Disable all Trusted CA CERTs on Android 4.x and later (requires root)
#!/system/bin/sh | |
# | |
# disables all trusted root certs on your Android 4.x | |
# by jduck of #droidsec | |
# | |
# requires a working openssl binary in /data/local/tmp | |
# (you can build one from AOSP "make openssl") | |
# | |
# run this as system!! for example: | |
# shell@flo:/data/local/tmp $ su system -c ./trustnocerts.sh | |
# shell@flo:/data/local/tmp $ | |
# | |
# if you want to re-enable a key, either do it manually or rm the file created in | |
# /data/misc/keychain/cacerts-removed | |
# | |
# for example, to re-enable some geotrust and verisign certs: | |
# system@flo:/data/local/tmp $ ./busybox grep -Ei 'O=(geotrust|verisign)' /etc/security/cacerts/* | ./busybox awk -F: '{print $1}' | ./busybox sort -u | ./busybox awk -F/ '{print "rm /data/misc/keychain/cacerts-removed/"$5}' | sh | |
# system@flo:/data/local/tmp $ | |
# | |
# enjoy! | |
# | |
umask 022 | |
if ! mkdir -p /data/misc/keychain/cacerts-removed; then | |
echo "failed to create /data/misc/keychain/cacerts-removed! are you system??" | |
exit 1 | |
fi | |
cd /etc/security/cacerts | |
for ii in *; do | |
/data/local/tmp/openssl x509 -in $ii -outform der -out /data/misc/keychain/cacerts-removed/$ii | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Cool. Nice little code bit