Rule Generation
The Rule generation technique is based on the idea below:
Sort all APIs used in an APK by their usage counts.
Separate all APIs into two groups, P(20% least usage count) and S(other 80% APIs), by the Pareto principle (20-80 rule).
- Combine $P$ and $S$ into four different phases:
PxP
PxS
SxP
SxS
Execute the rule generation with each phase in this order: PxP -> PxS -> SxP -> SxS
The earlier the phase, the higher the value of the rule but less time spent. We can generate rules in a phased manner according to different situations. For example, under a time constraint, we can take PxP phase rules as an overview for the target APK.
CLI Usage
Generate rules for APK with the following command:
$ quark -a <sample path> --generate-rule <generated rule directory path>
Generate rules and web editor with the following command:
$ quark -a <sample path> --generate-rule <generated rule directory path> -w <web editor file name>
API Usage
And here is the simplest way for API usage:
from quark.rulegeneration import RuleGeneration
# The target APK.
APK_PATH = "Ahmyth.apk"
# The output directory for generated rules.
GENERATED_RULE_DIR = "generated_rules"
generator = RuleGeneration(APK_PATH, GENERATED_RULE_DIR)
generator.generate_rule(web_editor="report.html")
Web Editor Tutorial
Here is the demo for the rule generation web editor. You can easily review and edit generated rules with 5 steps:
Input keywords to search rules.
Select the generated rules you want to save.
Edit rule information.
Edit crime, score, and labels with the editor.
Save the edited rule.
Radiocontrast
Radiocontrast is a Quark API that quickly generates Quark rules from a specified method. It builds up 100% matched rules by using native APIs in that method. The feature lets you easily expose the behavior of a method, just like radiocontrast.
For example, we want to know the behavior of a method called Lahmyth/mine/king/ahmyth/CameraManager;->startUp(I)V,
in Ahmyth.apk.
Here is the simplest way for Radiocontrast usage:
from quark.radiocontrast import RadioContrast
# The target APK.
APK_PATH = "Ahmyth.apk"
# The method that you want to generate rules.
TARGET_METHOD = "Lahmyth/mine/king/ahmyth/CameraManager;->startUp(I)V"
# The output directory for generated rules.
GENERATED_RULE_DIR = "~/generated_rules"
radiocontrast = RadioContrast(
APK_PATH,
TARGET_METHOD,
GENERATED_RULE_DIR
)
radiocontrast.generate_rule()
Use web editor to manage generated rules, you can define the parameter web_editor
in generate_rule()
as the path of output html file:
radiocontrast.generate_rule(web_editor="ahmyth.html")
The parameter percentile_rank
in generate_rule()
as the percentile number of API filter rank.
For example, if you want to keep the 20% least usage count APIs, set the percentile_rank as 0.2:
radiocontrast.generate_rule(percentile_rank=0.2)