Magisk-Modules-Repo / movecert

movecert
682 stars 108 forks source link

Google system apps don't trust adguard certificate when installed using this module in devices running Android 10+ out of the box #9

Open techIndia-hacker opened 4 years ago

techIndia-hacker commented 4 years ago

Google system apps don't trust adguard when installed using this module but this problem does not happen if adguard itself puts the certificate in system store using root access in Android 10.

Please fix this problem as not all phones have rewritable cacerts folder. Only in Samsung phones one can place certificate in system store with su

ianmacd commented 4 years ago

What model of device do you have and what error message do you get?

techIndia-hacker commented 4 years ago

Device samsung M40. And adguard has certificate conflict notification inbuilt 15977326456371285090489536804710

This error is solved if adguard itself installs the certificate in trusted system store, but not all devices like (OnePlus 8 {my other device}) has rewritable system partition. Both devices runs Android 10

techIndia-hacker commented 4 years ago

Were u able to reproduce the issue? All u need is a device Android 10 device running out of the box. If u test with adguard u need to disable error suppression in low level settings in https opportunistic bypass

ianmacd commented 4 years ago

Were u able to reproduce the issue? All u need is a device Android 10 device running out of the box. If u test with adguard u need to disable error suppression in low level settings in https opportunistic bypass

I don't see this error on my Note10+, Fold or Tab S6, but I have just installed a Note20 Ultra and this device has the problem you describe.

I don't have a solution yet.

techIndia-hacker commented 4 years ago

Were u able to reproduce this problem while using adguard? Also have u disabled this(in the picture)? It's an error suppression technique for frustrated noobs😉😂

You will see that all Google system apps like Play Store, Play services, Vanced YouTube even don't trust module pushed adguard certificate. Please confirm again if u r able to reproduce these errors 🙂 Screenshot_20200823-195714

ianmacd commented 4 years ago

I find now that the errors persist on my Note20 Ultra even when the certificate is actually moved to the system store outside of Magisk, so either method causes these rejections on this device.

techIndia-hacker commented 4 years ago

I didn't understand the"outside of magisk" part. What did u do exactly?

On Thu, 27 Aug, 2020, 12:28 pm Ian Macdonald, notifications@github.com wrote:

I find now that the errors persist on my Note20 Ultra even when the certificate is actually moved to the system store outside of Magisk, so either method causes these rejections on this device.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Magisk-Modules-Repo/movecert/issues/9#issuecomment-681642733, or unsubscribe https://github.com/notifications/unsubscribe-auth/AN3FHQZR6OOZGCUHPZUG3LDSCX7YRANCNFSM4QCXUPRQ .

ianmacd commented 4 years ago

I didn't understand the"outside of magisk" part. What did u do exactly?

I actually moved the certificate to the store, rather than superimposing it there using this module.

ianmacd commented 4 years ago

I've now opened an AdGuard issue for this.

https://github.com/AdguardTeam/AdguardForAndroid/issues/3553

techIndia-hacker commented 4 years ago

Did u move using adguard move anyway button? How exactly did u place the certificate in system store directly? Cause system partition is read only unless mounted from twrp!!

I reported them already about this issue twice but they couldn't reproduce this bug themselves and closed the issue saying probably it's a magisk module issue

As a way out they created the error suppression thing as https filtering bypass

techIndia-hacker commented 4 years ago

I have solved this issue. After much sleepless nights I finally was able to kill Google SSL pinning

ianmacd commented 4 years ago

I have solved this issue. After much sleepless nights I finally was able to kill Google SSL pinning

Could you detail how you did it? Might be useful for others who want to do the same thing.

techIndia-hacker commented 4 years ago

I have done this exploiting a bug in Android. If openly written here, it will be plugged by Google immediately. So I won't. However I have already approached adguard and waiting for official proceedings regarding this matter.

Share a private mail

On Sat, 29 Aug 2020, 3:34 pm Ian Macdonald, notifications@github.com wrote:

I have solved this issue. After much sleepless nights I finally was able to kill Google SSL pinning

Could you detail how you did it? Might be useful for others who want to do the same thing.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/Magisk-Modules-Repo/movecert/issues/9#issuecomment-683268303, or unsubscribe https://github.com/notifications/unsubscribe-auth/AN3FHQ4WRTO4PYH4OMDSN43SDDHCXANCNFSM4QCXUPRQ .

techIndia-hacker commented 4 years ago

Shit SSL pinning can't be disabled in OnePlus stock rom but it the trick works fine with Android 10 aosp custom roms and in samsung stock too

techIndia-hacker commented 4 years ago

Ok I found Google system apps will not use ssl pinning if they are kept unhidden in magisk hide. This fixes the issue for me.

techIndia-hacker commented 4 years ago

I would like to know about the module program. What is happening exactly after moving the certificates to system store as coded in the shell program?