-
Notifications
You must be signed in to change notification settings - Fork 237
Introduction
Logo Credits: https://www.linkedin.com/in/rafael-c-ferreira
MEDUSA is an Extensible and Modularised framework that automates processes and techniques practiced during the dynamic analysis of Android Applications. It consists of multiple modules that can be combined into a single script and run during a Frida session.
It can be used to:
- Intercept common API calls by using ready made modules
- Automate the creation of complex Frida scripts
- Inspect the application's memory
- Manage and categorise hooks by adding them in to modules
- Automate long-taking / boring processes
Combined with mango, its twin brother, it can cover 90% of your needs during an Android's application review:
Medusa requires a Frida server to run in a rooted mobile device or emulator. Download the Frida server binary for your device's architecture from here, push it in your device (adb push binary /data/local/tmp), chmod it to executable and you are ready to go. You can find thousands of tutorials on how to do that so I am stoping it here.
- Clone the Medusa repo
$git clone https://github.com/Ch0pin/medusa.git
- Navigate to the /medusa directory
- Install the python requirements
$pip install -r requirements.txt
If everything goes as expected you can run medusa in one of the following ways:
- Chmod the /medusa/medusa shell script to executable and run it (you can also add it in your path, so it can run from anywhere):
./medusa
- Run the medusa python script
$python3 /medusa/medusa.py
In case you are using a recipe, you can add the -r option followed by the recipe file (see the usage sections on how to create and use a recipe).
Mango is the complementary script of medusa that can be used to perform various of operations, starting from wrapping simple adb commands, to more complicated tasks, like patching the debug flag, parsing the manifest, printing the application's possible exposure points and many many more. To run it, use the /medusa/mango shell script or run $python3 mango.py:
- Chmod the /medusa/mango shell script to executable and run it (you can also add it in your path, so it can run from anywhere):
./mango
- Run the mango python script
$python3 /medusa/mango.py
If you are not using mango for first time, you can give as a parameter the db file created from the previous session (see usage regarding the db file):
$mango mypapps.db
Medusa modules are customised Frida scripts that can be combined and run under a Frida session. At the time of writing this wiki, Medusa counts more than 90 modules classified according to their usage in the following categories:
backdoor, cordova, services, code_loading, webviews, intents, spyware, encryption, clipboard, bluetooth, sms_fraud, content_providers, helpers, exploits, file_system, db_queries, sockets, compression, clickers, base64, runtime, firebase, http_communications, JNICalls, flutter
As the names imply, each one of these categories contains modules that can be used to hook relative API calls. For example the "intents" category includes the following modules:
- intents/incoming_intents
- intents/intent_monitor_v2
- intents/pending_intents
- intents/intent_creation_monitor
- intents/outgoing_intents
- intents/start_activity
Each on of them hooks a subset of useful API calls which are relative to Android intents.
Medusa Wiki
Medusa Wiki
-
- Searching for the right module
- Getting info about a module
- Stashing / un-stashing
- Compiling
- Starting a session
- Hooking beyond the modules
- Importing Frida scripts
- Working with native libraries
- Working with the application's memory
- Getting Class and Object snapshots
- Useful utilities
- Saving a session (recipe)