#!/usr/bin/env python3
"""
This application is designed to decode timestamps into human-readable date/times and vice-versa
Additional information regarding the source of the timestamp formats and associated equations
is provided in the REFERENCES.md file at https://github.com/digitalsleuth/time_decode.
"""
from datetime import datetime as dt, timedelta
import struct
from string import hexdigits
import argparse
import inspect
import math
import re
import sys
import base64
import uuid
import traceback
from calendar import monthrange
import juliandate as jd
from dateutil import parser as duparser
from colorama import init
from pytz import common_timezones, timezone as tzone
import pytz
# Included for GUI
from PyQt6.QtCore import (
QRect,
Qt,
QMetaObject,
QCoreApplication,
QDate,
QSize,
)
from PyQt6.QtGui import (
QAction,
QPixmap,
QIcon,
QFont,
QGuiApplication,
QKeySequence,
QColor,
)
from PyQt6.QtWidgets import (
QWidget,
QVBoxLayout,
QHBoxLayout,
QGridLayout,
QLabel,
QLineEdit,
QDateTimeEdit,
QComboBox,
QPushButton,
QRadioButton,
QApplication,
QMenu,
QMessageBox,
QTableWidget,
QTableWidgetItem,
QSizePolicy,
QMainWindow,
QStyle,
)
init(autoreset=True)
__author__ = "Corey Forman (digitalsleuth)"
__date__ = "15 Jul 2024"
__version__ = "8.0.0"
__description__ = "Python 3 CLI Date Time Conversion Tool"
__fmt__ = "%Y-%m-%d %H:%M:%S.%f"
__red__ = "\033[1;31m"
__clr__ = "\033[1;m"
__source__ = "https://github.com/digitalsleuth/time_decode"
__appname__ = f"Time Decode v{__version__}"
__fingerprint__ = """
AAABAAIAMDAAAAEAIACoJQAAJgAAABAQAAABACAAaAQAAM4lAAAoAAAAMAAAAGAAAAABACAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAC9hGcXr4JvPgAAAAAAAAAAwoJYDrZ+V2qwgWEDAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAC/hGd/uIRsVgAAAAC9gmJPqH1n/Zp8bn+hh4UBwYBUH7N6UPCnelWY
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWKcAy+h29Juot5BQAAAAC/hGV7s4Bm+6t/aaGpgW4KpX1o
VpZ4ZfaReGaGAAAAALB7UUCjdk74nHdRcwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMOGajm7g2n3sIFt4KmB
cV+uiXwBs4FmO6l8YuSie2LKn3xnFpV5ZTmRd2NOAAAAAAAAAAChd01il3NG+5V0SD8AAAAAQTq1
DjQ0us81N8opAAAAADY1unoyNcxVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMKLdBXA
kHsJAAAAAAAAAAC7h24VsIFriKZ9avegfGq+n35sG6qAZBqgeV3Qmnha1Zx7XhUAAAAAAAAAALZ8
Qx0AAAAAl3NAnZBxOeKTdT0QSkG6ATQ0vL4wNM3DPUHcATY1u34vM8/qMjjcDwAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAypJ5BL6EafSzgm38qoFx0aN/coKigXUdAAAAAKV+bCademTKmHhh5pl6YjGe
eV4SmHZV0ZV1UsmdflgJv3w+GrB0Nv2ldTpNmHU/DY9vLt+NbyqYAAAAADc3xCYvM835MDXYWTw6
xQovM9DkLTPcgwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+Gax20gm1HqoBug6F9bNybemr4
mHpphJx/bwadfGwIl3dcqpN1V+6VeFktmHdZG5JzSuWSc0aeAAAAAK11MY2ecSzrnHUxF5BwKEyL
bBv8j3AiGAAAAAAwNNCRLTPY2zQ74AMwNNRsLDLd7zE44w1VRroBOTfCRD0/1QEAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAKaDdQObe2hglXdh7ZN3XsOWemERm3xjA5J0U66Pc03glnhNE5JzST2OcDn8
kXM2Uat4MweccCPVlW8fpAAAAACObx43l3cxAQAAAAA0N9QaLTLY+C4031Q1OdkLLDLc7y004WZH
PLIRNTS//TM200MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAu4RqUquBcJ+ffnTJmH112pJ6csyRenBOAAAAAAAAAAAAAAAAlnllIJF0V9iPdFTIlHlc
CpR3WwuOcUTUj3E/qgAAAACNbzSNjW4n45d2KQuZcCFCkWwR/pJwEjMAAAAAqW8INpxvDxIAAAAA
LjPapi0z3rkAAAAALjTdli0z4KwAAAAANjXDxDE01JIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuoJlyauAbbCffnF/lntwbJJ6b3ySem40AAAAALJ8
URmjelghAAAAAJN3WhuOckzkj3NIoAAAAACOcUU1kHEw/Jh3MEWLb0IOi2wd6Y5uGHgAAAAAj2sN
vI5sCKwAAAAAqG0DxZVrBY0AAAAAMDXbSSwz3fsxOOEUMzngCTE34RIAAAAANjXHfDEz1dYAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAALJ5SHqadU7ysYxRQwAAAACzjEU90qE8/OCrNUsAAAAA4KgmoOCn
H8QAAAAAzZkRds6ZC+feowcGl3EPS5FuA/uVcQkYo2wDc5JpAuOofR4BNzzdBy0z3fQuNN9XAAAA
AAAAAAAAAAAAODfKPjEz1P41Od0TQziwFj05wRcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAo39rHJ19ZjqYe2Q9lXpmIZ+EeAEAAAAAAAAAAKl6XALZp0yU4q5F9eKtPzgA
AAAA4aowl+CpKdngpx8E36caLN+mE/7epQ0u3qMIEt2jBvfdogRR3KECA9ufAOnUmgBoom8MJZNp
AP+QawgvAAAAAC4z3b4uM96QAAAAAD45wxQ2ONQZPjzODTIz0/0zNdpCQTewPjg2xrUAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAv4FbJbR+XZSoe1/in3lf/5h3Xv+Sdlv/kXZY/7WQWOHir1J9
469MDQAAAADjrUMB4aw7oeGrMufgqSsb4KgkFt+nHfTfphdhAAAAAN6kCc7eoweCAAAAAN2hArDc
oAGiAAAAANyfAKPcngCrAAAAANWYAOPDjAFpAAAAAC80248vM928AAAAADs2uY8yNNSxAAAAADM0
0+IyNdloRTu3FDc0yP82N9YxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvn9WgrR8WMape1xwoXti
Mpx8bA+VeWkMwppaLeOwUnjir0rl4q1E4uGsOz0AAAAA4KovB+CpJ8rgpx/C36YXBN+lEm3epQ5g
AAAAAN2iBYndogPBAAAAANygAF3cnwCxAAAAANydAG3bnADdAAAAANqaALPamgCWAAAAADY63W0w
NNzbAAAAADw2u3YzNNTSAAAAADQ008UzNdeEAAAAADk1x/I1NdRVAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADirUIM4aw5nOGqMfngqSlXAAAA
AN+nHCHfphTv3qUNhgAAAAAAAAAAAAAAANyhAVzcoADqAAAAAAAAAAAAAAAAAAAAANucAEnbmwD7
2poAA9qZAJHamQC1AAAAAExP4lhHSeDtAAAAADw2vWI0NNPlAAAAADU10rIzNdaWAAAAADk1x9o1
NdJsAAAAAAAAAAAAAAAAAAAAAAAAAACyhGgBoHpZQ5l5WJPKn1jG47FT2eOvTsvirkeZ4q1AQgAA
AAAAAAAAAAAAAOCoJnnfpx7736YWUQAAAADepApR3qMH/d2iBVMAAAAAAAAAANyfAEncnwD8AAAA
AAAAAAAAAAAAAAAAANqaADnamgD/2pkADdqZAH7amADHAAAAAE1P4FBOT+D1AAAAAD84vVk1NdLt
AAAAADY10Kk1NdSeAAAAADo1x8s2NdF7AAAAAAAAAAAAAAAAAAAAAMaHUQmxeUzTqX5R+8+hVbnj
sVN7469OY+KuR3TirT+x4as2+uGqLsPgqCYqAAAAAAAAAADfpROB3qQM9t6jBzkAAAAA3aIEgN2h
AffcoABRAAAAANyeAG/cnQDsAAAAANqbABfamwC32poACNqZADvamQD/2pkAC9qYAHnalwDMAAAA
AE9P31JQT9/zAAAAAE5M2Fw9PNXpAAAAADc1z6s1NdKcAAAAADo1xcI3Nc+DAAAAAAAAAAAAAAAA
AAAAAMWFUAKzekpoxpZRHAAAAAAAAAAAAAAAAAAAAAAAAAAA4aotIeCoJLPfpxz236YTXAAAAADe
pAkB3qMGoN2iBOncoQIhAAAAANygAIPcnwD93J0A2NudAPzbnAB1AAAAANqaAE7amgD42pkABdqY
AFDamAD22pgAAdmXAILZlgDDAAAAAFBQ3h1RUN5yAAAAAFNP2mxTT9rZAAAAADg1zLc2NdCQAAAA
ADw1w8I5Nc2DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4q1EJ+KtQGvhrDmN4asxi+CpKmPgqCIY
AAAAAOCnGgHepRJ13qQL/N6jB3kAAAAA3aEDBt2hAcDcoADW3J8AFAAAAADcnQA03J0ActucAD8A
AAAAAAAAANqZAJ7amQC8AAAAANqYAHrZlwDRAAAAANiWAJrYlQCtAAAAAAAAAAAAAAAAAAAAAFRQ
2YlVUNi+AAAAADo2y844Nc97AAAAAD42wsk6Nct8AAAAAAAAAAAAAAAAAAAAAOOuRz3irUTC4q0/
/+GsOObhqjG/4KkqwuCoIe/fpxr636URm96kChUAAAAA3qMGV92iBPndoQMmAAAAANyfABHcngDS
3J0A0NycABoAAAAAAAAAAAAAAAAAAAAA2pkAQNqYAPvamABLAAAAANmXAMjZlgCQAAAAANiVAMHY
lQCKAAAAAFRQ2R1UUNkRAAAAAFZQ17JWUNaYAAAAAE1G0O06Ns1bAAAAAEA2v9c7NsluAAAAAAAA
AAAAAAAAAAAAAOKtQcDirD2p4aw4NuCrMwEAAAAAAAAAAN+mGATepRFT3qQK2N6jBujdogRDAAAA
ANyhAg0AAAAAAAAAAAAAAADcnQAV25wAyNubAOramgBv2pkALNqZADbamACH2pgA99qYAJEAAAAA
2JYAQ9iWAP7YlQAt2JUACtiUAPXYlABTAAAAAFVQ2MdVUNh8AAAAAFhQ1eVYUNVmWlHTGVtR0v9T
StAxAAAAAEE2u+09N8daAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA3qIGCN2iBJbdoQH73KAAZQAAAAAAAAAA3J0AlducAJnamwAF2psAB9qaAH3amQDp2pkA
/9qYAP/amADW2pcAYAAAAADYlgAX2JUA39iVAJ0AAAAA2JQAXNiUAPTYlAANVlDXFVZQ1/xXUNZD
WVDUJllR0/9aUdMrXFLSCVxS0X1dUtAEVT6pC0I2uP4/OMU+AAAAAEE4wpUAAAAAAAAAAEJM6wtC
TOteQkzrEwAAAABDTOrPREzp3URM6ZdFTegrAAAAAAAAAADcnwBr3J4A/NydAHoAAAAA25wAOtub
AOvamgDD2pkAIgAAAADamAAC2pgAHNqYABQAAAAAAAAAANiVACrYlQDX2JUAzdiVAAzYlAAE2JQA
1diUAJUAAAAAV1DVclhQ1edYUNUEW1HScVtR0uJcUtIBAAAAAAAAAAAAAAAAUjuhLkM2tv9DO8Qc
ST7CDkA2v/tKQcgGQkzrC0NM6+VDTOrtQ0zqMAAAAABETOk1REzpb0VN6MVGTej8Rk3nkkdN5woA
AAAA3J0AVtucAPnbmwCM2poAAdqaACDamQDD2pkA9tqYAJTalwA+2ZcAFdiWABfYlQBD2JUAmdiV
APjYlQC32JUAEQAAAADYlAB/2JMA8NiTABlZUNMIWVDU4lpR04AAAAAAXVLQyV1S0JAAAAAAAAAA
AAAAAAAAAAAAVT+oWUU3tPBORMgBRjq7MkE2vP9JPcESQkzrAUNM6lBDTOkMAAAAAAAAAAAAAAAA
AAAAAAAAAABHTedMR03m5UhN5tFJTeUhAAAAANqbAEjamgD02pkApNqYAAjamAAC2pgAWtmXAMjZ
lwD+2ZYA/9iVAP/YlQD82JUAw9iVAFXYlQABAAAAANiTAFrYkwD82JMAWAAAAABaUdKAW1HS61tR
0hBeUs8xXlLO/l9SzjBiU8sTYlPKUwAAAAAAAAAAY1HEjUo6sr8AAAAARzi3XUM2uu1WTMwBAAAA
AAAAAAAAAAAARU3oF0ZN5yZHTecPAAAAAAAAAAAAAAAASU3lFklO5MBNUOPpWlfgOAAAAADblQI2
3I0B59mKAczRhQsnAAAAAAAAAADYlgAR2JUAMdiVAC/YlQAOAAAAAAAAAAAAAAAA2JMAAtiTAO/Y
kwB1AAAAAFxR0TxcUdH6XVLRXAAAAABgUs2nYFLMwAAAAABjU8l7Y1PJ2AAAAAAAAAAAZ1PEyV1K
vYYAAAAASDiyjUU3uL8AAAAAAAAAAEVN6HRFTejiRk3n/0dN5/9HTeb+SE3mz0lN5WxKSOQJAAAA
AF5a2wZhWt+iYFnf9mNa2lMAAAAA14cIG9iGAr7WhQD30YMEisuBDR0AAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAANiTAAgAAAAAXVLQK11S0OpeUs+cAAAAAGFTzDNhU8v9YlPLQ2VTxgFl
U8fZZVPGgQAAAABpU8ITaVPC/GpTwUMAAAAASjiuxUc4tYkAAAAAAAAAAEZN6HFGTedtR03nLkdN
5x1ITeY6SkzkhkxE5uxEQergQEHrSQAAAABoXtQBY1rcgWJY3fxlWdl9bV7JAsiCGgLTgwVg04IB
3dKBAP3PgALQzn4Cqsx9AqfKfQZlAAAAAAAAAAAAAAAAAAAAAAAAAABeUs8/XlLP619SzrFeUs8F
Y1PKBGJTyspjU8mxAAAAAGZTxUNmU8X8Z1PFIAAAAABrU8Bfa1O/8GtTvwZdQaULTDip+Us5s00A
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE9F4RBFQumVPj/s/Tw/7ZI+QusHAAAAAGVa
2FllWNr0ZlfXu2hXzyAAAAAAxH8aAs2ABz/NfgV+zH4Dnsx9AqDKfQdSAAAAAAAAAAAAAAAAbU20
DGhMwYdgUc37X1LNmV9TzQUAAAAAY1PJhmRTyO9kU8cdAAAAAGhTw7hoU8OtAAAAAAAAAABtVL26
blS9oAAAAABZO5tLTjim+lI/sw4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAQEHrSTw/7eo8P+y5AAAAAAAAAABoWtMoZ1fUyWdV0/ZoVc+MalXIIgAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAHBQsSJsTL1/a0y/6WtLvudqTL5XAAAAAAAAAABkU8dfZVPH/GVTxlAAAAAAaVPC
O2pTwf5qU8EzAAAAAAAAAABvVLuscFS6NQAAAABbOpOaUjmjvAAAAAAAAAAAAAAAAAAAAAAAAAAA
WkXcG1dD4bNUQ+KPUkPhRVhJ1wMAAAAAAAAAAD9C6xw9QOxPAAAAAAAAAAAAAAAAb13DAmpXzmBp
VM7XaVPN/mpTydRrUsWka1DCkGxQv5NsT76tbE6+3GxNv/9tTb7ebU28dm1Otw0AAAAAAAAAAAAA
AABmU8bdZlPFcAAAAABrU78Da1O/ymxTv6gAAAAAAAAAAAAAAAAAAAAAAAAAAHZVswZgPpTrVjqe
aAAAAAAAAAAAAAAAAAAAAAAAAAAAXEbYD1hD34xUQuHCUULk/E9C5N5NQ+RoUEfeBQAAAAAAAAAA
AAAAAAAAAAAAAAAAbk6/AgAAAABzXbcBbFXHN2xTx3psUsSkbFHCtm1QvrNtT72cbk+8cW5PuTNx
U6wBAAAAAAAAAABPRtoJUEbaDAAAAABnU8QBAAAAAAAAAABtVL5zbVS98W5UvRwAAAAAAAAAAAAA
AAAAAAAAAAAAAHhVsVVmQpf3Xz+dEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVUbd
G1BD44dNQuTzS0Lk2EtD40gAAAAAAAAAAAAAAABmRdE8ZETU7WFE1XthR9ISAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT0bbCE1D3mRMQ97iTUPdmwAAAAAAAAAAAAAAAG5UvDlv
VLz5b1S7YAAAAAB1VLUHdVW0a3ZVswQAAAAAAAAAAHtVrsNxSZygAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAYEbVC1hE31NQQ+JHTUXhEwAAAABPRN8YTELjnUpB5f1JQeSqSkPjGgAAAABoSMoFZkXR
cWJE1edfRNf2XETYq1lF2WVXRdk0V0bYGFRG2A9TRdoXUETcMU9D3V1OQ96eTUPe7E1D3vNOQ92J
UEXaDwAAAAAAAAAAVEXXKGBLy+lxVbmZAAAAAAAAAAB2VbOfd1Wy6HdVsg0AAAAAfVWrQH1Vq/1+
VaksAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXkTaPVhD3+9QQuL8SkHl+0ZB5qtFQuYhAAAAAExD
4TpKQePRSEHk8UhC43BLRuAEAAAAAGZJzAdhRdRXXUTXq1pF2OpXRNr/VUPb/1NC3P9RQtz/UELd
/09C3e9PQ922T0TcaFBG2hAAAAAAAAAAAAAAAABVRNY0VEPY6FVE1q9oUMIEAAAAAHdVsoF4VbH3
eVWwOgAAAAB/VakCf1apyoBWp6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABV
R9oJTEPjS0dB5shEQOfwQ0HmXAAAAABORt0FSkLidElB4/JIQuPVSULiT09J3AEAAAAAAAAAAAAA
AABbR9UXWEXYMFVE2ThURNkxVEbZGldL1AEAAAAAAAAAAAAAAAAAAAAAW0jRA1dF1m9WRNb3VkTV
n1xJzgUAAAAAdVO0e3lVr/t6Va5RAAAAAAAAAACBVqZqglal9YJWpSAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEtG4QRFQeWAQ0Dm+0NA5rBHROIIAAAAAExE4BlK
QuKbSUHi+0lC4c5KQ+BfTUbeCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBK
zgVcRdNVWUXU0FhE1fJZRdRmAAAAAGFKzANdRdCRZUnG+ntVrVYAAAAAAAAAAINWpCiDVqTzhFaj
cwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnR88gZETUxWBF1WFiSs4C
RULkM0RB5adGQ+QPAAAAAAAAAAAAAAAATETfJEpC4JdKQuDzS0Lg80xD3qMAAAAAe0y2A3lIvi1z
SMIobkfGLmlHyURlRs1qYkbPo19F0etdRdL2W0XSllxG0RoAAAAAbUnDGmRFy7xfRM/wXkXORwAA
AAAAAAAAAAAAAIVWosyGVqG4hlahAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAZUXSX2BE1/RcRNjHWkbXKQAAAAAAAAAAc0vABXBGybluR8pvbEnHCwAAAABORdwN
TEPeWk1D3X0AAAAAe0i8RHlGwP90RsT/b0bH/2pGyv1mRszgY0bNq2FGz2RhSM0SAAAAAIxPowJ+
SbdlcUfC7WhFyc9jRssnAAAAAAAAAAAAAAAAAAAAAIdXoEqIV58QAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGJG0yJdRNe9WUTa9ldF2nRYSNYDdU66
AXJHx31uRsrtakXM7mdGzZFlR800Z03GAQAAAAAAAAAAAAAAAHtJuRd1R8IecUnCGW5MwQcAAAAA
AAAAAAAAAAAAAAAAAAAAAI5KqUKDSLT2dUe+fm1KwQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABhS84BWkXXa1dE2vNUQ9vJVETaMQAAAABvScQMbEfKaWhGzMxlRc//YkXP4WBF0J5fRdFmXkbR
PF1H0R9dR9AQXEbQEFtG0R9aRNE+WkTSbFtE0Z5dRc8YAAAAAAAAAACHTKsKAAAAAAAAAAAAAAAA
a0fHSmxGxp8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFlG1yBWRNm2U0Pb/FJE25lTRtgaAAAAAAAA
AABnSMolZEbOcWJGz7JgRdDmXkXS/11E0v9bRNP/W0TT/1pD0v9bQ9L/W0TR4VxE0KVeRs0UAAAA
AAAAAAAAAAAAAAAAAGxIxSJsRseobEXH/W5GxY8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAVUXZTlND2tdSQ9r3UkPZllRF1yoAAAAAAAAAAAAAAAAAAAAAYUjMD19GzyleRs83XUXPN11F
zyleR8wOAAAAAAAAAAAAAAAAAAAAAHBNvQFuR8Q9bUbGpG5FxvpuRcXNb0fEPQAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFdH1ANURNhbU0PYz1ND2P5VRNeuAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd063A3RIviVyR8FZcUbDmHBGxOJwRcT+cEXEvnBH
w09xS78BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAFZF1jZWRdVSAAAAAAAAAAAAAAAAjUmstolIr72FSLKxgUi1sn1IuMF6SLvZeEe993ZGv/91
RsDyc0bBuXNGwnJySMAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj0qpYYtJrYqHSbCV
g0mzlH9ItoZ8SLhveki6UHhJuyh2TbgDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA////////AAD///Mf//8AAP//kB///wAA//iAj///AAD/+ADET/8AAP/MAaAH/wAA/4EAAgf/
AAD/wACBAH8AAP/4AAkAfwAA/A4CBJJ/AAD8CRAkgn8AAP/4iQAODwAA/BhAAEgPAADgBASSSQcA
AOACBJJJJwAA/+Ec8EknAADAOIzwSScAAIAMRIBJJwAAj4QggEknAADgQhGSeScAAIARDxJJJwAA
hguAIEgnAAD/hgBEAAUAAIhiEYCBwAAACBAACBPAAAAfCAARAMgAAOOEMOIkyQAAgEIP9ECJAACA
IAD4CIEAAP4IQOCJkQAA/4wfgxGTAADgzgAHI+MAAOA+gBlj4wAA/Bw/4cRnAADhBAABjEcAAOBB
AAcIjwAA+CBwPBGPAAD+CB/wQx8AAPgOCACHHwAA/DCIAg8/AAD+ABw+H/8AAP8EAANz/wAA/8GA
A8P/AAD/8HgeB/8AAP/4P+AP/wAA//84AH//AAD///gD//8AAP///////wAAKAAAABAAAAAgAAAA
AQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv4RnDrqDZxWl
fmoxsXtUPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBjHYDvYVrLqyA
a3GpfWSCmHljX6Z4TTGWc0NcMzTBSDM0xj8yONwCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuYNs
Q6J+bnaYeWNdlHZYgJNzSoGlczBzj28lajY4wjYvM9ZvLTPcUjY1wysAAAAAAAAAAAAAAAAAAAAA
rIBuaZR7clekd00vlnhSXKyHQlashS5vpX0acJFtDHGdawRULjPdcy403yczNM9xQDm5BQAAAAAA
AAAAsX1bX5l5YG7BmFRz3qpGMuGrM33gpx9p3qQLcN2hAmrbnQBwv4gBbzA03W43NcpNMzTVbjk1
x2MAAAAAsnpNGbuRVWzir0pr4as0P+CpJ27epRBS3aIFZ9yfAG/amwAX2poAatqYAG9MTeBsOznP
bTU10m05NcpsAAAAANSeRijgqztu4Kgkad+nGlPeowhd3aECdtyeAE3bnQBV2pkAdtmXAHDZlgBt
UU/dFVVP2G09Oc5tPDbFbAAAAAC6lWg0ZWDEH2BdwTjdogRz3J4ANtubAFvbmwBp2pgAcNmXAFXY
lQBs2JQAdFZQ1nFZUdNwWlDSNEM3um1BN8EvQ0zqP0RN6RRFTehHSU7ld9KWD2TakgFh2ZgAcdmV
AG3ZlQBg2JMAXpJudFlcUdFmX1LObWNSySFWRLlvRDe5bkVN6D9HTedkSEfneEdH6UhjWdyCtXg/
V9CBA3TMfgNdAAAAAGdRwDReUs9wY1LJeWZTxWtqU8EzaVG7Wkw4rGcAAAAAVkPhTlBC40g9QOxD
aFrTBGhW0WRrU8hwbFC/bW1OvXJrTL5NZFLHJWdTxD5rVL9vb1S7E2VDm1dUOqEiAAAAAFVD4FBL
QuRkSkLkfk1C4TJiRNV2WkTYbVND21xPQ91sTUPdd09E2xliTMl/dlWzR3dVsi58VKh5AAAAAAAA
AABiR9IFT0LgaURB5lVJQuNTSkLhdkxD3jFiRs8bZUfMG15F0VJYRNV5X0XPVXFQuWCEVqNWg1al
LAAAAAAAAAAAAAAAAF9E1lVXRNlqbUbKUGdGzXJbRdROckbDUmhGymFfRc9AhEmyL21GxERsRsca
h1efCgAAAAAAAAAAAAAAAAAAAAAAAAAAVkTZGFND2nZURNdgYUbPOl1F0mFbRNJhYkXMPHBGxE1u
RsV5bUbGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVkXVDwAAAACKSa5ofki3bXZH
vmBzR8ElAAAAAAAAAAAAAAAAAAAAAAAAAAD4f6xB4AesQeADrEHAAaxBgAGsQQABrEEAAaxBAACs
QQAArEEAgKxBgACsQYABrEGAAaxBwAOsQeAHrEH6H6xB
"""
try:
from ctypes import windll
AppId = f"digitalsleuth.time-decode.gui.v{__version__.replace('.','-')}"
windll.shell32.SetCurrentProcessExplicitAppUserModelID(AppId)
except ImportError:
pass
class NewWindow(QWidget):
"""This class sets the structure for a new window"""
def __init__(self):
"""Sets up the new window table and context menu"""
super().__init__()
layout = QVBoxLayout()
self.examplesLabel = QLabel()
self.timestampTable = QTableWidget()
self.timestampTable.setSizePolicy(
QSizePolicy.Policy.Expanding, QSizePolicy.Policy.Expanding
)
self.timestampTable.setStyleSheet(
"border: none; selection-background-color: #1644b9;"
)
self.timestampTable.setVerticalScrollBarPolicy(
Qt.ScrollBarPolicy.ScrollBarAsNeeded
)
self.context_menu = ContextMenu(self.timestampTable)
self.timestampTable.setContextMenuPolicy(Qt.ContextMenuPolicy.CustomContextMenu)
self.timestampTable.customContextMenuRequested.connect(
self.context_menu.show_context_menu
)
layout.addWidget(self.timestampTable)
layout.addWidget(self.examplesLabel)
self.setLayout(layout)
def keyPressEvent(self, event):
"""Sets the Ctrl+C KeyPress for the window"""
if event.matches(QKeySequence.StandardKey.Copy):
self.context_menu.copy()
else:
super().keyPressEvent(event)
class AboutWindow(QWidget):
"""Sets the structure for the About window"""
def __init__(self):
super().__init__()
layout = QGridLayout()
self.aboutLabel = QLabel()
self.urlLabel = QLabel()
self.logoLabel = QLabel()
spacer = QLabel()
layout.addWidget(self.aboutLabel, 0, 0)
layout.addWidget(spacer, 0, 1)
layout.addWidget(self.urlLabel, 1, 0)
layout.addWidget(self.logoLabel, 0, 2)
self.setStyleSheet("background-color: white; color: black;")
self.setFixedHeight(100)
self.setFixedWidth(350)
self.setLayout(layout)
class ContextMenu:
"""Shows a context menu for a QTableWidget"""
def __init__(self, tbl_widget):
"""Associate the tbl_widget variable"""
self.tbl_widget = tbl_widget
def show_context_menu(self, pos):
"""Sets the context menu structure and style"""
stylesheet = TimeDecodeGui.stylesheet
context_menu = QMenu(self.tbl_widget)
copy_event = context_menu.addAction("Copy")
copy_event.setShortcut(QKeySequence("Ctrl+C"))
copy_event.setShortcutVisibleInContextMenu(True)
context_menu.setStyleSheet(stylesheet)
copy_event.triggered.connect(self.copy)
context_menu.exec(self.tbl_widget.mapToGlobal(pos))
def copy(self):
"""Sets up the Copy option for the context menu"""
selected = self.tbl_widget.selectedItems()
if selected:
clipboard = QApplication.clipboard()
text = (
"\n".join(
[
"\t".join(
[
item.text()
for item in self.tbl_widget.selectedItems()
if item.row() == row
]
)
for row in range(self.tbl_widget.rowCount())
]
)
).rstrip()
text = text.lstrip()
clipboard.setText(text)
class UiDialog:
"""Sets the structure for the main user interface"""
def __init__(self):
self.d_width = 490
self.d_height = 130
self.text_font = QFont()
self.text_font.setPointSize(9)
self.results = {}
self.examplesWindow = None
self.newWindow = None
def setupUi(self, Dialog):
"""Sets up the core UI"""
if not Dialog.objectName():
Dialog.setObjectName(__appname__)
Dialog.setFixedWidth(self.d_width)
Dialog.setMinimumHeight(self.d_height)
Dialog.setStyleSheet(self.stylesheet)
Dialog.setSizePolicy(QSizePolicy.Policy.Expanding, QSizePolicy.Policy.Expanding)
Dialog.setWindowFlags(
self.windowFlags() & ~Qt.WindowType.WindowMaximizeButtonHint
)
self.screen_layout = QGuiApplication.primaryScreen().availableGeometry()
self.scr_width, self.scr_height = (
self.screen_layout.width(),
self.screen_layout.height(),
)
self.center_x = (self.scr_width // 2) - (self.d_width // 2)
self.center_y = (self.scr_height // 2) - (self.d_height // 2)
Dialog.move(self.center_x, self.center_y)
self.timestampText = QLineEdit(Dialog)
self.timestampText.setObjectName("timestampText")
self.timestampText.setGeometry(QRect(10, 30, 225, 22))
self.timestampText.setHidden(False)
self.timestampText.setEnabled(True)
self.timestampText.setStyleSheet(self.stylesheet)
self.timestampText.setFont(self.text_font)
utc_time = dt.now(tzone("UTC"))
self.dateTime = QDateTimeEdit(Dialog)
self.dateTime.setObjectName("dateTime")
self.dateTime.setDisplayFormat("yyyy-MM-dd HH:MM:ss")
self.dateTime.setGeometry(QRect(10, 30, 225, 22))
self.dateTime.setDateTime(utc_time)
self.dateTime.setCalendarPopup(True)
self.dateTime.calendarWidget().setFixedHeight(220)
self.dateTime.calendarWidget().setGridVisible(True)
self.dateTime.setHidden(True)
self.dateTime.setEnabled(False)
self.dateTime.setStyleSheet(self.stylesheet)
self.dateTime.calendarWidget().setStyleSheet(
"alternate-background-color: #EAF6FF; background-color: white; color: black;"
)
self.dateTime.setFont(self.text_font)
self.dateTime.calendarWidget().setFont(self.text_font)
self.nowButton = QPushButton("&Now", clicked=self.setNow)
self.nowButton.setFont(self.text_font)
self.updateButton = QPushButton(
"&Update Time Zones", clicked=self.update_timezones
)
self.updateButton.setFont(self.text_font)
self.buttonLayout = QHBoxLayout()
self.buttonLayout.addWidget(self.nowButton)
self.buttonLayout.addWidget(self.updateButton)
self.calendarButtons = self.dateTime.calendarWidget().layout()
self.calendarButtons.addLayout(self.buttonLayout)
self.timestampFormats = QComboBox(Dialog)
self.timestampFormats.setObjectName("timestampFormats")
self.timestampFormats.setGeometry(QRect(10, 60, 225, 22))
self.timestampFormats.setStyleSheet(
"combobox-popup: 0; background-color: white; color: black;"
)
self.timestampFormats.view().setVerticalScrollBarPolicy(
Qt.ScrollBarPolicy.ScrollBarAsNeeded
)
self.timestampFormats.setFont(self.text_font)
types = {}
for _, this_type in ts_types.items():
types[this_type[0]] = this_type[1]
types = dict(sorted(types.items(), key=lambda item: item[0].casefold()))
for k, v in enumerate(types.items()):
self.timestampFormats.addItem(v[0])
self.timestampFormats.setItemData(k, v[1], Qt.ItemDataRole.ToolTipRole)
self.timeZoneOffsets = QComboBox(Dialog)
self.timeZoneOffsets.setObjectName("timeZoneOffsets")
self.timeZoneOffsets.setGeometry(QRect(10, 90, 305, 22))
self.timeZoneOffsets.setStyleSheet(
"combobox-popup: 0; background-color: white; color: black;"
)
self.timeZoneOffsets.view().setVerticalScrollBarPolicy(
Qt.ScrollBarPolicy.ScrollBarAsNeeded
)
self.timeZoneOffsets.setFont(self.text_font)
ts_offsets = self.common_timezone_offsets()
for k, v in enumerate(ts_offsets):
self.timeZoneOffsets.addItem(f"{v[0]} {v[1]}")
self.timeZoneOffsets.setItemData(k, v[1], Qt.ItemDataRole.ToolTipRole)
self.timeZoneOffsets.setEnabled(True)
self.timeZoneOffsets.setHidden(False)
self.outputTable = QTableWidget(Dialog)
self.outputTable.setSizePolicy(
QSizePolicy.Policy.Expanding, QSizePolicy.Policy.Expanding
)
self.outputTable.setGeometry(QRect(10, 120, 440, 22))
self.outputTable.setStyleSheet(
"border: none; background-color: white; color: black; font-size: 10;"
)
self.outputTable.setVisible(False)
self.outputTable.setVerticalScrollBarPolicy(
Qt.ScrollBarPolicy.ScrollBarAlwaysOn
)
self.outputTable.setHorizontalScrollBarPolicy(
Qt.ScrollBarPolicy.ScrollBarAlwaysOff
)
self.context_menu = ContextMenu(self.outputTable)
self.outputTable.setContextMenuPolicy(Qt.ContextMenuPolicy.CustomContextMenu)
self.outputTable.customContextMenuRequested.connect(
self.context_menu.show_context_menu
)
self.outputTable.setFont(self.text_font)
self.guessButton = QPushButton(Dialog)
self.guessButton.setObjectName("guessButton")
self.guessButton.setEnabled(True)
self.guessButton.setHidden(False)
self.guessButton.setGeometry(QRect(245, 30, 70, 22))
self.guessButton.setStyleSheet("background-color: white; color: black;")
self.guessButton.setFont(self.text_font)
self.guessButton.clicked.connect(self.guess_decode)
self.toallButton = QPushButton(Dialog)
self.toallButton.setObjectName("toallButton")
self.toallButton.setEnabled(False)
self.toallButton.setHidden(True)
self.toallButton.setGeometry(QRect(245, 30, 70, 22))
self.toallButton.setStyleSheet("background-color: white; color: black;")
self.toallButton.setFont(self.text_font)
self.toallButton.clicked.connect(self.encode_toall)
self.encodeRadio = QRadioButton(Dialog)
self.encodeRadio.setObjectName("encodeRadio")
self.encodeRadio.setGeometry(QRect(400, 30, 72, 20))
self.encodeRadio.setStyleSheet("background-color: white; color: black;")
self.encodeRadio.setFont(self.text_font)
self.encodeRadio.toggled.connect(self._encode_select)
self.decodeRadio = QRadioButton(Dialog)
self.decodeRadio.setObjectName("decodeRadio")
self.decodeRadio.setGeometry(QRect(325, 30, 72, 20))
self.decodeRadio.setChecked(True)
self.decodeRadio.setStyleSheet("background-color: white; color: black;")
self.decodeRadio.setFont(self.text_font)
self.decodeRadio.toggled.connect(self._decode_select)
self.goButton = QPushButton(Dialog)
self.goButton.setObjectName("goButton")
self.goButton.setGeometry(QRect(245, 60, 70, 22))
self.goButton.setStyleSheet("background-color: white; color: black;")
self.goButton.setFont(self.text_font)
self.goButton.clicked.connect(self.go_function)
new_window_pixmap = QStyle.StandardPixmap.SP_ArrowRight
icon = self.style().standardIcon(new_window_pixmap)
self.newWindowButton = QPushButton(Dialog)
self.newWindowButton.setObjectName("newWindowButton")
self.newWindowButton.setGeometry(QRect(325, 90, 22, 22))
self.newWindowButton.setStyleSheet(
"background-color: white; color: black; border: 0;"
)
self.newWindowButton.setFont(self.text_font)
self.newWindowButton.setIcon(icon)
self.newWindowButton.setIconSize(QSize(22, 22))
self.newWindowButton.setToolTip("Open results in a new window")
self.newWindowButton.clicked.connect(self._new_window)
self.retranslateUi(Dialog)
QMetaObject.connectSlotsByName(Dialog)
def retranslateUi(self, Dialog):
"""Retranslate the Ui"""
_translate = QCoreApplication.translate
Dialog.setWindowTitle(_translate("Dialog", __appname__))
self.dateTime.setDisplayFormat(
_translate("Dialog", "yyyy-MM-dd HH:mm:ss", None)
)
self.timestampText.setPlaceholderText(_translate("Dialog", "Timestamp", None))
self.guessButton.setText(_translate("Dialog", "Guess", None))
self.toallButton.setText(_translate("Dialog", "To All", None))
self.encodeRadio.setText(_translate("Dialog", "Encode", None))
self.decodeRadio.setText(_translate("Dialog", "Decode", None))
self.goButton.setText(_translate("Dialog", "\u2190 From", None))
self.newWindowButton.setHidden(True)
self.newWindowButton.setEnabled(False)
self._menu_bar()
def setNow(self):
"""Sets the current date / time on the Calendar Widget"""
today = QDate().currentDate()
now = dt.now(tzone("UTC"))
self.dateTime.calendarWidget().setSelectedDate(today)
self.dateTime.setDateTime(now)
def update_timezones(self):
"""Updates the timeZoneOffsets combo box to reflect the selected Calendar date/time"""
ts_offsets = self.common_timezone_offsets()
self.timeZoneOffsets.clear()
for k, v in enumerate(ts_offsets):
self.timeZoneOffsets.addItem(f"{v[0]} {v[1]}")
self.timeZoneOffsets.setItemData(k, v[1], Qt.ItemDataRole.ToolTipRole)
def _decode_select(self):
"""Sets the structure for the decode radio button"""
self.dateTime.setHidden(True)
self.dateTime.setEnabled(False)
self.timestampText.setHidden(False)
self.timestampText.setEnabled(True)
self.guessButton.setEnabled(True)
self.guessButton.setHidden(False)
self.toallButton.setEnabled(False)
self.toallButton.setHidden(True)
self.goButton.setText("\u2190 From")
self.newWindowButton.setHidden(True)
self.newWindowButton.setEnabled(False)
self._reset_table()
def _encode_select(self):
"""Sets the structure for the encode radio button"""
self.timestampText.setHidden(True)
self.timestampText.setEnabled(False)
self.dateTime.setHidden(False)
self.dateTime.setEnabled(True)
self.guessButton.setEnabled(False)
self.guessButton.setHidden(True)
self.toallButton.setEnabled(True)
self.toallButton.setHidden(False)
self.goButton.setText("\u2190 To")
self.newWindowButton.setHidden(True)
self.newWindowButton.setEnabled(False)
self._reset_table()
def _reset_table(self):
"""Resets the GUI structure"""
self.adjustSize()
self.setFixedWidth(490)
self.setFixedHeight(130)
self.outputTable.setVisible(False)
self.outputTable.clearContents()
self.outputTable.setColumnCount(0)
self.outputTable.setRowCount(0)
self.outputTable.reset()
self.outputTable.setStyleSheet("border: none")
def guess_decode(self):
"""Will take the provided timestamp and run it through the 'from_all' function"""
timestamp = self.timestampText.text()
selected_tz = self.timeZoneOffsets.currentText()
if timestamp == "":
self._msg_box("You must enter a timestamp!", "Info")
return
all_ts = from_all(timestamp)
results = {}
for k, _ in all_ts.items():
if "No Time Zone Change" in selected_tz:
results[k] = f"{all_ts[k][0]} {all_ts[k][2]}"
else:
tz_offset = selected_tz.split(" ")[0]
tz_name = " ".join(selected_tz.split(" ")[1:])
tz = tzone(tz_name)
tz_original = all_ts[k][0]
dt_parse = duparser.parse(tz_original)
dt_obj = pytz.utc.localize(dt_parse)
tz_selected = dt_obj.astimezone(tz).strftime(__fmt__)
if self.check_daylight(dt_parse, tz):
tz_out = f"{tz_offset} DST"
else:
tz_out = tz_offset
results[k] = f"{tz_selected} {tz_out}"
self.results = results
self.display_output(results)
def encode_toall(self):
"""Takes the dateTime object, passes it to the to_timestamps function which encodes it"""
dt_obj = self.dateTime.text()
selected_tz = self.timeZoneOffsets.currentText()
if "No Time Zone Change" not in selected_tz:
tz_name = " ".join(selected_tz.split(" ")[1:])
tz = tzone(tz_name)
dt_parse = duparser.parse(dt_obj)
dt_parse = pytz.utc.localize(dt_parse)
dt_obj = dt_parse.astimezone(tz).strftime(__fmt__)
results, _ = to_timestamps(dt_obj)
self.results = results
self.display_output(results)
def common_timezone_offsets(self):
"""Generates a list of common timezones for conversion"""
timezone_offsets = [("No Time Zone Change", "")]
dt_obj = duparser.parse(self.dateTime.text())
dt_obj_naive = pytz.utc.localize(dt_obj)
for tz_name in common_timezones:
timezone = tzone(tz_name)
dt_val = dt_obj_naive.astimezone(timezone)
offset_seconds = dt_val.utcoffset().total_seconds()
hours, remainder = divmod(abs(offset_seconds), 3600)
minutes = remainder // 60
sign = "+" if offset_seconds >= 0 else "-"
int_offset = f"{sign}{int(hours):02}:{int(minutes):02}"
formatted_offset = f"UTC{int_offset}"
timezone_offsets.append((formatted_offset, tz_name))
timezone_offsets.sort(key=lambda x: x[0])
return timezone_offsets
def display_output(self, ts_list):
"""Configures the output format for the provided values"""
self._reset_table()
self.outputTable.setVisible(True)
self.outputTable.setColumnCount(2)
self.outputTable.setAlternatingRowColors(True)
self.outputTable.setStyleSheet(
"""
border: none;
alternate-background-color: #EAF6FF;
background-color: white;
color: black;
selection-background-color: #1644b9;
"""
)
for ts_type, result in ts_list.items():
row = self.outputTable.rowCount()
self.outputTable.insertRow(row)
widget0 = QTableWidgetItem(ts_types[ts_type][0])
widget0.setFlags(widget0.flags() & ~Qt.ItemFlag.ItemIsEditable)
widget0.setToolTip(ts_types[ts_type][1])
widget1 = QTableWidgetItem(result)
widget1.setFlags(widget1.flags() & ~Qt.ItemFlag.ItemIsEditable)
self.outputTable.setItem(row, 0, widget0)
self.outputTable.item(row, 0).setTextAlignment(
int(Qt.AlignmentFlag.AlignLeft | Qt.AlignmentFlag.AlignVCenter)
)
self.outputTable.setItem(row, 1, widget1)
self.outputTable.item(row, 1).setTextAlignment(
int(Qt.AlignmentFlag.AlignLeft | Qt.AlignmentFlag.AlignVCenter)
)
if self.decodeRadio.isChecked():
if "DST" in result:
ts = result.split(" DST")[0]
else:
ts = result
this_yr = int(dt.now().strftime("%Y"))
if int(duparser.parse(ts).strftime("%Y")) in range(
this_yr - 5, this_yr + 5
):
for each_col in range(0, self.outputTable.columnCount()):
this_col = self.outputTable.item(row, each_col)
this_col.setBackground(QColor("lightgreen"))
this_col.setForeground(QColor("black"))
self.outputTable.horizontalHeader().setFixedHeight(1)
self.outputTable.verticalHeader().setFixedWidth(1)
self.outputTable.setFixedWidth(540)
self.outputTable.setColumnWidth(0, 220)
self.outputTable.setColumnWidth(1, 300)
self.outputTable.resizeRowsToContents()
self.outputTable.setShowGrid(True)
total_row_height = sum(
self.outputTable.rowHeight(row)
for row in range(self.outputTable.rowCount())
)
self.outputTable.setFixedHeight(400)
if total_row_height > 500:
self.setFixedHeight(540)
self.outputTable.verticalScrollBar().show()
else:
self.setFixedHeight(self.height() + int(total_row_height + 1))
self.outputTable.verticalScrollBar().hide()
self.setFixedWidth(555)
self.newWindowButton.setEnabled(True)
self.newWindowButton.setHidden(False)
def go_function(self):
"""The To/From button: converts a date/timestamp, depending on the selected radio button"""
results = {}
ts_format = self.timestampFormats.currentText()
ts_text = self.timestampText.text()
ts_date = self.dateTime.text()
selected_tz = self.timeZoneOffsets.currentText()
if "No Time Zone Change" not in selected_tz:
tz_name = " ".join(selected_tz.split(" ")[1:])
tz_offset = selected_tz.split(" ")[0]
tz = tzone(tz_name)
dt_parse = duparser.parse(ts_date)
dt_parse = pytz.utc.localize(dt_parse)
ts_date = dt_parse.astimezone(tz).strftime(__fmt__)
in_ts_types = [k for k, v in ts_types.items() if ts_format in v]
if not in_ts_types:
self._msg_box(
f"For some reason {ts_format} is not in the list of available conversions!",
"Error",
)
return
ts_type = in_ts_types[0]
if self.encodeRadio.isChecked():
is_func = False
ts_selection = f"to_{ts_type}"
for this_func in to_funcs:
if inspect.isfunction(this_func):
func_name = this_func.__name__
if func_name == ts_selection:
is_func = True
if not is_func:
self._msg_box(
f"Cannot convert to {ts_format},\nrequired information is unavailable.",
"Warning",
)
return
ts_func = globals()[ts_selection]
result, _ = ts_func(ts_date)
results[ts_type] = result
self.results = results
self.display_output(results)
elif self.decodeRadio.isChecked():
is_func = False
if ts_text == "":
self._msg_box("You must enter a timestamp!", "Info")
return
ts_selection = f"from_{ts_type}"
for this_func in from_funcs:
if inspect.isfunction(this_func):
func_name = this_func.__name__
if func_name == ts_selection:
is_func = True
if not is_func:
self._msg_box(
f"Cannot convert from {ts_format},\nrequired information is unavailable.",
"Warning",
)
return
ts_func = globals()[ts_selection]
result, _, _, reason, tz_out = ts_func(ts_text)
if not result:
self._msg_box(reason, "Error")
return
if "No Time Zone Change" not in selected_tz:
dt_parse = duparser.parse(result)
dt_obj = pytz.utc.localize(dt_parse)
result = dt_obj.astimezone(tz).strftime(__fmt__)
if self.check_daylight(dt_parse, tz):
tz_out = f"{tz_offset} DST"
else:
tz_out = tz_offset
results[ts_type] = f"{result} {tz_out}"
self.results = results
self.display_output(results)
@staticmethod
def check_daylight(dtval, tz):
"""Checks to see if the provided timestamp, in the provided timezone, is observing DST"""
dst_check = tz.localize(dtval)
return dst_check.dst() != timedelta(0, 0)
def _menu_bar(self):
"""Add a menu bar"""
self.menu_bar = self.menuBar()
self.menu_bar.setStyleSheet(self.stylesheet)
self.file_menu = self.menu_bar.addMenu("&File")
self.exit_action = QAction("&Exit", self)
self.exit_action.triggered.connect(QApplication.instance().quit)
self.exit_action.setFont(self.text_font)
self.file_menu.addAction(self.exit_action)
self.menu_bar.addMenu(self.file_menu)
self.view_menu = self.menu_bar.addMenu("&View")
self.view_action = QAction("E&xamples", self)
self.view_action.triggered.connect(self._examples)
self.view_action.setFont(self.text_font)
self.view_menu.addAction(self.view_action)
self.menu_bar.addMenu(self.view_menu)
self.help_menu = self.menu_bar.addMenu("&Help")
self.about_action = QAction("&About", self)
self.about_action.triggered.connect(self._about)
self.about_action.setFont(self.text_font)
self.help_menu.addAction(self.about_action)
self.menu_bar.setFont(self.text_font)
def _msg_box(self, message, msg_type):
self.msg_box = QMessageBox()
self.msg_box.setStyleSheet("background-color: white; color: black;")
self.msg_box.setSizePolicy(
QSizePolicy.Policy.Expanding, QSizePolicy.Policy.Expanding
)
if msg_type == "Error":
self.msg_box.setIcon(QMessageBox.Icon.Critical)
elif msg_type == "Info":
self.msg_box.setIcon(QMessageBox.Icon.Information)
elif msg_type == "Warning":
self.msg_box.setIcon(QMessageBox.Icon.Warning)
elif msg_type == "":
self.msg_box.setIcon(QMessageBox.Icon.NoIcon)
msg_type = "Unidentified"
self.msg_box.setWindowTitle(msg_type)
self.msg_box.setFixedSize(300, 300)
self.msg_box.setText(f"{message}\t ")
self.msg_box.setStandardButtons(QMessageBox.StandardButton.Ok)
self.msg_box.exec()
def _about(self):
self.about_window = AboutWindow()
self.about_window.setWindowFlags(
self.about_window.windowFlags() & ~Qt.WindowType.WindowMinMaxButtonsHint
)
githubLink = f'View the source on GitHub'
self.about_window.setWindowTitle("About")
self.about_window.aboutLabel.setText(
f"Version: {__appname__}\nLast Updated: {__date__}\nAuthor: {__author__}"
)
self.about_window.aboutLabel.setFont(self.text_font)
self.about_window.urlLabel.setOpenExternalLinks(True)
self.about_window.urlLabel.setText(githubLink)
self.about_window.urlLabel.setFont(self.text_font)
self.logo = QPixmap()
self.logo.loadFromData(base64.b64decode(__fingerprint__))
self.about_window.logoLabel.setPixmap(self.logo)
self.about_window.logoLabel.resize(20, 20)
about_width = self.about_window.width()
about_height = self.about_window.height()
self.about_window.move(
self.center_x + (about_width // 4), self.center_y + (about_height // 4)
)
self.about_window.show()
def _examples(self):
if self.examplesWindow is None:
structures = {}
for _, data_list in ts_types.items():
structures[data_list[0]] = (
data_list[1],
data_list[2],
)
structures = sorted(
structures.items(), key=lambda item: item[1][0].casefold()
)
self.examplesWindow = NewWindow()
self.examplesWindow.examplesLabel.setGeometry(QRect(0, 0, 200, 24))
self.examplesWindow.examplesLabel.setText(
"Timestamps displayed here are based on the date 2023-05-01 between 09:00 & 18:00"
)
self.examplesWindow.examplesLabel.setFont(self.text_font)
self.examplesWindow.setWindowTitle("Timestamp Examples")
self.examplesWindow.setStyleSheet(
"""
border: none; alternate-background-color: #EAF6FF;
background-color: white; color: black;
"""
)
self.examplesWindow.timestampTable.setColumnCount(2)
for example in structures:
row = self.examplesWindow.timestampTable.rowCount()
self.examplesWindow.timestampTable.insertRow(row)
widget0 = QTableWidgetItem(example[1][0])
widget0.setFlags(widget0.flags() & ~Qt.ItemFlag.ItemIsEditable)
widget0.setToolTip(example[0])
widget1 = QTableWidgetItem(example[1][1])
widget1.setFlags(widget1.flags() & ~Qt.ItemFlag.ItemIsEditable)
self.examplesWindow.timestampTable.setItem(row, 0, widget0)
self.examplesWindow.timestampTable.item(row, 0).setTextAlignment(
int(Qt.AlignmentFlag.AlignLeft | Qt.AlignmentFlag.AlignVCenter)
)
self.examplesWindow.timestampTable.item(row, 0)
self.examplesWindow.timestampTable.setItem(row, 1, widget1)
self.examplesWindow.timestampTable.item(row, 1).setTextAlignment(
int(Qt.AlignmentFlag.AlignLeft | Qt.AlignmentFlag.AlignVCenter)
)
self.examplesWindow.timestampTable.horizontalHeader().setFixedHeight(1)
self.examplesWindow.timestampTable.verticalHeader().setFixedWidth(1)
self.examplesWindow.timestampTable.setGeometry(
QRect(
0,
0,
self.examplesWindow.timestampTable.horizontalHeader().length(),
self.examplesWindow.timestampTable.verticalHeader().length(),
)
)
self.examplesWindow.timestampTable.resizeColumnsToContents()
self.examplesWindow.timestampTable.resizeRowsToContents()
self.examplesWindow.timestampTable.setShowGrid(True)
self.examplesWindow.timestampTable.setAlternatingRowColors(True)
self.examplesWindow.setFixedSize(
self.examplesWindow.timestampTable.horizontalHeader().length() + 48,
400,
)
self.examplesWindow.timestampTable.setFont(self.text_font)
self.examplesWindow.show()
else:
self.examplesWindow.close()
self.examplesWindow = None
self._examples()
def _new_window(self):
table_data = self.results
selected_tz = self.timeZoneOffsets.currentText()
msg = title = ""
if self.encodeRadio.isChecked():
entered_value = self.dateTime.text()
title = f"Encoded: {entered_value}"
if "No Time Zone Change" not in selected_tz:
entered_value = f"{entered_value} {selected_tz}"
msg = f"Encoded: {entered_value}"
elif self.decodeRadio.isChecked():
entered_value = self.timestampText.text()
title = f"Decoded: {entered_value}"
if "No Time Zone Change" not in selected_tz:
entered_value = f"{entered_value} {selected_tz}"
msg = f"Decoded: {entered_value}"
if self.newWindow is None:
self.newWindow = NewWindow()
self.newWindow.windowLabel = self.newWindow.examplesLabel
self.newWindow.windowLabel.setGeometry(QRect(0, 0, 200, 24))
self.newWindow.windowLabel.setText(msg)
self.newWindow.examplesLabel.setFont(self.text_font)
self.newWindow.setWindowTitle(title)
self.newWindow.setStyleSheet(
"""
border: none; alternate-background-color: #EAF6FF;
background-color: white; color: black;
"""
)
self.newWindow.timestampTable.setColumnCount(2)
for ts_type, result in table_data.items():
row = self.newWindow.timestampTable.rowCount()
self.newWindow.timestampTable.insertRow(row)
widget0 = QTableWidgetItem(ts_types[ts_type][0])
widget0.setFlags(widget0.flags() & ~Qt.ItemFlag.ItemIsEditable)
widget0.setToolTip(ts_types[ts_type][1])
widget1 = QTableWidgetItem(result)
widget1.setFlags(widget1.flags() & ~Qt.ItemFlag.ItemIsEditable)
self.newWindow.timestampTable.setItem(row, 0, widget0)
self.newWindow.timestampTable.item(row, 0).setTextAlignment(
int(Qt.AlignmentFlag.AlignLeft | Qt.AlignmentFlag.AlignVCenter)
)
self.newWindow.timestampTable.item(row, 0)
self.newWindow.timestampTable.setItem(row, 1, widget1)
self.newWindow.timestampTable.item(row, 1).setTextAlignment(
int(Qt.AlignmentFlag.AlignLeft | Qt.AlignmentFlag.AlignVCenter)
)
if self.decodeRadio.isChecked():
this_yr = int(dt.now().strftime("%Y"))
if int(duparser.parse(result).strftime("%Y")) in range(
this_yr - 5, this_yr + 5
):
for each_col in range(
0, self.newWindow.timestampTable.columnCount()
):
this_col = self.newWindow.timestampTable.item(row, each_col)
this_col.setBackground(QColor("lightgreen"))
this_col.setForeground(QColor("black"))
self.newWindow.timestampTable.horizontalHeader().setFixedHeight(1)
self.newWindow.timestampTable.verticalHeader().setFixedWidth(1)
self.newWindow.timestampTable.setGeometry(
QRect(
0,
0,
self.newWindow.timestampTable.horizontalHeader().length(),
self.newWindow.timestampTable.verticalHeader().length(),
)
)
self.newWindow.timestampTable.resizeColumnsToContents()
for col in range(0, self.newWindow.timestampTable.columnCount()):
col_width = self.newWindow.timestampTable.columnWidth(col)
self.newWindow.timestampTable.setColumnWidth(col, col_width + 10)
self.newWindow.timestampTable.resizeRowsToContents()
row_height = self.newWindow.timestampTable.rowHeight(row)
total_row_height = sum(
row_height for row in range(self.newWindow.timestampTable.rowCount())
)
if total_row_height < 400:
window_height = total_row_height + (row_height * 2) + 8
else:
window_height = 400
self.newWindow.timestampTable.setShowGrid(True)
self.newWindow.timestampTable.setAlternatingRowColors(True)
self.newWindow.setFixedSize(
self.newWindow.timestampTable.horizontalHeader().length() + 38,
window_height,
)
self.newWindow.timestampTable.setFont(self.text_font)
self.newWindow.show()
else:
self.newWindow.close()
self.newWindow = None
self._new_window()
class TimeDecodeGui(QMainWindow, UiDialog):
"""TimeDecode Class"""
stylesheet = """
QMainWindow {
background-color: white; color: black;
}
QLineEdit {
background-color: white; color: black;
}
QDateTimeEdit {
background-color: white; color: black;
}
QMenu {
background-color: white; color: black; border: 1px solid black; margin: 0;
}
QMenu::item {
background-color: white; color: black; margin: 0; padding: 4px 20px 4px 20px;
}
QMenu::item:selected {
background-color: #1644b9; color: white; margin: 0; padding: 4px 20px 4px 20px;
}
QMenuBar {
background-color: white; color: black;
}
QMenuBar::item {
background-color: white; color: black;
}
QMenuBar::item:selected {
background-color: #1644b9; color: white;
}
"""
def __init__(self):
"""Call and setup the UI"""
super().__init__()
self.setupUi(self)
def keyPressEvent(self, event):
"""Create a KeyPress event for a Ctrl+C (Copy) event for selected text"""
if event.matches(QKeySequence.StandardKey.Copy):
self.context_menu.copy()
else:
super().keyPressEvent(event)
# End PyQt6 GUI
# 2023-05-01 17:59:38.285777
# Examples based around 2023-05-01 09:xx:xx to 17:xx:xx
ts_types = {
"unix_sec": [
"Unix Seconds",
"Unix seconds timestamp is 10 digits in length",
"1682963978",
"UTC",
],
"unix_milli": [
"Unix Milliseconds",
"Unix milliseconds timestamp is 13 digits in length",
"1682963978285",
"UTC",
],
"unix_milli_hex": [
"Unix Milliseconds hex",
"Unix Milliseconds hex timestamp is 12 hex characters (6 bytes)",
"0187d878582d",
"UTC",
],
"windows_hex_64": [
"Windows 64-bit Hex BE",
"Windows 64-bit Hex Big-Endian timestamp is 16 hex characters (8 bytes)",
"01d97c56b232fc2a",
"UTC",
],
"windows_hex_64le": [
"Windows 64-bit Hex LE",
"Windows 64-bit Hex Little-Endian timestamp is 16 hex characters (8 bytes)",
"2afc32b2567cd901",
"UTC",
],
"chrome": [
"Google Chrome",
"Chrome/Webkit timestamp is 17 digits",
"13327437578285777",
"UTC",
],
"ad": [
"Active Directory/LDAP",
"Active Directory/LDAP timestamps are 18 digits",
"133274375782857770",
"UTC",
],
"unix_hex_32be": [
"Unix Hex 32-bit BE",
"Unix Hex 32-bit Big-Endian timestamps are 8 hex characters (4 bytes)",
"644ffe0a",
"UTC",
],
"unix_hex_32le": [
"Unix Hex 32-bit LE",
"Unix Hex 32-bit Little-Endian timestamps are 8 hex characters (4 bytes)",
"0afe4f64",
"UTC",
],
"cookie": [
"Windows Cookie Date",
"IE text cookie times consist of 2 ints, enter with a comma between them",
"2986828032,31030358",
"UTC",
],
"ole_be": [
"Windows OLE 64-bit double BE",
"OLE Big-Endian timestamps are 16 hex characters (8 bytes)",
"40e5fef7fdf0f084",
"UTC",
],
"ole_le": [
"Windows OLE 64-bit double LE",
"OLE Little-Endian timestamps are 16 hex characters (8 bytes)",
"84f0f0fdf7fee540",
"UTC",
],
"mac": [
"NSDate - Mac Absolute time",
"NSDates (Mac) are 9 digits '.' 6 digits",
"704656778.285777",
"UTC",
],
"hfs_dec": [
"Mac OS/HFS+ Decimal Time",
"Mac OS/HFS+ Decimal timestamps are 10 digits",
"3765808778",
"UTC",
],
"hfs_be": [
"HFS/HFS+ 32-bit Hex BE",
"HFS/HFS+ Big-Endian timestamps are 8 hex characters (4 bytes)",
"e075ae8a",
"HFS Local / HFS+ UTC",
],
"hfs_le": [
"HFS/HFS+ 32-bit Hex LE",
"HFS/HFS+ Little-Endian timestamps are 8 hex characters (4 bytes)",
"8aae75e0",
"HFS Local / HFS+ UTC",
],
"msdos": [
"MS-DOS 32-bit Hex Value",
"MS-DOS 32-bit timestamps are 8 hex characters (4 bytes)",
"738fa156",
"Local",
],
"fat": [
"FAT Date + Time",
"MS-DOS wFatDate wFatTime timestamps are 8 hex characters (4 bytes)",
"a156738f",
"Local",
],
"systemtime": [
"Microsoft 128-bit SYSTEMTIME",
"Microsoft 128-bit SYSTEMTIME timestamps are 32 hex characters (16 bytes)",
"e70705000100010011003b0026001d01",
"UTC",
],
"filetime": [
"Microsoft FILETIME time",
"FILETIME timestamps are 2 sets of 8 hex chars (4 bytes) separated by a colon",
"b232fc2a:01d97c56",
"UTC",
],
"hotmail": [
"Microsoft Hotmail time",
"Hotmail timestamps are 2 sets of 8 hex chars (4 bytes), separated by a colon",
"567cd901:2afc32b2",
"UTC",
],
"prtime": [
"Mozilla PRTime",
"Mozilla PRTime timestamps are 16 digits",
"1682963978285777",
"UTC",
],
"ole_auto": [
"OLE Automation Date",
"OLE Automation timestamps are 2 ints, separated by a dot",
"45047.749748677976",
"UTC",
],
"ms1904": [
"MS Excel 1904 Date",
"Excel 1904 timestamps are 2 ints, separated by a dot",
"43585.749748677976",
"UTC",
],
"iostime": [
"NSDate - iOS 11+",
"NSDates (iOS) are 15-19 digits in length",
"704656778285777024",
"UTC",
],
"symtime": [
"Symantec AV time",
"Symantec 6-byte hex timestamps are 12 hex characters",
"350401113b26",
"UTC",
],
"gpstime": ["GPS time", "GPS timestamps are 10 digits", "1366999159", "UTC"],
"eitime": [
"Google EI time",
"Google ei timestamps contain only URLsafe base64 characters: A-Za-z0-9=-_",
"Cv5PZA",
"UTC",
],
"bplist": [
"NSDate - Binary Plist / Cocoa",
"NSDates (bplist) are 9 digits in length",
"704656778",
"UTC",
],
"nsdate": [
"NSDate - bplist / Cocoa / Mac / iOS",
"NSDates are 9, 9.6, or 15-19 digits in length",
"704656778.285777",
"UTC",
],
"gsm": [
"GSM time",
"GSM timestamps are 14 hex characters (7 bytes)",
"32501071958300",
"UTC",
],
"vm": [
"VMSD time",
"VMSD values are a 6-digit value and a signed/unsigned int at least 9 digits",
"391845,-1777068416",
"UTC",
],
"tiktok": [
"TikTok time",
"TikTok timestamps are 19 digits long",
"7228142017547750661",
"UTC",
],
"twitter": [
"Twitter time",
"Twitter timestamps are 18 digits or longer",
"1653078434443132928",
"UTC",
],
"discord": [
"Discord time",
"Discord timestamps are 18 digits or longer",
"1102608904745127937",
"UTC",
],
"ksalnum": [
"KSUID Alpha-numeric",
"KSUID values are 27 alpha-numeric characters",
"2PChRqPZDwT9m2gBDLd5uy7XNTr",
"UTC",
],
"mastodon": [
"Mastodon time",
"Mastodon timestamps are 18 digits or longer",
"110294727262208000",
"UTC",
],
"metasploit": [
"Metasploit Payload UUID",
"Metasploit Payload UUID's are at least 22 chars and base64 urlsafe encoded",
"4PGoVGYmx8l6F3sVI4Rc8g",
"UTC",
],
"sony": [
"Sonyflake time",
"Sonyflake values are 15 hex characters",
"65dd4bb89000001",
"UTC",
],
"uuid": [
"UUID time",
"UUIDs are in the format 00000000-0000-0000-0000-000000000000",
"d93026f0-e857-11ed-a05b-0242ac120003",
"UTC",
],
"dhcp6": [
"DHCP6 DUID time",
"DHCPv6 DUID values are at least 14 bytes long",
"000100012be2ba8a000000000000",
"UTC",
],
"dotnet": [
"Microsoft .NET DateTime",
".NET DateTime values are 18 digits",
"638185607782857728",
"UTC",
],
"gbound": [
"GMail Boundary time",
"GMail Boundary values are 28 hex chars",
"0000000000001872d105faa59600",
"UTC",
],
"gmsgid": [
"GMail Message ID time",
"GMail Message ID values are 16 hex chars or 19 digits (IMAP)",
"187d878582d00000",
"UTC",
],
"moto": [
"Motorola time",
"Motorola 6-byte hex timestamps are 12 hex characters",
"350501113b26",
"UTC",
],
"nokia": [
"Nokia time",
"Nokia 4-byte hex timestamps are 8 hex characters",
"cdd5880a",
"UTC",
],
"nokiale": [
"Nokia time LE",
"Nokia 4-byte hex timestamps are 8 hex characters",
"0a88d5cd",
"UTC",
],
"ns40": [
"Nokia S40 time",
"Nokia 7-byte hex timestamps are 14 hex characters",
"07e70501113b26",
"UTC",
],
"ns40le": [
"Nokia S40 time LE",
"Nokia 7-byte hex timestamps are 14 hex characters",
"e7070501113b26",
"UTC",
],
"bitdec": [
"Bitwise Decimal time",
"Bitwise Decimal timestamps are 10 digits",
"2121600123",
"Local",
],
"bitdate": [
"BitDate time",
"Samsung/LG BitDate timestamps are 8 hex characters",
"7b0c757e",
"Local",
],
"ksdec": [
"KSUID Decimal",
"KSUID decimal timestamps are 9 digits in length",
"282963978",
"UTC",
],
"exfat": [
"exFAT time",
"exFAT 32-bit timestamps are 8 hex characters (4 bytes)",
"56a18f73",
"Local",
],
"biomehex": [
"Apple Biome hex time",
"Apple Biome Hex value is 8 bytes (16 chars) long",
"41c5001ac5249457",
"UTC",
],
"biome64": [
"Apple Biome 64-bit decimal",
"Apple Biome 64-bit decimal is 19 digits in length",
"4739194297853973591",
"UTC",
],
"s32": [
"S32 Encoded (Bluesky) time",
"S32 encoded (Bluesky) timestamps are 9 characters long",
"3kzgbkpsk",
"UTC",
],
"apache": [
"Apache Cookie Hex time",
"Apache Cookie hex timestamps are 13 hex characters long",
"5faa420b70880",
"UTC",
],
"leb128_hex": [
"LEB128 Hex time",
"LEB128 Hex timestamps are variable-length and even-length",
"8ed1b7b8fd30",
"UTC",
],
"julian_dec": [
"Julian Date decimal value",
"Julian Date decimal values are 7 digits, a decimal, and up to 10 digits",
"2460066.249748678",
"UTC",
],
"julian_hex": [
"Julian Date hex value",
"Julian Date hex values are 14 characters (7 bytes)",
"2589a2ee2dcc6",
"UTC",
],
"semi_octet": [
"Semi-Octet decimal value",
"Semi-Octet decimal values are 12 or 14 digits long",
"325010901034",
"Local",
],
}
__types__ = len(ts_types)
epochs = {
1: dt(1, 1, 1),
1601: dt(1601, 1, 1),
1899: dt(1899, 12, 30),
1904: dt(1904, 1, 1),
1970: dt(1970, 1, 1),
1980: dt(1980, 1, 6),
2000: dt(2000, 1, 1),
2001: dt(2001, 1, 1),
2050: dt(2050, 1, 1),
"hundreds_nano": 10000000,
"nano_2001": 1000000000,
"active": 116444736000000000,
"hfs_dec_sub": 2082844800,
"kstime": 1400000000,
}
# There have been no further leapseconds since 2017,1,1 at the __date__ of this script
# which is why the leapseconds end with a dt.now object to valid/relevant timestamp output.
# See REFERENCES.md for source info.
leapseconds = {
10: [dt(1972, 1, 1), dt(1972, 7, 1)],
11: [dt(1972, 7, 1), dt(1973, 1, 1)],
12: [dt(1973, 1, 1), dt(1974, 1, 1)],
13: [dt(1974, 1, 1), dt(1975, 1, 1)],
14: [dt(1975, 1, 1), dt(1976, 1, 1)],
15: [dt(1976, 1, 1), dt(1977, 1, 1)],
16: [dt(1977, 1, 1), dt(1978, 1, 1)],
17: [dt(1978, 1, 1), dt(1979, 1, 1)],
18: [dt(1979, 1, 1), dt(1980, 1, 1)],
19: [dt(1980, 1, 1), dt(1981, 7, 1)],
20: [dt(1981, 7, 1), dt(1982, 7, 1)],
21: [dt(1982, 7, 1), dt(1983, 7, 1)],
22: [dt(1983, 7, 1), dt(1985, 7, 1)],
23: [dt(1985, 7, 1), dt(1988, 1, 1)],
24: [dt(1988, 1, 1), dt(1990, 1, 1)],
25: [dt(1990, 1, 1), dt(1991, 1, 1)],
26: [dt(1991, 1, 1), dt(1992, 7, 1)],
27: [dt(1992, 7, 1), dt(1993, 7, 1)],
28: [dt(1993, 7, 1), dt(1994, 7, 1)],
29: [dt(1994, 7, 1), dt(1996, 1, 1)],
30: [dt(1996, 1, 1), dt(1997, 7, 1)],
31: [dt(1997, 7, 1), dt(1999, 1, 1)],
32: [dt(1999, 1, 1), dt(2006, 1, 1)],
33: [dt(2006, 1, 1), dt(2009, 1, 1)],
34: [dt(2009, 1, 1), dt(2012, 7, 1)],
35: [dt(2012, 7, 1), dt(2015, 7, 1)],
36: [dt(2015, 7, 1), dt(2017, 1, 1)],
37: [dt(2017, 1, 1), dt.now() - timedelta(seconds=37)],
}
S32_CHARS = "234567abcdefghijklmnopqrstuvwxyz"
def launch_gui():
"""Execute the application"""
td_app = QApplication([__appname__, "windows:darkmode=2"])
icon = QPixmap()
icon.loadFromData(base64.b64decode(__fingerprint__))
td_app.setWindowIcon(QIcon(icon))
td_app.setStyle("Fusion")
td_form = TimeDecodeGui()
td_form.show()
td_app.exec()
def handle(error):
"""Error handling output and formatting to include function causing error"""
exc_type, exc_obj, _ = error
error_tb = traceback.extract_stack()[:-3] + traceback.extract_tb(
exc_obj.__traceback__
)
_, line_no, function_name, _ = error_tb[-1]
print(f"{str(exc_type.__name__)}: {str(exc_obj)} - {function_name} line {line_no}")
def analyze(args):
"""Process arguments and errors"""
all_args = vars(args)
try:
if args.guess:
full_list = from_all(args.guess)
if len(full_list) == 0:
print("[!] No valid dates found. Check your input and try again")
else:
print(
f"[+] Guessing timestamp format for {args.guess}\n"
f"[+] Outputs which do NOT result in a date/time value are NOT displayed\r"
)
if len(full_list) == 1:
dt_text = "date"
else:
dt_text = "dates"
print(f"[+] Displaying {len(full_list)} potential {dt_text}\r")
print(
f"{__red__}[+] Most likely results (+/- 5 years) are highlighted\n{__clr__}"
)
for _, output in enumerate(full_list):
print(f"{full_list[output][1]}")
print("\r")
return
if args.timestamp:
_, ts_outputs = to_timestamps(args.timestamp)
print(
f"\n[+] Converting {args.timestamp} to {len(ts_outputs)} timestamps:\n"
)
for ts_val in ts_outputs:
print(ts_val)
print("\r")
return
if args.gui:
launch_gui()
for arg_passed, _ in single_funcs.items():
if all_args[arg_passed]:
_, indiv_output, _, reason, _ = single_funcs[arg_passed](
all_args[arg_passed]
)
if indiv_output is False:
print(f"[!] {reason}")
else:
print(indiv_output)
return
except Exception:
handle(sys.exc_info())
def from_unix_sec(timestamp):
"""Convert Unix Seconds value to a date"""
ts_type, reason, _, tz_out = ts_types["unix_sec"]
try:
if len(str(timestamp)) != 10 or not timestamp.isdigit():
in_unix_sec = indiv_output = combined_output = False
else:
in_unix_sec = dt.utcfromtimestamp(float(timestamp)).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_unix_sec} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_unix_sec} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_unix_sec = indiv_output = combined_output = False
return in_unix_sec, indiv_output, combined_output, reason, tz_out
def to_unix_sec(dt_val):
"""Convert date to a Unix Seconds value"""
ts_type, _, _, _ = ts_types["unix_sec"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
out_unix_sec = str(int((dt_obj - epochs[1970]).total_seconds()) - int(dt_tz))
ts_output = str(f"{ts_type}:\t\t\t{out_unix_sec}")
except Exception:
handle(sys.exc_info())
out_unix_sec = ts_output = False
return out_unix_sec, ts_output
def from_unix_milli(timestamp):
"""Convert Unix Millisecond value to a date"""
ts_type, reason, _, tz_out = ts_types["unix_milli"]
try:
if len(str(timestamp)) != 13 or not str(timestamp).isdigit():
in_unix_milli = indiv_output = combined_output = False
else:
in_unix_milli = dt.utcfromtimestamp(float(timestamp) / 1000.0).strftime(
__fmt__
)
indiv_output = str(f"{ts_type}: {in_unix_milli} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_unix_milli} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_unix_milli = indiv_output = combined_output = False
return in_unix_milli, indiv_output, combined_output, reason, tz_out
def to_unix_milli(dt_val):
"""Convert date to a Unix Millisecond value"""
ts_type, _, _, _ = ts_types["unix_milli"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
out_unix_milli = str(
int(((dt_obj - epochs[1970]).total_seconds() - int(dt_tz)) * 1000)
)
ts_output = str(f"{ts_type}:\t\t{out_unix_milli}")
except Exception:
handle(sys.exc_info())
out_unix_milli = ts_output = False
return out_unix_milli, ts_output
def from_unix_milli_hex(timestamp):
"""Convert a Unix Millisecond hex value to a date"""
ts_type, reason, _, tz_out = ts_types["unix_milli_hex"]
try:
if len(str(timestamp)) != 12 or not all(
char in hexdigits for char in timestamp
):
in_unix_milli_hex = indiv_output = combined_output = False
else:
unix_mil = int(str(timestamp), 16)
in_unix_milli_hex, _, _, _, _ = from_unix_milli(unix_mil)
indiv_output = str(f"{ts_type}: {in_unix_milli_hex} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_unix_milli_hex} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_unix_milli_hex = indiv_output = combined_output = False
return in_unix_milli_hex, indiv_output, combined_output, reason, tz_out
def to_unix_milli_hex(dt_val):
"""Convert a date to a Unix Millisecond hex value"""
ts_type, _, _, _ = ts_types["unix_milli_hex"]
try:
unix_mil, _ = to_unix_milli(dt_val)
out_unix_milli_hex = f"{int(unix_mil):012x}"
ts_output = str(f"{ts_type}:\t\t{out_unix_milli_hex}")
except Exception:
handle(sys.exc_info())
out_unix_milli_hex = ts_output = False
return out_unix_milli_hex, ts_output
def from_windows_hex_64(timestamp):
"""Convert a Windows 64 Hex Big-Endian value to a date"""
ts_type, reason, _, tz_out = ts_types["windows_hex_64"]
try:
if not len(timestamp) == 16 or not all(char in hexdigits for char in timestamp):
in_windows_hex_64 = indiv_output = combined_output = False
else:
base10_microseconds = int(timestamp, 16) / 10
if base10_microseconds >= 1e17:
in_windows_hex_64 = indiv_output = combined_output = False
else:
dt_obj = epochs[1601] + timedelta(microseconds=base10_microseconds)
in_windows_hex_64 = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_windows_hex_64} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_windows_hex_64} " f"UTC{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_windows_hex_64 = indiv_output = combined_output = False
return in_windows_hex_64, indiv_output, combined_output, reason, tz_out
def to_windows_hex_64(dt_val):
"""Convert a date to a Windows 64 Hex Big-Endian value"""
ts_type, _, _, _ = ts_types["windows_hex_64"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
minus_epoch = dt_obj - epochs[1601]
calc_time = (
minus_epoch.microseconds
+ ((minus_epoch.seconds - int(dt_tz)) * 1000000)
+ (minus_epoch.days * 86400000000)
)
out_windows_hex_64 = str(hex(int(calc_time) * 10))[2:].zfill(16)
ts_output = str(f"{ts_type}:\t\t{out_windows_hex_64}")
except Exception:
handle(sys.exc_info())
out_windows_hex_64 = ts_output = False
return out_windows_hex_64, ts_output
def from_windows_hex_64le(timestamp):
"""Convert a Windows 64 Hex Little-Endian value to a date"""
ts_type, reason, _, tz_out = ts_types["windows_hex_64le"]
try:
if not len(timestamp) == 16 or not all(char in hexdigits for char in timestamp):
in_windows_hex_le = indiv_output = combined_output = False
else:
indiv_output = combined_output = False
endianness_change = int.from_bytes(
struct.pack("= 1e17:
in_windows_hex_le = indiv_output = combined_output = False
else:
dt_obj = epochs[1601] + timedelta(microseconds=converted_time)
in_windows_hex_le = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_windows_hex_le} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_windows_hex_le} " f"UTC{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_windows_hex_le = indiv_output = combined_output = False
return in_windows_hex_le, indiv_output, combined_output, reason, tz_out
def to_windows_hex_64le(dt_val):
"""Convert a date to a Windows 64 Hex Little-Endian value"""
ts_type, _, _, _ = ts_types["windows_hex_64le"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
minus_epoch = dt_obj - epochs[1601]
calc_time = (
minus_epoch.microseconds
+ ((minus_epoch.seconds - int(dt_tz)) * 1000000)
+ (minus_epoch.days * 86400000000)
)
out_windows_hex_le = str(struct.pack(" 6
or len(nano_seconds) == 6
):
chrome_time = str(chrome_time).replace(
str(chrome_time).split(".")[1], str(micro_seconds).zfill(6)
)
out_chrome = str(chrome_time).replace(".", "")
else:
out_chrome = str(int(chrome_time * 1000000))
ts_output = str(f"{ts_type}:\t\t\t{out_chrome}")
except Exception:
handle(sys.exc_info())
out_chrome = ts_output = False
return out_chrome, ts_output
def from_ad(timestamp):
"""Convert an Active Directory/LDAP timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["ad"]
try:
if not len(timestamp) == 18 or not timestamp.isdigit():
in_ad = indiv_output = combined_output = False
else:
val_check = (
float(int(timestamp) - epochs["active"]) / epochs["hundreds_nano"]
)
if val_check < 0 or val_check > 32536850399:
in_ad = indiv_output = combined_output = False
else:
dt_obj = dt.utcfromtimestamp(val_check)
in_ad = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_ad} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_ad} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_ad = indiv_output = combined_output = False
return in_ad, indiv_output, combined_output, reason, tz_out
def to_ad(dt_val):
"""Convert a date to an Active Directory/LDAP timestamp"""
ts_type, _, _, _ = ts_types["ad"]
try:
nano_seconds = ""
if "." in dt_val:
nano_seconds = dt_val.split(".")[1].split(" ")[0]
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
dt_obj = duparser.parse(dt_val, ignoretz=True)
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
if len(nano_seconds) == 7:
dt_obj = dt_obj.replace(microsecond=0)
nano_seconds = int(nano_seconds)
elif len(nano_seconds) > 7:
dt_obj = dt_obj.replace(microsecond=0)
nano_seconds = int(nano_seconds[: -(len(nano_seconds) - 7)])
elif len(nano_seconds) == 6 or (
len(nano_seconds) == 5 and len(str(dt_obj.microsecond)) == 6
):
nano_seconds = dt_obj.microsecond * 10
dt_obj = dt_obj.replace(microsecond=0)
else:
nano_seconds = 0
tz_shift = (
int(
((dt_obj - epochs[1970]).total_seconds() - int(dt_tz))
* epochs["hundreds_nano"]
)
+ nano_seconds
)
out_adtime = str(int(tz_shift) + int(epochs["active"]))
ts_output = str(f"{ts_type}:\t\t{out_adtime}")
except Exception:
handle(sys.exc_info())
out_adtime = ts_output = False
return out_adtime, ts_output
def from_unix_hex_32be(timestamp):
"""Convert a Unix Hex 32-bit Big-Endian timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["unix_hex_32be"]
try:
if not len(timestamp) == 8 or not all(char in hexdigits for char in timestamp):
in_unix_hex_32 = indiv_output = combined_output = False
else:
to_dec = int(timestamp, 16)
in_unix_hex_32 = dt.utcfromtimestamp(float(to_dec)).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_unix_hex_32} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_unix_hex_32} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_unix_hex_32 = indiv_output = combined_output = False
return in_unix_hex_32, indiv_output, combined_output, reason, tz_out
def to_unix_hex_32be(dt_val):
"""Convert a date to a Unix Hex 32-bit Big-Endian timestamp"""
ts_type, _, _, _ = ts_types["unix_hex_32be"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
unix_time = int((dt_obj - epochs[1970]).total_seconds() - int(dt_tz))
out_unix_hex_32 = str(struct.pack(">L", unix_time).hex())
ts_output = str(f"{ts_type}:\t\t{out_unix_hex_32}")
except Exception:
handle(sys.exc_info())
out_unix_hex_32 = ts_output = False
return out_unix_hex_32, ts_output
def from_unix_hex_32le(timestamp):
"""Convert a Unix Hex 32-bit Little-Endian timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["unix_hex_32le"]
try:
if not len(timestamp) == 8 or not all(char in hexdigits for char in timestamp):
in_unix_hex_32le = indiv_output = combined_output = False
else:
to_dec = int.from_bytes(struct.pack("= 1e11:
in_cookie = indiv_output = combined_output = False
else:
dt_obj = dt.utcfromtimestamp(calc)
in_cookie = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_cookie} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_cookie} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_cookie = indiv_output = combined_output = False
return in_cookie, indiv_output, combined_output, reason, tz_out
def to_cookie(dt_val):
"""Convert a date to Internet Explorer timestamp values"""
ts_type, _, _, _ = ts_types["cookie"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
unix_time = int((dt_obj - epochs[1970]).total_seconds() - int(dt_tz))
high = int(((unix_time + 11644473600) * 10**7) / 2**32)
low = int((unix_time + 11644473600) * 10**7) - (high * 2**32)
out_cookie = f"{str(low)},{str(high)}"
ts_output = str(f"{ts_type}:\t\t{out_cookie}")
except Exception:
handle(sys.exc_info())
out_cookie = ts_output = False
return out_cookie, ts_output
def from_ole_be(timestamp):
"""Convert an OLE Big-Endian timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["ole_be"]
try:
if not len(timestamp) == 16 or not all(char in hexdigits for char in timestamp):
in_ole_be = indiv_output = combined_output = False
else:
delta = struct.unpack(">d", struct.pack(">Q", int(timestamp, 16)))[0]
if delta != delta or int(delta) < 0 or delta > 2e6:
in_ole_be = indiv_output = combined_output = False
else:
dt_obj = epochs[1899] + timedelta(days=delta)
in_ole_be = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_ole_be} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t{in_ole_be} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_ole_be = indiv_output = combined_output = False
return in_ole_be, indiv_output, combined_output, reason, tz_out
def to_ole_be(dt_val):
"""Convert a date to an OLE Big-Endian timestamp"""
ts_type, _, _, _ = ts_types["ole_be"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
delta = ((dt_obj - epochs[1899]).total_seconds() - int(dt_tz)) / 86400
conv = struct.unpack("Q", conv).hex())
ts_output = str(f"{ts_type}:\t{out_ole_be}")
except Exception:
handle(sys.exc_info())
out_ole_be = ts_output = False
return out_ole_be, ts_output
def from_ole_le(timestamp):
"""Convert an OLE Little-Endian timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["ole_le"]
try:
if not len(timestamp) == 16 or not all(char in hexdigits for char in timestamp):
in_ole_le = indiv_output = combined_output = False
else:
to_le = hex(int.from_bytes(struct.pack("d", struct.pack(">Q", int(to_le[2:], 16)))[0]
if delta != delta or int(delta) < 0 or int(delta) > 99999:
in_ole_le = indiv_output = combined_output = False
else:
dt_obj = epochs[1899] + timedelta(days=delta)
in_ole_le = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_ole_le} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t{in_ole_le} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_ole_le = indiv_output = combined_output = False
return in_ole_le, indiv_output, combined_output, reason, tz_out
def to_ole_le(dt_val):
"""Convert a date to an OLE Little-Endian timestamp"""
ts_type, _, _, _ = ts_types["ole_le"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
delta = ((dt_obj - epochs[1899]).total_seconds() - int(dt_tz)) / 86400
conv = struct.unpack(" 4294967295:
out_hfs_be = "[!] Timestamp Boundary Exceeded [!]"
else:
out_hfs_be = f"{conv:08x}"
ts_output = str(f"{ts_type}:\t\t{out_hfs_be}")
except Exception:
handle(sys.exc_info())
out_hfs_be = ts_output = False
return out_hfs_be, ts_output
def from_hfs_le(timestamp):
"""Convert an HFS/HFS+ Little-Endian timestamp to a date (HFS+ is in UTC)"""
ts_type, reason, _, tz_out = ts_types["hfs_le"]
try:
if not len(timestamp) == 8 or not all(char in hexdigits for char in timestamp):
in_hfs_le = indiv_output = combined_output = False
else:
to_le = struct.unpack(">I", struct.pack(" 4294967295:
out_hfs_le = "[!] Timestamp Boundary Exceeded [!]"
else:
out_hfs_le = str(struct.pack("I", int(year + month + day + hour + minute + seconds, 2)
).hex()
)
byte_swap = "".join([to_hex[i : i + 2] for i in range(0, len(to_hex), 2)][::-1])
out_fat = "".join(
[byte_swap[i : i + 4] for i in range(0, len(byte_swap), 4)][::-1]
)
ts_output = str(f"{ts_type}:\t\t{out_fat}")
except Exception:
handle(sys.exc_info())
out_fat = ts_output = False
return out_fat, ts_output
def from_msdos(timestamp):
"""Convert an MS-DOS timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["msdos"]
try:
if not len(timestamp) == 8 or not all(char in hexdigits for char in timestamp):
in_msdos = indiv_output = combined_output = False
else:
swap = "".join(
[timestamp[i : i + 2] for i in range(0, len(timestamp), 2)][::-1]
)
binary = f"{int(swap, 16):032b}"
stamp = [
binary[:7],
binary[7:11],
binary[11:16],
binary[16:21],
binary[21:27],
binary[27:32],
]
for val in stamp[:]:
dec = int(val, 2)
stamp.remove(val)
stamp.append(dec)
dos_year = stamp[0] + 1980
dos_month = stamp[1]
dos_day = stamp[2]
dos_hour = stamp[3]
dos_min = stamp[4]
dos_sec = stamp[5] * 2
if (
dos_year not in range(1970, 2100)
or dos_month not in range(1, 13)
or dos_day not in range(1, 32)
or dos_hour not in range(0, 24)
or dos_min not in range(0, 60)
or dos_sec not in range(0, 60)
or dos_day not in range(1, monthrange(dos_year, dos_month)[1])
):
in_msdos = indiv_output = combined_output = False
else:
dt_obj = dt(dos_year, dos_month, dos_day, dos_hour, dos_min, dos_sec)
in_msdos = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_msdos} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t{in_msdos} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_msdos = indiv_output = combined_output = False
return in_msdos, indiv_output, combined_output, reason, tz_out
def to_msdos(dt_val):
"""Convert a date to an MS-DOS timestamp"""
ts_type, _, _, _ = ts_types["msdos"]
try:
dt_obj = duparser.parse(dt_val)
year = f"{(dt_obj.year - 1980):07b}"
month = f"{dt_obj.month:04b}"
day = f"{dt_obj.day:05b}"
hour = f"{dt_obj.hour:05b}"
minute = f"{dt_obj.minute:06b}"
seconds = f"{int(dt_obj.second / 2):05b}"
hexval = str(
struct.pack(
">I", int(year + month + day + hour + minute + seconds, 2)
).hex()
)
out_msdos = "".join([hexval[i : i + 2] for i in range(0, len(hexval), 2)][::-1])
ts_output = str(f"{ts_type}:\t{out_msdos}")
except Exception:
handle(sys.exc_info())
out_msdos = ts_output = False
return out_msdos, ts_output
def from_exfat(timestamp):
"""Convert an exFAT timestamp (LE) to a date"""
ts_type, reason, _, tz_out = ts_types["exfat"]
try:
if not len(timestamp) == 8 or not all(char in hexdigits for char in timestamp):
in_exfat = indiv_output = combined_output = False
else:
binary = f"{int(timestamp, 16):032b}"
stamp = [
binary[:7],
binary[7:11],
binary[11:16],
binary[16:21],
binary[21:27],
binary[27:32],
]
for val in stamp[:]:
dec = int(val, 2)
stamp.remove(val)
stamp.append(dec)
exfat_year = stamp[0] + 1980
exfat_month = stamp[1]
exfat_day = stamp[2]
exfat_hour = stamp[3]
exfat_min = stamp[4]
exfat_sec = stamp[5] * 2
if (
exfat_year not in range(1970, 2100)
or exfat_month not in range(1, 13)
or exfat_day not in range(1, 32)
or exfat_hour not in range(0, 24)
or exfat_min not in range(0, 60)
or exfat_sec not in range(0, 60)
or exfat_day not in range(1, monthrange(exfat_year, exfat_month)[1])
):
in_exfat = indiv_output = combined_output = False
else:
dt_obj = dt(
exfat_year, exfat_month, exfat_day, exfat_hour, exfat_min, exfat_sec
)
in_exfat = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_exfat} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_exfat} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_exfat = indiv_output = combined_output = False
return in_exfat, indiv_output, combined_output, reason, tz_out
def to_exfat(dt_val):
"""Convert a date to an exFAT timestamp (LE)"""
ts_type, _, _, _ = ts_types["exfat"]
try:
dt_obj = duparser.parse(dt_val)
year = f"{(dt_obj.year - 1980):07b}"
month = f"{dt_obj.month:04b}"
day = f"{dt_obj.day:05b}"
hour = f"{dt_obj.hour:05b}"
minute = f"{dt_obj.minute:06b}"
seconds = f"{int(dt_obj.second / 2):05b}"
out_exfat = str(
struct.pack(
">I", int(year + month + day + hour + minute + seconds, 2)
).hex()
)
ts_output = str(f"{ts_type}:\t\t\t{out_exfat}")
except Exception:
handle(sys.exc_info())
out_exfat = ts_output = False
return out_exfat, ts_output
def from_systemtime(timestamp):
"""Convert a Microsoft 128-bit SYSTEMTIME timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["systemtime"]
try:
if not len(timestamp) == 32 or not all(char in hexdigits for char in timestamp):
in_systemtime = indiv_output = combined_output = False
else:
to_le = "".join(
[timestamp[i : i + 2] for i in range(0, len(timestamp), 2)][::-1]
)
converted = [to_le[i : i + 4] for i in range(0, len(to_le), 4)][::-1]
stamp = []
for i in converted:
dec = int(i, 16)
stamp.append(dec)
if (stamp[0] > 3000) or (stamp[1] > 12) or (stamp[2] > 31):
in_systemtime = indiv_output = combined_output = False
else:
dt_obj = dt(
stamp[0],
stamp[1],
stamp[3],
stamp[4],
stamp[5],
stamp[6],
stamp[7] * 1000,
)
in_systemtime = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_systemtime} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t{in_systemtime} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_systemtime = indiv_output = combined_output = False
return in_systemtime, indiv_output, combined_output, reason, tz_out
def to_systemtime(dt_val):
"""Convert a date to a Microsoft 128-bit SYSTEMTIME timestamp"""
ts_type, _, _, _ = ts_types["systemtime"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
micro = int(dt_obj.microsecond / 1000)
tz_shift = dt_obj.timestamp() - int(dt_tz)
add_micro = (tz_shift * 1000) + micro
convert_to_seconds = add_micro / 1000
new_dt_obj = dt.fromtimestamp(convert_to_seconds)
full_date = new_dt_obj.strftime("%Y, %m, %w, %d, %H, %M, %S, " + str(micro))
stamp = []
for val in full_date.split(","):
to_hex = int(
hex(int.from_bytes(struct.pack("Q", struct.pack(">LL", part1, part2))[0]
if converted_time >= 1e18:
in_filetime = indiv_output = combined_output = False
else:
dt_obj = dt.utcfromtimestamp(
float(converted_time - epochs["active"]) / epochs["hundreds_nano"]
)
in_filetime = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_filetime} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t{in_filetime} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_filetime = indiv_output = combined_output = False
return in_filetime, indiv_output, combined_output, reason, tz_out
def to_filetime(dt_val):
"""Convert a date to a Microsoft FILETIME timestamp"""
ts_type, _, _, _ = ts_types["filetime"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
minus_epoch = dt_obj - epochs[1601]
calc_time = (
minus_epoch.microseconds
+ ((minus_epoch.seconds - int(dt_tz)) * 1000000)
+ (minus_epoch.days * 86400000000)
)
indiv_output = str(struct.pack(">Q", int(calc_time * 10)).hex())
out_filetime = f"{str(indiv_output[8:])}:{str(indiv_output[:8])}"
ts_output = str(f"{ts_type}:\t{out_filetime}")
except Exception:
handle(sys.exc_info())
out_filetime = ts_output = False
return out_filetime, ts_output
def from_hotmail(timestamp):
"""Convert a Microsoft Hotmail timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["hotmail"]
try:
if ":" not in timestamp or not (
all(char in hexdigits for char in timestamp[0:8])
and all(char in hexdigits for char in timestamp[9:])
):
in_hotmail = indiv_output = combined_output = False
else:
hm_repl = timestamp.replace(":", "")
byte_swap = "".join(
[hm_repl[i : i + 2] for i in range(0, len(hm_repl), 2)][::-1]
)
part2 = int(byte_swap[:8], base=16)
part1 = int(byte_swap[8:], base=16)
converted_time = struct.unpack(">Q", struct.pack(">LL", part1, part2))[0]
if converted_time >= 1e18:
in_hotmail = indiv_output = combined_output = False
else:
dt_obj = dt.utcfromtimestamp(
float(converted_time - epochs["active"]) / epochs["hundreds_nano"]
)
in_hotmail = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_hotmail} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_hotmail} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_hotmail = indiv_output = combined_output = False
return in_hotmail, indiv_output, combined_output, reason, tz_out
def to_hotmail(dt_val):
"""Convert a date to a Microsoft Hotmail timestamp"""
ts_type, _, _, _ = ts_types["hotmail"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
minus_epoch = dt_obj - epochs[1601]
calc_time = (
minus_epoch.microseconds
+ ((minus_epoch.seconds - int(dt_tz)) * 1000000)
+ (minus_epoch.days * 86400000000)
)
indiv_output = str(struct.pack(">Q", int(calc_time * 10)).hex())
byte_swap = "".join(
[indiv_output[i : i + 2] for i in range(0, len(indiv_output), 2)][::-1]
)
out_hotmail = f"{str(byte_swap[8:])}:{str(byte_swap[:8])}"
ts_output = str(f"{ts_type}:\t\t{out_hotmail}")
except Exception:
handle(sys.exc_info())
out_hotmail = ts_output = False
return out_hotmail, ts_output
def from_prtime(timestamp):
"""Convert a Mozilla PRTime timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["prtime"]
try:
if not len(timestamp) == 16 or not timestamp.isdigit():
in_prtime = indiv_output = combined_output = False
else:
dt_obj = epochs[1970] + timedelta(microseconds=int(timestamp))
in_prtime = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_prtime} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_prtime} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_prtime = indiv_output = combined_output = False
return in_prtime, indiv_output, combined_output, reason, tz_out
def to_prtime(dt_val):
"""Convert a date to Mozilla's PRTime timestamp"""
ts_type, _, _, _ = ts_types["prtime"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
out_prtime = str(
int(((dt_obj - epochs[1970]).total_seconds() - int(dt_tz)) * 1000000)
)
ts_output = str(f"{ts_type}:\t\t\t{out_prtime}")
except Exception:
handle(sys.exc_info())
out_prtime = ts_output = False
return out_prtime, ts_output
def from_ole_auto(timestamp):
"""Convert an OLE Automation timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["ole_auto"]
try:
if (
"." not in timestamp
or not (
(len(timestamp.split(".")[0]) == 5)
and (len(timestamp.split(".")[1]) in range(9, 13))
)
or not "".join(timestamp.split(".")).isdigit()
):
in_ole_auto = indiv_output = combined_output = False
else:
dt_obj = epochs[1899] + timedelta(days=float(timestamp))
in_ole_auto = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_ole_auto} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_ole_auto} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_ole_auto = indiv_output = combined_output = False
return in_ole_auto, indiv_output, combined_output, reason, tz_out
def to_ole_auto(dt_val):
"""Convert a date to an OLE Automation timestamp"""
ts_type, _, _, _ = ts_types["ole_auto"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
ole_ts = ((dt_obj - epochs[1899]).total_seconds() - int(dt_tz)) / 86400
out_ole_auto = f"{ole_ts:.12f}"
ts_output = str(f"{ts_type}:\t\t{out_ole_auto}")
except Exception:
handle(sys.exc_info())
out_ole_auto = ts_output = False
return out_ole_auto, ts_output
def from_ms1904(timestamp):
"""Convert a Microsoft Excel 1904 timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["ms1904"]
try:
if (
"." not in timestamp
or not (
(len(timestamp.split(".")[0]) == 5)
and (len(timestamp.split(".")[1]) in range(9, 13))
)
or not "".join(timestamp.split(".")).isdigit()
):
in_ms1904 = indiv_output = combined_output = False
else:
dt_obj = epochs[1904] + timedelta(days=float(timestamp))
in_ms1904 = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_ms1904} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_ms1904} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_ms1904 = indiv_output = combined_output = False
return in_ms1904, indiv_output, combined_output, reason, tz_out
def to_ms1904(dt_val):
"""Convert a date to a Microsoft Excel 1904 timestamp"""
ts_type, _, _, _ = ts_types["ms1904"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
ms1904_ts = ((dt_obj - epochs[1904]).total_seconds() - int(dt_tz)) / 86400
out_ms1904 = f"{ms1904_ts:.12f}"
ts_output = str(f"{ts_type}:\t\t{out_ms1904}")
except Exception:
handle(sys.exc_info())
out_ms1904 = ts_output = False
return out_ms1904, ts_output
def to_iostime(dt_val):
"""Convert a date to an iOS 11 timestamp"""
ts_type, _, _, _ = ts_types["iostime"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
out_iostime = str(
int(
((dt_obj - epochs[2001]).total_seconds() - int(dt_tz))
* epochs["nano_2001"]
)
)
if int(out_iostime) < 0:
out_iostime = "[!] Timestamp Boundary Exceeded [!]"
ts_output = str(f"{ts_type}:\t\t{out_iostime}")
except Exception:
handle(sys.exc_info())
out_iostime = ts_output = False
return out_iostime, ts_output
def from_symtime(timestamp):
"""Convert a Symantec 6-byte hex timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["symtime"]
try:
if not len(timestamp) == 12 or not all(char in hexdigits for char in timestamp):
in_symtime = indiv_output = combined_output = False
else:
hex_to_dec = [
int(timestamp[i : i + 2], 16) for i in range(0, len(timestamp), 2)
]
hex_to_dec[0] = hex_to_dec[0] + 1970
hex_to_dec[1] = hex_to_dec[1] + 1
if hex_to_dec[1] not in range(1, 13):
in_symtime = indiv_output = combined_output = False
else:
dt_obj = dt(
hex_to_dec[0],
hex_to_dec[1],
hex_to_dec[2],
hex_to_dec[3],
hex_to_dec[4],
hex_to_dec[5],
)
in_symtime = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_symtime}")
combined_output = str(f"{__red__}{ts_type}:\t\t{in_symtime} {tz_out}{__clr__}")
except Exception:
handle(sys.exc_info())
in_symtime = indiv_output = combined_output = False
return in_symtime, indiv_output, combined_output, reason, tz_out
def to_symtime(dt_val):
"""Convert a date to Symantec's 6-byte hex timestamp"""
ts_type, _, _, _ = ts_types["symtime"]
try:
dt_obj = duparser.parse(dt_val)
sym_year = f"{(dt_obj.year - 1970):02x}"
sym_month = f"{(dt_obj.month - 1):02x}"
sym_day = f"{(dt_obj.day):02x}"
sym_hour = f"{(dt_obj.hour):02x}"
sym_minute = f"{(dt_obj.minute):02x}"
sym_second = f"{(dt_obj.second):02x}"
out_symtime = (
f"{sym_year}{sym_month}{sym_day}{sym_hour}{sym_minute}{sym_second}"
)
ts_output = str(f"{ts_type}:\t\t{out_symtime}")
except Exception:
handle(sys.exc_info())
out_symtime = ts_output = False
return out_symtime, ts_output
def from_gpstime(timestamp):
"""Convert a GPS timestamp to a date (involves leap seconds)"""
ts_type, reason, _, tz_out = ts_types["gpstime"]
try:
if not len(timestamp) == 10 or not timestamp.isdigit():
in_gpstime = indiv_output = combined_output = False
else:
gps_stamp = epochs[1980] + timedelta(seconds=float(timestamp))
tai_convert = gps_stamp + timedelta(seconds=19)
epoch_convert = (tai_convert - epochs[1970]).total_seconds()
check_date = dt.utcfromtimestamp(epoch_convert)
for entry in leapseconds:
check = date_range(
leapseconds.get(entry)[0], leapseconds.get(entry)[1], check_date
)
if check is True:
variance = entry
else:
variance = 0
gps_out = check_date - timedelta(seconds=variance)
in_gpstime = gps_out.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_gpstime}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_gpstime} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_gpstime = indiv_output = combined_output = False
return in_gpstime, indiv_output, combined_output, reason, tz_out
def to_gpstime(dt_val):
"""Convert a date to a GPS timestamp (involves leap seconds)"""
ts_type, _, _, _ = ts_types["gpstime"]
try:
check_date = duparser.parse(dt_val)
if hasattr(check_date.tzinfo, "_offset"):
dt_tz = check_date.tzinfo._offset.total_seconds()
check_date = duparser.parse(dt_val, ignoretz=True)
else:
dt_tz = 0
check_date = duparser.parse(dt_val, ignoretz=True)
for entry in leapseconds:
check = date_range(
leapseconds.get(entry)[0], leapseconds.get(entry)[1], check_date
)
if check is True:
variance = entry
else:
variance = 0
leap_correction = check_date + timedelta(seconds=variance)
epoch_shift = leap_correction - epochs[1970]
gps_stamp = (
dt.utcfromtimestamp(epoch_shift.total_seconds()) - epochs[1980]
).total_seconds() - 19
gps_stamp = int(gps_stamp) - int(dt_tz)
out_gpstime = str(gps_stamp)
ts_output = str(f"{ts_type}:\t\t\t{out_gpstime}")
except Exception:
handle(sys.exc_info())
out_gpstime = ts_output = False
return out_gpstime, ts_output
def from_eitime(timestamp):
"""Convert a Google ei URL timestamp"""
ts_type, reason, _, tz_out = ts_types["eitime"]
try:
urlsafe_chars = (
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890=-_"
)
if not all(char in urlsafe_chars for char in timestamp):
in_eitime = indiv_output = combined_output = False
else:
padding_check = len(timestamp) % 4
if padding_check != 0:
padding_reqd = 4 - padding_check
result_eitime = timestamp + (padding_reqd * "=")
else:
result_eitime = timestamp
try:
decoded_eitime = base64.urlsafe_b64decode(result_eitime).hex()[:8]
unix_ts = int.from_bytes(
struct.pack(" 0:
tz_out = f"{tz_out}+{str(dt_tz)}"
else:
tz_out = f"{tz_out}{str(dt_tz)}"
in_gsm = str(
dt(dt_year, dt_month, dt_day, dt_hour, dt_min, dt_sec).strftime(__fmt__)
)
indiv_output = str(f"{ts_type}: {in_gsm}")
combined_output = str(f"{__red__}{ts_type}:\t\t\t{in_gsm}{__clr__}")
except ValueError:
in_gsm = indiv_output = combined_output = False
except Exception:
handle(sys.exc_info())
in_gsm = indiv_output = combined_output = False
return in_gsm, indiv_output, combined_output, reason, tz_out
def to_gsm(dt_val):
"""Convert a timestamp to a GSM timestamp"""
ts_type, _, _, _ = ts_types["gsm"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
if dt_tz == 0:
hex_tz = f"{0:02d}"
elif dt_tz < 0:
dt_tz = dt_tz / 3600
conversion = str(f"{(int(abs(dt_tz)) * 4):02d}")
conv_list = list(conversion)
high_order = f"{int(conv_list[0]):04b}"
low_order = f"{int(conv_list[1]):04b}"
high_order = f"{(int(high_order, 2) + 8):04b}"
hex_tz = hex(int((high_order + low_order), 2)).lstrip("0x").upper()
else:
dt_tz = dt_tz / 3600
conversion = str(int(dt_tz) * 4).zfill(2)
conv_list = list(conversion)
high_order = f"{int(conv_list[0]):04b}"
low_order = f"{int(conv_list[1]):04b}"
hex_tz = hex(int((high_order + low_order), 2)).lstrip("0x").upper()
date_list = [
f"{(dt_obj.year - 2000):02d}",
f"{dt_obj.month:02d}",
f"{dt_obj.day:02d}",
f"{dt_obj.hour:02d}",
f"{dt_obj.minute:02d}",
f"{dt_obj.second:02d}",
hex_tz,
]
date_value_swap = []
for value in date_list[:]:
b_endian = value[::-1]
date_value_swap.append(b_endian)
out_gsm = "".join(date_value_swap)
ts_output = str(f"{ts_type}:\t\t\t{out_gsm}")
except Exception:
handle(sys.exc_info())
out_gsm = ts_output = False
return out_gsm, ts_output
def from_vm(timestamp):
"""Convert from a .vmsd createTimeHigh/createTimeLow timestamp"""
ts_type, reason, _, tz_out = ts_types["vm"]
try:
if "," not in timestamp:
in_vm = indiv_output = combined_output = False
else:
create_time_high = int(timestamp.split(",")[0])
create_time_low = int(timestamp.split(",")[1])
vmsd = (
float(
(create_time_high * 2**32)
+ struct.unpack("I", struct.pack("i", create_time_low))[0]
)
/ 1000000
)
if vmsd >= 1e13:
in_vm = indiv_output = combined_output = False
else:
in_vm = dt.utcfromtimestamp(vmsd).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_vm}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_vm} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_vm = indiv_output = combined_output = False
return in_vm, indiv_output, combined_output, reason, tz_out
def to_vm(dt_val):
"""Convert date to a .vmsd createTime* value"""
ts_type, _, _, _ = ts_types["vm"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
unix_seconds = (
int((dt_obj - epochs[1970]).total_seconds() - int(dt_tz)) * 1000000
)
create_time_high = int(float(unix_seconds) / 2**32)
unpacked_int = unix_seconds - (create_time_high * 2**32)
create_time_low = struct.unpack("i", struct.pack("I", unpacked_int))[0]
out_vm = f"{str(create_time_high)},{str(create_time_low)}"
ts_output = str(f"{ts_type}:\t\t\t{out_vm}")
except Exception:
handle(sys.exc_info())
out_vm = ts_output = False
return out_vm, ts_output
def from_tiktok(timestamp):
"""Convert a TikTok URL value to a date/time"""
ts_type, reason, _, tz_out = ts_types["tiktok"]
try:
if len(str(timestamp)) < 19 or not timestamp.isdigit():
in_tiktok = indiv_output = combined_output = False
else:
unix_ts = int(timestamp) >> 32
if unix_ts > 32536850399:
in_tiktok = indiv_output = combined_output = False
else:
in_tiktok = dt.utcfromtimestamp(float(unix_ts)).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_tiktok}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_tiktok} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_tiktok = indiv_output = combined_output = False
return in_tiktok, indiv_output, combined_output, reason, tz_out
def from_twitter(timestamp):
"""Convert a Twitter URL value to a date/time"""
ts_type, reason, _, tz_out = ts_types["twitter"]
try:
if len(str(timestamp)) < 18 or not timestamp.isdigit():
in_twitter = indiv_output = combined_output = False
else:
unix_ts = (int(timestamp) >> 22) + 1288834974657
if unix_ts > 32536850399:
in_twitter = indiv_output = combined_output = False
else:
in_twitter = dt.utcfromtimestamp(float(unix_ts) / 1000.0).strftime(
__fmt__
)
indiv_output = str(f"{ts_type}: {in_twitter}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_twitter} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_twitter = indiv_output = combined_output = False
return in_twitter, indiv_output, combined_output, reason, tz_out
def from_discord(timestamp):
"""Convert a Discord URL value to a date/time"""
ts_type, reason, _, tz_out = ts_types["discord"]
try:
if len(str(timestamp)) < 18 or not timestamp.isdigit():
in_discord = indiv_output = combined_output = False
else:
unix_ts = (int(timestamp) >> 22) + 1420070400000
if unix_ts > 32536850399:
in_discord = indiv_output = combined_output = False
else:
in_discord = dt.utcfromtimestamp(float(unix_ts) / 1000.0).strftime(
__fmt__
)
indiv_output = str(f"{ts_type}: {in_discord}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_discord} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_discord = indiv_output = combined_output = False
return in_discord, indiv_output, combined_output, reason, tz_out
def from_ksalnum(timestamp):
"""Extract a timestamp from a KSUID alpha-numeric value"""
ts_type, reason, _, tz_out = ts_types["ksalnum"]
try:
ksalnum_chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
if len(str(timestamp)) != 27 or not all(
char in ksalnum_chars for char in timestamp
):
in_ksalnum = indiv_output = combined_output = False
else:
length, i, variation = len(timestamp), 0, 0
b_array = bytearray()
for val in timestamp:
variation += ksalnum_chars.index(val) * (62 ** (length - (i + 1)))
i += 1
while variation > 0:
b_array.append(variation & 0xFF)
variation //= 256
b_array.reverse()
ts_bytes = bytes(b_array)[0:4]
unix_ts = int.from_bytes(ts_bytes, "big", signed=False) + 1400000000
in_ksalnum = dt.utcfromtimestamp(float(unix_ts)).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_ksalnum}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_ksalnum} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_ksalnum = indiv_output = combined_output = False
return in_ksalnum, indiv_output, combined_output, reason, tz_out
def from_mastodon(timestamp):
"""Convert a Mastodon value to a date/time"""
ts_type, reason, _, tz_out = ts_types["mastodon"]
try:
if len(str(timestamp)) < 18 or not timestamp.isdigit():
in_mastodon = indiv_output = combined_output = False
else:
ts_conversion = int(timestamp) >> 16
unix_ts = float(ts_conversion) / 1000.0
if int(unix_ts) > 32536850399:
# This is the Windows maximum for parsing a unix TS
# and is 3001-01-19 21:29:59 UTC
in_mastodon = indiv_output = combined_output = False
else:
in_mastodon = dt.utcfromtimestamp(unix_ts).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_mastodon}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_mastodon} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_mastodon = indiv_output = combined_output = False
return in_mastodon, indiv_output, combined_output, reason, tz_out
def to_mastodon(dt_val):
"""Convert a date/time to a Mastodon value"""
ts_type, _, _, _ = ts_types["mastodon"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
unix_seconds = int((dt_obj - epochs[1970]).total_seconds() - int(dt_tz)) * 1000
bit_shift = unix_seconds << 16
out_mastodon = f"{str(bit_shift)}"
ts_output = str(f"{ts_type}:\t\t\t{out_mastodon}")
except Exception:
handle(sys.exc_info())
out_mastodon = ts_output = False
return out_mastodon, ts_output
def from_metasploit(timestamp):
"""Convert a Metasploit Payload UUID value to a date/time"""
ts_type, reason, _, tz_out = ts_types["metasploit"]
try:
urlsafe_chars = (
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890=-_"
)
meta_format = "8sBBBBBBBB"
if len(str(timestamp)) < 22 or not all(
char in urlsafe_chars for char in timestamp
):
in_metasploit = indiv_output = combined_output = False
else:
b64decoded = base64.urlsafe_b64decode(timestamp[0:22] + "==")
if len(b64decoded) < struct.calcsize(meta_format):
raise Exception
(
_,
xor1,
xor2,
_,
_,
ts1_xored,
ts2_xored,
ts3_xored,
ts4_xored,
) = struct.unpack(meta_format, b64decoded)
unix_ts = struct.unpack(
">I",
bytes(
[
ts1_xored ^ xor1,
ts2_xored ^ xor2,
ts3_xored ^ xor1,
ts4_xored ^ xor2,
]
),
)[0]
in_metasploit = dt.utcfromtimestamp(float(unix_ts)).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_metasploit}")
combined_output = str(
f"{__red__}{ts_type}:\t{in_metasploit} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_metasploit = indiv_output = combined_output = False
return in_metasploit, indiv_output, combined_output, reason, tz_out
def from_sony(timestamp):
"""Convert a Sonyflake value to a date/time"""
ts_type, reason, _, tz_out = ts_types["sony"]
try:
if len(str(timestamp)) != 15 or not all(
char in hexdigits for char in timestamp
):
in_sony = indiv_output = combined_output = False
else:
dec_value = int(timestamp, 16)
ts_value = dec_value >> 24
unix_ts = (ts_value + 140952960000) * 10
in_sony = dt.utcfromtimestamp(float(unix_ts) / 1000.0).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_sony}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_sony} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_sony = indiv_output = combined_output = False
return in_sony, indiv_output, combined_output, reason, tz_out
def from_uuid(timestamp):
"""Convert a UUID value to date/time"""
ts_type, reason, _, tz_out = ts_types["uuid"]
try:
uuid_lower = timestamp.lower()
uuid_regex = re.compile(
"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
)
if not bool(uuid_regex.match(uuid_lower)):
in_uuid = indiv_output = combined_output = False
else:
u_data = uuid.UUID(uuid_lower)
if u_data.version == 1:
unix_ts = int((u_data.time / 10000) - 12219292800000)
in_uuid = dt.utcfromtimestamp(float(unix_ts) / 1000.0).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_uuid}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_uuid} {tz_out}{__clr__}"
)
else:
in_uuid = indiv_output = combined_output = False
except Exception:
handle(sys.exc_info())
in_uuid = indiv_output = combined_output = False
return in_uuid, indiv_output, combined_output, reason, tz_out
def from_dhcp6(timestamp):
"""Convert a DHCPv6 DUID value to date/time"""
ts_type, reason, _, tz_out = ts_types["dhcp6"]
try:
if len(str(timestamp)) < 28 or not all(char in hexdigits for char in timestamp):
in_dhcp6 = indiv_output = combined_output = False
else:
dhcp6_bytes = timestamp[8:16]
dhcp6_dec = int(dhcp6_bytes, 16)
dhcp6_ts = epochs[2000] + timedelta(seconds=int(dhcp6_dec))
in_dhcp6 = dhcp6_ts.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_dhcp6}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_dhcp6} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_dhcp6 = indiv_output = combined_output = False
return in_dhcp6, indiv_output, combined_output, reason, tz_out
def to_dhcp6(dt_val):
"""Convert a timestamp to a DHCP DUID value"""
ts_type, _, _, _ = ts_types["dhcp6"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
unix_time = int((dt_obj - epochs[2000]).total_seconds() - int(dt_tz))
if int(unix_time) < 0:
out_dhcp6 = "[!] Timestamp Boundary Exceeded [!]"
ts_output = str(f"{ts_type}:\t\t{out_dhcp6}")
else:
out_dhcp6 = str(struct.pack(">L", unix_time).hex())
ts_output = str(f"{ts_type}:\t\t00010001{out_dhcp6}000000000000")
except Exception:
handle(sys.exc_info())
out_dhcp6 = ts_output = False
return out_dhcp6, ts_output
def from_dotnet(timestamp):
"""Convert a .NET DateTime value to date/time"""
ts_type, reason, _, tz_out = ts_types["dotnet"]
try:
if len(str(timestamp)) != 18 or not (timestamp).isdigit():
in_dotnet = indiv_output = combined_output = False
else:
dotnet_offset = int((epochs[1970] - epochs[1]).total_seconds()) * 10000000
dotnet_to_umil = (int(timestamp) - dotnet_offset) / 10000000
if dotnet_to_umil < 0:
in_dotnet = indiv_output = combined_output = False
else:
in_dotnet = dt.utcfromtimestamp(dotnet_to_umil).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_dotnet} {tz_out}")
combined_output = str(f"{__red__}{ts_type}:\t{in_dotnet} {tz_out}{__clr__}")
except Exception:
handle(sys.exc_info())
in_dotnet = indiv_output = combined_output = False
return in_dotnet, indiv_output, combined_output, reason, tz_out
def to_dotnet(dt_val):
"""Convert date to a .NET DateTime value"""
ts_type, _, _, _ = ts_types["dotnet"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
out_dotnet = str(
int(((dt_obj - epochs[1]).total_seconds() - int(dt_tz)) * 10000000)
)
ts_output = str(f"{ts_type}:\t{out_dotnet}")
except Exception:
handle(sys.exc_info())
out_dotnet = ts_output = False
return out_dotnet, ts_output
def from_gbound(timestamp):
"""Convert a GMail Boundary value to date/time"""
ts_type, reason, _, tz_out = ts_types["gbound"]
try:
if len(str(timestamp)) != 28 or not all(
char in hexdigits for char in timestamp
):
in_gbound = indiv_output = combined_output = False
else:
working_value = timestamp[12:26]
end = working_value[:6]
begin = working_value[6:14]
full_dec = int("".join(begin + end), 16)
in_gbound = dt.utcfromtimestamp(full_dec / 1000000).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_gbound} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_gbound} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_gbound = indiv_output = combined_output = False
return in_gbound, indiv_output, combined_output, reason, tz_out
def to_gbound(dt_val):
"""Convert date to a GMail Boundary value"""
ts_type, _, _, _ = ts_types["gbound"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
to_int = int(((dt_obj - epochs[1970]).total_seconds() - int(dt_tz)) * 1000000)
if len(f"{to_int:x}") < 14:
to_int = f"0{to_int:x}"
begin = to_int[8:]
end = to_int[:8]
out_gbound = f"000000000000{begin}{end}00"
ts_output = str(f"{ts_type}:\t\t{out_gbound}")
except Exception:
handle(sys.exc_info())
out_gbound = ts_output = False
return out_gbound, ts_output
def from_gmsgid(timestamp):
"""Convert a GMail Message ID to a date/time value"""
ts_type, reason, _, tz_out = ts_types["gmsgid"]
try:
gmsgid = timestamp
if str(gmsgid).isdigit() and len(str(gmsgid)) == 19:
gmsgid = str(f"{int(gmsgid):x}")
if len(str(gmsgid)) != 16 or not all(char in hexdigits for char in gmsgid):
in_gmsgid = indiv_output = combined_output = False
else:
working_value = gmsgid[:11]
to_int = int(working_value, 16)
in_gmsgid = dt.utcfromtimestamp(to_int / 1000).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_gmsgid} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_gmsgid} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_gmsgid = indiv_output = combined_output = False
return in_gmsgid, indiv_output, combined_output, reason, tz_out
def to_gmsgid(dt_val):
"""Convert date to a GMail Message ID value"""
ts_type, _, _, _ = ts_types["gmsgid"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
to_int = int(((dt_obj - epochs[1970]).total_seconds() - int(dt_tz)) * 1000)
ts_hex = f"{to_int:x}"
out_gmsgid = f"{ts_hex}00000"
ts_output = str(f"{ts_type}:\t\t{out_gmsgid}")
except Exception:
handle(sys.exc_info())
out_gmsgid = ts_output = False
return out_gmsgid, ts_output
def from_moto(timestamp):
"""Convert a Motorola 6-byte hex timestamp to a date"""
ts_type, reason, _, tz_out = ts_types["moto"]
try:
if len(str(timestamp)) != 12 or not all(
char in hexdigits for char in timestamp
):
in_moto = indiv_output = combined_output = False
else:
hex_to_dec = [
int(timestamp[i : i + 2], 16) for i in range(0, len(timestamp), 2)
]
hex_to_dec[0] = hex_to_dec[0] + 1970
if hex_to_dec[1] not in range(1, 13):
in_moto = indiv_output = combined_output = False
else:
dt_obj = dt(
hex_to_dec[0],
hex_to_dec[1],
hex_to_dec[2],
hex_to_dec[3],
hex_to_dec[4],
hex_to_dec[5],
)
in_moto = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_moto}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_moto} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_moto = indiv_output = combined_output = False
return in_moto, indiv_output, combined_output, reason, tz_out
def to_moto(dt_val):
"""Convert a date to Motorola's 6-byte hex timestamp"""
ts_type, _, _, _ = ts_types["moto"]
try:
dt_obj = duparser.parse(dt_val)
moto_year = f"{(dt_obj.year - 1970):02x}"
moto_month = f"{(dt_obj.month):02x}"
moto_day = f"{(dt_obj.day):02x}"
moto_hour = f"{(dt_obj.hour):02x}"
moto_minute = f"{(dt_obj.minute):02x}"
moto_second = f"{(dt_obj.second):02x}"
out_moto = str(
f"{moto_year}{moto_month}{moto_day}"
f"{moto_hour}{moto_minute}{moto_second}"
)
ts_output = str(f"{ts_type}:\t\t\t{out_moto}")
except Exception:
handle(sys.exc_info())
out_moto = ts_output = False
return out_moto, ts_output
def from_nokia(timestamp):
"""Convert a Nokia 4-byte value to date/time"""
ts_type, reason, _, tz_out = ts_types["nokia"]
try:
if not len(timestamp) == 8 or not all(char in hexdigits for char in timestamp):
in_nokia = indiv_output = combined_output = False
else:
to_int = int(timestamp, 16)
int_diff = to_int ^ 4294967295
int_diff = ~int_diff + 1
unix_ts = int_diff + (epochs[2050] - epochs[1970]).total_seconds()
if unix_ts < 0:
in_nokia = indiv_output = combined_output = False
else:
in_nokia = dt.utcfromtimestamp(unix_ts).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_nokia}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_nokia} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_nokia = indiv_output = combined_output = False
return in_nokia, indiv_output, combined_output, reason, tz_out
def to_nokia(dt_val):
"""Convert a date/time value to a Nokia 4-byte timestamp"""
ts_type, _, _, _ = ts_types["nokia"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
unix_ts = (dt_obj - epochs[1970]).total_seconds() - int(dt_tz)
int_diff = int(unix_ts - (epochs[2050] - epochs[1970]).total_seconds())
int_diff = int_diff - 1
dec_value = ~int_diff ^ 4294967295
out_nokia = f"{dec_value:x}"
ts_output = str(f"{ts_type}:\t\t\t{out_nokia}")
except Exception:
handle(sys.exc_info())
out_nokia = ts_output = False
return out_nokia, ts_output
def from_nokiale(timestamp):
"""Convert a little-endian Nokia 4-byte value to date/time"""
ts_type, reason, _, tz_out = ts_types["nokiale"]
try:
if not len(timestamp) == 8 or not all(char in hexdigits for char in timestamp):
in_nokiale = indiv_output = combined_output = False
else:
to_be = "".join(
[timestamp[i : i + 2] for i in range(0, len(timestamp), 2)][::-1]
)
to_int = int(to_be, 16)
int_diff = to_int ^ 4294967295
int_diff = ~int_diff + 1
unix_ts = int_diff + (epochs[2050] - epochs[1970]).total_seconds()
if unix_ts < 0:
in_nokiale = indiv_output = combined_output = False
else:
in_nokiale = dt.utcfromtimestamp(unix_ts).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_nokiale}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_nokiale} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_nokiale = indiv_output = combined_output = False
return in_nokiale, indiv_output, combined_output, reason, tz_out
def to_nokiale(dt_val):
"""Convert a date/time value to a little-endian Nokia 4-byte timestamp"""
ts_type, _, _, _ = ts_types["nokiale"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
unix_ts = (dt_obj - epochs[1970]).total_seconds() - int(dt_tz)
int_diff = int(unix_ts - (epochs[2050] - epochs[1970]).total_seconds())
int_diff = int_diff - 1
dec_val = ~int_diff ^ 4294967295
hex_val = f"{dec_val:x}"
out_nokiale = "".join(
[hex_val[i : i + 2] for i in range(0, len(hex_val), 2)][::-1]
)
ts_output = str(f"{ts_type}:\t\t\t{out_nokiale}")
except Exception:
handle(sys.exc_info())
out_nokiale = ts_output = False
return out_nokiale, ts_output
def from_ns40(timestamp):
"""Convert a Nokia S40 7-byte value to a time/time"""
ts_type, reason, _, tz_out = ts_types["ns40"]
try:
if not len(timestamp) == 14 or not all(char in hexdigits for char in timestamp):
in_ns40 = indiv_output = combined_output = False
else:
ns40 = timestamp
ns40_val = {}
ns40_val["yr"] = ns40[:4]
ns40_val["mon"] = ns40[4:6]
ns40_val["day"] = ns40[6:8]
ns40_val["hr"] = ns40[8:10]
ns40_val["min"] = ns40[10:12]
ns40_val["sec"] = ns40[12:]
for each_key, _ in ns40_val.items():
ns40_val[str(each_key)] = int(ns40_val[str(each_key)], 16)
if ns40_val["yr"] > 9999:
in_ns40 = indiv_output = combined_output = False
if (int(ns40_val["mon"]) > 12) or (int(ns40_val["mon"] < 1)):
in_ns40 = indiv_output = combined_output = False
else:
in_ns40 = dt(
ns40_val["yr"],
ns40_val["mon"],
ns40_val["day"],
ns40_val["hr"],
ns40_val["min"],
ns40_val["sec"],
).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_ns40}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_ns40} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_ns40 = indiv_output = combined_output = False
return in_ns40, indiv_output, combined_output, reason, tz_out
def to_ns40(dt_val):
"""Convert a date/time value to a Nokia S40 7-byte timestamp"""
ts_type, _, _, _ = ts_types["ns40"]
try:
dt_obj = duparser.parse(dt_val)
dt_tz = 0
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
dt_obj = duparser.parse(dt_val, ignoretz=True)
dt_obj = str(int((dt_obj - epochs[1970]).total_seconds()) - int(dt_tz))
dt_obj = dt.utcfromtimestamp(int(dt_obj))
hex_vals = []
hex_vals.append(f"{dt_obj.year:x}".zfill(4))
hex_vals.append(f"{dt_obj.month:x}".zfill(2))
hex_vals.append(f"{dt_obj.day:x}".zfill(2))
hex_vals.append(f"{dt_obj.hour:x}".zfill(2))
hex_vals.append(f"{dt_obj.minute:x}".zfill(2))
hex_vals.append(f"{dt_obj.second:x}".zfill(2))
out_ns40 = "".join(hex_vals)
ts_output = str(f"{ts_type}:\t\t\t{out_ns40}")
except Exception:
handle(sys.exc_info())
out_ns40 = ts_output = False
return out_ns40, ts_output
def from_ns40le(timestamp):
"""Convert a little-endian Nokia S40 7-byte value to a date/time"""
ts_type, reason, _, tz_out = ts_types["ns40le"]
try:
if len(str(timestamp)) != 14 or not all(
char in hexdigits for char in timestamp
):
in_ns40le = indiv_output = combined_output = False
else:
ns40le = timestamp
ns40_val = {}
ns40_val["yr"] = "".join(
[ns40le[i : i + 2] for i in range(0, len(ns40le[:4]), 2)][::-1]
)
ns40_val["mon"] = ns40le[4:6]
ns40_val["day"] = ns40le[6:8]
ns40_val["hr"] = ns40le[8:10]
ns40_val["min"] = ns40le[10:12]
ns40_val["sec"] = ns40le[12:]
for each_key, _ in ns40_val.items():
ns40_val[str(each_key)] = int(ns40_val[str(each_key)], 16)
if ns40_val["yr"] > 9999:
in_ns40le = indiv_output = combined_output = False
if (int(ns40_val["mon"]) > 12) or (int(ns40_val["mon"] < 1)):
in_ns40le = indiv_output = combined_output = False
else:
in_ns40le = dt(
ns40_val["yr"],
ns40_val["mon"],
ns40_val["day"],
ns40_val["hr"],
ns40_val["min"],
ns40_val["sec"],
).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_ns40le}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_ns40le} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_ns40le = indiv_output = combined_output = False
return in_ns40le, indiv_output, combined_output, reason, tz_out
def to_ns40le(dt_val):
"""Convert a date/time value to a little-endian Nokia S40 7-byte timestamp"""
ts_type, _, _, _ = ts_types["ns40le"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
dt_obj = str(int((dt_obj - epochs[1970]).total_seconds()) - int(dt_tz))
dt_obj = dt.utcfromtimestamp(int(dt_obj))
hex_vals = []
year_le = f"{dt_obj.year:x}".zfill(4)
year_le = "".join(
[year_le[i : i + 2] for i in range(0, len(year_le[:4]), 2)][::-1]
)
hex_vals.append(f"{year_le}".zfill(4))
hex_vals.append(f"{dt_obj.month:x}".zfill(2))
hex_vals.append(f"{dt_obj.day:x}".zfill(2))
hex_vals.append(f"{dt_obj.hour:x}".zfill(2))
hex_vals.append(f"{dt_obj.minute:x}".zfill(2))
hex_vals.append(f"{dt_obj.second:x}".zfill(2))
out_ns40le = "".join(hex_vals)
ts_output = str(f"{ts_type}:\t\t{out_ns40le}")
except Exception:
handle(sys.exc_info())
out_ns40le = ts_output = False
return out_ns40le, ts_output
def from_bitdec(timestamp):
"""Convert a 10-digit Bitwise Decimal value to a date/time"""
ts_type, reason, _, tz_out = ts_types["bitdec"]
try:
if len(str(timestamp)) != 10 or not (timestamp).isdigit():
in_bitdec = indiv_output = combined_output = False
else:
full_ts = int(timestamp)
bd_yr = full_ts >> 20
bd_mon = (full_ts >> 16) & 15
bd_day = (full_ts >> 11) & 31
bd_hr = (full_ts >> 6) & 31
bd_min = full_ts & 63
try:
in_bitdec = dt(bd_yr, bd_mon, bd_day, bd_hr, bd_min).strftime(__fmt__)
except ValueError:
in_bitdec = indiv_output = combined_output = False
indiv_output = str(f"{ts_type}: {in_bitdec} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_bitdec} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_bitdec = indiv_output = combined_output = False
return in_bitdec, indiv_output, combined_output, reason, tz_out
def to_bitdec(dt_val):
"""Convert a date/time value to a Bitwise Decimal timestamp"""
ts_type, _, _, _ = ts_types["bitdec"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
dt_obj = str(int((dt_obj - epochs[1970]).total_seconds()) - int(dt_tz))
dt_obj = dt.utcfromtimestamp(int(dt_obj))
out_bitdec = str(
(dt_obj.year << 20)
+ (dt_obj.month << 16)
+ (dt_obj.day << 11)
+ (dt_obj.hour << 6)
+ (dt_obj.minute)
)
ts_output = str(f"{ts_type}:\t\t{out_bitdec}")
except Exception:
handle(sys.exc_info())
out_bitdec = ts_output = False
return out_bitdec, ts_output
def from_bitdate(timestamp):
"""Convert a Samsung/LG 4-byte hex timestamp to a date/time"""
ts_type, reason, _, tz_out = ts_types["bitdate"]
try:
if len(str(timestamp)) != 8 or not all(char in hexdigits for char in timestamp):
in_bitdate = indiv_output = combined_output = False
else:
to_le = "".join(
[timestamp[i : i + 2] for i in range(0, len(str(timestamp)), 2)][::-1]
)
to_binary = f"{int(to_le, 16):032b}"
bitdate_yr = int(to_binary[:12], 2)
bitdate_mon = int(to_binary[12:16], 2)
bitdate_day = int(to_binary[16:21], 2)
bitdate_hr = int(to_binary[21:26], 2)
bitdate_min = int(to_binary[26:32], 2)
try:
in_bitdate = dt(
bitdate_yr, bitdate_mon, bitdate_day, bitdate_hr, bitdate_min
).strftime(__fmt__)
except ValueError:
in_bitdate = indiv_output = combined_output = False
indiv_output = str(f"{ts_type}: {in_bitdate} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_bitdate} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_bitdate = indiv_output = combined_output = False
return in_bitdate, indiv_output, combined_output, reason, tz_out
def to_bitdate(dt_val):
"""Convert a date/time value to a Samsung/LG timestamp"""
ts_type, _, _, _ = ts_types["bitdate"]
try:
dt_obj = duparser.parse(dt_val)
bitdate_yr = f"{dt_obj.year:012b}"
bitdate_mon = f"{dt_obj.month:04b}"
bitdate_day = f"{dt_obj.day:05b}"
bitdate_hr = f"{dt_obj.hour:05b}"
bitdate_min = f"{dt_obj.minute:06b}"
to_hex = str(
struct.pack(
">I",
int(
bitdate_yr + bitdate_mon + bitdate_day + bitdate_hr + bitdate_min, 2
),
).hex()
)
out_bitdate = "".join(
[to_hex[i : i + 2] for i in range(0, len(to_hex), 2)][::-1]
)
ts_output = str(f"{ts_type}:\t\t\t{out_bitdate}")
except Exception:
handle(sys.exc_info())
out_bitdate = ts_output = False
return out_bitdate, ts_output
def from_ksdec(timestamp):
"""Convert a KSUID decimal value to a date"""
ts_type, reason, _, tz_out = ts_types["ksdec"]
try:
if len(timestamp) != 9 or not timestamp.isdigit():
in_ksdec = indiv_output = combined_output = False
else:
ts_val = int(timestamp) + int(epochs["kstime"])
in_ksdec = dt.utcfromtimestamp(float(ts_val)).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_ksdec} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t\t{in_ksdec} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_ksdec = indiv_output = combined_output = False
return in_ksdec, indiv_output, combined_output, reason, tz_out
def to_ksdec(dt_val):
"""Convert date to a KSUID decimal value"""
ts_type, _, _, _ = ts_types["ksdec"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
unix_ts = str(int((dt_obj - epochs[1970]).total_seconds()) - int(dt_tz))
out_ksdec = str(int(unix_ts) - int(epochs["kstime"]))
if int(out_ksdec) < 0:
out_ksdec = "[!] Timestamp Boundary Exceeded [!]"
ts_output = str(f"{ts_type}:\t\t\t{out_ksdec}")
except Exception:
handle(sys.exc_info())
out_ksdec = ts_output = False
return out_ksdec, ts_output
def from_biomehex(timestamp):
"""Convert an Apple Biome Hex value to a date - from Little Endian"""
ts_type, reason, _, tz_out = ts_types["biomehex"]
try:
biomehex = str(timestamp)
if len(biomehex) != 16 or not all(char in hexdigits for char in biomehex):
in_biomehex = indiv_output = combined_output = False
else:
if biomehex[:2] == "41":
biomehex = "".join(
[biomehex[i : i + 2] for i in range(0, len(biomehex), 2)][::-1]
)
byte_val = bytes.fromhex(str(biomehex))
nsdate_val = struct.unpack("= 1e17:
in_biomehex = indiv_output = combined_output = False
else:
dt_obj = epochs[2001] + timedelta(seconds=float(nsdate_val))
in_biomehex = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_biomehex} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_biomehex} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_biomehex = indiv_output = combined_output = False
return in_biomehex, indiv_output, combined_output, reason, tz_out
def to_biomehex(dt_val):
"""Convert a date/time to an Apple Biome Hex value"""
ts_type, _, _, _ = ts_types["biomehex"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
bplist_stamp = str(float((dt_obj - epochs[2001]).total_seconds()) - int(dt_tz))
byte_biome = struct.pack(">d", float(bplist_stamp))
out_biomehex = bytes.hex(byte_biome)
ts_output = str(f"{ts_type}:\t\t{out_biomehex}")
except Exception:
handle(sys.exc_info())
out_biomehex = ts_output = False
return out_biomehex, ts_output
def from_biome64(timestamp):
"""Convert a 64-bit decimal value to a date/time value"""
ts_type, reason, _, tz_out = ts_types["biome64"]
try:
if len(timestamp) != 19 or not timestamp.isdigit():
in_biome64 = indiv_output = combined_output = False
else:
nsdate_unpacked = int(
struct.unpack("= 1e17:
in_biome64 = indiv_output = combined_output = False
else:
dt_obj = epochs[2001] + timedelta(seconds=float(nsdate_unpacked))
in_biome64 = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_biome64} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t{in_biome64} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_biome64 = indiv_output = combined_output = False
return in_biome64, indiv_output, combined_output, reason, tz_out
def to_biome64(dt_val):
"""Convert a date/time value to a"""
ts_type, _, _, _ = ts_types["biome64"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
nsdate_stamp = float((dt_obj - epochs[2001]).total_seconds()) - int(dt_tz)
out_biome64 = str(int.from_bytes(struct.pack(">d", nsdate_stamp), "big"))
ts_output = str(f"{ts_type}:\t{out_biome64}")
except Exception:
handle(sys.exc_info())
out_biome64 = ts_output = False
return out_biome64, ts_output
def from_s32(timestamp):
"""
Convert an S32 timestamp to a date/time value
Since BlueSky is not yet in use, this function is essentially a beta
"""
ts_type, reason, _, tz_out = ts_types["s32"]
try:
result = 0
timestamp = str(timestamp)
if len(timestamp) != 9 or not all(char in S32_CHARS for char in timestamp):
in_s32 = indiv_output = combined_output = False
else:
for char in timestamp:
result = result * 32 + S32_CHARS.index(char)
dt_obj = dt.utcfromtimestamp(result / 1000.0)
in_s32 = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_s32} {tz_out}")
combined_output = str(f"{__red__}{ts_type}:\t\t{in_s32} {tz_out}{__clr__}")
except Exception:
handle(sys.exc_info())
in_s32 = indiv_output = combined_output = False
return in_s32, indiv_output, combined_output, reason, tz_out
def to_s32(dt_val):
"""
Convert a date/time to an S32-encoded timestamp
Since BlueSky is not yet in use, this function is essentially a beta
"""
ts_type, _, _, _ = ts_types["s32"]
try:
result = ""
index = 0
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
unix_mil = int(((dt_obj - epochs[1970]).total_seconds()) - int(dt_tz)) * 1000
while unix_mil:
index = unix_mil % 32
unix_mil = math.floor(unix_mil / 32)
result = S32_CHARS[index] + result
out_s32 = result
ts_output = str(f"{ts_type}:\t{out_s32}")
except Exception:
handle(sys.exc_info())
out_s32 = ts_output = False
return out_s32, ts_output
def from_apache(timestamp):
"""
Convert an Apache hex timestamp to a date/time value
This value has 13 hex characters, and does not fit a byte boundary
"""
ts_type, reason, _, tz_out = ts_types["apache"]
try:
timestamp = str(timestamp)
if len(timestamp) != 13 or not all(char in hexdigits for char in timestamp):
in_apache = indiv_output = combined_output = False
else:
dec_val = int(timestamp, 16)
dt_obj = epochs[1970] + timedelta(microseconds=dec_val)
in_apache = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_apache} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_apache} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_apache = indiv_output = combined_output = False
return in_apache, indiv_output, combined_output, reason, tz_out
def to_apache(dt_val):
"""Convert a date/time to an Apache cookie value"""
ts_type, _, _, _ = ts_types["apache"]
try:
dt_obj = duparser.parse(dt_val)
if hasattr(dt_obj.tzinfo, "_offset"):
dt_tz = dt_obj.tzinfo._offset.total_seconds()
else:
dt_tz = 0
dt_obj = duparser.parse(dt_val, ignoretz=True)
apache_int = int(
((dt_obj - epochs[1970]).total_seconds() - int(dt_tz)) * 1000000
)
out_apache = f"{apache_int:x}"
ts_output = str(f"{ts_type}:\t\t{out_apache}")
except Exception:
handle(sys.exc_info())
out_apache = ts_output = False
return out_apache, ts_output
def from_leb128_hex(timestamp):
"""Convert a LEB 128 hex value to a date"""
ts_type, reason, _, tz_out = ts_types["leb128_hex"]
try:
if not len(timestamp) % 2 == 0 or not all(
char in hexdigits for char in timestamp
):
in_leb128_hex = indiv_output = combined_output = False
else:
ts_hex_list = [(timestamp[i : i + 2]) for i in range(0, len(timestamp), 2)]
unix_milli = 0
shift = 0
for hex_val in ts_hex_list:
byte_val = int(hex_val, 16)
unix_milli |= (byte_val & 0x7F) << shift
if (byte_val & 0x80) == 0:
break
shift += 7
in_leb128_hex, _, _, _, _ = from_unix_milli(str(unix_milli))
indiv_output = str(f"{ts_type}: {in_leb128_hex} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_leb128_hex} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_leb128_hex = indiv_output = combined_output = False
return in_leb128_hex, indiv_output, combined_output, reason, tz_out
def to_leb128_hex(dt_val):
"""Convert a date to a LEB128 hex value."""
ts_type, _, _, _ = ts_types["leb128_hex"]
try:
dt_obj = duparser.parse(dt_val, ignoretz=True)
unix_milli, _ = to_unix_milli(str(dt_obj))
unix_milli = int(unix_milli)
byte_list = []
while True:
byte_val = unix_milli & 0x7F
unix_milli >>= 7
if unix_milli != 0:
byte_val |= 0x80
byte_list.append(byte_val)
if unix_milli == 0:
break
out_leb128_hex = "".join([f"{byte_val:02x}" for byte_val in byte_list])
ts_output = str(f"{ts_type}:\t\t{out_leb128_hex}")
except Exception:
handle(sys.exc_info())
out_leb128_hex = ts_output = False
return out_leb128_hex, ts_output
def from_julian_dec(timestamp):
"""Convert Julian Date decimal value to a date"""
ts_type, reason, _, tz_out = ts_types["julian_dec"]
try:
if (
"." not in timestamp
or not (
(len(timestamp.split(".")[0]) == 7)
and (len(timestamp.split(".")[1]) in range(0, 11))
)
or not "".join(timestamp.split(".")).isdigit()
):
in_julian_dec = indiv_output = combined_output = False
else:
try:
timestamp = float(timestamp)
except Exception:
timestamp = int(timestamp)
yr, mon, day, hr, mins, sec, mil = jd.to_gregorian(timestamp)
dt_vals = [yr, mon, day, hr, mins, sec, mil]
if any(val < 0 for val in dt_vals):
in_julian_dec = indiv_output = combined_output = False
else:
in_julian_dec = (dt(yr, mon, day, hr, mins, sec, mil)).strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_julian_dec} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_julian_dec} {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_julian_dec = indiv_output = combined_output = False
return in_julian_dec, indiv_output, combined_output, reason, tz_out
def to_julian_dec(dt_val):
"""Convert a date to a Julian Date"""
ts_type, _, _, _ = ts_types["julian_dec"]
try:
dt_obj = duparser.parse(dt_val)
out_julian_dec = str(
jd.from_gregorian(
dt_obj.year,
dt_obj.month,
dt_obj.day,
dt_obj.hour,
dt_obj.minute,
dt_obj.second,
)
)
ts_output = f"{ts_type}:\t{out_julian_dec}"
except Exception:
handle(sys.exc_info())
out_julian_dec = ts_output = False
return out_julian_dec, ts_output
def from_julian_hex(timestamp):
"""Convert Julian Date hex value to a date"""
ts_type, reason, _, tz_out = ts_types["julian_hex"]
try:
if not len(timestamp) // 2 == 7 or not all(
char in hexdigits for char in timestamp
):
in_julian_hex = indiv_output = combined_output = False
else:
julianday = int(timestamp[:6], 16)
julianmil = int(timestamp[6:], 16)
julianmil = julianmil / 10 ** int((len(str(julianmil))))
julian_date = int(julianday) + int(julianmil)
yr, mon, day, hr, mins, sec, mil = jd.to_gregorian(julian_date)
dt_vals = [yr, mon, day, hr, mins, sec, mil]
if any(val < 0 for val in dt_vals):
in_julian_hex = indiv_output = combined_output = False
else:
dt_obj = dt(yr, mon, day, hr, mins, sec, mil)
in_julian_hex = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_julian_hex} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t\t{in_julian_hex}" f" {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_julian_hex = indiv_output = combined_output = False
return in_julian_hex, indiv_output, combined_output, reason, tz_out
def to_julian_hex(dt_val):
"""Convert a date to a Julian Hex Date"""
ts_type, _, _, _ = ts_types["julian_hex"]
try:
dt_obj = duparser.parse(dt_val)
jul_dec = jd.from_gregorian(
dt_obj.year,
dt_obj.month,
dt_obj.day,
dt_obj.hour,
dt_obj.minute,
dt_obj.second,
)
if isinstance(jul_dec, float):
left_val, right_val = str(jul_dec).split(".")
left_val = f"{int(left_val):06x}"
right_val = f"{int(right_val):08x}"
elif isinstance(jul_dec, int):
left_val = f"{jul_dec:06x}"
right_val = f"{0:08x}"
out_julian_hex = f"{str(left_val)}{str(right_val)}"
ts_output = str(f"{ts_type}:\t\t{out_julian_hex}")
except Exception:
handle(sys.exc_info())
out_julian_hex = ts_output = False
return out_julian_hex, ts_output
def from_semi_octet(timestamp):
"""Convert from a Semi-Octet decimal value to a date"""
ts_type, reason, _, tz_out = ts_types["semi_octet"]
try:
yr = mon = day = hr = mins = sec = None
if (
len(str(timestamp)) != 12
or len(str(timestamp)) != 14
and not str(timestamp).isdigit()
):
in_semi_octet = indiv_output = combined_output = False
else:
if len(str(timestamp)) == 12:
yr, mon, day, hr, mins, sec = [
(a + b)[::-1] for a, b in zip(timestamp[::2], timestamp[1::2])
]
elif len(str(timestamp)) == 14:
yr, mon, day, hr, mins, sec, _ = [
(a + b)[::-1] for a, b in zip(timestamp[::2], timestamp[1::2])
]
dt_obj = dt(
int(yr) + 2000, int(mon), int(day), int(hr), int(mins), int(sec)
)
in_semi_octet = dt_obj.strftime(__fmt__)
indiv_output = str(f"{ts_type}: {in_semi_octet} {tz_out}")
combined_output = str(
f"{__red__}{ts_type}:\t{in_semi_octet}" f" {tz_out}{__clr__}"
)
except Exception:
handle(sys.exc_info())
in_semi_octet = indiv_output = combined_output = False
return in_semi_octet, indiv_output, combined_output, reason, tz_out
def to_semi_octet(dt_val):
"""Convert a date to a Semi-Octet decimal value"""
ts_type, _, _, _ = ts_types["semi_octet"]
try:
swap_list = []
dt_obj = duparser.parse(dt_val)
ts_vals = [
str(f"{(dt_obj.year - 2000):02d}"),
str(f"{dt_obj.month:02d}"),
str(f"{dt_obj.day:02d}"),
str(f"{dt_obj.hour:02d}"),
str(f"{dt_obj.minute:02d}"),
str(f"{dt_obj.second:02d}"),
]
for each in ts_vals:
swap_list.append(each[::-1])
out_semi_octet = "".join(swap_list)
ts_output = f"{ts_type}:\t{out_semi_octet}"
except Exception:
handle(sys.exc_info())
out_semi_octet = ts_output = False
return out_semi_octet, ts_output
def date_range(start, end, check_date):
"""Check if date is in range of start and end, return True if it is"""
if start <= end:
return start <= check_date <= end
return start <= check_date or check_date <= end
def from_all(timestamps):
"""Output all processed timestamp values and find date from provided timestamp"""
this_yr = int(dt.now().strftime("%Y"))
full_list = {}
for func in from_funcs:
func_name = func.__name__.replace("from_", "")
(result, _, combined_output, _, tz_out) = func(timestamps)
if result and combined_output:
if isinstance(result, str):
if int(duparser.parse(result).strftime("%Y")) not in range(
this_yr - 5, this_yr + 5
):
combined_output = combined_output.strip(__red__).strip(__clr__)
full_list[func_name] = [result, combined_output, tz_out]
return full_list
def to_timestamps(dt_val):
"""Convert provided date to all timestamps"""
results = {}
ts_outputs = []
for func in to_funcs:
result, ts_output = func(dt_val)
func_name = (func.__name__).replace("to_", "")
if isinstance(result, str):
results[func_name] = result
ts_outputs.append(ts_output)
return results, ts_outputs
single_funcs = {
"unix": from_unix_sec,
"umil": from_unix_milli,
"umilhex": from_unix_milli_hex,
"wh": from_windows_hex_64,
"whle": from_windows_hex_64le,
"chrome": from_chrome,
"active": from_ad,
"uhbe": from_unix_hex_32be,
"uhle": from_unix_hex_32le,
"cookie": from_cookie,
"oleb": from_ole_be,
"olel": from_ole_le,
"nsdate": from_nsdate,
"bplist": from_bplist,
"iostime": from_iostime,
"mac": from_mac,
"hfsdec": from_hfs_dec,
"hfsbe": from_hfs_be,
"hfsle": from_hfs_le,
"fat": from_fat,
"msdos": from_msdos,
"systime": from_systemtime,
"ft": from_filetime,
"hotmail": from_hotmail,
"pr": from_prtime,
"auto": from_ole_auto,
"ms1904": from_ms1904,
"sym": from_symtime,
"gps": from_gpstime,
"eitime": from_eitime,
"gsm": from_gsm,
"vm": from_vm,
"tiktok": from_tiktok,
"twitter": from_twitter,
"discord": from_discord,
"ksalnum": from_ksalnum,
"mastodon": from_mastodon,
"meta": from_metasploit,
"sony": from_sony,
"uu": from_uuid,
"dhcp6": from_dhcp6,
"dotnet": from_dotnet,
"gbound": from_gbound,
"gmsgid": from_gmsgid,
"moto": from_moto,
"nokia": from_nokia,
"nokiale": from_nokiale,
"ns40": from_ns40,
"ns40le": from_ns40le,
"bitdec": from_bitdec,
"bitdate": from_bitdate,
"ksdec": from_ksdec,
"exfat": from_exfat,
"biome64": from_biome64,
"biomehex": from_biomehex,
"s32": from_s32,
"apache": from_apache,
"leb128": from_leb128_hex,
"jdec": from_julian_dec,
"jhex": from_julian_hex,
"semi": from_semi_octet,
}
from_funcs = [
from_ad,
from_apache,
from_biome64,
from_biomehex,
from_bitdate,
from_bitdec,
from_dhcp6,
from_discord,
from_exfat,
from_fat,
from_gbound,
from_gmsgid,
from_chrome,
from_eitime,
from_gpstime,
from_gsm,
from_hfs_be,
from_hfs_le,
from_nsdate,
from_julian_dec,
from_julian_hex,
from_ksalnum,
from_ksdec,
from_leb128_hex,
from_hfs_dec,
from_mastodon,
from_metasploit,
from_systemtime,
from_filetime,
from_hotmail,
from_dotnet,
from_moto,
from_prtime,
from_msdos,
from_ms1904,
from_ns40,
from_ns40le,
from_nokia,
from_nokiale,
from_ole_auto,
from_s32,
from_semi_octet,
from_sony,
from_symtime,
from_tiktok,
from_twitter,
from_unix_hex_32be,
from_unix_hex_32le,
from_unix_sec,
from_unix_milli,
from_unix_milli_hex,
from_uuid,
from_vm,
from_windows_hex_64,
from_windows_hex_64le,
from_cookie,
from_ole_be,
from_ole_le,
]
to_funcs = [
to_ad,
to_apache,
to_biome64,
to_biomehex,
to_bitdate,
to_bitdec,
to_dhcp6,
to_exfat,
to_fat,
to_gbound,
to_gmsgid,
to_chrome,
to_eitime,
to_gpstime,
to_gsm,
to_hfs_be,
to_hfs_le,
to_julian_dec,
to_julian_hex,
to_ksdec,
to_leb128_hex,
to_hfs_dec,
to_mastodon,
to_systemtime,
to_filetime,
to_hotmail,
to_dotnet,
to_moto,
to_prtime,
to_msdos,
to_ms1904,
to_ns40,
to_ns40le,
to_nokia,
to_nokiale,
to_bplist,
to_iostime,
to_mac,
to_ole_auto,
to_s32,
to_semi_octet,
to_symtime,
to_unix_hex_32be,
to_unix_hex_32le,
to_unix_sec,
to_unix_milli,
to_unix_milli_hex,
to_vm,
to_windows_hex_64,
to_windows_hex_64le,
to_cookie,
to_ole_be,
to_ole_le,
]
def main():
"""Parse all passed arguments"""
now = dt.now().strftime(__fmt__)
arg_parse = argparse.ArgumentParser(
description=f"Time Decoder and Converter v"
f"{str(__version__)} - supporting "
f"{str(__types__)} timestamps!\n\n"
f"Some timestamps are only part of the entire value, and as such, full\n"
f"timestamps may not be generated based on only the date/time portion.",
formatter_class=argparse.RawTextHelpFormatter,
)
arg_parse.add_argument(
"-g",
"--gui",
action="store_true",
help="launch the gui",
)
arg_parse.add_argument(
"--guess",
metavar="TIMESTAMP",
help="guess the timestamp format and output possibilities",
)
arg_parse.add_argument(
"--timestamp",
metavar="DATE",
help="convert date to every timestamp\n"
'enter date as "YYYY-MM-DD HH:MM:SS.f" in 24h fmt\n'
"Without DATE argument, will convert current date/time\n",
nargs="?",
const=now,
)
arg_parse.add_argument(
"--active", metavar="", help="convert from Active Directory value"
)
arg_parse.add_argument(
"--apache", metavar="", help="convert from an Apache Cookie hex value"
)
arg_parse.add_argument(
"--auto", metavar="", help="convert from OLE Automation Date format"
)
arg_parse.add_argument(
"--biome64", metavar="", help="convert from an Apple Biome 64-bit decimal"
)
arg_parse.add_argument(
"--biomehex", metavar="", help="convert from an Apple Biome hex value"
)
arg_parse.add_argument(
"--bitdate", metavar="", help="convert from a Samsung/LG 4-byte value"
)
arg_parse.add_argument(
"--bitdec", metavar="", help="convert from a bitwise decimal 10-digit value"
)
arg_parse.add_argument(
"--bplist", metavar="", help="convert from an iOS Binary Plist value"
)
arg_parse.add_argument(
"--chrome", metavar="", help="convert from Google Chrome value"
)
arg_parse.add_argument(
"--cookie", metavar="", help="convert from Windows Cookie Date (Low,High)"
)
arg_parse.add_argument(
"--dhcp6", metavar="", help="convert from a DHCP6 DUID value"
)
arg_parse.add_argument(
"--discord", metavar="", help="convert from a Discord URL value"
)
arg_parse.add_argument(
"--dotnet", metavar="", help="convert from a .NET DateTime value"
)
arg_parse.add_argument(
"--eitime", metavar="", help="convert from a Google EI URL value"
)
arg_parse.add_argument(
"--exfat", metavar="", help="convert from an exFAT 4-byte value"
)
arg_parse.add_argument(
"--fat", metavar="", help="convert from FAT Date + Time (wFat)"
)
arg_parse.add_argument("--ft", metavar="", help="convert from a FILETIME value")
arg_parse.add_argument(
"--gbound", metavar="", help="convert from a GMail Boundary value"
)
arg_parse.add_argument(
"--gmsgid", metavar="", help="convert from a GMail Message ID value"
)
arg_parse.add_argument("--gps", metavar="", help="convert from a GPS value")
arg_parse.add_argument("--gsm", metavar="", help="convert from a GSM value")
arg_parse.add_argument(
"--hfsbe", metavar="", help="convert from HFS(+) BE (HFS=Local, HFS+=UTC)"
)
arg_parse.add_argument(
"--hfsle", metavar="", help="convert from HFS(+) LE (HFS=Local, HFS+=UTC)"
)
arg_parse.add_argument(
"--hfsdec", metavar="", help="convert from a Mac OS/HFS+ Decimal value"
)
arg_parse.add_argument("--hotmail", metavar="", help="convert from a Hotmail value")
arg_parse.add_argument("--iostime", metavar="", help="convert from an iOS 11 value")
arg_parse.add_argument(
"--jdec", metavar="", help="convert from a Julian Date decimal value"
)
arg_parse.add_argument(
"--jhex", metavar="", help="convert from a Julian Date hex value"
)
arg_parse.add_argument(
"--ksdec", metavar="", help="convert from a KSUID 9-digit value"
)
arg_parse.add_argument(
"--ksalnum", metavar="", help="convert from a KSUID 27-character value"
)
arg_parse.add_argument(
"--leb128", metavar="", help="convert from a LEB128 hex value"
)
arg_parse.add_argument("--mac", metavar="", help="convert from Mac Absolute Time")
arg_parse.add_argument(
"--mastodon", metavar="", help="convert from a Mastodon URL value"
)
arg_parse.add_argument(
"--meta", metavar="", help="convert from a Metasploit Payload UUID"
)
arg_parse.add_argument(
"--moto", metavar="", help="convert from Motorola's 6-byte value"
)
arg_parse.add_argument(
"--ms1904", metavar="", help="convert from MS Excel 1904 Date format"
)
arg_parse.add_argument(
"--msdos", metavar="", help="convert from 32-bit MS-DOS time, result is Local"
)
arg_parse.add_argument(
"--nokia", metavar="", help="convert from a Nokia 4-byte value"
)
arg_parse.add_argument(
"--nokiale", metavar="", help="convert from a Nokia 4-byte LE value"
)
arg_parse.add_argument(
"--ns40", metavar="", help="convert from a Nokia S40 7-byte value"
)
arg_parse.add_argument(
"--ns40le", metavar="", help="convert from a Nokia S40 7-byte LE value"
)
arg_parse.add_argument(
"--nsdate",
metavar="",
help="convert from an Apple NSDate (iOS, BPList, Cocoa, Mac Absolute)",
)
arg_parse.add_argument(
"--oleb",
metavar="",
help="convert from a Windows OLE 64-bit BE value, remove 0x & space\n"
"- example from SRUM: 0x40e33f5d 0x97dfe8fb should be 40e33f5d97dfe8fb",
)
arg_parse.add_argument(
"--olel", metavar="", help="convert from a Windows OLE 64-bit LE value"
)
arg_parse.add_argument("--pr", metavar="", help="convert from Mozilla's PRTime")
arg_parse.add_argument(
"--s32", metavar="", help="convert from an S32-encoded value"
)
arg_parse.add_argument(
"--semi", metavar="", help="convert from a Semi-Octet decimal value"
)
arg_parse.add_argument(
"--sony", metavar="", help="convert from a Sonyflake URL value"
)
arg_parse.add_argument(
"--sym", metavar="", help="convert from Symantec's 6-byte AV value"
)
arg_parse.add_argument(
"--systime", metavar="", help="convert from a 128-bit SYSTEMTIME value"
)
arg_parse.add_argument(
"--tiktok", metavar="", help="convert from a TikTok URL value"
)
arg_parse.add_argument(
"--twitter", metavar="", help="convert from a Twitter URL value"
)
arg_parse.add_argument("--uhbe", metavar="", help="convert from Unix Hex 32-bit BE")
arg_parse.add_argument("--uhle", metavar="", help="convert from Unix Hex 32-bit LE")
arg_parse.add_argument("--unix", metavar="", help="convert from Unix Seconds")
arg_parse.add_argument("--umil", metavar="", help="convert from Unix Milliseconds")
arg_parse.add_argument(
"--umilhex", metavar="", help="convert from Unix Milliseconds 6-byte Hex value"
)
arg_parse.add_argument(
"--uu",
metavar="",
help="convert from a UUID: 00000000-0000-0000-0000-000000000000",
)
arg_parse.add_argument(
"--vm",
metavar="",
help="convert from a VMWare Snapshot (.vmsd) value\n"
'- enter as "high value,low value"',
)
arg_parse.add_argument(
"--wh", metavar="", help="convert from Windows 64-bit Hex BE"
)
arg_parse.add_argument(
"--whle", metavar="", help="convert from Windows 64-bit Hex LE"
)
arg_parse.add_argument(
"--version", "-v", action="version", version=arg_parse.description
)
if len(sys.argv[1:]) == 0:
arg_parse.print_help()
arg_parse.exit()
args = arg_parse.parse_args()
analyze(args)
if __name__ == "__main__":
main()