quark-engine 24.9.1

An Obfuscation-Neglect Android Malware Scoring System

Quark Agent - Your AI-powered Android APK Analyst

With Quark Agent, you can perform analyses using only natural language. It creates Quark Script code following your ideas and adjusts the code promptly as you provide feedback.

Showcase:

Here’s a demonstration of using Quark Agent to detect the CWE-798 vulnerability in the ovaa.apk file.

Step 1: Environments Requirements

• Make sure your Python version is 3.8 or above.

Step 2: Install Quark Agent

• Install Quark Agent by running:

git clone https://github.com/quark-engine/quark-engine.git && cd quark-engine
pip install .[QuarkAgent]

Step 3: Prepare the Detection Rule and the Sample File

.
├── ...
├── quark                   
    ├── ...           
    ├── agent               # Put rule file and sample file here
    ├── ...                

You can download the rule file here and the sample file here.

Step 4: Add your OpenAI API key

Add your OpenAI API key in quarkAgentWeb.py

os.environ["OPENAI_API_KEY"] = 'your-api-key-here'

Step 5: Run Quark Agent

$ cd quark/agent
$ python3 quarkAgentWeb.py

# You can now chat with Quark Agent in your browser. 
# The default URL is http://127.0.0.1:5000

Open a browser and navigate to 127.0.0.1:5000 to start using Quark Agent

See more CWE detections using quark scripts and play them with Quark Agent !

Acknowledgments

The Honeynet Project

Google Summer Of Code

Quark-Engine has been participating in the GSoC under the Honeynet Project!

• 2021:
  • YuShiang Dang: New Rule Generation Technique & Make Quark Everywhere Among Security Open Source Projects
  • Sheng-Feng Lu: Replace the core library of Quark-Engine

Stay tuned for the upcoming GSoC! Join the Honeynet Slack chat for more info.

Core Values of Quark Engine Team

• We love battle fields. We embrace uncertainties. We challenge impossibles. We rethink everything. We change the way people think. And the most important of all, we benefit ourselves by benefit others first.