magisk-modules-repo / movecert Goto Github PK
View Code? Open in Web Editor NEWmovecert
movecert
Error:
This zip is not a Magisk module
Installation failed
Installing xx.zip
Installation failed
invalid in android 13
Google system apps don't trust adguard when installed using this module but this problem does not happen if adguard itself puts the certificate in system store using root access in Android 10.
Please fix this problem as not all phones have rewritable cacerts folder. Only in Samsung phones one can place certificate in system store with su
I want to move back to the user directory Or delete the certificate that has been moved into the system directory
It looks like the configuration provided by this module is in conflict with Chrome 99+ on Android. This is due to the new Certificate Transparency enforcement that went live in Android's Chrome 99 on March 1, 2022.
https://support.google.com/chrome/a/answer/7679408
This is just an FYI - I'm not sure what the best path forward is on this.
See below for the error received when proxying traffic when using the movecert module. This is with Burp Suite on Chrome 99+ on Android 11. Duplicated on Android 12.
RT
Hi, I've installed this module.
I've added a cert, and I can see it in my User Credentials
What do I need to do to trigger it copying into my Trusted Credentials? I don't see it in the list.
Thanks,
sorry if it is a silly question, but I cannot find that path. Neither in the root directories nor in the public directories.
I know it is there somewhere running because I can the logs in Magisk.
Thank you for developing it :-)
I use Charles for https proxying, I noticed if I use this module to move Charles' cert into /system, there is a game app will not trust the cert, but if I move the cert into /system directly (I disabled dm-verity so that's fine), the game app will trust the cert normally.
Is there any difference between using this module for moving cert and moving cert directly?
Thanks, and sorry for my English.
Magisk log (from the Magisk application Log view):
...
movecerts: exec [post-fs-data.sh]
* Loading modules
movecerts: loading mount files
** late_start service mode running
...
Files in /data/misc/user/0/cacerts-added/ remain unmoved, copies do not appear in /system/etc/security/cacerts. No messages indicating which files were targeted for the move.
Two Ninja Edits to make...
1: This bug seems to have been fixed by a fork of this project. Huge thanks to Andy Acer for fixing this 6 months ago. Check out the config flags in his install.sh. I think those are the source of the issue I experienced, and it should be a quick fix.
https://github.com/andyacer/movecert/blob/master/install.sh
Second, on my device (Retail Moto G Power), the behavior has changed such that the standard procedure results in an unusable certificate being placed in the System CA store. The User store wants an X509 certificate as input (ok, that's all good), but the file it spits out and sticks in /data/misc/user/0/cacerts-added/ is a binary blob .DER file (such as would be exported directly from Burp). I noticed other odd malformations of the file, like setting the creation date to 1969, etc.
Therefore, when the .DER file is copied by this script into the /system/etc/security/cacerts cert store, you have a completely valid certificate, named the correct name, in the wrong format, so you see no change in the HTTPS/HSTS errors thrown by the client when you attempt to intercept traffic.
TL;DR: For me (and possibly for other people), the best way to work around this is DO NOT install the certificate via the UI. Just copy the properly named x509-formatted certificate into /data/misc/user/0/cacerts-added/ and reboot.
Probably worth adding to the script to detect and correct this case for usability purposes.
callrecorder-skvalex this repo includes only a trial
on android 12 it correctly moves to the trusted CA store, but later android removes it. No idea what is going on, I think se linux is even disabled.
Why is there no zip for installing this module?
What about ROMs with dm-verity enabled? Will this module brick the phone if it moves the file to the system folder?
Just magisk hide any browser or any app in android 10+ and try to surf/use net. Browsers will report that certificate is not trusted. Adguard will report apps don't trust it's certificate.
Device - Oneplus 8
Android 10+
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.