Add forensic modules for Nova AI Chatbot (com.scaleup.chatai)

[guilhermegui08]

This PR adds 7 modules for the Nova AI Chatbot application. The package ID is com.scaleup.chatai and the main database is located at /data/data/com.scaleup.chatai/databases/chat-ai.db.

Modules Added

Module	Description
HistoryDetailImage	Extracts all images from the HistoryDetailImage table, correctly identifying AI‑generated images (ASSISTANT role) vs user‑submitted images (USER role). Includes prompt, generation state, pipeline, style ID, and Firebase path.
HistoryDetailDocuments	Extracts all user‑submitted documents from the HistoryDetailDocument table with name, MIME type, size, source type, and Firebase path.
Conversations	Full conversation reconstruction by joining History, HistoryDetail, and all attachment tables. One row per message with images, documents, and links displayed inline.
Cached Images	Extracts all cached images from the Glide disk cache (cache/image_manager_disk_cache/*.0). Generates an HTML gallery with thumbnails, file size, and modification time using direct file paths to the extracted .0 files.

Output Format

All modules produce:

• HTML report with previews
• TSV file for further analysis
• Timeline output

Screenshot

Acknowledgements

This work was developed with the assistance of AI

[abrignoni]

For the code to be merged it must use the built-in check in media function to handle images. We are also not allowing HTML escaping from the scripts due to code injection security risks. Generally the code needs to be more concise and refrain from the use of deprecated methods that are problematic, like datetime.utcfromtimestamp. The script also needs to be LAVA compatible to be merged. Lastly make sure to follow reporting conventions as seen in other scripts. The artifacts are needed and truly awesome. Looking forward to merging them.

…

On Tue, May 19, 2026 at 6:59 AM Guilherme Guilherme < ***@***.***> wrote: This PR adds 7 modules for the Nova AI Chatbot application. The package ID is com.scaleup.chatai and the main database is located at /data/data/com.scaleup.chatai/databases/chat-ai.db. Modules Added Module Description HistoryDetailImage Extracts all images from the HistoryDetailImage table, correctly identifying AI‑generated images (ASSISTANT role) vs user‑submitted images (USER role). Includes prompt, generation state, pipeline, style ID, and Firebase path. HistoryDetailDocuments Extracts all user‑submitted documents from the HistoryDetailDocument table with name, MIME type, size, source type, and Firebase path. Conversations Full conversation reconstruction by joining History, HistoryDetail, and all attachment tables. One row per message with images, documents, and links displayed inline. Cached Images Extracts all cached images from the Glide disk cache ( cache/image_manager_disk_cache/*.0). Generates an HTML gallery with thumbnails, file size, and modification time using direct file paths to the extracted .0 files. Output Format All modules produce: - HTML report with previews - TSV file for further analysis - Timeline output Screenshot imagem.png (view on web) <https://github.com/user-attachments/assets/f92230cd-0a39-4557-bbf0-c81c7f2fdd35> Acknowledgements This work was developed with the assistance of AI ------------------------------ You can view, comment on, or merge this pull request online at: #696 Commit Summary - 0aa20d7 <0aa20d7> Add artifact scripts - abac85b <abac85b> Add icons File Changes (8 files <https://github.com/abrignoni/ALEAPP/pull/696/files>) - *A* scripts/artifacts/AIChatbotNovaCachedImages.py <https://github.com/abrignoni/ALEAPP/pull/696/files#diff-cdd4c2671937a5f97e53fcdf86ae3e751ac775f01ea71eaad0f18bb374f1e81d> (172) - *A* scripts/artifacts/AIChatbotNovaConversations.py <https://github.com/abrignoni/ALEAPP/pull/696/files#diff-2c58da10af5c3819ca2f0ec6af3606a01abc7e49a6a13f7f4bc908b26a9143b0> (579) - *A* scripts/artifacts/AIChatbotNovaHistory.py <https://github.com/abrignoni/ALEAPP/pull/696/files#diff-b60625e3d8c63ae89320d2e621bccab746a9816886618d405cf21d5905624688> (276) - *A* scripts/artifacts/AIChatbotNovaHistoryDetail.py <https://github.com/abrignoni/ALEAPP/pull/696/files#diff-c6335c334f1e8cf44ba9d05cbb7a4b88e2e6a5db6b951dd2d681d41f5f22dd50> (329) - *A* scripts/artifacts/AIChatbotNovaHistoryDetailDocument.py <https://github.com/abrignoni/ALEAPP/pull/696/files#diff-c9d28daf3308d18ad25da896cd072b32051496b7f6761082a45e5d18b2e8c7b1> (411) - *A* scripts/artifacts/AIChatbotNovaHistoryDetailImage.py <https://github.com/abrignoni/ALEAPP/pull/696/files#diff-f351bf831e092dc6ffbbc28c4becef1dc1e59e81d75f50352aa5b1f9c86b3068> (395) - *A* scripts/artifacts/AIChatbotNovaHistoryDetailLink.py <https://github.com/abrignoni/ALEAPP/pull/696/files#diff-501240b26c7a0ae9bb95941529cdda85d18508bdea4b88b8cf5ba6f4681de882> (296) - *M* scripts/report_icons.py <https://github.com/abrignoni/ALEAPP/pull/696/files#diff-7aa964d9bb13d7f57672bf4c44bc346a54149de3b837f674dd763423371f01d4> (1) Patch Links: - https://github.com/abrignoni/ALEAPP/pull/696.patch - https://github.com/abrignoni/ALEAPP/pull/696.diff — Reply to this email directly, view it on GitHub <#696>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AG3DPC5ANQVUGM7VYACZQPT43Q47RAVCNFSM6AAAAACZEFVHQOVHI2DSMVQWIX3LMV43ASLTON2WKOZUGQ3TMNZWGI4DIMA> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[guilhermegui08]

For the code to be merged it must use the built-in check in media function to handle images. We are also not allowing HTML escaping from the scripts due to code injection security risks. Generally the code needs to be more concise and refrain from the use of deprecated methods that are problematic, like datetime.utcfromtimestamp. The script also needs to be LAVA compatible to be merged. Lastly make sure to follow reporting conventions as seen in other scripts. The artifacts are needed and truly awesome. Looking forward to merging them.
…
On Tue, May 19, 2026 at 6:59 AM Guilherme Guilherme < @.> wrote: This PR adds 7 modules for the Nova AI Chatbot application. The package ID is com.scaleup.chatai and the main database is located at /data/data/com.scaleup.chatai/databases/chat-ai.db. Modules Added Module Description HistoryDetailImage Extracts all images from the HistoryDetailImage table, correctly identifying AI‑generated images (ASSISTANT role) vs user‑submitted images (USER role). Includes prompt, generation state, pipeline, style ID, and Firebase path. HistoryDetailDocuments Extracts all user‑submitted documents from the HistoryDetailDocument table with name, MIME type, size, source type, and Firebase path. Conversations Full conversation reconstruction by joining History, HistoryDetail, and all attachment tables. One row per message with images, documents, and links displayed inline. Cached Images Extracts all cached images from the Glide disk cache ( cache/image_manager_disk_cache/.0). Generates an HTML gallery with thumbnails, file size, and modification time using direct file paths to the extracted .0 files. Output Format All modules produce: - HTML report with previews - TSV file for further analysis - Timeline output Screenshot imagem.png (view on web) https://github.com/user-attachments/assets/f92230cd-0a39-4557-bbf0-c81c7f2fdd35 Acknowledgements This work was developed with the assistance of AI ------------------------------ You can view, comment on, or merge this pull request online at: #696 Commit Summary - 0aa20d7 <0aa20d7> Add artifact scripts - abac85b <abac85b> Add icons File Changes (8 files https://github.com/abrignoni/ALEAPP/pull/696/files) - A scripts/artifacts/AIChatbotNovaCachedImages.py https://github.com/abrignoni/ALEAPP/pull/696/files#diff-cdd4c2671937a5f97e53fcdf86ae3e751ac775f01ea71eaad0f18bb374f1e81d (172) - A scripts/artifacts/AIChatbotNovaConversations.py https://github.com/abrignoni/ALEAPP/pull/696/files#diff-2c58da10af5c3819ca2f0ec6af3606a01abc7e49a6a13f7f4bc908b26a9143b0 (579) - A scripts/artifacts/AIChatbotNovaHistory.py https://github.com/abrignoni/ALEAPP/pull/696/files#diff-b60625e3d8c63ae89320d2e621bccab746a9816886618d405cf21d5905624688 (276) - A scripts/artifacts/AIChatbotNovaHistoryDetail.py https://github.com/abrignoni/ALEAPP/pull/696/files#diff-c6335c334f1e8cf44ba9d05cbb7a4b88e2e6a5db6b951dd2d681d41f5f22dd50 (329) - A scripts/artifacts/AIChatbotNovaHistoryDetailDocument.py https://github.com/abrignoni/ALEAPP/pull/696/files#diff-c9d28daf3308d18ad25da896cd072b32051496b7f6761082a45e5d18b2e8c7b1 (411) - A scripts/artifacts/AIChatbotNovaHistoryDetailImage.py https://github.com/abrignoni/ALEAPP/pull/696/files#diff-f351bf831e092dc6ffbbc28c4becef1dc1e59e81d75f50352aa5b1f9c86b3068 (395) - A scripts/artifacts/AIChatbotNovaHistoryDetailLink.py https://github.com/abrignoni/ALEAPP/pull/696/files#diff-501240b26c7a0ae9bb95941529cdda85d18508bdea4b88b8cf5ba6f4681de882 (296) - M scripts/report_icons.py https://github.com/abrignoni/ALEAPP/pull/696/files#diff-7aa964d9bb13d7f57672bf4c44bc346a54149de3b837f674dd763423371f01d4 (1) Patch Links: - https://github.com/abrignoni/ALEAPP/pull/696.patch - https://github.com/abrignoni/ALEAPP/pull/696.diff — Reply to this email directly, view it on GitHub <#696>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AG3DPC5ANQVUGM7VYACZQPT43Q47RAVCNFSM6AAAAACZEFVHQOVHI2DSMVQWIX3LMV43ASLTON2WKOZUGQ3TMNZWGI4DIMA . You are receiving this because you are subscribed to this thread.Message ID: @.*>

Thank you for your time. I Will be looking forward the next weeks to fix the modules. Right now I'm very busy with other projects.

[abrignoni]

The media function you need to use is called check_in_media. Also you need to use the LAVA objects when reporting so the epoch timestamp can then be offset by LAVA as opposed to hard coded UTC in human readable form. Here is a video on how to make LAVA compliant artifacts.

https://www.youtube.com/watch?v=qTgZUh4GPxk

I apologize for not being more clear previously. I need to update the readme.md of the project but time has been at a premium lately.

Be aware that any artifact that currently uses any of the old functions we are slowly updating. If you need an example of a LAVA compliant artifact look at WhatsApp.py in iLEAPP.

[guilhermegui08]

1. AIChatbotNovaHistory

• Description: Parses the primary application database (chat-ai.db) to extract critical communication metadata.
• Output: Generates 5 distinct reports mapping historical data from core tables, covering structured logs, message interactions, and database-backed telemetry.

2. AIChatbotNovaSharedPrefs

• Description: Targets the application's XML configuration stores within the shared_prefs/ directory (e.g., MOMO_PREF_FILE.xml and AdaptySDKPrefs.xml).
• Output: Generates 2 distinct reports focused on user account identifiers, decoded Firebase JWT tokens, global usage metrics, and SDK payment profiles.

3. AIChatbotNovaMediaStore

• Description: Correlates file attachment records from the HistoryDetailDocument table with local storage data found in the application's external media directory (sdcard/Android/media/com.scaleup.chatai/Nova/) and the Android MediaStore index (external.db).
• Output: Generates 1 comprehensive report that bridges the gap between locally present files and cloud-only assets (Firebase Storage sync residues), providing crucial insight into user interaction history even if physical files were deleted or synced from another device.

4. AIChatbotNovaConversations

• Description: Aggregates and cross-references multi-table outputs from the history modules to compile an entire thread history. It dynamically maps local physical file storage paths for images and documents when available.
• Output: Provides 1 consolidated report that fully reconstructs the user's complete chat history.