Announcing Mercury v2.2

Today, Mercury v2.2 is available for download. Well, it’s nearly easter, and whilst we are packing up for the long weekend we wanted to give you a little present.

We’re also giving away a free Android app (free, because it’s hopelessly riddled with security vulnerabilities) for you to download and try Mercury on.

So, what’s different? Following up on your feedback, we wanted to make Mercury more stable, and easier to use. We did that, fixed a few bugs on the way, and piled in a bunch more features to boot.

Not sure what Mercury is? Well, ok… That stings a little, but we forgive you. Mercury is the leading Android Security Assessment Framework. It allows security researchers and developers to interact with Android apps as if they were another app on the device, to search for security vulnerabilities, develop exploits and test fixes.

It was hard to pick our top three features, but here goes…

Nobody likes Typing

Mercury has always tried to do the typing for you – hit <TAB> and it will finish commands, module names and file paths. That was always cool, but what about all of the options that you had to pass to a module? You still had to type them out in full.

With Mercury v2.2 we can do a lot more of the typing for you. Type:

mercury> run app.activity.start --<TAB>

and Mercury responds with:

action     component  extra      help       
category   data-uri   flags      mimetype

Type f <TAB> and then hit <TAB> again:

mercury> run app.activity.start --flags 
ACTIVITY_BROUGHT_TO_FRONT       ACTIVITY_NO_USER_ACTION
ACTIVITY_CLEAR_TASK             ACTIVITY_PREVIOUS_IS_TOP
ACTIVITY_CLEAR_TOP              ACTIVITY_REORDER_TO_FRONT
ACTIVITY_CLEAR_WHEN_TASK_RESET  ACTIVITY_RESET_TASK_IF_NEEDED
ACTIVITY_EXCLUDE_FROM_RECENTS   ACTIVITY_SINGLE_TOP
ACTIVITY_FORWARD_RESULT         ACTIVITY_TASK_ON_HOME
ACTIVITY_LAUNCHED_FROM_HISTORY  FLAG_DEBUG_LOG_RESOLUTION
ACTIVITY_MULTIPLE_TASK          FROM_BACKGROUND
ACTIVITY_NEW_TASK               GRANT_READ_URI_PERMISSION
ACTIVITY_NO_ANIMATION           GRANT_WRITE_URI_PERMISSION
ACTIVITY_NO_HISTORY             RECEIVER_REGISTERED_ONLY

The full list of what we provide suggestions for now is pretty long. Suffice to say that we can provide suggestions for just about everything you might otherwise have to look up.

Running Windows? No problem. Make sure to install pyreadline and you’ll get most of the auto-complete goodness.

What did I just type?

As well as providing auto-complete suggestions, Mercury has always allowed you to access the last commands you typed by pressing the up arrow key. This was super, until you entered an Android shell, by typing shell or !. Then, the history got all confused, suggesting you type Mercury commands into the Linux shell, or vice-versa.

As of Mercury v2.2, we maintain separate command history for Mercury, shells and inside the interactive-Java module (auxiliary.develop.interactive). So, enter a Linux shell and we’ll offer the last Linux commands you wrote; come back to Mercury and there won’t be a Linux command in sight.

Fixing ContentProvider Crashes

It is an odd feature of Android that if you have an open database cursor in a process that dies, your process is killed. This caused a lot of weird crashes when interacting with ContentProviders, particularly through the scanner.provider.* modules.

In Mercury v2.2 we try to work around this platform limitation, by transparently replacing the ContentResolver with an unstable ContentProviderClient.

In our testing, this has fixed the random crashes caused by other apps crashing.

Sieve

Sieve is a password manager, but we wouldn’t recommend putting any real passwords in it! Sieve is riddled with security vulnerabilities for you to find with Mercury. It’s a great place to start if you are new to Mercury, to hone your skills, or just for the lulz.

You can download Sieve here.

We’ll be publishing some video walk-throughs in a couple of weeks showing how to find the vulnerabilities.

How do I get it?

You can get it now, from the downloads page.

Please send us your feedback, questions and comments on the new version via Github. We’ll do our best to get them into the next release.

Remember, the more feedback you give us, the quicker we can compile it into cool new features, functionality and modules for Mercury.