Android Penetration Tools Walkthrough Series: QARK

In this article, we are going to learn how to use the Quick Android Review Kit. QARK one of the most efficient Android static analysis tool developed by two LinkedIn security researchers — Tushar Dalvi and Tony Trummer. QARK is designed to look for several security-related Android application vulnerabilities, either in source code or packaged APKs. This project is completely written in Python which uses the plyj library. This allows Python to parse Java code and is further used to map Java objects. Tushar Dalvi and Tony Trummer say that the motivation behind creating tools is the mwrlabs DROZER tool, which is indeed a great Android Application Penetration Testing tool but requires expertise to use. On the other hand, QARK is very simple and easy to use. Let’s have a look at what QARK can do and what Android application related vulnerabilities it can find.

  • Inadvertently exported components
  • Improperly protected exported components
  • Intents which are vulnerable to interception or eavesdropping
  • Improper x.509 certificate validation
  • Creation of world-readable or world-writeable file.
  • Activities which may leak data
  • The use of Sticky Intents
  • Insecurely created Pending Intents
  • Sending of insecure Broadcast Intents
  • Private keys embedded in the source
  • Weak or improper cryptography use
  • Potentially exploitable WebView configurations
  • Exported Preference Activities
  • Tapjacking
  • Apps which enable backups
  • Apps which are debuggable
  • Apps supporting outdated API versions, with known vulnerabilities
  • And the best part it can produce ADB commands, or even fully functional APKs, that turn above mentioned hypothetical vulnerabilities into working “POC” exploits

There is no need to root the device as QARK can be used to exploit vulnerabilities in a secure environment.

  • Python 2.7.6
  • JRE 1.6+ (preferably 1.7+)
  • OSX or RHEL6.6 (Others may work, but not fully tested)

Step1: Clone the master repository of QARK.

Step2: Locate the (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Sumit Bhattacharya. Read the original post at: