Runtime Mobile Security (RMS) - powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime

(78 views)

Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime.

You can easily dump all the loaded classes and relative methods, hook everything on the fly, trace methods args and return value, load custom scripts, and much other useful stuff.

General Info

Runtime Mobile Security (RMS) is currently supporting Android devices only.

It has been tested on MacOS and with the following devices:

  • AVD emulator
  • Genymotion emulator
  • Amazon Fire Stick 4K

It should also work well on Windows and Linux but some minor adjustments may be needed.

Do not connect more than one device at the same time. RMS is not so smart at the moment ????

Prerequisites

FRIDA server up and running on the target device

Refer to the official FRIDA guide for the installation: https://frida.re/docs/android/

Known issues

  • Sometime RMS fails to load complex methods. Use a filter when this happens or feel free to improve the algo (default.js).
  • Code is not optimized

Improvements

  • iOS support
  • Feel free to send me your best JS script via a Pull Request. I'll be happy to bundle all the best as default scripts in the next RMS release. e.g.
    • root detection bypass
    • SSL pinning bypass
    • reflection detection
    • etc...

Installation

  1. (optional) Create a python virtual environment
  2. pip3 install -r requirements.txt
  3. python3 mobilesecurity.py

Usage

1. Run your favorite app by simply inserting its package name

NOTE RMS attaches a persistence process called com.android.systemui to get the list of all the classes that are already loaded in memory before the launch of the target app. If you have an issue with it, try to find a different package that works well on your device. You can set another default package by simply editing the config.json file.

2. Check which Classes and Methods have been loaded in memory

3. Hook on the fly Classes/Methods and trace their args and return values

4. Select a Class and generate on the fly a Hook template for all its methods

5. Easily detect new classes that have been loaded in memory

6. Inject your favorite FRIDA CUSTOM SCRIPTS on the fly

Just add your .js files inside the custom_script folder and they will be automatically loaded by the web interface ready to be executed.

Acknowledgments

Special thanks to the following Open Source projects for the inspiration:

RootBeer Sample is the DEMO app used to show how RMS works. RootBeer is an amazing root detection library. I decided to use the Sample app as DEMO just to show that, as every client-side only check, its root detection logic can be easily bypassed if not combined with a server-side validation.


More at: https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security

April 1, 2020

Author

Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023