On host:
sudo apt-get install libnss3-tools
hg clone https://hg.mozilla.org/mozilla-central
cd mozilla-central
nss-addbuiltin -n "SomeMaliciousCA" -t "CT,C,C" < ~/malicious.der >> security/nss/lib/ckfw/builtins/certdata.txt
sudo docker run -v "/mozilla-central:/mozilla-central" -ti ubuntu:focal /bin/bash
Inside docker:
apt-get update
apt-get install -y openjdk-8-jdk vim build-essential mercurial python python3 python2-dev virtualenv python3-pip m4 libnss3-tools libc-ares2 libnghttp2-14 libnode64 libossp-uuid16 libuv1 nodejs nodejs-doc unzip uuid zip libpsl5 publicsuffix wget
export SHELL=/bin/bash
export MOZBUILD_STATE_PATH=/mozilla-central/mozbuild
cd /mozilla-central
./mach bootstrap
# Go through the wizard and select:
# 4. GeckoView/Firefox for Android
echo "" >> mozconfig
echo "ac_add_options --target=aarch64" >> mozconfig
export PATH="$HOME/.cargo/bin:$PATH"
rustup target add thumbv7neon-linux-androideabi
rustup target add aarch64-linux-android
./mach build
The library will be available for analysis at: obj-aarch64-unknown-linux-android/security/nss/lib/ckfw/builtins/builtins_nssckbi/libnssckbi.so
Now you can simply unzip APK, replace libnssckbi.so, zip back and do signapk.
zip -n "resources.arsc" -qr ../zipped.apk *