-
-
Save sengkyaut/3fcdba9600dedeab9ed548a6d93e4e20 to your computer and use it in GitHub Desktop.
| https://code.google.com/p/android/issues/detail?id=32696#c5 | |
| If you have a certificate that is not | |
| trusted by Android, when you add it, it goes in the personal cert store. | |
| When you add a cert in this personal cert store, the system requires a | |
| higher security level to unlock the device. But if you manage to add your | |
| cert to the system store then you don't have this requirement. Obviously, | |
| root is required to add a certificate to the system store, but it is quiet | |
| easy. | |
| Here is how to do it : | |
| 1 - add your cert normally, it will be stored in your personal store and | |
| android will ask you a pin/password... Proceed | |
| 2 - With a file manager with root capabilities, browse files | |
| in /data/misc/keychain/cacerts-added. You should see a file here, it's the | |
| certificate you have added at step 1. | |
| 3 - Move this file to system/etc/security/cacerts (you will need to mount | |
| the system partition r/w) | |
| 4 - Reboot the phone | |
| 5 - You are now able to clear the pin/password you have set to unlock the | |
| device. | |
| I Think that this will only work for Root or Intermediate CA. | |
| I got the idea by reading this : | |
| http://nelenkov.blogspot.fr/2011/12/ics-trust-store-implementation.html |
Check android cpu via adb
adb shell getprop ro.product.cpu.abi
adb shell getprop ro.product.cpu.abilist
adb shell '/data/local/tmp/frida-server-15.2.2-android-x86 &'
To do so:
-
Export your Burp Certificate
Proxy > Options > CA Certificate > Export in DER format -
Convert it to PEM
openssl x509 -inform der -in cacert.der -out burp.pem -
Download it on the device
-
Use Certificate Installer to install the certificate
The Android app can be found here -
You can navigate the browser and search for http://burp/, here you're able to download the certificate, then rename it to .crt & install it
-
Additional for Android Android 7.0 (Nougat) and above (requeires root access):
rename certificate:
mv burp.pem $(openssl x509 -inform PEM -subject_hash_old -in burp.pem | head -1)".0"
and move the result file to /system/etc/security/cacerts/ (for example, using Total Commander).
ls -la /data/misc/user/0/cacerts-added/
adb remount
mycert=9a5ba575.0
mv /data/misc/user/0/cacerts-added/$mycert /system/etc/security/cacerts/
chmod 644 /system/etc/security/cacerts/$mycert
chown root:root /system/etc/security/cacerts/$mycert