Giters

Spy0x7 / quark-script

Collections of Quark Script that detect vulnerabilities in the binaries.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Quickstart Quark Script

In this tutorial, we will learn how to install and run Quark Script with a very easy example. We show how to detect CWE-798 in ovaa.apk.

STEP 1: Environments Requirements

  • Quark Script requires Python 3.8+

STEP 2: Install Quark Engine

You can install Quark Engine by running:

pip3 install quark-engine

STEP 3: Prepare Quark Script, Detection Rule and the Sample File

  1. Get the CWE-798 Quark Script and the detection rule here.
  2. Get the sampe file (ovaa.apk) here.
  3. Put the script, detection rule, and sample file in the same directory.
  4. Edit accordingly to the file names:
SAMPLE_PATH = "ovaa.apk"
RULE_PATH = "findSecretKeySpec.json"

STEP 4: Run the script

python3 CWE-798.py

You should now see the detection result in the terminal:

Found hard-coded AES key 49u5gh249gh24985ghf429gh4ch8f23f

About

Collections of Quark Script that detect vulnerabilities in the binaries.

Languages

Language:Python 100.0%