Shulou(Shulou.com)05/31 Report--

This article mainly introduces what RMS-Runtime-Mobile-Security is, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

RMS-Runtime-Mobile-Security

Runtime Mobile Security (RMS) is a powerful Web interface that allows researchers to analyze and modify Android Java classes and methods at run time.

Runtime Mobile Security (RMS) is driven by Frida and provides a powerful and easy-to-use Web interface, we can use RMS to easily export the corresponding methods of all loaded classes when the program is running, and set hooks to the function, track method parameters and return values, load custom scripts and other practical functions.

Tool information

Runtime Mobile Security (RMS) currently supports only Android devices, has been tested on the macOS platform, and currently supports the following running devices:

1. AVD simulator

2. Genymotion simulator

3 、 Amazon Fire Stick 4K

In theory, the tool can also run on Windows and Linux platforms, but some other dependent components need to be configured.

Tool dependence

Normal use of Runtime Mobile Security (RMS) requires that the Frida server be up and running on the target device.

Tool installation

1. (optional) create a Python virtual environment.

2. Then run the following command to clone the project source code locally:

Git clone https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security.git

3. Then run the following code to install the dependent components:

Pip3 install-r requirements.txt

4. Run Runtime Mobile Security (RMS) using the following command:

Use of python3 mobilesecurity.py tool

Step 1: run your target App by entering the application package name.

Note that RMS binds a persistence process called com.android.systemui to get all the classes loaded into memory (before running the target App). Of course, you can also set other default packages through the Config tab or editing the config.json file.

Step 2: detect classes and methods that have been loaded into memory.

Step 3: implement the hook class / method and track the corresponding parameters and return values.

Step 4: search for specific class instances in the heap and the methods called.

Step 5: select a class and dynamically generate hook templates for all methods.

Step 6: detect new classes that have been loaded into memory.

Step 7: dynamically inject Frida custom scripts.

You can choose to add custom .js files to the custom_script folder, and these scripts will be automatically loaded into the Web interface and can be executed at any time.

Demo application

RootBeer Sample is a sample App that demonstrates how RMS works. RootBeer is a root detection library, and I intend to demonstrate RMS as a sample application. It can be used as a client-side detection example, and its root detection logic can be bypassed without server-side verification.

Thank you for reading this article carefully. I hope the article "what is RMS-Runtime-Mobile-Security" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.