-
Notifications
You must be signed in to change notification settings - Fork 35
Usage
First, see the Setup page to cross compile the Linux kernel source, and flash it on your device. Also make sure that the middleware can be cross compiled and copied onto your device.
Once all the pieces are in place, you can run binderfilter.py to see IPC message data, Binder logs, and to read and set BinderFilter policy. Use --print-permissions and --print-applications to see possible options and get the UID for an application you are interested in with --get-uid-for [packagename].
Get the UID for the play store
./binderfilter.py --get-uid-for com.android.vending
Get the UID for the facebook messenger app
./binderfilter.py --get-uid-for facebook.orca
Block all messages that contain the string "install" from the play store
./binderfilter.py -s -m "install" -u 10018 -a 1
Block the Camera permission from the facebook messenger app
./binderfilter.py -s -m "android.permission.CAMERA" -u 10084 -a 1
Block the Camera permission from the facebook app if wifi ssid is equal to "insecure-wifi-hotspot"
./binderfilter.py -s -m "android.permission.CAMERA" -u 10084 -a 1 --context 2 --context-type 2 --context-value "insecure-wifi-hotspot"
Remove a policy rule that blocks the Camera permission from the facebook messenger app
./binderfilter.py -s -m "android.permission.CAMERA" -u 10084 -a 2
Modify any string sent to/from the spotify app that contains "spotify" with the string "awesomemusicapp". Note the "binderfilter.arbitrary." that prepends the filter message. Also note that the replacement string will be copied into the IPC buffer in memory for AT MOST the number of bytes of the original string".
./binderfilter.py -s -m "binderfilter.arbitrary.spotify" -u 10082 --modify-data "awesomemusicapp"
Print the current BinderFilter policy
./binderfilter.py --print-policy-formatted
Print Android Kernel IPC buffers
./binderfilter.py --print-ipc-buffers-once
Print integer values for binderfilter command line context
./binderfilter.py --print-command-args
Help
usage: binderfilter.py [-h] [-s] [-m MESSAGE] [-u UID] [-a ACTION]
[--modify-data MODIFYDATA] [--context CONTEXT]
[--context-type CONTEXTTYPE]
[--context-value CONTEXTVALUE] [-p] [-f] [-c] [-q] [-b]
[-o] [-i] [-d [LEVELONCE [LEVELONCE ...]]]
[-e [LEVELFOREVER [LEVELFOREVER ...]]] [-g PACKAGENAME]
[-j] [-k] [-w] [-x] [-y] [-z] [--get-gps-bytes]
[--latitude LATITUDE] [--longitude LONGITUDE]
[--print-command-args]
Android Binder IPC hook and parser.
optional arguments:
-h, --help show this help message and exit
-s, --set-policy Set BinderFilter policy. Required: --message-contains,
--uid, --action.
-m MESSAGE, --message-contains MESSAGE
Set BinderFilter policy: Message to filter on. I.e.
"android.permission.CAMERA". To modify arbitrary
strings, prepend this message with
binderfilter.arbitrary.x where x is the string. See
the github docs for more information
-u UID, --uid UID Set BinderFilter policy: Uid to filter on. I.e.
"10082". Find corresponding Uid for packagename with
--get-uid-for [name]
-a ACTION, --action ACTION
Set BinderFilter policy: Action to perform. 0:
Block,1: Unblock, 2: Modify, 3: Unmodify
--modify-data MODIFYDATA
Set BinderFilter policy: data to modify message with.
Required if --action=3
--context CONTEXT Set BinderFilter policy: context. Default to
CONTEXT_NONE. Use the --print-command-args flag to see
possible values.
--context-type CONTEXTTYPE
Set BinderFilter policy: context type. Required if
--context is not CONTEXT_NONE. 1: integer, 2: string
--context-value CONTEXTVALUE
Set BinderFilter policy: context value. Required if
--context is not CONTEXT_NONE. If --context-type=1,
use 1: ON, 2: OFF
-p, --print-policy Print current BinderFilter policy
-f, --print-policy-formatted
Print current BinderFilter policy nicely
-c, --print-system-context
Print current system context values
-q, --disable-ipc-buffers
Disable BinderFilter parsing and printing of IPC
buffer contents
-b, --enable-ipc-buffers
Enable BinderFilter parsing and printing of IPC buffer
contents. This is computationally expensive.
-o, --print-ipc-buffers-once
Print Android IPC buffer contents
-i, --print-ipc-buffers-forever
Print Android IPC buffer contents forever
-d [LEVELONCE [LEVELONCE ...]], --print-logs-once [LEVELONCE [LEVELONCE ...]]
Print Binder system logs. Optional argument for the
specific level of Kernel debug level. Use the --print-
command-args flag to see possible values.
-e [LEVELFOREVER [LEVELFOREVER ...]], --print-logs-forever [LEVELFOREVER [LEVELFOREVER ...]]
See --print-logs-once
-g PACKAGENAME, --get-uid-for PACKAGENAME
Get UID for an application (string contains)
-j, --print-permissions
Print all Android system permissions from the
packagemanager
-k, --print-applications
Print all Android applications installed
-w, --disable-block-and-modify-messages
Disable BinderFilter from blocking and modifying IPC
messages. BinderFilter can still parse and log IPC
messages if --enable-ipc-buffers is set
-x, --enable-block-and-modify-messages
Enable BinderFilter to block and modify IPC messages
-y, --disable-binder-filter
Disable BinderFilter completely
-z, --enable-binder-filter
Enable BinderFilter (This is required for any
functionality
--get-gps-bytes Get BinderFilter translations of latitude, longitude
coordinates. Use with --latitude [LAT] --longitude
[LONG]
--latitude LATITUDE Latitude. I.e. 43.704979
--longitude LONGITUDE
Longitude. I.e. -72.287458
--print-command-args Print command argument values for --context and
--print-logs-once.