quark.core.struct package
Submodules
quark.core.struct.bytecodeobject module
- class quark.core.struct.bytecodeobject.BytecodeObject(mnemonic, registers, parameter)
Bases:
object
BytecodeObject is used to store the instructions in smali, including mnemonic, registers, parameter
- property mnemonic
Dalvik bytecode instructions set, for example ‘invoke-virtual’.
- Returns:
a string of mnemonic
- property parameter
Commonly used for functions called by invoke-kind instructions, for example ‘Lcom/google/progress/APNOperator;->deleteAPN()Z’.
- Returns:
a string of the function name
- property registers
Registers used in Dalvik instructions, for example ‘[v3]’.
- Returns:
a list containing all the registers used
quark.core.struct.methodobject module
- class quark.core.struct.methodobject.MethodObject(class_name: str, name: str, descriptor: str, access_flags: str = '', cache: object | None = None)
Bases:
object
Information about a method in a dex file.
- access_flags: str = ''
- cache: object = None
- class_name: str
- descriptor: str
- property full_name: str
- is_android_api() bool
- name: str
quark.core.struct.registerobject module
- class quark.core.struct.registerobject.RegisterObject(register_name, value, called_by_func=None, value_type=None)
Bases:
object
The RegisterObject is used to record the state of each register
- property called_by_func
Record which functions have been called by using this register as a parameter.
- Returns:
a list containing function name
- property current_type
Get the type of the value in the register
- Returns:
a plant text that describes a data type
- Return type:
str
- property hash_index
Get the index number from given VarabileObject.
- Returns:
an integer corresponding to the register index
- property register_name
Individual register name, for example ‘v3’.
- Returns:
a string of register name
- property type_histroy
- property value
The current value stored in the register.
- Returns:
a string of the value
quark.core.struct.ruleobject module
- class quark.core.struct.ruleobject.RuleObject(ruleJson: PathLike, jsonData: dict | None = None)
Bases:
object
RuleObject is used to store the rule from json file
- property api
Key native APIs that do the action and target in order.
- Returns:
a list recording the APIs class_name and method_name in order
- check_item
- property crime
Description of given crime.
- Returns:
a string of the crime
- get_score(confidence)
According to the state of the five stages, we calculate the weighted score based on exponential growth. For example, we captured the third stage in five stages, then the weighted score would be (2^3-1) / 2^4.
2^(confidence - 1)
- Parameters:
confidence
- Returns:
floating point
- property label
A list contains various lebels described in https://github.com/quark-engine/quark-rules/blob/master/label_desc.csv
- Returns:
a label list defined in rules
- property permission
Permission requested by the apk to practice the crime.
- Returns:
a list of given permissions
- rule_filename
- property score
The value used to calculate the weighted score
- Returns:
integer
quark.core.struct.tableobject module
- class quark.core.struct.tableobject.TableObject(count_reg)
Bases:
object
This table is used to track the usage of variables in the register
- get_obj_list(index)
Return the list which contains the VariableObject.
- Parameters:
index – the index to get the corresponding VariableObject
- Returns:
a list containing VariableObject
- get_table()
Get the entire hash table.
- Returns:
a two-dimensional list
- hash_table
- insert(index, var_obj)
Insert VariableObject into the nested list in the hashtable.
- Parameters:
index – the index to insert to the table
var_obj – instance of VariableObject
- Returns:
None
- pop(index)
Override the built-in pop function, to get the top element, which is VariableObject on the stack while not delete it.
- Parameters:
index – the index to get the corresponding VariableObject
- Returns:
VariableObject