m0bilesecurity / rms-runtime-mobile-security Goto Github PK

Describe the bug [Required]
When I attempt to install RMS via npm, I get a list of npm installation errors.

To Reproduce [Required]
Steps to Reproduce for Installation Method 1:
npm install -g rms-runtime-mobile-security

Steps to Reproduce for Installation Method 2:
git clone https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security.git
cd RMS-Runtime-Mobile-Security/
npm install

Desktop (please complete the following information): [Required]

• OS: MacOS - Catalina
• Browser: Chrome
• Frida version: 14.2.13

Console Logs [Required]
Console Logs for Method 1:
npm WARN deprecated [email protected]: 🙌 Thanks for using Babel: we recommend using babel-preset-env now: please read https://babeljs.io/env to update!
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated [email protected]: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.
npm ERR! code 1
npm ERR! path /usr/local/lib/node_modules/rms-runtime-mobile-security/node_modules/frida
npm ERR! command failed
npm ERR! command sh -c prebuild-install || node-gyp rebuild
npm ERR! prebuild-install WARN install No prebuilt binaries found (target=15.10.0 runtime=node arch=x64 libc= platform=darwin)
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using [email protected]
npm ERR! gyp info using [email protected] | darwin | x64
npm ERR! gyp info find Python using Python version 3.8.5 found at "/usr/local/opt/[email protected]/bin/python3.8"
npm ERR! gyp http GET https://nodejs.org/download/release/v15.10.0/node-v15.10.0-headers.tar.gz
npm ERR! gyp http 200 https://nodejs.org/download/release/v15.10.0/node-v15.10.0-headers.tar.gz
npm ERR! gyp http GET https://nodejs.org/download/release/v15.10.0/SHASUMS256.txt
npm ERR! gyp http 200 https://nodejs.org/download/release/v15.10.0/SHASUMS256.txt
npm ERR! gyp info spawn /usr/local/opt/[email protected]/bin/python3.8
npm ERR! gyp info spawn args [
npm ERR! gyp info spawn args '/usr/local/lib/node_modules/npm/node_modules/node-gyp/gyp/gyp_main.py',
npm ERR! gyp info spawn args 'binding.gyp',
npm ERR! gyp info spawn args '-f',
npm ERR! gyp info spawn args 'make',
npm ERR! gyp info spawn args '-I',
npm ERR! gyp info spawn args '/usr/local/lib/node_modules/rms-runtime-mobile-security/node_modules/frida/build/config.gypi',
npm ERR! gyp info spawn args '-I',
npm ERR! gyp info spawn args '/usr/local/lib/node_modules/npm/node_modules/node-gyp/addon.gypi',
npm ERR! gyp info spawn args '-I',
npm ERR! gyp info spawn args '/Users/doug/Library/Caches/node-gyp/15.10.0/include/node/common.gypi',
npm ERR! gyp info spawn args '-Dlibrary=shared_library',
npm ERR! gyp info spawn args '-Dvisibility=default',
npm ERR! gyp info spawn args '-Dnode_root_dir=/Users/me/Library/Caches/node-gyp/15.10.0',
npm ERR! gyp info spawn args '-Dnode_gyp_dir=/usr/local/lib/node_modules/npm/node_modules/node-gyp',
npm ERR! gyp info spawn args '-Dnode_lib_file=/Users/me/Library/Caches/node-gyp/15.10.0/<(target_arch)/node.lib',
npm ERR! gyp info spawn args '-Dmodule_root_dir=/usr/local/lib/node_modules/rms-runtime-mobile-security/node_modules/frida',
npm ERR! gyp info spawn args '-Dnode_engine=v8',
npm ERR! gyp info spawn args '--depth=.',
npm ERR! gyp info spawn args '--no-parallel',
npm ERR! gyp info spawn args '--generator-output',
npm ERR! gyp info spawn args 'build',
npm ERR! gyp info spawn args '-Goutput_dir=.'
npm ERR! gyp info spawn args ]
npm ERR! gyp: binding.gyp not found (cwd: /usr/local/lib/node_modules/rms-runtime-mobile-security/node_modules/frida) while trying to load binding.gyp
npm ERR! gyp ERR! configure error
npm ERR! gyp ERR! stack Error: gyp failed with exit code: 1
npm ERR! gyp ERR! stack at ChildProcess.onCpExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:351:16)
npm ERR! gyp ERR! stack at ChildProcess.emit (node:events:378:20)
npm ERR! gyp ERR! stack at Process.ChildProcess._handle.onexit (node:internal/child_process:290:12)
npm ERR! gyp ERR! System Darwin 19.6.0
npm ERR! gyp ERR! command "/usr/local/Cellar/node/15.10.0_1/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
npm ERR! gyp ERR! cwd /usr/local/lib/node_modules/rms-runtime-mobile-security/node_modules/frida
npm ERR! gyp ERR! node -v v15.10.0
npm ERR! gyp ERR! node-gyp -v v7.1.2
npm ERR! gyp ERR! not ok

Console Logs for Method 2:
MacBook-Pro:RMS-Runtime-Mobile-Security doug$ sudo npm install
npm ERR! code 1
npm ERR! path /Users/RMS-Runtime-Mobile-Security/node_modules/frida
npm ERR! command failed
npm ERR! command sh -c prebuild-install || node-gyp rebuild
npm ERR! prebuild-install WARN install No prebuilt binaries found (target=15.10.0 runtime=node arch=x64 libc= platform=darwin)
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using [email protected]
npm ERR! gyp info using [email protected] | darwin | x64
npm ERR! gyp info find Python using Python version 3.8.5 found at "/usr/local/opt/[email protected]/bin/python3.8"
npm ERR! gyp info spawn /usr/local/opt/[email protected]/bin/python3.8
npm ERR! gyp info spawn args [
npm ERR! gyp info spawn args '/usr/local/lib/node_modules/npm/node_modules/node-gyp/gyp/gyp_main.py',
npm ERR! gyp info spawn args 'binding.gyp',
npm ERR! gyp info spawn args '-f',
npm ERR! gyp info spawn args 'make',
npm ERR! gyp info spawn args '-I',
npm ERR! gyp info spawn args '/Users/RMS-Runtime-Mobile-Security/node_modules/frida/build/config.gypi',
npm ERR! gyp info spawn args '-I',
npm ERR! gyp info spawn args '/usr/local/lib/node_modules/npm/node_modules/node-gyp/addon.gypi',
npm ERR! gyp info spawn args '-I',
npm ERR! gyp info spawn args '/Users/me/Library/Caches/node-gyp/15.10.0/include/node/common.gypi',
npm ERR! gyp info spawn args '-Dlibrary=shared_library',
npm ERR! gyp info spawn args '-Dvisibility=default',
npm ERR! gyp info spawn args '-Dnode_root_dir=/Users/me/Library/Caches/node-gyp/15.10.0',
npm ERR! gyp info spawn args '-Dnode_gyp_dir=/usr/local/lib/node_modules/npm/node_modules/node-gyp',
npm ERR! gyp info spawn args '-Dnode_lib_file=/Users/me/Library/Caches/node-gyp/15.10.0/<(target_arch)/node.lib',
npm ERR! gyp info spawn args '-Dmodule_root_dir=/Users/RMS-Runtime-Mobile-Security/node_modules/frida',
npm ERR! gyp info spawn args '-Dnode_engine=v8',
npm ERR! gyp info spawn args '--depth=.',
npm ERR! gyp info spawn args '--no-parallel',
npm ERR! gyp info spawn args '--generator-output',
npm ERR! gyp info spawn args 'build',
npm ERR! gyp info spawn args '-Goutput_dir=.'
npm ERR! gyp info spawn args ]
npm ERR! gyp: binding.gyp not found (cwd: /Users/RMS-Runtime-Mobile-Security/node_modules/frida) while trying to load binding.gyp
npm ERR! gyp ERR! configure error
npm ERR! gyp ERR! stack Error: gyp failed with exit code: 1
npm ERR! gyp ERR! stack at ChildProcess.onCpExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:351:16)
npm ERR! gyp ERR! stack at ChildProcess.emit (node:events:378:20)
npm ERR! gyp ERR! stack at Process.ChildProcess._handle.onexit (node:internal/child_process:290:12)
npm ERR! gyp ERR! System Darwin 19.6.0
npm ERR! gyp ERR! command "/usr/local/Cellar/node/15.10.0_1/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
npm ERR! gyp ERR! cwd /Users/RMS-Runtime-Mobile-Security/node_modules/frida
npm ERR! gyp ERR! node -v v15.10.0
npm ERR! gyp ERR! node-gyp -v v7.1.2
npm ERR! gyp ERR! not ok

1. Run a FRIDA script at startup - please using Ajax, or in the request pass the package name
   • After selecting a custom script, you must re-specify the package name
2. Console Output - using Ajax (.append()), currently page is always reload
   • The output always moves to the top, which is inconvenient (
   • Also not possible to normally copies output with turn on "Auto Refresh Page".
3. Console Output - There is no way to clear output (
   • Need restart the python process :(

Hello,

Here is the message I've got when I try to use RMS : "[process for process in self._impl.enumerate_processes() if fnmatch.fnmatchcase(process.name.lower(), process_name_lc)]
frida.ServerNotRunningError: unable to connect to remote frida-server: closed"

The FRIDA server seems to be closed. Any idea why ?

Shall we can get a optional feature to hook the custom lib classes ?
Because RMS loads only .java files, but we need other extension classes also(like .cpp, .jsp etc)

thanks to contubuters to support Stetho script,

but as u know, facebook team worked on flipper ,
https://github.com/facebook/flipper

i need Frida script to load flipper,

If we get frida script or API to capture http or https data of android apps, it would be great for us :).
RMS sometimes fail to load some classes. If we try to do capture with script template, it gives error.
Related to objection, some implementations are needed, like manual class or method hook support.

RMS is a great tool with GUI, only some limitations and issues are there, if that all solved, then this would be the best for android pentest.

Install gevent-websocket, does not fix the problem, you could add to requirements also: eventlet.
Cheerz

Hi guys!

First of all this is a great tool you got!

I just wanted to ask you to modify the class filter from 'startsWith' to 'search'.
This is actually implements Regex and thus makes the filtering a lot more efficient.

This is the modification I made to loadclasseswithfilter:

loadclasseswithfilter: function (filter) {
    var loaded_classes = []
    Java.perform(function () {
      Java.enumerateLoadedClasses({
        onMatch: function (className) {

          //check if a filter exists
          if (filter != null) {
            if (className.search(filter.trim()) > -1 ) {
              loaded_classes.push(className)
            }
          }
        },
        onComplete: function () {
          loaded_classes.sort()
        }
      });
    })
    return loaded_classes;
  }

Hope you guys agree with me.

Thanks!

Hi guys!
I run the following js code every time I go to "step 4" of dumpdex function and I don't continue. Why?
///////////////////////////////////////////////////////////////////////////////////////////////////

// js code begin

function LogPrint(log) {
var theDate = new Date();
var hour = theDate.getHours();
var minute = theDate.getMinutes();
var second = theDate.getSeconds();
var mSecond = theDate.getMilliseconds()

hour < 10 ? hour = "0" + hour : hour;
minute < 10 ? minute = "0" + minute : minute;
second < 10 ? second = "0" + second : second;
mSecond < 10 ? mSecond = "00" + mSecond : mSecond < 100 ? mSecond = "0" + mSecond : mSecond;

var time = hour + ":" + minute + ":" + second + ":" + mSecond;
send("[" + time + "] " + log);

}

function getAndroidVersion(){
var version = 0;

if(Java.available){
    var versionStr = Java.androidVersion;
    version = versionStr.slice(0,1);
}else{
    LogPrint("Error: cannot get android version");
}
LogPrint("Android Version: " + version);
return version;

}

function getFunctionName(){
var i = 0;
var functionName = "";

// Android 4: hook dvmDexFileOpenPartial
// Android 5: hook OpenMemory
// after Android 5: hook OpenCommon
if(getAndroidVersion() > 4){ // android 5 and later version
    var artExports =  Module.enumerateExportsSync("libart.so");
    for(i = 0; i< artExports.length; i++){
        if(artExports[i].name.indexOf("OpenMemory") !== -1){
            functionName = artExports[i].name;
            LogPrint("index " + i + " function name: "+ functionName);
            break;
        }else if(artExports[i].name.indexOf("OpenCommon") !== -1){
            functionName = artExports[i].name;
            LogPrint("index " + i + " function name: "+ functionName);
            break;
        }
    }
}else{ //android 4
    var dvmExports =  Module.enumerateExportsSync("libdvm.so");
    if(dvmExports.length !== 0){  // check libdvm.so first
        for(i = 0; i< dvmExports.length; i++){
            if(dvmExports[i].name.indexOf("dexFileParse") !== -1){
                functionName = dvmExports[i].name;
                LogPrint("index " + i + " function name: "+ functionName);
                break;
            }
        }
    }else{ // if not load libdvm.so, check libart.so
        dvmExports = Module.enumerateExportsSync("libart.so");
        for(i = 0; i< dvmExports.length; i++){
            if(dvmExports[i].name.indexOf("OpenMemory") !== -1){
                functionName = dvmExports[i].name;
                LogPrint("index " + i + " function name: "+ functionName);
                break;
            }
        }
    }
}
return functionName;

}

function getProcessName(){
var processName = "";

var fopenPtr = Module.findExportByName("libc.so", "fopen");
var fopenFunc = new NativeFunction(fopenPtr, 'pointer', ['pointer', 'pointer']);
var fgetsPtr = Module.findExportByName("libc.so", "fgets");
var fgetsFunc = new NativeFunction(fgetsPtr, 'int', ['pointer', 'int', 'pointer']);
var fclosePtr = Module.findExportByName("libc.so", "fclose");
var fcloseFunc = new NativeFunction(fclosePtr, 'int', ['pointer']);

var pathPtr = Memory.allocUtf8String("/proc/self/cmdline");
var openFlagsPtr = Memory.allocUtf8String("r");

var fp = fopenFunc(pathPtr, openFlagsPtr);
if(fp.isNull() === false){
    var buffData = Memory.alloc(128);
    var ret = fgetsFunc(buffData, 128, fp);
    if(ret !== 0){
        processName = Memory.readCString(buffData);
        LogPrint("processName " + processName);
    }
    fcloseFunc(fp);
}
return processName;

}

function arraybuffer2hexstr(buffer)
{
var hexArr = Array.prototype.map.call(
new Uint8Array(buffer),
function (bit) {
return ('00' + bit.toString(16)).slice(-2)
}
);
return hexArr.join(' ');
}

function checkDexMagic(dataAddr){
var magicMatch = true;
var magicFlagHex = [0x64, 0x65, 0x78, 0x0a, 0x30, 0x33, 0x35, 0x00];

for(var i = 0; i < 8; i++){
    if(Memory.readU8(ptr(dataAddr).add(i)) !== magicFlagHex[i]){
        magicMatch = false;
        break;
    }
}

return magicMatch;

}

function checkOdexMagic(dataAddr){
var magicMatch = true;
var magicFlagHex = [0x64, 0x65, 0x79, 0x0a, 0x30, 0x33, 0x36, 0x00];

for(var i = 0; i < 8; i++){
    if(Memory.readU8(ptr(dataAddr).add(i)) !== magicFlagHex[i]){
        magicMatch = false;
        break;
    }
}

return magicMatch;

}

function dumpDex(moduleFuncName, processName){
if(moduleFuncName !== ""){
var hookFunction;
if(getAndroidVersion() > 4){ // android 5 and later version
hookFunction = Module.findExportByName("libart.so", moduleFuncName);
LogPrint("step 1" + hookFunction);
}else{ // android 4
hookFunction = Module.findExportByName("libdvm.so", moduleFuncName); // check libdvm.so first
LogPrint("step 2" + hookFunction);
if(hookFunction == null) {
hookFunction = Module.findExportByName("libart.so", moduleFuncName); //// if not load libdvm.so, check libart.so
LogPrint("step 3" + hookFunction);
}
}
Interceptor.attach(hookFunction,{
onEnter: function(args){
LogPrint("step 4");

            var begin = 0;
            var dexMagicMatch = false;
            var odexMagicMatch = false;
			
			
            dexMagicMatch = checkDexMagic(args[0]);
            if(dexMagicMatch === true){
                begin = args[0];
            }else{
                odexMagicMatch = checkOdexMagic(args[0]);
                if(odexMagicMatch === true){
                    begin = args[0];
                }
            }

            if(begin === 0){
                dexMagicMatch = checkDexMagic(args[1]);
                if(dexMagicMatch === true){
                    begin = args[1];
                }else{
                  odexMagicMatch = checkOdexMagic(args[1]);
                  if(odexMagicMatch === true){
                      begin = args[1];
                  }
                }
            }

            if(dexMagicMatch === true){
                LogPrint("magic : " + Memory.readUtf8String(begin));
                //console.log(hexdump(begin, { offset: 0, header: false, length: 64, ansi: false }));
                var address = parseInt(begin,16) + 0x20;
                var dex_size = Memory.readInt(ptr(address));
                LogPrint("dex_size :" + dex_size);
                var dex_path = "/data/data/" + processName + "/" + dex_size + ".dex";
                var dex_file = new File(dex_path, "wb");
                dex_file.write(Memory.readByteArray(begin, dex_size));
                dex_file.flush();
                dex_file.close();
                LogPrint("dump dex success, saved path: " + dex_path + "\n");
            }else if(odexMagicMatch === true){
                LogPrint("magic : " + Memory.readUtf8String(begin));
                //console.log(hexdump(begin, { offset: 0, header: false, length: 64, ansi: false }));
                var address = parseInt(begin,16) + 0x0C;
                var odex_size = Memory.readInt(ptr(address));
                LogPrint("odex_size :" + odex_size);
                var odex_path = "/data/data/" + processName + "/" + odex_size + ".odex";
                var odex_file = new File(odex_path, "wb");
                odex_file.write(Memory.readByteArray(begin, odex_size));
                odex_file.flush();
                odex_file.close();
                LogPrint("dump odex success, saved path: " + odex_path + "\n");
            }
        },
        onLeave: function(retval){
        }
    });
}else{
    LogPrint("Error: cannot find correct module function.");
}

}

//start dump dex file
var moduleFucntionName = getFunctionName();
var processName = getProcessName();
if(moduleFucntionName !== "" && processName !== ""){
dumpDex(moduleFucntionName, processName);
}

// js code end

[2020-05-17 19:08:55,328] ERROR in app: Exception on / [POST]
Traceback (most recent call last):
File "D:\microsoft\python37\lib\site-packages\flask\app.py", line 2446, in wsgi_app
response = self.full_dispatch_request()
File "D:\microsoft\python37\lib\site-packages\flask\app.py", line 1951, in full_dispatch_request
rv = self.handle_user_exception(e)
File "D:\microsoft\python37\lib\site-packages\flask\app.py", line 1820, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "D:\microsoft\python37\lib\site-packages\flask_compat.py", line 39, in reraise
raise value
File "D:\microsoft\python37\lib\site-packages\flask\app.py", line 1949, in full_dispatch_request
rv = self.dispatch_request()
File "D:\microsoft\python37\lib\site-packages\flask\app.py", line 1935, in dispatch_request
return self.view_functionsrule.endpoint
File "D:/PyhonProject/venv/Projects/fridahook/RMS-Runtime-Mobile-Security/mobilesecurity.py", line 168, in device_management
session = device.attach(config["system_package"])
File "D:\microsoft\python37\lib\site-packages\frida\core.py", line 26, in wrapper
return f(*args, **kwargs)
File "D:\microsoft\python37\lib\site-packages\frida\core.py", line 156, in attach
return Session(self._impl.attach(self._pid_of(target)))
File "D:\microsoft\python37\lib\site-packages\frida\core.py", line 180, in _pid_of
return self.get_process(target).pid
File "D:\microsoft\python37\lib\site-packages\frida\core.py", line 26, in wrapper
return f(*args, **kwargs)
File "D:\microsoft\python37\lib\site-packages\frida\core.py", line 106, in get_process
matching = [process for process in self._impl.enumerate_processes() if fnmatch.fnmatchcase(process.name.lower(), process_name_lc)]
frida.ServerNotRunningError: unable to connect to remote frida-server: closed
127.0.0.1 - - [17/May/2020 19:08:55] "POST / HTTP/1.1" 500 -

When I try to follow your exact steps in spawning the application the iOS Device re-springs. I have added the video explaining the issue. Also if I am able to spawn the application and I click the Load classes button the RMS crashes. Could You please help. I have tried the same on a Mac but it still gives me the same issue. The error on the RMS terminal is shown in the screenshot attached. Objection seems to be working fine.

I am using - iPhone 5s -12.4.8

Describe the bug [Required]
RMS-Runtime-Mobile-Security % npm install -g rms-runtime-mobile-security
npm WARN deprecated [email protected]: 🙌 Thanks for using Babel: we recommend using babel-preset-env now: please read https://babeljs.io/env to update!
npm WARN deprecated [email protected]: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
/usr/local/bin/RMS-Runtime-Mobile-Security -> /usr/local/lib/node_modules/rms-runtime-mobile-security/rms.js
/usr/local/bin/rms -> /usr/local/lib/node_modules/rms-runtime-mobile-security/rms.js

[email protected] install /usr/local/lib/node_modules/rms-runtime-mobile-security/node_modules/frida
prebuild-install || node-gyp rebuild

prebuild-install WARN install No prebuilt binaries found (target=15.3.0 runtime=node arch=x64 libc= platform=darwin)
gyp: binding.gyp not found (cwd: /usr/local/lib/node_modules/rms-runtime-mobile-security/node_modules/frida) while trying to load binding.gyp
gyp ERR! configure error
gyp ERR! stack Error: gyp failed with exit code: 1
gyp ERR! stack at ChildProcess.onCpExit (/usr/local/lib/node_modules/node-gyp/lib/configure.js:351:16)
gyp ERR! stack at ChildProcess.emit (node:events:376:20)
gyp ERR! stack at Process.ChildProcess._handle.onexit (node:internal/child_process:277:12)
gyp ERR! System Darwin 19.6.0
gyp ERR! command "/usr/local/Cellar/node/15.3.0/bin/node" "/usr/local/lib/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /usr/local/lib/node_modules/rms-runtime-mobile-security/node_modules/frida
gyp ERR! node -v v15.3.0
gyp ERR! node-gyp -v v7.1.2
gyp ERR! not ok
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] install: prebuild-install || node-gyp rebuild
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:

See Log -attached

To Reproduce [Required]
Steps to reproduce the behavior:
npm install -g rms-runtime-mobile-security

Expected behavior [Optional]
Installation should work

Desktop (please complete the following information): [Required]

• OS: MAC OS - 10.15.7 (19H2)
• Browser NA

Smartphone (please complete the following information): [Required]
NA

Console Logs [Required]
NA

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Hi,

I am analysing Android Malware named as SimpleLocker which encrypt the files in .enc format.you can get the sample at https://we.tl/t-bc487mbWG9
On Analysing its source code, On calling function b() at org.simplelocker.d, this b can decrypt files.
So, run these code in RMS tool

Java.performNow(function () {
    var classname = "org.simplelocker.d"
    var classmethod = "b";
    var methodsignature = "public final void b()";

    Java.choose(classname, {
        onMatch: function (instance) {
            try 
            {
                var returnValue;
                //public final void b()
                returnValue = instance.b(); //<-- replace v[i] with the value that you want to pass

                //Output
                var s = "";
                s=s+"[Heap_Search]\n"
                s=s + "[*] Heap Search - START\n"

                s=s + "Instance Found: " + instance.toString() + "\n";
                s=s + "Calling method: \n";
                s=s + "   Class: " + classname + "\n"
                s=s + "   Method: " + methodsignature + "\n"
                s=s + "-->Output: " + returnValue + "\n";

                s = s + "[*] Heap Search - END\n"

                send(s);
            } 
            catch (err) 
            {
                var s = "";
                s=s+"[Heap_Search]\n"
                s=s + "[*] Heap Search - START\n"
                s=s + "Instance NOT Found or Exception while calling the method\n";
                s=s + "   Class: " + classname + "\n"
                s=s + "   Method: " + methodsignature + "\n"
                s=s + "-->Exception: " + err + "\n"
                s=s + "[*] Heap Search - END\n"
                send(s)
            }

        }
    });

});

It decrypt the files in device.
But running same code using Frida-CLI by saving it in decrypt.js file and run frida script as

frida -U -l decrypt.js -f org.simplelocker --no-pause

It fails to decrypt.Can any one sugguest why?
Also,when i use below code in Frida-CLI, it does not execute till i make some changes in file dynamically.

Java.perform(function x() {
// console.log("[ * ] Starting Decrypting, please wait...");
 Java.choose("org.simplelocker.d", {
  onMatch: function(instance) {
   console.log("[ * ] Instance found in memory: " + instance);
   // var i=instance.b();
     console.log("[ + ] " + instance.b());
     console.log("[ + ] " + instance.b());
     send(instance.b());
   },
onComplete: function x() {}
 });
});

I want it to excute Automatically on script load.

I know the issue has been brought on a couple of times before here.
But I have no clue on how to proceed here.

My setup:
Galaxy Tab A (Android version 9)
MacOS Big Sur 11.1

Frida-Tools version 12.11.18
Frida-server version 12.11.11
(https://deserrano.com/frida-version.png)

The device is currently connected to my mac through USB.

As shown in this screenshot, I can use frida normally and the server is running on the device.
But I am still however unable to connect with rms.
https://deserrano.com/frida-connected.png

The tool looks awesome and I would love to try it out.

Kr

Installed RMS and can access via http://127.0.0.1:500

iOS device is detected, but when trying to attach or spawn an app I am getting the following error page (unable to attach screenshot)

Internal Server Error : The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

I am trying this on Non-jailbroken iOS device (iPhone 11 Pro Max OS:13.5.1)

Package Name: com.nav.key
Mode: Spawn
Device: Device(id="00008030-0002715E1E88802E", name="iPhone", type='usb')
BETA: False
Frida Startup Script: None
APIs Monitors: None

unable to attach to the specified process
SpringBoard is NOT available on your device or a wrong OS has been selected. For a better RE experience, change it via the Config TAB!
[2020-11-05 01:57:20,004] ERROR in app: Exception on / [POST]
Traceback (most recent call last):
File "/Library/Python/3.8/site-packages/flask/app.py", line 2447, in wsgi_app
response = self.full_dispatch_request()
File "/Library/Python/3.8/site-packages/flask/app.py", line 1952, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/Library/Python/3.8/site-packages/flask/app.py", line 1821, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/Library/Python/3.8/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/Library/Python/3.8/site-packages/flask/app.py", line 1950, in full_dispatch_request
rv = self.dispatch_request()
File "/Library/Python/3.8/site-packages/flask/app.py", line 1936, in dispatch_request
return self.view_functionsrule.endpoint
File "mobilesecurity.py", line 428, in device_management
pid = device.spawn([target_package])
File "/Users/babugan/Library/Python/3.8/lib/python/site-packages/frida/core.py", line 26, in wrapper
return f(*args, **kwargs)
File "/Users/babugan/Library/Python/3.8/lib/python/site-packages/frida/core.py", line 140, in spawn
return self._impl.spawn(program, argv, envp, env, cwd, stdio, aux_options)
frida.NotSupportedError: connection closed

Frida CLI is working fine,

frida -U KeyNav
____
/ _ | Frida 14.0.5 - A world-class dynamic instrumentation toolkit
| (| |
> _ | Commands:
// |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://www.frida.re/docs/home/

[iPhone::KeyNav]->ObjC.available
true
[iPhone::KeyNav]->

May I know what I missing here, how to fix this issue ??

Please add frida script for SHA256withRSA crypto, There is an app encrypting parameters and using cipher text as signature.

Describe the bug:
Incorrect parameters generation for method overloading !

Steps to reproduce:
Custom Logging Implementation: (See methods)

Go to "hook lab", select a Logging class: (highlighted)

Generated:

hookclass.d.overload("java.lang.Class","java.lang.String","java.lang.Object[]").implementation = function (v0,v1,v2)

Desktop:

• Browser: Chrome v83
• Python - Frida Tools version: 12.9.4

Smartphone:

• Frida Server version: 12.9.4

docker-compose up
Creating network "rms-runtime-mobile-security_default" with the default driver
Building rms
Step 1/16 : FROM python:3.7.7-slim
---> 4cbd5021babc
Step 2/16 : RUN mkdir -p /app/
---> Running in 1a038aecaf6e
Removing intermediate container 1a038aecaf6e
---> d9fab1209897
Step 3/16 : WORKDIR /app/
---> Running in 171c4b9d38ee
Removing intermediate container 171c4b9d38ee
---> cef4a4726c4b
Step 4/16 : COPY static/ ./static/
---> 58979a040242
Step 5/16 : COPY custom_scripts/ ./custom_scripts/
---> 899c2b4e7df1
Step 6/16 : COPY templates/ ./templates/
---> b65b84635cd4
Step 7/16 : COPY config.json default.js mobilesecurity.py requirements.txt ./
ERROR: Service 'rms' failed to build: COPY failed: stat /var/lib/docker/tmp/docker-builder243707710/default.js: no such file or directory

The current GIF in readme shows the custom frida output in the terminal where the flask server's output is also present.

On checking out the feature, I found that the output of custom script is also showed in the "Console Output" tab.

It would be great it the "Console Output" tab is showed after submitting the custom payload.

Is your feature request related to a problem? Please describe.
No ability to clear output console

Describe the solution you'd like
A button to clear the 3 output consoles on the consoles tab

Describe alternatives you've considered
Current workaround is to disconnect and reconnect RMS to the device

By simply adding gevent and gevent-websocket (as described in this PR #16) the UI does not freeze anymore during socketIO but, at least on my mac, all the socket.emit calls have a delay of about 10 seconds.

With eventlet, SocketIO is not working.

Help is really appreciated, since I'm not familiar with these libraries 😉

1)When i'll try to capture the some classes
If output is string, then no problem.
If output is array then output like this [object, object].

2. Many of (like com.somepackage.class) classes are not loading for some apps. That time it's difficulty to capture or trace the data.

Describe the bug [Required]
Frida is running on device, frida-ps -U work and i am getting all already running apps but when i use RMS to connect with device i got an error

Desktop (please complete the following information): [Required]

• OS: Windows 10 x64
• Browser Brave

Smartphone (please complete the following information): [Required]

• Device: MEmu
• OS: Android 7.1
• Frida Server version: latest

Console Logs [Required]
If applicable, add console logs.

Hi,

I am using a rooted device, so I rooted the device by patching the the boot image with magisk then flashed the patched boot image. I am using fridaloader app and I can confirm that fridaserver is running perfectly fine. But still RMS can't connect to the device, tried using both USB and wifi adb but nothing works, kindly assist. I have restarted both devices and also frida-server multiple times and also changed system package but nothing works, below are images and screenshots.

1. Confirming frida server is working
   

2. ADB working
   

3. Chrome
   

4. Mozilla
   

Kindly assist, don't know what else to do.

The correct function is
device_manager.addRemoteDevice

Also, the correct function argument is
config.device_args.host

So the whole line should be
device = await device_manager.addRemoteDevice(config.device_args.host)

Regards

Having issues in installation of tool via npm command
Can't install the tool via npm after installing all the prerequisites (frida and node/npm).
I have tried with sudo command as well but it doesn't install. I have shared the error message below.

To Reproduce
Steps to reproduce the behavior:

1. sudo npm install -g rms-runtime-mobile-security
2. See error

Desktop (please complete the following information):

• OS: Ubuntu 20.04.1 LTS
• Node: v14.15.2
• Frida: 14.1.3

Console Logs

npm WARN deprecated [email protected]: 🙌  Thanks for using Babel: we recommend using babel-preset-env now: please read https://babeljs.io/env to update!
npm WARN deprecated [email protected]: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
/usr/bin/RMS-Runtime-Mobile-Security -> /usr/lib/node_modules/rms-runtime-mobile-security/rms.js
/usr/bin/rms -> /usr/lib/node_modules/rms-runtime-mobile-security/rms.js

> [email protected] install /usr/lib/node_modules/rms-runtime-mobile-security/node_modules/frida
> prebuild-install || node-gyp rebuild

prebuild-install WARN install EACCES: permission denied, access '/root/.npm'
gyp WARN EACCES current user ("nobody") does not have permission to access the dev dir "/root/.cache/node-gyp/14.15.2"
gyp WARN EACCES attempting to reinstall using temporary dev dir "/usr/lib/node_modules/rms-runtime-mobile-security/node_modules/frida/.node-gyp"
gyp WARN install got an error, rolling back install
gyp WARN install got an error, rolling back install
gyp ERR! configure error 
gyp ERR! stack Error: EACCES: permission denied, mkdir '/usr/lib/node_modules/rms-runtime-mobile-security/node_modules/frida/.node-gyp'
gyp ERR! System Linux 5.4.0-58-generic
gyp ERR! command "/usr/bin/node" "/usr/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /usr/lib/node_modules/rms-runtime-mobile-security/node_modules/frida
gyp ERR! node -v v14.15.2
gyp ERR! node-gyp -v v5.1.0
gyp ERR! not ok 
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@~2.1.2 (node_modules/rms-runtime-mobile-security/node_modules/chokidar/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] install: `prebuild-install || node-gyp rebuild`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the [email protected] install script.

Android device detection doe's not happence properly.

Devices using:
Computer System OS: Windows 10 Home
Android device: Realme X2 [Android 10]

Frida server is properly running in targeted device.

Issue
Frida server is properly running in targeted android device (By self verified), and also device is connected computer with usb connection.
The requirements are satisfied. but still the runtime mobile security RMS is failing to get the device port(or device detection ).

I am using another dynamic analysis tool called house
Link: https://github.com/nccgroup/house. it works well and good.
Please look out this tool source code for more details.

Note: Both Screenshots are taken at same time, both tools are running same time with different port [ RMS:Port=5000, House:Port=9000 ]

RMS Web API Screenshot: https://codex-scripts.xyz/RMS_web_api.png
House Web API Screenshot: https://codex-scripts.xyz/House_web_api.png

Some times device connects properly, but the connecting chances are very less. I need to reboot the computer and mobile upto 4 to 6 times to get connected with RMS.

I am done some steps to avoid the issue. but still issue not resolved

1. Rebooting computer and also mobile
2. Restarting RMS
3. Restarting frida server in android

i am very happy with this tool. but the only thing is connection problem.

Please look out this issue

This is small code snippet from my side( I learner, don't know more about js ).
So please add it in upcoming version release of RMS ( I am personally tested, it working well )

Q ) What it does ?
Ans: API Output will be gives in the form of string or bytes, based on ascii value compare it gives output

Bytes2String
function bin2String(array){ var result = ""; for(var i = 0; i < array.length; ++i){ result+= (String.fromCharCode(array[i])); } return result; }

Ascii check from string
function isAsciiOnly(str) { for (var i = 0; i < str.length; i++) if (str.charCodeAt(i) > 127) return false; return true; }

Giving output based on ascii value (string or bytes)
function printType(str){ var check = bin2String(str); if(isAsciiOnly(check) == true){ return bin2String(str); } else { return str; } }

API Monitor (Now output print type decides based on ascii value compare from string, if ascii is false then output in bytes, otherwise it's in string )
if (callback) { var calledFrom = Exception.$new().getStackTrace().toString().split(',')[1]; var to_print = { category: category, class: clazz, method: method, args: args ? printType(args[0]) : "N/A", returnValue: retval ? printType(retval) : "N/A", calledFrom: calledFrom }; retval = callback(retval, to_print); }

Thank you for making a great tool called rms.
This tool is really cool.

I sent an e-mail because I had a question about RMS.
This email has been translated with Google Translate and there may be some misinterpretation.
I tried testing with lineage os (android 10) and it couldn't connect to the device.
The PC emulator has already confirmed that it is connected. (Nox App player android5)
So, can you know exactly what device it supports?

And, I have a suggestion.

I am working on security verification related to games.
Is it possible to support a script that hooks libil2cpp.so of unity game to rms?

I know it won't be easy.
It has already been implemented in linEngine, which is serviced in Korea, but there are few devices supported.

LinEngine URL: http://linforum.kr/bbs/board.php?bo_table=linEngines

Have a good weekend.
If you give me an answer, I think it will be very helpful.

I am trying to bypass Frida Script running in Memory and Frida Server Detection by using AntiFrida App. Anti Frida App has two detections as CHECk FRIDA SERVER and CHECK FRIDA IN MEMORY.

I am able to bypass it using Frida CLI but not by Using RMS tool.
Using RMS,When Frida Server and is Spawn to Device, its shows both in RED as shown below:

Using RMS,When Frida Server and Spawn by adding Script to it (Adding Script in Custom-Scripts Folder and Spawing),It shows only GREEN in check in memory as shown below:

It cannot bypass Frida Server, I am not able to find the issue because using same script in Frida CLI it bypass both Dection in Memory and server(shows GREEN).

Script is

setTimeout(function(){
	Java.perform(function (){
	console.log("[*] Script loaded")   var MainActivity = Java.use("org.owasp.mstg.antifrida.MainActivity")

		MainActivity.checkMemory.overload().implementation = function() {
			console.log("[*] bypass frida mrmory function invoked")
			return false
		}

		var MainActivity = Java.use("org.owasp.mstg.antifrida.MainActivity")

		MainActivity.setFridaServerTextView.overload().implementation = function() {
			console.log("[*] bypass frida server function invoked")
			return false
		}

	

	});      });

Decrypted Java File of Anti Frida MainActivity is. here:https://pastebin.com/NdwfvzjK

Is there any issue in Applying this script or in script(using same script in FRIDA CLI it bypasses both DETECTIONs)
Please help to resolve this issue

If we get hashmap hook template or script, it would be great :)

Please also look out this one.
This one supports http or https data capturing and other some things also
https://github.com/Ch0pin/medusa

I connected to Non Jailbroken device using Frida gadget. I am able to list process/application running in iOS device using frida-ps -U

When I try with 'Spawn' getting 500 Internal Server Error page. But it works fine with 'Attach'. Why ??

Also when i click on Static Analysis again getting 500 Internal Server Error page

Please help on this to fix.

When I ran ./rms.js I obtained "Error: Cannot find module 'frida'"
If I try to install frida with "npm install frida" I obtained this error: "npm ERR! gyp: binding.gyp not found "
In my opinion the problem is the version of python called. it could be? Since I have several versions of python installed how do I get RMS to point to the correct version?
Thank you !!

Load Classes and Methods 🎯... and then HOOK everything ⚓️
Load Classes

then:
Request URL: http://127.0.0.1:5000/dump?choice=1
Request Method: GET
Status Code: 500 INTERNAL SERVER ERROR
Remote Address: 127.0.0.1:5000

error 500

Env:
frida 12.11.7
iOS 12

WebServer get bundleID not process name, then ...

Thanks for awesome and great RMS. During testing small crack me it load all classes but testing on real app, it does not load all classes.

For example after static analysis of apk, I found classes to be monitor is in com.myapp.recroder.register but it load 645 classes but rms does not load this specific class and others important one . Filter does not work as it only filter loaded classes. I tried class differences but did not find class. Loading default script is related to script load. I did not figure out how to restrict loading to only specific main class like .com... instead of loading all others like android, com.crashlytics.androidm androidx, kotlin etc..

Is your feature request related to a problem? Please describe.
I had planned to use this project to help with an assessment, however, the "load classes" failed to load the apps classes, after looking into the app it's due to the classes being "dex classes"

Describe the solution you'd like
Have the "load classes" button load classes AND dex classes

Describe alternatives you've considered
In this instance, I went to ncc's house along with custom Frida scripts

Describe the bug [Required]
Installed RMS and can access via localhost:5000. iOS device is detected, but when trying to attach or spawn an app I am getting the following error.

To Reproduce [Required]
Steps to reproduce the behavior:

1. Open RMS, select iOS and any package name, spawn|attach and Start RMS.
2. See error

Package Name: com.apple.podcasts
Mode: Spawn
Device: Device(id="00008020-000118563411802E", name="iPad 4", type='usb')
BETA: False
Frida Startup Script: None
APIs Monitors: None


incompatible Mach-O image
SpringBoard is NOT available on your device or a wrong OS has been selected. For a better RE experience, change it via the Config TAB!
[2020-08-23 13:48:25,614] ERROR in app: Exception on / [POST]
Traceback (most recent call last):
  File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/app.py", line 2446, in wsgi_app
    response = self.full_dispatch_request()
  File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/app.py", line 1951, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/app.py", line 1820, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request
    rv = self.dispatch_request()
  File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "mobilesecurity.py", line 424, in device_management
    pid = device.spawn([target_package])
  File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/frida/core.py", line 26, in wrapper
    return f(*args, **kwargs)
  File "/Users/sven/opt/anaconda3/lib/python3.7/site-packages/frida/core.py", line 140, in spawn
    return self._impl.spawn(program, argv, envp, env, cwd, stdio, aux_options)
frida.NotSupportedError: incompatible Mach-O image

Desktop (please complete the following information): [Required]

• OS: macOS 10.15.5
• Browser Chrome (latest)

Smartphone (please complete the following information): [Required]

• Device: [e.g. Genymotion, AVD, Google Pixel 3]
• OS: [e.g. iOS8.1]
• Frida Server version: [e.g. 12.8.20]
• Package Name: [e.g. com.example.app]
• Class name: [e.g. sg.vantagepoint.a.c] (optional)
• Method name: [e.g. public static boolean c()] (optional)

I tried with a jailbroken iPad 4 (iOS 13.5) and an iPhone 6S (12.4). Both have latest version of Frida installed via Cydia (12.11.10) and are jailbroken with unc0ver.

Console Logs [Required]
See above

I already have an account on Pypi but the project needs to be reorganized.
Help is really appreciated!
I would like to call the project RMS-Runtime-Mobile-Security and run it via the same keyword or, if it is not possible, via something like rms.

import setuptools

with open("README.md", "r") as fh:
    long_description = fh.read()

setuptools.setup(
    name="RMS-Runtime-Mobile-Security", 
    version="1.3.2",
    author="@mobilesecurity_",
    author_email="[email protected]",
    description="Runtime Mobile Security (RMS) is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime",
    long_description=long_description,
    long_description_content_type="text/markdown",
    url="https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security",
    packages=setuptools.find_packages(),
    include_package_data=True,
    keywords = [
        "MobileSecurity", 
        "AndroidSecurity", 
        "frida", 
        "Reverse-Engineering"
        ],
    classifiers=[
        "Programming Language :: Python :: 3",
        "Operating System :: OS Independent",
        "Framework :: Flask",
        "License :: OSI Approved :: GNU General Public License v3 (GPLv3)",
        "Topic :: Security"
    ],
    python_requires='>=3.6',
)

python3 ./mobilesecurity.py
Traceback (most recent call last):
File "./mobilesecurity.py", line 6, in
from flask_socketio import SocketIO
ModuleNotFoundError: No module named 'flask_socketio'

flask_socketio requirement is already fulfilled still getting this error

Having issues when installing via npm
It seems like a problem when installing frida.
I've tried Development mode but returned the same result.
I've googled it and tried with -no-strict-ssl --unsafe parameters but it's useless.
Now I have no idea, could anyone help?

To Reproduce

npm install -g rms-runtime-mobile-security

See errors below

Desktop (please complete the following information):

OS: Ubuntu 16.04.7 LTS
Node: v14.16.0
Console Logs

$ npm install -g rms-runtime-mobile-security
npm WARN deprecated [email protected]: 🙌  Thanks for using Babel: we recommend using babel-preset-env now: please read https://babeljs.io/env to update!
npm WARN deprecated [email protected]: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
/.../node-v14.16.0-linux-x64/bin/RMS-Runtime-Mobile-Security -> /.../node-v14.16.0-linux-x64/lib/node_modules/rms-runtime-mobile-security/rms.js
/.../node-v14.16.0-linux-x64/bin/rms -> /.../node-v14.16.0-linux-x64/lib/node_modules/rms-runtime-mobile-security/rms.js

> [email protected] install /.../node-v14.16.0-linux-x64/lib/node_modules/rms-runtime-mobile-security/node_modules/frida
> prebuild-install || node-gyp rebuild

prebuild-install WARN install unable to verify the first certificate
gyp WARN install got an error, rolling back install
gyp ERR! configure error 
gyp ERR! stack Error: unable to verify the first certificate
gyp ERR! stack     at TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)
gyp ERR! stack     at TLSSocket.emit (events.js:315:20)
gyp ERR! stack     at TLSSocket._finishInit (_tls_wrap.js:932:8)
gyp ERR! stack     at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)
gyp ERR! System Linux 4.15.0-132-generic
gyp ERR! command "/.../node-v14.16.0-linux-x64/bin/node" "/.../node-v14.16.0-linux-x64/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /.../node-v14.16.0-linux-x64/lib/node_modules/rms-runtime-mobile-security/node_modules/frida
gyp ERR! node -v v14.16.0
gyp ERR! node-gyp -v v5.1.0
gyp ERR! not ok 
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@~2.3.1 (node_modules/rms-runtime-mobile-security/node_modules/chokidar/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] install: `prebuild-install || node-gyp rebuild`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the [email protected] install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

For example, I put three custom frida function in one script on start
1st run function rootdevicebypass, 2nd run function bypass okhttp3 and the last one sslbypasswithca.
RMS run only one function and not continuing to the next function.

Tested the script with 3 function directly in FRIDA and its working fine.

RMS can't load all the classes on an android, is there a limitation of classes loaded, see screenshots of JADX class and RMS loaded class.
https://i.imgur.com/AjBEqPh.png

or maybe I miss something.

is there any way to do the installation without npm?
the version with pip3 where can I find it?
I would very much like to be able to try this incredible tool
what is the recommended version of node js and npm? Please help

Problem
Hook all classes that start with: f0.

127.0.0.1 - - [16/May/2020 00:31:29] "GET /dump?filter=f0.&choice=1 HTTP/1.1" 200 -
[2020-05-16 00:31:31,069] ERROR in app: Exception on /dump [GET]
Traceback (most recent call last):
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 2447, in wsgi_app
    response = self.full_dispatch_request()
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 1952, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 1821, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 1950, in full_dispatch_request
    rv = self.dispatch_request()
  File "/Users/user/.virtualenvs/RMS-Runtime-Mobile-Security/lib/python3.8/site-packages/flask/app.py", line 1936, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "mobilesecurity.py", line 288, in home
    return printwebpage()
  File "mobilesecurity.py", line 619, in printwebpage
    loaded_classes_str=printClassesMethods(),
  File "mobilesecurity.py", line 634, in printClassesMethods
    for index, method_name in enumerate(loaded_methods[class_name]):
KeyError: 'f0.p0.k.d$b'

Solution you'd like
Ability to specify the methods to ignore
eg: f0.,okhttp3.,--f0.p0.k.

frida-fs is the best solution but I need an help with the implementation.
I would like to auto compile (via frida-compile) the default.js just after the pip3 install -r requirements.txt command.