Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

Related tags

Kotlin reverse-engineering android-security mobile-security ios-security frida
Overview

Runtime Mobile Security (RMS) 📱 🔥

RMS_logo

NPM

by @mobilesecurity_

Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime.

With RMS you can easily dump all loaded classes and relative methods, hook everything on the fly, trace methods args and return value, load custom scripts and many other useful stuff.

iOS DEMO - VIDEO

RMS - iOS DEMO

Android DEMO - VIDEO

RMS - Android DEMO

Tutorial - Android

Prerequisites

  1. NodeJS installed on your computer
  2. FRIDA's CLI tools installed on your computer
  3. FRIDA server up and running on the target device

Quick smoke-test

As suggested by the official FRIDA doc, please perform a quick smoke-test to make sure FRIDA is working properly on your test device.

By running the frida-ps -U command from your desktop, you should receive the list of the processes running on your connected mobile device.

Android                    | iOS
  PID NAME                 |  PID NAME
 1590 com.facebook.katana  |  488 Clock
 3282 com.twitter.android  |  116 Facebook
 …                            …

Tips

Some cool projects that can help you to auto install, update and run FRIDA on Android devices are:

They are not needed on iOS devices, since FRIDA starts just after the boot of the device (jailbreak mode).

Installation

  1. Open the terminal and run the following command to install the npm package
    • npm install -g rms-runtime-mobile-security
  2. Make sure frida-server is up and running on the target device.
  3. Launch RMS via the following command
    • rms (or RMS-Runtime-Mobile-Security)
  4. Open your browser at http://127.0.0.1:5000/
  5. Start enjoying RMS 📱 🔥

Notes and possibile issues

  1. In case of issues with the npm package installed as a global cli app, please try the local installation (development mode)
  2. In case of issues with your favorite Browser (e.g. logs not printed in the web console), please use Google Chrome (fully supported)
  3. If RMS is not able to detect your device, please perform the following checks:
    • double check if frida-server is up and running on the target device. Instructions are here: prerequisites / quick smoke-test
    • RMS must be started after frida-server
    • make sure that only 1 device is connected to your computer. RMS is currently not able to detect multiple devices
    • kill RMS and start it again

Development mode

Follow the steps below if you want to develop new features for RMS 😉

  1. git clone https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security.git
  2. cd RMS-Runtime-Mobile-Security
  3. npm install (local installation)
  4. Launch RMS via node rms.js
  5. You can also install RMS as global package by running the following commands:
    • npm install -g to install dependencies
    • npm run compile to compile the frida-agent
    • rms to run RMS (anywhere)

NOTE: If you add new features to the agent (/agent/RMS_core.js), please remember to recompile the code by running npm run compile or directly via the frida-compile command (frida-compile agent/RMS_core.js -o agent/compiled_RMS_core.js)

General Info

Runtime Mobile Security (RMS) supports Android and iOS devices.

It has been tested on MacOS and with the following devices:

  • AVD emulator
  • Genymotion emulator
  • Amazon Fire Stick 4K
  • iPhone 7
  • Chrome (Web Interface)

It should also work well on Windows and Linux but some minor adjustments may be needed.

Known issues and improvements

  • Sometime RMS fails to load complex methods. Use a filter when this happens or feel free to improve the algo (agent/RMS_core.js)
  • Socket are not working on Safari, please use Chrome instead
  • RMS is not able to recognize multiple devices. Please do not connect more than one device at the same time
  • Code is not optimized
  • Feel free to send me your best JS script via a Pull Request. I'll be happy to bundle all the best as default scripts in the next RMS release (e.g. root detection bypass, ssl pinning, etc)

Usage

1. Run your favorite app by simply inserting its package name

NOTE RMS attachs a persistence process called com.android.systemui on Android and SpringBoard on iOS devices to get the list of all the classes that are already loaded in memory before the launch of the target app. If you have an issue with them, try to find a different default package that works well on your device. You can set another default package via the Config Tab or by simply editing the /config/config.json file.

DEMO_1_Android

DEMO_1_iOS

2. Check which Classes and Methods have been loaded in memory

DEMO_2_Android

DEMO_2_iOS

3. Hook on the fly Classes/Methods and trace their args and return values

DEMO_3_a

Go back to the dump page in order to have an overview of all the hooked methods that have been executed by the app

DEMO_3_b

4. Search instances of a specific class on the Heap and call its methods

DEMO_4_Android

DEMO_4_iOS

5. Select a Class and generate on the fly an Hook template for all its methods

DEMO_5_Android

DEMO_5_iOS

6. Easily detect new classes that have been loaded in memory

DEMO_6

7. Inject your favorite FRIDA CUSTOM SCRIPTS on the fly

Just add your .js files inside the custom_script folder and they will be automatically loaded by the web interface ready to be executed.

DEMO_7_Android

DEMO_7_iOS

8. API Monitor - Android Only

via the API Monitor TAB you can easily monitor tons of Android APIs organized in 20 different Categories. Support can be easily extended by adding more classes/methods to the /config/api_monitor.json file.

DEMO_10

You can also monitor native functions: libc.so - open, close, read, write, unlink, remove

DEMO_8

9. FRIDA Script to load Stetho by Facebook [BONUS]

Inject the FRIDA script to load the amazing Stetho.

Stetho is a sophisticated debug bridge for Android applications. When enabled, developers have access to the Chrome Developer Tools feature natively part of the Chrome desktop browser. Developers can also choose to enable the optional dumpapp tool which offers a powerful command-line interface to application internals.

DEMO_9

10. File Manager [BETA]

A simple File Manager has been implemented to help you exploring app's private folders and files. This feature is still in BETA.

improvement: frida-fs needs to be implemented to enable files download directly from the browser (File Manager TAB).

DEMO_11_Android

DEMO_11_iOS

11. Static Analysis - iOS Only

DEMO_12_iOS

Acknowledgements

Special thanks to the following Open Source projects for the inspiration:

FRIDA Custom Scripts bundled in RMS - Credits:

DEMO apps:

  • RootBeer Sample is the DEMO app used to show how RMS works. RootBeer is an amazing root detection library. I decided to use the Sample app as DEMO just to show that, as every client-side only check, its root detection logic can be easily bypassed if not combined with a server-side validation.
  • DVIA a vulnerable app to test your iOS Penetration Testing Skills
  • Anti-Frida Frida Detection Examples by Bernhard Mueller.

License

RMS is licensed under a GNU General Public v3 License.

Comments
  • error 500

    error 500

    Load Classes and Methods 🎯... and then HOOK everything ⚓️ Load Classes

    then: Request URL: http://127.0.0.1:5000/dump?choice=1 Request Method: GET Status Code: 500 INTERNAL SERVER ERROR Remote Address: 127.0.0.1:5000

    error 500

    question 
    opened by slowmistio 14
  • RMS - Early instrumentation issue

    RMS - Early instrumentation issue

    I am trying to bypass Frida Script running in Memory and Frida Server Detection by using AntiFrida App. Anti Frida App has two detections as CHECk FRIDA SERVER and CHECK FRIDA IN MEMORY.

    I am able to bypass it using Frida CLI but not by Using RMS tool. Using RMS,When Frida Server and is Spawn to Device, its shows both in RED as shown below:

    image

    Using RMS,When Frida Server and Spawn by adding Script to it (Adding Script in Custom-Scripts Folder and Spawing),It shows only GREEN in check in memory as shown below:

    image It cannot bypass Frida Server, I am not able to find the issue because using same script in Frida CLI it bypass both Dection in Memory and server(shows GREEN).

    Script is

    setTimeout(function(){
	Java.perform(function (){
	console.log("[*] Script loaded")   var MainActivity = Java.use("org.owasp.mstg.antifrida.MainActivity")

		MainActivity.checkMemory.overload().implementation = function() {
			console.log("[*] bypass frida mrmory function invoked")
			return false
		}

		var MainActivity = Java.use("org.owasp.mstg.antifrida.MainActivity")

		MainActivity.setFridaServerTextView.overload().implementation = function() {
			console.log("[*] bypass frida server function invoked")
			return false
		}

	

	});      });

    Decrypted Java File of Anti Frida MainActivity is. here:https://pastebin.com/NdwfvzjK

    Is there any issue in Applying this script or in script(using same script in FRIDA CLI it bypasses both DETECTIONs) Please help to resolve this issue

    help wanted 
    opened by balramrexwal 13
  • Bug - Hooking lab | java.lang.Object

    Bug - Hooking lab | java.lang.Object

    Describe the bug: Incorrect parameters generation for method overloading !

    Steps to reproduce: Custom Logging Implementation: (See methods) Dump TAB

    Go to "hook lab", select a Logging class: (highlighted) Hook lab Generated:

    hookclass.d.overload("java.lang.Class","java.lang.String","java.lang.Object[]").implementation = function (v0,v1,v2)

    | Current | Must be | |:--:|:--:| | java.lang.Object[] | [Ljava.lang.Object; |

    Desktop:

    • Browser: Chrome v83
    • Python - Frida Tools version: 12.9.4

    Smartphone:

    • Frida Server version: 12.9.4
    bug help wanted 
    opened by 4val0v 12
  • Config TAB

    Config TAB

    Added new TAB to modify the config file. Also I added a try/except in device_management() to avoid Internal Error if the device is not connected. Maybe the connection to the device should be established after submit the main form on "/". What do you think?

    enhancement 
    opened by b1gb1t 12
  • Ideas and bugs

    Ideas and bugs

    1. Run a FRIDA script at startup - please using Ajax, or in the request pass the package name
      • After selecting a custom script, you must re-specify the package name
    2. Console Output - using Ajax (.append()), currently page is always reload
      • The output always moves to the top, which is inconvenient (
      • Also not possible to normally copies output with turn on "Auto Refresh Page".
    3. Console Output - There is no way to clear output (
      • Need restart the python process :(
    enhancement 
    opened by 4val0v 10
  • Android device detection error

    Android device detection error

    Android device detection doe's not happence properly.

    Devices using: Computer System OS: Windows 10 Home Android device: Realme X2 [Android 10]

    Frida server is properly running in targeted device.

    Issue Frida server is properly running in targeted android device (By self verified), and also device is connected computer with usb connection. The requirements are satisfied. but still the runtime mobile security RMS is failing to get the device port(or device detection ).

    I am using another dynamic analysis tool called house Link: https://github.com/nccgroup/house. it works well and good. Please look out this tool source code for more details.

    Note: Both Screenshots are taken at same time, both tools are running same time with different port [ RMS:Port=5000, House:Port=9000 ]

    RMS Web API Screenshot: https://codex-scripts.xyz/RMS_web_api.png House Web API Screenshot: https://codex-scripts.xyz/House_web_api.png

    Some times device connects properly, but the connecting chances are very less. I need to reboot the computer and mobile upto 4 to 6 times to get connected with RMS.

    I am done some steps to avoid the issue. but still issue not resolved

    1. Rebooting computer and also mobile
    2. Restarting RMS
    3. Restarting frida server in android

    i am very happy with this tool. but the only thing is connection problem.

    Please look out this issue

    question 
    opened by ghost 9
  • Docker-compose error - default.js no such file or directory

    Docker-compose error - default.js no such file or directory

    docker-compose up Creating network "rms-runtime-mobile-security_default" with the default driver Building rms Step 1/16 : FROM python:3.7.7-slim ---> 4cbd5021babc Step 2/16 : RUN mkdir -p /app/ ---> Running in 1a038aecaf6e Removing intermediate container 1a038aecaf6e ---> d9fab1209897 Step 3/16 : WORKDIR /app/ ---> Running in 171c4b9d38ee Removing intermediate container 171c4b9d38ee ---> cef4a4726c4b Step 4/16 : COPY static/ ./static/ ---> 58979a040242 Step 5/16 : COPY custom_scripts/ ./custom_scripts/ ---> 899c2b4e7df1 Step 6/16 : COPY templates/ ./templates/ ---> b65b84635cd4 Step 7/16 : COPY config.json default.js mobilesecurity.py requirements.txt ./ ERROR: Service 'rms' failed to build: COPY failed: stat /var/lib/docker/tmp/docker-builder243707710/default.js: no such file or directory

    opened by sdcampbell 6
  • Not working with Frida 16.0.2

    Not working with Frida 16.0.2

    Console:[Error: Unable to communicate with remote frida-server; please ensure that major versions match and that the remote Frida has the feature you are trying to use] Both Desktop and Smartphone are using Frida 16.0.2 Frida-ps -U also works from console Only 1 device is connected to my PC

    Desktop:

    • OS: Windows 10
    • Browser: Brave Browser

    Smartphone:

    • Device: iPhone 7
    • OS: 14.2
    • Frida Server version: 16.0.2
    opened by CodingBeaner 5
  • SpringBoard is NOT available on your device | incompatible Mach-O image

    SpringBoard is NOT available on your device | incompatible Mach-O image

    Describe the bug [Required] Installed RMS and can access via localhost:5000. iOS device is detected, but when trying to attach or spawn an app I am getting the following error.

    To Reproduce [Required] Steps to reproduce the behavior:

    1. Open RMS, select iOS and any package name, spawn|attach and Start RMS.
    2. See error
    Package Name: com.apple.podcasts
Mode: Spawn
Device: Device(id="00008020-000118563411802E", name="iPad 4", type='usb')
BETA: False
Frida Startup Script: None
APIs Monitors: None


incompatible Mach-O image
SpringBoard is NOT available on your device or a wrong OS has been selected. For a better RE experience, change it via the Config TAB!
[2020-08-23 13:48:25,614] ERROR in app: Exception on / [POST]
Traceback (most recent call last):
  File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/app.py", line 2446, in wsgi_app
    response = self.full_dispatch_request()
  File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/app.py", line 1951, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/app.py", line 1820, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request
    rv = self.dispatch_request()
  File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "mobilesecurity.py", line 424, in device_management
    pid = device.spawn([target_package])
  File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/frida/core.py", line 26, in wrapper
    return f(*args, **kwargs)
  File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/frida/core.py", line 140, in spawn
    return self._impl.spawn(program, argv, envp, env, cwd, stdio, aux_options)
frida.NotSupportedError: incompatible Mach-O image

    Desktop (please complete the following information): [Required]

    • OS: macOS 10.15.5
    • Browser Chrome (latest)

    Smartphone (please complete the following information): [Required]

    • Device: [e.g. Genymotion, AVD, Google Pixel 3]
    • OS: [e.g. iOS8.1]
    • Frida Server version: [e.g. 12.8.20]
    • Package Name: [e.g. com.example.app]
    • Class name: [e.g. sg.vantagepoint.a.c] (optional)
    • Method name: [e.g. public static boolean c()] (optional)

    I tried with a jailbroken iPad 4 (iOS 13.5) and an iPhone 6S (12.4). Both have latest version of Frida installed via Cydia (12.11.10) and are jailbroken with unc0ver.

    Console Logs [Required] See above

    image

    image

    image

    FRIDA internal 
    opened by sushi2k 5
  • Ignore methods (Insert a Filter)

    Ignore methods (Insert a Filter)

    Problem Hook all classes that start with: f0.

    127.0.0.1 - - [16/May/2020 00:31:29] "GET /dump?filter=f0.&choice=1 HTTP/1.1" 200 -
[2020-05-16 00:31:31,069] ERROR in app: Exception on /dump [GET]
Traceback (most recent call last):
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 2447, in wsgi_app
    response = self.full_dispatch_request()
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 1952, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 1821, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 1950, in full_dispatch_request
    rv = self.dispatch_request()
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 1936, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "mobilesecurity.py", line 288, in home
    return printwebpage()
  File "mobilesecurity.py", line 619, in printwebpage
    loaded_classes_str=printClassesMethods(),
  File "mobilesecurity.py", line 634, in printClassesMethods
    for index, method_name in enumerate(loaded_methods[class_name]):
KeyError: 'f0.p0.k.d$b'

    Solution you'd like Ability to specify the methods to ignore eg: f0.,okhttp3.,--f0.p0.k.

    bug enhancement help wanted 
    opened by 4val0v 5
  • Can not run

    Can not run

    Hi guys! I run the following js code every time I go to "step 4" of dumpdex function and I don't continue. Why? ///////////////////////////////////////////////////////////////////////////////////////////////////

    // js code begin

    function LogPrint(log) { var theDate = new Date(); var hour = theDate.getHours(); var minute = theDate.getMinutes(); var second = theDate.getSeconds(); var mSecond = theDate.getMilliseconds()

    hour < 10 ? hour = "0" + hour : hour;
minute < 10 ? minute = "0" + minute : minute;
second < 10 ? second = "0" + second : second;
mSecond < 10 ? mSecond = "00" + mSecond : mSecond < 100 ? mSecond = "0" + mSecond : mSecond;

var time = hour + ":" + minute + ":" + second + ":" + mSecond;
send("[" + time + "] " + log);

    }

    function getAndroidVersion(){ var version = 0;

    if(Java.available){
    var versionStr = Java.androidVersion;
    version = versionStr.slice(0,1);
}else{
    LogPrint("Error: cannot get android version");
}
LogPrint("Android Version: " + version);
return version;

    }

    function getFunctionName(){ var i = 0; var functionName = "";

    // Android 4: hook dvmDexFileOpenPartial
// Android 5: hook OpenMemory
// after Android 5: hook OpenCommon
if(getAndroidVersion() > 4){ // android 5 and later version
    var artExports =  Module.enumerateExportsSync("libart.so");
    for(i = 0; i< artExports.length; i++){
        if(artExports[i].name.indexOf("OpenMemory") !== -1){
            functionName = artExports[i].name;
            LogPrint("index " + i + " function name: "+ functionName);
            break;
        }else if(artExports[i].name.indexOf("OpenCommon") !== -1){
            functionName = artExports[i].name;
            LogPrint("index " + i + " function name: "+ functionName);
            break;
        }
    }
}else{ //android 4
    var dvmExports =  Module.enumerateExportsSync("libdvm.so");
    if(dvmExports.length !== 0){  // check libdvm.so first
        for(i = 0; i< dvmExports.length; i++){
            if(dvmExports[i].name.indexOf("dexFileParse") !== -1){
                functionName = dvmExports[i].name;
                LogPrint("index " + i + " function name: "+ functionName);
                break;
            }
        }
    }else{ // if not load libdvm.so, check libart.so
        dvmExports = Module.enumerateExportsSync("libart.so");
        for(i = 0; i< dvmExports.length; i++){
            if(dvmExports[i].name.indexOf("OpenMemory") !== -1){
                functionName = dvmExports[i].name;
                LogPrint("index " + i + " function name: "+ functionName);
                break;
            }
        }
    }
}
return functionName;

    }

    function getProcessName(){ var processName = "";

    var fopenPtr = Module.findExportByName("libc.so", "fopen");
var fopenFunc = new NativeFunction(fopenPtr, 'pointer', ['pointer', 'pointer']);
var fgetsPtr = Module.findExportByName("libc.so", "fgets");
var fgetsFunc = new NativeFunction(fgetsPtr, 'int', ['pointer', 'int', 'pointer']);
var fclosePtr = Module.findExportByName("libc.so", "fclose");
var fcloseFunc = new NativeFunction(fclosePtr, 'int', ['pointer']);

var pathPtr = Memory.allocUtf8String("/proc/self/cmdline");
var openFlagsPtr = Memory.allocUtf8String("r");

var fp = fopenFunc(pathPtr, openFlagsPtr);
if(fp.isNull() === false){
    var buffData = Memory.alloc(128);
    var ret = fgetsFunc(buffData, 128, fp);
    if(ret !== 0){
        processName = Memory.readCString(buffData);
        LogPrint("processName " + processName);
    }
    fcloseFunc(fp);
}
return processName;

    }

    function arraybuffer2hexstr(buffer) { var hexArr = Array.prototype.map.call( new Uint8Array(buffer), function (bit) { return ('00' + bit.toString(16)).slice(-2) } ); return hexArr.join(' '); }

    function checkDexMagic(dataAddr){ var magicMatch = true; var magicFlagHex = [0x64, 0x65, 0x78, 0x0a, 0x30, 0x33, 0x35, 0x00];

    for(var i = 0; i < 8; i++){
    if(Memory.readU8(ptr(dataAddr).add(i)) !== magicFlagHex[i]){
        magicMatch = false;
        break;
    }
}

return magicMatch;

    }

    function checkOdexMagic(dataAddr){ var magicMatch = true; var magicFlagHex = [0x64, 0x65, 0x79, 0x0a, 0x30, 0x33, 0x36, 0x00];

    for(var i = 0; i < 8; i++){
    if(Memory.readU8(ptr(dataAddr).add(i)) !== magicFlagHex[i]){
        magicMatch = false;
        break;
    }
}

return magicMatch;

    }

    function dumpDex(moduleFuncName, processName){ if(moduleFuncName !== ""){ var hookFunction; if(getAndroidVersion() > 4){ // android 5 and later version hookFunction = Module.findExportByName("libart.so", moduleFuncName); LogPrint("step 1" + hookFunction); }else{ // android 4 hookFunction = Module.findExportByName("libdvm.so", moduleFuncName); // check libdvm.so first LogPrint("step 2" + hookFunction); if(hookFunction == null) { hookFunction = Module.findExportByName("libart.so", moduleFuncName); //// if not load libdvm.so, check libart.so LogPrint("step 3" + hookFunction); } } Interceptor.attach(hookFunction,{ onEnter: function(args){ LogPrint("step 4");

                var begin = 0;
            var dexMagicMatch = false;
            var odexMagicMatch = false;
			
			
            dexMagicMatch = checkDexMagic(args[0]);
            if(dexMagicMatch === true){
                begin = args[0];
            }else{
                odexMagicMatch = checkOdexMagic(args[0]);
                if(odexMagicMatch === true){
                    begin = args[0];
                }
            }

            if(begin === 0){
                dexMagicMatch = checkDexMagic(args[1]);
                if(dexMagicMatch === true){
                    begin = args[1];
                }else{
                  odexMagicMatch = checkOdexMagic(args[1]);
                  if(odexMagicMatch === true){
                      begin = args[1];
                  }
                }
            }

            if(dexMagicMatch === true){
                LogPrint("magic : " + Memory.readUtf8String(begin));
                //console.log(hexdump(begin, { offset: 0, header: false, length: 64, ansi: false }));
                var address = parseInt(begin,16) + 0x20;
                var dex_size = Memory.readInt(ptr(address));
                LogPrint("dex_size :" + dex_size);
                var dex_path = "/data/data/" + processName + "/" + dex_size + ".dex";
                var dex_file = new File(dex_path, "wb");
                dex_file.write(Memory.readByteArray(begin, dex_size));
                dex_file.flush();
                dex_file.close();
                LogPrint("dump dex success, saved path: " + dex_path + "\n");
            }else if(odexMagicMatch === true){
                LogPrint("magic : " + Memory.readUtf8String(begin));
                //console.log(hexdump(begin, { offset: 0, header: false, length: 64, ansi: false }));
                var address = parseInt(begin,16) + 0x0C;
                var odex_size = Memory.readInt(ptr(address));
                LogPrint("odex_size :" + odex_size);
                var odex_path = "/data/data/" + processName + "/" + odex_size + ".odex";
                var odex_file = new File(odex_path, "wb");
                odex_file.write(Memory.readByteArray(begin, odex_size));
                odex_file.flush();
                odex_file.close();
                LogPrint("dump odex success, saved path: " + odex_path + "\n");
            }
        },
        onLeave: function(retval){
        }
    });
}else{
    LogPrint("Error: cannot find correct module function.");
}

    }

    //start dump dex file var moduleFucntionName = getFunctionName(); var processName = getProcessName(); if(moduleFucntionName !== "" && processName !== ""){ dumpDex(moduleFucntionName, processName); }

    // js code end

    opened by CEV-Code 5
  • String Comparison API hook

    String Comparison API hook

    Shouldn't the args be printed in the args fields instead of only their types?

    [API_Monitor]
{
  "category": "String Comparison",
  "class": "java.lang.String",
  "method": "equals",
  "args": "[\"<instance: java.lang.Object, $className: java.lang.String>\"]",
  "returnValue": "true",
  "calledFrom": "\u0007"
}
    opened by brunoaduarte 2
Releases(1.5.13)

  • 1.5.13(Nov 27, 2022)

    RMS-Runtime-Mobile-Security_v1.5.0

    Runtime Mobile Security (RMS) 📱🔥 - v1.5.13 is out 🎉🎉🎉

    NPM

    CHANGELOG

    • Attach process fix for Android devices by @brunoaduarte
    • dependencies updated

    INSTALLATION Follow the instructions below to install and run the new NodeJS version:

    1. Open the terminal and run the following command to install the npm package
      • npm install -g rms-runtime-mobile-security
    2. Make sure frida-server is up and running on the target device.
    3. Launch RMS via the following command
      • rms (or RMS-Runtime-Mobile-Security)
    4. Open your browser at http://127.0.0.1:5000/
    5. Start enjoying RMS 📱🔥
    Source code(tar.gz)
    Source code(zip)

  • 1.5.12(Nov 20, 2022)

    RMS-Runtime-Mobile-Security_v1.5.0

    Runtime Mobile Security (RMS) 📱🔥 - v1.5.12 is out 🎉🎉🎉

    NPM

    CHANGELOG

    • Added support for FRIDA version 16.*

    INSTALLATION Follow the instructions below to install and run the new NodeJS version:

    1. Open the terminal and run the following command to install the npm package
      • npm install -g rms-runtime-mobile-security
    2. Make sure frida-server is up and running on the target device.
    3. Launch RMS via the following command
      • rms (or RMS-Runtime-Mobile-Security)
    4. Open your browser at http://127.0.0.1:5000/
    5. Start enjoying RMS 📱🔥
    Source code(tar.gz)
    Source code(zip)

  • 1.5.9(Aug 10, 2021)

    RMS-Runtime-Mobile-Security_v1.5.0

    Runtime Mobile Security (RMS) 📱🔥 - v1.5.9 is out 🎉🎉🎉

    NPM

    CHANGELOG

    • new frida custom scripts: okhttp3 ssl pinning bypass (Android) and check custom keyboard support (iOS)

    INSTALLATION Follow the instructions below to install and run the new NodeJS version:

    1. Open the terminal and run the following command to install the npm package
      • npm install -g rms-runtime-mobile-security
    2. Make sure frida-server is up and running on the target device.
    3. Launch RMS via the following command
      • rms (or RMS-Runtime-Mobile-Security)
    4. Open your browser at http://127.0.0.1:5000/
    5. Start enjoying RMS 📱🔥
    Source code(tar.gz)
    Source code(zip)

  • 1.5.8(Jul 30, 2021)

    RMS-Runtime-Mobile-Security_v1.5.0

    Runtime Mobile Security (RMS) 📱🔥 - v1.5.8 is out 🎉🎉🎉

    NPM

    CHANGELOG

    • frida has been updated to v15
    • frida-compile has been updated to v10

    INSTALLATION Follow the instructions below to install and run the new NodeJS version:

    1. Open the terminal and run the following command to install the npm package
      • npm install -g rms-runtime-mobile-security
    2. Make sure frida-server is up and running on the target device.
    3. Launch RMS via the following command
      • rms (or RMS-Runtime-Mobile-Security)
    4. Open your browser at http://127.0.0.1:5000/
    5. Start enjoying RMS 📱🔥
    Source code(tar.gz)
    Source code(zip)

  • 1.5.0(Dec 4, 2020)

    RMS-Runtime-Mobile-Security_v1.5.0

    Runtime Mobile Security (RMS) 📱🔥 - v1.5 is out 🎉🎉🎉

    NPM

    CHANGELOG RMS is now powered by @nodejs

    • super responsive web interface
    • npm package and cli app
    • better integration with @frida modules

    INSTALLATION Follow the instructions below to install and run the new NodeJS version:

    1. Open the terminal and run the following command to install the npm package
      • npm install -g rms-runtime-mobile-security
    2. Make sure frida-server is up and running on the target device.
    3. Launch RMS via the following command
      • rms (or RMS-Runtime-Mobile-Security)
    4. Open your browser at http://127.0.0.1:5000/
    5. Start enjoying RMS 📱🔥
    Source code(tar.gz)
    Source code(zip)

  • 1.4.3(Dec 2, 2020)

    Runtime Mobile Security (RMS) 📱🔥 - Version 1.4.3 🎉

    • new default frida scripts
    • improved documentation
    • bug-fixing

    ‼️ NOTE: starting with the next release of RMS, the web interface will be powered by NodeJS. Python (Flask) interface will no longer be supported.

    Source code(tar.gz)
    Source code(zip)

  • 1.4.2(Sep 8, 2020)

    Runtime Mobile Security (RMS) 📱🔥 - Version 1.4.2 🎉

    • Improved APIs Monitor Output (bug fixing)
    • new option to save the APIs Monitor Console output
    • new option to reset the Console Logs Output
    • new FRIDA custom scripts: Bypass for iOS 13 SSL Pinning and Android System.exit()
    • Solving OWASP UnCrackable Android Apps Tutorial links added to the README
    • default FRIDA custom scripts are now alphabetically ordered
    • UI improvements
    Source code(tar.gz)
    Source code(zip)

  • 1.4.1(Aug 5, 2020)

    Runtime Mobile Security (RMS) 📱🔥 - Version 1.4.1 🎉

    • improved gadget support
    • iOS attach process fix | issue #29
    • improved Device Page UI
    • APIs Monitor return value fix
    • new Android APIs Monitors: Accessibility, Clicks, Clipboard, Compression, Bluetooth, JSON, Socket

    Device_Page_new_UI

    Source code(tar.gz)
    Source code(zip)

  • 1.4(Jul 20, 2020)

    Runtime Mobile Security (RMS) 📱🔥 - Version 1.4 🎉

    All the most important features of RMS have been ported to iOS devices 🎉🎉🎉

    DEMO_5_Hook_Hack

    Source code(tar.gz)
    Source code(zip)

  • 1.3.2(Jun 28, 2020)

    Runtime Mobile Security (RMS) 📱🔥 - Version 1.3.2 🎉

    • New Custom Frida Scripts by @FSecureLABS, Mediaservice, @iddoeldor, @dzonerzy and @akabe1
    • New Zoomed Modal View for Console Logs TAB
    • New File Manager [BETA] - since the feature is still in [BETA], files download directly from the web page is currently not possibile (frida-fs is the solution)
    Source code(tar.gz)
    Source code(zip)

  • 1.3.1(Jun 13, 2020)

    Runtime Mobile Security (RMS) 📱🔥 - Version 1.3.1 🎉

    • Heap Search page has been redesigned
    • new Heap Search algorithm
    • Hook Lab - it is now possible to generate hook template directly for a specific method
    • UI fix and improvements:
      • loaded_classes are now alphabetically sorted
      • flask logs have been enabled again
      • new call stack index for hooked methods I/O info
      • improved Stack Trace output
    Source code(tar.gz)
    Source code(zip)

  • 1.3(Jun 10, 2020)

    Runtime Mobile Security (RMS) 📱🔥 - Version 1.3 🎉

    • Dump page is now able to highlight all the hooked methods that have been executed by the app
    • print StackTrace directly from the dump page
    • new button to save console logs in a text file
    • new quick filters for loaded methods: executed, native, boolean
    • new button to quickly filter loaded classes based on package name
    • loaded classes are now alphabetically sorted
    Source code(tar.gz)
    Source code(zip)

  • 1.2(Jun 5, 2020)

    Runtime Mobile Security (RMS) 📱🔥 - Version 1.2 🎉

    • Regex search for loaded classes by @Azult (PR #17)
    • new FRIDA custom scripts by @iddoeldor:
      • bypass_flag_secure.js
      • hook_JNI_by_address.js
      • get_ANDROID_ID.js
    • class filter for AndroidX stuff
    • new monitor API: Permissions
    • RMS is now able to detect FRIDA crashes
    • Flask-Server logs have been hidden
    • it is now possibile to hook methods with an array as argument (issue #18)
    Source code(tar.gz)
    Source code(zip)

  • 1.1(May 21, 2020)

    • via the new API Monitor TAB you can easily monitor tons of Android APIs organized in 19 different Categories. Support can be easily extended by adding more classes/methods to the api_monitor.json file
    • RMS can now work without attaching the default persistence process
    • fixed a bug in loadmethods (default.js) | issue #14
    Source code(tar.gz)
    Source code(zip)

  • 1.0.5(May 17, 2020)

  • 1.0.4(May 2, 2020)

    • new File System Monitor TAB (BETA)
    • new print StackTrace option (Hook LAB) - disabled by default
    • fix print issue (hook_lab_template)
    • new readme and demo
    Source code(tar.gz)
    Source code(zip)

  • 1.0.3(Apr 19, 2020)

    • Console output is now managed via a socket connection (1)
    • New Config panel (2)
    • New Console Output interface
    • Improved session management

    thanks to @realgam3 (1) and @b1gb1t (2) for the contribution 🎉

    Source code(tar.gz)
    Source code(zip)

  • v1.0.2(Apr 5, 2020)

  • v1.0.1(Apr 4, 2020)

    • New Heap Search feature (experimental)
    • Bug fixing (e.g. main search bar)
    • Docker support (•)
    • Package Auto Complete (•)
    • Remote Device Config (•)

    (•) thanks to @realgam3 for the contribution 🎉

    Source code(tar.gz)
    Source code(zip)

  • v1.0(Mar 27, 2020)

Owner
Mobile Security
Mobile Security
GitHub https://twitter.com/mobilesecurity_
Cross-platform framework for building truly native mobile apps with Java or Kotlin. Write Once Run Anywhere support for iOS, Android, Desktop & Web.

Codename One - Cross Platform Native Apps with Java or Kotlin Codename One is a mobile first cross platform environment for Java and Kotlin developers

Codename One 1.4k Jan 9, 2023
A powerful tool (iOS & Android) that focuses on mobile operation behavior!

DiDiPrism,中文名:小桔棱镜,是一款专注于移动端操作行为的工具,涵盖APP操作回放、操作检测、以及数据可视化能力。我们在整个方案的实现过程中沉淀出了一套技术框架,希望可以逐步开源出来帮助更多人,同时也希望棱镜在大家的合力下能够更快的成长。 它有哪些亮点? 零入侵 业务代码无需任何适配。 高可

DiDi 1.6k Dec 22, 2022
Events Calendar is a user-friendly library that helps you achieve a cool Calendar UI with events mapping. You can customise every pixel of the calendar as per your wish and still achieve in implementing all the functionalities of the native android calendar in addition with adding dots to the calendar which represents the presence of an event on the respective dates. It can be done easily, you are just a few steps away from implementing your own badass looking Calendar for your very own project!

Events Calendar Single Selection Mode Range Selection Mode Multiple Selection Mode What is Events Calendar? Events Calendar is a user-friendly library

Deepan 201 Dec 9, 2022
A Kotlin Multiplatform Project using TMDB Api. Currently supports Android,iOS,Desktop and web platforms

A Kotlin Multiplatform Project using TMDB Api(https://www.themoviedb.org/). Currently this project is implemented in following platforms Andr

Jackson E J 11 Nov 10, 2022
A sample project that helps to start building a Mobile Kotlin Multiplatform application

Mobile Kotlin multiplatform project template A sample project that helps to start building a Mobile Kotlin Multiplatform application. It establishes a

Dizel 0 Oct 16, 2021
Kotlin Multiplatform Sample - Android, iOS, Web, Desktop

KMP-Sample Kotlin Multiplatform Sample Android iOS Web (Compose for web) Desktop (Compose for desktop) ?? Structure Diagram ?? Build At least android

안홍범 14 Dec 13, 2022
Project-applocker - A concept app that uses Jetpack Security to encrypt user data such as text files or images using Encrypted Shared Preferences

SecureBox A concept app that uses Jetpack Security to encrypt user data such as

Astha Nayak 4 Oct 10, 2022
🚀 Native iOS- and Android- Apps with JavaScript

Titanium Welcome to the Titanium open source project. Titanium provides a mature platform for developers to build completely native cross-platform mob

Team Appcelerator 2.6k Jan 4, 2023
Location Service Manager for Kotlin Multiplatform Mobile iOS and android

Location Service Manager for Kotlin Multiplatform Mobile iOS and android Features Provides simple permission settings Dramatically reduce the amount o

LINE 55 Dec 10, 2022
Kotlin Multiplatform Mobile demo for Android and iOS - app for viewing Cat pictures

CatViewerDemo Android demo iOS demo Kotlin Multiplatform Mobile demo for Android and iOS. App for viewing Cat pictures from Cats API. This sample show

Martin Rajniak 111 Dec 18, 2022
A local storage management library for Kotlin Multiplatform Mobile iOS and android

A local storage management library for Kotlin Multiplatform Mobile iOS and android Features iOS and Android local storage in one interface Provides ge

LINE 20 Oct 30, 2022
Kotlin Multiplatform is an SDK for cross-platform mobile development, which enables teams to use the same business logic in both Android and iOS client applications.

Kotlin Multiplatform is an SDK for cross-platform mobile development, which enables teams to use the same business logic in both Android and iOS client applications.

Chris Russell 1 Feb 11, 2022
Ethereum Web3 implementation for mobile (android & ios) Kotlin Multiplatform development

Mobile Kotlin web3 This is a Kotlin MultiPlatform library that ... Table of Contents Features Requirements Installation Usage Samples Set Up Locally C

IceRock Development 32 Aug 26, 2022
An app architecture for Kotlin/Native on Android/iOS. Use Kotlin Multiplatform Mobile.

An app architecture for Kotlin/Native on Android/iOS. Use Kotlin Multiplatform Mobile. 项目架构主要分为原生系统层、Android/iOS业务SDK层、KMM SDK层、KMM业务逻辑SDK层、iOS sdkfra

libill 4 Nov 20, 2022
🍭 GithubSearchKMM - Github Repos Search - Android - iOS - Kotlin Multiplatform Mobile using Jetpack Compose, SwiftUI, FlowRedux, Coroutines Flow, Dagger Hilt, Koin Dependency Injection, shared KMP ViewModel, Clean Architecture

GithubSearchKMM Github Repos Search - Kotlin Multiplatform Mobile using Jetpack Compose, SwiftUI, FlowRedux, Coroutines Flow, Dagger Hilt, Koin Depend

Petrus Nguyễn Thái Học 50 Jan 7, 2023
Android project setup files when developing apps from scratch. The codebase uses lates jetpack libraries and MVVM repository architecture for setting up high performance apps

Android architecture app Includes the following Android Respository architecture MVVM Jepack libraries Carousel view Kotlin Kotlin Flow and Livedata P

null 2 Mar 31, 2022
Kotlin Multiplatform Mobile + Mobile Declarative UI Framework (Jetpack Compose and SwiftUI)

Kotlin Multiplatform Mobile + Mobile Declarative UI Framework (Jetpack Compose and SwiftUI)

Kotchaphan Muangsan 3 Nov 15, 2022
Crunch-Mobile - A Food Delivery Mobile App which uses Modern App Architecture Pattern, Firebase And a Simple Restful Api

Crunch-Mobile This is a Food Delivery Mobile App which uses Modern App Architect

Bright Ugwu 1 Jan 1, 2022
A nice weather that helps you get all information including: current weather, hourly weather and also forecasts for 16 days

WeatherForecast This is an ongoing project where I fetch all the weather data using Retrofit and Kotlin Coroutines over two APIs containing both curre

null 2 Jul 26, 2022