QARK Cheatsheet

Sinopsis

QARK (Quick Android Review Kit) es una herramienta de análisis estática diseñada para buscar varias vulnerabilidades de aplicación de Android relacionadas con la seguridad, ya sea en código fuente o APKs empaquetados.

Instalación

Prerrequisitos

# Install Python 3.6+
sudo apt update
sudo apt install python3 python3-pip

# Install Java 8+
sudo apt install openjdk-8-jdk

# Install Android SDK (optional but recommended)

Instala QARK

# Install from PyPI
pip3 install qark

# Or install from source
git clone https://github.com/linkedin/qark.git
cd qark
pip3 install -e .

Uso básico

Analyze APK Archivo

# Basic APK analysis
qark --apk /path/to/app.apk

# Analyze with custom output directory
qark --apk /path/to/app.apk --output-dir /path/to/output

# Generate detailed report
qark --apk /path/to/app.apk --report-type html

Analyze Source Code

# Analyze Android source code
qark --source /path/to/android/project

# Analyze specific Java files
qark --java /path/to/java/files

# Analyze with custom rules
qark --source /path/to/project --custom-rules /path/to/rules.json

Opciones de línea de mando

Opciones básicas

# Show help
qark --help

# Show version
qark --version

# Verbose output
qark --apk app.apk --verbose

# Quiet mode
qark --apk app.apk --quiet

Opciones de análisis

# Skip specific checks
qark --apk app.apk --skip-checks "check1,check2"

# Include only specific checks
qark --apk app.apk --include-checks "check1,check2"

# Set minimum severity level
qark --apk app.apk --min-severity medium

# Enable experimental features
qark --apk app.apk --experimental

Opciones de salida

# Generate HTML report
qark --apk app.apk --report-type html

# Generate JSON report
qark --apk app.apk --report-type json

# Generate XML report
qark --apk app.apk --report-type xml

# Custom output file
qark --apk app.apk --output-file report.html

Controles de seguridad

Vulnerabilidades comunes Detectado

# SSL/TLS Issues
- Weak SSL/TLS configurations
- Certificate validation bypasses
- Insecure hostname verification

# Data Storage Issues
- Insecure data storage
- Unencrypted databases
- Sensitive data in logs

# Authentication Issues
- Weak authentication mechanisms
- Hardcoded credentials
- Insecure session management

# Communication Issues
- Unencrypted communications
- Weak cryptographic implementations
- Insecure network protocols

Normas de aduana

\\\\{
  "rules": [
    \\\\{
      "id": "custom_rule_1",
      "name": "Custom Security Check",
      "description": "Checks for custom security issue",
      "severity": "high",
      "pattern": "regex_pattern_here"
    \\\\}
  ]
\\\\}

Uso avanzado

Batch Analysis

# Analyze multiple APKs
for apk in *.apk; do
    qark --apk "$apk" --output-dir "results_$(basename "$apk" .apk)"
done

# Parallel analysis
find . -name "*.apk"|xargs -P 4 -I \\\\{\\\\} qark --apk \\\\{\\\\}

Integración con CI/CD

# Jenkins pipeline example
qark --apk app.apk --report-type json --output-file qark_report.json
if [ $? -eq 0 ]; then
    echo "QARK analysis completed successfully"
else
    echo "QARK analysis failed"
    exit 1
fi

Resultados de filtración

# Filter by severity
qark --apk app.apk --min-severity high

# Filter by category
qark --apk app.apk --include-checks "ssl,crypto,storage"

# Exclude false positives
qark --apk app.apk --exclude-patterns "test,debug"

Análisis del informe

Comprender los niveles de severidad

# Critical - Immediate security risk
# High - Significant security risk
# Medium - Moderate security risk
# Low - Minor security concern
# Info - Informational finding

Problemas comunes y correcciones

# SSL Certificate Validation
Issue: Disabled certificate validation
Fix: Implement proper certificate validation

# Hardcoded Secrets
Issue: API keys in source code
Fix: Use secure configuration management

# Insecure Data Storage
Issue: Unencrypted sensitive data
Fix: Implement proper encryption

Configuración

Archivo de configuración

\\\\{
  "output_dir": "./qark_output",
  "report_type": "html",
  "min_severity": "medium",
  "skip_checks": [],
  "include_checks": [],
  "custom_rules": "./custom_rules.json"
\\\\}

Medio ambiente

# Set QARK configuration
export QARK_CONFIG=/path/to/config.json

# Set Android SDK path
export ANDROID_HOME=/path/to/android/sdk

# Set Java home
export JAVA_HOME=/path/to/java

Solución de problemas

Cuestiones comunes

# Java not found
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64

# Android SDK issues
export ANDROID_HOME=/path/to/android/sdk
export PATH=$PATH:$ANDROID_HOME/tools:$ANDROID_HOME/platform-tools

# Permission issues
chmod +x qark
sudo chown -R $USER:$USER ~/.qark

Modo de depuración

# Enable debug logging
qark --apk app.apk --debug

# Verbose output with stack traces
qark --apk app.apk --verbose --debug

Buenas prácticas

Control de seguridad flujo de trabajo

1. Static Analysis with QARK
   qark --apk app.apk --report-type html

2. Review findings and prioritize fixes

3. Dynamic testing with other tools

4. Re-test after fixes
   qark --apk fixed_app.apk --compare baseline_report.json

Consejos de integración

# Automate with scripts
#!/bin/bash
APK_FILE=$1
OUTPUT_DIR="qark_$(date +%Y%m%d_%H%M%S)"
qark --apk "$APK_FILE" --output-dir "$OUTPUT_DIR" --report-type html
echo "Report generated in $OUTPUT_DIR"

# Use with other security tools
qark --apk app.apk && \
mobsf_scan app.apk && \
drozer_scan app.apk

Recursos

• ** Documentación oficial**: QARK GitHub
• Directrices de seguridad: Seguridad móvil de la OPEP
• ** Seguridad de Android**: Las mejores prácticas de seguridad de Android