Geek Answers Handbook

How to listen to dev / binder?

Android has dev/binder also for responsible posts. Can I listen to messages? I know that they should be decoded, but how can I get this message. For example, if an application sends a message, it will become Geolocation. I also have root on my Android device.

+8
android android-source binder
source share
5 answers

Short: No, it should not be possible even with root.

There is not much information about Binder in Binder, but there are some, especially about security. Refer to this or paragraph 3.8 here . You can also read the kernel driver source and openbinder source.

+5
source share

You can decode most of the binder transactions that go through using this version of strace: https://github.com/adetaylor/strace-android/tree/android

It has enhancements for decoding ioctl calls, which are a way to handle requests to the Binder kernel driver. Make sure you use the android branch or you won’t get the benefits of these changes.

You can build this using the standalone NDK toolchain. See docs/STANDALONE-TOOLCHAIN.html in the Android NDK documentation.

+3
source share

If you want to install a custom kernel, the middleware driver code ( drivers/staging/android/binder.c ) has pretty good debugging features, including conditional messages and functions that can print binding transactions, etc.

In particular, you will receive various debug messages in the kernel log by setting binder_debug_mask using the appropriate combination of the following counters:

 BINDER_DEBUG_USER_ERROR BINDER_DEBUG_FAILED_TRANSACTION BINDER_DEBUG_DEAD_TRANSACTION BINDER_DEBUG_OPEN_CLOSE BINDER_DEBUG_DEAD_BINDER BINDER_DEBUG_DEATH_NOTIFICATION BINDER_DEBUG_READ_WRITE BINDER_DEBUG_USER_REFS BINDER_DEBUG_THREADS BINDER_DEBUG_TRANSACTION BINDER_DEBUG_TRANSACTION_COMPLETE BINDER_DEBUG_FREE_BUFFER BINDER_DEBUG_INTERNAL_REFS BINDER_DEBUG_BUFFER_ALLOC BINDER_DEBUG_PRIORITY_CAP BINDER_DEBUG_BUFFER_ALLOC_ASYNC

You can also sprinkle with several print_binder_* functions that are included in binder.c in strategic places of the whole code. For example, print_binder_buffer() or print_binder_transaction() . You probably want to make these conditional conditions based on a specific uid or pid, because otherwise there will be many things flying in the log.

+2
source share

Why, over and over, do wrong answers say the right thing?

Jtrace - not to be confused with bin dump - does not require modification of Android, something never. And he can track the messages of the binder - with the restriction that you should be one of the final points.

Bindump uses debugfs, but it only shows the endpoints. @Adrian - I'm afraid you were wrong.

Jtrace interrupts sys calls, incoming and outgoing, and then resolves connecting messages by checking the process memory (using ptrace (2)). If you have ptrace (2) in your kernel (which you do because debugserver is stupid in need of it) and you are root, you can track messages. Again - you have to be at the end point.

And @Luminger - while he's on the subject - just because he cannot find information, this does not mean that there is no information. There's a lot of information about Binder on NewAndroidBook.com - besides the book, see the Binder presentation link.

+2
source share

@Adrian, some good wrt work, the problem was made by other developers / researchers so you can use their results.

First of all, I would recommend looking at the wonderful work of Jonathan Levin (aka Technologeeks ), namely his book on Android internals, which recently became free and could be available on the companion book website: newandroidbook.com . From there you will receive links, descriptions and examples of use

  • bindump

    which is a simple derivative of the service command, which receives the handle to the selected system service and then checks its own entry in the /sys/kernel/debug/binder/proc . Since all the debugging data of the binder is readable worldwide, you can also run this tool on non-rotating devices.

  • jtrace , an extended version of strace , one of the advantages of which over strace is

    parsing message (automatically detected).

Another great piece of work done by Opersys (with Karim Yagmoor) is definitely worth noting and looking at

  • Binder explorer

    This tool works as an application or in conjunction with an HTML graphical interface to display a graphical representation of connections in real time.

+1
source share

More articles:


All Articles