Runtime Mobile Security: manipulate Android Java Classes and Methods at Runtime

by ddos · November 28, 2024

Runtime Mobile Security

Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime.

You can easily dump all the loaded classes and relative methods, hook everything on the fly, trace methods args and return value, load custom scripts, and much other useful stuff.

General Info

Runtime Mobile Security (RMS) is currently supporting Android devices only.

It has been tested on MacOS and with the following devices:

AVD emulator
Genymotion emulator

Amazon Fire Stick 4K

It should also work well on Windows and Linux but some minor adjustments may be needed.

Changelog v1.5.20

dependencies update (including latest version of FRIDA)
support for NodeJS 20.10.0 – Fix Issue #122
added docker – PR #127 by @sdcampbell 🙏🏻

Install

Follow the instructions below to install and run the new NodeJS version:

Open the terminal and run the following command to install the npm package
- npm install -g rms-runtime-mobile-security

Make sure the frida-server is up and running on the target device.
- Instructions are here: prerequisites / quick smoke-test
Launch RMS via the following command
- rms (or RMS-Runtime-Mobile-Security)
Open your browser at http://127.0.0.1:5000/
Start enjoying RMS

Use

python3 mobilesecurity.py

1. Run your favorite app by simply inserting its package name

NOTE RMS attaches a persistence process called com.android.systemui to get the list of all the classes that are already loaded in memory before the launch of the target app. If you have an issue with it, try to find a different package that works well on your device. You can set another default package by simply editing the config.json file.