mRemote is nolonger used #2
Comments
|
Thanks for ur feedback. Good question. First we should check source code / debugger what they use instead... Is this for all BinderProxies now or only for ServiceManagerNative... could be that they use some special API to commincate with this particular service... however, would be nice to have a new iteration on this project. Thanks. |
SarotecK
added
bug
|
I migrated the project to API 33 (may I should test 32 according to ur report). However, the test scenario seems to work... Means in general mRemote is still used in Generic BinderProxy objects... however, next would be to check ServiceManagerNative... witch is indeed a very interesting service ;) Did some research in the past about it... |
|
Sorry, maybe I had a non-complete test.(I have used a system image not from Google but from my own company) And thank you for your work! |
|
Well you could checkout this branch: https://github.com/ChickenHook/BinderHook/tree/2-mremote-is-nolonger-used and have a look if the test scenario works (means the hook function will be called while request permissions) on ur image. However, I guess ServiceManagerNative has a unique implementation. |
|
Well.. in the end https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/os/ServiceManagerNative.java#38 they pass the mRemote object into the Stub... I guess there mRemote will be called. We should be able to access the object there. I will add a test to the feature branch for that service. |
|
Hy finally I hooked ServiceManagerNative. You can have a look on latest commit. Tested on API 33 Emulator. If you You should see this log line in logcat:
|
According to https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/os/ServiceManagerNative.java
mRemote is no longer used
I'm developing other hook way for API32
Maybe you have some idea?
The text was updated successfully, but these errors were encountered: