Last active
March 2, 2023 12:40
-
-
Save tothi/f352840c54b0273915589f6220b8e399 to your computer and use it in GitHub Desktop.
android emulator setup with sniffer CA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
OBSOLETE: moved to Magisk + Magisk Trust User Certs module. | |
Emulator setup with Magisk: https://gist.github.com/tothi/1a206791c8b77d7e42015183c980657e | |
Magisk Trust User Certs module: https://github.com/NVISOsecurity/MagiskTrustUserCerts | |
android emulator clean install + prepare for https proxy analysis | |
================================================================= | |
# clean up old packages | |
rm -fr ~/Android ~/.android | |
# install recent Android Studio (on gentoo) | |
sudo emerge -a dev-util/android-studio | |
# set up local sdk packages in ~/Android by 1st run of Android Studio GUI | |
android-studio | |
# check installed sdk packages + install a recent system image | |
~/Android/Sdk/tools/bin/sdkmanager --list | |
~/Android/Sdk/tools/bin/sdkmanager 'system-images;android-28;google_apis;x86_64' | |
# create android virtual device (-> ~/.android/avd) | |
~/Android/Sdk/tools/bin/avdmanager list target | |
~/Android/Sdk/tools/bin/avdmanager list device | |
~/Android/Sdk/tools/bin/avdmanager create avd -n testing -d "Nexus 5X" -k "system-images;android-28;google_apis;x86_64" | |
# launch emulator | |
~/Android/Sdk/tools/emulator @testing | |
# adb access (root in case of non-googleplay image) | |
~/Android/Sdk/platform-tools/adb devices | |
~/Android/Sdk/platform-tools/adb shell -t su | |
# add pc hw keyboard support | |
echo "hw.keyboard=yes" >> ~/.android/avd/testing.avd/config.ini | |
# install burp CA cert (cacert.der from http://burp:8080) as system trusted cert (wont work: ERR_CERT_VALIDITY_TOO_LONG) | |
openssl x509 -inform DER -in cacert.der -out cacert.pem | |
openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1 | |
mv cacert.pem 9a5ba575.0 | |
# solve ERR_CERT_VALIDITY_TOO_LONG with custom CA certificate | |
openssl req -x509 -nodes -days 720 -newkey rsa:2048 -keyout privkey.pem -out cacert.pem | |
openssl pkcs12 -export -out cacert.p12 -inkey privkey.pem -certfile cacert.pem -in cacert.pem # password is required | |
openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1 | |
mv cacert.pem a4d857ed.0 | |
# import cacert.p12 to burp | |
rm cacert.p12 privkey.pem | |
# method 1: temporary solution for avd (poweroff-poweron cycle regenerates system image from template) | |
~/Android/Sdk/tools/emulator @testing -writable-system | |
~/Android/Sdk/platform-tools/adb root | |
~/Android/Sdk/platform-tools/adb remount | |
~/Android/Sdk/platform-tools/adb push 9a5ba575.0 /sdcard/ | |
~/Android/Sdk/platform-tools/adb shell | |
mv /sdcard/9a5ba575.0 /system/etc/security/cacerts/ | |
chown root:root /system/etc/security/cacerts/9a5ba575.0 | |
chmod 0644 /system/etc/security/cacerts/9a5ba575.0 | |
ls -alZ /system/etc/security/cacerts/ | |
reboot # reboot keeps modifications | |
# method 2: permanent solution for avd | |
cat ~/.android/avd/testing.avd/config.ini | grep sysdir | |
cp ~/Android/Sdk/system-images/android-28/google_apis/x86_64/system.img ~/.android/avd/testing.avd/ | |
cp ~/Android/Sdk/system-images/android-28/google_apis/x86_64/VerifiedBootParams.textproto ~/.android/avd/testing.avd/ | |
file ~/.android/avd/testing.avd/system.img | |
fdisk -l ~/.android/avd/testing.avd/system.img | |
sudo mount ~/.android/avd/testing.avd/system.img /mnt/ -o loop,offset=$((2048*512)) | |
sudo cp 9a5ba575.0 /mnt/system/etc/security/cacerts/ | |
ls -alZ /mnt/system/etc/security/cacerts/ | |
getfattr -m - -d /mnt/system/etc/security/cacerts/* | |
getfattr -m - -d /mnt/system/etc/security/cacerts/9a5ba575.0 | |
sudo setfattr -n security.selinux -v u:object_r:system_file:s0 /mnt/system/etc/security/cacerts/9a5ba575.0 | |
getfattr -m - -d /mnt/system/etc/security/cacerts/9a5ba575.0 | |
ls -alZ /mnt/system/etc/security/cacerts/ | |
sudo umount /mnt | |
zile ~/.android/avd/testing.avd/VerifiedBootParams.textproto | |
# disable dm-verity: comment verity, replace with linear, add/remove dm_params | |
rm -fr ~/.android/avd/testing.avd/snapshots/default_boot/ | |
# launch emulator with proxy | |
~/Android/Sdk/tools/emulator @testing -http-proxy 127.0.0.1:8080 | |
# confirm burp CA as trusted system cert | |
Settings / Security & location / Advanced / Encryption & credentials / Trusted credentials / System: PortSwigger CA | |
# install apk | |
~/Android/Sdk/platform-tools/adb install test.apk |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment