-
Notifications
You must be signed in to change notification settings - Fork 235
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Quark-Engine integration #92
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @pulorsok, thanks for the PR. Looking great overall. I have to say it's better than what I had in my mind :)
Just adding small comments here and there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank for the PR @pulorsok. Awesome work, just a minor concern I have.
@Surendrajat @amsharma44 And there are still a few works I will do after.
|
@pulorsok please rebase this PR on master. |
Hi @Surendrajat , Click on the description of the potentially malicious activity, it will expand and show the detailed of the function (green box), including the class name, method name and smali code that executes the API. |
@pulorsok Thanks for update. Please check the recent changes on |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pulorsok Leaving some comments here. Mostly related to new quark-engine
changes.
@pulorsok could you please rebase it once again? Seems like some conflicts with master again. |
@pulorsok I tested the changes, and it seems we are almost there :) There are few things that need further changes:
quark-ext.mp4My concerns here are:
|
@pulorsok I've added the missing step from GitHub workflow to install |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Quark-Engine integration
Requirements:
Add "Quark Analysis" option
Add "Quark Analysis" as one of the "decode quick pick" items.
Then Quark will be executed after the decompilation of Jadx. And the report will appear as a JSON file in the decoded directory.
A warning message pops up when Quark is not installed
When "Quark Analysis" is selected, it will first check whether Quark-Engine has been installed. If not, it will show an error message and exit the process.
Show report as WebView
The summary report of the APK will be shown as a WebView at the bottom panel.
You can also right-click the report file to show the WebView (summary report).
Righ-click quark report file to show WebView (summary report).
Source Code Navigation
In WebView (summary report), click on the description of potential malicious activities, the editor panel will open the exact .smali file and highlight the whole block of the function where the activities are detected.
Note:
Meaning of colors in the highlighted smali codes.