quark-rule-generate.github.io/index.html at main · ev-flow/quark-rule-generate.github.io · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208


<!DOCTYPE html>
<html class="writer-html5" lang="en" data-content_root="./">
<head>
  <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />

  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  <title>Rule Generation &mdash; quark-rules v26.1.1 documentation</title>
      <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=b86133f3" />
      <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=9edc463e" />


      <script src="_static/jquery.js?v=5d32c60e"></script>
      <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
      <script src="_static/documentation_options.js?v=55dbfdaa"></script>
      <script src="_static/doctools.js?v=9bcbadda"></script>
      <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
    <script src="_static/js/theme.js"></script>
    <link rel="index" title="Index" href="genindex.html" />
    <link rel="search" title="Search" href="search.html" />
</head>

<body class="wy-body-for-nav">
  <div class="wy-grid-for-nav">
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search" >


          <a href="#" class="icon icon-home">
            quark-rules
              <img src="_static/quark-logo.png" class="logo" alt="Logo"/>
          </a>
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="search.html" method="get">
    <input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>
        </div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
              <!-- Local TOC -->
              <div class="local-toc"><ul>
<li><a class="reference internal" href="#">Rule Generation</a><ul>
<li><a class="reference internal" href="#cli-usage">CLI Usage</a></li>
<li><a class="reference internal" href="#api-usage">API Usage</a></li>
<li><a class="reference internal" href="#web-editor-tutorial">Web Editor Tutorial</a></li>
<li><a class="reference internal" href="#radiocontrast">Radiocontrast</a></li>
</ul>
</li>
</ul>
</div>
        </div>
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" >
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="#">quark-rules</a>
      </nav>

      <div class="wy-nav-content">
        <div class="rst-content">
          <div role="navigation" aria-label="Page navigation">
  <ul class="wy-breadcrumbs">
      <li><a href="#" class="icon icon-home" aria-label="Home"></a></li>
      <li class="breadcrumb-item active">Rule Generation</li>
      <li class="wy-breadcrumbs-aside">
            <a href="_sources/index.rst.txt" rel="nofollow"> View page source</a>
      </li>
  </ul>
  <hr/>
</div>
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">

  <section id="rule-generation">
<h1>Rule Generation<a class="headerlink" href="#rule-generation" title="Link to this heading"></a></h1>
<p>The Rule generation technique is based on the idea below:</p>
<ol class="arabic simple">
<li><p>Sort all APIs used in an APK by their usage counts.</p></li>
<li><p>Separate all APIs into two groups, P(20% least usage count) and S(other 80% APIs), by the Pareto principle (20-80 rule).</p></li>
<li><dl class="simple">
<dt>Combine $P$ and $S$ into four different phases:</dt><dd><ul class="simple">
<li><p>PxP</p></li>
<li><p>PxS</p></li>
<li><p>SxP</p></li>
<li><p>SxS</p></li>
</ul>
</dd>
</dl>
</li>
<li><p>Execute the rule generation with each phase in this order: PxP -&gt; PxS -&gt; SxP -&gt; SxS</p></li>
</ol>
<p>The earlier the phase, the higher the value of the rule but less time spent.
We can generate rules in a phased manner according to different situations.
For example, under a time constraint, we can take PxP phase rules as an overview for the target APK.</p>
<section id="cli-usage">
<h2>CLI Usage<a class="headerlink" href="#cli-usage" title="Link to this heading"></a></h2>
<p>Generate rules for APK with the following command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ quark -a &lt;sample path&gt; --generate-rule &lt;generated rule directory path&gt;
</pre></div>
</div>
<p>Generate rules and web editor with the following command:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ quark -a &lt;sample path&gt; --generate-rule &lt;generated rule directory path&gt; -w &lt;web editor file name&gt;
</pre></div>
</div>
</section>
<section id="api-usage">
<h2>API Usage<a class="headerlink" href="#api-usage" title="Link to this heading"></a></h2>
<p>And here is the simplest way for API usage:</p>
<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kn">from</span><span class="w"> </span><span class="nn">quark.rulegeneration</span><span class="w"> </span><span class="kn">import</span> <span class="n">RuleGeneration</span>

<span class="c1"># The target APK.</span>
<span class="n">APK_PATH</span> <span class="o">=</span> <span class="s2">&quot;Ahmyth.apk&quot;</span>

<span class="c1"># The output directory for generated rules.</span>
<span class="n">GENERATED_RULE_DIR</span> <span class="o">=</span> <span class="s2">&quot;generated_rules&quot;</span>

<span class="n">generator</span> <span class="o">=</span> <span class="n">RuleGeneration</span><span class="p">(</span><span class="n">APK_PATH</span><span class="p">,</span> <span class="n">GENERATED_RULE_DIR</span><span class="p">)</span>
<span class="n">generator</span><span class="o">.</span><span class="n">generate_rule</span><span class="p">(</span><span class="n">web_editor</span><span class="o">=</span><span class="s2">&quot;report.html&quot;</span><span class="p">)</span>
</pre></div>
</div>
</section>
<section id="web-editor-tutorial">
<h2>Web Editor Tutorial<a class="headerlink" href="#web-editor-tutorial" title="Link to this heading"></a></h2>
<p>Here is the demo for the rule generation web editor.
You can easily review and edit generated rules with 5 steps:</p>
<ol class="arabic simple">
<li><p>Input keywords to search rules.</p></li>
<li><p>Select the generated rules you want to save.</p></li>
<li><p>Edit rule information.</p></li>
</ol>
<img alt="https://i.imgur.com/0FLlGq0.png" src="https://i.imgur.com/0FLlGq0.png" />
<ol class="arabic simple" start="4">
<li><p>Edit crime, score, and labels with the editor.</p></li>
<li><p>Save the edited rule.</p></li>
</ol>
<img alt="https://i.imgur.com/kIVIeCk.png" src="https://i.imgur.com/kIVIeCk.png" />
</section>
<section id="radiocontrast">
<h2>Radiocontrast<a class="headerlink" href="#radiocontrast" title="Link to this heading"></a></h2>
<p>Radiocontrast is a Quark API that quickly generates Quark rules from a specified method. It builds up 100% matched rules by using native APIs in that method. The feature lets you easily expose the behavior of a method, just like radiocontrast.</p>
<p>For example, we want to know the behavior of a method called <code class="docutils literal notranslate"><span class="pre">Lahmyth/mine/king/ahmyth/CameraManager;-&gt;startUp(I)V,</span></code> in Ahmyth.apk.
Here is the simplest way for Radiocontrast usage:</p>
<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kn">from</span><span class="w"> </span><span class="nn">quark.radiocontrast</span><span class="w"> </span><span class="kn">import</span> <span class="n">RadioContrast</span>

<span class="c1"># The target APK.</span>
<span class="n">APK_PATH</span> <span class="o">=</span> <span class="s2">&quot;Ahmyth.apk&quot;</span>

<span class="c1"># The method that you want to generate rules.</span>
<span class="n">TARGET_METHOD</span> <span class="o">=</span> <span class="s2">&quot;Lahmyth/mine/king/ahmyth/CameraManager;-&gt;startUp(I)V&quot;</span>

<span class="c1"># The output directory for generated rules.</span>
<span class="n">GENERATED_RULE_DIR</span> <span class="o">=</span> <span class="s2">&quot;~/generated_rules&quot;</span>

<span class="n">radiocontrast</span> <span class="o">=</span> <span class="n">RadioContrast</span><span class="p">(</span>
<span class="n">APK_PATH</span><span class="p">,</span>
<span class="n">TARGET_METHOD</span><span class="p">,</span>
<span class="n">GENERATED_RULE_DIR</span>
<span class="p">)</span>

<span class="n">radiocontrast</span><span class="o">.</span><span class="n">generate_rule</span><span class="p">()</span>
</pre></div>
</div>
<p>Use web editor to manage generated rules, you can define the parameter <code class="docutils literal notranslate"><span class="pre">web_editor</span></code> in <code class="docutils literal notranslate"><span class="pre">generate_rule()</span></code> as the path of output html file:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radiocontrast</span><span class="o">.</span><span class="n">generate_rule</span><span class="p">(</span><span class="n">web_editor</span><span class="o">=</span><span class="s2">&quot;ahmyth.html&quot;</span><span class="p">)</span>
</pre></div>
</div>
<p>The parameter <code class="docutils literal notranslate"><span class="pre">percentile_rank</span></code> in <code class="docutils literal notranslate"><span class="pre">generate_rule()</span></code> as the percentile number of API filter rank.
For example, if you want to keep the 20% least usage count APIs, set the percentile_rank as 0.2:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">radiocontrast</span><span class="o">.</span><span class="n">generate_rule</span><span class="p">(</span><span class="n">percentile_rank</span><span class="o">=</span><span class="mf">0.2</span><span class="p">)</span>
</pre></div>
</div>
</section>
</section>


           </div>
          </div>
          <footer>

  <hr/>

  <div role="contentinfo">
    <p>&#169; Copyright Quark-Engine Team.</p>
  </div>

  Built with <a href="https://www.sphinx-doc.org/">Sphinx</a> using a
    <a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a>
    provided by <a href="https://readthedocs.org">Read the Docs</a>.


</footer>
        </div>
      </div>
    </section>
  </div>
  <script>
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(true);
      });
  </script>

</body>
</html>