-
-
Save sengkyaut/3fcdba9600dedeab9ed548a6d93e4e20 to your computer and use it in GitHub Desktop.
Android : add cert to system store
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://code.google.com/p/android/issues/detail?id=32696#c5 | |
If you have a certificate that is not | |
trusted by Android, when you add it, it goes in the personal cert store. | |
When you add a cert in this personal cert store, the system requires a | |
higher security level to unlock the device. But if you manage to add your | |
cert to the system store then you don't have this requirement. Obviously, | |
root is required to add a certificate to the system store, but it is quiet | |
easy. | |
Here is how to do it : | |
1 - add your cert normally, it will be stored in your personal store and | |
android will ask you a pin/password... Proceed | |
2 - With a file manager with root capabilities, browse files | |
in /data/misc/keychain/cacerts-added. You should see a file here, it's the | |
certificate you have added at step 1. | |
3 - Move this file to system/etc/security/cacerts (you will need to mount | |
the system partition r/w) | |
4 - Reboot the phone | |
5 - You are now able to clear the pin/password you have set to unlock the | |
device. | |
I Think that this will only work for Root or Intermediate CA. | |
I got the idea by reading this : | |
http://nelenkov.blogspot.fr/2011/12/ics-trust-store-implementation.html |
To do so:
-
Export your Burp Certificate
Proxy > Options > CA Certificate > Export in DER format -
Convert it to PEM
openssl x509 -inform der -in cacert.der -out burp.pem -
Download it on the device
-
Use Certificate Installer to install the certificate
The Android app can be found here -
You can navigate the browser and search for http://burp/, here you're able to download the certificate, then rename it to .crt & install it
-
Additional for Android Android 7.0 (Nougat) and above (requeires root access):
rename certificate:
mv burp.pem $(openssl x509 -inform PEM -subject_hash_old -in burp.pem | head -1)".0"
and move the result file to /system/etc/security/cacerts/ (for example, using Total Commander).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Check android cpu via adb
adb shell '/data/local/tmp/frida-server-15.2.2-android-x86 &'