/trustnocerts.sh
Last active Aug 29, 2015
Disable all Trusted CA CERTs on Android 4.x and later (requires root)
| #!/system/bin/sh | |
| # | |
| # disables all trusted root certs on your Android 4.x | |
| # by jduck of #droidsec | |
| # | |
| # requires a working openssl binary in /data/local/tmp | |
| # (you can build one from AOSP "make openssl") | |
| # | |
| # run this as system!! for example: | |
| # shell@flo:/data/local/tmp $ su system -c ./trustnocerts.sh | |
| # shell@flo:/data/local/tmp $ | |
| # | |
| # if you want to re-enable a key, either do it manually or rm the file created in | |
| # /data/misc/keychain/cacerts-removed | |
| # | |
| # for example, to re-enable some geotrust and verisign certs: | |
| # system@flo:/data/local/tmp $ ./busybox grep -Ei 'O=(geotrust|verisign)' /etc/security/cacerts/* | ./busybox awk -F: '{print $1}' | ./busybox sort -u | ./busybox awk -F/ '{print "rm /data/misc/keychain/cacerts-removed/"$5}' | sh | |
| # system@flo:/data/local/tmp $ | |
| # | |
| # enjoy! | |
| # | |
| umask 022 | |
| if ! mkdir -p /data/misc/keychain/cacerts-removed; then | |
| echo "failed to create /data/misc/keychain/cacerts-removed! are you system??" | |
| exit 1 | |
| fi | |
| cd /etc/security/cacerts | |
| for ii in *; do | |
| /data/local/tmp/openssl x509 -in $ii -outform der -out /data/misc/keychain/cacerts-removed/$ii | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
rhcp011235 commentedOct 20, 2014
Cool. Nice little code bit