-
-
Save habibiefaried/9dfab05cbae4be325cd954c6e701c51c to your computer and use it in GitHub Desktop.
Android : add cert to system store
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://code.google.com/p/android/issues/detail?id=32696#c5 | |
| If you have a certificate that is not | |
| trusted by Android, when you add it, it goes in the personal cert store. | |
| When you add a cert in this personal cert store, the system requires a | |
| higher security level to unlock the device. But if you manage to add your | |
| cert to the system store then you don't have this requirement. Obviously, | |
| root is required to add a certificate to the system store, but it is quiet | |
| easy. | |
| Here is how to do it : | |
| 1 - add your cert normally, it will be stored in your personal store and | |
| android will ask you a pin/password... Proceed | |
| 2 - With a file manager with root capabilities, browse files | |
| in /data/misc/keychain/cacerts-added. You should see a file here, it's the | |
| certificate you have added at step 1. | |
| 3 - Move this file to system/etc/security/cacerts (you will need to mount | |
| the system partition r/w) | |
| 4 - Reboot the phone | |
| 5 - You are now able to clear the pin/password you have set to unlock the | |
| device. | |
| I Think that this will only work for Root or Intermediate CA. | |
| I got the idea by reading this : | |
| http://nelenkov.blogspot.fr/2011/12/ics-trust-store-implementation.html |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
So I recently needed to do this on an emulated android device to sniff traffic with mitmproxy. For anyone who stumbles on this in the future, it worked with a few modifications!
1 - When you create the AVD you'll have a choice between "(Google Play)" and "(Google APIs)" in the Target (android version). You must choose "(Android APIs)" or you will not be able to get adb root access.
2 - Do not launch the emulator from Android Studio, instead you'll want to launch it from the command line so you can pass the -writable-system flag to it.
Go to your AndroidStudio/Sdk/emulator folder and run: emulator.exe -list-avds and note the one you created in Step 1. For example, mine was Pixel_2_API_28.
Launch it with emulator.exe -avd Pixel_2_API_28 -writable-system
3 - Remount the system partition as writable
adb root
adb remount
4 - Install the cert as normal
5 - Move the cert. Replace "cert.0" with whatever the filename is. eg c7451f0d.0
adb ls /data/misc/user/0/cacerts-added
adb pull /data/misc/user/0/cacerts-added/cert.0
adb push cert.0 /system/etc/security/cacerts/
6 - Now go remove the user cert you installed in Step 4.