Skip to content

Home

Jump to bottom
dbradberry edited this page Jan 16, 2013 · 34 revisions

Mercury is a security assessment framework for the Android. It allows you to dynamically interact with the IPC endpoints exported by an application installed on a device.

Mercury is open source software, maintained by MWR InfoSecurity, and can be downloaded from:

mwr.to/mercury

Mercury provides similar functionality to a number of static analysis tools, such as aapt, but offers far more flexibility by allowing you to interact with these endpoints from the context of an unprivileged application running on the same device. The Android sandbox is designed to restrict the access of an unprivileged application to other applications, and the underlying device, without requesting appropriate permissions. You will be surprised how much access you actually have…

This wiki site is home to the Developers’ Documentation, for those who wish to write Mercury modules or extend the Mercury core.

This wiki also includes the Compatibility Matrix that shows which versions of Mercury are compatible with the various versions of the Mercury Agent.

For more information on using Mercury, please visit the project website.

Mercury Developers

Mercury is designed to allow new functionality to be added through stand-alone modules. If you want to build new checks, exploits or tools you should start with a module. If what you want to do is simply not possible through the module interface, you may need to extend the core.

The source code for Mercury is distributed in a number of Github projects:

  • mercury: contains the Console and Server;
  • mercury-agent: contains the Android Agent; and
  • mercury-common: contains components that are shared between the Agent and Console.

The mercury-common module is included in the other repositories as a Git Submodule. After cloning for the first time, you will need to run the following command to fetch the additional source:

git submodule init && git submodule update

You’ll probably want to read:

We also suggest getting a better understanding of how Mercury works. These guides explain how the Mercury system is architected, and how it works together:

Before you contribute, please read:

If you have any questions, you can:

Clone this wiki locally