Runtime Mobile Security (RMS) ๐Ÿ“ฑ๐Ÿ”ฅ - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

Overview

Runtime Mobile Security (RMS) ๐Ÿ“ฑ ๐Ÿ”ฅ

RMS_logo

NPM

by @mobilesecurity_

Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime.

With RMS you can easily dump all loaded classes and relative methods, hook everything on the fly, trace methods args and return value, load custom scripts and many other useful stuff.

iOS DEMO - VIDEO

RMS - iOS DEMO

Android DEMO - VIDEO

RMS - Android DEMO

Tutorial - Android

Prerequisites

  1. NodeJS installed on your computer
  2. FRIDA's CLI tools installed on your computer
  3. FRIDA server up and running on the target device

Quick smoke-test

As suggested by the official FRIDA doc, please perform a quick smoke-test to make sure FRIDA is working properly on your test device.

By running the frida-ps -U command from your desktop, you should receive the list of the processes running on your connected mobile device.

Android                    | iOS
  PID NAME                 |  PID NAME
 1590 com.facebook.katana  |  488 Clock
 3282 com.twitter.android  |  116 Facebook
 โ€ฆ                            โ€ฆ

Tips

Some cool projects that can help you to auto install, update and run FRIDA on Android devices are:

They are not needed on iOS devices, since FRIDA starts just after the boot of the device (jailbreak mode).

Installation

  1. Open the terminal and run the following command to install the npm package
    • npm install -g rms-runtime-mobile-security
  2. Make sure frida-server is up and running on the target device.
  3. Launch RMS via the following command
    • rms (or RMS-Runtime-Mobile-Security)
  4. Open your browser at http://127.0.0.1:5000/
  5. Start enjoying RMS ๐Ÿ“ฑ ๐Ÿ”ฅ

Notes and possibile issues

  1. In case of issues with the npm package installed as a global cli app, please try the local installation (development mode)
  2. In case of issues with your favorite Browser (e.g. logs not printed in the web console), please use Google Chrome (fully supported)
  3. If RMS is not able to detect your device, please perform the following checks:
    • double check if frida-server is up and running on the target device. Instructions are here: prerequisites / quick smoke-test
    • RMS must be started after frida-server
    • make sure that only 1 device is connected to your computer. RMS is currently not able to detect multiple devices
    • kill RMS and start it again

Development mode

Follow the steps below if you want to develop new features for RMS ๐Ÿ˜‰

  1. git clone https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security.git
  2. cd RMS-Runtime-Mobile-Security
  3. npm install (local installation)
  4. Launch RMS via node rms.js
  5. You can also install RMS as global package by running the following commands:
    • npm install -g to install dependencies
    • npm run compile to compile the frida-agent
    • rms to run RMS (anywhere)

NOTE: If you add new features to the agent (/agent/RMS_core.js), please remember to recompile the code by running npm run compile or directly via the frida-compile command (frida-compile agent/RMS_core.js -o agent/compiled_RMS_core.js)

General Info

Runtime Mobile Security (RMS) supports Android and iOS devices.

It has been tested on MacOS and with the following devices:

  • AVD emulator
  • Genymotion emulator
  • Amazon Fire Stick 4K
  • iPhone 7
  • Chrome (Web Interface)

It should also work well on Windows and Linux but some minor adjustments may be needed.

Known issues and improvements

  • Sometime RMS fails to load complex methods. Use a filter when this happens or feel free to improve the algo (agent/RMS_core.js)
  • Socket are not working on Safari, please use Chrome instead
  • RMS is not able to recognize multiple devices. Please do not connect more than one device at the same time
  • Code is not optimized
  • Feel free to send me your best JS script via a Pull Request. I'll be happy to bundle all the best as default scripts in the next RMS release (e.g. root detection bypass, ssl pinning, etc)

Usage

1. Run your favorite app by simply inserting its package name

NOTE RMS attachs a persistence process called com.android.systemui on Android and SpringBoard on iOS devices to get the list of all the classes that are already loaded in memory before the launch of the target app. If you have an issue with them, try to find a different default package that works well on your device. You can set another default package via the Config Tab or by simply editing the /config/config.json file.

DEMO_1_Android

DEMO_1_iOS

2. Check which Classes and Methods have been loaded in memory

DEMO_2_Android

DEMO_2_iOS

3. Hook on the fly Classes/Methods and trace their args and return values

DEMO_3_a

Go back to the dump page in order to have an overview of all the hooked methods that have been executed by the app โœ…

DEMO_3_b

4. Search instances of a specific class on the Heap and call its methods

DEMO_4_Android

DEMO_4_iOS

5. Select a Class and generate on the fly an Hook template for all its methods

DEMO_5_Android

DEMO_5_iOS

6. Easily detect new classes that have been loaded in memory

DEMO_6

7. Inject your favorite FRIDA CUSTOM SCRIPTS on the fly

Just add your .js files inside the custom_script folder and they will be automatically loaded by the web interface ready to be executed.

DEMO_7_Android

DEMO_7_iOS

8. API Monitor - Android Only

via the API Monitor TAB you can easily monitor tons of Android APIs organized in 20 different Categories. Support can be easily extended by adding more classes/methods to the /config/api_monitor.json file.

DEMO_10

You can also monitor native functions: libc.so - open, close, read, write, unlink, remove

DEMO_8

9. FRIDA Script to load Stetho by Facebook [BONUS]

Inject the FRIDA script to load the amazing Stetho.

Stetho is a sophisticated debug bridge for Android applications. When enabled, developers have access to the Chrome Developer Tools feature natively part of the Chrome desktop browser. Developers can also choose to enable the optional dumpapp tool which offers a powerful command-line interface to application internals.

DEMO_9

10. File Manager [BETA]

A simple File Manager has been implemented to help you exploring app's private folders and files. This feature is still in BETA.

improvement: frida-fs needs to be implemented to enable files download directly from the browser (File Manager TAB).

DEMO_11_Android

DEMO_11_iOS

11. Static Analysis - iOS Only

DEMO_12_iOS

Acknowledgements

Special thanks to the following Open Source projects for the inspiration:

FRIDA Custom Scripts bundled in RMS - Credits:

DEMO apps:

  • RootBeer Sample is the DEMO app used to show how RMS works. RootBeer is an amazing root detection library. I decided to use the Sample app as DEMO just to show that, as every client-side only check, its root detection logic can be easily bypassed if not combined with a server-side validation.
  • DVIA a vulnerable app to test your iOS Penetration Testing Skills
  • Anti-Frida Frida Detection Examples by Bernhard Mueller.

License

RMS is licensed under a GNU General Public v3 License.

Comments
  • error 500

    error 500

    Load Classes and Methods ๐ŸŽฏ... and then HOOK everything โš“๏ธ Load Classes

    then: Request URL: http://127.0.0.1:5000/dump?choice=1 Request Method: GET Status Code: 500 INTERNAL SERVER ERROR Remote Address: 127.0.0.1:5000

    error 500

    question 
    opened by slowmistio 14
  • RMS - Early instrumentation issue

    RMS - Early instrumentation issue

    I am trying to bypass Frida Script running in Memory and Frida Server Detection by using AntiFrida App. Anti Frida App has two detections as CHECk FRIDA SERVER and CHECK FRIDA IN MEMORY.

    I am able to bypass it using Frida CLI but not by Using RMS tool. Using RMS,When Frida Server and is Spawn to Device, its shows both in RED as shown below:

    image

    Using RMS,When Frida Server and Spawn by adding Script to it (Adding Script in Custom-Scripts Folder and Spawing),It shows only GREEN in check in memory as shown below:

    image It cannot bypass Frida Server, I am not able to find the issue because using same script in Frida CLI it bypass both Dection in Memory and server(shows GREEN).

    Script is

    setTimeout(function(){
    	Java.perform(function (){
    	console.log("[*] Script loaded")   var MainActivity = Java.use("org.owasp.mstg.antifrida.MainActivity")
    
    		MainActivity.checkMemory.overload().implementation = function() {
    			console.log("[*] bypass frida mrmory function invoked")
    			return false
    		}
    
    		var MainActivity = Java.use("org.owasp.mstg.antifrida.MainActivity")
    
    		MainActivity.setFridaServerTextView.overload().implementation = function() {
    			console.log("[*] bypass frida server function invoked")
    			return false
    		}
    
    	
    
    	});      });
    

    Decrypted Java File of Anti Frida MainActivity is. here:https://pastebin.com/NdwfvzjK

    Is there any issue in Applying this script or in script(using same script in FRIDA CLI it bypasses both DETECTIONs) Please help to resolve this issue

    help wanted 
    opened by balramrexwal 13
  • Bug - Hooking lab | java.lang.Object

    Bug - Hooking lab | java.lang.Object

    Describe the bug: Incorrect parameters generation for method overloading !


    Steps to reproduce: Custom Logging Implementation: (See methods) Dump TAB

    Go to "hook lab", select a Logging class: (highlighted) Hook lab Generated:

    hookclass.d.overload("java.lang.Class","java.lang.String","java.lang.Object[]").implementation = function (v0,v1,v2)
    

    | Current | Must be | |:--:|:--:| | java.lang.Object[] | [Ljava.lang.Object; |

    Desktop:

    • Browser: Chrome v83
    • Python - Frida Tools version: 12.9.4

    Smartphone:

    • Frida Server version: 12.9.4
    bug help wanted 
    opened by 4val0v 12
  • Config TAB

    Config TAB

    Added new TAB to modify the config file. Also I added a try/except in device_management() to avoid Internal Error if the device is not connected. Maybe the connection to the device should be established after submit the main form on "/". What do you think?

    enhancement 
    opened by b1gb1t 12
  • Ideas and bugs

    Ideas and bugs

    1. Run a FRIDA script at startup - please using Ajax, or in the request pass the package name
      • After selecting a custom script, you must re-specify the package name
    2. Console Output - using Ajax (.append()), currently page is always reload
      • The output always moves to the top, which is inconvenient (
      • Also not possible to normally copies output with turn on "Auto Refresh Page".
    3. Console Output - There is no way to clear output (
      • Need restart the python process :(
    enhancement 
    opened by 4val0v 10
  • Android device detection error

    Android device detection error

    Android device detection doe's not happence properly.

    Devices using: Computer System OS: Windows 10 Home Android device: Realme X2 [Android 10]

    Frida server is properly running in targeted device.

    Issue Frida server is properly running in targeted android device (By self verified), and also device is connected computer with usb connection. The requirements are satisfied. but still the runtime mobile security RMS is failing to get the device port(or device detection ).

    I am using another dynamic analysis tool called house Link: https://github.com/nccgroup/house. it works well and good. Please look out this tool source code for more details.

    Note: Both Screenshots are taken at same time, both tools are running same time with different port [ RMS:Port=5000, House:Port=9000 ]

    RMS Web API Screenshot: https://codex-scripts.xyz/RMS_web_api.png House Web API Screenshot: https://codex-scripts.xyz/House_web_api.png

    Some times device connects properly, but the connecting chances are very less. I need to reboot the computer and mobile upto 4 to 6 times to get connected with RMS.

    I am done some steps to avoid the issue. but still issue not resolved

    1. Rebooting computer and also mobile
    2. Restarting RMS
    3. Restarting frida server in android

    i am very happy with this tool. but the only thing is connection problem.

    Please look out this issue

    question 
    opened by ghost 9
  • Docker-compose error - default.js no such file or directory

    Docker-compose error - default.js no such file or directory

    docker-compose up Creating network "rms-runtime-mobile-security_default" with the default driver Building rms Step 1/16 : FROM python:3.7.7-slim ---> 4cbd5021babc Step 2/16 : RUN mkdir -p /app/ ---> Running in 1a038aecaf6e Removing intermediate container 1a038aecaf6e ---> d9fab1209897 Step 3/16 : WORKDIR /app/ ---> Running in 171c4b9d38ee Removing intermediate container 171c4b9d38ee ---> cef4a4726c4b Step 4/16 : COPY static/ ./static/ ---> 58979a040242 Step 5/16 : COPY custom_scripts/ ./custom_scripts/ ---> 899c2b4e7df1 Step 6/16 : COPY templates/ ./templates/ ---> b65b84635cd4 Step 7/16 : COPY config.json default.js mobilesecurity.py requirements.txt ./ ERROR: Service 'rms' failed to build: COPY failed: stat /var/lib/docker/tmp/docker-builder243707710/default.js: no such file or directory

    opened by sdcampbell 6
  • Not working with Frida 16.0.2

    Not working with Frida 16.0.2

    Console:[Error: Unable to communicate with remote frida-server; please ensure that major versions match and that the remote Frida has the feature you are trying to use] Both Desktop and Smartphone are using Frida 16.0.2 Frida-ps -U also works from console Only 1 device is connected to my PC

    Desktop:

    • OS: Windows 10
    • Browser: Brave Browser

    Smartphone:

    • Device: iPhone 7
    • OS: 14.2
    • Frida Server version: 16.0.2
    opened by CodingBeaner 5
  • SpringBoard is NOT available on your device | incompatible Mach-O image

    SpringBoard is NOT available on your device | incompatible Mach-O image

    Describe the bug [Required] Installed RMS and can access via localhost:5000. iOS device is detected, but when trying to attach or spawn an app I am getting the following error.

    To Reproduce [Required] Steps to reproduce the behavior:

    1. Open RMS, select iOS and any package name, spawn|attach and Start RMS.
    2. See error
    Package Name: com.apple.podcasts
    Mode: Spawn
    Device: Device(id="00008020-000118563411802E", name="iPad 4", type='usb')
    BETA: False
    Frida Startup Script: None
    APIs Monitors: None
    
    
    incompatible Mach-O image
    SpringBoard is NOT available on your device or a wrong OS has been selected. For a better RE experience, change it via the Config TAB!
    [2020-08-23 13:48:25,614] ERROR in app: Exception on / [POST]
    Traceback (most recent call last):
      File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/app.py", line 2446, in wsgi_app
        response = self.full_dispatch_request()
      File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/app.py", line 1951, in full_dispatch_request
        rv = self.handle_user_exception(e)
      File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/app.py", line 1820, in handle_user_exception
        reraise(exc_type, exc_value, tb)
      File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
        raise value
      File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request
        rv = self.dispatch_request()
      File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request
        return self.view_functions[rule.endpoint](**req.view_args)
      File "mobilesecurity.py", line 424, in device_management
        pid = device.spawn([target_package])
      File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/frida/core.py", line 26, in wrapper
        return f(*args, **kwargs)
      File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/frida/core.py", line 140, in spawn
        return self._impl.spawn(program, argv, envp, env, cwd, stdio, aux_options)
    frida.NotSupportedError: incompatible Mach-O image
    

    Desktop (please complete the following information): [Required]

    • OS: macOS 10.15.5
    • Browser Chrome (latest)

    Smartphone (please complete the following information): [Required]

    • Device: [e.g. Genymotion, AVD, Google Pixel 3]
    • OS: [e.g. iOS8.1]
    • Frida Server version: [e.g. 12.8.20]
    • Package Name: [e.g. com.example.app]
    • Class name: [e.g. sg.vantagepoint.a.c] (optional)
    • Method name: [e.g. public static boolean c()] (optional)

    I tried with a jailbroken iPad 4 (iOS 13.5) and an iPhone 6S (12.4). Both have latest version of Frida installed via Cydia (12.11.10) and are jailbroken with unc0ver.

    Console Logs [Required] See above

    image

    image

    image

    FRIDA internal 
    opened by sushi2k 5
  • Ignore methods (Insert a Filter)

    Ignore methods (Insert a Filter)

    Problem Hook all classes that start with: f0.

    127.0.0.1 - - [16/May/2020 00:31:29] "GET /dump?filter=f0.&choice=1 HTTP/1.1" 200 -
    [2020-05-16 00:31:31,069] ERROR in app: Exception on /dump [GET]
    Traceback (most recent call last):
      File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 2447, in wsgi_app
        response = self.full_dispatch_request()
      File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 1952, in full_dispatch_request
        rv = self.handle_user_exception(e)
      File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 1821, in handle_user_exception
        reraise(exc_type, exc_value, tb)
      File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/_compat.py", line 39, in reraise
        raise value
      File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 1950, in full_dispatch_request
        rv = self.dispatch_request()
      File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 1936, in dispatch_request
        return self.view_functions[rule.endpoint](**req.view_args)
      File "mobilesecurity.py", line 288, in home
        return printwebpage()
      File "mobilesecurity.py", line 619, in printwebpage
        loaded_classes_str=printClassesMethods(),
      File "mobilesecurity.py", line 634, in printClassesMethods
        for index, method_name in enumerate(loaded_methods[class_name]):
    KeyError: 'f0.p0.k.d$b'
    

    Solution you'd like Ability to specify the methods to ignore eg: f0.,okhttp3.,--f0.p0.k.

    bug enhancement help wanted 
    opened by 4val0v 5
  • Can not run

    Can not run

    Hi guys! I run the following js code every time I go to "step 4" of dumpdex function and I don't continue. Why? ///////////////////////////////////////////////////////////////////////////////////////////////////

    // js code begin

    function LogPrint(log) { var theDate = new Date(); var hour = theDate.getHours(); var minute = theDate.getMinutes(); var second = theDate.getSeconds(); var mSecond = theDate.getMilliseconds()

    hour < 10 ? hour = "0" + hour : hour;
    minute < 10 ? minute = "0" + minute : minute;
    second < 10 ? second = "0" + second : second;
    mSecond < 10 ? mSecond = "00" + mSecond : mSecond < 100 ? mSecond = "0" + mSecond : mSecond;
    
    var time = hour + ":" + minute + ":" + second + ":" + mSecond;
    send("[" + time + "] " + log);
    

    }

    function getAndroidVersion(){ var version = 0;

    if(Java.available){
        var versionStr = Java.androidVersion;
        version = versionStr.slice(0,1);
    }else{
        LogPrint("Error: cannot get android version");
    }
    LogPrint("Android Version: " + version);
    return version;
    

    }

    function getFunctionName(){ var i = 0; var functionName = "";

    // Android 4: hook dvmDexFileOpenPartial
    // Android 5: hook OpenMemory
    // after Android 5: hook OpenCommon
    if(getAndroidVersion() > 4){ // android 5 and later version
        var artExports =  Module.enumerateExportsSync("libart.so");
        for(i = 0; i< artExports.length; i++){
            if(artExports[i].name.indexOf("OpenMemory") !== -1){
                functionName = artExports[i].name;
                LogPrint("index " + i + " function name: "+ functionName);
                break;
            }else if(artExports[i].name.indexOf("OpenCommon") !== -1){
                functionName = artExports[i].name;
                LogPrint("index " + i + " function name: "+ functionName);
                break;
            }
        }
    }else{ //android 4
        var dvmExports =  Module.enumerateExportsSync("libdvm.so");
        if(dvmExports.length !== 0){  // check libdvm.so first
            for(i = 0; i< dvmExports.length; i++){
                if(dvmExports[i].name.indexOf("dexFileParse") !== -1){
                    functionName = dvmExports[i].name;
                    LogPrint("index " + i + " function name: "+ functionName);
                    break;
                }
            }
        }else{ // if not load libdvm.so, check libart.so
            dvmExports = Module.enumerateExportsSync("libart.so");
            for(i = 0; i< dvmExports.length; i++){
                if(dvmExports[i].name.indexOf("OpenMemory") !== -1){
                    functionName = dvmExports[i].name;
                    LogPrint("index " + i + " function name: "+ functionName);
                    break;
                }
            }
        }
    }
    return functionName;
    

    }

    function getProcessName(){ var processName = "";

    var fopenPtr = Module.findExportByName("libc.so", "fopen");
    var fopenFunc = new NativeFunction(fopenPtr, 'pointer', ['pointer', 'pointer']);
    var fgetsPtr = Module.findExportByName("libc.so", "fgets");
    var fgetsFunc = new NativeFunction(fgetsPtr, 'int', ['pointer', 'int', 'pointer']);
    var fclosePtr = Module.findExportByName("libc.so", "fclose");
    var fcloseFunc = new NativeFunction(fclosePtr, 'int', ['pointer']);
    
    var pathPtr = Memory.allocUtf8String("/proc/self/cmdline");
    var openFlagsPtr = Memory.allocUtf8String("r");
    
    var fp = fopenFunc(pathPtr, openFlagsPtr);
    if(fp.isNull() === false){
        var buffData = Memory.alloc(128);
        var ret = fgetsFunc(buffData, 128, fp);
        if(ret !== 0){
            processName = Memory.readCString(buffData);
            LogPrint("processName " + processName);
        }
        fcloseFunc(fp);
    }
    return processName;
    

    }

    function arraybuffer2hexstr(buffer) { var hexArr = Array.prototype.map.call( new Uint8Array(buffer), function (bit) { return ('00' + bit.toString(16)).slice(-2) } ); return hexArr.join(' '); }

    function checkDexMagic(dataAddr){ var magicMatch = true; var magicFlagHex = [0x64, 0x65, 0x78, 0x0a, 0x30, 0x33, 0x35, 0x00];

    for(var i = 0; i < 8; i++){
        if(Memory.readU8(ptr(dataAddr).add(i)) !== magicFlagHex[i]){
            magicMatch = false;
            break;
        }
    }
    
    return magicMatch;
    

    }

    function checkOdexMagic(dataAddr){ var magicMatch = true; var magicFlagHex = [0x64, 0x65, 0x79, 0x0a, 0x30, 0x33, 0x36, 0x00];

    for(var i = 0; i < 8; i++){
        if(Memory.readU8(ptr(dataAddr).add(i)) !== magicFlagHex[i]){
            magicMatch = false;
            break;
        }
    }
    
    return magicMatch;
    

    }

    function dumpDex(moduleFuncName, processName){ if(moduleFuncName !== ""){ var hookFunction; if(getAndroidVersion() > 4){ // android 5 and later version hookFunction = Module.findExportByName("libart.so", moduleFuncName); LogPrint("step 1" + hookFunction); }else{ // android 4 hookFunction = Module.findExportByName("libdvm.so", moduleFuncName); // check libdvm.so first LogPrint("step 2" + hookFunction); if(hookFunction == null) { hookFunction = Module.findExportByName("libart.so", moduleFuncName); //// if not load libdvm.so, check libart.so LogPrint("step 3" + hookFunction); } } Interceptor.attach(hookFunction,{ onEnter: function(args){ LogPrint("step 4");

                var begin = 0;
                var dexMagicMatch = false;
                var odexMagicMatch = false;
    			
    			
                dexMagicMatch = checkDexMagic(args[0]);
                if(dexMagicMatch === true){
                    begin = args[0];
                }else{
                    odexMagicMatch = checkOdexMagic(args[0]);
                    if(odexMagicMatch === true){
                        begin = args[0];
                    }
                }
    
                if(begin === 0){
                    dexMagicMatch = checkDexMagic(args[1]);
                    if(dexMagicMatch === true){
                        begin = args[1];
                    }else{
                      odexMagicMatch = checkOdexMagic(args[1]);
                      if(odexMagicMatch === true){
                          begin = args[1];
                      }
                    }
                }
    
                if(dexMagicMatch === true){
                    LogPrint("magic : " + Memory.readUtf8String(begin));
                    //console.log(hexdump(begin, { offset: 0, header: false, length: 64, ansi: false }));
                    var address = parseInt(begin,16) + 0x20;
                    var dex_size = Memory.readInt(ptr(address));
                    LogPrint("dex_size :" + dex_size);
                    var dex_path = "/data/data/" + processName + "/" + dex_size + ".dex";
                    var dex_file = new File(dex_path, "wb");
                    dex_file.write(Memory.readByteArray(begin, dex_size));
                    dex_file.flush();
                    dex_file.close();
                    LogPrint("dump dex success, saved path: " + dex_path + "\n");
                }else if(odexMagicMatch === true){
                    LogPrint("magic : " + Memory.readUtf8String(begin));
                    //console.log(hexdump(begin, { offset: 0, header: false, length: 64, ansi: false }));
                    var address = parseInt(begin,16) + 0x0C;
                    var odex_size = Memory.readInt(ptr(address));
                    LogPrint("odex_size :" + odex_size);
                    var odex_path = "/data/data/" + processName + "/" + odex_size + ".odex";
                    var odex_file = new File(odex_path, "wb");
                    odex_file.write(Memory.readByteArray(begin, odex_size));
                    odex_file.flush();
                    odex_file.close();
                    LogPrint("dump odex success, saved path: " + odex_path + "\n");
                }
            },
            onLeave: function(retval){
            }
        });
    }else{
        LogPrint("Error: cannot find correct module function.");
    }
    

    }

    //start dump dex file var moduleFucntionName = getFunctionName(); var processName = getProcessName(); if(moduleFucntionName !== "" && processName !== ""){ dumpDex(moduleFucntionName, processName); }

    // js code end

    opened by CEV-Code 5
  • String Comparison API hook

    String Comparison API hook

    Shouldn't the args be printed in the args fields instead of only their types?

    [API_Monitor]
    {
      "category": "String Comparison",
      "class": "java.lang.String",
      "method": "equals",
      "args": "[\"<instance: java.lang.Object, $className: java.lang.String>\"]",
      "returnValue": "true",
      "calledFrom": "\u0007"
    }
    
    opened by brunoaduarte 2
Releases(1.5.13)
  • 1.5.13(Nov 27, 2022)

    RMS-Runtime-Mobile-Security_v1.5.0

    Runtime Mobile Security (RMS) ๐Ÿ“ฑ๐Ÿ”ฅ - v1.5.13 is out ๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰

    NPM

    CHANGELOG

    • Attach process fix for Android devices by @brunoaduarte
    • dependencies updated

    INSTALLATION Follow the instructions below to install and run the new NodeJS version:

    1. Open the terminal and run the following command to install the npm package
      • npm install -g rms-runtime-mobile-security
    2. Make sure frida-server is up and running on the target device.
    3. Launch RMS via the following command
      • rms (or RMS-Runtime-Mobile-Security)
    4. Open your browser at http://127.0.0.1:5000/
    5. Start enjoying RMS ๐Ÿ“ฑ๐Ÿ”ฅ
    Source code(tar.gz)
    Source code(zip)
  • 1.5.12(Nov 20, 2022)

    RMS-Runtime-Mobile-Security_v1.5.0

    Runtime Mobile Security (RMS) ๐Ÿ“ฑ๐Ÿ”ฅ - v1.5.12 is out ๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰

    NPM

    CHANGELOG

    • Added support for FRIDA version 16.*

    INSTALLATION Follow the instructions below to install and run the new NodeJS version:

    1. Open the terminal and run the following command to install the npm package
      • npm install -g rms-runtime-mobile-security
    2. Make sure frida-server is up and running on the target device.
    3. Launch RMS via the following command
      • rms (or RMS-Runtime-Mobile-Security)
    4. Open your browser at http://127.0.0.1:5000/
    5. Start enjoying RMS ๐Ÿ“ฑ๐Ÿ”ฅ
    Source code(tar.gz)
    Source code(zip)
  • 1.5.9(Aug 10, 2021)

    RMS-Runtime-Mobile-Security_v1.5.0

    Runtime Mobile Security (RMS) ๐Ÿ“ฑ๐Ÿ”ฅ - v1.5.9 is out ๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰

    NPM

    CHANGELOG

    • new frida custom scripts: okhttp3 ssl pinning bypass (Android) and check custom keyboard support (iOS)

    INSTALLATION Follow the instructions below to install and run the new NodeJS version:

    1. Open the terminal and run the following command to install the npm package
      • npm install -g rms-runtime-mobile-security
    2. Make sure frida-server is up and running on the target device.
    3. Launch RMS via the following command
      • rms (or RMS-Runtime-Mobile-Security)
    4. Open your browser at http://127.0.0.1:5000/
    5. Start enjoying RMS ๐Ÿ“ฑ๐Ÿ”ฅ
    Source code(tar.gz)
    Source code(zip)
  • 1.5.8(Jul 30, 2021)

    RMS-Runtime-Mobile-Security_v1.5.0

    Runtime Mobile Security (RMS) ๐Ÿ“ฑ๐Ÿ”ฅ - v1.5.8 is out ๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰

    NPM

    CHANGELOG

    • frida has been updated to v15
    • frida-compile has been updated to v10

    INSTALLATION Follow the instructions below to install and run the new NodeJS version:

    1. Open the terminal and run the following command to install the npm package
      • npm install -g rms-runtime-mobile-security
    2. Make sure frida-server is up and running on the target device.
    3. Launch RMS via the following command
      • rms (or RMS-Runtime-Mobile-Security)
    4. Open your browser at http://127.0.0.1:5000/
    5. Start enjoying RMS ๐Ÿ“ฑ๐Ÿ”ฅ
    Source code(tar.gz)
    Source code(zip)
  • 1.5.0(Dec 4, 2020)

    RMS-Runtime-Mobile-Security_v1.5.0

    Runtime Mobile Security (RMS) ๐Ÿ“ฑ๐Ÿ”ฅ - v1.5 is out ๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰

    NPM

    CHANGELOG RMS is now powered by @nodejs

    • super responsive web interface
    • npm package and cli app
    • better integration with @frida modules

    INSTALLATION Follow the instructions below to install and run the new NodeJS version:

    1. Open the terminal and run the following command to install the npm package
      • npm install -g rms-runtime-mobile-security
    2. Make sure frida-server is up and running on the target device.
    3. Launch RMS via the following command
      • rms (or RMS-Runtime-Mobile-Security)
    4. Open your browser at http://127.0.0.1:5000/
    5. Start enjoying RMS ๐Ÿ“ฑ๐Ÿ”ฅ
    Source code(tar.gz)
    Source code(zip)
  • 1.4.3(Dec 2, 2020)

    Runtime Mobile Security (RMS) ๐Ÿ“ฑ๐Ÿ”ฅ - Version 1.4.3 ๐ŸŽ‰

    • new default frida scripts
    • improved documentation
    • bug-fixing

    โ€ผ๏ธ NOTE: starting with the next release of RMS, the web interface will be powered by NodeJS. Python (Flask) interface will no longer be supported.

    Source code(tar.gz)
    Source code(zip)
  • 1.4.2(Sep 8, 2020)

    Runtime Mobile Security (RMS) ๐Ÿ“ฑ๐Ÿ”ฅ - Version 1.4.2 ๐ŸŽ‰

    • Improved APIs Monitor Output (bug fixing)
    • new option to save the APIs Monitor Console output
    • new option to reset the Console Logs Output
    • new FRIDA custom scripts: Bypass for iOS 13 SSL Pinning and Android System.exit()
    • Solving OWASP UnCrackable Android Apps Tutorial links added to the README
    • default FRIDA custom scripts are now alphabetically ordered
    • UI improvements
    Source code(tar.gz)
    Source code(zip)
  • 1.4.1(Aug 5, 2020)

    Runtime Mobile Security (RMS) ๐Ÿ“ฑ๐Ÿ”ฅ - Version 1.4.1 ๐ŸŽ‰

    • improved gadget support
    • iOS attach process fix | issue #29
    • improved Device Page UI
    • APIs Monitor return value fix
    • new Android APIs Monitors: Accessibility, Clicks, Clipboard, Compression, Bluetooth, JSON, Socket

    Device_Page_new_UI

    Source code(tar.gz)
    Source code(zip)
  • 1.4(Jul 20, 2020)

    Runtime Mobile Security (RMS) ๐Ÿ“ฑ๐Ÿ”ฅ - Version 1.4 ๐ŸŽ‰

    All the most important features of RMS have been ported to iOS devices ๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰

    DEMO_5_Hook_Hack

    Source code(tar.gz)
    Source code(zip)
  • 1.3.2(Jun 28, 2020)

    Runtime Mobile Security (RMS) ๐Ÿ“ฑ๐Ÿ”ฅ - Version 1.3.2 ๐ŸŽ‰

    • New Custom Frida Scripts by @FSecureLABS, Mediaservice, @iddoeldor, @dzonerzy and @akabe1
    • New Zoomed Modal View for Console Logs TAB
    • New File Manager [BETA] - since the feature is still in [BETA], files download directly from the web page is currently not possibile (frida-fs is the solution)
    Source code(tar.gz)
    Source code(zip)
  • 1.3.1(Jun 13, 2020)

    Runtime Mobile Security (RMS) ๐Ÿ“ฑ๐Ÿ”ฅ - Version 1.3.1 ๐ŸŽ‰

    • Heap Search page has been redesigned
    • new Heap Search algorithm
    • Hook Lab - it is now possible to generate hook template directly for a specific method
    • UI fix and improvements:
      • loaded_classes are now alphabetically sorted
      • flask logs have been enabled again
      • new call stack index for hooked methods I/O info
      • improved Stack Trace output
    Source code(tar.gz)
    Source code(zip)
  • 1.3(Jun 10, 2020)

    Runtime Mobile Security (RMS) ๐Ÿ“ฑ๐Ÿ”ฅ - Version 1.3 ๐ŸŽ‰

    • Dump page is now able to highlight all the hooked methods that have been executed by the app
    • print StackTrace directly from the dump page
    • new button to save console logs in a text file
    • new quick filters for loaded methods: executed, native, boolean
    • new button to quickly filter loaded classes based on package name
    • loaded classes are now alphabetically sorted
    Source code(tar.gz)
    Source code(zip)
  • 1.2(Jun 5, 2020)

    Runtime Mobile Security (RMS) ๐Ÿ“ฑ๐Ÿ”ฅ - Version 1.2 ๐ŸŽ‰

    • Regex search for loaded classes by @Azult (PR #17)
    • new FRIDA custom scripts by @iddoeldor:
      • bypass_flag_secure.js
      • hook_JNI_by_address.js
      • get_ANDROID_ID.js
    • class filter for AndroidX stuff
    • new monitor API: Permissions
    • RMS is now able to detect FRIDA crashes
    • Flask-Server logs have been hidden
    • it is now possibile to hook methods with an array as argument (issue #18)
    Source code(tar.gz)
    Source code(zip)
  • 1.1(May 21, 2020)

    • via the new API Monitor TAB you can easily monitor tons of Android APIs organized in 19 different Categories. Support can be easily extended by adding more classes/methods to the api_monitor.json file
    • RMS can now work without attaching the default persistence process
    • fixed a bug in loadmethods (default.js) | issue #14
    Source code(tar.gz)
    Source code(zip)
  • 1.0.5(May 17, 2020)

  • 1.0.4(May 2, 2020)

    • new File System Monitor TAB (BETA)
    • new print StackTrace option (Hook LAB) - disabled by default
    • fix print issue (hook_lab_template)
    • new readme and demo
    Source code(tar.gz)
    Source code(zip)
  • 1.0.3(Apr 19, 2020)

    • Console output is now managed via a socket connection (1)
    • New Config panel (2)
    • New Console Output interface
    • Improved session management

    thanks to @realgam3 (1) and @b1gb1t (2) for the contribution ๐ŸŽ‰

    Source code(tar.gz)
    Source code(zip)
  • v1.0.2(Apr 5, 2020)

  • v1.0.1(Apr 4, 2020)

    • New Heap Search feature (experimental)
    • Bug fixing (e.g. main search bar)
    • Docker support (โ€ข)
    • Package Auto Complete (โ€ข)
    • Remote Device Config (โ€ข)

    (โ€ข) thanks to @realgam3 for the contribution ๐ŸŽ‰

    Source code(tar.gz)
    Source code(zip)
๐Ÿ“ฑObjection - runtime mobile exploration

objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.

SensePost 5.6k Jan 7, 2023
Respresso is a centralized resource manager for shared Android, iOS and Web frontend projects

Introduction Respresso is a centralized resource manager for shared Android, iOS and Web frontend projects. It allows you to simply import the latest

Respresso 10 Nov 8, 2022
The Bitwarden mobile application is written in C# with Xamarin Android, Xamarin iOS, and Xamarin Forms.

Bitwarden Mobile Application The Bitwarden mobile application is written in C# with Xamarin Android, Xamarin iOS, and Xamarin Forms. Build/Run Require

Bitwarden 4.2k Dec 29, 2022
Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.

Fridax is a Node package for dealing with Xamarin applications while using the Frida API. Goal โ€ข Installation โ€ข Usage โ€ข Examples โ€ข Issues โ€ข License Bu

Northwave 125 Jan 3, 2023
Allows you to emulate an Android native library, and an experimental iOS emulation

unidbg Allows you to emulate an Android native library, and an experimental iOS emulation. This is an educational project to learn more about the ELF/

Banny 2.5k Dec 30, 2022
Xcode Plugin helps you find missing methods in your class header, protocols, and super class, also makes fast inserting.

FastStub-Xcode Life is short, why waste it on meaningless typing? What is it? A code generating feature borrowed from Android Studio. FastStub automat

mrpeak 509 Jun 29, 2022
RetroVisor helps you with inspecting UIViews in your unit tests.

RetroVisor RetroVisor helps you with inspecting UIViews in your unit tests. You do test views in unit tests, right? Right? Usually, I mark subview pro

Vid Tadel 2 Mar 29, 2022
Tutorials from sparrowcode.io website. You can add new, translate or fix typos. Also you can add your apps from App Store for free.

Tutorials from sparrowcode.io website. You can add new, translate or fix typos. Also you can add your apps from App Store for free.

Sparrow Code 31 Jan 3, 2023
Tutorials from sparrowcode.io website. You can add new, translate or fix typos. Also you can add your apps from App Store for free.

ะกั‚ั€ะฐะฝะธั†ั‹ ะดะพัั‚ัƒะฟะฝั‹ ะฝะฐ sparrowcode.io/en & sparrowcode.io/ru ะšะฐะบ ะดะพะฑะฐะฒะธั‚ัŒ ัะฒะพะต ะฟั€ะธะปะพะถะตะฝะธะต ะ”ะพะฑะฐะฒัŒั‚ะต ัะปะตะผะตะฝั‚ ะฒ json /ru/apps/apps.json. ะ•ัะปะธ ะฒะฐัˆะต ะฟั€ะธะปะพะถะตะฝ

Sparrow Code 30 Nov 25, 2022
The Git interface you've been missing all your life has finally arrived.

GitUp Work quickly, safely, and without headaches. The Git interface you've been missing all your life has finally arrived. Git recently celebrated it

GitUp 10.6k Jan 4, 2023
React Native utility library around image and video files for getting metadata like MIME type, timestamp, duration, and dimensions. Works on iOS and Android using Java and Obj-C, instead of Node ๐Ÿš€.

Qeepsake React Native File Utils Extracts information from image and video files including MIME type, duration (video), dimensions, and timestamp. The

Qeepsake 12 Oct 19, 2022
Grapefruit: Runtime Application Instruments for iOS

Grapefruit: Runtime Application Instruments for iOS Get Started Dependencies Grapefruit requires Node.js to be installed. If you can't install the fri

codecolorist 632 Dec 26, 2022
Joplin - an open source note taking and to-do application with synchronization capabilities for Windows, macOS, Linux, Android and iOS. Forum: https://discourse.joplinapp.org/

Joplinยฎ is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. The notes are sea

Laurent 33.7k Dec 30, 2022
Blazingโšก๏ธFast BTC and ETH Wallet Generator library for React Native, Android and iOS

Blazing โšก๏ธ Fast BTC and ETH Wallet Generator library for React Native, Android and iOS.

Coingrig 3 Feb 21, 2022
iOS's Stocks App clone written in React Native for demo purpose (available both iOS and Android).

FinanceReactNative iOS's Stocks App clone written in React Native for demo purpose (available both iOS and Android). Data is pulled from Yahoo Finance

kf 2k Dec 29, 2022
A modern runtime (soon: modification) library

Bridge A Modern Runtime (soon: Modification) Library Setup swift package generate-xcodeproj Whenever you need to create/modify a target, please regen

Cero 18 Oct 31, 2022
Kotlin Multiplatform sample with SwiftUI and Compose (Desktop and Android) clients. Heavily inspired by Wordle game.

WordMasterKMP Kotlin Multiplatform sample heavily inspired by Wordle game and also Word Master and wordle-solver samples. The main game logic/state is

John O'Reilly 56 Oct 4, 2022
๐Ÿ€ iOS and Android NBA app created with React Native

Swish An iOS and Android NBA app created with React Native. If you would like to request a feature, find a bug, have a question, or would like to leav

James Kuczmarski 108 Nov 11, 2022
The Outline Client is a cross-platform VPN or proxy client for Windows, macOS, iOS, Android, and ChromeOS

Outline Client The Outline Client is a cross-platform VPN or proxy client for Windows, macOS, iOS, Android, and ChromeOS. The Outline Client is design

Jigsaw 7.3k Dec 31, 2022