- Ensure your certificate for the MITM application is in PEM format. For example, Burp Suite generates the certificate in DER, so in this case, to convert from DER to PEM:
openssl x509 -inform der -in cacert.der -out cacert.pem
Note this certificate needs to also be installed on the Android device. Android expects DER format with the file extension .crt
. If in doubt, consult google.com.
- Extract all three APKs. To avoid issues,
-r
is used.
apktool d -f -r au.gov.health.covidsafe.apk
apktool d -f -r config.xxhdpi.apk
apktool d -f -r config.en.apk
- Replace one of the existing certs with the one used in the MITM application. For example, this one will do:
au.gov.health.covidsafe/res/raw/amazon_root_ca_4.pem
Remove all the text and replace the complete certificate with your own one that's also been installed on the Android device and used by your MITM application:
-----BEGIN CERTIFICATE-----
MIIDqDCCApCgAwIBAgIFAPDDVxcwDQYJKoZIhvcNAQELBQAwgYoxFDAS
.....
-----END CERTIFICATE-----
- Rebundle back into APKs (The
config.xxhdpi.apk
andconfig.en.apk
we need to resign, hence why extracting them in the first place. There is probably another way to strip of the signature, but this will do.
apktool b config.en/ -o config.en.new.apk
apktool b config.xxhdpi/ -o config.xxhdpi.new.apk
apktool b au.gov.health.covidsafe/ -o au.gov.health.covidsafe.new.apk
-
Download JDK to use the keytool program: https://www.oracle.com/java/technologies/javase-jdk14-downloads.html
-
Generate certificate for signing (Enter a password, don't forget it as it's needed in the next step)
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
- Sign all three APKs:
~/jdk-14.0.1/bin/jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore au.gov.health.covidsafe.new.apk alias_name
~/jdk-14.0.1/bin/jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore config.xxhdpi.new.apk alias_name
~/jdk-14.0.1/bin/jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore config.en.new.apk alias_name
- Install the APKs to the Android device. All three are needed, so we use
install-multiple
:
adb install-multiple config.en.new.apk au.gov.health.covidsafe.apk config.xxhdpi.new.apk
Now any HTTPS traffic sent from the app via in-line proxy, or by other means, e.g. sslstrip, will be visible in plain-text. The intention here is for dynamic analysis of your own device to understand how the software works. Please see the relevant legislation to understand what is and is not permitted: https://www.legislation.gov.au/Details/F2020L00480