m0bilesecurity/RMS-Runtime-Mobile-Security

Can't attach big Frida scripts - PayloadTooLargeError: request entity too large

Anon-Exploiter opened this issue · 2 comments

Anon-Exploiter commented

Describe the bug
When a big frida script with a lot of code is attached to an application, rms throws an exception PayloadTooLargeError: request entity too large. Possibly due to the HTTP request body being too large and it maybe a npm error. A good fix for this would be to read the files on the native file storage and execute them instead of showing them and passing them to the HTTP request.

To Reproduce [Required]
Steps to reproduce the behavior:

  1. Install the following xamarin sample apk https://github.com/GoSecure/frida-xamarin-unpin/blob/master/dist/com.test.sample.apk
  2. Fetch the following xamarin ssl pinning bypass frida script https://github.com/GoSecure/frida-xamarin-unpin/blob/master/dist/xamarin-unpin.js
  3. Store it in the custom_scripts folder
  4. Run rms from the beginning and attach to the mobile application
  5. Select the shared frida script above and click on "Start RMS"
  6. The exception would be shown

Expected behavior [Optional]
The frida script should attach with the application without any issues regardless of how big it is.

Desktop (please complete the following information): [Required]

  • OS: Windows 11
  • Browser: Chrome

Smartphone (please complete the following information): [Required]

  • Device: AVD
  • OS: Android 10
  • Frida Server version: 16.1.8

Console Logs [Required]

PayloadTooLargeError: request entity too large
    at readStream (C:\Users\User\AppData\Roaming\npm\node_modules\rms-runtime-mobile-security\node_modules\raw-body\index.js:163:17)
    at getRawBody (C:\Users\User\AppData\Roaming\npm\node_modules\rms-runtime-mobile-security\node_modules\raw-body\index.js:116:12)
    at read (C:\Users\User\AppData\Roaming\npm\node_modules\rms-runtime-mobile-security\node_modules\body-parser\lib\read.js:79:3)
    at urlencodedParser (C:\Users\User\AppData\Roaming\npm\node_modules\rms-runtime-mobile-security\node_modules\body-parser\lib\types\urlencoded.js:116:5)
    at Layer.handle [as handle_request] (C:\Users\User\AppData\Roaming\npm\node_modules\rms-runtime-mobile-security\node_modules\express\lib\router\layer.js:95:5)
    at trim_prefix (C:\Users\User\AppData\Roaming\npm\node_modules\rms-runtime-mobile-security\node_modules\express\lib\router\index.js:328:13)
    at C:\Users\User\AppData\Roaming\npm\node_modules\rms-runtime-mobile-security\node_modules\express\lib\router\index.js:286:9
    at Function.process_params (C:\Users\User\AppData\Roaming\npm\node_modules\rms-runtime-mobile-security\node_modules\express\lib\router\index.js:346:12)
    at next (C:\Users\User\AppData\Roaming\npm\node_modules\rms-runtime-mobile-security\node_modules\express\lib\router\index.js:280:10)
    at expressInit (C:\Users\User\AppData\Roaming\npm\node_modules\rms-runtime-mobile-security\node_modules\express\lib\middleware\init.js:40:5)
m0bilesecurity commented

Ciao @Anon-Exploiter thanks for the detailed explanation of the bug.
Do you have time to work on this?
Paolo

Anon-Exploiter commented

Hey mate,

I've created PR #128 for this. The resolution of this issue was simple. Ideally, RMS should natively load the frida scripts off of the disk but that would require a lot of rewriting of the code.

This works best for now.

  • 🎉1