In this tutorial, we will learn how to install and run Quark Script with a very easy example. We show how to detect CWE-798 in ovaa.apk.
- Quark Script requires Python 3.8+
You can install Quark Engine by running:
pip3 install quark-engine
- Get the CWE-798 Quark Script and the detection rule here.
- Get the sampe file (ovaa.apk) here.
- Put the script, detection rule, and sample file in the same directory.
- Edit accordingly to the file names:
SAMPLE_PATH = "ovaa.apk"
RULE_PATH = "findSecretKeySpec.json"
python3 CWE-798.py
You should now see the detection result in the terminal:
Found hard-coded AES key 49u5gh249gh24985ghf429gh4ch8f23f