magisk-modules-repo / movecert Goto Github PK

Error:
This zip is not a Magisk module
Installation failed

• Tried to extract and recompress zip ->

Installing xx.zip
Installation failed

invalid in android 13

Google system apps don't trust adguard when installed using this module but this problem does not happen if adguard itself puts the certificate in system store using root access in Android 10.

Please fix this problem as not all phones have rewritable cacerts folder. Only in Samsung phones one can place certificate in system store with su

I want to move back to the user directory Or delete the certificate that has been moved into the system directory

It looks like the configuration provided by this module is in conflict with Chrome 99+ on Android. This is due to the new Certificate Transparency enforcement that went live in Android's Chrome 99 on March 1, 2022.
https://support.google.com/chrome/a/answer/7679408

This is just an FYI - I'm not sure what the best path forward is on this.

See below for the error received when proxying traffic when using the movecert module. This is with Burp Suite on Chrome 99+ on Android 11. Duplicated on Android 12.

https://github.com/wanghongenpin/network_proxy_flutter

RT

Hi, I've installed this module.

I've added a cert, and I can see it in my User Credentials
What do I need to do to trigger it copying into my Trusted Credentials? I don't see it in the list.

Thanks,

sorry if it is a silly question, but I cannot find that path. Neither in the root directories nor in the public directories.

I know it is there somewhere running because I can the logs in Magisk.

Thank you for developing it :-)

I use Charles for https proxying, I noticed if I use this module to move Charles' cert into /system, there is a game app will not trust the cert, but if I move the cert into /system directly (I disabled dm-verity so that's fine), the game app will trust the cert normally.

Is there any difference between using this module for moving cert and moving cert directly?

Thanks, and sorry for my English.

Magisk log (from the Magisk application Log view):

...
movecerts: exec [post-fs-data.sh]
* Loading modules
movecerts: loading mount files
** late_start service mode running
...

Files in /data/misc/user/0/cacerts-added/ remain unmoved, copies do not appear in /system/etc/security/cacerts. No messages indicating which files were targeted for the move.

Two Ninja Edits to make...

1: This bug seems to have been fixed by a fork of this project. Huge thanks to Andy Acer for fixing this 6 months ago. Check out the config flags in his install.sh. I think those are the source of the issue I experienced, and it should be a quick fix.

https://github.com/andyacer/movecert/blob/master/install.sh

Second, on my device (Retail Moto G Power), the behavior has changed such that the standard procedure results in an unusable certificate being placed in the System CA store. The User store wants an X509 certificate as input (ok, that's all good), but the file it spits out and sticks in /data/misc/user/0/cacerts-added/ is a binary blob .DER file (such as would be exported directly from Burp). I noticed other odd malformations of the file, like setting the creation date to 1969, etc.

Therefore, when the .DER file is copied by this script into the /system/etc/security/cacerts cert store, you have a completely valid certificate, named the correct name, in the wrong format, so you see no change in the HTTPS/HSTS errors thrown by the client when you attempt to intercept traffic.

TL;DR: For me (and possibly for other people), the best way to work around this is DO NOT install the certificate via the UI. Just copy the properly named x509-formatted certificate into /data/misc/user/0/cacerts-added/ and reboot.

Probably worth adding to the script to detect and correct this case for usability purposes.

callrecorder-skvalex this repo includes only a trial

on android 12 it correctly moves to the trusted CA store, but later android removes it. No idea what is going on, I think se linux is even disabled.

Why is there no zip for installing this module?
What about ROMs with dm-verity enabled? Will this module brick the phone if it moves the file to the system folder?

Just magisk hide any browser or any app in android 10+ and try to surf/use net. Browsers will report that certificate is not trusted. Adguard will report apps don't trust it's certificate.
Device - Oneplus 8
Android 10+