RMAC is a powerful spyware for Windows and a platform for its orchestration
This software is built for educational purposes only and was tested on virtual machines, you may use this software at your own risk. The developers assume no liability and are not responsible for any misuse or damage caused by this software.
- An active MEGA account
- Download the latest release containing
auto-installer.exe
- Create a file named
config.rmac
on the target host that you want to monitor, this file contains configurations such as RMAC API Server URL, Bridging Server URL, MEGA account credentials and other host-specific settings. (see all available config options to know what is the minimum configuration required). - Execute
auto-installer.exe
on the target host. - Select the config file when prompted.
- The RMAC Host-Client will be installed, configured and started automatically.
Note: Please do not use the publicly available RMAC API Server (https://rmac.saurabhagat.me) and Bridging server (https://console.rmac.saurabhagat.me), configuring these public server URLs in
config.rmac
will expose your target host to the public domain, and likely your configured MEGA account credentials, please consider hosting your own RMAC API and Bridging servers.
Caution: Communications between the Host-Client and Servers are not secure, and there are no security mechanisms in place for authentication, this will likely be fixed in future releases.
In order to manually setup the RMAC Host-Client, the runtime required for it to be functional needs to be present on the target host first.
- Download the latest release containing
RMACClient.jar
andRMACUpdater.jar
- Setup the runtime on the target host, the runtime is a folder including
config.rmac
, Java Runtime Environment, FFmpeg, MEGAcmd, NirCmd and SVCL, to know how this runtime folder looks like, refer to the Runtime v1 packaged withinauto-installer.exe
- Execute RMACClient.jar on the target host, for e.g.
start /B "" "path-to-runtime\jre\bin\java" -jar "path\to\RMACClient.jar" "path-to-runtime"
The RMACClient.jar executable takes a single argument, the path to the runtime folder.
While manually setting up RMAC Host-Client, please verify the versions used for underlying tools here
There are multiple ways to uninstall RMAC Host-Client from the target host depending on whether it is online or offline:
If the RMAC Host-Client that you want to remove is online, there are two possible ways:
- Goto RMAC Console and issue a 'compromised' command for the specific host, the RMAC Host-Client will completely remove itself.
- Make an API call to RMAC API Server's
/command
endpoint with the 'compromised' command (This api server should be the same one that was configured with the host-client in itsconfig.rmac
).
If the RMAC Host-Client is offline, the only way to remove it, is to manually execute the script compromised.bat
under the scripts
folder of RMAC Runtime path.
Component | Platform / Technology | Versions |
---|---|---|
Host-Client | Windows x64 | 7, 8, 10, 11 |
API Server | Firebase Cloud Functions | 3.x |
Bridge Server | Node.js | 14.x, 16.x |
Console | Any Browser supporting Vue 3 |
The RMAC ecosystem is a collection of four components:
- Host-Client - The actual spyware client running on the target host.
- API Server - The server hosting the RMAC api that interacts with the registered hosts database.
- Bridge Server - The server acting as a bridge for communications between the Host-Clients and Consoles.
- Console - An opened RMAC Console dashboard being used by an end-user.
The Host-Client is a Java application that only interacts with the API and Bridge servers.
The Bridge Server is a nodejs server that enables a two-way socket communication between the Host-Clients and the end-user Consoles, this server also serves the RMAC Console webapp.
The API Server handles Host-Client registrations, queuing control commands and serving update check requests.
The API and Bridging servers are the only systems that can connect to the hosts database directly.
The end-user can manage hosts remotely in a user-friendly way using the RMAC Console by changing properties and configuration of Host-Clients and running interactive powershell command-line (non-admin)
MIT Licensed
Copyright © 2022-present | Saurabh Bhagat