Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime.
With RMS you can easily dump all loaded classes and relative methods, hook everything on the fly, trace methods args and return value, load custom scripts and many other useful stuff.
As suggested by the official FRIDA doc, please perform a quick smoke-test to make sure FRIDA is working properly on your test device.
By running the
frida-ps -U command from your desktop, you should receive the list of the processes running on your connected mobile device.
Android | iOS PID NAME | PID NAME 1590 com.facebook.katana | 488 Clock 3282 com.twitter.android | 116 Facebook … …
Some cool projects that can help you to auto install, update and run FRIDA on Android devices are:
They are not needed on iOS devices, since FRIDA starts just after the boot of the device (jailbreak mode).
npm install -g rms-runtime-mobile-security
Follow the steps below if you want to develop new features for RMS 😉
git clone https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security.git
npm install(local installation)
npm install -gto install dependencies
npm run compileto compile the frida-agent
rmsto run RMS (anywhere)
NOTE: If you add new features to the agent (/agent/RMS_core.js), please remember to recompile the code by running
npm run compile or directly via the frida-compile command (
frida-compile agent/RMS_core.js -o agent/compiled_RMS_core.js)
Runtime Mobile Security (RMS) supports Android and iOS devices.
It has been tested on MacOS and with the following devices:
It should also work well on Windows and Linux but some minor adjustments may be needed.
NOTE RMS attachs a persistence process called com.android.systemui on Android and SpringBoard on iOS devices to get the list of all the classes that are already loaded in memory before the launch of the target app. If you have an issue with them, try to find a different default package that works well on your device. You can set another default package via the Config Tab or by simply editing the /config/config.json file.
Go back to the dump page in order to have an overview of all the hooked methods that have been executed by the app ✅
Just add your .js files inside the custom_script folder and they will be automatically loaded by the web interface ready to be executed.
via the API Monitor TAB you can easily monitor tons of Android APIs organized in 20 different Categories. Support can be easily extended by adding more classes/methods to the /config/api_monitor.json file.
You can also monitor native functions: libc.so - open, close, read, write, unlink, remove
Inject the FRIDA script to load the amazing Stetho.
Stetho is a sophisticated debug bridge for Android applications. When enabled, developers have access to the Chrome Developer Tools feature natively part of the Chrome desktop browser. Developers can also choose to enable the optional dumpapp tool which offers a powerful command-line interface to application internals.
A simple File Manager has been implemented to help you exploring app's private folders and files. This feature is still in BETA.
improvement: frida-fs needs to be implemented to enable files download directly from the browser (File Manager TAB).
Special thanks to the following Open Source projects for the inspiration:
RMS is licensed under a GNU General Public v3 License.