Quark-Engine
Quark-Engine is a rule-based Android malware analysis framework for scoring threats in APK and DEX files. It provides detailed reports, call graphs, and summaries to identify high-risk behaviors quickly.
Description
Quark-Engine is a full-featured Android analysis framework written in Python designed for hunting threat intelligence inside APK and DEX files. It uses a rule-based system where built-in rules can be used or customized as needed. Inspired by criminal law concepts, it offers unique angles for Android malware analysis.
The tool features a Dalvik bytecode loader with tainted analysis that defeats obfuscation techniques used against reverse engineering. This loader aligns perfectly with its malware scoring system, enabling effective detection despite obfuscation. It supports integration with tools like Ghidra, APKLAB, and Jadx to enhance reverse engineering efficiency.
Quark-Engine is easy to use and provides flexible output formats including detail reports, call graphs, and summary reports. These allow users to quickly overview high-risk behaviors in Android applications.
How It Works
Quark-Engine employs a Dalvik bytecode loader for tainted analysis that defeats obfuscation techniques. It uses a rule-based scoring system applied to APK and DEX files, matching rules against decoded behaviors to generate scores and reports. Rules are sourced from /root/.quark-engine/quark-rules/rules, updated via freshquark, and can be specified individually.
Installation
sudo apt install quark-engineFlags
Examples
freshquark -hfreshquarkquark --helpquark -a example.apkquark -a example.apk -squark -a example.apk -dquark -a example.apk -o report.jsonquark -a example.apk -r /root/.quark-engine/quark-rules/rules/specific_rule.json