foundryzero / binder-trace Goto Github PK
View Code? Open in Web Editor NEWBinder Trace is a tool for intercepting and parsing Android Binder messages. Think of it as "Wireshark for Binder".
License: MIT License
Binder Trace is a tool for intercepting and parsing Android Binder messages. Think of it as "Wireshark for Binder".
License: MIT License
I want to trace hal service which use hwbinder, can it be supported?
When you try to select a direction from the types field it uses enter to select it and therefore, enter will not work to close the dialog anymore.
Eg a string
Doing a simple test with the Messages app in an Android 13 emulator gives android.content.IContentProvider
messages (eg update
) which are shown in blue - indicating they parsed correctly - and with content visible in the hex dump, but with only the basic header information shown in the details pane.
The install instructions should really be pip install binder_trace and launch with binder_trace.
Can this tool directly find the corresponding Servervice Provider?
If there is an error parsing a structure (normally due to a bug in the code) it is not shown or logged anywhere. At a minimum we should get it logged to a file so people can report bugs easily. Ideally there should also be a way of showing the error. This could be by including it in the structure window or probably more easily have a key that opens a popup panel with the error details.
Is there anyway we can run this on mac ?
Hello, I ran the following command
binder-trace -n Zoom -d emulator-5554 -a 10
and my screen went unresponsive:
log:
2023-11-07 10:53:56,458: INFO Starting injector
2023-11-07 10:53:56,458: INFO Injector started
2023-11-07 10:53:56,465: INFO Injector waiting for stop event
2023-11-07 10:54:00,309: DEBUG Field(name=Token Descriptor, type=string, position=Pos(start=8, end=80), content=[
Field(name=Length, type=uint32, position=Pos(start=8, end=12), content=32)
Field(name=Value, type=utf_16_le, position=Pos(start=12, end=78), content=android.app.IActivityTaskManager)])
2023-11-07 10:54:00,310: DEBUG Field(name=Token Descriptor, type=string, position=Pos(start=8, end=80), content=[
Field(name=Length, type=uint32, position=Pos(start=8, end=12), content=32)
Field(name=Value, type=utf_16_le, position=Pos(start=12, end=78), content=android.app.IActivityTaskManager)])
2023-11-07 10:54:00,312: ERROR Error occurred in UI: 'key' is an invalid keyword argument for insort_left()
2023-11-07 10:54:00,313: ERROR Traceback (most recent call last):
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/__main__.py", line 86, in main
binder_trace.tui.interface.start_ui(injector.block_queue, injector.pause_unpause, config, args.config)
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/tui/interface.py", line 431, in start_ui
ui.run()
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/tui/interface.py", line 315, in run
app.run()
File "/opt/homebrew/lib/python3.9/site-packages/prompt_toolkit/application/application.py", line 967, in run
return loop.run_until_complete(coro)
File "/opt/homebrew/Cellar/[email protected]/3.9.18/Frameworks/Python.framework/Versions/3.9/lib/python3.9/asyncio/base_events.py", line 634, in run_until_complete
self.run_forever()
File "/opt/homebrew/Cellar/[email protected]/3.9.18/Frameworks/Python.framework/Versions/3.9/lib/python3.9/asyncio/base_events.py", line 601, in run_forever
self._run_once()
File "/opt/homebrew/Cellar/[email protected]/3.9.18/Frameworks/Python.framework/Versions/3.9/lib/python3.9/asyncio/base_events.py", line 1869, in _run_once
event_list = self._selector.select(timeout)
File "/opt/homebrew/lib/python3.9/site-packages/prompt_toolkit/eventloop/inputhook.py", line 129, in select
self.inputhook(InputHookContext(self._r, input_is_ready))
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/tui/interface.py", line 424, in inputhook
if ui.process_data():
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/tui/interface.py", line 401, in process_data
self.frequency_counter.add_record((block.interface, block.method))
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/tui/frequency_counter.py", line 114, in add_record
self.add(interface_record)
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/tui/frequency_counter.py", line 97, in add
insort_left(
TypeError: 'key' is an invalid keyword argument for insort_left()
2023-11-07 10:54:00,313: INFO Stopping injector
2023-11-07 10:54:00,313: INFO Stop event received
2023-11-07 10:54:00,318: INFO Script unloaded
2023-11-07 10:54:00,318: INFO Injector stopped
2023-11-07 10:54:00,318: INFO Injector stopped.
parse log:
2023-11-07 10:54:00,260: ERROR unpack_from requires a buffer of at least 108 bytes for unpacking 4 bytes at offset 104 (actual buffer size is 104)
2023-11-07 10:54:00,260: ERROR Traceback (most recent call last):
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/parsing.py", line 142, in on_message_in
read_interface_input(call, parcel, root_field)
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/parsing.py", line 310, in read_interface_input
parse(invar, parcel, parent)
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/parsing.py", line 269, in parse
parse_value_from_definition(definition, parcel, parent)
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/parsing.py", line 190, in parse_value_from_definition
return parcel.parse_field(name, "", reader, parent)
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/parcel.py", line 34, in parse_field
read_func(field)
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/parcel.py", line 424, in readStrongBinder
self.parse_field("status", "uint32", self.readUint32, parent)
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/parcel.py", line 34, in parse_field
read_func(field)
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/parcel.py", line 112, in readUint32
parent.content = self._read_uint32()
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/parcel.py", line 115, in _read_uint32
b = struct.unpack_from("<I", self.data, self.pos)
struct.error: unpack_from requires a buffer of at least 108 bytes for unpacking 4 bytes at offset 104 (actual buffer size is 104)
May I ask what tool or method you used to extract the binder structure from Android?
The library asyncore has been removed as of Python 3.12. It has been deprecated in favour as asyncio, but is currently being used by binder-trace.
Is it possible to launch the app after I attach? I want to catch the transactions when I launch my app, but I could only attach after I launch the app, so I miss those transactions at the start.
Hello,
I installed on Mac, not sure if I need xclip and xsel as well?
when I attach to an app, all the windows are empty:
in the parser log I get :
2023-11-06 14:56:04,721: ERROR module 'binder_trace.constants' has no attribute 'ANDROID_VERSION'
2023-11-06 14:56:04,722: ERROR Traceback (most recent call last):
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/generator.py", line 66, in _message_handler
block = parsing.on_message(self.struct_store, message, data, self.android_version)
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/parsing.py", line 55, in on_message
block = on_message_in(struct_store, parcel, block_metadata["code"])
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/parsing.py", line 125, in on_message_in
token = parcel.parse_field("interface-token", "", parcel.read_interface_token)
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/parcel.py", line 34, in parse_field
read_func(field)
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/parcel.py", line 188, in read_interface_token
elif constants.ANDROID_VERSION == 10:
AttributeError: module 'binder_trace.constants' has no attribute 'ANDROID_VERSION'
2023-11-06 14:56:04,735: ERROR module 'binder_trace.constants' has no attribute 'ANDROID_VERSION'
2023-11-06 14:56:04,735: ERROR Traceback (most recent call last):
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/generator.py", line 66, in _message_handler
block = parsing.on_message(self.struct_store, message, data, self.android_version)
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/parsing.py", line 55, in on_message
block = on_message_in(struct_store, parcel, block_metadata["code"])
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/parsing.py", line 125, in on_message_in
token = parcel.parse_field("interface-token", "", parcel.read_interface_token)
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/parcel.py", line 34, in parse_field
read_func(field)
File "/opt/homebrew/lib/python3.9/site-packages/binder_trace/parcel.py", line 188, in read_interface_token
elif constants.ANDROID_VERSION == 10:
AttributeError: module 'binder_trace.constants' has no attribute 'ANDROID_VERSION'
2023-11-06 14:56:04,735: ERROR module 'binder_trace.constants' has no attribute 'ANDROID_VERSION'
Hi. Could we please have the structs for Android 8. I'm trying to give this a go on an older device that's having binder leaking issues. Would be much appreciated. Thank you. I've tried using -a 9 and -a10 with the device but it shows no Binder activity at all, so I'm guessing its the Android version that's the problem.
Eg pressing c
should just clear the current messages. This makes it easier to investigate specific app functionality.
To show all the types of calls made and how many times they were made
Would you be able to add android 12 structures to this repository? Or instructions on how to generate the structures. Cheers 👍
The current representation of string field is as follows:
Token Descriptor: string
Length: 36
Value: android.os.INetworkManagementService
When showing string arrays etc. this is a very verbose output format. It would be better to specialise the output from string fields so its rendered something like:
Token Descriptor: string (36) "Value: android.os.INetworkManagementService"
The hexdump view also supports showing multiple selections at once so this ticket should cover highlighting the size and string content separately.
yntaxError: invalid syntax
┌──(root💀r0env)-[/binder-trace/binder_trace]/binder-trace/binder_trace]
└─# python3.9 -m binder_trace -d 07995251BJ100623 -n Calculator -s ../structs/android11
Traceback (most recent call last):
File "/usr/lib/python3.9/runpy.py", line 197, in _run_module_as_main
return _run_code(code, main_globals, None,
File "/usr/lib/python3.9/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/root/binder-trace/binder_trace/binder_trace/main.py", line 9, in
import binder_trace.structure
File "/root/binder-trace/binder_trace/binder_trace/structure.py", line 7, in
import binder_trace.overrides
File "/root/binder-trace/binder_trace/binder_trace/overrides.py", line 21
match parcelType:
^
SyntaxError: invalid syntax
┌──(root💀r0env)-[
In kali, show this. how can i Solve it?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.