12

I am trying to intercept all system calls made by my Android app on a non rooted device.

So every time my app writes/reads a file, I want to intercept the system call and encrypt/decrypt the stream for security purposes. The encryption part is no problem, but how do I intercept the system calls?

Because parts of the app are modules developed by third party providers of which I can not change the source code, there is no other way to make sure that data is stored securely.

Since I do not have root access I cannot access the address of the system call table as described here and I can not do this through an LKM module as well.

I would appreciate any suggestions, thanks.

Edit:

Ok I got the code link form Simone Margaritelli to work now! the reason why my code kept crashing is because i had to set the right memory access permisions:

uint32_t page_size = getpagesize();
uint32_t entry_page_start = reloc& (~(page_size - 1));
mprotect((uint32_t *)entry_page_start, page_size, PROT_READ | PROT_WRITE);
Community
  • 1
  • 1
John A.
  • 238
  • 1
  • 2
  • 9

2 Answers2

4

This is how you can hook syscalls on Android without root permissions ( only working for your own process of course, this is not system wide ).

Simone Margaritelli
  • 4,584
  • 10
  • 45
  • 70
  • Yes, this is actually exactly what I was looking for. Sadly my app always crashes when trying to run the code. I have tried contacting the owner of the blog, unsuccessfully. – John A. Jun 10 '14 at 13:56
  • 1
    This blog code is not working in android 6.0 OS. Linker.h member are private in 6.0 OS. Any workaround then please let me know. I ask to owner of this blog but no answer. – d.k. Oct 27 '15 at 08:38
1

You can reference Suterusu. But it's not thread safe, and I'm also trying to find a thread safe solution.

SammyJiang
  • 83
  • 2
  • 8