Dig Vulnerabilities in the BlackBox
In this section, we will show how to detect CWE-798 with Quark Script.
$ pip3 install -U quark-engine
SAMPLE_PATH = "ovaa.apk"
RULE_PATH = "findSecretKeySpec.json"
# Now you are ready to run the script!
$ python3 CWE-798.py
# You should now see the detection result in the terminal.
Found hard-coded AES key 49u5gh249gh24985ghf429gh4ch8f23f
Quark-Engine has been participating in the GSoC under the Honeynet Project!
Stay tuned for the upcoming GSoC! Join the Honeynet Slack chat for more info.