1. Home
  2. dvdface
  3. trace android binder call from binderproxy

trace android binder call from binderproxy

by
4 views 7d740dc3...

Description

add trace for binder call from binderproxy, use this feature to figure out which binder interface it calls

How to Use

Download the script and run it with Frida CLI:

Download Script

Then run with Frida:

frida -U -f YOUR_PACKAGE_NAME -l trace-android-binder-call-from-binderproxy.js

Replace YOUR_PACKAGE_NAME with the target app's package name.

Source Code

JavaScript 
// used to show which binder call did callers made instead of just showing binder transaction/reply in perfetto trace
Java.perform(() => {

    // used to add trace
    const Trace = Java.use('android.os.Trace');
    // used to get callstack
    const Thread = Java.use('java.lang.Thread');
    // used to hook binder call from binder proxy
    const BinderProxy = Java.use('android.os.BinderProxy');
    // hook transact of BinderProxy
    BinderProxy.transact.implementation = function(...args) {

        // get callstacks
        const stacktrace = Thread.currentThread().getStackTrace();
        // the binder call is in the 4th line
        const callingStack = stacktrace[3];
        // begin trace
        Trace.beginSection(callingStack.toString());
        // call
        var result = this.transact(...args);
        // end trace
        Trace.endSection();
        // return
        return result;

    };
})
Share this script:
Twitter LinkedIn

Comments

Login or Sign up to leave a comment.
Loading comments...