RMS (Runtime Mobile Security) is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime. You can easily dump all the loaded classes and relative methods, hook everything on the fly, trace methods args and return value, load custom scripts and many other useful stuff.
General Info
Runtime Mobile Security (RMS) is currently supporting Android devices only.
It has been tested on MacOS and with the following devices:
It should also work well on Windows and Linux but some minor adjustments may be needed.
Do not connect more than one device at the same time. RMS is not so smart at the moment.
Prerequisites
FRIDA server up and running on the target device
Refer to the official FRIDA guide for the installation: https://frida.re/docs/android/
Known Issues
Improvements
Also Read – Project iKy v2.5.0 – Tool That Collects Information From An Email
Installation
(optional) Create a python virtual environment
pip3 install -r requirements.txt
python3 mobilesecurity.py
Usage
NOTE : RMS attachs a persistence process called com.android.systemui to get the list of all the classes that are already loaded in memory before the launch of the target app. If you have an issue with it, try to find a different package that works well on your device. You can set another default package via the Config Tab or by simply editing the config.json file.
Just add your .js files inside the custom_script folder and they will be automatically loaded by the web interface ready to be executed.
Credits
Special thanks to the following Open Source projects for the inspiration:
DEMO Apps:
RootBeer Sample is the DEMO app used to show how RMS works. RootBeer is an amazing root detection library. I decided to use the Sample app as DEMO just to show that, as every client-side only check, its root detection logic can be easily bypassed if not combined with a server-side validation.
Anti-Frida Frida Detection Examples by Bernhard Mueller.
ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…
Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…
SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…
PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…
HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…
What Are Bash Comments? Comments in Bash scripts, are notes in your code that the…