Comments (8)
Hi @Surendrajat
Thanks for replying us.
I'll answer your questions below with bullet points.
-
Question: It seems to be a CLI frontend with preinstalled(or user-provided) rules to work on.
- Yes! BTW, users can use command
freshquark
to get newest rules we provide or they can use rules written by themselves.
- Yes! BTW, users can use command
-
Question: The main dependency here is quark and python. That can be listed along with other requirements.
- YES
-
Question: For the main UI component I guess some sort of APKLab: Malware analysis with Quark-Engine followed by an APK selector and optional(?) rules selector.
- I agree with the idea of rules selector. But I suggest to refine this to
rule type
selector since we're now managing rules with labels. This is our rule viewer UI. https://bit.ly/36KlxGL
- I agree with the idea of rules selector. But I suggest to refine this to
-
Question: The output is to come in VS Code output channel window(?).
- Ideally, we're thinking the output (adjusted summary report) is to come to the panel (Area D shown in the picture blow) . Once the user click on the detected behavior in area D. The editor groups (Area C) shows the exactly the decompiled source code or the smali code directly.
- Question: Some other useful features might need a separate UI component(?).
- YES! For example, call graphs, detailed reports and classification reports.
from apklab.
our Github repository is here: https://github.com/quark-engine/quark-engine 😄
from apklab.
@18z @krnick Quark engine looks promising and I will be happy to integrate it into APKLab.
I've looked into the project page, docs, etc. and it seems to be a CLI frontend with preinstalled(or user-provided) rules to work on. Few initial observations:
- The main dependency here is quark and python. That can be listed along with other requirements.
- For the main UI component I guess some sort of
APKLab: Malware analysis with Quark-Engine
followed by an APK selector and optional(?) rules selector. - The output is to come in VS Code output channel window(?).
- Some other useful features might need a separate UI component(?).
Let me know if I got it right and this flow works for you. We can discuss more in detail the points above or the ones that I missed.
CC @amsharma44
from apklab.
Hi, @Surendrajat, I am also a member of Quark-Engine.
From now on, I will take care of this issue and working on the integration.
from apklab.
Is there a list of labels shipped with quark? Or is it fixed? To show some multi-select quickpick one needs to know all the labels.
Labels are written in the detection rules and many more will be shipped with quark.
This will require most of the work I guess. Is it possible to print the smali file name in quark analysis? Hitting the exact file in java source will get a bit tricky as well due to anonymous classes (*$1.smali etc.). Let's think this through.
Yes! We can print the smali file name in quark analysis.
We did some experiments and find out that the most comprehensive information of the source code is written in file names like a.smali not the ones with numbers (a$2.smali etc).
If what we found is right, then we can ignore the anonymous classes.
from apklab.
But I suggest to refine this to rule type selector since we're now managing rules with labels.
Is there a list of labels shipped with quark? Or is it fixed? To show some multi-select quickpick one needs to know all the labels.
Ideally, we're thinking the output (adjusted summary report) is to come to the panel (Area D shown in the picture blow).
Yeah. That's what I mean by output Channel. There's an output tab in panel D where each extension has it's own channel.
Once the user click on the detected behavior in area D. The editor groups (Area C) shows the exactly the decompiled source code or the smali code directly.
This will require most of the work I guess. Is it possible to print the smali file name in quark analysis? Hitting the exact file in java source will get a bit tricky as well due to anonymous classes (*$1.smali
etc.). Let's think this through.
from apklab.
Hi @pulorsok. Glad to know that.
Meanwhile, we have been working to make APKLab more contributor-friendly by adding linting and formatting rules, and basic integration tests. I'll add a contributing guide sometime soon as well.
Hope it will make things easy for you. Please feel free to ask anything related here or on telegram.
from apklab.
Labels are written in the detection rules and many more will be shipped with quark.
I hope there aren't too many rules to parse. It might be slower if these rules are in separate JSON files.
Yes! We can print the smali file name in quark analysis.
Cool. I'm wondering if we can show it relative to the currently opened dir(decoded project root) as VSCode will automatically make it clickable.
If what we found is right, then we can ignore the anonymous classes.
Hope you're right. I am planning to implement a simple smali -> java file switcher and I think it should be fine for a start. The user will click on smali file link and then something like right-click -> show java source.
from apklab.
Related Issues (20)
- Rename package name feature HOT 1
- Apklab
- hi
- Try to merge classes unless there are conflicting methods HOT 1
- Ignore list to ignore certain known classes or libraries
- Open APK didn't worked HOT 7
- Add search Feature
- Running APKLab in offline environment (Open APK) HOT 2
- Step "decompile_java" fails on Windows when username has a space in it. HOT 1
- OpenAPK cannot find the file? HOT 1
- how to set apklab.keystorePath HOT 1
- Adb install will fail if the filename contains space HOT 4
- Invalid CEN header (invalid zip64 extra data field size)
- Broken after decode
- error: resource android:bool/config_cecRcProfileTvNone_default is private. HOT 1
- Add flutter support
- Unable to access jarfile d HOT 2
- Changing .java files doesn't change smali which in turn doesn't reflect on built apk HOT 2
- NEED HELP ANALYZE MY GAME APK FILE, IT'S REPORTED AS VIRUS BY GOOGLE PLAY PROTECT
- HTTPS Inspection Patch Doesn't Work for Gaana.com apk
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apklab.