[PR #449] feat: Auto-detect L2CAP function offsets via dlsym for Android #403

Open
opened 2026-03-02 12:41:03 +03:00 by kerem · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/kavishdevar/librepods/pull/449
Author: @ayaanngandhi
Created: 2/6/2026
Status: 🔄 Open

Base: mainHead: main


📝 Commits (2)

  • 241a1a0 feat: Auto-detect L2CAP function offsets via dlsym
  • 61253ca fix: Remove static keyword from functions declared in header, add ndkVersion

📊 Changes

2 files changed (+163 additions, -6 deletions)

View changed files

📝 android/app/build.gradle.kts (+1 -0)
📝 android/app/src/main/cpp/l2c_fcr_hook.cpp (+162 -6)

📄 Description

Summary

Adds automatic offset detection for L2CAP hook functions, eliminating the need for users to manually find and set offsets on most custom ROMs.

Problem

The hardcoded fallback offset 0x00a55e30 doesn't work on most custom ROMs, causing L2CAP connection failures. Users had to manually extract offsets from their libbluetooth_jni.so using tools like nm or readelf.

Solution

Added runtime symbol lookup using dlsym() to automatically find function offsets when the ROM exports them in the dynamic symbol table.

Changes

  • Added findSymbolOffset() — uses dlsym to look up symbols at runtime
  • Added findLibraryPath() — locates the Bluetooth library via /proc/self/maps
  • Updated all offset loaders with fallback chain:
    1. System property override (backward compatible)
    2. Dynamic dlsym lookup (auto-detection)
    3. Hardcoded fallback (last resort)

Symbols auto-detected

  • l2c_fcr_chk_chan_modes
  • l2cu_process_our_cfg_req
  • l2c_csm_execute
  • l2cu_send_peer_info_req

Testing

Tested on Project Elixir v4.2 (Android 14, Realme 6) with AirPods Pro, 1st Generation, where symbols are exported. Auto-detection correctly found offset 0x7f2ac0 without manual configuration.

Backward Compatibility

  • System property overrides still work (persist.librepods.hook_offset, etc.)
  • Falls back to hardcoded offset if dynamic lookup fails

Summary by CodeRabbit

Release Notes

  • Chores
    • Updated NDK version to 27.1.12297006 for improved build consistency
    • Enhanced system compatibility and stability through improved Bluetooth library detection and management

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/kavishdevar/librepods/pull/449 **Author:** [@ayaanngandhi](https://github.com/ayaanngandhi) **Created:** 2/6/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `main` --- ### 📝 Commits (2) - [`241a1a0`](https://github.com/kavishdevar/librepods/commit/241a1a04f891ba5b5387c6bf2894a356d1557e0d) feat: Auto-detect L2CAP function offsets via dlsym - [`61253ca`](https://github.com/kavishdevar/librepods/commit/61253ca727066b5ccca71cd72657774fbab1d860) fix: Remove static keyword from functions declared in header, add ndkVersion ### 📊 Changes **2 files changed** (+163 additions, -6 deletions) <details> <summary>View changed files</summary> 📝 `android/app/build.gradle.kts` (+1 -0) 📝 `android/app/src/main/cpp/l2c_fcr_hook.cpp` (+162 -6) </details> ### 📄 Description ## Summary Adds automatic offset detection for L2CAP hook functions, eliminating the need for users to manually find and set offsets on most custom ROMs. ## Problem The hardcoded fallback offset `0x00a55e30` doesn't work on most custom ROMs, causing L2CAP connection failures. Users had to manually extract offsets from their `libbluetooth_jni.so` using tools like `nm` or `readelf`. ## Solution Added runtime symbol lookup using `dlsym()` to automatically find function offsets when the ROM exports them in the dynamic symbol table. ### Changes - Added `findSymbolOffset()` — uses `dlsym` to look up symbols at runtime - Added `findLibraryPath()` — locates the Bluetooth library via `/proc/self/maps` - Updated all offset loaders with fallback chain: 1. System property override (backward compatible) 2. Dynamic `dlsym` lookup (auto-detection) 3. Hardcoded fallback (last resort) ### Symbols auto-detected - `l2c_fcr_chk_chan_modes` - `l2cu_process_our_cfg_req` - `l2c_csm_execute` - `l2cu_send_peer_info_req` ## Testing Tested on Project Elixir v4.2 (Android 14, Realme 6) with AirPods Pro, 1st Generation, where symbols are exported. Auto-detection correctly found offset `0x7f2ac0` without manual configuration. ## Backward Compatibility - System property overrides still work (`persist.librepods.hook_offset`, etc.) - Falls back to hardcoded offset if dynamic lookup fails <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit # Release Notes * **Chores** * Updated NDK version to 27.1.12297006 for improved build consistency * Enhanced system compatibility and stability through improved Bluetooth library detection and management <!-- end of auto-generated comment: release notes by coderabbit.ai --> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/librepods#403
No description provided.