mer-hybris / bluebinder Goto Github PK

Seems like an issue similar to #20 is back again on the same device:

• When using the device without rebooting for more than a week or so
• Not actually having BT turned on, or any devices paired
• Noticed huge battery drain suddenly and inspected then top and an strace

I could only do this with a screen shot, since I needed the device to work normally and so rebooted. Also fishy are 10% of mem usage for bluebinder.

I hope the issue lies here. Let me know if not. Carwhisperer works with external bluetooth adapter, however it doesn't work with bluebinder (and internal vhci). It supposed to listen or inject sound into bluetooth devices with less security through SCO channel.
I tried various devices and also tried to find kernel differences. Spent way too many time on it :)

My bet is that if the kernel lets all packet types for external bt, there may be a solution on bluebinder side. Do you have any idea on this, is there restrictions through bluebinder, or from android bluetooth? Looking at btmon, my SCO transmission fails after packet types are changed, here's a screenshot of the log. Let me know if you'd like to see both external, or bluebinder btmon logs.

Hi, we are struggling with one of the NetHunter supported device: Nexus 6P (oreo, and lineage17.1 too). (VHCI, UART H4, IPC_BINDER enabled)

Looks like there are no [email protected] on there. Do you have any suggests where to look at or what can usually replace that? That's what we can see:

kali:/ # find / -name android.hardware.bluetooth* 2>/dev/null 
/sbin/.magisk/mirror/vendor/lib/hw/[email protected]
/sbin/.magisk/mirror/vendor/lib64/hw/[email protected]
/data/local/nhsystem/kali-arm64/system/etc/permissions/android.hardware.bluetooth_le.xml
/data/local/nhsystem/kali-arm64/system/lib/[email protected]
/data/local/nhsystem/kali-arm64/system/lib/[email protected]
/data/local/nhsystem/kali-arm64/system/lib/[email protected]
/data/local/nhsystem/kali-arm64/system/lib64/[email protected]
/data/local/nhsystem/kali-arm64/system/lib64/[email protected]
/data/local/nhsystem/kali-arm64/system/lib64/[email protected]
/vendor/lib/hw/[email protected]
/vendor/lib64/hw/[email protected]
/system/etc/permissions/android.hardware.bluetooth_le.xml
/system/lib/[email protected]
/system/lib/[email protected]
/system/lib/[email protected]
/system/lib64/[email protected]
/system/lib64/[email protected]
/system/lib64/[email protected]

With the SHIFT 6mq, Ubuntu Touch as OS I get these logs all the time:

01-24 10:38:49.464   235  1225 I [email protected]_handler: ProcessIbsCmd: Received IBS_SLEEP_IND: 0xFE
01-24 10:38:49.464   235  1225 D [email protected]_handler: SerialClockVote: vote for UART CLK OFF
01-24 10:38:49.493   235  1225 I [email protected]_handler: ProcessIbsCmd: Received IBS_WAKE_IND: 0xFD
01-24 10:38:49.493   235  1225 D [email protected]_handler: SerialClockVote: vote for UART CLK ON
01-24 10:38:49.493   235  1225 I [email protected]_handler: ProcessIbsCmd: Writing IBS_WAKE_ACK
01-24 10:38:49.536   235  1225 I [email protected]_handler: ProcessIbsCmd: Received IBS_SLEEP_IND: 0xFE
01-24 10:38:49.536   235  1225 D [email protected]_handler: SerialClockVote: vote for UART CLK OFF
01-24 10:38:49.543   235  1225 I [email protected]_handler: ProcessIbsCmd: Received IBS_WAKE_IND: 0xFD
01-24 10:38:49.543   235  1225 D [email protected]_handler: SerialClockVote: vote for UART CLK ON
01-24 10:38:49.543   235  1225 I [email protected]_handler: ProcessIbsCmd: Writing IBS_WAKE_ACK

A closer inspection with strace in bluebinder yields:

[pid  4512] ppoll([{fd=4, events=POLLIN|POLLERR|POLLHUP|POLLNVAL}, {fd=5, events=POLLIN|POLLERR|POLLHUP|POLLNVAL}], 2, NULL, NULL, 0) = 1 ([{fd=4, revents=POLLIN}])
[pid  4512] ioctl(4, BINDER_WRITE_READ, 0x7f8c2b87c8) = 0
[pid  4512] write(3, "\1\0\0\0\0\0\0\0", 8) = 8
[pid  4504] <... ppoll resumed> )       = 1 ([{fd=3, revents=POLLIN}])
[pid  4512] ppoll([{fd=5, events=POLLIN|POLLERR|POLLHUP|POLLNVAL}, {fd=8, events=POLLIN|POLLERR|POLLHUP|POLLNVAL}], 2, NULL, NULL, 0 <unfinished ...>
[pid  4504] read(3, "\1\0\0\0\0\0\0\0", 16) = 8
[pid  4504] write(10, "\4>+\2\1\3\1\302;7\365\2016\37\2\1\32\3\3o\375\27\26o\375^\210h\315#Y\244"..., 46) = -1 ENXIO (No such device or address)
[pid  4504] write(2, "Writing packet to device failed:"..., 59) = 59
[pid  4504] write(9, "*", 1 <unfinished ...>
[pid  4512] <... ppoll resumed> )       = 1 ([{fd=8, revents=POLLIN}])
[pid  4504] <... write resumed> )       = 1
[pid  4512] read(8,  <unfinished ...>
[pid  4504] ppoll([{fd=3, events=POLLIN}, {fd=10, events=POLLIN}], 2, NULL, NULL, 0 <unfinished ...>
[pid  4512] <... read resumed> "*", 1)  = 1
[pid  4512] ioctl(4, BINDER_WRITE_READ, 0x7f8c2b86d8) = 0
[pid  4512] ioctl(4, BINDER_WRITE_READ, 0x7f8c2b8678) = 0
[pid  4512] ioctl(4, BINDER_WRITE_READ, 0x7f8c2b8678) = 0
[pid  4512] ioctl(4, BINDER_WRITE_READ, 0x7f8c2b8758) = 0

So bluebinder is relaying writes to devices that are no longer visible. Also it does not matter if Bluetooth is turned on or of. This behaviour will slowly build up after boot since more and more devices are seen.

This is unique to that device so far, but its also my first Android 10 device. Any hint for debugging welcome!

How solve it?

In some cases, only ro.vendor.bt.bdaddr_path property is existent. This causes bluebinder_post.sh not finding Bluetooth address and killing bluebinder.

Hello all, I am attempting to run bluebinder on a Oneplus 7 Pro running Kali Nethunter. The kernel I am using has VHCI, UART H4, BinderFS. The plan was to use Bluebinder with the VHCI to have Nethunter recognize the internal BT radio as hci0. I am running into an issue with getting bluebinder to run. When ran in the kali chroot terminal I receive the following error:

Failed to connect to bluetooth binder service.

GLib- Critical g_main_loop quit: assertion 'loop != NULL'failed

Glib- Critical g_io_channel_shutdown: assertion 'channel != NULL'failed

GLib- Critical g_io_channel_unref: assertion 'channel != NULL'failed

Any idea what the cause might be?

Can you please let me know where and how Bluez interacts with /dev/vhci?I understand the remaining part where bluebinder picks up the HCI frames received from /dev/vhci and invokes the HAL functions.
But I am not getting how and where Bluez interacts with /dev/vhci?

One the Oneplus 6T users report device freezes (obviously kernel crashes) with the latest Bluebinder. See here: https://paste.myself5.de/kayoxowope.yaml

Currently if Bluetooth is toggled off from UI the device will still be discoverable by other devices afterwards. I assume this for example causes my BT headset to stay connected for up to ~20 seconds before it disconnects properly (presumably due to it realizing there is no more data being transmitted either way).

Some more details on HelloVolla/ubuntu-touch-beta-tests#91.

Please set the full version in SPEC file as a part of the release. Right now we have 1.0 for 1.0.12