Menu
In Android is dev/binder also for layers communication responsible. Is it possible to listen to messages? I know that they must be decoded than, but how can I get this messages. For example if an app send a message to became an Geolocation. I have also root on my android device.
470
Binder is an Android-specific interprocess communication mechanism, and remote method invocation system. That is, one Android process can call a routine in another Android process, using binder to indentify the method to invoke and pass the arguments between processes.
Since applications and system services run in different processes, the Binder IPC provides a mechanism for this purpose. The Binder IPC proxies are the channel by which the application framework can access system services in different process spaces.
Binderfs is a pseudo-filesystem for the Android Binder IPC driver which can be mounted per-ipc namespace allowing to run multiple instances of Android. Each binderfs mount initially only contains a binder-control device. It can be used to dynamically allocate new binder IPC devices via ioctls.
The Binder kernel driver maintains a mapping of local addresses to remote Binder handles (and vice versa) for each Binder it sees, and assigns each Binder 's object reference its appropriate value to ensure that equality will behave as expected even in remote processes.
Why, time and time again, do wrong answers get approved as right?
Jtrace - not to be confused with bin dump - requires no modification of Android what-so-ever. And it can snoop binder messages - with the restriction that you have to be jtrace'ing one of the end points.
Bindump uses debugfs, but that only shows endpoints. @Adrian - I'm afraid you got the wrong conclusion.
Jtrace traps sys calls going in and out - and then resolves the binder messages by inspecting process memory (using ptrace(2)). If you have ptrace(2) in your kernel (which you do, because debugserver foolishly needs it) and you are root, you can snoop messages. Again - you have to be on an endpoint.
And @Luminger - while on he subject - just because one can't find info, doesn't mean there isn't info. There's plenty of information on Binder on NewAndroidBook.com - besides the book, look at the Binder presentation link.
163
@Adrian, some good work w.r.t the problem has been done by other developer/researchers, so you could make use of their results.
First of all, I'd recommend to look at the great work of Jonathan Levin (a.k.a Technologeeks), namely his book on the Android internals that recently became free and could be accessed at the book's companion website: newandroidbook.com. From there you'll get links, description and usage examples to
that is a simple derivative of the
servicecommand, which obtains a handle to the system service of choice, and then inspects its own entry in the/sys/kernel/debug/binder/procdirectory. Because all the binder debug data is world readable, you can run this tool on unrooted devices as well.
strace, whose one of the advantages over strace is
binder message parsing (auto detected).
Another great work, done by Opersys (with Karim Yaghmour), that is definitely worth noting and looking at is
This tool works as an app, or along with HTML GUI, to show a graphical view of connections in real time.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
