English | 简体中文
Mira is built in the open as a long-term project for turning real runtime cases into reusable detection knowledge, analysis workflows, and cross-platform tooling.
- Mira grows with real runtime work, not just planned features.
- Each field case can become a new workflow, tool capability, or detection note.
- The project is designed to accumulate practical mobile runtime knowledge over time.
- Following Mira means following how that knowledge turns into working tooling.
- [260520] Article: Detecting root, emulators, and scrcpy-like projection through the audit logcat side channel
- [260520] Case: Android high-PID shell proc audit side-channel hints at scrcpy projection
- [260520] Case: Android emulator proc audit side-channel exposes qemu SELinux context
- [260519] Case: Android proc audit side-channel detects Magisk SELinux context
- 🧩 Real app sandbox access: Drop directly into the true permission sandbox of target apps with one consistent Android and iOS workflow.
- 🤖 Built for AI operators: Let AI inspect, navigate, and reason inside the live app runtime like a hands-on analyst.
- ⚡ Live runtime execution: Run Java, Native, and Frida-driven logic on demand to verify signals instead of guessing from static traces.
- 🚀 Fast to first result: Start Relay, install the app, and get to shell, screen, and runtime evidence in minutes.
- ♾️ Compounding detection intelligence: Turn one real finding into reusable detection patterns and repeatable hardening wins.
- Relay:
PYTHONPATH=. python3 -m mira.relay.server --host 0.0.0.0 --port 8765 --advertise-url http://<your-lan-ip>:8765 - Browser: Open
http://127.0.0.1:8765on your desktop. - Android: Download the APK from Releases, install it, then enter
http://<your-lan-ip>:8765in the app. - iOS: Verified on a real device running iOS 16.7.10. See
docs/GETTING-STARTED.md. - AI:
PYTHONPATH=. python3 -m mira.mcp.server --relay http://127.0.0.1:8765. MCP config:docs/MCP.md.
Mira welcomes issues and pull requests from mobile security researchers, reverse engineers, Frida users, MCP users, and device testers.
- Read
CONTRIBUTING.mdbefore opening a focused pull request. - Use the issue templates for bugs, security hardening, detection ideas, and device compatibility reports.
- For security reports, read
SECURITY.mdfirst. - Scanner-generated hardening PRs are welcome when they include repository-specific reachability reasoning and verification.
Good starting points include native memory-safety review, Android and iOS device testing, Frida workflow examples, MCP client setup notes, and new reusable detection cases.
| Android Remote Frida | iOS Remote Frida |
|---|---|
Remote shell, runtime inspection, and live Frida execution on Android.
|
Equivalent PTY and Frida workflow adapted to the iOS iSH compatibility layer.
|
| Android LSPosed Trace | iOS Jailbreak Trace |
Construct a Frida path around the app classloader and surface LSPosed traces from runtime state.
|
Ask Claude to roam the live terminal and surface jailbreak-related traces in the device environment.
|
With Relay, you can temporarily expose an authorized session beyond the local network for cloud devices, expert review handoff, and fast evidence sharing.
- Mira observes and interacts with the Mira host app sandbox.
- Mira does not control unrelated third-party apps.
- Mira does not provide system-wide remote control.
- Mira does not provide root or jailbreak bypass capabilities.
- Mira is not a production SDK or a silent background control channel.
docs/README.md: English documentation hub.docs/GETTING-STARTED.md: full setup, build, device connect, MCP, and CLI.docs/REMOTE-RELAY.md: public and LAN Relay startup flows.docs/MCP.md: Codex and Claude MCP integration.docs/IOS-APP.md: iOS app architecture and device notes.docs/NATIVE-ARCHITECTURE.md: shared PTY native architecture.docs/TOOLBOX.md: Android toolbox packaging and runtime release flow.docs/REPO-ARCHITECTURE.md: repository layering and entry-point layout.docs/THIRD-PARTY-NOTICES.md: third-party notices.
- lamda: inspiration for the web workbench interaction model.
- Termux: Android terminal UX and extensible shell ecosystem.
- iSH: iOS-side Linux shell compatibility and syscall translation path.
GPL-3.0-only.