Binary instrumentation framework based on FRIDA
MEDUSA is an extensible and modularized framework that automates processes and techniques practiced during the dynamic analysis of Android and iOS Applications.
$ pip install -r requirements.txt --upgrade
In macOS installation you may encounter the following issue:
Readline features including tab completion have been disabled because no supported version of readline was found. To resolve this, install pyreadline3 on Windows or gnureadline on Linux/Mac.
You can resolve this by installing python's gnureadline:
pip install gnureadline
You can find the docker file in the medusa/ directory.
$ docker build -t medusa:tag1 ./
$ docker run --name medusa --net=host --rm -it medusa:tag1
$ adb tcpip 5555
root@docker# adb connect device_ip:5555
System requirements:
Demos:
Medusa consists of two main scripts: medusa.py and mango.py:
The main idea behind MEDUSA is to be able to add or remove hooks for Java or Native methods in a large scale while keeping the process simple and effective. MEDUSA has more than 90 modules which can be combined, each one of them dedicated to a set of tasks. Indicatively, some of these tasks include:
Furthermore, you can intercept Java or Native methods that belong to 3rd party apps or create complex frida modules with just few simple commands.
Mango is medusa's twin brother which can be used to:
...and many many more
Bitcoin (BTC) Address: bc1qhun6a7chkav6mn8fqz3924mr8m3v0wq4r7jchz
Ethereum (ETH) Address: 0x0951D1DD2C9F57a9401BfE7D972D0D5A65e71dA4
Hooks api calls which found to be common for this kind of malware, including:
- Contact exfiltration
- Call log exfiltration
- Camera usage
- Microphone usage
- Location tracking
- File uploading
- Media recording
- Clipboard tracking
- Device recon
- Screenshot capture
Translates the application's UI by hooking 'setText' calls
CREDITS: