[PR #449] feat: Auto-detect L2CAP function offsets via dlsym for Android #403

New issue

Open

opened 2026-03-02 12:41:03 +03:00 by kerem · 0 comments

kerem commented

2026-03-02 12:41:03 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/kavishdevar/librepods/pull/449
Author: @ayaanngandhi
Created: 2/6/2026
Status: 🔄 Open

Base: main ← Head: main

📝 Commits (2)

241a1a0 feat: Auto-detect L2CAP function offsets via dlsym
61253ca fix: Remove static keyword from functions declared in header, add ndkVersion

📊 Changes

2 files changed (+163 additions, -6 deletions)

View changed files

📝 android/app/build.gradle.kts (+1 -0)
📝 android/app/src/main/cpp/l2c_fcr_hook.cpp (+162 -6)

📄 Description

Summary

Adds automatic offset detection for L2CAP hook functions, eliminating the need for users to manually find and set offsets on most custom ROMs.

Problem

The hardcoded fallback offset 0x00a55e30 doesn't work on most custom ROMs, causing L2CAP connection failures. Users had to manually extract offsets from their libbluetooth_jni.so using tools like nm or readelf.

Solution

Added runtime symbol lookup using dlsym() to automatically find function offsets when the ROM exports them in the dynamic symbol table.

Changes

Added findSymbolOffset() — uses dlsym to look up symbols at runtime
Added findLibraryPath() — locates the Bluetooth library via /proc/self/maps
Updated all offset loaders with fallback chain:
1. System property override (backward compatible)
2. Dynamic dlsym lookup (auto-detection)
3. Hardcoded fallback (last resort)

Symbols auto-detected

l2c_fcr_chk_chan_modes
l2cu_process_our_cfg_req
l2c_csm_execute
l2cu_send_peer_info_req

Testing

Tested on Project Elixir v4.2 (Android 14, Realme 6) with AirPods Pro, 1st Generation, where symbols are exported. Auto-detection correctly found offset 0x7f2ac0 without manual configuration.

Backward Compatibility

System property overrides still work (persist.librepods.hook_offset, etc.)
Falls back to hardcoded offset if dynamic lookup fails

Summary by CodeRabbit

Release Notes

Chores
- Updated NDK version to 27.1.12297006 for improved build consistency
- Enhanced system compatibility and stability through improved Bluetooth library detection and management

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/kavishdevar/librepods/pull/449 **Author:** [@ayaanngandhi](https://github.com/ayaanngandhi) **Created:** 2/6/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `main` --- ### 📝 Commits (2) - [`241a1a0`](https://github.com/kavishdevar/librepods/commit/241a1a04f891ba5b5387c6bf2894a356d1557e0d) feat: Auto-detect L2CAP function offsets via dlsym - [`61253ca`](https://github.com/kavishdevar/librepods/commit/61253ca727066b5ccca71cd72657774fbab1d860) fix: Remove static keyword from functions declared in header, add ndkVersion ### 📊 Changes **2 files changed** (+163 additions, -6 deletions) <details> <summary>View changed files</summary> 📝 `android/app/build.gradle.kts` (+1 -0) 📝 `android/app/src/main/cpp/l2c_fcr_hook.cpp` (+162 -6) </details> ### 📄 Description ## Summary Adds automatic offset detection for L2CAP hook functions, eliminating the need for users to manually find and set offsets on most custom ROMs. ## Problem The hardcoded fallback offset `0x00a55e30` doesn't work on most custom ROMs, causing L2CAP connection failures. Users had to manually extract offsets from their `libbluetooth_jni.so` using tools like `nm` or `readelf`. ## Solution Added runtime symbol lookup using `dlsym()` to automatically find function offsets when the ROM exports them in the dynamic symbol table. ### Changes - Added `findSymbolOffset()` — uses `dlsym` to look up symbols at runtime - Added `findLibraryPath()` — locates the Bluetooth library via `/proc/self/maps` - Updated all offset loaders with fallback chain: 1. System property override (backward compatible) 2. Dynamic `dlsym` lookup (auto-detection) 3. Hardcoded fallback (last resort) ### Symbols auto-detected - `l2c_fcr_chk_chan_modes` - `l2cu_process_our_cfg_req` - `l2c_csm_execute` - `l2cu_send_peer_info_req` ## Testing Tested on Project Elixir v4.2 (Android 14, Realme 6) with AirPods Pro, 1st Generation, where symbols are exported. Auto-detection correctly found offset `0x7f2ac0` without manual configuration. ## Backward Compatibility - System property overrides still work (`persist.librepods.hook_offset`, etc.) - Falls back to hardcoded offset if dynamic lookup fails  ## Summary by CodeRabbit # Release Notes * **Chores** * Updated NDK version to 27.1.12297006 for improved build consistency * Enhanced system compatibility and stability through improved Bluetooth library detection and management  --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>