-
Notifications
You must be signed in to change notification settings - Fork 79
/
Copy pathnetusage_zliveusage.txt
109 lines (91 loc) · 4.7 KB
/
netusage_zliveusage.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# --------------------------------------------------------------------------------
# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC,
# @iamevltwin, mac4n6.com). All rights reserved.
# This software is provided "as is," without warranty of any kind,
# express or implied. In no event shall the author or contributors
# be held liable for any damages arising in any way from the use of
# this software.
# The contents of this file are DUAL-LICENSED. You may modify and/or
# redistribute this software according to the terms of one of the
# following two licenses (at your option):
# LICENSE 1 ("BSD-like with acknowledgment clause"):
# Permission is granted to anyone to use this software for any purpose,
# including commercial applications, and to alter it and redistribute
# it freely, subject to the following restrictions:
# 1. Redistributions of source code must retain the above copyright
# notice, disclaimer, and this list of conditions.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, disclaimer, and this list of conditions in the documenta-
# tion and/or other materials provided with the distribution.
# 3. All advertising, training, and documentation materials mentioning
# features or use of this software must display the following
# acknowledgment. Character-limited social media may abbreviate this
# acknowledgment to include author and APOLLO name ie: "This new
# feature brought to you by @iamevltwin's APOLLO". Please make an
# effort credit the appropriate authors on specific APOLLO modules.
# The spirit of this clause is to give public acknowledgment to
# researchers where credit is due.
# This product includes software developed by Sarah Edwards
# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other
# contributors as part of APOLLO (Apple Pattern of Life Lazy
# Output'er).
# LICENSE 2 (GNU GPL v3 or later):
# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er).
# APOLLO is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# APOLLO is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with APOLLO. If not, see <https://www.gnu.org/licenses/>.
# --------------------------------------------------------------------------------
[Module Metadata]
AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin
MODULE_NOTES=Network Usage Traffic by Process.
[Database Metadata]
DATABASE=netusage.sqlite
PLATFORM=IOS
VERSIONS=8,9,10,11,12,13,10.13,10.14,10.15,10.16,14
[Query Metadata]
QUERY_NAME=netusage_zliveusage
ACTIVITY=Network Usage
KEY_TIMESTAMP=PROCESS TIMESTAMP
[SQL Query 10,11,12,13,10.13,10.14,10.15,10.16,14]
QUERY=
SELECT
DATETIME(ZPROCESS.ZTIMESTAMP + 978307200, 'unixepoch') AS "PROCESS TIMESTAMP",
DATETIME(ZPROCESS.ZFIRSTTIMESTAMP + 978307200, 'unixepoch') AS "PROCESS FIRST TIMESTAMP",
DATETIME(ZLIVEUSAGE.ZTIMESTAMP + 978307200, 'unixepoch') AS "LIVE USAGE TIMESTAMP",
ZBUNDLENAME AS "BUNDLE ID",
ZPROCNAME AS "PROCESS NAME",
ZWIFIIN AS "WIFI IN",
ZWIFIOUT AS "WIFI OUT",
ZWWANIN AS "WWAN IN",
ZWWANOUT AS "WWAN OUT",
ZWIREDIN AS "WIRED IN",
ZWIREDOUT AS "WIRED OUT",
ZXIN AS "X IN",
ZXOUT AS "X OUT",
ZLIVEUSAGE.Z_PK AS "ZLIVEUSAGE TABLE ID"
FROM ZLIVEUSAGE
LEFT JOIN ZPROCESS ON ZPROCESS.Z_PK = ZLIVEUSAGE.ZHASPROCESS
[SQL Query 8,9]
QUERY=
SELECT
DATETIME(ZPROCESS.ZTIMESTAMP + 978307200, 'unixepoch') AS "PROCESS TIMESTAMP",
DATETIME(ZPROCESS.ZFIRSTTIMESTAMP + 978307200, 'unixepoch') AS "PROCESS FIRST TIMESTAMP",
DATETIME(ZLIVEUSAGE.ZTIMESTAMP + 978307200, 'unixepoch') AS "LIVE USAGE TIMESTAMP",
ZBUNDLENAME AS "BUNDLE ID",
ZPROCNAME AS "PROCESS NAME",
ZWIFIIN AS "WIFI IN",
ZWIFIOUT AS "WIFI OUT",
ZWWANIN AS "WWAN IN",
ZWWANOUT AS "WWAN OUT",
ZWIREDIN AS "WIRED IN",
ZWIREDOUT AS "WIRED OUT",
ZLIVEUSAGE.Z_PK AS "ZLIVEUSAGE TABLE ID"
FROM ZLIVEUSAGE
LEFT JOIN ZPROCESS ON ZPROCESS.Z_PK = ZLIVEUSAGE.ZHASPROCESS