto],
"prtime": [from_prtime, to_prtime],
"ns40": [from_ns40, to_ns40],
"ns40le": [from_ns40le, to_ns40le],
"nokia": [from_nokia, to_nokia],
"nokiale": [from_nokiale, to_nokiale],
"s32": [from_s32, to_s32],
"semioctet": [from_semioctet, to_semioctet],
"sony": [from_sony, to_sony],
"symantec": [from_symantec, to_symantec],
"tiktok": [from_tiktok, to_tiktok],
"twitter": [from_twitter, to_twitter],
"ulid": [from_ulid, to_ulid],
"unixhex32be": [from_unixhex32be, to_unixhex32be],
"unixhex32le": [from_unixhex32le, to_unixhex32le],
"unixmilli": [from_unixmilli, to_unixmilli],
"unixmillihex": [from_unixmillihex, to_unixmillihex],
"unixsec": [from_unixsec, to_unixsec],
"uuid": [from_uuid, to_uuid],
"vm": [from_vm, to_vm],
"cookie": [from_cookie, to_cookie],
"filetimelohi": [from_filetimelohi, to_filetimelohi],
"filetimebe": [from_filetimebe, to_filetimebe],
"filetimele": [from_filetimele, to_filetimele],
"olebe": [from_olebe, to_olebe],
"olele": [from_olele, to_olele],
"oleauto": [from_oleauto, to_oleauto],
}
__types__ = len(single_funcs)
def main():
"""Parse all passed arguments"""
global __fmt__
now = dt.now(timezone.utc).strftime(__fmt__)
arg_parse = argparse.ArgumentParser(
description=f"Time Decoder and Converter v"
f"{str(__version__)} - supporting "
f"{str(__types__)} timestamps!\n\n"
f"Some timestamps are only part of the entire value, and as such, full\n"
f"timestamps may not be generated based on only the date/time portion.",
formatter_class=argparse.RawTextHelpFormatter,
usage=argparse.SUPPRESS,
)
arg_parse.add_argument(
"--csv",
metavar="SRC_FILE TS_FORMAT ",
help=(
"Process a csv/txt file with timestamps and convert them to the selected timestamp\n"
"Requires a timestamp format be provided without --. ie. 'unixsec' vice '--unixsec'.\n"
"You can also provide a column number if your input file contains multiple columns."
),
nargs="*",
)
arg_parse.add_argument(
"--date-format",
metavar="FORMAT_NAME",
help=(
"Changes the output format of a date/time value.\n"
"Use the NAME for the format provided.\n"
"Use --date-formats to see all available options."
),
type=str,
default="Default",
)
arg_parse.add_argument(
"--date-formats",
action="store_true",
help="Displays available date formats for the output of a date/time value",
)
arg_parse.add_argument(
"--formats",
metavar="ARGUMENT",
help=(
"Display timestamp format and example by providing an available argument (without --)."
"\nIf no argument is selected, all will be displayed."
),
nargs="?",
const="ALL",
)
arg_parse.add_argument(
"--guess",
metavar="TIMESTAMP",
help="Guess the timestamp format and output possibilities",
)
arg_parse.add_argument(
"--gui",
"-g",
action="store_true",
help="Launch the gui",
)
arg_parse.add_argument(
"--minimal",
"-m",
action="store_true",
help="Output only the timestamp, not the description",
)
arg_parse.add_argument(
"--to",
action="store_true",
help="Convert a date/time to a selected timestamp format",
)
arg_parse.add_argument(
"--timestamp",
metavar="DATE",
help=(
"Convert date to every timestamp\n"
'Enter date as "YYYY-MM-DD HH:MM:SS.f" in 24h fmt\n'
"Without a provided DATE, it will convert the current UTC date/time\n"
),
nargs="?",
const=now,
)
arg_parse.add_argument(
"--timezones",
help="Prints a list of timezones to use for conversion",
action="store_true",
)
arg_parse.add_argument(
"--tz",
metavar="TIMEZONE_NAME",
help=(
"Provide the name of a timezone for conversion within quotes.\n"
"Use --timezones to see a list."
),
type=str,
default=None,
)
for argument, data in ts_types.items():
arg_parse.add_argument(f"--{argument}", metavar="", help=f"{data.ts_type}")
arg_parse.add_argument(
"--version", "-v", action="version", version=arg_parse.description
)
if len(sys.argv[1:]) == 0:
arg_parse.print_help()
arg_parse.exit()
if len(sys.argv[1:]) > 0 and ("--timezones" in sys.argv):
list_timezones()
sys.exit(0)
args = arg_parse.parse_args()
if args.date_format in date_formats:
__fmt__ = date_formats[args.date_format]
else:
arg_parse.error(
(
f"[!] The format {args.date_format} is not one of the available options.\n"
"Please use the --date-formats argument to find a valid NAME."
)
)
all_args = vars(args)
if args.formats:
formats(args.formats)
sys.exit(0)
if args.date_formats:
list_date_formats()
sys.exit(0)
if args.guess:
full_list = from_all(args.guess, args.tz)
if len(full_list) == 0:
print("[!] No valid dates found. Check your input and try again")
else:
print(
f"[+] Guessing timestamp format for {args.guess}\n"
f"[+] Outputs which do NOT result in a date/time value are NOT displayed\r"
)
if len(full_list) == 1:
dt_text = "date"
else:
dt_text = "dates"
print(
f"[+] Displaying {len(full_list)} potential {dt_text}\n"
f"{__red__}[+] Most likely results (+/- 5 years) are highlighted\n{__clr__}"
)
for _, output in enumerate(full_list):
print(f"{full_list[output][1]}")
print("\r")
return
if args.timestamp:
_, ts_outputs = to_timestamps(args.timestamp, args.tz)
print(f"\n[+] Converting {args.timestamp} to {len(ts_outputs)} timestamps:\n")
for ts_val in ts_outputs:
print(ts_val)
print("\r")
return
if args.gui:
gui()
return
if args.csv:
if len(args.csv) == 2:
src_file = os.path.normpath(os.path.abspath(args.csv[0]))
ts_type = args.csv[1]
src_exists = os.path.exists(src_file) and os.path.isfile(src_file)
if ts_type in single_funcs and src_exists:
result, dst, reason = generate_csv(src_file, ts_type, tz_name=args.tz)
dst = os.path.normpath(dst)
if result:
print(f"[+] CSV file was saved as {dst}.")
else:
print(f"[!] Unable to complete CSV export to {dst} - {reason}.")
else:
arg_parse.error(
"[!] Provided argument is not in the list of conversion options"
)
elif len(args.csv) == 3:
src_file = os.path.normpath(os.path.abspath(args.csv[0]))
ts_type = args.csv[1]
column = args.csv[2]
src_exists = os.path.exists(src_file) and os.path.isfile(src_file)
if ts_type in single_funcs and src_exists:
result, dst, reason = generate_csv(
src_file, ts_type, column, tz_name=args.tz
)
dst = os.path.normpath(dst)
if result:
print(f"[+] CSV file was saved as {dst}.")
else:
print(f"[!] Unable to complete CSV export to {dst} - {reason}.")
else:
arg_parse.error(
"[!] Provided argument is not in the list of conversion options"
)
else:
arg_parse.error(
(
"[!] --csv requires the file name to process "
f"and the timestamp type without the '--' {args.csv}"
)
)
return
for arg_passed, funcs in single_funcs.items():
requested = all_args[arg_passed]
if requested and not args.to:
date_time, indiv_output, _, reason, _ = funcs[0](requested)
if indiv_output is False:
print(f"[!] {reason}")
else:
if args.minimal:
print(date_time)
else:
print(indiv_output)
elif requested and args.to:
try:
dt_obj = dt.fromisoformat(requested)
except ValueError:
dt_obj = dt.strptime(requested, __fmt__)
except Exception:
arg_parse.error(
"[!] Format should be 'YYYY-MM-DD HH:MM:SS.fff' in 24h fmt."
"Milliseconds (.fff) are optional.\n"
"[!] Otherwise, use --date-formats to find an accepted format and use:\n"
"[!] --date-format NAME where NAME is the format NAME, not the format STRING."
)
return
if not dt_obj.tzinfo:
if not args.tz:
dt_obj = dt_obj.replace(tzinfo=timezone.utc)
else:
tz = tzone(args.tz)
dt_obj = dt_obj.replace(tzinfo=tz)
out_func = funcs[1]
timestamp = ""
formatted_output = ""
if out_func is not None:
timestamp, formatted_output = out_func(dt_obj)
else:
arg_parse.error(f"[!] {arg_passed} does not support a 'to' conversion.")
if timestamp == "":
print(f"[!] Unable to convert {requested} to {arg_passed}.")
else:
if args.minimal:
print(timestamp)
else:
print(formatted_output)
if __name__ == "__main__":
main()