Convert Figma logo to code with AI

m0bilesecurity logoRMS-Runtime-Mobile-Security

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

2,657
379
2,657
3

Top Related Projects

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

1,569

Documentation:

📱 objection - runtime mobile exploration

15,995

Clone this repo to build Frida

41,326

Dex to Java decompiler

Quick Overview

RMS-Runtime-Mobile-Security is a powerful web interface for dynamic analysis and manipulation of Android and iOS applications. It leverages Frida, a dynamic instrumentation toolkit, to provide real-time insights into app behavior and allows for runtime modifications. This tool is particularly useful for security researchers, penetration testers, and mobile app developers.

Pros

  • User-friendly web interface for easy interaction with mobile apps
  • Supports both Android and iOS platforms
  • Provides a wide range of pre-built scripts for common analysis tasks
  • Allows custom script injection for advanced users

Cons

  • Requires a rooted/jailbroken device for full functionality
  • May not work with all apps, especially those with advanced anti-tampering measures
  • Setup process can be complex for beginners
  • Limited documentation for some advanced features

Getting Started

  1. Install the required dependencies:

    pip install -r requirements.txt
    
  2. Start the RMS server:

    python3 mobilesecurity.py
    
  3. Access the web interface at http://127.0.0.1:5000

  4. Connect your mobile device and start analyzing apps using the provided interface.

Note: Ensure that Frida is properly set up on your target device before using RMS. Refer to the project's README for detailed setup instructions and troubleshooting tips.

Competitor Comparisons

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Pros of Mobile-Security-Framework-MobSF

  • Comprehensive mobile app security testing framework supporting both static and dynamic analysis
  • Extensive reporting capabilities with detailed vulnerability assessments
  • Active development and community support with regular updates

Cons of Mobile-Security-Framework-MobSF

  • Steeper learning curve due to its comprehensive nature
  • Requires more system resources for full functionality
  • May be overkill for simple runtime analysis tasks

Code Comparison

MobSF (Python):

def scan_file(self, file_path):
    # Perform static analysis
    static_analysis_result = self.static_analyzer.analyze(file_path)
    # Perform dynamic analysis
    dynamic_analysis_result = self.dynamic_analyzer.analyze(file_path)
    return self.generate_report(static_analysis_result, dynamic_analysis_result)

RMS-Runtime-Mobile-Security (JavaScript):

function analyzeRuntime(app) {
  // Hook into app runtime
  frida.attach(app);
  // Monitor runtime behavior
  frida.monitor(app);
  return generateReport();
}

The code snippets illustrate the different approaches:

  • MobSF performs both static and dynamic analysis
  • RMS focuses on runtime analysis using Frida

Both tools serve different purposes in mobile app security testing, with MobSF offering a more comprehensive solution and RMS providing specialized runtime analysis capabilities.

1,569

Documentation:

Pros of appmon

  • Supports both Android and iOS platforms
  • Provides a graphical user interface for easier interaction
  • Offers real-time monitoring and analysis of mobile app traffic

Cons of appmon

  • Less actively maintained (last update in 2019)
  • Requires more setup and dependencies
  • Limited documentation and community support

Code Comparison

appmon:

def on_message(message, data):
    if message['type'] == 'send':
        print("[*] {0}".format(message['payload']))
    else:
        print(message)

RMS-Runtime-Mobile-Security:

function hookNativeFunctionByName(functionName) {
    var nativeFunction = Module.findExportByName(null, functionName);
    if (nativeFunction != null) {
        Interceptor.attach(nativeFunction, {
            onEnter: function(args) {
                console.log("[*] " + functionName + " called");
            }
        });
    }
}

Both projects aim to enhance mobile app security analysis, but RMS-Runtime-Mobile-Security focuses specifically on Android and provides a more modern, web-based interface. It also offers more frequent updates and better documentation. appmon, while supporting both Android and iOS, has a more traditional approach with its GUI and hasn't been updated recently. The code snippets show different approaches to message handling and function hooking, reflecting the distinct focuses of each project.

📱 objection - runtime mobile exploration

Pros of objection

  • More comprehensive feature set for mobile app security testing
  • Active development and regular updates
  • Extensive documentation and community support

Cons of objection

  • Steeper learning curve for beginners
  • Requires more setup and configuration
  • May be overkill for simple runtime analysis tasks

Code Comparison

RMS-Runtime-Mobile-Security:

@app.route('/api/loadFrida', methods=['POST'])
def load_frida():
    # Load Frida script
    device = frida.get_usb_device()
    pid = device.spawn([package_name])
    session = device.attach(pid)

objection:

def _spawn_target(self):
    try:
        self.device.spawn(self.package)
        return self.device.attach(self.package)
    except frida.ProcessNotFoundError:
        click.secho('Unable to spawn {0}'.format(self.package), fg='red')

Both projects use Frida for runtime manipulation, but objection offers a more abstracted and feature-rich approach to mobile app security testing. RMS-Runtime-Mobile-Security provides a simpler, web-based interface for quick analysis, while objection offers a more powerful command-line tool with extensive capabilities. The choice between the two depends on the user's needs and expertise level in mobile app security testing.

15,995

Clone this repo to build Frida

Pros of Frida

  • More mature and widely adopted project with extensive documentation and community support
  • Supports a broader range of platforms, including iOS, Android, Windows, macOS, and Linux
  • Offers powerful dynamic instrumentation capabilities with a flexible scripting API

Cons of Frida

  • Steeper learning curve, especially for users new to dynamic analysis
  • Requires more setup and configuration compared to RMS
  • May be overkill for simple mobile app analysis tasks

Code Comparison

Frida script example:

Java.perform(function() {
    var MainActivity = Java.use("com.example.app.MainActivity");
    MainActivity.sensitiveMethod.implementation = function() {
        console.log("sensitiveMethod called");
        return this.sensitiveMethod();
    };
});

RMS doesn't require writing custom scripts for basic hooking. Instead, it provides a web interface for runtime manipulation:

# No equivalent code snippet, as RMS uses a GUI for most operations

RMS focuses on providing a user-friendly interface for mobile app analysis, while Frida offers more flexibility and power through its scripting capabilities. RMS is easier to use for beginners, but Frida provides more advanced features for experienced security researchers.

41,326

Dex to Java decompiler

Pros of jadx

  • Provides a graphical user interface for easier navigation and analysis of decompiled code
  • Supports multiple output formats, including Java source code and Smali
  • Actively maintained with frequent updates and improvements

Cons of jadx

  • Focused primarily on static analysis, lacking runtime inspection capabilities
  • Limited to Android APK and Dex files, not as versatile for other mobile platforms
  • May struggle with heavily obfuscated code or complex applications

Code comparison

RMS-Runtime-Mobile-Security:

def get_loaded_classes(self):
    loaded_classes = self.java.jvm.java.lang.Class.getClasses()
    return [str(c) for c in loaded_classes]

jadx:

public static List<ClassNode> getClassesWithField(DexNode dex, Field field) {
    List<ClassNode> list = new ArrayList<>();
    for (ClassNode cls : dex.getClasses()) {
        if (cls.searchFieldByName(field.getName()) != null) {
            list.add(cls);
        }
    }
    return list;
}

While RMS-Runtime-Mobile-Security focuses on runtime analysis and dynamic inspection of loaded classes, jadx primarily deals with static analysis and decompilation of Android applications. RMS provides more flexibility for runtime manipulation, while jadx excels in generating readable source code from compiled Android apps.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Runtime Mobile Security (RMS) 📱🔥

RMS_logo

npm version npm downloads bundle size license GitHub stars GitHub forks

by @mobilesecurity_

Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime.

With RMS you can easily dump all loaded classes and relative methods, hook everything on the fly, trace methods args and return value, load custom scripts and many other useful stuff.

iOS DEMO - VIDEO

RMS - iOS DEMO

Android DEMO - VIDEO

RMS - Android DEMO

Tutorial - Android

Prerequisites

  1. NodeJS installed on your computer
  2. FRIDA's CLI tools installed on your computer
  3. FRIDA server up and running on the target device

Quick smoke-test

As suggested by the official FRIDA doc, please perform a quick smoke-test to make sure FRIDA is working properly on your test device.

By running the frida-ps -U command from your desktop, you should receive the list of the processes running on your connected mobile device.

Android                    | iOS
  PID NAME                 |  PID NAME
 1590 com.facebook.katana  |  488 Clock
 3282 com.twitter.android  |  116 Facebook
 …                            …

Tips

Some cool projects that can help you to auto install, update and run FRIDA on Android devices are:

They are not needed on iOS devices, since FRIDA starts just after the boot of the device (jailbreak mode).

Installation

  1. Open the terminal and run the following command to install the npm package
    • npm install -g rms-runtime-mobile-security
    • If you can't install the frida-node dependency, please check this troubleshooting post written by Chichou to choose another version of Node.js
  2. Make sure frida-server is up and running on the target device.
  3. Launch RMS via the following command
    • rms (or RMS-Runtime-Mobile-Security)
  4. Open your browser at http://127.0.0.1:5491/
  5. Start enjoying RMS 📱🔥

NOTE
Default RMS port has been changed from 5000 to 5491 because since MacOS Ventura, port 5000 is the Control Center's default port. If you wish to change the default port, you can also run RMS with the --port parameter followed by the desired port number e.g. rms --port 9000

Notes and possibile issues

  1. In case of issues with the npm package installed as a global cli app, please try the local installation (development mode)
  2. In case of issues with your favorite Browser (e.g. logs not printed in the web console), please use Google Chrome (fully supported)
  3. If RMS is not able to detect your device, please perform the following checks:
    • double check if frida-server is up and running on the target device. Instructions are here: prerequisites / quick smoke-test
    • RMS must be started after frida-server
    • make sure that only 1 device is connected to your computer. RMS is currently not able to detect multiple devices
    • kill RMS and start it again

Development mode

Follow the steps below if you want to develop new features for RMS 😉

  1. git clone https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security.git
  2. cd RMS-Runtime-Mobile-Security
  3. npm install (local installation)
  4. Launch RMS via node rms.js
  5. You can also install RMS as global package by running the following commands:
    • npm install -g to install dependencies
    • npm run compile to compile the frida-agent
    • rms to run RMS (anywhere)

NOTE: If you add new features to the agent (/agent/RMS_core.js), please remember to recompile the code by running npm run compile or directly via the frida-compile command (frida-compile agent/RMS_core.js -o agent/compiled_RMS_core.js)

General Info

Runtime Mobile Security (RMS) supports Android and iOS devices.

It has been tested on MacOS and with the following devices:

  • AVD emulator
  • Genymotion emulator
  • Amazon Fire Stick 4K
  • iPhone 7
  • Chrome (Web Interface)

It should also work well on Windows and Linux but some minor adjustments may be needed.

Known issues and improvements

  • Sometime RMS fails to load complex methods. Use a filter when this happens or feel free to improve the algo (agent/RMS_core.js)
  • Socket are not working on Safari, please use Chrome instead
  • RMS is not able to recognize multiple devices. Please do not connect more than one device at the same time
  • Code is not optimized
  • Feel free to send me your best JS script via a Pull Request. I'll be happy to bundle all the best as default scripts in the next RMS release (e.g. root detection bypass, ssl pinning, etc)

Usage

1. Run your favorite app by simply inserting its package name

NOTE RMS attachs a persistence process called com.android.systemui on Android and SpringBoard on iOS devices to get the list of all the classes that are already loaded in memory before the launch of the target app. If you have an issue with them, try to find a different default package that works well on your device. You can set another default package via the Config Tab or by simply editing the /config/config.json file.

DEMO_1_Android

DEMO_1_iOS

2. Check which Classes and Methods have been loaded in memory

DEMO_2_Android

DEMO_2_iOS

3. Hook on the fly Classes/Methods and trace their args and return values

DEMO_3_a

Go back to the dump page in order to have an overview of all the hooked methods that have been executed by the app ✅

DEMO_3_b

4. Search instances of a specific class on the Heap and call its methods

DEMO_4_Android

DEMO_4_iOS

5. Select a Class and generate on the fly an Hook template for all its methods

DEMO_5_Android

DEMO_5_iOS

6. Easily detect new classes that have been loaded in memory

DEMO_6

7. Inject your favorite FRIDA CUSTOM SCRIPTS on the fly

Just add your .js files inside the custom_script folder and they will be automatically loaded by the web interface ready to be executed.

DEMO_7_Android

DEMO_7_iOS

8. API Monitor - Android Only

via the API Monitor TAB you can easily monitor tons of Android APIs organized in 20 different Categories. Support can be easily extended by adding more classes/methods to the /config/api_monitor.json file.

DEMO_10

You can also monitor native functions: libc.so - open, close, read, write, unlink, remove

DEMO_8

9. FRIDA Script to load Stetho by Facebook [BONUS]

Inject the FRIDA script to load the amazing Stetho.

Stetho is a sophisticated debug bridge for Android applications. When enabled, developers have access to the Chrome Developer Tools feature natively part of the Chrome desktop browser. Developers can also choose to enable the optional dumpapp tool which offers a powerful command-line interface to application internals.

DEMO_9

10. File Manager [BETA]

A simple File Manager has been implemented to help you exploring app's private folders and files. This feature is still in BETA.

improvement: frida-fs needs to be implemented to enable files download directly from the browser (File Manager TAB).

DEMO_11_Android

DEMO_11_iOS

11. Static Analysis - iOS Only

DEMO_12_iOS

Acknowledgements

Special thanks to the following Open Source projects for the inspiration:

FRIDA Custom Scripts bundled in RMS - Credits:

DEMO apps:

  • RootBeer Sample is the DEMO app used to show how RMS works. RootBeer is an amazing root detection library. I decided to use the Sample app as DEMO just to show that, as every client-side only check, its root detection logic can be easily bypassed if not combined with a server-side validation.
  • DVIA a vulnerable app to test your iOS Penetration Testing Skills
  • Anti-Frida Frida Detection Examples by Bernhard Mueller.

License

RMS is licensed under a GNU General Public v3 License.