refactor(sh): 🎉 恢复覆盖安装自定义证书，解决内置证书，更新后无法覆盖问题

ys1231 · Feb 27, 2024 · 81bfd46 · 81bfd46
1 parent 2dd7b32
commit 81bfd46
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 36 deletions.
diff --git a/README.assets/iShot_2024-02-19_01.36.50.png b/README.assets/iShot_2024-02-19_01.36.50.png
diff --git a/README.assets/iShot_2024-02-19_01.38.02.png b/README.assets/iShot_2024-02-19_01.38.02.png
diff --git a/README.md b/README.md
@@ -12,17 +12,15 @@ https://book.hacktricks.xyz/v/cn/mobile-pentesting/android-app-pentesting/instal
 
 1. 导出证书后直接`push`到手机,直接安装重启即可,不需要格式转换.
 
-## 使用实测
+## 手动直接安装证书到系统证书目录
 
-![iShot_2024-02-19_01.38.02](README.assets/iShot_2024-02-19_01.38.02.png)
-![iShot_2024-02-19_01.36.50](README.assets/iShot_2024-02-19_01.36.50.png)
-![iShot_2024-02-19_01.27.27](README.assets/iShot_2024-02-19_01.27.27.png)
+**此方法会覆盖已有的证书，专为多台电脑和内置证书准备**
 
-## ~~手动直接安装证书到系统证书目录~~
+0. 如果证书已经移动过或者内置到源码中，会发现直接通过系统安装，实际证书并没有被安装进去，需要保留这种场景
 
-1. ~~导出抓包软件证书 转换 证书为 pem 格式~~
-2. ~~`adb shell "mkdir -p  /data/local/tmp/crt"`~~
-3. ~~获取证书hash~~
+1. 导出抓包软件证书 转换 证书为 pem 格式
+2. `adb shell "mkdir -p  /data/local/tmp/cert"`
+3. 获取证书hash
 
 ```shell
 #openssl版本在1.0以上的版本的执行下面这一句---------------------
@@ -33,12 +31,15 @@ openssl x509 -inform PEM -subject_hash -in cacert.pem
 
 ![image-20221109212126575](README.assets/image-20221109212126575.png)
 
-4. ~~手动修改证书(pem格式证书)文件名为`02e06844.0`~~
-5. ~~`mkdir /data/local/tmp/crt`  这个crt目录需要自己创建~~ 
-6. ~~`adb push 02e06844.0  /data/local/tmp/crt/`~~
-7. ~~证书推到手机后,重启即可生效,其实是移动到magisk挂载的目录.~~
+4. 手动修改证书(转换前)文件名为`02e06844.0`
+5. `mkdir /data/local/tmp/cert`  这个cert目录需要自己创建
+6. `adb push 02e06844.0  /data/local/tmp/cert/`
+7. 证书推到手机后,重启即可生效，突然发现得保留这种场景。
+
+## 使用实测
+![iShot_2024-02-19_01.27.27](README.assets/iShot_2024-02-19_01.27.27.png)
 
-# 补充 证书转换 ~~der to pem~~ der 直接push到手机 安装CA即可
+# 补充 证书转换 der to pem
 
 ```shell
 # 以burp为例

diff --git a/changelog.md b/changelog.md
@@ -1,4 +1,2 @@
-- 修复conscrypt有另外的版本时，移动证书无效。
-- Fix invalid move certificates when conscrypt has another version.
-- 新增执行日志，方便定位问题。
-- Added execution logs for easy problem localization.
+- 恢复覆盖安装自定义证书，解决内置证书，更新后无法覆盖问题
+- Resume overriding the installation of customized certificates to solve the problem of built-in certificates, which can not be overridden after update
diff --git a/module.prop b/module.prop
@@ -1,7 +1,7 @@
 id=MoveCertificate
 name=MoveCertificate
-version=v1.4.5
-versionCode=9
+version=v1.4.6
+versionCode=10
 author=iyue
 description=Supports magiskv20.4+/kernelsu/APatch Android 7-14 move certificates
 updateJson=https://ys1231.cn:82/modules/MoveCertificate/update.json
diff --git a/post-fs-data.sh b/post-fs-data.sh
@@ -29,9 +29,12 @@ mount_cert() {
     print_log "mount: $1"
     mount -t tmpfs tmpfs "$1"
     print_log "mount status:$?"
+
     # "Copy all certificates to the system certificate directory"
     print_log "move cert: $1"
     cp -f $MODDIR/certificates/* "$1"
+
+    print_log "fix permissions: $1"
     chown -R system:system "$1"
     chown root:shell "$1"
     chmod -R 644 "$1"
@@ -42,19 +45,19 @@ mount_cert() {
 print_log "start move cert !"
 print_log "current sdk version is $sdk_version_number"
 
+print_log "Backup system certificates1"
+cp -u /system/etc/security/cacerts/* $MODDIR/certificates
+cp -u /data/misc/user/0/cacerts-added/* $MODDIR/certificates/
+
 # Android version >= 14 execute
 if [ "$sdk_version_number" -ge 34 ]; then
 
-    chown -R root:root $MODDIR/certificates/
-    chmod -R 644 $MODDIR/certificates
-    chmod 755 $MODDIR/certificates
-
-    print_log "Backup system certificates"
-    cp -u /system/etc/security/cacerts/* $MODDIR/certificates/
+    print_log "Backup system certificates2"
     cp -u /apex/com.android.conscrypt/cacerts/* $MODDIR/certificates/
 
-    print_log "Backup user certificates"
-    cp -u /data/misc/user/0/cacerts-added/* $MODDIR/certificates/
+    print_log "Backup user custom certificates2"
+    cp -f /data/local/tmp/cert/* $MODDIR/certificates/
+    cp -f /data/local/tmp/cert/* /data/misc/user/0/cacerts-added/
 
     print_log "find system conscrypt directory"
     apex_dir=$(find /apex -type d -name "com.android.conscrypt@*")
@@ -64,18 +67,25 @@ if [ "$sdk_version_number" -ge 34 ]; then
 
 fi
 
-# All Android versions perform
-cp -u /system/etc/security/cacerts/* $MODDIR/certificates
-cp -u /data/misc/user/0/cacerts-added/* $MODDIR/certificates/
-chown -R root:root $MODDIR/certificates/
-chmod -R 644 $MODDIR/certificates
-chmod 755 $MODDIR/certificates
+# All Android versions perform 
+print_log "Backup user custom certificates1"
+cp -f /data/local/tmp/cert/* $MODDIR/certificates/
+cp -f /data/local/tmp/cert/* /data/misc/user/0/cacerts-added/
+
+print_log "mount: /system/etc/security/cacerts/"
 mount -t tmpfs tmpfs /system/etc/security/cacerts/
+print_log "mount status:$?"
+
+print_log "move cert: /system/etc/security/cacerts/"
 cp -f $MODDIR/certificates/* /system/etc/security/cacerts/
+print_log "move cert status:$?"
+
+print_log "fix permissions /system/etc/security/cacerts"
 chown root:root /system/etc/security/cacerts
 chown -R root:root /system/etc/security/cacerts/
 chmod -R 644 /system/etc/security/cacerts/
 chmod 755 /system/etc/security/cacerts
 chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*
 print_log "exit status:$?"
+
 print_log "certificates installed"
diff --git a/update.json b/update.json
@@ -1,6 +1,6 @@
 {
-    "versionCode": 9,
-    "version": "v1.4.5",
-    "zipUrl": "https://ys1231.cn:82/modules/MoveCertificate/MoveCertificate-v1.4.5.zip",
+    "versionCode": 10,
+    "version": "v1.4.6",
+    "zipUrl": "https://ys1231.cn:82/modules/MoveCertificate/MoveCertificate-v1.4.6.zip",
     "changelog": "https://ys1231.cn:82/modules/MoveCertificate/changelog.md"
 }