Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime.
You can easily dump all the loaded classes and relative methods, hook everything on the fly, trace methods args and return value, load custom scripts and many other useful stuff.
Runtime Mobile Security (RMS) is currently supporting Android devices only.
It has been tested on MacOS and with the following devices:
- AVD emulator
- Genymotion emulator
- Amazon Fire Stick 4K
It should also work well on Windows and Linux but some minor adjustments may be needed.
Do not connect more than one device at the same time. RMS is not so smart at the moment 😉
FRIDA server up and running on the target device
Refer to the official FRIDA guide for the installation: https://frida.re/docs/android/
Some cool projects that can help to auto install, update and run frida are:
- Sometime RMS fails to load complex methods. Use a filter when this happens or feel free to improve the algo (default.js).
- Code is not optimized
- iOS support
- Frida Gadget is currently NOT supported
- Feel free to send me your best JS sript via a Pull request. I'll be happy to bundle all the best as default scripts in the next RMS release.
e.g.
- root detection bypass
- ssl pinning bypass
- reflection detection
- etc...
- (optional) Create a python virtual environment
pip3 install -r requirements.txtpython3 mobilesecurity.py- Open your browser at
http://127.0.0.1:5000/
NOTE RMS attachs a persistence process called com.android.systemui to get the list of all the classes that are already loaded in memory before the launch of the target app. If you have an issue with it, try to find a different package that works well on your device. You can set another default package via the Config Tab or by simply editing the config.json file.
Go back to the dump page in order to have an overview of all the hooked methods that have been executed by the app ✅
Just add your .js files inside the custom_script folder and they will be automatically loaded by the web interface ready to be executed.
via the API Monitor TAB you can easily monitor tons of Android APIs organized in 19 different Categories. Support can be easily extended by adding more classes/methods to the api_monitor.json file.
You can also monitor native functions: libc.so - open, close, read, write, unlink, remove
Inject the FRIDA script to load the amazing Stetho.
Stetho is a sophisticated debug bridge for Android applications. When enabled, developers have access to the Chrome Developer Tools feature natively part of the Chrome desktop browser. Developers can also choose to enable the optional dumpapp tool which offers a powerful command-line interface to application internals.
A simple File Manager has been implemented to help you exploring app's private folders and files. This feature is still in BETA.
TODO: In order to download needed files directly from the web page, frida-fs must be implemented. A PR or an help is more than welcome 😉. Currently, RMS is only able to create on the fly the ADB pull command that is needed to download the file via the terminal.
Special thanks to the following Open Source projects for the inspiration:
RootBeer Sample is the DEMO app used to show how RMS works. RootBeer is an amazing root detection library. I decided to use the Sample app as DEMO just to show that, as every client-side only check, its root detection logic can be easily bypassed if not combined with a server-side validation.
Anti-Frida Frida Detection Examples by Bernhard Mueller.
RMS is licensed under a GNU General Public v3 License.